Codebase list realmd / c61c00b
Imported Upstream version 0.14.5 Laurent Bigonville 10 years ago
75 changed file(s) with 2069 addition(s) and 872 deletion(s). Raw diff Collapse all Expand all
+338
-0
ChangeLog less more
00 # Generate automatically. Do not edit.
1
2 commit 9a6a85bfd37e6be03ae06bf30cae08e849a675ec
3 Author: Stef Walter <stefw@redhat.com>
4 Date: 2013-08-15
5
6 Release version 0.14.5
7
8 NEWS | 5 +++++
9 configure.ac | 2 +-
10 2 files changed, 6 insertions(+), 1 deletion(-)
11
12 commit 66b07a84f68ce1f363d5d51577b1d2cdb30ee98d
13 Author: Stef Walter <stefw@redhat.com>
14 Date: 2013-08-14
15
16 Fix reverse ordered output for join failure messages
17
18 https://bugs.freedesktop.org/show_bug.cgi?id=68112
19
20 tools/realm-join.c | 12 +++++-------
21 1 file changed, 5 insertions(+), 7 deletions(-)
22
23 commit 4bc34c20349b4089ad26e4a01a31a82a433ba13e
24 Author: Stef Walter <stefw@redhat.com>
25 Date: 2013-08-14
26
27 Fix regression caused by --unattended
28
29 * The short form -U conflicted with --user, so just drop the short form.
30 * Add documentation for --unattended
31
32 https://bugs.freedesktop.org/show_bug.cgi?id=68112
33
34 doc/manual/realm.xml | 5 +++++
35 tools/realm.c | 2 +-
36 2 files changed, 6 insertions(+), 1 deletion(-)
37
38 commit 1c2c8d904671247afcde8f3c302d48a314970f8c
39 Author: Stef Walter <stefw@redhat.com>
40 Date: 2013-08-14
41
42 Pass discovered server address to adcli
43
44 So that adcli doesn't have to do a full discovery, but can just
45 contact that server.
46
47 https://bugs.freedesktop.org/show_bug.cgi?id=68111
48
49 service/realm-adcli-enroll.c | 26 ++++++++++++++++++++++++--
50 service/realm-disco-mscldap.c | 4 ++++
51 service/realm-disco-rootdse.c | 9 ++++-----
52 service/realm-disco.c | 2 ++
53 service/realm-disco.h | 2 ++
54 5 files changed, 36 insertions(+), 7 deletions(-)
55
56 commit ac98d162c0cd2e9bd43469505a2f6a07cc773f73
57 Author: Stef Walter <stefw@redhat.com>
58 Date: 2013-08-08
59
60 Add clarification about when realmd.conf settings take effect
61
62 doc/manual/realmd.conf.xml | 7 +++++++
63 1 file changed, 7 insertions(+)
64
65 commit 45e06262b861d7e27f4191f74bca8ecd0f2de689
66 Author: Stef Walter <stefw@redhat.com>
67 Date: 2013-08-07
68
69 Release version 0.14.4
70
71 NEWS | 6 ++++++
72 configure.ac | 2 +-
73 2 files changed, 7 insertions(+), 1 deletion(-)
74
75 commit 8b83dd8f7b54456e02494d9391d2a1d44c7a32dd
76 Author: Stef Walter <stefw@redhat.com>
77 Date: 2013-07-25
78
79 Fix up the [sssd] section in sssd.conf if it's screwed up
80
81 https://bugzilla.redhat.com/show_bug.cgi?id=987491
82
83 service/realm-ini-config.c | 23 +++++++++++++++++++++++
84 service/realm-ini-config.h | 4 ++++
85 service/realm-sssd-config.c | 10 ++++------
86 tests/test-ini-config.c | 14 ++++++++++++++
87 tests/test-sssd-config.c | 4 ++--
88 5 files changed, 47 insertions(+), 8 deletions(-)
89
90 commit 206a320c10b2efb0b9db3856f7ba3453ffe7ec2a
91 Author: Stef Walter <stefw@redhat.com>
92 Date: 2013-07-24
93
94 tools: Add an --unattended argument to realm command line client
95
96 This prevents prompting for passwords using getpass(). Unattended mode
97 still allows piping in a password via stdin.
98
99 https://bugzilla.redhat.com/show_bug.cgi?id=976593
100
101 tools/realm-client.c | 11 ++++++++++-
102 tools/realm.c | 2 ++
103 tools/realm.h | 2 ++
104 3 files changed, 14 insertions(+), 1 deletion(-)
105
106 commit daa0b25dc0189a1127513dd86e16250bc9731449
107 Author: Stef Walter <stefw@redhat.com>
108 Date: 2013-07-24
109
110 Clearer 'realm permit' manual page example
111
112 Also remove duplicated information.
113
114 https://bugzilla.redhat.com/show_bug.cgi?id=985800
115
116 doc/manual/realm.xml | 13 ++++---------
117 1 file changed, 4 insertions(+), 9 deletions(-)
118
119 commit 6e160efd8921a637334cf4b97c9cbd67ceb6a353
120 Author: Stef Walter <stefw@redhat.com>
121 Date: 2013-07-22
122
123 Fix some documentation typos
124
125 doc/manual/realmd.conf.xml | 3 ++-
126 1 file changed, 2 insertions(+), 1 deletion(-)
127
128 commit 6011b5d20a9d58c1bcc7f3af85417e3fad527e00
129 Author: Stef Walter <stefw@redhat.com>
130 Date: 2013-07-22
131
132 Release version 0.14.3
133
134 NEWS | 14 ++++++++++++++
135 configure.ac | 2 +-
136 2 files changed, 15 insertions(+), 1 deletion(-)
137
138 commit 51cb0bc599e5b6bd72c0bd93f3f0f7156174c21d
139 Author: Stef Walter <stefw@redhat.com>
140 Date: 2013-07-22
141
142 Fix testing regressions
143
144 tests/test-sssd-config.c | 6 +++---
145 1 file changed, 3 insertions(+), 3 deletions(-)
146
147 commit 29e9976750f4e6b7d71f8f09acf7a428364ab986
148 Author: Stef Walter <stefw@redhat.com>
149 Date: 2013-07-22
150
151 Respect use_fully_qualified_names to populate LoginFormats
152
153 https://bugzilla.redhat.com/show_bug.cgi?id=967011
154
155 service/realm-ini-config.c | 40 ++++++++++++++++++++++++++++++++++++++++
156 service/realm-ini-config.h | 6 ++++++
157 service/realm-sssd-config.c | 2 +-
158 service/realm-sssd.c | 10 ++++++++++
159 tests/test-ini-config.c | 39 +++++++++++++++++++++++++++++++++++++++
160 5 files changed, 96 insertions(+), 1 deletion(-)
161
162 commit 35e4169741071e6a3f214c6998e758aa80275636
163 Author: Stef Walter <stefw@redhat.com>
164 Date: 2013-07-22
165
166 Clarification about how login policy is controlled by manage-system
167
168 https://bugzilla.redhat.com/show_bug.cgi?id=985773
169
170 doc/manual/realmd.conf.xml | 5 +++++
171 1 file changed, 5 insertions(+)
172
173 commit e588faf25dc93d9d5da777d78837c5114effc2d1
174 Author: Stef Walter <stefw@redhat.com>
175 Date: 2013-07-22
176
177 Add some clarification on Active Directory specific options
178
179 https://bugzilla.redhat.com/show_bug.cgi?id=967565
180
181 doc/manual/realm.xml | 7 +++++--
182 doc/manual/realmd.conf.xml | 14 ++++++++++++--
183 2 files changed, 17 insertions(+), 4 deletions(-)
184
185 commit ebd04682b1993120e71ae626049cdf8efa0e52a2
186 Author: Stef Walter <stefw@redhat.com>
187 Date: 2013-07-22
188
189 Set sssd.conf default_shell per domain
190
191 This allows for much more predictable configuration, when an admin
192 has set the global option.
193
194 https://bugzilla.redhat.com/show_bug.cgi?id=967569
195
196 service/realm-sssd-ad.c | 3 +++
197 service/realm-sssd-config.c | 9 ---------
198 service/realm-sssd-ipa.c | 3 +++
199 3 files changed, 6 insertions(+), 9 deletions(-)
200
201 commit a2099259dd752bb0fd33c0239b7ee3520dda54d5
202 Author: Stef Walter <stefw@redhat.com>
203 Date: 2013-07-22
204
205 Notify in terminal output when installing packages
206
207 Various people have been worried by installing packages
208 quietly, so notify about what's going on.
209
210 In reality *configuring* and *starting* a daemon is far
211 more worrisome than the installation. It's realmd's job
212 to configure, enable and start stuff. So if you're properly
213 worried, remove realmd and do stuff manually.
214
215 https://bugzilla.redhat.com/show_bug.cgi?id=984960
216
217 service/realm-packages.c | 8 ++++++--
218 tools/realm-client.c | 29 ++++++++++++++++++++---------
219 2 files changed, 26 insertions(+), 11 deletions(-)
220
221 commit f215dd461ff8982c7a2097ec57a71540359ac769
222 Author: Stef Walter <stefw@redhat.com>
223 Date: 2013-05-27
224
225 If joined via adcli, delete computer account with adcli as well
226
227 https://bugs.freedesktop.org/show_bug.cgi?id=65032
228
229 service/realm-adcli-enroll.c | 75 ++++++++++++++++++++++++++++++++++++++++++++
230 service/realm-adcli-enroll.h | 10 ++++++
231 service/realm-kerberos.c | 23 ++++++++++++--
232 service/realm-kerberos.h | 4 +++
233 service/realm-sssd-ad.c | 61 ++++++++++++++++++++++++++++++-----
234 service/realm-sssd.c | 26 +++++++++++----
235 6 files changed, 183 insertions(+), 16 deletions(-)
236
237 commit 42b31578341ccf7a7385647a4070a7ac323836fa
238 Author: Stef Walter <stefw@redhat.com>
239 Date: 2013-07-19
240
241 If input is not a tty, then just read from stdin without getpass()
242
243 This allows people to echo passwords into the realm client command
244 like this:
245
246 echo "password" | realm join --user Administrator example.com
247
248 https://bugzilla.redhat.com/show_bug.cgi?id=976593
249
250 tools/realm-client.c | 41 ++++++++++++++++++++++++++++++++++++++++-
251 1 file changed, 40 insertions(+), 1 deletion(-)
252
253 commit 8a7aac53c26b3526c5965a73ab1a2e65d7f91d0a
254 Author: Stef Walter <stefw@redhat.com>
255 Date: 2013-07-15
256
257 ipa: Force joins so that computer can rejoin a domain
258
259 The hostname should already have checked by the administrator
260 that is providing the confirmation for joining the domain.
261
262 service/realm-sssd-ipa.c | 1 +
263 1 file changed, 1 insertion(+)
264
265 commit c7bd539aa21285b1910a52029993f257c8ae0ca9
266 Author: Stef Walter <stefw@redhat.com>
267 Date: 2013-07-15
268
269 winbind: Configure pam_winbind.conf appropriately
270
271 * Setup kerberos auth, and cached logins
272
273 http://bugs.freedesktop.org/show_bug.cgi?id=66831
274
275 service/realm-samba-winbind.c | 13 +++++++++++++
276 service/realmd-defaults.conf | 1 +
277 2 files changed, 14 insertions(+)
278
279 commit ddf1252d5dc7bfb5418cf932a558ca8a98ce7155
280 Author: Stef Walter <stefw@redhat.com>
281 Date: 2013-07-09
282
283 Refer to FreeIPA as IPA
284
285 This is the more broad name that covers both the FreeIPA version
286 and the commercial versions of the same thing.
287
288 We continue to accept 'freeipa' as an input string when referring
289 to software. But output 'ipa' and document that option
290
291 https://bugs.freedesktop.org/show_bug.cgi?id=66734
292
293 dbus/realm-dbus-constants.h | 1 +
294 doc/internals/realmd-internals.xml | 8 +-
295 doc/manual/Makefile.am | 2 +-
296 doc/manual/realm.xml | 10 +--
297 doc/manual/realmd-docs.xml | 2 +-
298 doc/manual/realmd-guide-freeipa.xml | 164 ------------------------------------
299 doc/manual/realmd-guide-ipa.xml | 164 ++++++++++++++++++++++++++++++++++++
300 doc/website/content/index.html | 2 +-
301 service/realm-disco-rootdse.c | 2 +-
302 service/realm-provider.c | 2 +
303 service/realm-sssd-ipa.c | 7 +-
304 service/realm-sssd-provider.c | 8 +-
305 service/realmd-redhat.conf | 2 +-
306 service/realmd-suse.conf | 2 +-
307 14 files changed, 192 insertions(+), 184 deletions(-)
308
309 commit d2bc9aa13faadd4c38f29524893597ea82189f4c
310 Author: Stef Walter <stefw@redhat.com>
311 Date: 2013-07-02
312
313 service: Support use of kerberos ccache to join when using winbind
314
315 service/realm-samba.c | 1 +
316 1 file changed, 1 insertion(+)
317
318 commit 795b6fdc7a2018bd10ab134f4b23959b6b8073e0
319 Author: Stef Walter <stefw@redhat.com>
320 Date: 2013-06-06
321
322 redhat: Add dependency on oddjobd
323
324 https://bugzilla.redhat.com/show_bug.cgi?id=969441
325
326 service/realmd-redhat.conf | 6 ++++--
327 1 file changed, 4 insertions(+), 2 deletions(-)
328
329 commit a038dcb73a7d85540763a4325914377eaeaa122b
330 Author: Stef Walter <stefw@redhat.com>
331 Date: 2013-06-06
332
333 Don't create a top level directory in /var
334
335 https://bugs.freedesktop.org/show_bug.cgi?id=65435
336
337 service/Makefile.am | 4 ++--
338 1 file changed, 2 insertions(+), 2 deletions(-)
1339
2340 commit e2bcee9ecbf25492ba60a08c65cfde52bb3334cc
3341 Author: Stef Walter <stefw@redhat.com>
+50
-23
Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1313
1414 @SET_MAKE@
1515 VPATH = @srcdir@
16 am__make_dryrun = \
17 { \
18 am__dry=no; \
16 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
17 am__make_running_with_option = \
18 case $${target_option-} in \
19 ?) ;; \
20 *) echo "am__make_running_with_option: internal error: invalid" \
21 "target option '$${target_option-}' specified" >&2; \
22 exit 1;; \
23 esac; \
24 has_opt=no; \
25 sane_makeflags=$$MAKEFLAGS; \
26 if $(am__is_gnu_make); then \
27 sane_makeflags=$$MFLAGS; \
28 else \
1929 case $$MAKEFLAGS in \
2030 *\\[\ \ ]*) \
21 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
22 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
23 *) \
24 for am__flg in $$MAKEFLAGS; do \
25 case $$am__flg in \
26 *=*|--*) ;; \
27 *n*) am__dry=yes; break;; \
28 esac; \
29 done;; \
31 bs=\\; \
32 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
33 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3034 esac; \
31 test $$am__dry = yes; \
32 }
35 fi; \
36 skip_next=no; \
37 strip_trailopt () \
38 { \
39 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
40 }; \
41 for flg in $$sane_makeflags; do \
42 test $$skip_next = yes && { skip_next=no; continue; }; \
43 case $$flg in \
44 *=*|--*) continue;; \
45 -*I) strip_trailopt 'I'; skip_next=yes;; \
46 -*I?*) strip_trailopt 'I';; \
47 -*O) strip_trailopt 'O'; skip_next=yes;; \
48 -*O?*) strip_trailopt 'O';; \
49 -*l) strip_trailopt 'l'; skip_next=yes;; \
50 -*l?*) strip_trailopt 'l';; \
51 -[dEDm]) skip_next=yes;; \
52 -[JT]) skip_next=yes;; \
53 esac; \
54 case $$flg in \
55 *$$target_option*) has_opt=yes; break;; \
56 esac; \
57 done; \
58 test $$has_opt = yes
59 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
60 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3361 pkgdatadir = $(datadir)/@PACKAGE@
3462 pkgincludedir = $(includedir)/@PACKAGE@
3563 pkglibdir = $(libdir)/@PACKAGE@
405433 # (which will cause the Makefiles to be regenerated when you run 'make');
406434 # (2) otherwise, pass the desired values on the 'make' command line.
407435 $(am__recursive_targets):
408 @fail= failcom='exit 1'; \
409 for f in x $$MAKEFLAGS; do \
410 case $$f in \
411 *=* | --[!k]*);; \
412 *k*) failcom='fail=yes';; \
413 esac; \
414 done; \
436 @fail=; \
437 if $(am__make_keepgoing); then \
438 failcom='fail=yes'; \
439 else \
440 failcom='exit 1'; \
441 fi; \
415442 dot_seen=no; \
416443 target=`echo $@ | sed s/-recursive//`; \
417444 case "$@" in \
+25
-0
NEWS less more
0 0.14.5
1 * Fix regression where --unattended conflicted with -U as in --user [#68112]
2 * Pass discovered server address to adcli [#68111]
3 * Fix failure message output
4
5 0.14.4
6 * Fix up the [sssd] section in sssd.conf if it's screwed up
7 * Add an --unattended argument to realm command line client
8 * Clearer 'realm permit' manual page example
9 * Other documentation fixes
10
11 0.14.3
12 * Populate LoginFormats properly when use_fully_qualified_names = False
13 * Several documentation fixes
14 * Set sssd.conf default_shell per domain
15 * Notify in terminal output when installing packages
16 * If joined via adcli, delete computer account with adcli as well
17 * If input is not tty, then just read from stdin without getpass()
18 * Force IPA joins so that computer can rejoin a domain
19 * Configure pam_winbind.conf appropriately when using winbind [#66831]
20 * Refer to FreeIPA as IPA [#66734]
21 * Support use of kerberos ccache to join when using winbind
22 * Don't create a top level directory in /var [#65435]
23 * Other build fixes
24
025 0.14.2
126 * Rework discovery for changes in FreeIPA 3.0 [#64895]
227 * Remove simple_allow_users/groups when permit/deny access provider [#64903]
+108
-70
aclocal.m4 less more
0 # generated automatically by aclocal 1.13.1 -*- Autoconf -*-
1
2 # Copyright (C) 1996-2012 Free Software Foundation, Inc.
0 # generated automatically by aclocal 1.13.4 -*- Autoconf -*-
1
2 # Copyright (C) 1996-2013 Free Software Foundation, Inc.
33
44 # This file is free software; the Free Software Foundation
55 # gives unlimited permission to copy and/or distribute it,
704704 [am__api_version='1.13'
705705 dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
706706 dnl require some minimum version. Point them to the right macro.
707 m4_if([$1], [1.13.1], [],
707 m4_if([$1], [1.13.4], [],
708708 [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
709709 ])
710710
720720 # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
721721 # This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
722722 AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
723 [AM_AUTOMAKE_VERSION([1.13.1])dnl
723 [AM_AUTOMAKE_VERSION([1.13.4])dnl
724724 m4_ifndef([AC_AUTOCONF_VERSION],
725725 [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
726726 _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
10421042 DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
10431043 test -z "$DEPDIR" && continue
10441044 am__include=`sed -n 's/^am__include = //p' < "$mf"`
1045 test -z "am__include" && continue
1045 test -z "$am__include" && continue
10461046 am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
10471047 # Find all dependency output files, they are included files with
10481048 # $(DEPDIR) in their names. We invoke sed twice because it is the
16791679 # Substitute a variable $(am__untar) that extract such
16801680 # a tarball read from stdin.
16811681 # $(am__untar) < result.tar
1682 #
16821683 AC_DEFUN([_AM_PROG_TAR],
16831684 [# Always define AMTAR for backward compatibility. Yes, it's still used
16841685 # in the wild :-( We should find a proper way to deprecate it ...
16851686 AC_SUBST([AMTAR], ['$${TAR-tar}'])
1687
1688 # We'll loop over all known methods to create a tar archive until one works.
1689 _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
1690
16861691 m4_if([$1], [v7],
1687 [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
1688 [m4_case([$1], [ustar],, [pax],,
1689 [m4_fatal([Unknown tar format])])
1690 AC_MSG_CHECKING([how to create a $1 tar archive])
1691 # Loop over all known methods to create a tar archive until one works.
1692 _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
1693 _am_tools=${am_cv_prog_tar_$1-$_am_tools}
1694 # Do not fold the above two line into one, because Tru64 sh and
1695 # Solaris sh will not grok spaces in the rhs of '-'.
1696 for _am_tool in $_am_tools
1697 do
1698 case $_am_tool in
1699 gnutar)
1700 for _am_tar in tar gnutar gtar;
1701 do
1702 AM_RUN_LOG([$_am_tar --version]) && break
1703 done
1704 am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
1705 am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
1706 am__untar="$_am_tar -xf -"
1707 ;;
1708 plaintar)
1709 # Must skip GNU tar: if it does not support --format= it doesn't create
1710 # ustar tarball either.
