Commit fdff5d5d5f65bc75e1b68828ccb97ffddcb84068 - realmd

Imported Upstream version 0.9 Laurent Bigonville 11 years ago

83 changed file(s) with 6143 addition(s) and 2396 deletion(s). Raw diff Collapse all Expand all

+603

-0

ChangeLog less more

0	0	# Generate automatically. Do not edit.
	1
	2	commit a39fb7aa7289ba51c81a62f707c0c27c1de05038
	3	Author: Stef Walter <stefw@gnome.org>
	4	Date: 2012-10-17
	5
	6	Release version 0.9
	7
	8	NEWS \| 22 ++++++++++++++++++++++
	9	configure.ac \| 2 +-
	10	2 files changed, 23 insertions(+), 1 deletion(-)
	11
	12	commit 1ec56a3b93c52e03903a73e05432932515660f45
	13	Author: Stef Walter <stefw@gnome.org>
	14	Date: 2012-10-17
	15
	16	Fix gcc warning about uninitialized use of varialbe
	17
	18	tools/realm-client.c \| 2 +-
	19	1 file changed, 1 insertion(+), 1 deletion(-)
	20
	21	commit ba87f3846b5d072887afb5e6c1f915303a961215
	22	Author: Stef Walter <stefw@gnome.org>
	23	Date: 2012-10-17
	24
	25	Distribute documentation files properly.
	26
	27	doc/Makefile.am \| 1 +
	28	1 file changed, 1 insertion(+)
	29
	30	commit 0cae3140956b9c4901c9cfa9902514661cb68057
	31	Author: Stef Walter <stefw@gnome.org>
	32	Date: 2012-10-17
	33
	34	Install realm command to sbin, and move manpage to 8 category
	35
	36	https://bugs.freedesktop.org/show_bug.cgi?id=56094
	37
	38	.gitignore \| 2 +-
	39	doc/Makefile.am \| 6 +++---
	40	doc/realm.xml \| 2 +-
	41	tools/Makefile.am \| 2 +-
	42	4 files changed, 6 insertions(+), 6 deletions(-)
	43
	44	commit 294dca367eb143b9c19c5f7f9d3649ad78fdacfa
	45	Author: Marius Vollmer <marius.vollmer@redhat.com>
	46	Date: 2012-10-17
	47
	48	Fix assertion with discovery caching.
	49
	50	* When discovery occurs multiple times for same client and
	51	operation within a short period of time we cache the results.
	52	* However when returning the cache results we get an assertion.
	53
	54	https://bugs.freedesktop.org/show_bug.cgi?id=56082
	55
	56	service/realm-kerberos-discover.c \| 17 +++++++++++------
	57	1 file changed, 11 insertions(+), 6 deletions(-)
	58
	59	commit 6e72f2b9d59d892e1f5350fe5d218aec8bed36c3
	60	Author: Stef Walter <stefw@gnome.org>
	61	Date: 2012-10-17
	62
	63	Remove extra blank line when removing section from ini config
	64
	65	When we add and remove sections from the sssd.conf we need to
	66	remove one extra line above the section header, because that
	67	was added when adding the section.
	68
	69	https://bugs.freedesktop.org/show_bug.cgi?id=56067
	70
	71	service/realm-ini-config.c \| 21 +++++++++++++++++++++
	72	tests/test-sssd-config.c \| 32 ++++++++++++++++++++++++++++++++
	73	2 files changed, 53 insertions(+)
	74
	75	commit de449ef42274a87ea96cc2415a95aad6d77ca3a1
	76	Author: Stef Walter <stefw@gnome.org>
	77	Date: 2012-10-17
	78
	79	Move the home/shell into [users] section of realmd settings
	80
	81	* This makes sense because for sssd, shell applies to all users
	82	* In addition fix the tests that were broken recently when we
	83	placed the shell stuff in the [nss] section.
	84
	85	https://bugs.freedesktop.org/show_bug.cgi?id=56066
	86
	87	doc/realmd-guide-configuring.xml \| 21 +++++++++++++++------
	88	service/realm-samba.c \| 4 ++--
	89	service/realm-sssd-ad.c \| 2 +-
	90	service/realm-sssd-config.c \| 2 +-
	91	service/realmd-defaults.conf \| 7 +++----
	92	tests/files/realmd-defaults.conf \| 6 +++++-
	93	tests/test-sssd-config.c \| 4 ++--
	94	7 files changed, 29 insertions(+), 17 deletions(-)
	95
	96	commit 3e5369e57789cc58ca9dc56254244e60466027a9
	97	Author: Stef Walter <stefw@gnome.org>
	98	Date: 2012-10-17
	99
	100	Allow --verbose to work with 'realm permit --all'
	101
	102	* Make diagnostic output work with 'realm permit --all' and
	103	'realm deny --all'
	104
	105	https://bugs.freedesktop.org/show_bug.cgi?id=56064
	106
	107	tools/realm-logins.c \| 19 +++++++++++++++----
	108	1 file changed, 15 insertions(+), 4 deletions(-)
	109
	110	commit 337cc688a782094c2c3e36a04b11adac9160b39d
	111	Author: Stef Walter <stefw@gnome.org>
	112	Date: 2012-10-17
	113
	114	Make sure we only work with configured realms for login policy
	115
	116	https://bugs.freedesktop.org/show_bug.cgi?id=56063
	117
	118	tools/realm-logins.c \| 17 ++++++++++++++---
	119	1 file changed, 14 insertions(+), 3 deletions(-)
	120
	121	commit 6914e7aa9fb046577ea182dfc9abe2396ac76845
	122	Author: Stef Walter <stefw@gnome.org>
	123	Date: 2012-10-17
	124
	125	Remove unnecessary check when setting login policy
	126
	127	service/realm-sssd.c \| 31 ++++++++++++++-----------------
	128	1 file changed, 14 insertions(+), 17 deletions(-)
	129
	130	commit 8dff6aa93a37eb996ffd462d4de8db3cd20ce940
	131	Author: Stef Walter <stefw@gnome.org>
	132	Date: 2012-10-17
	133
	134	Set the simple_allow_users to a comma by default for AD realms
	135
	136	* When creating a new AD sssd realm we want to be in the
	137	allow-permitted-logins login policy by default.
	138	* In order to do this we need to set simple_allow_users to a
	139	comma in order to work around an sssd bug. Otherwise all
	140	users are allowed, not just those explicitly permitted.
	141
	142	https://bugs.freedesktop.org/show_bug.cgi?id=56062
	143
	144	service/realm-sssd-ad.c \| 1 +
	145	1 file changed, 1 insertion(+)
	146
	147	commit 142b810261bb72034e7e467463c202c1a32d0958
	148	Author: Stef Walter <stefw@gnome.org>
	149	Date: 2012-10-17
	150
	151	Cleanup setting of empty ',' simple_allow_users
	152
	153	We were setting simple_allow_users previously to ',' to work around
	154	a bug in sssd. But we don't need to do this when access_provider
	155	is permit or deny.
	156
	157	https://bugs.freedesktop.org/show_bug.cgi?id=56061
	158
	159	service/realm-sssd.c \| 23 ++++++++++++++++++-----
	160	1 file changed, 18 insertions(+), 5 deletions(-)
	161
	162	commit a499898ae806938601cccf8dbb45d549181bf80b
	163	Author: Stef Walter <stefw@gnome.org>
	164	Date: 2012-10-17
	165
	166	Update realm properties after changing login policy
	167
	168	https://bugs.freedesktop.org/show_bug.cgi?id=56060
	169
	170	service/realm-sssd.c \| 6 ++++++
	171	1 file changed, 6 insertions(+)
	172
	173	commit 64a102cefee0873cf28ba97881409a15a7347414
	174	Author: Stef Walter <stefw@gnome.org>
	175	Date: 2012-10-17
	176
	177	Use the correct DBus string for deny login policy
	178
	179	https://bugs.freedesktop.org/show_bug.cgi?id=56059
	180
	181	service/realm-kerberos.c \| 2 +-
	182	1 file changed, 1 insertion(+), 1 deletion(-)
	183
	184	commit 830376ba11dc95c4a2f2f05e5a85cb7e00173591
	185	Author: Stef Walter <stefw@gnome.org>
	186	Date: 2012-10-17
	187
	188	Make sure we can read values out from ini config before writing
	189
	190	service/realm-ini-config.c \| 1 +
	191	tests/test-ini-config.c \| 17 +++++++++++++++++
	192	2 files changed, 18 insertions(+)
	193
	194	commit 73717f46b1e9f069894e0359b581901c77a806f0
	195	Author: Stef Walter <stefw@gnome.org>
	196	Date: 2012-10-16
	197
	198	Use sss_cache to clear the sssd caches when removing a domain
	199
	200	* We do this so libnss_sss.so stops answering with responses from
	201	the cache, which can be confusing and wrong.
	202	* Also move the code for removing an sssd domain into the base
	203	RealmSssd class so that the IPA code can use it.
	204	* Call sss_cache before removing the domain from sssd.conf. This
	205	is unfortunate as it can allow a race condition.
	206	* No longer remove libnss_sss from nssswitch.conf. libc caches the
	207	contents of nsswitch.conf and the modules, so removing stuff there
	208	is of dubious value.
	209
	210	https://bugs.freedesktop.org/show_bug.cgi?id=56047
	211
	212	service/realm-sssd-ad.c \| 127 +++-----------------------------------
	213	service/realm-sssd.c \| 149 +++++++++++++++++++++++++++++++++++++++++++++
	214	service/realm-sssd.h \| 4 ++
	215	service/realmd-redhat.conf \| 4 +-
	216	4 files changed, 165 insertions(+), 119 deletions(-)
	217
	218	commit 0c5d673db8aa0d7f0a03d3db871dcba194ad48ca
	219	Author: Stef Walter <stefw@gnome.org>
	220	Date: 2012-10-16
	221
	222	Make 'realm discover' only print out one realm per domain
	223
	224	* Check if we've already seen a domain in the discovery and don't
	225	print out multiples of the same domain, unless --all is used.
	226
	227	https://bugs.freedesktop.org/show_bug.cgi?id=56034
	228
	229	tools/realm-discover.c \| 22 +++++++++++++++++-----
	230	1 file changed, 17 insertions(+), 5 deletions(-)
	231
	232	commit 7af1f9f91cd4603d71c76e3aac58f7d226b8828b
	233	Author: Stef Walter <stefw@gnome.org>
	234	Date: 2012-10-16
	235
	236	Only list configured realms in 'realm list' by default
	237
	238	* Can now specify --all to show other realms that realmd
	239	knows about but which are not configured.
	240
	241	https://bugs.freedesktop.org/show_bug.cgi?id=56033
	242
	243	tools/realm-discover.c \| 21 ++++++++++++++++-----
	244	1 file changed, 16 insertions(+), 5 deletions(-)
	245
	246	commit a91b9ebdaca3771d5b4f05b3698ed37a634d4e79
	247	Author: Stef Walter <stefw@gnome.org>
	248	Date: 2012-10-16
	249
	250	Work around the strange behavior of the sssd 'simple' access_provider
	251
	252	When a realm is in the allow-permitted-logins mode, but no such
	253	logins have been set, the simple_allow_users is empty. sssd treats
	254	this as if the line is not present, and allows any login.
	255
	256	Setting the value to a comma gets around this problem. Further discussion
	257	will take place on the sssd mailing list.
	258
	259	https://bugs.freedesktop.org/show_bug.cgi?id=56027
	260
	261	service/realm-sssd.c \| 14 ++++++++++++++
	262	1 file changed, 14 insertions(+)
	263
	264	commit 41fb5b07e7f38cff52c6f850346785d98888a9de
	265	Author: Stef Walter <stefw@gnome.org>
	266	Date: 2012-10-16
	267
	268	Support offline logins with sssd
	269
	270	* Just needed to set cache_credentials = True
	271
	272	https://bugs.freedesktop.org/show_bug.cgi?id=56024
	273
	274	service/realm-sssd-ad.c \| 2 +-
	275	1 file changed, 1 insertion(+), 1 deletion(-)
	276
	277	commit 2d4b26831e9a17105d2ddeeda7884c9425c1fbd7
	278	Author: Stef Walter <stefw@gnome.org>
	279	Date: 2012-10-15
	280
	281	Add support for the realm tool for leave without removal
	282
	283	* Make the default 'realm leave' behavior be to deconfigure the
	284	local machine without removing stuff from the directory.
	285	* Add a --remove option to use the old behavior
	286
	287	https://bugs.freedesktop.org/show_bug.cgi?id=56021
	288
	289	doc/realm.xml \| 8 ++++-
	290	tools/realm-leave.c \| 91 ++++++++++++++++++++++++++++++++++++++++++-----------
	291	2 files changed, 80 insertions(+), 19 deletions(-)
	292
	293	commit 0bf9364c07793d49e3324f9698d74dab5f8594c3
	294	Author: Stef Walter <stefw@gnome.org>
	295	Date: 2012-10-15
	296
	297	Add support for Deconfigure(), or automatic leaving of a realm
	298
	299	* This just removes entries from a keytab and deconfigures, restarts
	300	services etc.
	301	* Cleanup the unenroll/leave/deconfigure code a bit in the process
	302
	303	https://bugs.freedesktop.org/show_bug.cgi?id=56021
	304
	305	service/realm-kerberos.c \| 76 +++++++++++++
	306	service/realm-kerberos.h \| 3 +
	307	service/realm-samba-enroll.c \| 72 ++++---------
	308	service/realm-samba.c \| 196 ++++++++++++++++++++++------------
	309	service/realm-sssd-ad.c \| 246 +++++++++++++++++++++++++++++--------------
	310	5 files changed, 393 insertions(+), 200 deletions(-)
	311
	312	commit c7d4fa5acd727448702aabf15b17fc5c8653b8ab
	313	Author: Stef Walter <stefw@gnome.org>
	314	Date: 2012-10-15
	315
	316	Put check for computer-ou option during Leave() in subclass
	317
	318	* This is so it doesn't have to be reimplemented by each realm
	319	derived class.
	320	* A later commit will remove it from the derived classes.
	321
	322	https://bugs.freedesktop.org/show_bug.cgi?id=56021
	323
	324	service/realm-kerberos.c \| 7 +++++++
	325	1 file changed, 7 insertions(+)
	326
	327	commit f295231c12c45f40f5f4edb855f33364646645af
	328	Author: Stef Walter <stefw@gnome.org>
	329	Date: 2012-10-15
	330
	331	Refactor how kerberos errors are propagated and warned
	332
	333	* Certain local kerberos errors are unexpected, so cleanup how they're
	334	transformed to warnings.
	335	* Rework how we propagate real kerberos errors, taking into account
	336	later commits.
	337
	338	https://bugs.freedesktop.org/show_bug.cgi?id=56021
	339
	340	service/realm-kerberos.c \| 62 +++++++++++++++++++++++++++++-------------------
	341	1 file changed, 38 insertions(+), 24 deletions(-)
	342
	343	commit 0e00612ae7c8c28e4ee0a8564db4eee36f72a28a
	344	Author: Stef Walter <stefw@gnome.org>
	345	Date: 2012-10-15
	346
	347	Set 'kerberos method' setting in smb.conf correctly
	348
	349	* This is needed to use the 'net ads keytab' functionality
	350	* Fixes a warning
	351
	352	https://bugs.freedesktop.org/show_bug.cgi?id=56005
	353
	354	service/realm-samba-enroll.c \| 33 +++++++++++++++++++++++++++++++--
	355	1 file changed, 31 insertions(+), 2 deletions(-)
	356
	357	commit 0f1f6aa1c22ae579ea1f04e0d3d005f4ff64e34c
	358	Author: Stef Walter <stefw@gnome.org>
	359	Date: 2012-10-15
	360
	361	Work around for problem with running authconfig without /sbin in path
	362
	363	https://bugs.freedesktop.org/show_bug.cgi?id=56004
	364
	365	service/realm-daemon.c \| 11 +++++++++++
	366	1 file changed, 11 insertions(+)
	367
	368	commit b982f1f3435795b6d6f8c4dff9a36b88cb782d85
	369	Author: Stef Walter <stefw@gnome.org>
	370	Date: 2012-10-15
	371
	372	Use --enablemkhomedir with authconfig to auto create home directories
	373
	374	https://bugs.freedesktop.org/show_bug.cgi?id=56002
	375
	376	service/realmd-redhat.conf \| 4 ++--
	377	1 file changed, 2 insertions(+), 2 deletions(-)
	378
	379	commit c9814c18bdd6d5b6f0a3678b5e5dfaf072f9f3c9
	380	Author: Stef Walter <stefw@gnome.org>
	381	Date: 2012-10-15
	382
	383	Allow specifying client-software and server-software when leaving realm
	384
	385	https://bugs.freedesktop.org/show_bug.cgi?id=56001
	386
	387	doc/realm.xml \| 14 +++++++++++++
	388	tools/realm-leave.c \| 57 +++++++++++++++++++++++++++++++++++++++++++++++------
	389	2 files changed, 65 insertions(+), 6 deletions(-)
	390
	391	commit 55fd0e6be201a1830a06ccabde1798b3250efd07
	392	Author: Stef Walter <stefw@gnome.org>
	393	Date: 2012-10-15
	394
	395	Combine the SssdAd and SssdIpa providers
	396
	397	* Now that discovery is combined, we can do discovery for all SSSD
	398	supported domains together.
	399	* Instantiate the various realms from /etc/sssd/sssd.conf as appropriate
	400	for the id_provider type.
	401
	402	https://bugs.freedesktop.org/show_bug.cgi?id=55999
	403
	404	service/Makefile.am \| 3 +-
	405	service/realm-daemon.c \| 10 +-
	406	service/realm-sssd-ad-provider.c \| 228 ---------------------------------
	407	service/realm-sssd-ad-provider.h \| 38 ------
	408	service/realm-sssd-ipa-provider.c \| 227 ---------------------------------
	409	service/realm-sssd-ipa-provider.h \| 38 ------
	410	service/realm-sssd-provider.c \| 259 ++++++++++++++++++++++++++++++++++++++
	411	service/realm-sssd-provider.h \| 38 ++++++
	412	8 files changed, 300 insertions(+), 541 deletions(-)
	413
	414	commit 8b9402c92feeea19d0a3e09d1c6576aba255f75c
	415	Author: Stef Walter <stefw@gnome.org>
	416	Date: 2012-10-13
	417
	418	Fill in the default shell and home directory for SSSD
	419
	420	* This is for AD where no home directory or shell is set on the server
	421	* The default shell goes in the [nss] section
	422
	423	https://bugs.freedesktop.org/show_bug.cgi?id=55957
	424
	425	doc/realmd-guide-configuring.xml \| 63 ++++++++++++++++++++++++++++++++++++++++
	426	service/realm-samba.c \| 3 ++
	427	service/realm-sssd-ad.c \| 6 ++++
	428	service/realm-sssd-config.c \| 9 ++++++
	429	service/realm-sssd.c \| 20 +++++++++++++
	430	service/realm-sssd.h \| 2 ++
	431	service/realmd-defaults.conf \| 2 ++
	432	7 files changed, 105 insertions(+)
	433
	434	commit a6f494b74b81aeed20047a86a79d5cfa7d12cefb
	435	Author: Stef Walter <stefw@gnome.org>
	436	Date: 2012-10-06
	437
	438	Try to restart the accounts-daemon after joining/leaving
	439
	440	* This is because accounts-daemon uses getpwnam() which caches the
	441	/etc/nsswitch.conf module list. As an interim we need to be able
	442	to restart the process.
	443
	444	* Long term solution: http://sourceware.org/bugzilla/show_bug.cgi?id=12459
	445
	446	https://bugs.freedesktop.org/show_bug.cgi?id=55704
	447
	448	service/realm-kerberos.c \| 33 ++++++++++++++++++++++++++++++---
	449	service/realmd-redhat.conf \| 2 ++
	450	2 files changed, 32 insertions(+), 3 deletions(-)
	451
	452	commit 31c305fd88d76b7e3680038b3d539d5f1f8f5524
	453	Author: Stef Walter <stefw@gnome.org>
	454	Date: 2012-10-02
	455
	456	Clearer message when automatic join fails
	457
	458	https://bugs.freedesktop.org/show_bug.cgi?id=55530
	459
	460	service/realm-sssd-ad.c \| 13 +++++++++++--
	461	1 file changed, 11 insertions(+), 2 deletions(-)
	462
	463	commit 04c4a6be48bc10e536e0cc282d8ecaa4d95738c5
	464	Author: Stef Walter <stefw@gnome.org>
	465	Date: 2012-10-02
	466
	467	Use lower case realm names.
	468
	469	* Don't use kerberos realm names as the realmd realm names. ETERM
	470	* Make sure to continue to provide the correct kerberos realm names
	471	on the ofr.Kerberos interface.
	472
	473	https://bugs.freedesktop.org/show_bug.cgi?id=55389
	474
	475	service/realm-kerberos-discover.c \| 5 ++++-
	476	service/realm-samba-provider.c \| 11 +++++++----
	477	service/realm-sssd.c \| 2 +-
	478	3 files changed, 12 insertions(+), 6 deletions(-)
	479
	480	commit 909c99175bbdf1730861da6ee4994e0b4313b17c
	481	Author: Stef Walter <stefw@gnome.org>
	482	Date: 2012-10-02
	483
	484	Don't track permitted logins in samba winbind realms
	485
	486	* We were just tracking these in name only, and not enforcing
	487	things anyway.
	488	* We allow permitted logins to be added, as long as the login
	489	policy is not changed to only allow permitted logins to log in.
	490	* This removes a warning when we added an unsupported line to
	491	smb.conf
	492
	493	https://bugs.freedesktop.org/show_bug.cgi?id=55549
	494
	495	service/realm-samba.c \| 47 ++++++++++++++++++++++-------------------------
	496	1 file changed, 22 insertions(+), 25 deletions(-)
	497
	498	commit d745d77c036355eb2e11ec38af6a2e41e2b8f41f
	499	Author: Stef Walter <stefw@gnome.org>
	500	Date: 2012-09-30
	501
	502	Fix search for LDAP libraries. Make it a hard requirement
	503
	504	configure.ac \| 13 ++++++++-----
	505	1 file changed, 8 insertions(+), 5 deletions(-)
	506
	507	commit 8ebe72464f463b6c89be1345b3b824698a42f787
	508	Author: Stef Walter <stefw@gnome.org>
	509	Date: 2012-09-28
	510
	511	Add Administrative Guide to the documentation
	512
	513	doc/Makefile.am \| 9 +-
	514	doc/html.css \| 11 ++
	515	doc/realmd-docs.sgml \| 53 ++++++---
	516	doc/realmd-guide-active-directory.xml \| 208 ++++++++++++++++++++++++++++++++++
	517	doc/realmd-guide-configuring.xml \| 128 +++++++++++++++++++++
	518	doc/realmd-guide-freeipa.xml \| 62 ++++++++++
	519	doc/realmd-guide-kerberos.xml \| 50 ++++++++
	520	7 files changed, 502 insertions(+), 19 deletions(-)
	521
	522	commit c909edc1b1060fa78feb9c335d2d2e420dbcb424
	523	Author: Stef Walter <stefw@gnome.org>
	524	Date: 2012-09-26
	525
	526	Commit the appropriate xml file for the realm manual
	527
	528	... and remove the compiled manual page that was accidentally
	529	committed.
	530
	531	.gitignore \| 2 +-
	532	doc/realm.1 \| 332 ----------------------------------------------------------
	533	doc/realm.xml \| 332 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
	534	3 files changed, 333 insertions(+), 333 deletions(-)
	535
	536	commit 7f8c4b853f9e2d414f8e0fe1870bf386937dfd7a
	537	Author: Stef Walter <stefw@gnome.org>
	538	Date: 2012-09-25
	539
	540	Use commands to manage services
	541
	542	* Rather than interacting with systemd and upstart via dbus
	543	* The upstart support was poor anyway.
	544	* This allows more compatibility with various distros
	545	* Less code.
	546
	547	https://bugs.freedesktop.org/show_bug.cgi?id=55319
	548
	549	service/Makefile.am \| 2 -
	550	service/realm-samba-winbind.c \| 4 +-
	551	service/realm-service-systemd.c \| 305 -------------------------
	552	service/realm-service-systemd.h \| 41 ----
	553	service/realm-service-upstart.c \| 362 ------------------------------
	554	service/realm-service-upstart.h \| 41 ----
	555	service/realm-service.c \| 476 +++++++---------------------------------
	556	service/realm-service.h \| 88 +-------
	557	service/realmd-debian.conf \| 20 +-
	558	service/realmd-defaults.conf \| 4 -
	559	service/realmd-redhat.conf \| 9 +
	560	11 files changed, 110 insertions(+), 1242 deletions(-)
	561
	562	commit cf4e7543c8eadf61b611668d7bb60ba2ec6b496b
	563	Author: Stef Walter <stefw@gnome.org>
	564	Date: 2012-09-25
	565
	566	Quiet down the command logging output
	567
	568	service/realm-command.c \| 7 ++++++-
	569	1 file changed, 6 insertions(+), 1 deletion(-)
	570
	571	commit 6b701df3bc89b94715d8c01d4bab2e203d4f12bd
	572	Author: Stef Walter <stefw@gnome.org>
	573	Date: 2012-09-21
	574
	575	Add a manual page for the realm command
	576
	577	https://bugs.freedesktop.org/show_bug.cgi?id=54491
	578
	579	.gitignore \| 1 +
	580	configure.ac \| 5 +
	581	doc/Makefile.am \| 25 +++-
	582	doc/realm.1 \| 332 +++++++++++++++++++++++++++++++++++++++++++++++++++
	583	doc/realmd-docs.sgml \| 4 +
	584	5 files changed, 365 insertions(+), 2 deletions(-)
	585
	586	commit d8fad1d7bcf6ab0969abee1284fedf80c4bf4079
	587	Author: Stef Walter <stefw@gnome.org>
	588	Date: 2012-09-19
	589
	590	Release version 0.8.1
	591
	592	NEWS \| 3 +++
	593	configure.ac \| 2 +-
	594	2 files changed, 4 insertions(+), 1 deletion(-)
	595
	596	commit 6459665dd1cd2714432173ea2eaeeae5dd6d3894
	597	Author: Stef Walter <stefw@gnome.org>
	598	Date: 2012-09-19
	599
	600	Distribute debian settings file correctly
	601
	602	service/Makefile.am \| 4 +++-
	603	1 file changed, 3 insertions(+), 1 deletion(-)
1	604
2	605	commit 297d1b67119d68ce798067b35ca83ec0e1521f1c
3	606	Author: Stef Walter <stefw@gnome.org>