1711 (tar --version) >/dev/null 2>&1 && continue
1712 am__tar='tar chf - "$$tardir"'
1713 am__tar_='tar chf - "$tardir"'
1714 am__untar='tar xf -'
1715 ;;
1716 pax)
1717 am__tar='pax -L -x $1 -w "$$tardir"'
1718 am__tar_='pax -L -x $1 -w "$tardir"'
1719 am__untar='pax -r'
1720 ;;
1721 cpio)
1722 am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
1723 am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
1724 am__untar='cpio -i -H $1 -d'
1725 ;;
1726 none)
1727 am__tar=false
1728 am__tar_=false
1729 am__untar=false
1730 ;;
1731 esac
1732
1733 # If the value was cached, stop now. We just wanted to have am__tar
1734 # and am__untar set.
1735 test -n "${am_cv_prog_tar_$1}" && break
1736
1737 # tar/untar a dummy directory, and stop if the command works
1692 [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'],
1693
1694 [m4_case([$1],
1695 [ustar],
1696 [# The POSIX 1988 'ustar' format is defined with fixed-size fields.
1697 # There is notably a 21 bits limit for the UID and the GID. In fact,
1698 # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
1699 # and bug#13588).
1700 am_max_uid=2097151 # 2^21 - 1
1701 am_max_gid=$am_max_uid
1702 # The $UID and $GID variables are not portable, so we need to resort
1703 # to the POSIX-mandated id(1) utility. Errors in the 'id' calls
1704 # below are definitely unexpected, so allow the users to see them
1705 # (that is, avoid stderr redirection).
1706 am_uid=`id -u || echo unknown`
1707 am_gid=`id -g || echo unknown`
1708 AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format])
1709 if test $am_uid -le $am_max_uid; then
1710 AC_MSG_RESULT([yes])
1711 else
1712 AC_MSG_RESULT([no])
1713 _am_tools=none
1714 fi
1715 AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format])
1716 if test $am_gid -le $am_max_gid; then
1717 AC_MSG_RESULT([yes])
1718 else
1719 AC_MSG_RESULT([no])
1720 _am_tools=none
1721 fi],
1722
1723 [pax],
1724 [],
1725
1726 [m4_fatal([Unknown tar format])])
1727
1728 AC_MSG_CHECKING([how to create a $1 tar archive])
1729
1730 # Go ahead even if we have the value already cached. We do so because we
1731 # need to set the values for the 'am__tar' and 'am__untar' variables.
1732 _am_tools=${am_cv_prog_tar_$1-$_am_tools}
1733
1734 for _am_tool in $_am_tools; do
1735 case $_am_tool in
1736 gnutar)
1737 for _am_tar in tar gnutar gtar; do
1738 AM_RUN_LOG([$_am_tar --version]) && break
1739 done
1740 am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
1741 am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
1742 am__untar="$_am_tar -xf -"
1743 ;;
1744 plaintar)
1745 # Must skip GNU tar: if it does not support --format= it doesn't create
1746 # ustar tarball either.
1747 (tar --version) >/dev/null 2>&1 && continue
1748 am__tar='tar chf - "$$tardir"'
1749 am__tar_='tar chf - "$tardir"'
1750 am__untar='tar xf -'
1751 ;;
1752 pax)
1753 am__tar='pax -L -x $1 -w "$$tardir"'
1754 am__tar_='pax -L -x $1 -w "$tardir"'
1755 am__untar='pax -r'
1756 ;;
1757 cpio)
1758 am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
1759 am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
1760 am__untar='cpio -i -H $1 -d'
1761 ;;
1762 none)
1763 am__tar=false
1764 am__tar_=false
1765 am__untar=false
1766 ;;
1767 esac
1768
1769 # If the value was cached, stop now. We just wanted to have am__tar
1770 # and am__untar set.
1771 test -n "${am_cv_prog_tar_$1}" && break
1772
1773 # tar/untar a dummy directory, and stop if the command works.
1774 rm -rf conftest.dir
1775 mkdir conftest.dir
1776 echo GrepMe > conftest.dir/file
1777 AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
1778 rm -rf conftest.dir
1779 if test -s conftest.tar; then
1780 AM_RUN_LOG([$am__untar <conftest.tar])
1781 AM_RUN_LOG([cat conftest.dir/file])
1782 grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
1783 fi
1784 done
17381785 rm -rf conftest.dir
1739 mkdir conftest.dir
1740 echo GrepMe > conftest.dir/file
1741 AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
1742 rm -rf conftest.dir
1743 if test -s conftest.tar; then
1744 AM_RUN_LOG([$am__untar <conftest.tar])
1745 grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
1746 fi
1747 done
1748 rm -rf conftest.dir
1749
1750 AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
1751 AC_MSG_RESULT([$am_cv_prog_tar_$1])])
1786
1787 AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
1788 AC_MSG_RESULT([$am_cv_prog_tar_$1])])
1789
17521790 AC_SUBST([am__tar])
17531791 AC_SUBST([am__untar])
17541792 ]) # _AM_PROG_TAR
+44
-16
build/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1313
1414 @SET_MAKE@
1515 VPATH = @srcdir@
16 am__make_dryrun = \
17 { \
18 am__dry=no; \
16 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
17 am__make_running_with_option = \
18 case $${target_option-} in \
19 ?) ;; \
20 *) echo "am__make_running_with_option: internal error: invalid" \
21 "target option '$${target_option-}' specified" >&2; \
22 exit 1;; \
23 esac; \
24 has_opt=no; \
25 sane_makeflags=$$MAKEFLAGS; \
26 if $(am__is_gnu_make); then \
27 sane_makeflags=$$MFLAGS; \
28 else \
1929 case $$MAKEFLAGS in \
2030 *\\[\ \ ]*) \
21 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
22 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
23 *) \
24 for am__flg in $$MAKEFLAGS; do \
25 case $$am__flg in \
26 *=*|--*) ;; \
27 *n*) am__dry=yes; break;; \
28 esac; \
29 done;; \
31 bs=\\; \
32 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
33 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3034 esac; \
31 test $$am__dry = yes; \
32 }
35 fi; \
36 skip_next=no; \
37 strip_trailopt () \
38 { \
39 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
40 }; \
41 for flg in $$sane_makeflags; do \
42 test $$skip_next = yes && { skip_next=no; continue; }; \
43 case $$flg in \
44 *=*|--*) continue;; \
45 -*I) strip_trailopt 'I'; skip_next=yes;; \
46 -*I?*) strip_trailopt 'I';; \
47 -*O) strip_trailopt 'O'; skip_next=yes;; \
48 -*O?*) strip_trailopt 'O';; \
49 -*l) strip_trailopt 'l'; skip_next=yes;; \
50 -*l?*) strip_trailopt 'l';; \
51 -[dEDm]) skip_next=yes;; \
52 -[JT]) skip_next=yes;; \
53 esac; \
54 case $$flg in \
55 *$$target_option*) has_opt=yes; break;; \
56 esac; \
57 done; \
58 test $$has_opt = yes
59 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
60 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3361 pkgdatadir = $(datadir)/@PACKAGE@
3462 pkgincludedir = $(includedir)/@PACKAGE@
3563 pkglibdir = $(libdir)/@PACKAGE@
+113
-73
configure less more
00 #! /bin/sh
11 # Guess values for system-dependent variables and create Makefiles.
2 # Generated by GNU Autoconf 2.69 for realmd 0.14.2.
2 # Generated by GNU Autoconf 2.69 for realmd 0.14.5.
33 #
44 # Report bugs to <http://bugs.freedesktop.org/enter_bug.cgi?product=realmd>.
55 #
580580 # Identity of this package.
581581 PACKAGE_NAME='realmd'
582582 PACKAGE_TARNAME='realmd'
583 PACKAGE_VERSION='0.14.2'
584 PACKAGE_STRING='realmd 0.14.2'
583 PACKAGE_VERSION='0.14.5'
584 PACKAGE_STRING='realmd 0.14.5'
585585 PACKAGE_BUGREPORT='http://bugs.freedesktop.org/enter_bug.cgi?product=realmd'
586586 PACKAGE_URL=''
587587
13761376 # Omit some internal or obsolete options to make the list less imposing.
13771377 # This message is too long to be a string in the A/UX 3.1 sh.
13781378 cat <<_ACEOF
1379 \`configure' configures realmd 0.14.2 to adapt to many kinds of systems.
1379 \`configure' configures realmd 0.14.5 to adapt to many kinds of systems.
13801380
13811381 Usage: $0 [OPTION]... [VAR=VALUE]...
13821382
14421442
14431443 if test -n "$ac_init_help"; then
14441444 case $ac_init_help in
1445 short | recursive ) echo "Configuration of realmd 0.14.2:";;
1445 short | recursive ) echo "Configuration of realmd 0.14.5:";;
14461446 esac
14471447 cat <<\_ACEOF
14481448
15731573 test -n "$ac_init_help" && exit $ac_status
15741574 if $ac_init_version; then
15751575 cat <<\_ACEOF
1576 realmd configure 0.14.2
1576 realmd configure 0.14.5
15771577 generated by GNU Autoconf 2.69
15781578
15791579 Copyright (C) 2012 Free Software Foundation, Inc.
19421942 This file contains any messages produced by compilers while
19431943 running configure, to aid debugging if configure makes a mistake.
19441944
1945 It was created by realmd $as_me 0.14.2, which was
1945 It was created by realmd $as_me 0.14.5, which was
19461946 generated by GNU Autoconf 2.69. Invocation command line was
19471947
19481948 $ $0 $@
28092809
28102810 # Define the identity of the package.
28112811 PACKAGE='realmd'
2812 VERSION='0.14.2'
2812 VERSION='0.14.5'
28132813
28142814
28152815 cat >>confdefs.h <<_ACEOF
28502850 AMTAR='$${TAR-tar}'
28512851
28522852
2853 { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5
2853 # We'll loop over all known methods to create a tar archive until one works.
2854 _am_tools='gnutar plaintar pax cpio none'
2855
2856 # The POSIX 1988 'ustar' format is defined with fixed-size fields.
2857 # There is notably a 21 bits limit for the UID and the GID. In fact,
2858 # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343
2859 # and bug#13588).
2860 am_max_uid=2097151 # 2^21 - 1
2861 am_max_gid=$am_max_uid
2862 # The $UID and $GID variables are not portable, so we need to resort
2863 # to the POSIX-mandated id(1) utility. Errors in the 'id' calls
2864 # below are definitely unexpected, so allow the users to see them
2865 # (that is, avoid stderr redirection).
2866 am_uid=`id -u || echo unknown`
2867 am_gid=`id -g || echo unknown`
2868 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UID '$am_uid' is supported by ustar format" >&5
2869 $as_echo_n "checking whether UID '$am_uid' is supported by ustar format... " >&6; }
2870 if test $am_uid -le $am_max_uid; then
2871 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2872 $as_echo "yes" >&6; }
2873 else
2874 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2875 $as_echo "no" >&6; }
2876 _am_tools=none
2877 fi
2878 { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GID '$am_gid' is supported by ustar format" >&5
2879 $as_echo_n "checking whether GID '$am_gid' is supported by ustar format... " >&6; }
2880 if test $am_gid -le $am_max_gid; then
2881 { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
2882 $as_echo "yes" >&6; }
2883 else
2884 { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
2885 $as_echo "no" >&6; }
2886 _am_tools=none
2887 fi
2888
2889 { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5
28542890 $as_echo_n "checking how to create a ustar tar archive... " >&6; }
2855 # Loop over all known methods to create a tar archive until one works.
2856 _am_tools='gnutar plaintar pax cpio none'
2857 _am_tools=${am_cv_prog_tar_ustar-$_am_tools}
2858 # Do not fold the above two line into one, because Tru64 sh and
2859 # Solaris sh will not grok spaces in the rhs of '-'.
2860 for _am_tool in $_am_tools
2861 do
2862 case $_am_tool in
2863 gnutar)
2864 for _am_tar in tar gnutar gtar;
2865 do
2866 { echo "$as_me:$LINENO: $_am_tar --version" >&5
2891
2892 # Go ahead even if we have the value already cached. We do so because we
2893 # need to set the values for the 'am__tar' and 'am__untar' variables.
2894 _am_tools=${am_cv_prog_tar_ustar-$_am_tools}
2895
2896 for _am_tool in $_am_tools; do
2897 case $_am_tool in
2898 gnutar)
2899 for _am_tar in tar gnutar gtar; do
2900 { echo "$as_me:$LINENO: $_am_tar --version" >&5
28672901 ($_am_tar --version) >&5 2>&5
28682902 ac_status=$?
28692903 echo "$as_me:$LINENO: \$? = $ac_status" >&5
28702904 (exit $ac_status); } && break
2871 done
2872 am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"'
2873 am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"'
2874 am__untar="$_am_tar -xf -"
2875 ;;
2876 plaintar)
2877 # Must skip GNU tar: if it does not support --format= it doesn't create
2878 # ustar tarball either.
2879 (tar --version) >/dev/null 2>&1 && continue
2880 am__tar='tar chf - "$$tardir"'
2881 am__tar_='tar chf - "$tardir"'
2882 am__untar='tar xf -'
2883 ;;
2884 pax)
2885 am__tar='pax -L -x ustar -w "$$tardir"'
2886 am__tar_='pax -L -x ustar -w "$tardir"'
2887 am__untar='pax -r'
2888 ;;
2889 cpio)
2890 am__tar='find "$$tardir" -print | cpio -o -H ustar -L'
2891 am__tar_='find "$tardir" -print | cpio -o -H ustar -L'
2892 am__untar='cpio -i -H ustar -d'
2893 ;;
2894 none)
2895 am__tar=false
2896 am__tar_=false
2897 am__untar=false
2898 ;;
2899 esac
2900
2901 # If the value was cached, stop now. We just wanted to have am__tar
2902 # and am__untar set.
2903 test -n "${am_cv_prog_tar_ustar}" && break
2904
2905 # tar/untar a dummy directory, and stop if the command works
2906 rm -rf conftest.dir
2907 mkdir conftest.dir
2908 echo GrepMe > conftest.dir/file
2909 { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5
2905 done
2906 am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"'
2907 am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"'
2908 am__untar="$_am_tar -xf -"
2909 ;;
2910 plaintar)
2911 # Must skip GNU tar: if it does not support --format= it doesn't create
2912 # ustar tarball either.
2913 (tar --version) >/dev/null 2>&1 && continue
2914 am__tar='tar chf - "$$tardir"'
2915 am__tar_='tar chf - "$tardir"'
2916 am__untar='tar xf -'
2917 ;;
2918 pax)
2919 am__tar='pax -L -x ustar -w "$$tardir"'
2920 am__tar_='pax -L -x ustar -w "$tardir"'
2921 am__untar='pax -r'
2922 ;;
2923 cpio)
2924 am__tar='find "$$tardir" -print | cpio -o -H ustar -L'
2925 am__tar_='find "$tardir" -print | cpio -o -H ustar -L'
2926 am__untar='cpio -i -H ustar -d'
2927 ;;
2928 none)
2929 am__tar=false
2930 am__tar_=false
2931 am__untar=false
2932 ;;
2933 esac
2934
2935 # If the value was cached, stop now. We just wanted to have am__tar
2936 # and am__untar set.
2937 test -n "${am_cv_prog_tar_ustar}" && break
2938
2939 # tar/untar a dummy directory, and stop if the command works.
2940 rm -rf conftest.dir
2941 mkdir conftest.dir
2942 echo GrepMe > conftest.dir/file
2943 { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5
29102944 (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5
29112945 ac_status=$?
29122946 echo "$as_me:$LINENO: \$? = $ac_status" >&5
29132947 (exit $ac_status); }
2914 rm -rf conftest.dir
2915 if test -s conftest.tar; then
2916 { echo "$as_me:$LINENO: $am__untar <conftest.tar" >&5
2948 rm -rf conftest.dir
2949 if test -s conftest.tar; then
2950 { echo "$as_me:$LINENO: $am__untar <conftest.tar" >&5
29172951 ($am__untar <conftest.tar) >&5 2>&5
29182952 ac_status=$?
29192953 echo "$as_me:$LINENO: \$? = $ac_status" >&5
29202954 (exit $ac_status); }
2921 grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
2922 fi
2923 done
2924 rm -rf conftest.dir
2925
2926 if ${am_cv_prog_tar_ustar+:} false; then :
2955 { echo "$as_me:$LINENO: cat conftest.dir/file" >&5
2956 (cat conftest.dir/file) >&5 2>&5
2957 ac_status=$?
2958 echo "$as_me:$LINENO: \$? = $ac_status" >&5
2959 (exit $ac_status); }
2960 grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
2961 fi
2962 done
2963 rm -rf conftest.dir
2964
2965 if ${am_cv_prog_tar_ustar+:} false; then :
29272966 $as_echo_n "(cached) " >&6
29282967 else
29292968 am_cv_prog_tar_ustar=$_am_tool
29302969 fi
29312970
2932 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5
2971 { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5
29332972 $as_echo "$am_cv_prog_tar_ustar" >&6; }
2973
29342974
29352975
29362976
89558995 # report actual input values of CONFIG_FILES etc. instead of their
89568996 # values after options handling.
89578997 ac_log="
8958 This file was extended by realmd $as_me 0.14.2, which was
8998 This file was extended by realmd $as_me 0.14.5, which was
89598999 generated by GNU Autoconf 2.69. Invocation command line was
89609000
89619001 CONFIG_FILES = $CONFIG_FILES
90219061 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
90229062 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
90239063 ac_cs_version="\\
9024 realmd config.status 0.14.2
9064 realmd config.status 0.14.5
90259065 configured by $0, generated by GNU Autoconf 2.69,
90269066 with options \\"\$ac_cs_config\\"
90279067
98159855 DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
98169856 test -z "$DEPDIR" && continue
98179857 am__include=`sed -n 's/^am__include = //p' < "$mf"`
9818 test -z "am__include" && continue
9858 test -z "$am__include" && continue
98199859 am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
98209860 # Find all dependency output files, they are included files with
98219861 # $(DEPDIR) in their names. We invoke sed twice because it is the
+1
-1
configure.ac less more
00 AC_PREREQ(2.63)
11
2 AC_INIT([realmd], [0.14.2],
2 AC_INIT([realmd], [0.14.5],
33 [http://bugs.freedesktop.org/enter_bug.cgi?product=realmd],
44 [realmd])
55
+45
-16
dbus/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1515
1616
1717 VPATH = @srcdir@
18 am__make_dryrun = \
19 { \
20 am__dry=no; \
18 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
19 am__make_running_with_option = \
20 case $${target_option-} in \
21 ?) ;; \
22 *) echo "am__make_running_with_option: internal error: invalid" \
23 "target option '$${target_option-}' specified" >&2; \
24 exit 1;; \
25 esac; \
26 has_opt=no; \
27 sane_makeflags=$$MAKEFLAGS; \
28 if $(am__is_gnu_make); then \
29 sane_makeflags=$$MFLAGS; \
30 else \
2131 case $$MAKEFLAGS in \
2232 *\\[\ \ ]*) \
23 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
24 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
25 *) \
26 for am__flg in $$MAKEFLAGS; do \
27 case $$am__flg in \
28 *=*|--*) ;; \
29 *n*) am__dry=yes; break;; \
30 esac; \
31 done;; \
33 bs=\\; \
34 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
35 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3236 esac; \
33 test $$am__dry = yes; \
34 }
37 fi; \
38 skip_next=no; \
39 strip_trailopt () \
40 { \
41 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
42 }; \
43 for flg in $$sane_makeflags; do \
44 test $$skip_next = yes && { skip_next=no; continue; }; \
45 case $$flg in \
46 *=*|--*) continue;; \
47 -*I) strip_trailopt 'I'; skip_next=yes;; \
48 -*I?*) strip_trailopt 'I';; \
49 -*O) strip_trailopt 'O'; skip_next=yes;; \
50 -*O?*) strip_trailopt 'O';; \
51 -*l) strip_trailopt 'l'; skip_next=yes;; \
52 -*l?*) strip_trailopt 'l';; \
53 -[dEDm]) skip_next=yes;; \
54 -[JT]) skip_next=yes;; \
55 esac; \
56 case $$flg in \
57 *$$target_option*) has_opt=yes; break;; \
58 esac; \
59 done; \
60 test $$has_opt = yes
61 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
62 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3563 pkgdatadir = $(datadir)/@PACKAGE@
3664 pkgincludedir = $(includedir)/@PACKAGE@
3765 pkglibdir = $(libdir)/@PACKAGE@
434462
435463 clean-noinstLIBRARIES:
436464 -test -z "$(noinst_LIBRARIES)" || rm -f $(noinst_LIBRARIES)
465
437466 librealm-dbus.a: $(librealm_dbus_a_OBJECTS) $(librealm_dbus_a_DEPENDENCIES) $(EXTRA_librealm_dbus_a_DEPENDENCIES)
438467 $(AM_V_at)-rm -f librealm-dbus.a
439468 $(AM_V_AR)$(librealm_dbus_a_AR) librealm-dbus.a $(librealm_dbus_a_OBJECTS) $(librealm_dbus_a_LIBADD)
+1
-0
dbus/realm-dbus-constants.h less more
6767
6868 #define REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY "active-directory"
6969 #define REALM_DBUS_IDENTIFIER_WINBIND "winbind"
70 #define REALM_DBUS_IDENTIFIER_IPA "ipa"
7071 #define REALM_DBUS_IDENTIFIER_FREEIPA "freeipa"
7172 #define REALM_DBUS_IDENTIFIER_SSSD "sssd"
7273 #define REALM_DBUS_IDENTIFIER_SAMBA "samba"
+2
-1
depcomp less more
00 #! /bin/sh
11 # depcomp - compile a program generating dependencies as side-effects
22
3 scriptversion=2012-10-18.11; # UTC
3 scriptversion=2013-05-30.07; # UTC
44
55 # Copyright (C) 1999-2013 Free Software Foundation, Inc.
66
551551 G
552552 p
553553 }' >> "$depfile"
554 echo >> "$depfile" # make sure the fragment doesn't end with a backslash
554555 rm -f "$tmpdepfile"
555556 ;;
556557
+50
-23
doc/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1313
1414 @SET_MAKE@
1515 VPATH = @srcdir@
16 am__make_dryrun = \
17 { \
18 am__dry=no; \
16 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
17 am__make_running_with_option = \
18 case $${target_option-} in \
19 ?) ;; \
20 *) echo "am__make_running_with_option: internal error: invalid" \
21 "target option '$${target_option-}' specified" >&2; \
22 exit 1;; \
23 esac; \
24 has_opt=no; \
25 sane_makeflags=$$MAKEFLAGS; \
26 if $(am__is_gnu_make); then \
27 sane_makeflags=$$MFLAGS; \
28 else \
1929 case $$MAKEFLAGS in \
2030 *\\[\ \ ]*) \
21 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
22 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
23 *) \
24 for am__flg in $$MAKEFLAGS; do \
25 case $$am__flg in \
26 *=*|--*) ;; \
27 *n*) am__dry=yes; break;; \
28 esac; \
29 done;; \
31 bs=\\; \
32 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
33 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3034 esac; \
31 test $$am__dry = yes; \
32 }
35 fi; \
36 skip_next=no; \
37 strip_trailopt () \
38 { \
39 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
40 }; \
41 for flg in $$sane_makeflags; do \
42 test $$skip_next = yes && { skip_next=no; continue; }; \
43 case $$flg in \
44 *=*|--*) continue;; \
45 -*I) strip_trailopt 'I'; skip_next=yes;; \
46 -*I?*) strip_trailopt 'I';; \
47 -*O) strip_trailopt 'O'; skip_next=yes;; \
48 -*O?*) strip_trailopt 'O';; \
49 -*l) strip_trailopt 'l'; skip_next=yes;; \
50 -*l?*) strip_trailopt 'l';; \
51 -[dEDm]) skip_next=yes;; \
52 -[JT]) skip_next=yes;; \
53 esac; \
54 case $$flg in \
55 *$$target_option*) has_opt=yes; break;; \
56 esac; \
57 done; \
58 test $$has_opt = yes
59 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
60 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3361 pkgdatadir = $(datadir)/@PACKAGE@
3462 pkgincludedir = $(includedir)/@PACKAGE@
3563 pkglibdir = $(libdir)/@PACKAGE@
339367 # (which will cause the Makefiles to be regenerated when you run 'make');
340368 # (2) otherwise, pass the desired values on the 'make' command line.
341369 $(am__recursive_targets):
342 @fail= failcom='exit 1'; \
343 for f in x $$MAKEFLAGS; do \
344 case $$f in \
345 *=* | --[!k]*);; \
346 *k*) failcom='fail=yes';; \
347 esac; \
348 done; \
370 @fail=; \
371 if $(am__make_keepgoing); then \
372 failcom='fail=yes'; \
373 else \
374 failcom='exit 1'; \
375 fi; \
349376 dot_seen=no; \
350377 target=`echo $@ | sed s/-recursive//`; \
351378 case "$@" in \
+44
-16
doc/internals/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1313
1414 @SET_MAKE@
1515 VPATH = @srcdir@
16 am__make_dryrun = \
17 { \
18 am__dry=no; \
16 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
17 am__make_running_with_option = \
18 case $${target_option-} in \
19 ?) ;; \
20 *) echo "am__make_running_with_option: internal error: invalid" \
21 "target option '$${target_option-}' specified" >&2; \
22 exit 1;; \
23 esac; \
24 has_opt=no; \
25 sane_makeflags=$$MAKEFLAGS; \
26 if $(am__is_gnu_make); then \
27 sane_makeflags=$$MFLAGS; \
28 else \
1929 case $$MAKEFLAGS in \
2030 *\\[\ \ ]*) \
21 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
22 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
23 *) \
24 for am__flg in $$MAKEFLAGS; do \
25 case $$am__flg in \
26 *=*|--*) ;; \
27 *n*) am__dry=yes; break;; \
28 esac; \
29 done;; \
31 bs=\\; \
32 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
33 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3034 esac; \
31 test $$am__dry = yes; \
32 }
35 fi; \
36 skip_next=no; \
37 strip_trailopt () \
38 { \
39 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
40 }; \
41 for flg in $$sane_makeflags; do \
42 test $$skip_next = yes && { skip_next=no; continue; }; \
43 case $$flg in \
44 *=*|--*) continue;; \
45 -*I) strip_trailopt 'I'; skip_next=yes;; \
46 -*I?*) strip_trailopt 'I';; \
47 -*O) strip_trailopt 'O'; skip_next=yes;; \
48 -*O?*) strip_trailopt 'O';; \
49 -*l) strip_trailopt 'l'; skip_next=yes;; \
50 -*l?*) strip_trailopt 'l';; \
51 -[dEDm]) skip_next=yes;; \
52 -[JT]) skip_next=yes;; \
53 esac; \
54 case $$flg in \
55 *$$target_option*) has_opt=yes; break;; \
56 esac; \
57 done; \
58 test $$has_opt = yes
59 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
60 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3361 pkgdatadir = $(datadir)/@PACKAGE@
3462 pkgincludedir = $(includedir)/@PACKAGE@
3563 pkglibdir = $(libdir)/@PACKAGE@
+5
-5
doc/internals/realmd-internals.xml less more
5252 <listitem><para>winbind client software (with samba membership software).</para></listitem>
5353 </itemizedlist>
5454
55 <para>For freeipa server software, realmd supports:</para>
56 <itemizedlist>
57 <listitem><para>sssd client software (with 'freeipa' membership software).</para></listitem>
55 <para>For IPA server software, realmd supports:</para>
56 <itemizedlist>
57 <listitem><para>sssd client software (with 'ipa' membership software).</para></listitem>
5858 </itemizedlist>
5959 </section>
6060
187187 <itemizedlist>
188188 <listitem><para>{sssd, active-directory, samba}</para></listitem>
189189 <listitem><para>{sssd, active-directory, adcli}</para></listitem>
190 <listitem><para>{sssd, freeipa, freeipa}</para></listitem>
190 <listitem><para>{sssd, ipa, ipa}</para></listitem>
191191 </itemizedlist>
192192 </listitem>
193193 </itemizedlist>
280280 <itemizedlist>
281281 <title>RealmSssdIpa</title>
282282 <listitem><para>has a dynamically generated object path upon realm creation.</para></listitem>
283 <listitem><para>membership software supported: freeipa</para></listitem>
283 <listitem><para>membership software supported: ipa</para></listitem>
284284 <listitem><para>config file modified: sssd.conf</para></listitem>
285285 <listitem><para>required_packages: sssd, freeipa-client</para></listitem>
286286 <listitem><para>credentials supported: </para>
+1
-1
doc/manual/Makefile.am less more
1414
1515 CONTENT_INCLUDES = \
1616 realmd-guide-active-directory.xml \
17 realmd-guide-freeipa.xml \
17 realmd-guide-ipa.xml \
1818 realmd-guide-kerberos.xml \
1919 $(NULL)
2020
+45
-17
doc/manual/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1313
1414 @SET_MAKE@
1515 VPATH = @srcdir@
16 am__make_dryrun = \
17 { \
18 am__dry=no; \
16 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
17 am__make_running_with_option = \
18 case $${target_option-} in \
19 ?) ;; \
20 *) echo "am__make_running_with_option: internal error: invalid" \
21 "target option '$${target_option-}' specified" >&2; \
22 exit 1;; \
23 esac; \
24 has_opt=no; \
25 sane_makeflags=$$MAKEFLAGS; \
26 if $(am__is_gnu_make); then \
27 sane_makeflags=$$MFLAGS; \
28 else \
1929 case $$MAKEFLAGS in \
2030 *\\[\ \ ]*) \
21 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
22 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
23 *) \
24 for am__flg in $$MAKEFLAGS; do \
25 case $$am__flg in \
26 *=*|--*) ;; \
27 *n*) am__dry=yes; break;; \
28 esac; \
29 done;; \
31 bs=\\; \
32 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
33 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3034 esac; \
31 test $$am__dry = yes; \
32 }
35 fi; \
36 skip_next=no; \
37 strip_trailopt () \
38 { \
39 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
40 }; \
41 for flg in $$sane_makeflags; do \
42 test $$skip_next = yes && { skip_next=no; continue; }; \
43 case $$flg in \
44 *=*|--*) continue;; \
45 -*I) strip_trailopt 'I'; skip_next=yes;; \
46 -*I?*) strip_trailopt 'I';; \
47 -*O) strip_trailopt 'O'; skip_next=yes;; \
48 -*O?*) strip_trailopt 'O';; \
49 -*l) strip_trailopt 'l'; skip_next=yes;; \
50 -*l?*) strip_trailopt 'l';; \
51 -[dEDm]) skip_next=yes;; \
52 -[JT]) skip_next=yes;; \
53 esac; \
54 case $$flg in \
55 *$$target_option*) has_opt=yes; break;; \
56 esac; \
57 done; \
58 test $$has_opt = yes
59 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
60 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3361 pkgdatadir = $(datadir)/@PACKAGE@
3462 pkgincludedir = $(includedir)/@PACKAGE@
3563 pkglibdir = $(libdir)/@PACKAGE@
273301 DOCBOOK_FILE = realmd-docs.xml
274302 CONTENT_INCLUDES = \
275303 realmd-guide-active-directory.xml \
276 realmd-guide-freeipa.xml \
304 realmd-guide-ipa.xml \
277305 realmd-guide-kerberos.xml \
278306 $(NULL)
279307
+1
-1
doc/manual/html/gdbus-org.freedesktop.realmd.Kerberos.html less more
3535 <td valign="top" align="right"></td>
3636 </tr></table></div>
3737 <div class="refsect1">
38 <a name="idm273578247744"></a><h2>Properties</h2>
38 <a name="idm265575503360"></a><h2>Properties</h2>
3939 <pre class="synopsis">
4040 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Kerberos.RealmName">RealmName</GTKDOCLINK> readable s
4141 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Kerberos.DomainName">DomainName</GTKDOCLINK> readable s
+1
-1
doc/manual/html/gdbus-org.freedesktop.realmd.KerberosMembership.html less more
4545 </pre>
4646 </div>
4747 <div class="refsect1">
48 <a name="idm273579615712"></a><h2>Properties</h2>
48 <a name="idm265573619696"></a><h2>Properties</h2>
4949 <pre class="synopsis">
5050 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-KerberosMembership.SuggestedAdministrator">SuggestedAdministrator</GTKDOCLINK> readable s
5151 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-KerberosMembership.SupportedJoinCredentials">SupportedJoinCredentials</GTKDOCLINK> readable a(ss)
+1
-1
doc/manual/html/gdbus-org.freedesktop.realmd.Provider.html less more
4545 </pre>
4646 </div>
4747 <div class="refsect1">
48 <a name="idm273586071328"></a><h2>Properties</h2>
48 <a name="idm265573437056"></a><h2>Properties</h2>
4949 <pre class="synopsis">
5050 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Provider.Name">Name</GTKDOCLINK> readable s
5151 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Provider.Version">Version</GTKDOCLINK> readable s
+1
-1
doc/manual/html/gdbus-org.freedesktop.realmd.Realm.html less more
4646 </pre>
4747 </div>
4848 <div class="refsect1">
49 <a name="idm273580222128"></a><h2>Properties</h2>
49 <a name="idm265572414016"></a><h2>Properties</h2>
5050 <pre class="synopsis">
5151 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Realm.Name">Name</GTKDOCLINK> readable s
5252 <GTKDOCLINK HREF="gdbus-property-org-freedesktop-realmd-Realm.Configured">Configured</GTKDOCLINK> readable s
+1
-1
doc/manual/html/gdbus-org.freedesktop.realmd.Service.html less more
4444 </pre>
4545 </div>
4646 <div class="refsect1">
47 <a name="idm273581194128"></a><h2>Signals</h2>
47 <a name="idm265578019376"></a><h2>Signals</h2>
4848 <pre class="synopsis">
4949 <GTKDOCLINK HREF="gdbus-signal-org-freedesktop-realmd-Service.Diagnostics">Diagnostics</GTKDOCLINK> (s data,
5050 s operation);
+2
-2
doc/manual/html/guide-active-directory-client.html less more
3131 By default SSSD is used.</p>
3232 <div class="section">
3333 <div class="titlepage"><div><div><h3 class="title">
34 <a name="idm273583734112"></a>Using SSSD with Active Directory</h3></div></div></div>
34 <a name="idm265573031696"></a>Using SSSD with Active Directory</h3></div></div></div>
3535 <p><a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>
3636 provides client software for various kerberos and/or LDAP
3737 directories. Since version 1.9.x it provides good support
4949 </div>
5050 <div class="section">
5151 <div class="titlepage"><div><div><h3 class="title">
52 <a name="idm273583027232"></a>Using Winbind with Active Directory</h3></div></div></div>
52 <a name="idm265570004192"></a>Using Winbind with Active Directory</h3></div></div></div>
5353 <p>Samba
5454 <a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a>
5555 provides client software for use with Active Directory.</p>
+2
-2
doc/manual/html/guide-active-directory-permit.html less more
66 <link rel="home" href="index.html" title="realmd">
77 <link rel="up" href="guide-active-directory.html" title="Using with Active Directory">
88 <link rel="prev" href="guide-active-directory-join.html" title="Joining an Active Directory domain">
9 <link rel="next" href="guide-freeipa.html" title="Using with FreeIPA">
9 <link rel="next" href="guide-ipa.html" title="Using with IPA">
1010 <link rel="stylesheet" href="style.css" type="text/css">
1111 </head>
1212 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1515 <td><a accesskey="u" href="guide-active-directory.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
1616 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
1717 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-freeipa.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
18 <td><a accesskey="n" href="guide-ipa.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
1919 </tr></table>
2020 <div class="section">
2121 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
+2
-2
doc/manual/html/guide-active-directory.html less more
2424 <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
2525 <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
2626 <dd><dl>
27 <dt><span class="section"><a href="guide-active-directory-client.html#idm273583734112">Using SSSD with Active Directory</a></span></dt>
28 <dt><span class="section"><a href="guide-active-directory-client.html#idm273583027232">Using Winbind with Active Directory</a></span></dt>
27 <dt><span class="section"><a href="guide-active-directory-client.html#idm265573031696">Using SSSD with Active Directory</a></span></dt>
28 <dt><span class="section"><a href="guide-active-directory-client.html#idm265570004192">Using Winbind with Active Directory</a></span></dt>
2929 </dl></dd>
3030 <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
3131 <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
+0
-36
doc/manual/html/guide-freeipa-client.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>FreeIPA client software</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide-freeipa.html" title="Using with FreeIPA">
8 <link rel="prev" href="guide-freeipa.html" title="Using with FreeIPA">
9 <link rel="next" href="guide-freeipa-join.html" title="Joining a FreeIPA domain">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-freeipa.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide-freeipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-freeipa-join.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="section">
21 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
22 <a name="guide-freeipa-client"></a>FreeIPA client software</h2></div></div></div>
23 <p>As part of configuring an FreeIPA domain for use
24 on the local computer, <span class="command"><strong>realmd</strong></span> will install and
25 configure client software to enable domain accounts to be used on
26 the local computer.</p>
27 <p>For a FreeIPA domain this is
28 <a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>.</p>
29 </div>
30 <div class="footer">
31 <hr>
32 Generated by GTK-Doc
33 </div>
34 </body>
35 </html>
+0
-64
doc/manual/html/guide-freeipa-join.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>Joining a FreeIPA domain</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide-freeipa.html" title="Using with FreeIPA">
8 <link rel="prev" href="guide-freeipa-client.html" title="FreeIPA client software">
9 <link rel="next" href="guide-freeipa-permit.html" title="Logins using Domain Accounts">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-freeipa-client.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide-freeipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-freeipa-permit.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="section">
21 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
22 <a name="guide-freeipa-join"></a>Joining a FreeIPA domain</h2></div></div></div>
23 <p>To join a FreeIPA domain with <span class="command"><strong>realmd</strong></span>
24 you can use the <a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
25 command line tool:</p>
26 <div class="informalexample"><pre class="screen">
27 $ <span class="command"><strong>realm join --verbose ipa.example.com</strong></span>
28 </pre></div>
29 <p>By specifying the <code class="option">--verbose</code> it's easier
30 to see what went wrong if the join fails.</p>
31 <p>Other tools also use <span class="command"><strong>realmd</strong></span> which can
32 be used to perform the join operation, for example: GNOME
33 Control Center.</p>
34 <p>The join operation does the following:</p>
35 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
36 <li class="listitem"><p>Discovers information about the domain.</p></li>
37 <li class="listitem"><p>Installs the necessary software to join the domain, such as SSSD.</p></li>
38 <li class="listitem"><p>Prompts for administrative credentials.</p></li>
39 <li class="listitem"><p>A computer account in the domain will be created, and or updated.</p></li>
40 <li class="listitem"><p>A host keytab file at <code class="filename">/etc/krb5.keytab</code> is created.</p></li>
41 <li class="listitem"><p>Configures the SSSD service, and restarts and enables it as appropriate.</p></li>
42 <li class="listitem"><p>Enables domain users in <code class="filename">/etc/nsswitch.conf</code></p></li>
43 </ul></div>
44 <p>In addition an FreeIPA domain server's host name
45 or IP address may be specified to join via that domain controller
46 directly.</p>
47 <p>After the join operation is complete, domain accounts should
48 be usable locally, although logins using domain accounts are
49 not necessarily enabled.</p>
50 <p>You verify that domain accounts are working with with a
51 command like this:</p>
52 <div class="informalexample"><pre class="screen">
53 $ <span class="command"><strong>getent passwd admin@ipa.example.com</strong></span>
54 </pre></div>
55 <p>The join operation will create or update a computer account
56 in the domain.</p>
57 </div>
58 <div class="footer">
59 <hr>
60 Generated by GTK-Doc
61 </div>
62 </body>
63 </html>
+0
-53
doc/manual/html/guide-freeipa-permit.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>Logins using Domain Accounts</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide-freeipa.html" title="Using with FreeIPA">
8 <link rel="prev" href="guide-freeipa-join.html" title="Joining a FreeIPA domain">
9 <link rel="next" href="guide-kerberos.html" title="Using with other Kerberos realms">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-freeipa-join.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide-freeipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-kerberos.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="section">
21 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
22 <a name="guide-freeipa-permit"></a>Logins using Domain Accounts</h2></div></div></div>
23 <p>Once the
24 <a class="link" href="guide-freeipa-join.html" title="Joining a FreeIPA domain">computer is joined</a>
25 to a FreeIPA domain, the machine will automatically follow the
26 domain settings for whether users are able to log into the
27 machine or not.</p>
28 <p>To override this behavior and permit any domain account
29 to log in, use the following command.</p>
30 <div class="informalexample"><pre class="screen">
31 $ <span class="command"><strong>realm permit --realm domain.example.com --all</strong></span>
32 </pre></div>
33 <p>To permit only specific accounts from the domain to log in
34 use the following command. The first time this command is run
35 it will change the mode to only allow logins by specific accounts,
36 and then add the specified accounts to the list of accounts
37 to permit.</p>
38 <div class="informalexample"><pre class="screen">
39 $ <span class="command"><strong>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</strong></span>
40 </pre></div>
41 <p>To deny logins from any domain account, use the following
42 command.</p>
43 <div class="informalexample"><pre class="screen">
44 $ <span class="command"><strong>realm deny --realm domain.example.com --all</strong></span>
45 </pre></div>
46 </div>
47 <div class="footer">
48 <hr>
49 Generated by GTK-Doc
50 </div>
51 </body>
52 </html>
+0
-72
doc/manual/html/guide-freeipa.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>Using with FreeIPA</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide.html" title="Part I. Administrative Guide">
8 <link rel="prev" href="guide-active-directory-permit.html" title="Logins using Domain Accounts">
9 <link rel="next" href="guide-freeipa-client.html" title="FreeIPA client software">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-active-directory-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-freeipa-client.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="chapter">
21 <div class="titlepage"><div><div><h2 class="title">
22 <a name="guide-freeipa"></a>Using with FreeIPA</h2></div></div></div>
23 <div class="toc"><dl class="toc">
24 <dt><span class="section"><a href="guide-freeipa.html#idm273582976032">Discovering FreeIPA domains</a></span></dt>
25 <dt><span class="section"><a href="guide-freeipa-client.html">FreeIPA client software</a></span></dt>
26 <dt><span class="section"><a href="guide-freeipa-join.html">Joining a FreeIPA domain</a></span></dt>
27 <dt><span class="section"><a href="guide-freeipa-permit.html">Logins using Domain Accounts</a></span></dt>
28 </dl></div>
29 <p><span class="command"><strong>realmd</strong></span> can discover FreeIPA domains and join
30 the current computer as an account on a domain. This allows using domain
31 users locally, and log into the local machine with FreeIPA domain
32 credentials.</p>
33 <div class="section">
34 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
35 <a name="idm273582976032"></a>Discovering FreeIPA domains</h2></div></div></div>
36 <p><span class="command"><strong>realmd</strong></span> discovers which domains or
37 realms it can use or configure. It can discover and identify
38 FreeIPA domains by looking up the appropriate DNS SRV
39 records and by connecting to the domain LDAP server.</p>
40 <p>The following DNS SRV records are required to be present
41 for <span class="command"><strong>realmd</strong></span> to identify a provided realm as
42 an Kerberos domain.</p>
43 <div class="informalexample"><pre class="screen">
44 # In this example the FreeIPA domain is 'domain.example.com'
45 <span class="emphasis"><em>_ldap._tcp.</em></span>domain.example.com.