-2

Makefile.in less more

49	49	DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
50	50	$(srcdir)/Makefile.in $(srcdir)/config.h.in \
51	51	$(top_srcdir)/Makefile.decl $(top_srcdir)/configure AUTHORS \
52		COPYING ChangeLog INSTALL NEWS compile depcomp install-sh \
53		missing
	52	COPYING ChangeLog INSTALL NEWS compile config.guess depcomp \
	53	install-sh missing
54	54	subdir = .
55	55	ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
56	56	am__aclocal_m4_deps = $(top_srcdir)/build/m4/gtk-doc.m4 \

243	243	USE_NLS = @USE_NLS@
244	244	VERSION = @VERSION@
245	245	XGETTEXT = @XGETTEXT@
	246	XSLTPROC = @XSLTPROC@
246	247	abs_builddir = @abs_builddir@
247	248	abs_srcdir = @abs_srcdir@
248	249	abs_top_builddir = @abs_top_builddir@

+25

-0

NEWS less more

	0	0.9
	1	* Add support for deconfiguring a realm without removing computer account
	2	* Cleanup the krb5.keytab from realmd itself, rather than relying on samba
	3	* Fix problems running authconfig from a system service
	4	* Automatically create home directories for logged in accounts on Fedora and RHEL
	5	* Setup a default shell and home directory for AD users coming via sssd
	6	* Restart the accouts-daemon after joining a domain
	7	* Use lower case realm names
	8	* Enable offline logins with sssd
	9	* Make sure the allow-permitted-logins policy works with sssd even when
	10	no permitted logins specified
	11	* Use systemctl and service commands to manage services rather than DBus
	12	* Move the realm command to /usr/sbin
	13	* Make --verbose work with 'realm permit -all' and 'realm deny --all'
	14	* Make sure realm permit/deny only work with configured realms
	15	* Work around sssd simple access provider issues
	16	* Use sss_cache to clear caches when removing a domain
	17	* Make 'realm discover' only print out realm line per domain by default
	18	* Only list configured realms in 'realm list' by default
	19	* Bug fixes
	20	* Documentation
	21
	22	0.8.1
	23	* Distribute debian settings file correctly
	24
0	25	0.8
1	26	* Cleaner, faster and robuster IPA discovery
2	27	* Don't refret the PackageKit cache when installing

-0

build/Makefile.in less more

181	181	USE_NLS = @USE_NLS@
182	182	VERSION = @VERSION@
183	183	XGETTEXT = @XGETTEXT@
	184	XSLTPROC = @XSLTPROC@
184	185	abs_builddir = @abs_builddir@
185	186	abs_srcdir = @abs_srcdir@
186	187	abs_top_builddir = @abs_top_builddir@