46 </pre></div>
47 <p>In addition <span class="command"><strong>realmd</strong></span> connects to the LDAP
48 server on the FreeIPA domain server's on port 389 and reads the
49 Root DSE information about the domain.</p>
50 <p>To see how <span class="command"><strong>realmd</strong></span> is discovering a
51 particular domain name, try a command like the following. Using
52 the <code class="option">--verbose</code> argument displays verbose
53 discovery information.</p>
54 <div class="informalexample"><pre class="screen">
55 $ <span class="command"><strong>realm --verbose discover domain.example.com</strong></span>
56 * Resolving: _ldap._tcp.dc._msdcs.domain.example.com
57 * Resolving: _ldap._tcp.domain.example.com
58 * Performing LDAP DSE lookup on: 192.168.10.22
59 * Successfully discovered: domain.example.com
60 ...
61 </pre></div>
62 <p>In addition a FreeIPA domain server's host name
63 or IP address may be specified.</p>
64 </div>
65 </div>
66 <div class="footer">
67 <hr>
68 Generated by GTK-Doc
69 </div>
70 </body>
71 </html>
+36
-0
doc/manual/html/guide-ipa-client.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>IPA client software</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide-ipa.html" title="Using with IPA">
8 <link rel="prev" href="guide-ipa.html" title="Using with IPA">
9 <link rel="next" href="guide-ipa-join.html" title="Joining a IPA domain">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-ipa.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-ipa-join.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="section">
21 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
22 <a name="guide-ipa-client"></a>IPA client software</h2></div></div></div>
23 <p>As part of configuring an IPA domain for use
24 on the local computer, <span class="command"><strong>realmd</strong></span> will install and
25 configure client software to enable domain accounts to be used on
26 the local computer.</p>
27 <p>For a IPA domain this is
28 <a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>.</p>
29 </div>
30 <div class="footer">
31 <hr>
32 Generated by GTK-Doc
33 </div>
34 </body>
35 </html>
+64
-0
doc/manual/html/guide-ipa-join.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>Joining a IPA domain</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide-ipa.html" title="Using with IPA">
8 <link rel="prev" href="guide-ipa-client.html" title="IPA client software">
9 <link rel="next" href="guide-ipa-permit.html" title="Logins using Domain Accounts">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-ipa-client.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-ipa-permit.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="section">
21 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
22 <a name="guide-ipa-join"></a>Joining a IPA domain</h2></div></div></div>
23 <p>To join a IPA domain with <span class="command"><strong>realmd</strong></span>
24 you can use the <a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
25 command line tool:</p>
26 <div class="informalexample"><pre class="screen">
27 $ <span class="command"><strong>realm join --verbose ipa.example.com</strong></span>
28 </pre></div>
29 <p>By specifying the <code class="option">--verbose</code> it's easier
30 to see what went wrong if the join fails.</p>
31 <p>Other tools also use <span class="command"><strong>realmd</strong></span> which can
32 be used to perform the join operation, for example: GNOME
33 Control Center.</p>
34 <p>The join operation does the following:</p>
35 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
36 <li class="listitem"><p>Discovers information about the domain.</p></li>
37 <li class="listitem"><p>Installs the necessary software to join the domain, such as SSSD.</p></li>
38 <li class="listitem"><p>Prompts for administrative credentials.</p></li>
39 <li class="listitem"><p>A computer account in the domain will be created, and or updated.</p></li>
40 <li class="listitem"><p>A host keytab file at <code class="filename">/etc/krb5.keytab</code> is created.</p></li>
41 <li class="listitem"><p>Configures the SSSD service, and restarts and enables it as appropriate.</p></li>
42 <li class="listitem"><p>Enables domain users in <code class="filename">/etc/nsswitch.conf</code></p></li>
43 </ul></div>
44 <p>In addition an IPA domain server's host name
45 or IP address may be specified to join via that domain controller
46 directly.</p>
47 <p>After the join operation is complete, domain accounts should
48 be usable locally, although logins using domain accounts are
49 not necessarily enabled.</p>
50 <p>You verify that domain accounts are working with with a
51 command like this:</p>
52 <div class="informalexample"><pre class="screen">
53 $ <span class="command"><strong>getent passwd admin@ipa.example.com</strong></span>
54 </pre></div>
55 <p>The join operation will create or update a computer account
56 in the domain.</p>
57 </div>
58 <div class="footer">
59 <hr>
60 Generated by GTK-Doc
61 </div>
62 </body>
63 </html>
+53
-0
doc/manual/html/guide-ipa-permit.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>Logins using Domain Accounts</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide-ipa.html" title="Using with IPA">
8 <link rel="prev" href="guide-ipa-join.html" title="Joining a IPA domain">
9 <link rel="next" href="guide-kerberos.html" title="Using with other Kerberos realms">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-ipa-join.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide-ipa.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-kerberos.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="section">
21 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
22 <a name="guide-ipa-permit"></a>Logins using Domain Accounts</h2></div></div></div>
23 <p>Once the
24 <a class="link" href="guide-ipa-join.html" title="Joining a IPA domain">computer is joined</a>
25 to a IPA domain, the machine will automatically follow the
26 domain settings for whether users are able to log into the
27 machine or not.</p>
28 <p>To override this behavior and permit any domain account
29 to log in, use the following command.</p>
30 <div class="informalexample"><pre class="screen">
31 $ <span class="command"><strong>realm permit --realm domain.example.com --all</strong></span>
32 </pre></div>
33 <p>To permit only specific accounts from the domain to log in
34 use the following command. The first time this command is run
35 it will change the mode to only allow logins by specific accounts,
36 and then add the specified accounts to the list of accounts
37 to permit.</p>
38 <div class="informalexample"><pre class="screen">
39 $ <span class="command"><strong>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</strong></span>
40 </pre></div>
41 <p>To deny logins from any domain account, use the following
42 command.</p>
43 <div class="informalexample"><pre class="screen">
44 $ <span class="command"><strong>realm deny --realm domain.example.com --all</strong></span>
45 </pre></div>
46 </div>
47 <div class="footer">
48 <hr>
49 Generated by GTK-Doc
50 </div>
51 </body>
52 </html>
+72
-0
doc/manual/html/guide-ipa.html less more
0 <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
1 <html>
2 <head>
3 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
4 <title>Using with IPA</title>
5 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
6 <link rel="home" href="index.html" title="realmd">
7 <link rel="up" href="guide.html" title="Part I. Administrative Guide">
8 <link rel="prev" href="guide-active-directory-permit.html" title="Logins using Domain Accounts">
9 <link rel="next" href="guide-ipa-client.html" title="IPA client software">
10 <link rel="stylesheet" href="style.css" type="text/css">
11 </head>
12 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-active-directory-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15 <td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17 <th width="100%" align="center">realmd</th>
18 <td><a accesskey="n" href="guide-ipa-client.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
19 </tr></table>
20 <div class="chapter">
21 <div class="titlepage"><div><div><h2 class="title">
22 <a name="guide-ipa"></a>Using with IPA</h2></div></div></div>
23 <div class="toc"><dl class="toc">
24 <dt><span class="section"><a href="guide-ipa.html#idm265571870304">Discovering IPA domains</a></span></dt>
25 <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt>
26 <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt>
27 <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt>
28 </dl></div>
29 <p><span class="command"><strong>realmd</strong></span> can discover IPA domains and join
30 the current computer as an account on a domain. This allows using domain
31 users locally, and log into the local machine with IPA domain
32 credentials.</p>
33 <div class="section">
34 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
35 <a name="idm265571870304"></a>Discovering IPA domains</h2></div></div></div>
36 <p><span class="command"><strong>realmd</strong></span> discovers which domains or
37 realms it can use or configure. It can discover and identify
38 IPA domains by looking up the appropriate DNS SRV
39 records and by connecting to the domain LDAP server.</p>
40 <p>The following DNS SRV records are required to be present
41 for <span class="command"><strong>realmd</strong></span> to identify a provided realm as
42 an Kerberos domain.</p>
43 <div class="informalexample"><pre class="screen">
44 # In this example the IPA domain is 'domain.example.com'
45 <span class="emphasis"><em>_ldap._tcp.</em></span>domain.example.com.
46 </pre></div>
47 <p>In addition <span class="command"><strong>realmd</strong></span> connects to the LDAP
48 server on the IPA domain server's on port 389 and reads the
49 Root DSE information about the domain.</p>
50 <p>To see how <span class="command"><strong>realmd</strong></span> is discovering a
51 particular domain name, try a command like the following. Using
52 the <code class="option">--verbose</code> argument displays verbose
53 discovery information.</p>
54 <div class="informalexample"><pre class="screen">
55 $ <span class="command"><strong>realm --verbose discover domain.example.com</strong></span>
56 * Resolving: _ldap._tcp.dc._msdcs.domain.example.com
57 * Resolving: _ldap._tcp.domain.example.com
58 * Performing LDAP DSE lookup on: 192.168.10.22
59 * Successfully discovered: domain.example.com
60 ...
61 </pre></div>
62 <p>In addition a IPA domain server's host name
63 or IP address may be specified.</p>
64 </div>
65 </div>
66 <div class="footer">
67 <hr>
68 Generated by GTK-Doc
69 </div>
70 </body>
71 </html>
+4
-4
doc/manual/html/guide-kerberos.html less more
55 <meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
66 <link rel="home" href="index.html" title="realmd">
77 <link rel="up" href="guide.html" title="Part I. Administrative Guide">
8 <link rel="prev" href="guide-freeipa-permit.html" title="Logins using Domain Accounts">
8 <link rel="prev" href="guide-ipa-permit.html" title="Logins using Domain Accounts">
99 <link rel="next" href="guide-integration.html" title="Integration">
1010 <link rel="stylesheet" href="style.css" type="text/css">
1111 </head>
1212 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1313 <table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14 <td><a accesskey="p" href="guide-freeipa-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
14 <td><a accesskey="p" href="guide-ipa-permit.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
1515 <td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
1616 <td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
1717 <th width="100%" align="center">realmd</th>
2020 <div class="chapter">
2121 <div class="titlepage"><div><div><h2 class="title">
2222 <a name="guide-kerberos"></a>Using with other Kerberos realms</h2></div></div></div>
23 <div class="toc"><dl class="toc"><dt><span class="section"><a href="guide-kerberos.html#idm273583842800">Discovering Kerberos realms</a></span></dt></dl></div>
23 <div class="toc"><dl class="toc"><dt><span class="section"><a href="guide-kerberos.html#idm265574189360">Discovering Kerberos realms</a></span></dt></dl></div>
2424 <p><span class="command"><strong>realmd</strong></span> can discover generic Kerberos realms.
2525 Since there is no standard way to enroll a computer against a Kerberos
2626 server, it is not possible to do this with <span class="command"><strong>realmd</strong></span>.</p>
2727 <div class="section">
2828 <div class="titlepage"><div><div><h2 class="title" style="clear: both">
29 <a name="idm273583842800"></a>Discovering Kerberos realms</h2></div></div></div>
29 <a name="idm265574189360"></a>Discovering Kerberos realms</h2></div></div></div>
3030 <p><span class="command"><strong>realmd</strong></span> discovers which domains or
3131 realms it can use or configure. It can discover and identify
3232 Kerberos domains by looking up the appropriate DNS SRV
+8
-8
doc/manual/html/guide.html less more
3737 <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
3838 <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
3939 <dd><dl>
40 <dt><span class="section"><a href="guide-active-directory-client.html#idm273583734112">Using SSSD with Active Directory</a></span></dt>
41 <dt><span class="section"><a href="guide-active-directory-client.html#idm273583027232">Using Winbind with Active Directory</a></span></dt>
40 <dt><span class="section"><a href="guide-active-directory-client.html#idm265573031696">Using SSSD with Active Directory</a></span></dt>
41 <dt><span class="section"><a href="guide-active-directory-client.html#idm265570004192">Using Winbind with Active Directory</a></span></dt>
4242 </dl></dd>
4343 <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
4444 <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
4545 </dl></dd>
46 <dt><span class="chapter"><a href="guide-freeipa.html">Using with FreeIPA</a></span></dt>
46 <dt><span class="chapter"><a href="guide-ipa.html">Using with IPA</a></span></dt>
4747 <dd><dl>
48 <dt><span class="section"><a href="guide-freeipa.html#idm273582976032">Discovering FreeIPA domains</a></span></dt>
49 <dt><span class="section"><a href="guide-freeipa-client.html">FreeIPA client software</a></span></dt>
50 <dt><span class="section"><a href="guide-freeipa-join.html">Joining a FreeIPA domain</a></span></dt>
51 <dt><span class="section"><a href="guide-freeipa-permit.html">Logins using Domain Accounts</a></span></dt>
48 <dt><span class="section"><a href="guide-ipa.html#idm265571870304">Discovering IPA domains</a></span></dt>
49 <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt>
50 <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt>
51 <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt>
5252 </dl></dd>
5353 <dt><span class="chapter"><a href="guide-kerberos.html">Using with other Kerberos realms</a></span></dt>
54 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm273583842800">Discovering Kerberos realms</a></span></dt></dl></dd>
54 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm265574189360">Discovering Kerberos realms</a></span></dt></dl></dd>
5555 <dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt>
5656 </dl>
5757 </div>
+9
-9
doc/manual/html/index.html less more
1212 <div class="titlepage">
1313 <div>
1414 <div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">realmd</p></th></tr></table></div>
15 <div><p class="releaseinfo">for 0.14.2
15 <div><p class="releaseinfo">for 0.14.4
1616 </p></div>
1717 </div>
1818 <hr>
3434 <dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
3535 <dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
3636 <dd><dl>
37 <dt><span class="section"><a href="guide-active-directory-client.html#idm273583734112">Using SSSD with Active Directory</a></span></dt>
38 <dt><span class="section"><a href="guide-active-directory-client.html#idm273583027232">Using Winbind with Active Directory</a></span></dt>
37 <dt><span class="section"><a href="guide-active-directory-client.html#idm265573031696">Using SSSD with Active Directory</a></span></dt>
38 <dt><span class="section"><a href="guide-active-directory-client.html#idm265570004192">Using Winbind with Active Directory</a></span></dt>
3939 </dl></dd>
4040 <dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
4141 <dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
4242 </dl></dd>
43 <dt><span class="chapter"><a href="guide-freeipa.html">Using with FreeIPA</a></span></dt>
43 <dt><span class="chapter"><a href="guide-ipa.html">Using with IPA</a></span></dt>
4444 <dd><dl>
45 <dt><span class="section"><a href="guide-freeipa.html#idm273582976032">Discovering FreeIPA domains</a></span></dt>
46 <dt><span class="section"><a href="guide-freeipa-client.html">FreeIPA client software</a></span></dt>
47 <dt><span class="section"><a href="guide-freeipa-join.html">Joining a FreeIPA domain</a></span></dt>
48 <dt><span class="section"><a href="guide-freeipa-permit.html">Logins using Domain Accounts</a></span></dt>
45 <dt><span class="section"><a href="guide-ipa.html#idm265571870304">Discovering IPA domains</a></span></dt>
46 <dt><span class="section"><a href="guide-ipa-client.html">IPA client software</a></span></dt>
47 <dt><span class="section"><a href="guide-ipa-join.html">Joining a IPA domain</a></span></dt>
48 <dt><span class="section"><a href="guide-ipa-permit.html">Logins using Domain Accounts</a></span></dt>
4949 </dl></dd>
5050 <dt><span class="chapter"><a href="guide-kerberos.html">Using with other Kerberos realms</a></span></dt>
51 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm273583842800">Discovering Kerberos realms</a></span></dt></dl></dd>
51 <dd><dl><dt><span class="section"><a href="guide-kerberos.html#idm265574189360">Discovering Kerberos realms</a></span></dt></dl></dd>
5252 <dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt>
5353 </dl></dd>
5454 <dt><span class="part"><a href="development.html">II. Developer Reference</a></span></dt>
+26
-21
doc/manual/html/realm.html less more
3232 <div class="cmdsynopsis"><p><code class="command">realm join</code> [-U user] [realm-name]</p></div>
3333 <div class="cmdsynopsis"><p><code class="command">realm leave</code> [-U user] [realm-name]</p></div>
3434 <div class="cmdsynopsis"><p><code class="command">realm list</code> </p></div>
35 <div class="cmdsynopsis"><p><code class="command">realm permit</code> [-ax] [-R realm] {user...}</p></div>
35 <div class="cmdsynopsis"><p><code class="command">realm permit</code> [-ax] [-R realm] {user@domain...}</p></div>
3636 <div class="cmdsynopsis"><p><code class="command">realm deny</code> -a [-R realm]</p></div>
3737 </div>
3838 <div class="refsect1">
39 <a name="idm273582430896"></a><h2>Description</h2>
39 <a name="idm265573199392"></a><h2>Description</h2>
4040 <p><span class="command"><strong>realm</strong></span> is a command line tool that
4141 can be used to manage enrollment in kerberos realms, like Active
4242 Directory domains or IPA domains.</p>
5757 when running in this mode.</p></td>
5858 </tr>
5959 <tr>
60 <td><p><span class="term"><code class="option">--unattended</code></span></p></td>
61 <td><p>Run in unattended mode without prompting
62 for input.</p></td>
63 </tr>
64 <tr>
6065 <td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
6166 <td><p>Display verbose diagnostics while doing
6267 running commands.</p></td>
6570 </table></div>
6671 </div>
6772 <div class="refsect1">
68 <a name="idm273582424624"></a><h2>Discover</h2>
73 <a name="idm265573191552"></a><h2>Discover</h2>
6974 <p>Discover a realm and its capabilities.</p>
7075 <div class="informalexample">
7176 <pre class="programlisting">
103108 <td><p>Only discover realms which run the
104109 given server software. Possible values include
105110 <em class="replaceable"><code>active-directory</code></em> or
106 <em class="replaceable"><code>freeipa</code></em>.</p></td>
111 <em class="replaceable"><code>ipa</code></em>.</p></td>
107112 </tr>
108113 <tr>
109114 <td><p><span class="term"><code class="option">--membership-software=xxx</code></span></p></td>
116121 </table></div>
117122 </div>
118123 <div class="refsect1">
119 <a name="idm273582410256"></a><h2>Join</h2>
124 <a name="idm265573177328"></a><h2>Join</h2>
120125 <p>Configure the local machine for use with a realm.</p>
121126 <div class="informalexample">
122127 <pre class="programlisting">
134139 For kerberos realms, a computer account and host keytab is created.</p>
135140 <p>Joining arbitrary kerberos realms is not supported. The realm
136141 must have a supported mechanism for joining from a client machine, such
137 as Active Directory or FreeIPA.</p>
138 <p>Unless a <code class="literal">--user</code> is explicitly specified, an automatic join is attempted first.</p>
142 as Active Directory or IPA.</p>
143 <p>Unless a <code class="literal">--user</code> is explicitly specified, an
144 automatic join is attempted first. Automatic joins require pre-configuration
145 on the domain side, and may not be supported by all domains.</p>
139146 <p>Note that the <code class="literal">--user </code>, <code class="literal">--no-password</code>,
140147 and <code class="literal">--one-time-password </code> options are mutually exclusive.