+1530

-0

config.guess less more

	0	#! /bin/sh
	1	# Attempt to guess a canonical system name.
	2	# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
	3	# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010,
	4	# 2011, 2012 Free Software Foundation, Inc.
	5
	6	timestamp='2012-06-10'
	7
	8	# This file is free software; you can redistribute it and/or modify it
	9	# under the terms of the GNU General Public License as published by
	10	# the Free Software Foundation; either version 2 of the License, or
	11	# (at your option) any later version.
	12	#
	13	# This program is distributed in the hope that it will be useful, but
	14	# WITHOUT ANY WARRANTY; without even the implied warranty of
	15	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	# General Public License for more details.
	17	#
	18	# You should have received a copy of the GNU General Public License
	19	# along with this program; if not, see <http://www.gnu.org/licenses/>.
	20	#
	21	# As a special exception to the GNU General Public License, if you
	22	# distribute this file as part of a program that contains a
	23	# configuration script generated by Autoconf, you may include it under
	24	# the same distribution terms that you use for the rest of that program.
	25
	26
	27	# Originally written by Per Bothner. Please send patches (context
	28	# diff format) to <config-patches@gnu.org> and include a ChangeLog
	29	# entry.
	30	#
	31	# This script attempts to guess a canonical system name similar to
	32	# config.sub. If it succeeds, it prints the system name on stdout, and
	33	# exits with 0. Otherwise, it exits with 1.
	34	#
	35	# You can get the latest version of this script from:
	36	# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
	37
	38	me=`echo "$0" \| sed -e 's,.*/,,'`
	39
	40	usage="\
	41	Usage: $0 [OPTION]
	42
	43	Output the configuration name of the system \`$me' is run on.
	44
	45	Operation modes:
	46	-h, --help print this help, then exit
	47	-t, --time-stamp print date of last modification, then exit
	48	-v, --version print version number, then exit
	49
	50	Report bugs and patches to <config-patches@gnu.org>."
	51
	52	version="\
	53	GNU config.guess ($timestamp)
	54
	55	Originally written by Per Bothner.
	56	Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
	57	2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012
	58	Free Software Foundation, Inc.
	59
	60	This is free software; see the source for copying conditions. There is NO
	61	warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
	62
	63	help="
	64	Try \`$me --help' for more information."
	65
	66	# Parse command line
	67	while test $# -gt 0 ; do
	68	case $1 in
	69	--time-stamp \| --time* \| -t )
	70	echo "$timestamp" ; exit ;;
	71	--version \| -v )
	72	echo "$version" ; exit ;;
	73	--help \| --h* \| -h )
	74	echo "$usage"; exit ;;
	75	-- ) # Stop option processing
	76	shift; break ;;
	77	- ) # Use stdin as input.
	78	break ;;
	79	-* )
	80	echo "$me: invalid option $1$help" >&2
	81	exit 1 ;;
	82	* )
	83	break ;;
	84	esac
	85	done
	86
	87	if test $# != 0; then
	88	echo "$me: too many arguments$help" >&2
	89	exit 1
	90	fi
	91
	92	trap 'exit 1' 1 2 15
	93
	94	# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
	95	# compiler to aid in system detection is discouraged as it requires
	96	# temporary files to be created and, as you can see below, it is a
	97	# headache to deal with in a portable fashion.
	98
	99	# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
	100	# use `HOST_CC' if defined, but it is deprecated.
	101
	102	# Portable tmp directory creation inspired by the Autoconf team.
	103
	104	set_cc_for_build='
	105	trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
	106	trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
	107	: ${TMPDIR=/tmp} ;
	108	{ tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } \|\|
	109	{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } \|\|
	110	{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } \|\|
	111	{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
	112	dummy=$tmp/dummy ;
	113	tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
	114	case $CC_FOR_BUILD,$HOST_CC,$CC in
	115	,,) echo "int x;" > $dummy.c ;
	116	for c in cc gcc c89 c99 ; do
	117	if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
	118	CC_FOR_BUILD="$c"; break ;
	119	fi ;
	120	done ;
	121	if test x"$CC_FOR_BUILD" = x ; then
	122	CC_FOR_BUILD=no_compiler_found ;
	123	fi
	124	;;
	125	,,*) CC_FOR_BUILD=$CC ;;
	126	,,) CC_FOR_BUILD=$HOST_CC ;;
	127	esac ; set_cc_for_build= ;'
	128
	129	# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
	130	# (ghazi@noc.rutgers.edu 1994-08-24)
	131	if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
	132	PATH=$PATH:/.attbin ; export PATH
	133	fi
	134
	135	UNAME_MACHINE=`(uname -m) 2>/dev/null` \|\| UNAME_MACHINE=unknown
	136	UNAME_RELEASE=`(uname -r) 2>/dev/null` \|\| UNAME_RELEASE=unknown
	137	UNAME_SYSTEM=`(uname -s) 2>/dev/null` \|\| UNAME_SYSTEM=unknown
	138	UNAME_VERSION=`(uname -v) 2>/dev/null` \|\| UNAME_VERSION=unknown
	139
	140	# Note: order is significant - the case branches are not exclusive.
	141
	142	case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
	143	:NetBSD::*)
	144	# NetBSD (nbsd) targets should (where applicable) match one or
	145	# more of the tuples: --netbsdelf, --netbsdaout,
	146	# --netbsdecoff* and --netbsd*. For targets that recently
	147	# switched to ELF, --netbsd* would select the old
	148	# object file format. This provides both forward
	149	# compatibility and a consistent mechanism for selecting the
	150	# object file format.
	151	#
	152	# Note: NetBSD doesn't particularly care about the vendor
	153	# portion of the name. We always set it to "unknown".
	154	sysctl="sysctl -n hw.machine_arch"
	155	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null \|\| \
	156	/usr/sbin/$sysctl 2>/dev/null \|\| echo unknown)`
	157	case "${UNAME_MACHINE_ARCH}" in
	158	armeb) machine=armeb-unknown ;;
	159	arm*) machine=arm-unknown ;;
	160	sh3el) machine=shl-unknown ;;
	161	sh3eb) machine=sh-unknown ;;
	162	sh5el) machine=sh5le-unknown ;;
	163	*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
	164	esac
	165	# The Operating System including object format, if it has switched
	166	# to ELF recently, or will in the future.
	167	case "${UNAME_MACHINE_ARCH}" in
	168	arm\|i386\|m68k\|ns32k\|sh3\|sparc\|vax)
	169	eval $set_cc_for_build
	170	if echo __ELF__ \| $CC_FOR_BUILD -E - 2>/dev/null \
	171	\| grep -q __ELF__
	172	then
	173	# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
	174	# Return netbsd for either. FIX?
	175	os=netbsd
	176	else
	177	os=netbsdelf
	178	fi
	179	;;
	180	*)
	181	os=netbsd
	182	;;
	183	esac
	184	# The OS release
	185	# Debian GNU/NetBSD machines have a different userland, and
	186	# thus, need a distinct triplet. However, they do not need
	187	# kernel version information, so it can be replaced with a
	188	# suitable tag, in the style of linux-gnu.
	189	case "${UNAME_VERSION}" in
	190	Debian*)
	191	release='-gnu'
	192	;;
	193	*)
	194	release=`echo ${UNAME_RELEASE}\|sed -e 's/[-_].*/\./'`
	195	;;
	196	esac
	197	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
	198	# contains redundant information, the shorter form:
	199	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
	200	echo "${machine}-${os}${release}"
	201	exit ;;
	202	:OpenBSD::*)
	203	UNAME_MACHINE_ARCH=`arch \| sed 's/OpenBSD.//'`
	204	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
	205	exit ;;
	206	:ekkoBSD::*)
	207	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
	208	exit ;;
	209	:SolidBSD::*)
	210	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
	211	exit ;;
	212	macppc:MirBSD::)
	213	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
	214	exit ;;
	215	:MirBSD::*)
	216	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
	217	exit ;;
	218	alpha:OSF1::)
	219	case $UNAME_RELEASE in
	220	*4.0)
	221	UNAME_RELEASE=`/usr/sbin/sizer -v \| awk '{print $3}'`
	222	;;
	223	5.)
	224	UNAME_RELEASE=`/usr/sbin/sizer -v \| awk '{print $4}'`
	225	;;
	226	esac
	227	# According to Compaq, /usr/sbin/psrinfo has been available on
	228	# OSF/1 and Tru64 systems produced since 1995. I hope that
	229	# covers most systems running today. This code pipes the CPU
	230	# types through head -n 1, so we only detect the type of CPU 0.
	231	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v \| sed -n -e 's/^ The alpha $.$ processor.$/\1/p' \| head -n 1`
	232	case "$ALPHA_CPU_TYPE" in
	233	"EV4 (21064)")
	234	UNAME_MACHINE="alpha" ;;
	235	"EV4.5 (21064)")
	236	UNAME_MACHINE="alpha" ;;
	237	"LCA4 (21066/21068)")
	238	UNAME_MACHINE="alpha" ;;
	239	"EV5 (21164)")
	240	UNAME_MACHINE="alphaev5" ;;
	241	"EV5.6 (21164A)")
	242	UNAME_MACHINE="alphaev56" ;;
	243	"EV5.6 (21164PC)")
	244	UNAME_MACHINE="alphapca56" ;;
	245	"EV5.7 (21164PC)")
	246	UNAME_MACHINE="alphapca57" ;;
	247	"EV6 (21264)")
	248	UNAME_MACHINE="alphaev6" ;;
	249	"EV6.7 (21264A)")
	250	UNAME_MACHINE="alphaev67" ;;
	251	"EV6.8CB (21264C)")
	252	UNAME_MACHINE="alphaev68" ;;
	253	"EV6.8AL (21264B)")
	254	UNAME_MACHINE="alphaev68" ;;
	255	"EV6.8CX (21264D)")
	256	UNAME_MACHINE="alphaev68" ;;
	257	"EV6.9A (21264/EV69A)")
	258	UNAME_MACHINE="alphaev69" ;;
	259	"EV7 (21364)")
	260	UNAME_MACHINE="alphaev7" ;;
	261	"EV7.9 (21364A)")
	262	UNAME_MACHINE="alphaev79" ;;
	263	esac
	264	# A Pn.n version is a patched version.
	265	# A Vn.n version is a released version.
	266	# A Tn.n version is a released field test version.
	267	# A Xn.n version is an unreleased experimental baselevel.
	268	# 1.2 uses "1.2" for uname -r.
	269	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} \| sed -e 's/^[PVTX]//' \| tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
	270	# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
	271	exitcode=$?
	272	trap '' 0
	273	exit $exitcode ;;
	274	Alpha\ :Windows_NT:*)
	275	# How do we know it's Interix rather than the generic POSIX subsystem?
	276	# Should we change UNAME_MACHINE based on the output of uname instead
	277	# of the specific Alpha model?
	278	echo alpha-pc-interix
	279	exit ;;
	280	21064:Windows_NT:50:3)
	281	echo alpha-dec-winnt3.5
	282	exit ;;
	283	Amiga:UNIX_System_V:4.0:)
	284	echo m68k-unknown-sysv4
	285	exit ;;
	286	:[Aa]miga[Oo][Ss]::*)
	287	echo ${UNAME_MACHINE}-unknown-amigaos
	288	exit ;;
	289	:[Mm]orph[Oo][Ss]::*)
	290	echo ${UNAME_MACHINE}-unknown-morphos
	291	exit ;;
	292	:OS/390::*)
	293	echo i370-ibm-openedition
	294	exit ;;
	295	:z/VM::*)
	296	echo s390-ibm-zvmoe
	297	exit ;;
	298	:OS400::*)
	299	echo powerpc-ibm-os400
	300	exit ;;
	301	arm:RISC:1.[012]:\|arm:riscix:1.[012]:*)
	302	echo arm-acorn-riscix${UNAME_RELEASE}
	303	exit ;;
	304	arm:riscos::\|arm:RISCOS::)
	305	echo arm-unknown-riscos
	306	exit ;;
	307	SR2?01:HI-UX/MPP:: \| SR8000:HI-UX/MPP::)
	308	echo hppa1.1-hitachi-hiuxmpp
	309	exit ;;
	310	Pyramid:OSx:: \| MIS:OSx:: \| MIS:SMP_DC-OSx::)
	311	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
	312	if test "`(/bin/universe) 2>/dev/null`" = att ; then
	313	echo pyramid-pyramid-sysv3
	314	else
	315	echo pyramid-pyramid-bsd
	316	fi
	317	exit ;;
	318	NILE::*:dcosx)
	319	echo pyramid-pyramid-svr4
	320	exit ;;
	321	DRS?6000:unix:4.0:6*)
	322	echo sparc-icl-nx6
	323	exit ;;
	324	DRS?6000:UNIX_SV:4.2:7 \| DRS?6000:isis:4.2:7)
	325	case `/usr/bin/uname -p` in
	326	sparc) echo sparc-icl-nx7; exit ;;
	327	esac ;;
	328	s390x:SunOS::)
	329	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}\|sed -e 's/[^.]*//'`
	330	exit ;;
	331	sun4H:SunOS:5.:)
	332	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}\|sed -e 's/[^.]*//'`
	333	exit ;;
	334	sun4:SunOS:5.:* \| tadpole:SunOS:5.:*)
	335	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}\|sed -e 's/[^.]*//'`
	336	exit ;;
	337	i86pc:AuroraUX:5.: \| i86xen:AuroraUX:5.:)
	338	echo i386-pc-auroraux${UNAME_RELEASE}
	339	exit ;;
	340	i86pc:SunOS:5.: \| i86xen:SunOS:5.:)
	341	eval $set_cc_for_build
	342	SUN_ARCH="i386"
	343	# If there is a compiler, see if it is configured for 64-bit objects.
	344	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
	345	# This test works for both compilers.
	346	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
	347	if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') \| \
	348	(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) \| \
	349	grep IS_64BIT_ARCH >/dev/null
	350	then
	351	SUN_ARCH="x86_64"
	352	fi
	353	fi
	354	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}\|sed -e 's/[^.]*//'`
	355	exit ;;
	356	sun4:SunOS:6:*)
	357	# According to config.sub, this is the proper way to canonicalize
	358	# SunOS6. Hard to guess exactly what SunOS6 will be like, but
	359	# it's likely to be more like Solaris than SunOS4.
	360	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}\|sed -e 's/[^.]*//'`
	361	exit ;;
	362	sun4:SunOS::*)
	363	case "`/usr/bin/arch -k`" in
	364	Series\|S4)
	365	UNAME_RELEASE=`uname -v`
	366	;;
	367	esac
	368	# Japanese Language versions have a version number like `4.1.3-JL'.
	369	echo sparc-sun-sunos`echo ${UNAME_RELEASE}\|sed -e 's/-/_/'`
	370	exit ;;
	371	sun3:SunOS::*)
	372	echo m68k-sun-sunos${UNAME_RELEASE}
	373	exit ;;
	374	sun::4.2BSD:*)
	375	UNAME_RELEASE=`(sed 1q /etc/motd \| awk '{print substr($5,1,3)}') 2>/dev/null`
	376	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
	377	case "`/bin/arch`" in
	378	sun3)
	379	echo m68k-sun-sunos${UNAME_RELEASE}
	380	;;
	381	sun4)
	382	echo sparc-sun-sunos${UNAME_RELEASE}
	383	;;
	384	esac
	385	exit ;;
	386	aushp:SunOS::)
	387	echo sparc-auspex-sunos${UNAME_RELEASE}
	388	exit ;;
	389	# The situation for MiNT is a little confusing. The machine name
	390	# can be virtually everything (everything which is not
	391	# "atarist" or "atariste" at least should have a processor
	392	# > m68000). The system name ranges from "MiNT" over "FreeMiNT"
	393	# to the lowercase version "mint" (or "freemint"). Finally
	394	# the system name "TOS" denotes a system which is actually not
	395	# MiNT. But MiNT is downward compatible to TOS, so this should
	396	# be no problem.
	397	atarist[e]:MiNT::* \| atarist[e]:mint::* \| atarist[e]:TOS::*)
	398	echo m68k-atari-mint${UNAME_RELEASE}
	399	exit ;;
	400	atari:MiNT:: \| atari:mint:: \| atarist[e]:TOS::*)
	401	echo m68k-atari-mint${UNAME_RELEASE}
	402	exit ;;
	403	falcon:MiNT::* \| falcon:mint::* \| falcon:TOS::*)
	404	echo m68k-atari-mint${UNAME_RELEASE}
	405	exit ;;
	406	milan:MiNT:: \| milan:mint:: \| milan:TOS::*)
	407	echo m68k-milan-mint${UNAME_RELEASE}
	408	exit ;;
	409	hades:MiNT:: \| hades:mint:: \| hades:TOS::*)
	410	echo m68k-hades-mint${UNAME_RELEASE}
	411	exit ;;
	412	:MiNT:: \| :mint:: \| :TOS::)
	413	echo m68k-unknown-mint${UNAME_RELEASE}
	414	exit ;;
	415	m68k:machten::)
	416	echo m68k-apple-machten${UNAME_RELEASE}
	417	exit ;;
	418	powerpc:machten::)
	419	echo powerpc-apple-machten${UNAME_RELEASE}
	420	exit ;;
	421	RISC:Mach::*)
	422	echo mips-dec-mach_bsd4.3
	423	exit ;;
	424	RISC:ULTRIX::*)
	425	echo mips-dec-ultrix${UNAME_RELEASE}
	426	exit ;;
	427	VAX:ULTRIX::)
	428	echo vax-dec-ultrix${UNAME_RELEASE}
	429	exit ;;
	430	2020:CLIX:: \| 2430:CLIX::)
	431	echo clipper-intergraph-clix${UNAME_RELEASE}
	432	exit ;;
	433	mips:::UMIPS \| mips:::RISCos)
	434	eval $set_cc_for_build
	435	sed 's/^ //' << EOF >$dummy.c
	436	#ifdef __cplusplus
	437	#include <stdio.h> /* for printf() prototype */
	438	int main (int argc, char *argv[]) {
	439	#else
	440	int main (argc, argv) int argc; char *argv[]; {
	441	#endif
	442	#if defined (host_mips) && defined (MIPSEB)
	443	#if defined (SYSTYPE_SYSV)
	444	printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
	445	#endif
	446	#if defined (SYSTYPE_SVR4)
	447	printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
	448	#endif
	449	#if defined (SYSTYPE_BSD43) \|\| defined(SYSTYPE_BSD)
	450	printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
	451	#endif
	452	#endif
	453	exit (-1);
	454	}
	455	EOF
	456	$CC_FOR_BUILD -o $dummy $dummy.c &&
	457	dummyarg=`echo "${UNAME_RELEASE}" \| sed -n 's/$[0-9]$./\1/p'` &&
	458	SYSTEM_NAME=`$dummy $dummyarg` &&
	459	{ echo "$SYSTEM_NAME"; exit; }
	460	echo mips-mips-riscos${UNAME_RELEASE}
	461	exit ;;
	462	Motorola:PowerMAX_OS::)
	463	echo powerpc-motorola-powermax
	464	exit ;;
	465	Motorola::4.3:PL8-)
	466	echo powerpc-harris-powermax
	467	exit ;;
	468	Night_Hawk:::PowerMAX_OS \| Synergy:PowerMAX_OS::)