141148 At most one of them can be specified.</p>
146153 from the credential cache. The <span class="command"><strong>realm</strong></span> respects the
147154 <code class="literal">KRB5_CCACHE</code> environment variable, but uses the default
148155 kerberos credential cache if it's not present. Not all types of servers
149 can be joined using kerberos credentials, some (like FreeIPA) insist on
156 can be joined using kerberos credentials, some (like IPA) insist on
150157 prompting for a password.</p>
151158 <p>The following options can be used:</p>
152159 <div class="variablelist"><table border="0" class="variablelist">
167174 unit to create the computer account. The exact format
168175 of the distinguished name depends on the client software
169176 and membership software. You can usually omit the root
170 DSE portion of distinguished name.</p></td>
177 DSE portion of distinguished name. This is an Active
178 Directory specific option.</p></td>
171179 </tr>
172180 <tr>
173181 <td><p><span class="term"><code class="option">--no-password</code></span></p></td>
194202 <td><p>Only join realms for run the
195203 given server software. Possible values include
196204 <em class="replaceable"><code>active-directory</code></em> or
197 <em class="replaceable"><code>freeipa</code></em>.</p></td>
205 <em class="replaceable"><code>ipa</code></em>.</p></td>
198206 </tr>
199207 <tr>
200208 <td><p><span class="term"><code class="option">--membership-software=xxx</code></span></p></td>
215223 </table></div>
216224 </div>
217225 <div class="refsect1">
218 <a name="idm273582379280"></a><h2>Leave</h2>
226 <a name="idm265573146128"></a><h2>Leave</h2>
219227 <p>Deconfigure the local machine for use with a realm.</p>
220228 <div class="informalexample">
221229 <pre class="programlisting">
246254 <td><p>Only leave the realm which is using the
247255 given server software. Possible values include
248256 <em class="replaceable"><code>active-directory</code></em> or
249 <em class="replaceable"><code>freeipa</code></em>.</p></td>
257 <em class="replaceable"><code>ipa</code></em>.</p></td>
250258 </tr>
251259 <tr>
252260 <td><p><span class="term"><code class="option">--remove</code></span></p></td>
264272 </table></div>
265273 </div>
266274 <div class="refsect1">
267 <a name="idm273582365616"></a><h2>List</h2>
275 <a name="idm265573132464"></a><h2>List</h2>
268276 <p>List all the discovered and configured realms.</p>
269277 <div class="informalexample"><pre class="programlisting">
270278 $ realm list
294302 </table></div>
295303 </div>
296304 <div class="refsect1">
297 <a name="idm273582357888"></a><h2>Permit</h2>
305 <a name="idm265573124736"></a><h2>Permit</h2>
298306 <p>Permit local login by users of the realm.</p>
299307 <div class="informalexample"><pre class="programlisting">
300308 $ realm permit --all
301 $ realm permit DOMAIN\User
302 $ realm permit DOMAIN\User2
303 $ realm permit --withdraw DOMAIN\User
309 $ realm permit user@example.com
310 $ realm permit DOMAIN\\User2
311 $ realm permit --withdraw user@example.com
304312 </pre></div>
305313 <p>The current login policy and format of the user names can be seen
306314 by using the <span class="command"><strong>realm list</strong></span> command.</p>
307 <p>The following options can be used:</p>
308 <p>The format of the user name can be seen by using the
309 <code class="option">list</code> command.</p>
310315 <p>The following options can be used:</p>
311316 <div class="variablelist"><table border="0" class="variablelist">
312317 <colgroup>
341346 </table></div>
342347 </div>
343348 <div class="refsect1">
344 <a name="idm273582345168"></a><h2>Deny</h2>
349 <a name="idm265573113328"></a><h2>Deny</h2>
345350 <p>Deny local login by realm accounts.</p>
346351 <div class="informalexample"><pre class="programlisting">
347352 $ realm deny --all
+24
-5
doc/manual/html/realmd-conf.html less more
2727 <td valign="top" align="right"></td>
2828 </tr></table></div>
2929 <div class="refsect1">
30 <a name="idm273580945152"></a><h2>Configuration File</h2>
30 <a name="idm265570999216"></a><h2>Configuration File</h2>
3131 <p><span class="command"><strong>realmd</strong></span> can be tweaked by network administrators
3232 to act in specific ways. This is done by placing settings in a
3333 <code class="filename">/etc/realmd.conf</code>. This file does not exist by
3434 default. The syntax of this file is the same as an INI file or
3535 Desktop Entry file.</p>
36 <p>In general, settings in this file only apply at the point of
37 joining a domain or realm. Once the realm has been setup the settings
38 have no effect. You may choose to configure
39 <a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> or
40 <a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a>
41 directly.</p>
3642 <p>Only specify the settings you wish to override in the
3743 <code class="filename">/etc/realmd.conf</code> file. Settings not specified will
3844 be loaded from their packaged defaults. Only override the settings
121127 <code class="option">os-version</code> settings to control the values that
122128 are placed in the computer account <code class="option">operatingSystem</code> and
123129 <code class="option">operatingSystemVersion</code> attributes.</p>
130 <p>This is an Active Directory specific option.</p>
124131 <div class="informalexample"><pre class="programlisting">
125132 [active-directory]
126133 os-name = Gentoo Linux
179186
180187 </pre></div>
181188 <p>The default setting for this is <code class="option">/home/%D/%U</code>. The
182 <code class="option">%D</code> format is replaced by the domain name. In the case of
183 Active Directory this is the short domain name. The <code class="option">%U</code>
189 <code class="option">%D</code> format is replaced by the domain name. The <code class="option">%U</code>
184190 format is replaced by the user name.</p>
185191 <p>You can verify the home directory for a user by running the
186192 following command.</p>
188194 $ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span>
189195 DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
190196 </pre></div>
197 <p>Note that in the case of IPA domains, most users already have a
198 home directory configured in the domain. Therefore this configuration
199 setting may rarely show through.</p>
191200 </td>
192201 </tr>
193202 <tr>
211220 $ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span>
212221 DOMAIN\user:*:13445:13446:Name:/home/DOMAIN/user:/bin/bash
213222 </pre></div>
223 <p>Note that in the case of IPA domains, most users already have a
224 shell configured in the domain. Therefore this configuration setting
225 may rarely show through.</p>
214226 </td>
215227 </tr>
216228 </tbody>
217229 </table></div>
218230 </div>
219231 <div class="refsect1">
220 <a name="idm273579937344"></a><h2>Realm specific settings</h2>
232 <a name="idm265570515856"></a><h2>Realm specific settings</h2>
221233 <p>These options should go in an section with the same name
222234 as the realm in the <code class="filename">/etc/realmd.conf</code> file.
223235 For example for the <code class="option">domain.example.com</code> domain
276288 Turn it off to use UID and GID information stored in the
277289 directory (as-per RFC2307) rather than automatically generating
278290 UID and GID numbers.</p>
291 <p>This option only makes sense for Active Directory
292 realms.</p>
279293 <div class="informalexample"><pre class="programlisting">
280294 [domain.example.com]
281295 automatic-id-mapping = no
294308 [domain.example.com]
295309 manage-system = no
296310 # manage-system = yes
297 </pre></div>
311
312 </pre></div>
313 <p>When this option is turned on <span class="command"><strong>realmd</strong></span>
314 defaults to using domain policy to control who can log into
315 this machine. Further adjustments to login policy can be made
316 with the <span class="command"><strong>realm permit</strong></span> command.</p>
298317 </td>
299318 </tr>
300319 <tr>
+20
-17
doc/manual/realm.xml less more
4141 <command>realm list</command>
4242 </cmdsynopsis>
4343 <cmdsynopsis>
44 <command>realm permit</command> <arg choice="opt">-ax</arg> <arg choice="opt">-R realm</arg> <arg choice="req" rep="repeat">user</arg>
44 <command>realm permit</command> <arg choice="opt">-ax</arg> <arg choice="opt">-R realm</arg> <arg choice="req" rep="repeat">user@domain</arg>
4545 </cmdsynopsis>
4646 <cmdsynopsis>
4747 <command>realm deny</command> <arg choice="plain">-a</arg> <arg choice="opt">-R realm</arg>
6767 when running in this mode.</para></listitem>
6868 </varlistentry>
6969 <varlistentry>
70 <term><option>--unattended</option></term>
71 <listitem><para>Run in unattended mode without prompting
72 for input.</para></listitem>
73 </varlistentry>
74 <varlistentry>
7075 <term><option>--verbose, -v</option></term>
7176 <listitem><para>Display verbose diagnostics while doing
7277 running commands.</para></listitem>
115120 <listitem><para>Only discover realms which run the
116121 given server software. Possible values include
117122 <replaceable>active-directory</replaceable> or
118 <replaceable>freeipa</replaceable>.</para></listitem>
123 <replaceable>ipa</replaceable>.</para></listitem>
119124 </varlistentry>
120125 <varlistentry>
121126 <term><option>--membership-software=xxx</option></term>
152157
153158 <para>Joining arbitrary kerberos realms is not supported. The realm
154159 must have a supported mechanism for joining from a client machine, such
155 as Active Directory or FreeIPA.</para>
156
157 <para>Unless a <literal>--user</literal> is explicitly specified, an automatic join is attempted first.</para>
160 as Active Directory or IPA.</para>
161
162 <para>Unless a <literal>--user</literal> is explicitly specified, an
163 automatic join is attempted first. Automatic joins require pre-configuration
164 on the domain side, and may not be supported by all domains.</para>
158165
159166 <para>Note that the <literal>--user </literal>, <literal>--no-password</literal>,
160167 and <literal>--one-time-password </literal> options are mutually exclusive.
167174 from the credential cache. The <command>realm</command> respects the
168175 <literal>KRB5_CCACHE</literal> environment variable, but uses the default
169176 kerberos credential cache if it's not present. Not all types of servers
170 can be joined using kerberos credentials, some (like FreeIPA) insist on
177 can be joined using kerberos credentials, some (like IPA) insist on
171178 prompting for a password.</para>
172179
173180 <para>The following options can be used:</para>
185192 unit to create the computer account. The exact format
186193 of the distinguished name depends on the client software
187194 and membership software. You can usually omit the root
188 DSE portion of distinguished name.</para></listitem>
195 DSE portion of distinguished name. This is an Active
196 Directory specific option.</para></listitem>
189197 </varlistentry>
190198 <varlistentry>
191199 <term><option>--no-password</option></term>
212220 <listitem><para>Only join realms for run the
213221 given server software. Possible values include
214222 <replaceable>active-directory</replaceable> or
215 <replaceable>freeipa</replaceable>.</para></listitem>
223 <replaceable>ipa</replaceable>.</para></listitem>
216224 </varlistentry>
217225 <varlistentry>
218226 <term><option>--membership-software=xxx</option></term>
265273 <listitem><para>Only leave the realm which is using the
266274 given server software. Possible values include
267275 <replaceable>active-directory</replaceable> or
268 <replaceable>freeipa</replaceable>.</para></listitem>
276 <replaceable>ipa</replaceable>.</para></listitem>
269277 </varlistentry>
270278 <varlistentry>
271279 <term><option>--remove</option></term>
323331 <informalexample>
324332 <programlisting>
325333 $ realm permit --all
326 $ realm permit DOMAIN\User
327 $ realm permit DOMAIN\User2
328 $ realm permit --withdraw DOMAIN\User
334 $ realm permit user@example.com
335 $ realm permit DOMAIN\\User2
336 $ realm permit --withdraw user@example.com
329337 </programlisting>
330338 </informalexample>
331339
332340 <para>The current login policy and format of the user names can be seen
333341 by using the <command>realm list</command> command.</para>
334
335 <para>The following options can be used:</para>
336
337 <para>The format of the user name can be seen by using the
338 <option>list</option> command.</para>
339342
340343 <para>The following options can be used:</para>
341344
+1
-1
doc/manual/realmd-docs.xml less more
1919 </chapter>
2020
2121 <xi:include href="realmd-guide-active-directory.xml"/>
22 <xi:include href="realmd-guide-freeipa.xml"/>
22 <xi:include href="realmd-guide-ipa.xml"/>
2323 <xi:include href="realmd-guide-kerberos.xml"/>
2424
2525 <chapter id="guide-integration">
+0
-164
doc/manual/realmd-guide-freeipa.xml less more
0 <?xml version="1.0"?>
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
2 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
3 [
4 <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
5 ]>
6
7 <chapter id="guide-freeipa">
8 <title>Using with FreeIPA</title>
9
10 <para><command>realmd</command> can discover FreeIPA domains and join
11 the current computer as an account on a domain. This allows using domain
12 users locally, and log into the local machine with FreeIPA domain
13 credentials.</para>
14
15 <section>
16 <title>Discovering FreeIPA domains</title>
17 <para><command>realmd</command> discovers which domains or
18 realms it can use or configure. It can discover and identify
19 FreeIPA domains by looking up the appropriate DNS SRV
20 records and by connecting to the domain LDAP server.</para>
21
22 <para>The following DNS SRV records are required to be present
23 for <command>realmd</command> to identify a provided realm as
24 an Kerberos domain.</para>
25
26 <informalexample>
27 <screen>
28 # In this example the FreeIPA domain is 'domain.example.com'
29 <emphasis>_ldap._tcp.</emphasis>domain.example.com.
30 </screen>
31 </informalexample>
32
33 <para>In addition <command>realmd</command> connects to the LDAP
34 server on the FreeIPA domain server's on port 389 and reads the
35 Root DSE information about the domain.</para>
36
37 <para>To see how <command>realmd</command> is discovering a
38 particular domain name, try a command like the following. Using
39 the <option>--verbose</option> argument displays verbose
40 discovery information.</para>
41
42 <informalexample>
43 <screen>
44 $ <command>realm --verbose discover domain.example.com</command>
45 * Resolving: _ldap._tcp.dc._msdcs.domain.example.com
46 * Resolving: _ldap._tcp.domain.example.com
47 * Performing LDAP DSE lookup on: 192.168.10.22
48 * Successfully discovered: domain.example.com
49 ...
50 </screen>
51 </informalexample>
52
53 <para>In addition a FreeIPA domain server's host name
54 or IP address may be specified.</para>
55 </section>
56
57 <section id="guide-freeipa-client">
58 <title>FreeIPA client software</title>
59 <para>As part of configuring an FreeIPA domain for use
60 on the local computer, <command>realmd</command> will install and
61 configure client software to enable domain accounts to be used on
62 the local computer.</para>
63
64 <para>For a FreeIPA domain this is
65 <ulink url="https://fedorahosted.org/sssd/">SSSD</ulink>.</para>
66
67 </section>
68
69 <section id="guide-freeipa-join">
70 <title>Joining a FreeIPA domain</title>
71
72 <para>To join a FreeIPA domain with <command>realmd</command>
73 you can use the <link linkend="realm"><command>realm</command></link>
74 command line tool:</para>
75
76 <informalexample>
77 <screen>
78 $ <command>realm join --verbose ipa.example.com</command>
79 </screen>
80 </informalexample>
81
82 <para>By specifying the <option>--verbose</option> it's easier
83 to see what went wrong if the join fails.</para>
84
85 <para>Other tools also use <command>realmd</command> which can
86 be used to perform the join operation, for example: GNOME
87 Control Center.</para>
88
89 <para>The join operation does the following:</para>
90 <itemizedlist>
91 <listitem><para>Discovers information about the domain.</para></listitem>
92 <listitem><para>Installs the necessary software to join the domain, such as SSSD.</para></listitem>
93 <listitem><para>Prompts for administrative credentials.</para></listitem>
94 <listitem><para>A computer account in the domain will be created, and or updated.</para></listitem>
95 <listitem><para>A host keytab file at <filename>/etc/krb5.keytab</filename> is created.</para></listitem>
96 <listitem><para>Configures the SSSD service, and restarts and enables it as appropriate.</para></listitem>
97 <listitem><para>Enables domain users in <filename>/etc/nsswitch.conf</filename></para></listitem>
98 </itemizedlist>
99
100 <para>In addition an FreeIPA domain server's host name
101 or IP address may be specified to join via that domain controller
102 directly.</para>
103
104 <para>After the join operation is complete, domain accounts should
105 be usable locally, although logins using domain accounts are
106 not necessarily enabled.</para>
107
108 <para>You verify that domain accounts are working with with a
109 command like this:</para>
110
111 <informalexample>
112 <screen>
113 $ <command>getent passwd admin@ipa.example.com</command>
114 </screen>
115 </informalexample>
116
117 <para>The join operation will create or update a computer account
118 in the domain.</para>
119
120 </section>
121
122 <section id="guide-freeipa-permit">
123 <title>Logins using Domain Accounts</title>
124
125 <para>Once the
126 <link linkend="guide-freeipa-join">computer is joined</link>
127 to a FreeIPA domain, the machine will automatically follow the
128 domain settings for whether users are able to log into the
129 machine or not.</para>
130
131 <para>To override this behavior and permit any domain account
132 to log in, use the following command.</para>
133
134 <informalexample>
135 <screen>
136 $ <command>realm permit --realm domain.example.com --all</command>
137 </screen>
138 </informalexample>
139
140 <para>To permit only specific accounts from the domain to log in
141 use the following command. The first time this command is run
142 it will change the mode to only allow logins by specific accounts,
143 and then add the specified accounts to the list of accounts
144 to permit.</para>
145
146 <informalexample>
147 <screen>
148 $ <command>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</command>
149 </screen>
150 </informalexample>
151
152 <para>To deny logins from any domain account, use the following
153 command.</para>
154
155 <informalexample>
156 <screen>
157 $ <command>realm deny --realm domain.example.com --all</command>
158 </screen>
159 </informalexample>
160
161 </section>
162
163 </chapter>
+164
-0
doc/manual/realmd-guide-ipa.xml less more
0 <?xml version="1.0"?>
1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
2 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
3 [
4 <!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
5 ]>
6
7 <chapter id="guide-ipa">
8 <title>Using with IPA</title>
9
10 <para><command>realmd</command> can discover IPA domains and join
11 the current computer as an account on a domain. This allows using domain
12 users locally, and log into the local machine with IPA domain
13 credentials.</para>
14
15 <section>
16 <title>Discovering IPA domains</title>
17 <para><command>realmd</command> discovers which domains or
18 realms it can use or configure. It can discover and identify
19 IPA domains by looking up the appropriate DNS SRV
20 records and by connecting to the domain LDAP server.</para>
21
22 <para>The following DNS SRV records are required to be present
23 for <command>realmd</command> to identify a provided realm as
24 an Kerberos domain.</para>
25
26 <informalexample>
27 <screen>
28 # In this example the IPA domain is 'domain.example.com'
29 <emphasis>_ldap._tcp.</emphasis>domain.example.com.
30 </screen>
31 </informalexample>
32
33 <para>In addition <command>realmd</command> connects to the LDAP
34 server on the IPA domain server's on port 389 and reads the
35 Root DSE information about the domain.</para>
36
37 <para>To see how <command>realmd</command> is discovering a
38 particular domain name, try a command like the following. Using
39 the <option>--verbose</option> argument displays verbose
40 discovery information.</para>
41
42 <informalexample>
43 <screen>
44 $ <command>realm --verbose discover domain.example.com</command>
45 * Resolving: _ldap._tcp.dc._msdcs.domain.example.com
46 * Resolving: _ldap._tcp.domain.example.com
47 * Performing LDAP DSE lookup on: 192.168.10.22
48 * Successfully discovered: domain.example.com
49 ...
50 </screen>
51 </informalexample>
52
53 <para>In addition a IPA domain server's host name
54 or IP address may be specified.</para>
55 </section>
56
57 <section id="guide-ipa-client">
58 <title>IPA client software</title>
59 <para>As part of configuring an IPA domain for use
60 on the local computer, <command>realmd</command> will install and
61 configure client software to enable domain accounts to be used on
62 the local computer.</para>
63
64 <para>For a IPA domain this is
65 <ulink url="https://fedorahosted.org/sssd/">SSSD</ulink>.</para>
66
67 </section>
68
69 <section id="guide-ipa-join">
70 <title>Joining a IPA domain</title>
71
72 <para>To join a IPA domain with <command>realmd</command>
73 you can use the <link linkend="realm"><command>realm</command></link>
74 command line tool:</para>
75
76 <informalexample>
77 <screen>
78 $ <command>realm join --verbose ipa.example.com</command>
79 </screen>
80 </informalexample>
81
82 <para>By specifying the <option>--verbose</option> it's easier
83 to see what went wrong if the join fails.</para>
84
85 <para>Other tools also use <command>realmd</command> which can
86 be used to perform the join operation, for example: GNOME
87 Control Center.</para>
88
89 <para>The join operation does the following:</para>
90 <itemizedlist>
91 <listitem><para>Discovers information about the domain.</para></listitem>
92 <listitem><para>Installs the necessary software to join the domain, such as SSSD.</para></listitem>
93 <listitem><para>Prompts for administrative credentials.</para></listitem>
94 <listitem><para>A computer account in the domain will be created, and or updated.</para></listitem>
95 <listitem><para>A host keytab file at <filename>/etc/krb5.keytab</filename> is created.</para></listitem>
96 <listitem><para>Configures the SSSD service, and restarts and enables it as appropriate.</para></listitem>
97 <listitem><para>Enables domain users in <filename>/etc/nsswitch.conf</filename></para></listitem>
98 </itemizedlist>
99
100 <para>In addition an IPA domain server's host name
101 or IP address may be specified to join via that domain controller
102 directly.</para>
103
104 <para>After the join operation is complete, domain accounts should
105 be usable locally, although logins using domain accounts are
106 not necessarily enabled.</para>
107
108 <para>You verify that domain accounts are working with with a
109 command like this:</para>
110
111 <informalexample>
112 <screen>
113 $ <command>getent passwd admin@ipa.example.com</command>
114 </screen>
115 </informalexample>
116
117 <para>The join operation will create or update a computer account
118 in the domain.</para>
119
120 </section>
121
122 <section id="guide-ipa-permit">
123 <title>Logins using Domain Accounts</title>
124
125 <para>Once the
126 <link linkend="guide-ipa-join">computer is joined</link>
127 to a IPA domain, the machine will automatically follow the
128 domain settings for whether users are able to log into the
129 machine or not.</para>
130
131 <para>To override this behavior and permit any domain account
132 to log in, use the following command.</para>
133
134 <informalexample>
135 <screen>
136 $ <command>realm permit --realm domain.example.com --all</command>
137 </screen>
138 </informalexample>
139
140 <para>To permit only specific accounts from the domain to log in
141 use the following command. The first time this command is run
142 it will change the mode to only allow logins by specific accounts,
143 and then add the specified accounts to the list of accounts
144 to permit.</para>
145
146 <informalexample>
147 <screen>
148 $ <command>realm permit --realm domain.example.com user1@ipa.example.com user2@ipa.example.com</command>
149 </screen>
150 </informalexample>
151
152 <para>To deny logins from any domain account, use the following
153 command.</para>
154
155 <informalexample>
156 <screen>
157 $ <command>realm deny --realm domain.example.com --all</command>
158 </screen>
159 </informalexample>
160
161 </section>
162
163 </chapter>
+27
-4
doc/manual/realmd.conf.xml less more
3535 <filename>/etc/realmd.conf</filename>. This file does not exist by
3636 default. The syntax of this file is the same as an INI file or
3737 Desktop Entry file.</para>
38
39 <para>In general, settings in this file only apply at the point of
40 joining a domain or realm. Once the realm has been setup the settings
41 have no effect. You may choose to configure
42 <ulink url="https://fedorahosted.org/sssd/">SSSD</ulink> or
43 <ulink url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html">Winbind</ulink>
44 directly.</para>
3845
3946 <para>Only specify the settings you wish to override in the
4047 <filename>/etc/realmd.conf</filename> file. Settings not specified will
139146 are placed in the computer account <option>operatingSystem</option> and
140147 <option>operatingSystemVersion</option> attributes.</para>
141148
149 <para>This is an Active Directory specific option.</para>
150
142151 <informalexample>
143152 <programlisting language="js">
144153 [active-directory]
205214 </informalexample>
206215
207216 <para>The default setting for this is <option>/home/%D/%U</option>. The
208 <option>%D</option> format is replaced by the domain name. In the case of
209 Active Directory this is the short domain name. The <option>%U</option>
217 <option>%D</option> format is replaced by the domain name. The <option>%U</option>
210218 format is replaced by the user name.</para>
211219
212220 <para>You can verify the home directory for a user by running the
219227 </screen>
220228 </informalexample>
221229
230 <para>Note that in the case of IPA domains, most users already have a
231 home directory configured in the domain. Therefore this configuration
232 setting may rarely show through.</para>
222233 </listitem>
223234 </varlistentry>
224235
252263 </screen>
253264 </informalexample>
254265
266 <para>Note that in the case of IPA domains, most users already have a
267 shell configured in the domain. Therefore this configuration setting
268 may rarely show through.</para>
255269 </listitem>
256270 </varlistentry>
257271
331345 directory (as-per RFC2307) rather than automatically generating
332346 UID and GID numbers.</para>
333347
348 <para>This option only makes sense for Active Directory
349 realms.</para>
350
334351 <informalexample>
335352 <programlisting>
336353 [domain.example.com]
354371 [domain.example.com]
355372 manage-system = no
356373 # manage-system = yes
357 </programlisting>
358 </informalexample>
374
375 </programlisting>
376 </informalexample>
377
378 <para>When this option is turned on <command>realmd</command>
379 defaults to using domain policy to control who can log into
380 this machine. Further adjustments to login policy can be made
381 with the <command>realm permit</command> command.</para>
359382 </listitem>
360383 </varlistentry>
361384
+1
-1
doc/version.xml less more
0 0.14.2
0 0.14.5
+44
-16
doc/website/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1313
1414 @SET_MAKE@
1515 VPATH = @srcdir@
16 am__make_dryrun = \
17 { \
18 am__dry=no; \
16 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
17 am__make_running_with_option = \
18 case $${target_option-} in \
19 ?) ;; \
20 *) echo "am__make_running_with_option: internal error: invalid" \
21 "target option '$${target_option-}' specified" >&2; \
22 exit 1;; \
23 esac; \
24 has_opt=no; \
25 sane_makeflags=$$MAKEFLAGS; \
26 if $(am__is_gnu_make); then \
27 sane_makeflags=$$MFLAGS; \
28 else \
1929 case $$MAKEFLAGS in \
2030 *\\[\ \ ]*) \
21 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
22 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
23 *) \
24 for am__flg in $$MAKEFLAGS; do \
25 case $$am__flg in \
26 *=*|--*) ;; \
27 *n*) am__dry=yes; break;; \
28 esac; \
29 done;; \
31 bs=\\; \
32 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
33 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3034 esac; \
31 test $$am__dry = yes; \
32 }
35 fi; \
36 skip_next=no; \
37 strip_trailopt () \
38 { \
39 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
40 }; \
41 for flg in $$sane_makeflags; do \
42 test $$skip_next = yes && { skip_next=no; continue; }; \
43 case $$flg in \
44 *=*|--*) continue;; \
45 -*I) strip_trailopt 'I'; skip_next=yes;; \
46 -*I?*) strip_trailopt 'I';; \
47 -*O) strip_trailopt 'O'; skip_next=yes;; \
48 -*O?*) strip_trailopt 'O';; \
49 -*l) strip_trailopt 'l'; skip_next=yes;; \
50 -*l?*) strip_trailopt 'l';; \
51 -[dEDm]) skip_next=yes;; \
52 -[JT]) skip_next=yes;; \
53 esac; \
54 case $$flg in \
55 *$$target_option*) has_opt=yes; break;; \
56 esac; \
57 done; \
58 test $$has_opt = yes
59 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
60 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3361 pkgdatadir = $(datadir)/@PACKAGE@
3462 pkgincludedir = $(includedir)/@PACKAGE@
3563 pkglibdir = $(libdir)/@PACKAGE@
+2
-2
service/Makefile.am less more
6868 -DSYSCONF_DIR="\"$(sysconfdir)\"" \
6969 -DPROVIDER_DIR="\"$(privatedir)/provider.d\"" \
7070 -DLOCALEDIR=\""$(datadir)/locale"\" \
71 -DSTATE_DIR="\"$(localstatedir)/realmd\"" \
71 -DSTATE_DIR="\"$(localstatedir)/lib/realmd\"" \
7272 -DCACHEDIR="\"$(cachedir)\"" \
7373 $(PACKAGEKIT_CFLAGS) \
7474 $(POLKIT_CFLAGS) \
9191 # Install and uninstall the config for this distro
9292 install-data-local:
9393 $(INSTALL_PROGRAM) -d $(DESTDIR)$(privatedir)
94 $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/realmd
94 $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/lib/realmd
9595 $(INSTALL_PROGRAM) -d $(DESTDIR)$(cachedir)
9696 $(INSTALL_DATA) $(srcdir)/realmd-$(DISTRO).conf $(DESTDIR)$(privatedir)/realmd-distro.conf
9797 uninstall-local:
+47
-18
service/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1515
1616
1717 VPATH = @srcdir@
18 am__make_dryrun = \
19 { \
20 am__dry=no; \
18 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
19 am__make_running_with_option = \
20 case $${target_option-} in \
21 ?) ;; \
22 *) echo "am__make_running_with_option: internal error: invalid" \
23 "target option '$${target_option-}' specified" >&2; \
24 exit 1;; \
25 esac; \
26 has_opt=no; \
27 sane_makeflags=$$MAKEFLAGS; \
28 if $(am__is_gnu_make); then \
29 sane_makeflags=$$MFLAGS; \
30 else \
2131 case $$MAKEFLAGS in \
2232 *\\[\ \ ]*) \
23 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
24 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
25 *) \
26 for am__flg in $$MAKEFLAGS; do \
27 case $$am__flg in \
28 *=*|--*) ;; \
29 *n*) am__dry=yes; break;; \
30 esac; \
31 done;; \
33 bs=\\; \
34 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
35 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3236 esac; \
33 test $$am__dry = yes; \
34 }
37 fi; \
38 skip_next=no; \
39 strip_trailopt () \
40 { \
41 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
42 }; \
43 for flg in $$sane_makeflags; do \
44 test $$skip_next = yes && { skip_next=no; continue; }; \
45 case $$flg in \
46 *=*|--*) continue;; \
47 -*I) strip_trailopt 'I'; skip_next=yes;; \
48 -*I?*) strip_trailopt 'I';; \
49 -*O) strip_trailopt 'O'; skip_next=yes;; \
50 -*O?*) strip_trailopt 'O';; \
51 -*l) strip_trailopt 'l'; skip_next=yes;; \
52 -*l?*) strip_trailopt 'l';; \
53 -[dEDm]) skip_next=yes;; \
54 -[JT]) skip_next=yes;; \
55 esac; \
56 case $$flg in \
57 *$$target_option*) has_opt=yes; break;; \
58 esac; \
59 done; \
60 test $$has_opt = yes
61 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
62 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3563 pkgdatadir = $(datadir)/@PACKAGE@
3664 pkgincludedir = $(includedir)/@PACKAGE@
3765 pkglibdir = $(libdir)/@PACKAGE@
429457 -DSYSCONF_DIR="\"$(sysconfdir)\"" \
430458 -DPROVIDER_DIR="\"$(privatedir)/provider.d\"" \
431459 -DLOCALEDIR=\""$(datadir)/locale"\" \
432 -DSTATE_DIR="\"$(localstatedir)/realmd\"" \
460 -DSTATE_DIR="\"$(localstatedir)/lib/realmd\"" \
433461 -DCACHEDIR="\"$(cachedir)\"" \
434462 $(PACKAGEKIT_CFLAGS) \
435463 $(POLKIT_CFLAGS) \
545573
546574 clean-privatePROGRAMS:
547575 -test -z "$(private_PROGRAMS)" || rm -f $(private_PROGRAMS)
576
548577 realmd$(EXEEXT): $(realmd_OBJECTS) $(realmd_DEPENDENCIES) $(EXTRA_realmd_DEPENDENCIES)
549578 @rm -f realmd$(EXEEXT)
550579 $(AM_V_CCLD)$(realmd_LINK) $(realmd_OBJECTS) $(realmd_LDADD) $(LIBS)
14591488 # Install and uninstall the config for this distro
14601489 install-data-local:
14611490 $(INSTALL_PROGRAM) -d $(DESTDIR)$(privatedir)
1462 $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/realmd
1491 $(INSTALL_PROGRAM) -d $(DESTDIR)$(localstatedir)/lib/realmd
14631492 $(INSTALL_PROGRAM) -d $(DESTDIR)$(cachedir)
14641493 $(INSTALL_DATA) $(srcdir)/realmd-$(DISTRO).conf $(DESTDIR)$(privatedir)/realmd-distro.conf
14651494 uninstall-local:
+98
-1
service/realm-adcli-enroll.c less more
7272 gpointer user_data)
7373 {
7474 gchar *environ[] = { "LANG=C", NULL };
75 GInetAddress *address;
7576 const gchar *computer_ou;
7677 EggTask *task;
7778 GBytes *input = NULL;
8081 const gchar *os;
8182 gchar *ccache_arg = NULL;
8283 gchar *upn_arg = NULL;
84 gchar *server_arg = NULL;
8385
8486 g_return_if_fail (cred != NULL);
8587 g_return_if_fail (disco != NULL);
9799 g_ptr_array_add (args, "--domain-realm");
98100 g_ptr_array_add (args, (gpointer)disco->kerberos_realm);
99101
100 if (disco->explicit_server) {
102 if (G_IS_INET_SOCKET_ADDRESS (disco->server_address)) {
103 address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (disco->server_address));
104 server_arg = g_inet_address_to_string (address);
105 if (server_arg) {
106 g_ptr_array_add (args, "--domain-controller");
107 g_ptr_array_add (args, server_arg);
108 }
109
110 } else if (disco->explicit_server) {
101111 g_ptr_array_add (args, "--domain-controller");
102112 g_ptr_array_add (args, (gpointer)disco->explicit_server);
103113 }
172182
173183 free (ccache_arg);
174184 free (upn_arg);
185 free (server_arg);
175186 }
176187
177188 gboolean
181192 g_return_val_if_fail (egg_task_is_valid (result, NULL), FALSE);
182193 return egg_task_propagate_boolean (EGG_TASK (result), error);
183194 }
195
196 void
197 realm_adcli_enroll_delete_async (RealmDisco *disco,
198 RealmCredential *cred,
199 GVariant *options,
200 GDBusMethodInvocation *invocation,
201 GAsyncReadyCallback callback,
202 gpointer user_data)
203 {
204 gchar *environ[] = { "LANG=C", NULL };
205 GInetAddress *address;
206 EggTask *task;
207 GBytes *input = NULL;
208 GPtrArray *args;
209 gchar *ccache_arg = NULL;
210 gchar *server_arg = NULL;
211
212 g_return_if_fail (cred != NULL);
213 g_return_if_fail (disco != NULL);
214 g_return_if_fail (invocation != NULL);
215
216 task = egg_task_new (NULL, NULL, callback, user_data);
217 args = g_ptr_array_new ();
218
219 /* Use our custom smb.conf */
220 g_ptr_array_add (args, (gpointer)realm_settings_path ("adcli"));
221 g_ptr_array_add (args, "delete-computer");
222 g_ptr_array_add (args, "--verbose");
223 g_ptr_array_add (args, "--domain");
224 g_ptr_array_add (args, (gpointer)disco->domain_name);
225 g_ptr_array_add (args, "--domain-realm");
226 g_ptr_array_add (args, (gpointer)disco->kerberos_realm);
227
228 if (G_IS_INET_SOCKET_ADDRESS (disco->server_address)) {
229 address = g_inet_socket_address_get_address (G_INET_SOCKET_ADDRESS (disco->server_address));
230 server_arg = g_inet_address_to_string (address);
231 if (server_arg) {
232 g_ptr_array_add (args, "--domain-controller");
233 g_ptr_array_add (args, server_arg);
234 }
235
236 } else if (disco->explicit_server) {
237 g_ptr_array_add (args, "--domain-controller");
238 g_ptr_array_add (args, (gpointer)disco->explicit_server);
239 }
240
241 switch (cred->type) {
242 case REALM_CREDENTIAL_AUTOMATIC:
243 case REALM_CREDENTIAL_SECRET:
244 g_return_if_reached ();
245 break;
246 case REALM_CREDENTIAL_CCACHE:
247 ccache_arg = g_strdup_printf ("--login-ccache=%s", cred->x.ccache.file);
248 g_ptr_array_add (args, ccache_arg);
249 break;
250 case REALM_CREDENTIAL_PASSWORD:
251 input = g_bytes_ref (cred->x.password.value);
252 g_ptr_array_add (args, "--login-user");
253 g_ptr_array_add (args, cred->x.password.name);
254 g_ptr_array_add (args, "--stdin-password");
255 break;
256 }
257
258 g_ptr_array_add (args, NULL);
259
260 realm_command_runv_async ((gchar **)args->pdata, environ, input,
261 invocation, on_join_process,
262 g_object_ref (task));
263
264 g_ptr_array_free (args, TRUE);
265 g_object_unref (task);
266
267 if (input)
268 g_bytes_unref (input);
269
270 free (ccache_arg);
271 g_free (server_arg);
272 }
273
274 gboolean
275 realm_adcli_enroll_delete_finish (GAsyncResult *result,
276 GError **error)
277 {
278 g_return_val_if_fail (egg_task_is_valid (result, NULL), FALSE);
279 return egg_task_propagate_boolean (EGG_TASK (result), error);
280 }
+10
-0
service/realm-adcli-enroll.h less more
3535 gboolean realm_adcli_enroll_join_finish (GAsyncResult *result,
3636 GError **error);
3737
38 void realm_adcli_enroll_delete_async (RealmDisco *disco,
39 RealmCredential *cred,
40 GVariant *options,
41 GDBusMethodInvocation *invocation,
42 GAsyncReadyCallback callback,
43 gpointer user_data);
44
45 gboolean realm_adcli_enroll_delete_finish (GAsyncResult *result,
46 GError **error);
47
3848 G_END_DECLS
3949
4050 #endif /* __REALM_ADCLI_ENROLL_H__ */
+4
-0
service/realm-disco-mscldap.c less more
2424
2525 typedef struct {
2626 gchar *explicit_server;
27 GSocketAddress *address;
2728 GSource *source;
2829 gint count;
2930 gint fever_id;
3940 Closure *clo = data;
4041
4142 g_free (clo->explicit_server);
43 g_object_unref (clo->address);
4244 if (clo->fever_id)
4345 g_source_remove (clo->fever_id);
4446 if (clo->normal_id)
243245 case LDAP_RES_SEARCH_RESULT:
244246 g_debug ("Received response");
245247 disco = realm_disco_new (NULL);
248 disco->server_address = g_object_ref (clo->address);
246249 if (realm_disco_mscldap_result (ldap, message, disco, &error)) {
247250 disco->explicit_server = g_strdup (clo->explicit_server);
248251 egg_task_return_pointer (task, disco, realm_disco_unref);
285288 task = egg_task_new (NULL, cancellable, callback, user_data);
286289 clo = g_new0 (Closure, 1);
287290 clo->explicit_server = g_strdup (explicit_server);
291 clo->address = g_object_ref (address);
288292 egg_task_set_task_data (task, clo, closure_free);
289293
290294 if (protocol == G_SOCKET_PROTOCOL_UDP &&
+5
-6
service/realm-disco-rootdse.c less more
2929 struct _Closure {
3030 RealmDisco *disco;
3131 GSource *source;
32 GSocketAddress *address;
3332 GDBusMethodInvocation *invocation;
3433
3534 gchar *default_naming_context;
5453
5554 g_source_destroy (clo->source);
5655 g_source_unref (clo->source);
57 g_object_unref (clo->address);
5856 g_clear_object (&clo->invocation);
5957 realm_disco_unref (clo->disco);
6058 g_free (clo);
193191 bvs = ldap_get_values_len (ldap, entry, "info");
194192 if (bvs && bvs[0] && bvs[0]->bv_len >= 3) {
195193 if (g_ascii_strncasecmp (bvs[0]->bv_val, "IPA", 3) == 0)
196 clo->disco->server_software = REALM_DBUS_IDENTIFIER_FREEIPA;
194 clo->disco->server_software = REALM_DBUS_IDENTIFIER_IPA;
197195 }
198196 ldap_value_free_len (bvs);
199197
323321
324322 /* Prior to Windows 2003 we have to use UDP for netlogon lookup */
325323 } else {
326 inet = G_INET_SOCKET_ADDRESS (clo->address);
324 inet = G_INET_SOCKET_ADDRESS (clo->disco->server_address);