	469	echo powerpc-harris-powermax
	470	exit ;;
	471	Night_Hawk:Power_UNIX::)
	472	echo powerpc-harris-powerunix
	473	exit ;;
	474	m88k:CX/UX:7:)
	475	echo m88k-harris-cxux7
	476	exit ;;
	477	m88k::4:R4*)
	478	echo m88k-motorola-sysv4
	479	exit ;;
	480	m88k::3:R3*)
	481	echo m88k-motorola-sysv3
	482	exit ;;
	483	AViiON:dgux::)
	484	# DG/UX returns AViiON for all architectures
	485	UNAME_PROCESSOR=`/usr/bin/uname -p`
	486	if [ $UNAME_PROCESSOR = mc88100 ] \|\| [ $UNAME_PROCESSOR = mc88110 ]
	487	then
	488	if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] \|\| \
	489	[ ${TARGET_BINARY_INTERFACE}x = x ]
	490	then
	491	echo m88k-dg-dgux${UNAME_RELEASE}
	492	else
	493	echo m88k-dg-dguxbcs${UNAME_RELEASE}
	494	fi
	495	else
	496	echo i586-dg-dgux${UNAME_RELEASE}
	497	fi
	498	exit ;;
	499	M88:DolphinOS::*) # DolphinOS (SVR3)
	500	echo m88k-dolphin-sysv3
	501	exit ;;
	502	M88::R3:)
	503	# Delta 88k system running SVR3
	504	echo m88k-motorola-sysv3
	505	exit ;;
	506	XD88:::) # Tektronix XD88 system running UTekV (SVR3)
	507	echo m88k-tektronix-sysv3
	508	exit ;;
	509	Tek43[0-9][0-9]:UTek::) # Tektronix 4300 system running UTek (BSD)
	510	echo m68k-tektronix-bsd
	511	exit ;;
	512	:IRIX::)
	513	echo mips-sgi-irix`echo ${UNAME_RELEASE}\|sed -e 's/-/_/g'`
	514	exit ;;
	515	????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
	516	echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
	517	exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
	518	i86:AIX::*)
	519	echo i386-ibm-aix
	520	exit ;;
	521	ia64:AIX::)
	522	if [ -x /usr/bin/oslevel ] ; then
	523	IBM_REV=`/usr/bin/oslevel`
	524	else
	525	IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
	526	fi
	527	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
	528	exit ;;
	529	*:AIX:2:3)
	530	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
	531	eval $set_cc_for_build
	532	sed 's/^ //' << EOF >$dummy.c
	533	#include <sys/systemcfg.h>
	534
	535	main()
	536	{
	537	if (!__power_pc())
	538	exit(1);
	539	puts("powerpc-ibm-aix3.2.5");
	540	exit(0);
	541	}
	542	EOF
	543	if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
	544	then
	545	echo "$SYSTEM_NAME"
	546	else
	547	echo rs6000-ibm-aix3.2.5
	548	fi
	549	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
	550	echo rs6000-ibm-aix3.2.4
	551	else
	552	echo rs6000-ibm-aix3.2
	553	fi
	554	exit ;;
	555	:AIX::[4567])
	556	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available \| sed 1q \| awk '{ print $1 }'`
	557	if /usr/sbin/lsattr -El ${IBM_CPU_ID} \| grep ' POWER' >/dev/null 2>&1; then
	558	IBM_ARCH=rs6000
	559	else
	560	IBM_ARCH=powerpc
	561	fi
	562	if [ -x /usr/bin/oslevel ] ; then
	563	IBM_REV=`/usr/bin/oslevel`
	564	else
	565	IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
	566	fi
	567	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
	568	exit ;;
	569	:AIX::*)
	570	echo rs6000-ibm-aix
	571	exit ;;
	572	ibmrt:4.4BSD:\|romp-ibm:BSD:)
	573	echo romp-ibm-bsd4.4
	574	exit ;;
	575	ibmrt:BSD:\|romp-ibm:BSD:*) # covers RT/PC BSD and
	576	echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
	577	exit ;; # report: romp-ibm BSD 4.3
	578	:BOSX::*)
	579	echo rs6000-bull-bosx
	580	exit ;;
	581	DPX/2?00:B.O.S.::)
	582	echo m68k-bull-sysv3
	583	exit ;;
	584	9000/[34]??:4.3bsd:1.:)
	585	echo m68k-hp-bsd
	586	exit ;;
	587	hp300:4.4BSD:: \| 9000/[34]??:4.3bsd:2.:)
	588	echo m68k-hp-bsd4.4
	589	exit ;;
	590	9000/[34678]??:HP-UX::)
	591	HPUX_REV=`echo ${UNAME_RELEASE}\|sed -e 's/[^.].[0B]//'`
	592	case "${UNAME_MACHINE}" in
	593	9000/31? ) HP_ARCH=m68000 ;;
	594	9000/[34]?? ) HP_ARCH=m68k ;;
	595	9000/[678][0-9][0-9])
	596	if [ -x /usr/bin/getconf ]; then
	597	sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
	598	sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
	599	case "${sc_cpu_version}" in
	600	523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
	601	528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
	602	532) # CPU_PA_RISC2_0
	603	case "${sc_kernel_bits}" in
	604	32) HP_ARCH="hppa2.0n" ;;
	605	64) HP_ARCH="hppa2.0w" ;;
	606	'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
	607	esac ;;
	608	esac
	609	fi
	610	if [ "${HP_ARCH}" = "" ]; then
	611	eval $set_cc_for_build
	612	sed 's/^ //' << EOF >$dummy.c
	613
	614	#define _HPUX_SOURCE
	615	#include <stdlib.h>
	616	#include <unistd.h>
	617
	618	int main ()
	619	{
	620	#if defined(_SC_KERNEL_BITS)
	621	long bits = sysconf(_SC_KERNEL_BITS);
	622	#endif
	623	long cpu = sysconf (_SC_CPU_VERSION);
	624
	625	switch (cpu)
	626	{
	627	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
	628	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
	629	case CPU_PA_RISC2_0:
	630	#if defined(_SC_KERNEL_BITS)
	631	switch (bits)
	632	{
	633	case 64: puts ("hppa2.0w"); break;
	634	case 32: puts ("hppa2.0n"); break;
	635	default: puts ("hppa2.0"); break;
	636	} break;
	637	#else /* !defined(_SC_KERNEL_BITS) */
	638	puts ("hppa2.0"); break;
	639	#endif
	640	default: puts ("hppa1.0"); break;
	641	}
	642	exit (0);
	643	}
	644	EOF
	645	(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
	646	test -z "$HP_ARCH" && HP_ARCH=hppa
	647	fi ;;
	648	esac
	649	if [ ${HP_ARCH} = "hppa2.0w" ]
	650	then
	651	eval $set_cc_for_build
	652
	653	# hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
	654	# 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
	655	# generating 64-bit code. GNU and HP use different nomenclature:
	656	#
	657	# $ CC_FOR_BUILD=cc ./config.guess
	658	# => hppa2.0w-hp-hpux11.23
	659	# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
	660	# => hppa64-hp-hpux11.23
	661
	662	if echo __LP64__ \| (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) \|
	663	grep -q __LP64__
	664	then
	665	HP_ARCH="hppa2.0w"
	666	else
	667	HP_ARCH="hppa64"
	668	fi
	669	fi
	670	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
	671	exit ;;
	672	ia64:HP-UX::)
	673	HPUX_REV=`echo ${UNAME_RELEASE}\|sed -e 's/[^.].[0B]//'`
	674	echo ia64-hp-hpux${HPUX_REV}
	675	exit ;;
	676	3050:HI-UX::*)
	677	eval $set_cc_for_build
	678	sed 's/^ //' << EOF >$dummy.c
	679	#include <unistd.h>
	680	int
	681	main ()
	682	{
	683	long cpu = sysconf (_SC_CPU_VERSION);
	684	/* The order matters, because CPU_IS_HP_MC68K erroneously returns
	685	true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
	686	results, however. */
	687	if (CPU_IS_PA_RISC (cpu))
	688	{
	689	switch (cpu)
	690	{
	691	case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
	692	case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
	693	case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
	694	default: puts ("hppa-hitachi-hiuxwe2"); break;
	695	}
	696	}
	697	else if (CPU_IS_HP_MC68K (cpu))
	698	puts ("m68k-hitachi-hiuxwe2");
	699	else puts ("unknown-hitachi-hiuxwe2");
	700	exit (0);
	701	}
	702	EOF
	703	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
	704	{ echo "$SYSTEM_NAME"; exit; }
	705	echo unknown-hitachi-hiuxwe2
	706	exit ;;
	707	9000/7??:4.3bsd:: \| 9000/8?[79]:4.3bsd:: )
	708	echo hppa1.1-hp-bsd
	709	exit ;;
	710	9000/8??:4.3bsd::)
	711	echo hppa1.0-hp-bsd
	712	exit ;;
	713	9??:MPE/iX:: \| 3000:MPE/iX::)
	714	echo hppa1.0-hp-mpeix
	715	exit ;;
	716	hp7??:OSF1:: \| hp8?[79]:OSF1:: )
	717	echo hppa1.1-hp-osf
	718	exit ;;
	719	hp8??:OSF1::)
	720	echo hppa1.0-hp-osf
	721	exit ;;
	722	i86:OSF1::*)
	723	if [ -x /usr/sbin/sysversion ] ; then
	724	echo ${UNAME_MACHINE}-unknown-osf1mk
	725	else
	726	echo ${UNAME_MACHINE}-unknown-osf1
	727	fi
	728	exit ;;
	729	parisc:Lites::)
	730	echo hppa1.1-hp-lites
	731	exit ;;
	732	C1:ConvexOS::* \| convex:ConvexOS:C1:)
	733	echo c1-convex-bsd
	734	exit ;;
	735	C2:ConvexOS::* \| convex:ConvexOS:C2:)
	736	if getsysinfo -f scalar_acc
	737	then echo c32-convex-bsd
	738	else echo c2-convex-bsd
	739	fi
	740	exit ;;
	741	C34:ConvexOS::* \| convex:ConvexOS:C34:)
	742	echo c34-convex-bsd
	743	exit ;;
	744	C38:ConvexOS::* \| convex:ConvexOS:C38:)
	745	echo c38-convex-bsd
	746	exit ;;
	747	C4:ConvexOS::* \| convex:ConvexOS:C4:)
	748	echo c4-convex-bsd
	749	exit ;;
	750	CRAYY-MP:::)
	751	echo ymp-cray-unicos${UNAME_RELEASE} \| sed -e 's/\.[^.]*$/.X/'
	752	exit ;;
	753	CRAY[A-Z]90:::)
	754	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
	755	\| sed -e 's/CRAY.*$[A-Z]90$/\1/' \
	756	-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
	757	-e 's/\.[^.]*$/.X/'
	758	exit ;;
	759	CRAYTS:::)
	760	echo t90-cray-unicos${UNAME_RELEASE} \| sed -e 's/\.[^.]*$/.X/'
	761	exit ;;
	762	CRAYT3E:::)
	763	echo alphaev5-cray-unicosmk${UNAME_RELEASE} \| sed -e 's/\.[^.]*$/.X/'
	764	exit ;;
	765	CRAYSV1:::)
	766	echo sv1-cray-unicos${UNAME_RELEASE} \| sed -e 's/\.[^.]*$/.X/'
	767	exit ;;
	768	:UNICOS/mp::*)
	769	echo craynv-cray-unicosmp${UNAME_RELEASE} \| sed -e 's/\.[^.]*$/.X/'
	770	exit ;;
	771	F30[01]:UNIX_System_V:: \| F700:UNIX_System_V::)
	772	FUJITSU_PROC=`uname -m \| tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
	773	FUJITSU_SYS=`uname -p \| tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' \| sed -e 's/\///'`
	774	FUJITSU_REL=`echo ${UNAME_RELEASE} \| sed -e 's/ /_/'`
	775	echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
	776	exit ;;
	777	5000:UNIX_System_V:4.:)
	778	FUJITSU_SYS=`uname -p \| tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' \| sed -e 's/\///'`
	779	FUJITSU_REL=`echo ${UNAME_RELEASE} \| tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' \| sed -e 's/ /_/'`
	780	echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
	781	exit ;;
	782	i86:BSD/386::* \| i86:BSD/OS::* \| :Ascend\ Embedded/OS::*)
	783	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
	784	exit ;;
	785	sparc:BSD/OS::*)
	786	echo sparc-unknown-bsdi${UNAME_RELEASE}
	787	exit ;;
	788	:BSD/OS::*)
	789	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
	790	exit ;;
	791	:FreeBSD::*)
	792	UNAME_PROCESSOR=`/usr/bin/uname -p`
	793	case ${UNAME_PROCESSOR} in
	794	amd64)
	795	echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}\|sed -e 's/[-(].*//'` ;;
	796	*)
	797	echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}\|sed -e 's/[-(].*//'` ;;
	798	esac
	799	exit ;;
	800	i:CYGWIN:*)
	801	echo ${UNAME_MACHINE}-pc-cygwin
	802	exit ;;
	803	:MINGW:*)
	804	echo ${UNAME_MACHINE}-pc-mingw32
	805	exit ;;
	806	i:MSYS:*)
	807	echo ${UNAME_MACHINE}-pc-msys
	808	exit ;;
	809	i:windows32:*)
	810	# uname -m includes "-pc" on this system.
	811	echo ${UNAME_MACHINE}-mingw32
	812	exit ;;
	813	i:PW:*)
	814	echo ${UNAME_MACHINE}-pc-pw32
	815	exit ;;
	816	:Interix:*)
	817	case ${UNAME_MACHINE} in
	818	x86)
	819	echo i586-pc-interix${UNAME_RELEASE}
	820	exit ;;
	821	authenticamd \| genuineintel \| EM64T)
	822	echo x86_64-unknown-interix${UNAME_RELEASE}
	823	exit ;;
	824	IA64)
	825	echo ia64-unknown-interix${UNAME_RELEASE}
	826	exit ;;
	827	esac ;;
	828	[345]86:Windows_95:* \| [345]86:Windows_98:* \| [345]86:Windows_NT:*)
	829	echo i${UNAME_MACHINE}-pc-mks
	830	exit ;;
	831	8664:Windows_NT:*)
	832	echo x86_64-pc-mks
	833	exit ;;
	834	i:Windows_NT:* \| Pentium:Windows_NT:*)
	835	# How do we know it's Interix rather than the generic POSIX subsystem?
	836	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
	837	# UNAME_MACHINE based on the output of uname instead of i386?
	838	echo i586-pc-interix
	839	exit ;;
	840	i:UWIN:*)
	841	echo ${UNAME_MACHINE}-pc-uwin
	842	exit ;;
	843	amd64:CYGWIN::* \| x86_64:CYGWIN::*)
	844	echo x86_64-unknown-cygwin
	845	exit ;;
	846	p:CYGWIN:*)
	847	echo powerpcle-unknown-cygwin
	848	exit ;;
	849	prep:SunOS:5.:*)
	850	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}\|sed -e 's/[^.]*//'`
	851	exit ;;
	852	:GNU::*)
	853	# the GNU system
	854	echo `echo ${UNAME_MACHINE}\|sed -e 's,[-/].$,,'`-unknown-gnu`echo ${UNAME_RELEASE}\|sed -e 's,/.$,,'`
	855	exit ;;
	856	:GNU/::)
	857	# other systems with GNU libc and userland
	858	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} \| sed 's,^[^/]/,,' \| tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}\|sed -e 's/[-(].//'`-gnu
	859	exit ;;
	860	i86:Minix::*)
	861	echo ${UNAME_MACHINE}-pc-minix
	862	exit ;;
	863	aarch64:Linux::)
	864	echo ${UNAME_MACHINE}-unknown-linux-gnu
	865	exit ;;
	866	aarch64_be:Linux::)
	867	UNAME_MACHINE=aarch64_be
	868	echo ${UNAME_MACHINE}-unknown-linux-gnu
	869	exit ;;
	870	alpha:Linux::)
	871	case `sed -n '/^cpu model/s/^.: $.$/\1/p' < /proc/cpuinfo` in
	872	EV5) UNAME_MACHINE=alphaev5 ;;
	873	EV56) UNAME_MACHINE=alphaev56 ;;
	874	PCA56) UNAME_MACHINE=alphapca56 ;;
	875	PCA57) UNAME_MACHINE=alphapca56 ;;
	876	EV6) UNAME_MACHINE=alphaev6 ;;
	877	EV67) UNAME_MACHINE=alphaev67 ;;
	878	EV68*) UNAME_MACHINE=alphaev68 ;;
	879	esac
	880	objdump --private-headers /bin/sh \| grep -q ld.so.1
	881	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
	882	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
	883	exit ;;
	884	arm:Linux::*)
	885	eval $set_cc_for_build
	886	if echo __ARM_EABI__ \| $CC_FOR_BUILD -E - 2>/dev/null \
	887	\| grep -q __ARM_EABI__
	888	then
	889	echo ${UNAME_MACHINE}-unknown-linux-gnu
	890	else
	891	if echo __ARM_PCS_VFP \| $CC_FOR_BUILD -E - 2>/dev/null \
	892	\| grep -q __ARM_PCS_VFP
	893	then
	894	echo ${UNAME_MACHINE}-unknown-linux-gnueabi
	895	else
	896	echo ${UNAME_MACHINE}-unknown-linux-gnueabihf
	897	fi
	898	fi
	899	exit ;;
	900	avr32:Linux::*)
	901	echo ${UNAME_MACHINE}-unknown-linux-gnu
	902	exit ;;
	903	cris:Linux::)
	904	echo ${UNAME_MACHINE}-axis-linux-gnu
	905	exit ;;
	906	crisv32:Linux::)
	907	echo ${UNAME_MACHINE}-axis-linux-gnu
	908	exit ;;
	909	frv:Linux::)
	910	echo ${UNAME_MACHINE}-unknown-linux-gnu
	911	exit ;;
	912	hexagon:Linux::)
	913	echo ${UNAME_MACHINE}-unknown-linux-gnu
	914	exit ;;
	915	i86:Linux::*)
	916	LIBC=gnu
	917	eval $set_cc_for_build
	918	sed 's/^ //' << EOF >$dummy.c
	919	#ifdef __dietlibc__
	920	LIBC=dietlibc
	921	#endif
	922	EOF
	923	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null \| grep '^LIBC'`
	924	echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
	925	exit ;;
	926	ia64:Linux::)
	927	echo ${UNAME_MACHINE}-unknown-linux-gnu
	928	exit ;;
	929	m32r:Linux::*)
	930	echo ${UNAME_MACHINE}-unknown-linux-gnu
	931	exit ;;
	932	m68:Linux::*)
	933	echo ${UNAME_MACHINE}-unknown-linux-gnu
	934	exit ;;
	935	mips:Linux:: \| mips64:Linux::)
	936	eval $set_cc_for_build
	937	sed 's/^ //' << EOF >$dummy.c
	938	#undef CPU
	939	#undef ${UNAME_MACHINE}
	940	#undef ${UNAME_MACHINE}el
	941	#if defined(__MIPSEL__) \|\| defined(__MIPSEL) \|\| defined(_MIPSEL) \|\| defined(MIPSEL)
	942	CPU=${UNAME_MACHINE}el
	943	#else
	944	#if defined(__MIPSEB__) \|\| defined(__MIPSEB) \|\| defined(_MIPSEB) \|\| defined(MIPSEB)
	945	CPU=${UNAME_MACHINE}
	946	#else
	947	CPU=
	948	#endif
	949	#endif
	950	EOF
	951	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null \| grep '^CPU'`
	952	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
	953	;;
	954	or32:Linux::)
	955	echo ${UNAME_MACHINE}-unknown-linux-gnu
	956	exit ;;
	957	padre:Linux::)
	958	echo sparc-unknown-linux-gnu
	959	exit ;;
	960	parisc64:Linux:: \| hppa64:Linux::)
	961	echo hppa64-unknown-linux-gnu
	962	exit ;;
	963	parisc:Linux:: \| hppa:Linux::)
	964	# Look for CPU level
	965	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null \| cut -d' ' -f2` in
	966	PA7*) echo hppa1.1-unknown-linux-gnu ;;
	967	PA8*) echo hppa2.0-unknown-linux-gnu ;;
	968	*) echo hppa-unknown-linux-gnu ;;
	969	esac
	970	exit ;;
	971	ppc64:Linux::)
	972	echo powerpc64-unknown-linux-gnu
	973	exit ;;
	974	ppc:Linux::)
	975	echo powerpc-unknown-linux-gnu
	976	exit ;;
	977	s390:Linux:: \| s390x:Linux::)
	978	echo ${UNAME_MACHINE}-ibm-linux
	979	exit ;;
	980	sh64:Linux::*)
	981	echo ${UNAME_MACHINE}-unknown-linux-gnu
	982	exit ;;
	983	sh:Linux::*)
	984	echo ${UNAME_MACHINE}-unknown-linux-gnu
	985	exit ;;
	986	sparc:Linux:: \| sparc64:Linux::)
	987	echo ${UNAME_MACHINE}-unknown-linux-gnu
	988	exit ;;
	989	tile:Linux::*)
	990	echo ${UNAME_MACHINE}-unknown-linux-gnu
	991	exit ;;
	992	vax:Linux::)
	993	echo ${UNAME_MACHINE}-dec-linux-gnu
	994	exit ;;
	995	x86_64:Linux::)
	996	echo ${UNAME_MACHINE}-unknown-linux-gnu
	997	exit ;;
	998	xtensa:Linux::*)
	999	echo ${UNAME_MACHINE}-unknown-linux-gnu
	1000	exit ;;
	1001	i86:DYNIX/ptx:4:*)
	1002	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
	1003	# earlier versions are messed up and put the nodename in both
	1004	# sysname and nodename.
	1005	echo i386-sequent-sysv4
	1006	exit ;;
	1007	i86:UNIX_SV:4.2MP:2.)
	1008	# Unixware is an offshoot of SVR4, but it has its own version
	1009	# number series starting with 2...
	1010	# I am not positive that other SVR4 systems won't match this,
	1011	# I just have to hope. -- rms.
	1012	# Use sysv4.2uw... so that sysv4* matches it.
	1013	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
	1014	exit ;;
	1015	i86:OS/2::*)
	1016	# If we were able to find `uname', then EMX Unix compatibility
	1017	# is probably installed.
	1018	echo ${UNAME_MACHINE}-pc-os2-emx
	1019	exit ;;
	1020	i86:XTS-300::STOP)
	1021	echo ${UNAME_MACHINE}-unknown-stop
	1022	exit ;;
	1023	i86:atheos::*)
	1024	echo ${UNAME_MACHINE}-unknown-atheos
	1025	exit ;;
	1026	i86:syllable::*)
	1027	echo ${UNAME_MACHINE}-pc-syllable
	1028	exit ;;
	1029	i86:LynxOS:2.:* \| i86:LynxOS:3.[01]:* \| i86:LynxOS:4.[02]:*)
	1030	echo i386-unknown-lynxos${UNAME_RELEASE}
	1031	exit ;;
	1032	i86:DOS::)
	1033	echo ${UNAME_MACHINE}-pc-msdosdjgpp
	1034	exit ;;
	1035	i86::4.: \| i86:SYSTEM_V:4.:*)
	1036	UNAME_REL=`echo ${UNAME_RELEASE} \| sed 's/\/MP$//'`
	1037	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
	1038	echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
	1039	else
	1040	echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
	1041	fi
	1042	exit ;;
	1043	i86::5:[678]*)
	1044	# UnixWare 7.x, OpenUNIX and OpenServer 6.
	1045	case `/bin/uname -X \| grep "^Machine"` in
	1046	486) UNAME_MACHINE=i486 ;;
	1047	*Pentium) UNAME_MACHINE=i586 ;;
	1048	Pent\|*Celeron) UNAME_MACHINE=i686 ;;
	1049	esac
	1050	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
	1051	exit ;;
	1052	i86::3.2:*)
	1053	if test -f /usr/options/cb.name; then
	1054	UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
	1055	echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
	1056	elif /bin/uname -X 2>/dev/null >/dev/null ; then
	1057	UNAME_REL=`(/bin/uname -X\|grep Release\|sed -e 's/.*= //')`
	1058	(/bin/uname -X\|grep i80486 >/dev/null) && UNAME_MACHINE=i486
	1059	(/bin/uname -X\|grep '^Machine.*Pentium' >/dev/null) \
	1060	&& UNAME_MACHINE=i586
	1061	(/bin/uname -X\|grep '^Machine.Pent II' >/dev/null) \
	1062	&& UNAME_MACHINE=i686
	1063	(/bin/uname -X\|grep '^Machine.*Pentium Pro' >/dev/null) \
	1064	&& UNAME_MACHINE=i686
	1065	echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
	1066	else
	1067	echo ${UNAME_MACHINE}-pc-sysv32
	1068	fi
	1069	exit ;;
	1070	pc:::*)
	1071	# Left here for compatibility:
	1072	# uname -m prints for DJGPP always 'pc', but it prints nothing about
	1073	# the processor, so we play safe by assuming i586.
	1074	# Note: whatever this is, it MUST be the same as what config.sub
	1075	# prints for the "djgpp" host, or else GDB configury will decide that
	1076	# this is a cross-build.
	1077	echo i586-pc-msdosdjgpp
	1078	exit ;;
	1079	Intel:Mach:3:)
	1080	echo i386-pc-mach3
	1081	exit ;;
	1082	paragon:::*)
	1083	echo i860-intel-osf1
	1084	exit ;;
	1085	i860::4.:*) # i860-SVR4
	1086	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
	1087	echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
	1088	else # Add other i860-SVR4 vendors below as they are discovered.
	1089	echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
	1090	fi
	1091	exit ;;
	1092	mini:CTIX:SYS5:*)
	1093	# "miniframe"
	1094	echo m68010-convergent-sysv
	1095	exit ;;
	1096	mc68k:UNIX:SYSTEM5:3.51m)
	1097	echo m68k-convergent-sysv
	1098	exit ;;
	1099	M680?0:D-NIX:5.3:*)
	1100	echo m68k-diab-dnix
	1101	exit ;;
	1102	M68::R3V[5678]:)
	1103	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
	1104	3[345]??::4.0:3.0 \| 3[34]??A::4.0:3.0 \| 3[34]??,::4.0:3.0 \| 3[34]??/::4.0:3.0 \| 4400::4.0:3.0 \| 4850::4.0:3.0 \| SKA40::4.0:3.0 \| SDS2::4.0:3.0 \| SHG2::4.0:3.0 \| S7501:*:4.0:3.0)
	1105	OS_REL=''
	1106	test -r /etc/.relid \
	1107	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* $[0-9][0-9]$.*/\1/p' < /etc/.relid`
	1108	/bin/uname -p 2>/dev/null \| grep 86 >/dev/null \
	1109	&& { echo i486-ncr-sysv4.3${OS_REL}; exit; }
	1110	/bin/uname -p 2>/dev/null \| /bin/grep entium >/dev/null \
	1111	&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
	1112	3[34]??::4.0: \| 3[34]??,::4.0:*)
	1113	/bin/uname -p 2>/dev/null \| grep 86 >/dev/null \
	1114	&& { echo i486-ncr-sysv4; exit; } ;;
	1115	NCR::4.2:* \| MPRAS::4.2:*)
	1116	OS_REL='.3'
	1117	test -r /etc/.relid \
	1118	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* $[0-9][0-9]$.*/\1/p' < /etc/.relid`
	1119	/bin/uname -p 2>/dev/null \| grep 86 >/dev/null \
	1120	&& { echo i486-ncr-sysv4.3${OS_REL}; exit; }
	1121	/bin/uname -p 2>/dev/null \| /bin/grep entium >/dev/null \
	1122	&& { echo i586-ncr-sysv4.3${OS_REL}; exit; }
	1123	/bin/uname -p 2>/dev/null \| /bin/grep pteron >/dev/null \
	1124	&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
	1125	m68:LynxOS:2.:* \| m68:LynxOS:3.0:*)
	1126	echo m68k-unknown-lynxos${UNAME_RELEASE}
	1127	exit ;;
	1128	mc68030:UNIX_System_V:4.:)
	1129	echo m68k-atari-sysv4
	1130	exit ;;
	1131	TSUNAMI:LynxOS:2.:)
	1132	echo sparc-unknown-lynxos${UNAME_RELEASE}
	1133	exit ;;
	1134	rs6000:LynxOS:2.:)
	1135	echo rs6000-unknown-lynxos${UNAME_RELEASE}
	1136	exit ;;
	1137	PowerPC:LynxOS:2.: \| PowerPC:LynxOS:3.[01]: \| PowerPC:LynxOS:4.[02]:)
	1138	echo powerpc-unknown-lynxos${UNAME_RELEASE}
	1139	exit ;;
	1140	SM[BE]S:UNIX_SV::)
	1141	echo mips-dde-sysv${UNAME_RELEASE}
	1142	exit ;;
	1143	RM:ReliantUNIX-::)
	1144	echo mips-sni-sysv4
	1145	exit ;;
	1146	RM:SINIX-::)
	1147	echo mips-sni-sysv4
	1148	exit ;;
	1149	:SINIX-::)
	1150	if uname -p 2>/dev/null >/dev/null ; then
	1151	UNAME_MACHINE=`(uname -p) 2>/dev/null`
	1152	echo ${UNAME_MACHINE}-sni-sysv4
	1153	else
	1154	echo ns32k-sni-sysv
	1155	fi
	1156	exit ;;
	1157	PENTIUM::4.0:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
	1158	# says <Richard.M.Bartel@ccMail.Census.GOV>
	1159	echo i586-unisys-sysv4
	1160	exit ;;
	1161	:UNIX_System_V:4:FTX*)
	1162	# From Gerald Hewes <hewes@openmarket.com>.
	1163	# How about differentiating between stratus architectures? -djm
	1164	echo hppa1.1-stratus-sysv4
	1165	exit ;;
	1166	:::FTX)
	1167	# From seanf@swdc.stratus.com.
	1168	echo i860-stratus-sysv4
	1169	exit ;;
	1170	i86:VOS::*)
	1171	# From Paul.Green@stratus.com.
	1172	echo ${UNAME_MACHINE}-stratus-vos
	1173	exit ;;
	1174	:VOS::*)
	1175	# From Paul.Green@stratus.com.
	1176	echo hppa1.1-stratus-vos
	1177	exit ;;
	1178	mc68:A/UX::*)
	1179	echo m68k-apple-aux${UNAME_RELEASE}
	1180	exit ;;
	1181	news:NEWS-OS:6:*)
	1182	echo mips-sony-newsos6
	1183	exit ;;
	1184	R[34]000:System_V:: \| R4000:UNIX_SYSV:: \| R000:UNIX_SV::*)
	1185	if [ -d /usr/nec ]; then
	1186	echo mips-nec-sysv${UNAME_RELEASE}
	1187	else
	1188	echo mips-unknown-sysv${UNAME_RELEASE}
	1189	fi
	1190	exit ;;
	1191	BeBox:BeOS::) # BeOS running on hardware made by Be, PPC only.
	1192	echo powerpc-be-beos
	1193	exit ;;
	1194	BeMac:BeOS::) # BeOS running on Mac or Mac clone, PPC only.
	1195	echo powerpc-apple-beos
	1196	exit ;;
	1197	BePC:BeOS::) # BeOS running on Intel PC compatible.
	1198	echo i586-pc-beos
	1199	exit ;;
	1200	BePC:Haiku::) # Haiku running on Intel PC compatible.
	1201	echo i586-pc-haiku
	1202	exit ;;
	1203	SX-4:SUPER-UX::)
	1204	echo sx4-nec-superux${UNAME_RELEASE}
	1205	exit ;;
	1206	SX-5:SUPER-UX::)
	1207	echo sx5-nec-superux${UNAME_RELEASE}
	1208	exit ;;
	1209	SX-6:SUPER-UX::)
	1210	echo sx6-nec-superux${UNAME_RELEASE}
	1211	exit ;;
	1212	SX-7:SUPER-UX::)
	1213	echo sx7-nec-superux${UNAME_RELEASE}
	1214	exit ;;
	1215	SX-8:SUPER-UX::)
	1216	echo sx8-nec-superux${UNAME_RELEASE}
	1217	exit ;;
	1218	SX-8R:SUPER-UX::)
	1219	echo sx8r-nec-superux${UNAME_RELEASE}
	1220	exit ;;
	1221	Power:Rhapsody::*)
	1222	echo powerpc-apple-rhapsody${UNAME_RELEASE}
	1223	exit ;;
	1224	:Rhapsody::*)
	1225	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
	1226	exit ;;
	1227	:Darwin::*)
	1228	UNAME_PROCESSOR=`uname -p` \|\| UNAME_PROCESSOR=unknown
	1229	case $UNAME_PROCESSOR in
	1230	i386)
	1231	eval $set_cc_for_build
	1232	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
	1233	if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') \| \
	1234	(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) \| \
	1235	grep IS_64BIT_ARCH >/dev/null
	1236	then
	1237	UNAME_PROCESSOR="x86_64"
	1238	fi
	1239	fi ;;
	1240	unknown) UNAME_PROCESSOR=powerpc ;;
	1241	esac
	1242	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
	1243	exit ;;
	1244	:procnto:: \| :QNX:[0123456789]:*)
	1245	UNAME_PROCESSOR=`uname -p`
	1246	if test "$UNAME_PROCESSOR" = "x86"; then
	1247	UNAME_PROCESSOR=i386
	1248	UNAME_MACHINE=pc
	1249	fi
	1250	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
	1251	exit ;;
	1252	:QNX::4*)
	1253	echo i386-pc-qnx
	1254	exit ;;
	1255	NEO-?:NONSTOP_KERNEL::)
	1256	echo neo-tandem-nsk${UNAME_RELEASE}
	1257	exit ;;
	1258	NSE-:NONSTOP_KERNEL::*)
	1259	echo nse-tandem-nsk${UNAME_RELEASE}
	1260	exit ;;
	1261	NSR-?:NONSTOP_KERNEL::)
	1262	echo nsr-tandem-nsk${UNAME_RELEASE}
	1263	exit ;;
	1264	:NonStop-UX::*)
	1265	echo mips-compaq-nonstopux
	1266	exit ;;
	1267	BS2000:POSIX::*)
	1268	echo bs2000-siemens-sysv
	1269	exit ;;
	1270	DS/:UNIX_System_V::*)
	1271	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
	1272	exit ;;
	1273	:Plan9::*)
	1274	# "uname -m" is not consistent, so use $cputype instead. 386
	1275	# is converted to i386 for consistency with other x86
	1276	# operating systems.
	1277	if test "$cputype" = "386"; then
	1278	UNAME_MACHINE=i386
	1279	else
	1280	UNAME_MACHINE="$cputype"
	1281	fi
	1282	echo ${UNAME_MACHINE}-unknown-plan9
	1283	exit ;;
	1284	:TOPS-10::*)
	1285	echo pdp10-unknown-tops10
	1286	exit ;;
	1287	:TENEX::*)
	1288	echo pdp10-unknown-tenex
	1289	exit ;;
	1290	KS10:TOPS-20:: \| KL10:TOPS-20:: \| TYPE4:TOPS-20::)
	1291	echo pdp10-dec-tops20
	1292	exit ;;
	1293	XKL-1:TOPS-20:: \| TYPE5:TOPS-20::)
	1294	echo pdp10-xkl-tops20
	1295	exit ;;
	1296	:TOPS-20::*)
	1297	echo pdp10-unknown-tops20
	1298	exit ;;
	1299	:ITS::*)
	1300	echo pdp10-unknown-its
	1301	exit ;;
	1302	SEI:::SEIUX)
	1303	echo mips-sei-seiux${UNAME_RELEASE}
	1304	exit ;;
	1305	:DragonFly::*)
	1306	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}\|sed -e 's/[-(].*//'`
	1307	exit ;;
	1308	:VMS::)
	1309	UNAME_MACHINE=`(uname -p) 2>/dev/null`
	1310	case "${UNAME_MACHINE}" in
	1311	A*) echo alpha-dec-vms ; exit ;;
	1312	I*) echo ia64-dec-vms ; exit ;;
	1313	V*) echo vax-dec-vms ; exit ;;
	1314	esac ;;
	1315	:XENIX::SysV)
	1316	echo i386-pc-xenix
	1317	exit ;;
	1318	i86:skyos::*)
	1319	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` \| sed -e 's/ .*$//'
	1320	exit ;;
	1321	i86:rdos::*)
	1322	echo ${UNAME_MACHINE}-pc-rdos
	1323	exit ;;
	1324	i86:AROS::*)
	1325	echo ${UNAME_MACHINE}-pc-aros
	1326	exit ;;
	1327	x86_64:VMkernel::)
	1328	echo ${UNAME_MACHINE}-unknown-esx
	1329	exit ;;
	1330	esac
	1331
	1332	#echo '(No uname command or uname output not recognized.)' 1>&2
	1333	#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
	1334
	1335	eval $set_cc_for_build
	1336	cat >$dummy.c <<EOF
	1337	#ifdef _SEQUENT_
	1338	# include <sys/types.h>
	1339	# include <sys/utsname.h>
	1340	#endif
	1341	main ()
	1342	{
	1343	#if defined (sony)
	1344	#if defined (MIPSEB)
	1345	/* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed,
	1346	I don't know.... */
	1347	printf ("mips-sony-bsd\n"); exit (0);
	1348	#else
	1349	#include <sys/param.h>
	1350	printf ("m68k-sony-newsos%s\n",
	1351	#ifdef NEWSOS4
	1352	"4"
	1353	#else
	1354	""
	1355	#endif
	1356	); exit (0);
	1357	#endif
	1358	#endif
	1359
	1360	#if defined (__arm) && defined (__acorn) && defined (__unix)
	1361	printf ("arm-acorn-riscix\n"); exit (0);
	1362	#endif
	1363
	1364	#if defined (hp300) && !defined (hpux)
	1365	printf ("m68k-hp-bsd\n"); exit (0);
	1366	#endif
	1367
	1368	#if defined (NeXT)
	1369	#if !defined (__ARCHITECTURE__)
	1370	#define __ARCHITECTURE__ "m68k"
	1371	#endif
	1372	int version;
	1373	version=`(hostinfo \| sed -n 's/.NeXT Mach $[0-9]$.*/\1/p') 2>/dev/null`;
	1374	if (version < 4)
	1375	printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
	1376	else
	1377	printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
	1378	exit (0);
	1379	#endif
	1380
	1381	#if defined (MULTIMAX) \|\| defined (n16)
	1382	#if defined (UMAXV)
	1383	printf ("ns32k-encore-sysv\n"); exit (0);
	1384	#else
	1385	#if defined (CMU)
	1386	printf ("ns32k-encore-mach\n"); exit (0);
	1387	#else
	1388	printf ("ns32k-encore-bsd\n"); exit (0);
	1389	#endif
	1390	#endif
	1391	#endif
	1392
	1393	#if defined (__386BSD__)
	1394	printf ("i386-pc-bsd\n"); exit (0);
	1395	#endif
	1396
	1397	#if defined (sequent)
	1398	#if defined (i386)
	1399	printf ("i386-sequent-dynix\n"); exit (0);
	1400	#endif
	1401	#if defined (ns32000)
	1402	printf ("ns32k-sequent-dynix\n"); exit (0);
	1403	#endif
	1404	#endif
	1405
	1406	#if defined (_SEQUENT_)
	1407	struct utsname un;
	1408
	1409	uname(&un);
	1410
	1411	if (strncmp(un.version, "V2", 2) == 0) {
	1412	printf ("i386-sequent-ptx2\n"); exit (0);
	1413	}
	1414	if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
	1415	printf ("i386-sequent-ptx1\n"); exit (0);
	1416	}
	1417	printf ("i386-sequent-ptx\n"); exit (0);
	1418
	1419	#endif
	1420
	1421	#if defined (vax)
	1422	# if !defined (ultrix)
	1423	# include <sys/param.h>
	1424	# if defined (BSD)
	1425	# if BSD == 43
	1426	printf ("vax-dec-bsd4.3\n"); exit (0);
	1427	# else
	1428	# if BSD == 199006
	1429	printf ("vax-dec-bsd4.3reno\n"); exit (0);
	1430	# else
	1431	printf ("vax-dec-bsd\n"); exit (0);
	1432	# endif
	1433	# endif
	1434	# else
	1435	printf ("vax-dec-bsd\n"); exit (0);
	1436	# endif
	1437	# else
	1438	printf ("vax-dec-ultrix\n"); exit (0);
	1439	# endif
	1440	#endif
	1441
	1442	#if defined (alliant) && defined (i860)
	1443	printf ("i860-alliant-bsd\n"); exit (0);
	1444	#endif
	1445
	1446	exit (1);
	1447	}
	1448	EOF
	1449
	1450	$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
	1451	{ echo "$SYSTEM_NAME"; exit; }
	1452
	1453	# Apollos put the system type in the environment.
	1454
	1455	test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
	1456
	1457	# Convex versions that predate uname can use getsysinfo(1)
	1458
	1459	if [ -x /usr/convex/getsysinfo ]
	1460	then
	1461	case `getsysinfo -f cpu_type` in
	1462	c1*)
	1463	echo c1-convex-bsd
	1464	exit ;;
	1465	c2*)
	1466	if getsysinfo -f scalar_acc
	1467	then echo c32-convex-bsd
	1468	else echo c2-convex-bsd
	1469	fi
	1470	exit ;;
	1471	c34*)
	1472	echo c34-convex-bsd
	1473	exit ;;
	1474	c38*)
	1475	echo c38-convex-bsd
	1476	exit ;;
	1477	c4*)
	1478	echo c4-convex-bsd
	1479	exit ;;
	1480	esac
	1481	fi
	1482
	1483	cat >&2 <<EOF
	1484	$0: unable to guess system type
	1485
	1486	This script, last modified $timestamp, has failed to recognize
	1487	the operating system you are using. It is advised that you
	1488	download the most up to date version of the config scripts from
	1489
	1490	http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
	1491	and
	1492	http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
	1493
	1494	If the version you run ($0) is already up to date, please
	1495	send the following data and any information you think might be
	1496	pertinent to <config-patches@gnu.org> in order to provide the needed
	1497	information to handle your system.
	1498
	1499	config.guess timestamp = $timestamp
	1500
	1501	uname -m = `(uname -m) 2>/dev/null \|\| echo unknown`
	1502	uname -r = `(uname -r) 2>/dev/null \|\| echo unknown`
	1503	uname -s = `(uname -s) 2>/dev/null \|\| echo unknown`
	1504	uname -v = `(uname -v) 2>/dev/null \|\| echo unknown`
	1505
	1506	/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
	1507	/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
	1508
	1509	hostinfo = `(hostinfo) 2>/dev/null`
	1510	/bin/universe = `(/bin/universe) 2>/dev/null`
	1511	/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
	1512	/bin/arch = `(/bin/arch) 2>/dev/null`
	1513	/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
	1514	/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
	1515
	1516	UNAME_MACHINE = ${UNAME_MACHINE}
	1517	UNAME_RELEASE = ${UNAME_RELEASE}
	1518	UNAME_SYSTEM = ${UNAME_SYSTEM}
	1519	UNAME_VERSION = ${UNAME_VERSION}
	1520	EOF
	1521
	1522	exit 1
	1523
	1524	# Local variables:
	1525	# eval: (add-hook 'write-file-hooks 'time-stamp)
	1526	# time-stamp-start: "timestamp='"
	1527	# time-stamp-format: "%:y-%02m-%02d"
	1528	# time-stamp-end: "'"
	1529	# End:

+67

-13

configure less more

0	0	#! /bin/sh
1	1	# Guess values for system-dependent variables and create Makefiles.
2		# Generated by GNU Autoconf 2.69 for realmd 0.8.
	2	# Generated by GNU Autoconf 2.69 for realmd 0.9.
3	3	#
4	4	# Report bugs to <http://bugs.freedesktop.org/enter_bug.cgi?product=realmd>.
5	5	#

580	580	# Identity of this package.
581	581	PACKAGE_NAME='realmd'
582	582	PACKAGE_TARNAME='realmd'
583		PACKAGE_VERSION='0.8'
584		PACKAGE_STRING='realmd 0.8'
	583	PACKAGE_VERSION='0.9'
	584	PACKAGE_STRING='realmd 0.9'
585	585	PACKAGE_BUGREPORT='http://bugs.freedesktop.org/enter_bug.cgi?product=realmd'
586	586	PACKAGE_URL=''
587	587

645	645	POLKIT_CFLAGS
646	646	PACKAGEKIT_LIBS
647	647	PACKAGEKIT_CFLAGS
	648	XSLTPROC
648	649	GTK_DOC_USE_REBASE_FALSE
649	650	GTK_DOC_USE_REBASE_TRUE
650	651	GTK_DOC_USE_LIBTOOL_FALSE

1383	1384	# Omit some internal or obsolete options to make the list less imposing.
1384	1385	# This message is too long to be a string in the A/UX 3.1 sh.
1385	1386	cat <<_ACEOF
1386		\`configure' configures realmd 0.8 to adapt to many kinds of systems.
	1387	\`configure' configures realmd 0.9 to adapt to many kinds of systems.
1387	1388
1388	1389	Usage: $0 [OPTION]... [VAR=VALUE]...
1389	1390

1449	1450
1450	1451	if test -n "$ac_init_help"; then
1451	1452	case $ac_init_help in
1452		short \| recursive ) echo "Configuration of realmd 0.8:";;
	1453	short \| recursive ) echo "Configuration of realmd 0.9:";;
1453	1454	esac
1454	1455	cat <<\_ACEOF
1455	1456

1580	1581	test -n "$ac_init_help" && exit $ac_status
1581	1582	if $ac_init_version; then
1582	1583	cat <<\_ACEOF
1583		realmd configure 0.8
	1584	realmd configure 0.9
1584	1585	generated by GNU Autoconf 2.69
1585	1586
1586	1587	Copyright (C) 2012 Free Software Foundation, Inc.