327325 string = g_inet_address_to_string (g_inet_socket_address_get_address (inet));
328326 realm_diagnostics_info (clo->invocation, "Sending MS-CLDAP ping to: %s", string);
329327 g_free (string);
330328
331 realm_disco_mscldap_async (clo->address, G_SOCKET_PROTOCOL_UDP,
329 realm_disco_mscldap_async (clo->disco->server_address, G_SOCKET_PROTOCOL_UDP,
332330 clo->disco->explicit_server, egg_task_get_cancellable (task),
333331 on_udp_mscldap_complete, g_object_ref (task));
334332
435433 clo = g_new0 (Closure, 1);
436434 clo->disco = realm_disco_new (NULL);
437435 clo->disco->explicit_server = g_strdup (explicit_server);
438 clo->address = g_object_ref (address);
436 clo->disco->server_address = g_object_ref (address);
437
439438 clo->invocation = invocation ? g_object_ref (invocation) : NULL;
440439 clo->request = request_root_dse;
441440 egg_task_set_task_data (task, clo, closure_free);
+2
-0
service/realm-disco.c less more
6060 g_free (disco->explicit_server);
6161 g_free (disco->kerberos_realm);
6262 g_free (disco->workgroup);
63 if (disco->server_address)
64 g_object_unref (disco->server_address);
6365 g_free (disco);
6466 }
6567 }
+2
-0
service/realm-disco.h less more
1616
1717 #include <glib.h>
1818 #include <glib-object.h>
19 #include <gio/gio.h>
1920
2021 G_BEGIN_DECLS
2122
2627 gchar *kerberos_realm;
2728 gchar *workgroup;
2829 gchar *explicit_server;
30 GSocketAddress *server_address;
2931 } RealmDisco;
3032
3133 #define REALM_TYPE_DISCO (realm_disco_get_type ())
+63
-0
service/realm-ini-config.c less more
879879 return parse_config_line_value (self, line->bytes);
880880 }
881881
882 gboolean
883 realm_ini_config_have (RealmIniConfig *self,
884 const gchar *section,
885 const gchar *name)
886 {
887 ConfigSection *sect;
888 ConfigLine *line;
889
890 g_return_val_if_fail (REALM_IS_INI_CONFIG (self), FALSE);
891 g_return_val_if_fail (section != NULL, FALSE);
892 g_return_val_if_fail (name != NULL, FALSE);
893
894 sect = g_hash_table_lookup (self->sections, section);
895 if (sect == NULL)
896 return FALSE;
897
898 line = g_hash_table_lookup (sect->parameters, name);
899 if (line == NULL)
900 return FALSE;
901
902 return TRUE;
903 }
904
882905 GHashTable *
883906 realm_ini_config_get_all (RealmIniConfig *self,
884907 const gchar *section)
10451068 }
10461069
10471070 gboolean
1071 realm_ini_config_get_boolean (RealmIniConfig *config,
1072 const gchar *section,
1073 const gchar *name,
1074 gboolean defahlt)
1075 {
1076 gboolean ret;
1077 gchar *value;
1078
1079 g_return_val_if_fail (REALM_IS_INI_CONFIG (config), FALSE);
1080 g_return_val_if_fail (section != NULL, FALSE);
1081 g_return_val_if_fail (name != NULL, FALSE);
1082
1083 value = realm_ini_config_get (config, section, name);
1084 if (value == NULL) {
1085 ret = defahlt;
1086 } else if (g_ascii_strcasecmp (value, "true") == 0) {
1087 ret = TRUE;
1088 } else if (g_ascii_strcasecmp (value, "false") == 0) {
1089 ret = FALSE;
1090 } else if (config->flags & REALM_INI_STRICT_BOOLEAN) {
1091 g_warning ("Invalid %s boolean value for %s field: %s",
1092 value, config->filename ? config->filename : "", name);
1093 ret = defahlt;
1094 } else if (g_ascii_strcasecmp (value, "1") == 0 ||
1095 g_ascii_strcasecmp (value, "yes") == 0) {
1096 ret = TRUE;
1097 } else if (g_ascii_strcasecmp (value, "0") == 0 ||
1098 g_ascii_strcasecmp (value, "no") == 0) {
1099 ret = FALSE;
1100 } else {
1101 g_warning ("Invalid %s boolean value for %s field: %s",
1102 value, config->filename ? config->filename : "", name);
1103 ret = defahlt;
1104 }
1105
1106 g_free (value);
1107 return ret;
1108 }
1109
1110 gboolean
10481111 realm_ini_config_have_section (RealmIniConfig *self,
10491112 const gchar *section)
10501113 {
+10
-0
service/realm-ini-config.h less more
2323 REALM_INI_LINE_CONTINUATIONS = 1 << 1,
2424 REALM_INI_NO_WATCH = 1 << 2,
2525 REALM_INI_PRIVATE = 1 << 3,
26 REALM_INI_STRICT_BOOLEAN = 1 << 4,
2627 } RealmIniFlags;
2728
2829 #define REALM_TYPE_INI_CONFIG (realm_ini_config_get_type ())
8485 const gchar *section,
8586 const gchar *name);
8687
88 gboolean realm_ini_config_have (RealmIniConfig *self,
89 const gchar *section,
90 const gchar *name);
91
8792 gchar ** realm_ini_config_get_list (RealmIniConfig *self,
8893 const gchar *section,
8994 const gchar *name,
108113 void realm_ini_config_set_all (RealmIniConfig *self,
109114 const gchar *section,
110115 GHashTable *parameters);
116
117 gboolean realm_ini_config_get_boolean (RealmIniConfig *config,
118 const gchar *section,
119 const gchar *name,
120 gboolean defahlt);
111121
112122 gchar ** realm_ini_config_get_sections (RealmIniConfig *self);
113123
+22
-3
service/realm-kerberos.c less more
697697 RealmDisco *
698698 realm_kerberos_get_disco (RealmKerberos *self)
699699 {
700 RealmKerberosClass *klass;
701 RealmDisco *disco;
702
700703 g_return_val_if_fail (REALM_IS_KERBEROS (self), NULL);
704
701705 if (!self->pv->disco) {
702 self->pv->disco = realm_disco_new (realm_kerberos_get_name (self));
703 self->pv->disco->kerberos_realm = g_strdup (realm_kerberos_get_realm_name (self));
704 }
706 disco = realm_disco_new (NULL);
707 if (!disco->domain_name)
708 disco->domain_name = g_strdup (realm_kerberos_get_domain_name (self));
709 if (!disco->kerberos_realm)
710 disco->kerberos_realm = g_strdup (realm_kerberos_get_realm_name (self));
711 klass = REALM_KERBEROS_GET_CLASS (self);
712 if (klass->discover_myself)
713 (klass->discover_myself) (self, disco);
714 self->pv->disco = disco;
715 }
716
705717 return self->pv->disco;
706718 }
707719
798810 {
799811 g_return_if_fail (REALM_IS_KERBEROS (self));
800812 realm_dbus_kerberos_set_realm_name (self->pv->kerberos_iface, value);
813 }
814
815 const gchar *
816 realm_kerberos_get_domain_name (RealmKerberos *self)
817 {
818 g_return_val_if_fail (REALM_IS_KERBEROS (self), NULL);
819 return realm_dbus_kerberos_get_domain_name (self->pv->kerberos_iface);
801820 }
802821
803822 void
+4
-0
service/realm-kerberos.h less more
6565 GAsyncResult *result,
6666 GError **error);
6767
68 void (* discover_myself) (RealmKerberos *realm,
69 RealmDisco *disco);
6870 };
6971
7072 GType realm_kerberos_get_type (void) G_GNUC_CONST;
9193
9294 void realm_kerberos_set_realm_name (RealmKerberos *self,
9395 const gchar *value);
96
97 const gchar * realm_kerberos_get_domain_name (RealmKerberos *self);
9498
9599 void realm_kerberos_set_domain_name (RealmKerberos *self,
96100 const gchar *value);
+6
-2
service/realm-packages.c less more
225225 }
226226
227227 if (error == NULL) {
228 missing = package_names_to_list (names);
228229 if (package_ids == NULL || *package_ids == NULL) {
229230 egg_task_return_boolean (task, TRUE);
230231
231232 } else if (!install->automatic) {
232 missing = package_names_to_list (names);
233233 g_set_error (&error, REALM_ERROR, REALM_ERROR_FAILED,
234234 _("Necessary packages are not installed: %s"), missing);
235 g_free (missing);
236235
237236 } else {
237 /* String should match that in realm-client.c */
238 realm_diagnostics_info (install->invocation, "%s: %s",
239 _("Installing necessary packages"), missing);
238240 cancellable = realm_invocation_get_cancellable (install->invocation);
239241 pk_task_install_packages_async (install->task, package_ids, cancellable,
240242 on_install_progress, install,
241243 on_install_installed, g_object_ref (task));
242244 }
245
246 g_free (missing);
243247 }
244248
245249 if (error != NULL) {
+2
-0
service/realm-provider.c less more
489489 g_return_val_if_fail (client_software != NULL, FALSE);
490490
491491 if (g_variant_lookup (options, REALM_DBUS_OPTION_SERVER_SOFTWARE, "&s", &string)) {
492 if (g_str_equal (string, REALM_DBUS_IDENTIFIER_FREEIPA))
493 string = REALM_DBUS_IDENTIFIER_IPA;
492494 if (!g_str_equal (server_software, string))
493495 return FALSE;
494496 }
+13
-0
service/realm-samba-winbind.c less more
7676 GAsyncReadyCallback callback,
7777 gpointer user_data)
7878 {
79 RealmIniConfig *pwc;
7980 EggTask *task;
8081 GError *error = NULL;
8182
117118 realm_ini_config_finish_change (config, &error);
118119 }
119120
121 /* Setup pam_winbind.conf with decent defaults matching our expectations */
122 if (error == NULL) {
123 pwc = realm_ini_config_new (REALM_INI_NO_WATCH);
124 realm_ini_config_set_filename (pwc, realm_settings_path ("pam_winbind.conf"));
125 realm_ini_config_change (pwc, "global", &error,
126 "krb5_auth", "yes",
127 "krb5_ccache_type", "FILE",
128 "cached_login", "yes",
129 NULL);
130 g_object_unref (pwc);
131 }
132
120133 if (error == NULL) {
121134 realm_service_enable_and_restart ("winbind", invocation,
122135 on_enable_do_nss, g_object_ref (task));
+1
-0
service/realm-samba.c less more
660660 static const RealmCredential join_supported[] = {
661661 { REALM_CREDENTIAL_PASSWORD, REALM_CREDENTIAL_OWNER_ADMIN },
662662 { REALM_CREDENTIAL_PASSWORD, REALM_CREDENTIAL_OWNER_USER },
663 { REALM_CREDENTIAL_CCACHE, REALM_CREDENTIAL_OWNER_ADMIN },
663664 { 0, },
664665 };
665666
+56
-8
service/realm-sssd-ad.c less more
156156 configure_sssd_for_domain (RealmIniConfig *config,
157157 RealmDisco *disco,
158158 GVariant *options,
159 gboolean use_adcli,
159160 GError **error)
160161 {
162 GString *realmd_tags;
161163 const gchar *access_provider;
162 const gchar *realmd_tags;
164 const gchar *shell;
163165 gboolean qualify;
164166 gboolean ret;
165167 gchar *section;
167169
168170 home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
169171 qualify = realm_options_qualify_names (disco->domain_name);
170 realmd_tags = realm_options_manage_system (options, disco->domain_name) ? "manages-system" : "";
172 shell = realm_settings_string ("users", "default-shell");
173
174 realmd_tags = g_string_new ("");
175 if (realm_options_manage_system (options, disco->domain_name))
176 g_string_append (realmd_tags, "manages-system ");
177 g_string_append (realmd_tags, use_adcli ? "joined-with-adcli " : "joined-with-samba ");
171178
172179 ret = realm_sssd_config_add_domain (config, disco->domain_name, error,
173180 "cache_credentials", "True",
179186 "krb5_realm", disco->kerberos_realm,
180187 "krb5_store_password_if_offline", "True",
181188 "ldap_id_mapping", realm_options_automatic_mapping (disco->domain_name) ? "True" : "False",
182 "realmd_tags", realmd_tags,
189 "realmd_tags", realmd_tags->str,
183190
184191 "fallback_homedir", home,
192 "default_shell", shell,
185193 disco->explicit_server ? "ad_server" : NULL, disco->explicit_server,
186194 NULL);
195
196 g_string_free (realmd_tags, TRUE);
187197
188198 if (ret) {
189199 if (realm_options_manage_system (options, disco->domain_name))
225235
226236 if (error == NULL) {
227237 configure_sssd_for_domain (realm_sssd_get_config (sssd), join->disco,
228 join->options, &error);
238 join->options, join->use_adcli, &error);
229239 }
230240
231241 if (error == NULL) {
408418 typedef struct {
409419 GDBusMethodInvocation *invocation;
410420 gchar *realm_name;
421 gboolean use_adcli;
411422 } LeaveClosure;
412423
413424 static void
430441 GError *error = NULL;
431442
432443 /* We don't care if we can leave or not, just continue with other steps */
433 realm_samba_enroll_leave_finish (result, &error);
444 if (leave->use_adcli)
445 realm_adcli_enroll_delete_finish (result, &error);
446 else
447 realm_samba_enroll_leave_finish (result, &error);
448
434449 if (error != NULL) {
435450 realm_diagnostics_error (leave->invocation, error, NULL);
436451 g_error_free (error);
451466 {
452467 RealmSssdAd *self = REALM_SSSD_AD (membership);
453468 RealmKerberos *realm = REALM_KERBEROS (self);
469 RealmSssd *sssd = REALM_SSSD (self);
470 const gchar *section;
454471 EggTask *task;
455472 LeaveClosure *leave;
473 gchar *tags;
456474
457475 task = egg_task_new (self, NULL, callback, user_data);
458476
459477 /* Check that enrolled in this realm */
460 if (!realm_sssd_get_config_section (REALM_SSSD (self))) {
478 section = realm_sssd_get_config_section (sssd);
479 if (!section) {
461480 egg_task_return_new_error (task, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED,
462481 _("Not currently joined to this domain"));
463482 g_object_unref (task);
464483 return;
465484 }
485
486 tags = realm_ini_config_get (realm_sssd_get_config (sssd), section, "realmd_tags");
466487
467488 switch (cred->type) {
468489 case REALM_CREDENTIAL_AUTOMATIC:
473494 leave = g_new0 (LeaveClosure, 1);
474495 leave->realm_name = g_strdup (realm_kerberos_get_realm_name (realm));
475496 leave->invocation = g_object_ref (invocation);
497 leave->use_adcli = strstr (tags ? tags : "", "joined-with-adcli") ? TRUE : FALSE;
476498 egg_task_set_task_data (task, leave, leave_closure_free);
477 realm_samba_enroll_leave_async (realm_kerberos_get_disco (realm), cred, options, invocation,
478 on_leave_do_deconfigure, g_object_ref (task));
499 if (leave->use_adcli) {
500 realm_adcli_enroll_delete_async (realm_kerberos_get_disco (realm),
501 cred, options, invocation,
502 on_leave_do_deconfigure, g_object_ref (task));
503 } else {
504 realm_samba_enroll_leave_async (realm_kerberos_get_disco (realm),
505 cred, options, invocation,
506 on_leave_do_deconfigure, g_object_ref (task));
507 }
479508 break;
480509 default:
481510 g_return_if_reached ();
482511 }
483512
513 g_free (tags);
484514 g_object_unref (task);
485515 }
486516
492522 return egg_task_propagate_boolean (EGG_TASK (result), error);
493523 }
494524
525 static void
526 realm_sssd_ad_discover_myself (RealmKerberos *realm,
527 RealmDisco *disco)
528 {
529 RealmSssd *sssd = REALM_SSSD (realm);
530 gchar *explicit_server;
531
532 explicit_server = realm_ini_config_get (realm_sssd_get_config (sssd),
533 realm_sssd_get_config_section (sssd),
534 "ad_server");
535
536 g_free (disco->explicit_server);
537 disco->explicit_server = explicit_server;
538 }
539
495540 void
496541 realm_sssd_ad_class_init (RealmSssdAdClass *klass)
497542 {
498543 GObjectClass *object_class = G_OBJECT_CLASS (klass);
544 RealmKerberosClass *kerberos_class = REALM_KERBEROS_CLASS (klass);
499545 RealmSssdClass *sssd_class = REALM_SSSD_CLASS (klass);
500546
501547 object_class->constructed = realm_sssd_ad_constructed;
502548
503549 /* The provider in sssd.conf relevant to this realm type */
504550 sssd_class->sssd_conf_provider_name = "ad";
551
552 kerberos_class->discover_myself = realm_sssd_ad_discover_myself;
505553 }
506554
507555 static void
+5
-16
service/realm-sssd-config.c less more
3030 const gchar *filename;
3131 GError *err = NULL;
3232
33 config = realm_ini_config_new (flags | REALM_INI_PRIVATE);
33 config = realm_ini_config_new (flags | REALM_INI_PRIVATE | REALM_INI_STRICT_BOOLEAN);
3434
3535 filename = realm_settings_path ("sssd.conf");
3636 realm_ini_config_read_file (config, filename, &err);
105105 GHashTable *parameters;
106106 const gchar *name;
107107 const gchar *value;
108 gchar *shell;
109
110 /* Always make sure this is set */
111 shell = realm_ini_config_get (config, "nss", "default_shell");
112 if (shell == NULL) {
113 realm_ini_config_set (config, "nss", "default_shell",
114 realm_settings_string ("users", "default-shell"), NULL);
115 }
116 g_free (shell);
117108
118109 parameters = g_hash_table_new (g_str_hash, g_str_equal);
119110 while ((name = va_arg (va, const gchar *)) != NULL) {
156147 }
157148
158149 /* Setup a default sssd section */
159 if (!realm_ini_config_have_section (config, "sssd")) {
160 realm_ini_config_set (config, "sssd",
161 "services", "nss, pam",
162 "config_file_version", "2",
163 NULL);
164 }
150 if (!realm_ini_config_have (config, "section", "services"))
151 realm_ini_config_set (config, "sssd", "services", "nss, pam", NULL);
152 if (!realm_ini_config_have (config, "sssd", "config_file_version"))
153 realm_ini_config_set (config, "sssd", "config_file_version", "2", NULL);
165154
166155 domains[0] = domain;
167156 domains[1] = NULL;
+8
-3
service/realm-sssd-ipa.c less more
4444 } RealmSssdIpaClass;
4545
4646 static const gchar *IPA_PACKAGES[] = {
47 REALM_DBUS_IDENTIFIER_FREEIPA,
47 REALM_DBUS_IDENTIFIER_IPA,
4848 REALM_DBUS_IDENTIFIER_SSSD,
4949 NULL
5050 };
6969 G_OBJECT_CLASS (realm_sssd_ipa_parent_class)->constructed (obj);
7070
7171 realm_kerberos_set_details (kerberos,
72 REALM_DBUS_OPTION_SERVER_SOFTWARE, REALM_DBUS_IDENTIFIER_FREEIPA,
72 REALM_DBUS_OPTION_SERVER_SOFTWARE, REALM_DBUS_IDENTIFIER_IPA,
7373 REALM_DBUS_OPTION_CLIENT_SOFTWARE, REALM_DBUS_IDENTIFIER_SSSD,
7474 NULL);
7575
165165 GString *output = NULL;
166166 RealmIniConfig *config;
167167 const gchar *domain;
168 const gchar *shell;
168169 gchar *section;
169170 gchar *home;
170171 gint status;
190191
191192 domain = realm_kerberos_get_name (realm);
192193 config = realm_sssd_get_config (sssd);
194 shell = realm_settings_string ("users", "default-shell");
193195
194196 if (error == NULL) {
195197 home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
199201 "cache_credentials", "True",
200202 "use_fully_qualified_names", realm_options_qualify_names (domain) ? "True" : "False",
201203 "krb5_store_password_if_offline", "True",
204 "default_shell", shell,
202205 "fallback_homedir", home,
203206 "realmd_tags", realmd_tags,
204207 NULL);
308311 _("The computer-ou argument is not supported when joining an IPA domain."));
309312
310313 } else if (g_variant_lookup (options, REALM_DBUS_OPTION_MEMBERSHIP_SOFTWARE, "&s", &software) &&
311 !g_str_equal (software, REALM_DBUS_IDENTIFIER_FREEIPA)) {
314 !g_str_equal (software, REALM_DBUS_IDENTIFIER_FREEIPA) &&
315 !g_str_equal (software, REALM_DBUS_IDENTIFIER_IPA)) {
312316 egg_task_return_new_error (task, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
313317 _("Unsupported or unknown membership software '%s'"), software);
314318
333337 push_arg (argv, "--mkhomedir");
334338 push_arg (argv, "--enable-dns-updates");
335339 push_arg (argv, "--unattended");
340 push_arg (argv, "--force-join");
336341
337342 /* If the caller specified a server directly */
338343 if (disco->explicit_server) {
+6
-2
service/realm-sssd-provider.c less more
132132 !realm_provider_match_software (options,
133133 REALM_DBUS_IDENTIFIER_FREEIPA,
134134 REALM_DBUS_IDENTIFIER_SSSD,
135 REALM_DBUS_IDENTIFIER_FREEIPA)) {
135 REALM_DBUS_IDENTIFIER_FREEIPA) &&
136 !realm_provider_match_software (options,
137 REALM_DBUS_IDENTIFIER_IPA,
138 REALM_DBUS_IDENTIFIER_SSSD,
139 REALM_DBUS_IDENTIFIER_IPA)) {
136140 egg_task_return_pointer (task, NULL, NULL);
137141
138142 } else {
171175 disco->domain_name, disco);
172176 priority = realm_provider_is_default (REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY, REALM_DBUS_IDENTIFIER_SSSD) ? 100 : 50;
173177
174 } else if (g_str_equal (disco->server_software, REALM_DBUS_IDENTIFIER_FREEIPA)) {
178 } else if (g_str_equal (disco->server_software, REALM_DBUS_IDENTIFIER_IPA)) {
175179 realm = realm_provider_lookup_or_register_realm (provider,
176180 REALM_TYPE_SSSD_IPA,
177181 disco->domain_name, disco);
+30
-6
service/realm-sssd.c less more
250250 realm_kerberos_set_manages_system (REALM_KERBEROS (self), manages_system);
251251 }
252252
253 static void
254 update_realm_name (RealmSssd *self)
253 static gchar *
254 calc_realm_name (RealmSssd *self)
255255 {
256256 RealmKerberos *kerberos = REALM_KERBEROS (self);
257257 const char *name;
271271 realm = name ? g_ascii_strup (name, -1) : NULL;
272272 }
273273
274 realm_kerberos_set_realm_name (kerberos, realm);
274 return realm;
275 }
276
277 static void