1949	1950	This file contains any messages produced by compilers while
1950	1951	running configure, to aid debugging if configure makes a mistake.
1951	1952
1952		It was created by realmd $as_me 0.8, which was
	1953	It was created by realmd $as_me 0.9, which was
1953	1954	generated by GNU Autoconf 2.69. Invocation command line was
1954	1955
1955	1956	$ $0 $@

2777	2778
2778	2779	# Define the identity of the package.
2779	2780	PACKAGE='realmd'
2780		VERSION='0.8'
	2781	VERSION='0.9'
2781	2782
2782	2783
2783	2784	cat >>confdefs.h <<_ACEOF

7553	7554
7554	7555
7555	7556
	7557	# Extract the first word of "xsltproc", so it can be a program name with args.
	7558	set dummy xsltproc; ac_word=$2
	7559	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
	7560	$as_echo_n "checking for $ac_word... " >&6; }
	7561	if ${ac_cv_path_XSLTPROC+:} false; then :
	7562	$as_echo_n "(cached) " >&6
	7563	else
	7564	case $XSLTPROC in
	7565	[\\/]* \| ?:[\\/]*)
	7566	ac_cv_path_XSLTPROC="$XSLTPROC" # Let the user override the test with a path.
	7567	;;
	7568	*)
	7569	as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
	7570	for as_dir in $PATH
	7571	do
	7572	IFS=$as_save_IFS
	7573	test -z "$as_dir" && as_dir=.
	7574	for ac_exec_ext in '' $ac_executable_extensions; do
	7575	if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
	7576	ac_cv_path_XSLTPROC="$as_dir/$ac_word$ac_exec_ext"
	7577	$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
	7578	break 2
	7579	fi
	7580	done
	7581	done
	7582	IFS=$as_save_IFS
	7583
	7584	;;
	7585	esac
	7586	fi
	7587	XSLTPROC=$ac_cv_path_XSLTPROC
	7588	if test -n "$XSLTPROC"; then
	7589	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $XSLTPROC" >&5
	7590	$as_echo "$XSLTPROC" >&6; }
	7591	else
	7592	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
	7593	$as_echo "no" >&6; }
	7594	fi
	7595
	7596
	7597	if test x$XSLTPROC = x; then
	7598	as_fn_error $? "xsltproc is required to build documentation" "$LINENO" 5
	7599	fi
	7600
7556	7601	# --------------------------------------------------------------------
7557	7602	# PackageKit
7558	7603

7826	7871	# -------------------------------------------------------------------
7827	7872	# LDAP
7828	7873
7829		LDAP_LIBS=""
7830
7831	7874	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_search in -lldap" >&5
7832	7875	$as_echo_n "checking for ldap_search in -lldap... " >&6; }
7833	7876	if ${ac_cv_lib_ldap_ldap_search+:} false; then :

7871	7914
7872	7915	LIBS="-lldap $LIBS"
7873	7916
	7917	else
	7918	ldap_invalid=yes
7874	7919	fi
7875	7920
7876	7921	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ber_pvt_opt_on in -llber" >&5

7916	7961
7917	7962	LIBS="-llber $LIBS"
7918	7963
	7964	else
	7965	ldap_invalid=yes
7919	7966	fi
7920	7967
7921	7968	for ac_header in ldap.h

7926	7973	#define HAVE_LDAP_H 1
7927	7974	_ACEOF
7928	7975
	7976	else
	7977	ldap_invalid=yes
7929	7978	fi
7930	7979
7931	7980	done
7932	7981
	7982
	7983	if test "$ldap_invalid" = "yes"; then
	7984	as_fn_error $? "\"Couldn't find OpenLDAP headers or libraries\"" "$LINENO" 5
	7985	fi
	7986
	7987	LDAP_LIBS=""
7933	7988	{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for res_query in -lresolv" >&5
7934	7989	$as_echo_n "checking for res_query in -lresolv... " >&6; }
7935	7990	if ${ac_cv_lib_resolv_res_query+:} false; then :

7969	8024	if test "x$ac_cv_lib_resolv_res_query" = xyes; then :
7970	8025	LDAP_LIBS="-lresolv"
7971	8026	fi
7972
7973	8027
7974	8028	LDAP_LIBS="$LDAP_LIBS -lldap -llber"
7975	8029	LDAP_CFLAGS=""

8873	8927	# report actual input values of CONFIG_FILES etc. instead of their
8874	8928	# values after options handling.
8875	8929	ac_log="
8876		This file was extended by realmd $as_me 0.8, which was
	8930	This file was extended by realmd $as_me 0.9, which was
8877	8931	generated by GNU Autoconf 2.69. Invocation command line was
8878	8932
8879	8933	CONFIG_FILES = $CONFIG_FILES

8939	8993	cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1
8940	8994	ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
8941	8995	ac_cs_version="\\
8942		realmd config.status 0.8
	8996	realmd config.status 0.9
8943	8997	configured by $0, generated by GNU Autoconf 2.69,
8944	8998	with options \\"\$ac_cs_config\\"
8945	8999

+14

-6

configure.ac less more

0	0	AC_PREREQ(2.63)
1	1
2		AC_INIT([realmd], [0.8],
	2	AC_INIT([realmd], [0.9],
3	3	[http://bugs.freedesktop.org/enter_bug.cgi?product=realmd],
4	4	[realmd])
5	5

69	69
70	70	GTK_DOC_CHECK(1.9)
71	71
	72	AC_PATH_PROG([XSLTPROC], [xsltproc])
	73	if test x$XSLTPROC = x; then
	74	AC_MSG_ERROR([xsltproc is required to build documentation])
	75	fi
	76
72	77	# --------------------------------------------------------------------
73	78	# PackageKit
74	79

123	128	# -------------------------------------------------------------------
124	129	# LDAP
125	130
	131	AC_CHECK_LIB(ldap, ldap_search, , [ldap_invalid=yes])
	132	AC_CHECK_LIB(lber, ber_pvt_opt_on, , [ldap_invalid=yes])
	133	AC_CHECK_HEADERS([ldap.h], , [ldap_invalid=yes])
	134
	135	if test "$ldap_invalid" = "yes"; then
	136	AC_MSG_ERROR(["Couldn't find OpenLDAP headers or libraries"])
	137	fi
	138
126	139	LDAP_LIBS=""
127
128		AC_CHECK_LIB(ldap, ldap_search)
129		AC_CHECK_LIB(lber, ber_pvt_opt_on)
130		AC_CHECK_HEADERS(ldap.h)
131	140	AC_CHECK_LIB(resolv, res_query, LDAP_LIBS="-lresolv")
132
133	141	LDAP_LIBS="$LDAP_LIBS -lldap -llber"
134	142	LDAP_CFLAGS=""
135	143

-0

dbus/Makefile.in less more

250	250	USE_NLS = @USE_NLS@
251	251	VERSION = @VERSION@
252	252	XGETTEXT = @XGETTEXT@
	253	XSLTPROC = @XSLTPROC@
253	254	abs_builddir = @abs_builddir@
254	255	abs_srcdir = @abs_srcdir@
255	256	abs_top_builddir = @abs_top_builddir@

+31

-2

doc/Makefile.am less more

0	0	abs_top_builddir = @abs_top_builddir@
	1
	2	NULL =
1	3
2	4	# We require automake 1.6 at least.
3	5	AUTOMAKE_OPTIONS = 1.6

30	32
31	33	# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE).
32	34	# e.g. content_files=running.sgml building.sgml changes-2.0.sgml
33		content_files= $(DBUS_GENERATED) $(DBUS_ESCAPED)
	35	content_files= \
	36	$(DBUS_GENERATED) \
	37	$(DBUS_ESCAPED) \
	38	html.css \
	39	realm.xml \
	40	realmd-guide-active-directory.xml \
	41	realmd-guide-configuring.xml \
	42	realmd-guide-freeipa.xml \
	43	realmd-guide-kerberos.xml \
	44	$(NULL)
34	45
35	46	# SGML files where gtk-doc abbrevations (#GtkWidget) are expanded
36	47	# These files must be listed here and in content_files

40	51	# This includes the standard gtk-doc make rules, copied by gtkdocize.
41	52	include $(top_srcdir)/gtk-doc.make
42	53
	54	XSLTPROC_FLAGS = \
	55	--nonet \
	56	--stringparam man.output.quietly 1 \
	57	--stringparam funcsynopsis.style ansi \
	58	--stringparam man.th.extra1.suppress 1 \
	59	--stringparam man.authors.section.enabled 0 \
	60	--stringparam man.copyright.section.enabled 0
	61
	62	.xml.8:
	63	$(AM_V_GEN) $(XSLTPROC) $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
	64
	65	man_MANS = \
	66	realm.8
	67
	68	xml_files = $(man_MANS:.8=.xml)
	69
43	70	EXTRA_DIST += \
44	71	$(DBUS_GENERATED) \
45	72	$(DBUS_ESCAPED) \
	73	$(xml_files) \
46	74	escape-xml-to-text.xsl \
47	75	version.xml.in \
48	76	version.xml \

51	79	CLEANFILES += \
52	80	$(DBUS_GENERATED) \
53	81	$(DBUS_ESCAPED) \
	82	$(man_MANS) \
54	83	style.stamp
55	84
56	85	noinst_DATA = style.stamp

65	94	--generate-docbook realmd $<
66	95
67	96	$(DBUS_ESCAPED): $(DBUS_INTERFACE) $(srcdir)/escape-xml-to-text.xsl
68		$(AM_V_GEN) xsltproc --nonet --novalid --output $(DBUS_ESCAPED) \
	97	$(AM_V_GEN) $(XSLTPROC) --nonet --novalid --output $(DBUS_ESCAPED) \
69	98	$(srcdir)/escape-xml-to-text.xsl $(DBUS_INTERFACE)
70	99	@sed -i '/^[ ]*$$/d' $(DBUS_ESCAPED)

+135

-15

doc/Makefile.in less more

84	84	n\|no\|NO) false;; \
85	85	*) (install-info --version) >/dev/null 2>&1;; \
86	86	esac
	87	am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" \| sed 's\|.\|.\|g'`;
	88	am__vpath_adj = case $$p in \
	89	$(srcdir)/*) f=`echo "$$p" \| sed "s\|^$$srcdirstrip/\|\|"`;; \
	90	*) f=$$p;; \
	91	esac;
	92	am__strip_dir = f=`echo $$p \| sed -e 's\|^.*/\|\|'`;
	93	am__install_max = 40
	94	am__nobase_strip_setup = \
	95	srcdirstrip=`echo "$(srcdir)" \| sed 's/[].[^$$\\*\|]/\\\\&/g'`
	96	am__nobase_strip = \
	97	for p in $$list; do echo "$$p"; done \| sed -e "s\|$$srcdirstrip/\|\|"
	98	am__nobase_list = $(am__nobase_strip_setup); \
	99	for p in $$list; do echo "$$p $$p"; done \| \
	100	sed "s\| $$srcdirstrip/\| \|;"' / .\//!s/ ./ ./; s,$ .$/[^/]$$,\1,' \| \
	101	$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
	102	if (++n[$$2] == $(am__install_max)) \
	103	{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
	104	END { for (dir in files) print dir, files[dir] }'
	105	am__base_list = \
	106	sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' \| \
	107	sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
	108	am__uninstall_files_from_dir = { \
	109	test -z "$$files" \
	110	\|\| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
	111	\|\| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
	112	$(am__cd) "$$dir" && rm -f $$files; }; \
	113	}
	114	man8dir = $(mandir)/man8
	115	am__installdirs = "$(DESTDIR)$(man8dir)"
	116	NROFF = nroff
	117	MANS = $(man_MANS)
87	118	DATA = $(noinst_DATA)
88	119	DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
89	120	ACLOCAL = @ACLOCAL@

189	220	USE_NLS = @USE_NLS@
190	221	VERSION = @VERSION@
191	222	XGETTEXT = @XGETTEXT@
	223	XSLTPROC = @XSLTPROC@
192	224	abs_builddir = @abs_builddir@
193	225	abs_srcdir = @abs_srcdir@
194	226	abs_top_builddir = @abs_top_builddir@

234	266	top_build_prefix = @top_build_prefix@
235	267	top_builddir = @top_builddir@
236	268	top_srcdir = @top_srcdir@
	269	NULL =
237	270
238	271	# We require automake 1.6 at least.
239	272	AUTOMAKE_OPTIONS = 1.6

265	298
266	299	# Extra SGML files that are included by $(DOC_MAIN_SGML_FILE).
267	300	# e.g. content_files=running.sgml building.sgml changes-2.0.sgml
268		content_files = $(DBUS_GENERATED) $(DBUS_ESCAPED)
	301	content_files = \
	302	$(DBUS_GENERATED) \
	303	$(DBUS_ESCAPED) \
	304	html.css \
	305	realm.xml \
	306	realmd-guide-active-directory.xml \
	307	realmd-guide-configuring.xml \
	308	realmd-guide-freeipa.xml \
	309	realmd-guide-kerberos.xml \
	310	$(NULL)
	311
269	312
270	313	# SGML files where gtk-doc abbrevations (#GtkWidget) are expanded
271	314	# These files must be listed here and in content_files

291	334	$(DOC_MODULE)-sections.txt \
292	335	$(DOC_MODULE)-overrides.txt
293	336
294
295		# This includes the standard gtk-doc make rules, copied by gtkdocize.
296	337	EXTRA_DIST = $(HTML_IMAGES) $(SETUP_FILES) $(DBUS_GENERATED) \
297		$(DBUS_ESCAPED) escape-xml-to-text.xsl version.xml.in \
298		version.xml html.css
	338	$(DBUS_ESCAPED) $(xml_files) escape-xml-to-text.xsl \
	339	version.xml.in version.xml html.css
299	340	DOC_STAMPS = setup-build.stamp scan-build.stamp tmpl-build.stamp sgml-build.stamp \
300	341	html-build.stamp pdf-build.stamp \
301	342	tmpl.stamp sgml.stamp html.stamp pdf.stamp

313	354	$(DOC_MODULE)-unused.txt
314	355
315	356	CLEANFILES = $(SCANOBJ_FILES) $(REPORT_FILES) $(DOC_STAMPS) \
316		$(DBUS_GENERATED) $(DBUS_ESCAPED) style.stamp
	357	$(DBUS_GENERATED) $(DBUS_ESCAPED) $(man_MANS) style.stamp
317	358	@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_HTML_FALSE@HTML_BUILD_STAMP =
318	359	@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_HTML_TRUE@HTML_BUILD_STAMP = html-build.stamp
319	360	@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_PDF_FALSE@PDF_BUILD_STAMP =
320	361	@ENABLE_GTK_DOC_TRUE@@GTK_DOC_BUILD_PDF_TRUE@PDF_BUILD_STAMP = pdf-build.stamp
	362
	363	# This includes the standard gtk-doc make rules, copied by gtkdocize.
	364	XSLTPROC_FLAGS = \
	365	--nonet \
	366	--stringparam man.output.quietly 1 \
	367	--stringparam funcsynopsis.style ansi \
	368	--stringparam man.th.extra1.suppress 1 \
	369	--stringparam man.authors.section.enabled 0 \
	370	--stringparam man.copyright.section.enabled 0
	371
	372	man_MANS = \
	373	realm.8
	374
	375	xml_files = $(man_MANS:.8=.xml)
321	376	noinst_DATA = style.stamp
322	377	all: all-am
323	378
324	379	.SUFFIXES:
	380	.SUFFIXES: .8 .xml
325	381	$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(top_srcdir)/gtk-doc.make $(am__configure_deps)
326	382	@for dep in $?; do \
327	383	case '$(am__configure_deps)' in \