278 update_realm_name (RealmSssd *self)
279 {
280 gchar *realm = calc_realm_name (self);
281 realm_kerberos_set_realm_name (REALM_KERBEROS (self), realm);
275282 g_free (realm);
276283 }
277284
278 static void
279 update_domain (RealmSssd *self)
285 static gchar *
286 calc_domain (RealmSssd *self)
280287 {
281288 RealmKerberos *kerberos = REALM_KERBEROS (self);
282289 const char *name;
296303 domain = name ? g_ascii_strdown (name, -1) : NULL;
297304 }
298305
299 realm_kerberos_set_domain_name (kerberos, domain);
306 return domain;
307 }
308
309 static void
310 update_domain (RealmSssd *self)
311 {
312 gchar *domain = calc_domain (self);
313 realm_kerberos_set_domain_name (REALM_KERBEROS (self), domain);
300314 g_free (domain);
301315 }
302316
332346 RealmKerberos *kerberos = REALM_KERBEROS (self);
333347 gchar *login_formats[2] = { NULL, NULL };
334348 gchar *format = NULL;
349 gboolean qualify;
335350
336351 if (self->pv->section == NULL) {
352 realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats);
353 return;
354 }
355
356 qualify = realm_ini_config_get_boolean (self->pv->config, self->pv->section,
357 "use_fully_qualified_names", FALSE);
358
359 if (!qualify) {
360 login_formats[0] = "%U";
337361 realm_kerberos_set_login_formats (kerberos, (const gchar **)login_formats);
338362 return;
339363 }
+1
-0
service/realmd-defaults.conf less more
99 sssd.conf = /etc/sssd/sssd.conf
1010 adcli = /usr/sbin/adcli
1111 ipa-client-install = /usr/sbin/ipa-client-install
12 pam_winbind.conf = /etc/security/pam_winbind.conf
1213
1314 [active-directory]
1415 default-client = sssd
+5
-3
service/realmd-redhat.conf less more
77 [winbind-packages]
88 samba-winbind = /usr/sbin/winbindd
99 samba-winbind-clients = /usr/bin/wbinfo
10 oddjob = /usr/sbin/oddjobd
11 oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir
1012
1113 [sssd-packages]
1214 sssd = /usr/sbin/sssd
15 oddjob = /usr/sbin/oddjobd
16 oddjob-mkhomedir = /usr/libexec/oddjob/mkhomedir
1317
1418 [adcli-packages]
1519 adcli = /usr/sbin/adcli
1620
17 [freeipa-packages]
21 [ipa-packages]
1822 freeipa-client = /usr/sbin/ipa-client-install
1923
2024 [commands]
21 # HACK: Hack around authconfig bug: https://bugzilla.redhat.com/show_bug.cgi?id=964971
2225 winbind-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service"
2326 winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth --nostart
2427 winbind-enable-service = /usr/bin/systemctl enable winbind.service
2629 winbind-restart-service = /usr/bin/systemctl restart winbind.service
2730 winbind-stop-service = /usr/bin/systemctl stop winbind.service
2831
29 # HACK: Hack around oddjobd bug: https://bugzilla.redhat.com/show_bug.cgi?id=964971
3032 sssd-enable-logins = /usr/bin/sh -c "/usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir --nostart && /usr/bin/systemctl enable oddjobd.service"
3133 sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth --nostart
3234 sssd-enable-service = /usr/bin/systemctl enable sssd.service
+1
-1
service/realmd-suse.conf less more
1414 [adcli-packages]
1515 adcli = /usr/sbin/adcli
1616
17 [freeipa-packages]
17 [ipa-packages]
1818 freeipa-client = /usr/sbin/ipa-client-install
1919
2020 [commands]
+50
-16
tests/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1414 @SET_MAKE@
1515
1616 VPATH = @srcdir@
17 am__make_dryrun = \
18 { \
19 am__dry=no; \
17 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
18 am__make_running_with_option = \
19 case $${target_option-} in \
20 ?) ;; \
21 *) echo "am__make_running_with_option: internal error: invalid" \
22 "target option '$${target_option-}' specified" >&2; \
23 exit 1;; \
24 esac; \
25 has_opt=no; \
26 sane_makeflags=$$MAKEFLAGS; \
27 if $(am__is_gnu_make); then \
28 sane_makeflags=$$MFLAGS; \
29 else \
2030 case $$MAKEFLAGS in \
2131 *\\[\ \ ]*) \
22 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
23 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
24 *) \
25 for am__flg in $$MAKEFLAGS; do \
26 case $$am__flg in \
27 *=*|--*) ;; \
28 *n*) am__dry=yes; break;; \
29 esac; \
30 done;; \
32 bs=\\; \
33 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
34 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3135 esac; \
32 test $$am__dry = yes; \
33 }
36 fi; \
37 skip_next=no; \
38 strip_trailopt () \
39 { \
40 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
41 }; \
42 for flg in $$sane_makeflags; do \
43 test $$skip_next = yes && { skip_next=no; continue; }; \
44 case $$flg in \
45 *=*|--*) continue;; \
46 -*I) strip_trailopt 'I'; skip_next=yes;; \
47 -*I?*) strip_trailopt 'I';; \
48 -*O) strip_trailopt 'O'; skip_next=yes;; \
49 -*O?*) strip_trailopt 'O';; \
50 -*l) strip_trailopt 'l'; skip_next=yes;; \
51 -*l?*) strip_trailopt 'l';; \
52 -[dEDm]) skip_next=yes;; \
53 -[JT]) skip_next=yes;; \
54 esac; \
55 case $$flg in \
56 *$$target_option*) has_opt=yes; break;; \
57 esac; \
58 done; \
59 test $$has_opt = yes
60 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
61 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3462 pkgdatadir = $(datadir)/@PACKAGE@
3563 pkgincludedir = $(includedir)/@PACKAGE@
3664 pkglibdir = $(libdir)/@PACKAGE@
453481
454482 clean-noinstPROGRAMS:
455483 -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS)
484
456485 frob-install-packages$(EXEEXT): $(frob_install_packages_OBJECTS) $(frob_install_packages_DEPENDENCIES) $(EXTRA_frob_install_packages_DEPENDENCIES)
457486 @rm -f frob-install-packages$(EXEEXT)
458487 $(AM_V_CCLD)$(frob_install_packages_LINK) $(frob_install_packages_OBJECTS) $(frob_install_packages_LDADD) $(LIBS)
488
459489 test-ini-config$(EXEEXT): $(test_ini_config_OBJECTS) $(test_ini_config_DEPENDENCIES) $(EXTRA_test_ini_config_DEPENDENCIES)
460490 @rm -f test-ini-config$(EXEEXT)
461491 $(AM_V_CCLD)$(LINK) $(test_ini_config_OBJECTS) $(test_ini_config_LDADD) $(LIBS)
492
462493 test-login-name$(EXEEXT): $(test_login_name_OBJECTS) $(test_login_name_DEPENDENCIES) $(EXTRA_test_login_name_DEPENDENCIES)
463494 @rm -f test-login-name$(EXEEXT)
464495 $(AM_V_CCLD)$(LINK) $(test_login_name_OBJECTS) $(test_login_name_LDADD) $(LIBS)
496
465497 test-samba-ou-format$(EXEEXT): $(test_samba_ou_format_OBJECTS) $(test_samba_ou_format_DEPENDENCIES) $(EXTRA_test_samba_ou_format_DEPENDENCIES)
466498 @rm -f test-samba-ou-format$(EXEEXT)
467499 $(AM_V_CCLD)$(LINK) $(test_samba_ou_format_OBJECTS) $(test_samba_ou_format_LDADD) $(LIBS)
500
468501 test-settings$(EXEEXT): $(test_settings_OBJECTS) $(test_settings_DEPENDENCIES) $(EXTRA_test_settings_DEPENDENCIES)
469502 @rm -f test-settings$(EXEEXT)
470503 $(AM_V_CCLD)$(LINK) $(test_settings_OBJECTS) $(test_settings_LDADD) $(LIBS)
504
471505 test-sssd-config$(EXEEXT): $(test_sssd_config_OBJECTS) $(test_sssd_config_DEPENDENCIES) $(EXTRA_test_sssd_config_DEPENDENCIES)
472506 @rm -f test-sssd-config$(EXEEXT)
473507 $(AM_V_CCLD)$(LINK) $(test_sssd_config_OBJECTS) $(test_sssd_config_LDADD) $(LIBS)
+53
-0
tests/test-ini-config.c less more
344344 }
345345
346346 static void
347 test_have (Test *test,
348 gconstpointer unused)
349 {
350 const gchar *data = "[section]\n\t1= one\r\n2=two\n3=three";
351 realm_ini_config_read_string (test->config, data);
352
353 g_assert_cmpint (realm_ini_config_have (test->config, "section", "1"), ==, TRUE);
354 g_assert_cmpint (realm_ini_config_have (test->config, "section", "not there"), ==, FALSE);
355 g_assert_cmpint (realm_ini_config_have (test->config, "invalid", "2"), ==, FALSE);
356 }
357
358 static void
347359 test_set_section (Test *test,
348360 gconstpointer unused)
349361 {
632644 g_free (output);
633645 }
634646
647 static void
648 test_get_boolean (void)
649 {
650 RealmIniConfig *config;
651
652 config = realm_ini_config_new (0);
653
654 realm_ini_config_read_string (config, "[section]\nboolean = true");
655 g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "boolean", FALSE));
656
657 realm_ini_config_read_string (config, "[section]\nboolean = FalSE");
658 g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE));
659
660 realm_ini_config_read_string (config, "[section]\nboolean = false");
661 g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE));
662
663 realm_ini_config_read_string (config, "[section]\nboolean = false");
664 g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "non-existant", TRUE));
665
666 realm_ini_config_read_string (config, "[section]\nboolean = false");
667 g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "non-existant", TRUE));
668
669 realm_ini_config_read_string (config, "[section]\nboolean = yes");
670 g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE));
671
672 realm_ini_config_read_string (config, "[section]\nboolean = no");
673 g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", FALSE));
674
675 realm_ini_config_read_string (config, "[section]\nboolean = 1");
676 g_assert_cmpint (TRUE, ==, realm_ini_config_get_boolean (config, "section", "boolean", TRUE));
677
678 realm_ini_config_read_string (config, "[section]\nboolean = 0");
679 g_assert_cmpint (FALSE, ==, realm_ini_config_get_boolean (config, "section", "boolean", FALSE));
680
681 g_object_unref (config);
682 }
683
635684 int
636685 main (int argc,
637686 char **argv)
652701 g_test_add ("/realmd/ini-config/write-exact", Test, NULL, setup, test_write_exact, teardown);
653702 g_test_add ("/realmd/ini-config/write-file", Test, NULL, setup, test_write_file, teardown);
654703 g_test_add ("/realmd/ini-config/write-empty-no-create", Test, NULL, setup, test_write_empty_no_create, teardown);
704
705 g_test_add ("/realmd/ini-config/have", Test, NULL, setup, test_have, teardown);
655706
656707 g_test_add ("/realmd/ini-config/set", Test, NULL, setup, test_set, teardown);
657708 g_test_add ("/realmd/ini-config/set-middle", Test, NULL, setup, test_set_middle, teardown);
677728 g_test_add ("/realmd/ini-config/change-list-null-add", Test, NULL, setup, test_change_list_null_add, teardown);
678729 g_test_add ("/realmd/ini-config/change-list-null-remove", Test, NULL, setup, test_change_list_null_remove, teardown);
679730
731 g_test_add_func ("/realmd/ini-config/get-boolean", test_get_boolean);
732
680733 return g_test_run ();
681734 }
+4
-4
tests/test-sssd-config.c less more
8989 gconstpointer unused)
9090 {
9191 const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
92 const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\n\n[nss]\ndefault_shell = /bin/bash\n\n[domain/two]\ndos = 2\n";
92 const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
9393 GError *error = NULL;
9494 gchar *output;
9595 gboolean ret;
139139 test_add_domain_only (Test *test,
140140 gconstpointer unused)
141141 {
142 const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[nss]\ndefault_shell = /bin/bash\n\n[domain/two]\ndos = 2\n";
142 const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
143143 GError *error = NULL;
144144 gchar *output;
145145 gboolean ret;
167167 gconstpointer unused)
168168 {
169169 const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
170 const gchar *check = "[domain/one]\nval=1\nuno = 1\neins = one\n[sssd]\ndomains=one\n\n[nss]\ndefault_shell = /bin/bash\n";
170 const gchar *check = "[domain/one]\nval=1\nuno = 1\neins = one\n[sssd]\ndomains=one";
171171 GError *error = NULL;
172172 gchar *output;
173173 gboolean ret;
304304 test_remove_and_add_domain (Test *test,
305305 gconstpointer unused)
306306 {
307 const gchar *data = "[domain/one]\nval = 1\n\n[nss]\ndefault_shell = /bin/bash\n\n[sssd]\ndomains = one, two\n\n[domain/two]\nval = 2\n";
307 const gchar *data = "[domain/one]\nval = 1\n\n[nss]\ndefault_shell = /bin/bash\n\n[sssd]\ndomains = one, two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\nval = 2\n";
308308 GError *error = NULL;
309309 gchar *output;
310310 gboolean ret;
+45
-16
tools/Makefile.in less more
0 # Makefile.in generated by automake 1.13.1 from Makefile.am.
0 # Makefile.in generated by automake 1.13.4 from Makefile.am.
11 # @configure_input@
22
3 # Copyright (C) 1994-2012 Free Software Foundation, Inc.
3 # Copyright (C) 1994-2013 Free Software Foundation, Inc.
44
55 # This Makefile.in is free software; the Free Software Foundation
66 # gives unlimited permission to copy and/or distribute it,
1414 @SET_MAKE@
1515
1616 VPATH = @srcdir@
17 am__make_dryrun = \
18 { \
19 am__dry=no; \
17 am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)'
18 am__make_running_with_option = \
19 case $${target_option-} in \
20 ?) ;; \
21 *) echo "am__make_running_with_option: internal error: invalid" \
22 "target option '$${target_option-}' specified" >&2; \
23 exit 1;; \
24 esac; \
25 has_opt=no; \
26 sane_makeflags=$$MAKEFLAGS; \
27 if $(am__is_gnu_make); then \
28 sane_makeflags=$$MFLAGS; \
29 else \
2030 case $$MAKEFLAGS in \
2131 *\\[\ \ ]*) \
22 echo 'am--echo: ; @echo "AM" OK' | $(MAKE) -f - 2>/dev/null \
23 | grep '^AM OK$$' >/dev/null || am__dry=yes;; \
24 *) \
25 for am__flg in $$MAKEFLAGS; do \
26 case $$am__flg in \
27 *=*|--*) ;; \
28 *n*) am__dry=yes; break;; \
29 esac; \
30 done;; \
32 bs=\\; \
33 sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
34 | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
3135 esac; \
32 test $$am__dry = yes; \
33 }
36 fi; \
37 skip_next=no; \
38 strip_trailopt () \
39 { \
40 flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
41 }; \
42 for flg in $$sane_makeflags; do \
43 test $$skip_next = yes && { skip_next=no; continue; }; \
44 case $$flg in \
45 *=*|--*) continue;; \
46 -*I) strip_trailopt 'I'; skip_next=yes;; \
47 -*I?*) strip_trailopt 'I';; \
48 -*O) strip_trailopt 'O'; skip_next=yes;; \
49 -*O?*) strip_trailopt 'O';; \
50 -*l) strip_trailopt 'l'; skip_next=yes;; \
51 -*l?*) strip_trailopt 'l';; \
52 -[dEDm]) skip_next=yes;; \
53 -[JT]) skip_next=yes;; \
54 esac; \
55 case $$flg in \
56 *$$target_option*) has_opt=yes; break;; \
57 esac; \
58 done; \
59 test $$has_opt = yes
60 am__make_dryrun = (target_option=n; $(am__make_running_with_option))
61 am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
3462 pkgdatadir = $(datadir)/@PACKAGE@
3563 pkgincludedir = $(includedir)/@PACKAGE@
3664 pkglibdir = $(libdir)/@PACKAGE@
407435
408436 clean-sbinPROGRAMS:
409437 -test -z "$(sbin_PROGRAMS)" || rm -f $(sbin_PROGRAMS)
438
410439 realm$(EXEEXT): $(realm_OBJECTS) $(realm_DEPENDENCIES) $(EXTRA_realm_DEPENDENCIES)
411440 @rm -f realm$(EXEEXT)
412441 $(AM_V_CCLD)$(LINK) $(realm_OBJECTS) $(realm_LDADD) $(LIBS)
+69
-10
tools/realm-client.c less more
127127 GVariant *parameters,
128128 gpointer user_data)
129129 {
130 gboolean verbose = GPOINTER_TO_INT (user_data);
130131 const gchar *operation_id;
131132 const gchar *data;
132133
133134 g_variant_get (parameters, "(&s&s)", &data, &operation_id);
134 g_printerr ("%s", data);
135
136 /*
137 * Various people have been worried by installing packages
138 * quietly, so notify about what's going on.
139 *
140 * In reality *configuring* and *starting* a daemon is far
141 * more worrisome than the installation. It's realmd's job
142 * to configure, enable and start stuff. So if you're properly
143 * worried, remove realmd and do stuff manually.
144 */
145 if (verbose || strstr (data, _("Installing necessary packages")))
146 g_printerr ("%s", data);
135147 }
136148
137149 static gboolean
166178 if (bus_name == NULL)
167179 flags |= G_DBUS_SIGNAL_FLAGS_NO_MATCH_RULE;
168180
169 if (verbose) {
170 g_dbus_connection_signal_subscribe (connection, bus_name,
171 REALM_DBUS_SERVICE_INTERFACE,
172 REALM_DBUS_DIAGNOSTICS_SIGNAL,
173 REALM_DBUS_SERVICE_PATH,
174 NULL, flags,
175 on_diagnostics_signal, NULL, NULL);
176 }
181 g_dbus_connection_signal_subscribe (connection, bus_name,
182 REALM_DBUS_SERVICE_INTERFACE,
183 REALM_DBUS_DIAGNOSTICS_SIGNAL,
184 REALM_DBUS_SERVICE_PATH,
185 NULL, flags,
186 on_diagnostics_signal,
187 GINT_TO_POINTER (verbose), NULL);
177188
178189 provider = realm_dbus_provider_proxy_new_sync (connection,
179190 G_DBUS_PROXY_FLAGS_NONE,
767778 return result;
768779 }
769780
781 static gchar *
782 prompt_stdin (const gchar *prompt)
783 {
784 static const gsize pass_max = 8192;
785 gchar *password;
786 gsize len;
787
788 g_printf ("%s", prompt);
789 fflush (stdout);
790
791 password = malloc (pass_max);
792 if (!fgets (password, pass_max, stdin)) {
793 free (password);
794 password = NULL;
795 }
796
797 g_printf ("\n");
798
799 len = strlen (password);
800 if (len > 0 && password[len - 1] == '\n')
801 password[len - 1] = '\0';
802
803 return password;
804 }
805
770806 static GVariant *
771807 build_password_credential (const gchar *user_name,
772808 const gchar *credential_owner,
774810 {
775811 const gchar *password;
776812 GVariant *result;
813 gchar *alloced;
777814 gchar *prompt;
815 int istty;
816
817 istty = isatty (0);
818
819 if (istty && realm_unattended) {
820 g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_SUPPORTED,
821 _("Cannot prompt for a password when running in unattended mode"));
822 return NULL;
823 }
778824
779825 prompt = g_strdup_printf (_("Password for %s: "), user_name);
780 password = getpass (prompt);
826
827 /*
828 * Yeah, getpass is obselete. Have fun trying to recreate it even
829 * semi-portably.
830 */
831 if (istty) {
832 password = getpass (prompt);
833 alloced = NULL;
834 } else {
835 alloced = prompt_stdin (prompt);
836 password = alloced;
837 }
838
781839 g_free (prompt);
782840
783841 if (password == NULL) {
791849
792850 if (password)
793851 memset ((char *)password, 0, strlen (password));
852 free (alloced);
794853
795854 return result;
796855 }
+5
-7
tools/realm-join.c less more
282282 ret = 2;
283283
284284 } else if (argc > 2) {
285 g_printerr ("%s: %s\n", _("Specify one realm to join"), g_get_prgname ());
285 g_printerr ("%s: %s\n", g_get_prgname (), _("Specify one realm to join"));
286286 ret = 2;
287287
288288 } else if (args.no_password && (args.one_time_password || args.user)) {
289 g_printerr ("%s: %s\n",
290 _("The --no-password argument cannot be used with --one-time-password or --user"),
291 g_get_prgname ());
289 g_printerr ("%s: %s\n", g_get_prgname (),
290 _("The --no-password argument cannot be used with --one-time-password or --user"));
292291 ret = 2;
293292
294293 } else if (args.one_time_password && args.user) {
295 g_printerr ("%s: %s\n",
296 _("The --one-time-password argument cannot be used with --user"),
297 g_get_prgname ());
294 g_printerr ("%s: %s\n", g_get_prgname (),
295 _("The --one-time-password argument cannot be used with --user"));
298296 ret = 2;
299297
300298 } else {
+2
-0
tools/realm.c less more
2929 static gchar *arg_install = NULL;
3030 gboolean realm_verbose = FALSE;
3131 gboolean realm_cancelled = FALSE;
32 gboolean realm_unattended = FALSE;
3233 gchar *realm_operation_id = NULL;
3334
3435 struct {
189190 GOptionEntry realm_global_options[] = {
190191 { "install", 'i', 0, G_OPTION_ARG_STRING, &arg_install, N_("Install mode to a specific prefix"), NULL },
191192 { "verbose", 'v', 0, G_OPTION_ARG_NONE, &realm_verbose, N_("Verbose output"), NULL },
193 { "unattended", 0, 0, G_OPTION_ARG_NONE, &realm_unattended, N_("Do not prompt for input"), NULL },
192194 { NULL, }
193195 };
194196
+2
-0
tools/realm.h less more
2929 extern gboolean realm_verbose;
3030
3131 extern gboolean realm_cancelled;
32
33 extern gboolean realm_unattended;
3234
3335 int realm_join (RealmClient *client,
3436 int argc,