355	411	$(am__aclocal_m4_deps):
356	412	version.xml: $(top_builddir)/config.status $(srcdir)/version.xml.in
357	413	cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
	414	install-man8: $(man_MANS)
	415	@$(NORMAL_INSTALL)
	416	@list1=''; \
	417	list2='$(man_MANS)'; \
	418	test -n "$(man8dir)" \
	419	&& test -n "`echo $$list1$$list2`" \
	420	\|\| exit 0; \
	421	echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
	422	$(MKDIR_P) "$(DESTDIR)$(man8dir)" \|\| exit 1; \
	423	{ for i in $$list1; do echo "$$i"; done; \
	424	if test -n "$$list2"; then \
	425	for i in $$list2; do echo "$$i"; done \
	426	\| sed -n '/\.8[a-z]*$$/p'; \
	427	fi; \
	428	} \| while read p; do \
	429	if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
	430	echo "$$d$$p"; echo "$$p"; \
	431	done \| \
	432	sed -e 'n;s,./,,;p;h;s,.\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
	433	-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' \| \
	434	sed 'N;N;s,\n, ,g' \| { \
	435	list=; while read file base inst; do \
	436	if test "$$base" = "$$inst"; then list="$$list $$file"; else \
	437	echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
	438	$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" \|\| exit $$?; \
	439	fi; \
	440	done; \
	441	for i in $$list; do echo "$$i"; done \| $(am__base_list) \| \
	442	while read files; do \
	443	test -z "$$files" \|\| { \
	444	echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
	445	$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" \|\| exit $$?; }; \
	446	done; }
	447
	448	uninstall-man8:
	449	@$(NORMAL_UNINSTALL)
	450	@list=''; test -n "$(man8dir)" \|\| exit 0; \
	451	files=`{ for i in $$list; do echo "$$i"; done; \
	452	l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done \| \
	453	sed -n '/\.8[a-z]*$$/p'; \
	454	} \| sed -e 's,./,,;h;s,.\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
	455	-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
	456	dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
358	457	tags: TAGS
359	458	TAGS:
360	459

365	464
366	465
367	466	distdir: $(DISTFILES)
	467	@list='$(MANS)'; if test -n "$$list"; then \
	468	list=`for p in $$list; do \
	469	if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
	470	if test -f "$$d$$p"; then echo "$$d$$p"; else :; fi; done`; \
	471	if test -n "$$list" && \
	472	grep 'ab help2man is required to generate this page' $$list >/dev/null; then \
	473	echo "error: found man pages containing the 'missing help2man' replacement text:" >&2; \
	474	grep -l 'ab help2man is required to generate this page' $$list \| sed 's/^/ /' >&2; \
	475	echo " to fix them, install help2man, remove and regenerate the man pages;" >&2; \
	476	echo " typically 'make maintainer-clean' will remove them" >&2; \
	477	exit 1; \
	478	else :; fi; \
	479	else :; fi
368	480	@srcdirstrip=`echo "$(srcdir)" \| sed 's/[].[^$$\\*]/\\\\&/g'`; \
369	481	topsrcdirstrip=`echo "$(top_srcdir)" \| sed 's/[].[^$$\\*]/\\\\&/g'`; \
370	482	list='$(DISTFILES)'; \

399	511	dist-hook
400	512	check-am: all-am
401	513	check: check-am
402		all-am: Makefile $(DATA) all-local
	514	all-am: Makefile $(MANS) $(DATA) all-local
403	515	installdirs:
	516	for dir in "$(DESTDIR)$(man8dir)"; do \
	517	test -z "$$dir" \|\| $(MKDIR_P) "$$dir"; \
	518	done
404	519	install: install-am
405	520	install-exec: install-exec-am
406	521	install-data: install-data-am

452	567
453	568	info-am:
454	569
455		install-data-am: install-data-local
	570	install-data-am: install-data-local install-man
456	571
457	572	install-dvi: install-dvi-am
458	573

468	583
469	584	install-info-am:
470	585
471		install-man:
	586	install-man: install-man8
472	587
473	588	install-pdf: install-pdf-am
474	589

497	612
498	613	ps-am:
499	614
500		uninstall-am: uninstall-local
	615	uninstall-am: uninstall-local uninstall-man
	616
	617	uninstall-man: uninstall-man8
501	618
502	619	.MAKE: install-am install-strip
503	620

507	624	install install-am install-data install-data-am \
508	625	install-data-local install-dvi install-dvi-am install-exec \
509	626	install-exec-am install-html install-html-am install-info \
510		install-info-am install-man install-pdf install-pdf-am \
511		install-ps install-ps-am install-strip installcheck \
512		installcheck-am installdirs maintainer-clean \
	627	install-info-am install-man install-man8 install-pdf \
	628	install-pdf-am install-ps install-ps-am install-strip \
	629	installcheck installcheck-am installdirs maintainer-clean \
513	630	maintainer-clean-generic maintainer-clean-local mostlyclean \
514	631	mostlyclean-generic pdf pdf-am ps ps-am uninstall uninstall-am \
515		uninstall-local
	632	uninstall-local uninstall-man uninstall-man8
516	633
517	634
518	635	@ENABLE_GTK_DOC_TRUE@all-local: $(HTML_BUILD_STAMP) $(PDF_BUILD_STAMP)

726	843
727	844	.PHONY : dist-hook-local docs
728	845
	846	.xml.8:
	847	$(AM_V_GEN) $(XSLTPROC) $(XSLTPROC_FLAGS) http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
	848
729	849	style.stamp: html.css html-build.stamp
730	850	@cp $(srcdir)/html.css $(builddir)/html/html.css
731	851	@sed -i 's/href="style.css"/href="html.css"/' $(builddir)/html/*.html

736	856	--generate-docbook realmd $<
737	857
738	858	$(DBUS_ESCAPED): $(DBUS_INTERFACE) $(srcdir)/escape-xml-to-text.xsl
739		$(AM_V_GEN) xsltproc --nonet --novalid --output $(DBUS_ESCAPED) \
	859	$(AM_V_GEN) $(XSLTPROC) --nonet --novalid --output $(DBUS_ESCAPED) \
740	860	$(srcdir)/escape-xml-to-text.xsl $(DBUS_INTERFACE)
741	861	@sed -i '/^[ ]*$$/d' $(DBUS_ESCAPED)
742	862

-5

doc/html/dbus-interface-raw.html less more

4	4	<title>Raw DBus Interfaces</title>
5	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
6	6	<link rel="home" href="index.html" title="realmd">
7		<link rel="up" href="index.html" title="realmd">
	7	<link rel="up" href="development.html" title="Part II. Developer Reference">
8	8	<link rel="prev" href="gdbus-org.freedesktop.realmd.Service.html" title="org.freedesktop.realmd.Service">
9	9	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
10	10	<link rel="stylesheet" href="html.css" type="text/css">

12	12	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
13	13	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
14	14	<td><a accesskey="p" href="gdbus-org.freedesktop.realmd.Service.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
15		<td> </td>
	15	<td><a accesskey="u" href="development.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
16	16	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
17	17	<th width="100%" align="center">realmd</th>
18	18	<td> </td>
19	19	</tr></table>
20	20	<div class="chapter">
21		<div class="titlepage"><div><div><h1 class="title">
22		<a name="dbus-interface-raw"></a>Raw DBus Interfaces</h1></div></div></div>
	21	<div class="titlepage"><div><div><h2 class="title">
	22	<a name="dbus-interface-raw"></a>Raw DBus Interfaces</h2></div></div></div>
23	23	<p>These are the current raw DBus interfaces for realmd.</p>
24	24	<pre class="programlisting">
25	25	<span><node name='/'>

84	84	</method>
85	85	</interface>
86	86	</node></span>
87		</pre>
	87	</pre>
88	88	</div>
89	89	<div class="footer">
90	90	<hr>

-6

doc/html/dbus-interface-reference.html less more

4	4	<title>DBus Interface Reference</title>
5	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
6	6	<link rel="home" href="index.html" title="realmd">
7		<link rel="up" href="index.html" title="realmd">
8		<link rel="prev" href="index.html" title="realmd">
	7	<link rel="up" href="development.html" title="Part II. Developer Reference">
	8	<link rel="prev" href="development.html" title="Part II. Developer Reference">
9	9	<link rel="next" href="gdbus-org.freedesktop.realmd.Provider.html" title="org.freedesktop.realmd.Provider">
10	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
11	11	<link rel="stylesheet" href="html.css" type="text/css">
12	12	</head>
13	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
14	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
15		<td><a accesskey="p" href="index.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
16		<td> </td>
	15	<td><a accesskey="p" href="development.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="development.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
17	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
18	18	<th width="100%" align="center">realmd</th>
19	19	<td><a accesskey="n" href="gdbus-org.freedesktop.realmd.Provider.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
20	20	</tr></table>
21	21	<div class="chapter">
22		<div class="titlepage"><div><div><h1 class="title">
23		<a name="dbus-interface-reference"></a>DBus Interface Reference</h1></div></div></div>
	22	<div class="titlepage"><div><div><h2 class="title">
	23	<a name="dbus-interface-reference"></a>DBus Interface Reference</h2></div></div></div>
24	24	<div class="toc"><dl>
25	25	<dt>
26	26	<span class="refentrytitle"><a href="gdbus-org.freedesktop.realmd.Provider.html">org.freedesktop.realmd.Provider</a></span><span class="refpurpose"> — a realm provider</span>

+54

-0

doc/html/development.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Part II. Developer Reference</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="index.html" title="realmd">
	8	<link rel="prev" href="guide-integration.html" title="Integration">
	9	<link rel="next" href="dbus-interface-reference.html" title="DBus Interface Reference">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-integration.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td> </td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="dbus-interface-reference.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="part">
	22	<div class="titlepage"><div><div><h1 class="title">
	23	<a name="development"></a>Part II. Developer Reference</h1></div></div></div>
	24	<div class="toc">
	25	<p><b>Table of Contents</b></p>
	26	<dl>
	27	<dt><span class="chapter"><a href="dbus-interface-reference.html">DBus Interface Reference</a></span></dt>
	28	<dd><dl>
	29	<dt>
	30	<span class="refentrytitle"><a href="gdbus-org.freedesktop.realmd.Provider.html">org.freedesktop.realmd.Provider</a></span><span class="refpurpose"> — a realm provider</span>
	31	</dt>
	32	<dt>
	33	<span class="refentrytitle"><a href="gdbus-org.freedesktop.realmd.Realm.html">org.freedesktop.realmd.Realm</a></span><span class="refpurpose"> — a realm</span>
	34	</dt>
	35	<dt>
	36	<span class="refentrytitle"><a href="gdbus-org.freedesktop.realmd.Kerberos.html">org.freedesktop.realmd.Kerberos</a></span><span class="refpurpose"> — a kerberos realm</span>
	37	</dt>
	38	<dt>
	39	<span class="refentrytitle"><a href="gdbus-org.freedesktop.realmd.KerberosMembership.html">org.freedesktop.realmd.KerberosMembership</a></span><span class="refpurpose"></span>
	40	</dt>
	41	<dt>
	42	<span class="refentrytitle"><a href="gdbus-org.freedesktop.realmd.Service.html">org.freedesktop.realmd.Service</a></span><span class="refpurpose"> — the realmd service</span>
	43	</dt>
	44	</dl></dd>
	45	<dt><span class="chapter"><a href="dbus-interface-raw.html">Raw DBus Interfaces</a></span></dt>
	46	</dl>
	47	</div>
	48	</div>
	49	<div class="footer">
	50	<hr>
	51	Generated by GTK-Doc V1.18</div>
	52	</body>
	53	</html>⏎

-1

doc/html/gdbus-org.freedesktop.realmd.Kerberos.html less more

36	36	<td valign="top" align="right"></td>
37	37	</tr></table></div>
38	38	<div class="refsect1">
39		<a name="idp7266192"></a><h2>Properties</h2>
	39	<a name="idp8541248"></a><h2>Properties</h2>
40	40	<pre class="synopsis">
41	41	<a class="link" href="gdbus-org.freedesktop.realmd.Kerberos.html#gdbus-property-org-freedesktop-realmd-Kerberos.RealmName" title='The "RealmName" property'>RealmName</a> readable s
42	42	<a class="link" href="gdbus-org.freedesktop.realmd.Kerberos.html#gdbus-property-org-freedesktop-realmd-Kerberos.DomainName" title='The "DomainName" property'>DomainName</a> readable s

-1

doc/html/gdbus-org.freedesktop.realmd.KerberosMembership.html less more

46	46	</pre>
47	47	</div>
48	48	<div class="refsect1">
49		<a name="idm40448"></a><h2>Properties</h2>
	49	<a name="idp9134320"></a><h2>Properties</h2>
50	50	<pre class="synopsis">
51	51	<a class="link" href="gdbus-org.freedesktop.realmd.KerberosMembership.html#gdbus-property-org-freedesktop-realmd-KerberosMembership.SuggestedAdministrator" title='The "SuggestedAdministrator" property'>SuggestedAdministrator</a> readable s
52	52	<a class="link" href="gdbus-org.freedesktop.realmd.KerberosMembership.html#gdbus-property-org-freedesktop-realmd-KerberosMembership.SupportedJoinCredentials" title='The "SupportedJoinCredentials" property'>SupportedJoinCredentials</a> readable a(ss)

-1

doc/html/gdbus-org.freedesktop.realmd.Provider.html less more

46	46	</pre>
47	47	</div>
48	48	<div class="refsect1">
49		<a name="idp7799360"></a><h2>Properties</h2>
	49	<a name="idp10945232"></a><h2>Properties</h2>
50	50	<pre class="synopsis">
51	51	<a class="link" href="gdbus-org.freedesktop.realmd.Provider.html#gdbus-property-org-freedesktop-realmd-Provider.Name" title='The "Name" property'>Name</a> readable s
52	52	<a class="link" href="gdbus-org.freedesktop.realmd.Provider.html#gdbus-property-org-freedesktop-realmd-Provider.Version" title='The "Version" property'>Version</a> readable s

-1

doc/html/gdbus-org.freedesktop.realmd.Realm.html less more

47	47	</pre>
48	48	</div>
49	49	<div class="refsect1">
50		<a name="idp9178496"></a><h2>Properties</h2>
	50	<a name="idp7480416"></a><h2>Properties</h2>
51	51	<pre class="synopsis">
52	52	<a class="link" href="gdbus-org.freedesktop.realmd.Realm.html#gdbus-property-org-freedesktop-realmd-Realm.Name" title='The "Name" property'>Name</a> readable s
53	53	<a class="link" href="gdbus-org.freedesktop.realmd.Realm.html#gdbus-property-org-freedesktop-realmd-Realm.Configured" title='The "Configured" property'>Configured</a> readable s

-1

doc/html/gdbus-org.freedesktop.realmd.Service.html less more

45	45	</pre>
46	46	</div>
47	47	<div class="refsect1">
48		<a name="idp9138144"></a><h2>Signals</h2>
	48	<a name="idp10157408"></a><h2>Signals</h2>
49	49	<pre class="synopsis">
50	50	<a class="link" href="gdbus-org.freedesktop.realmd.Service.html#gdbus-signal-org-freedesktop-realmd-Service.Diagnostics" title='The "Diagnostics" signal'>Diagnostics</a> (s data,
51	51	s operation);

+75

-0

doc/html/guide-active-directory-client.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Active Directory client software</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide-active-directory.html" title="Using with Active Directory">
	8	<link rel="prev" href="guide-active-directory.html" title="Using with Active Directory">
	9	<link rel="next" href="guide-active-directory-join.html" title="Joining an Active Directory domain">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-active-directory.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide-active-directory.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-active-directory-join.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="section">
	22	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	23	<a name="guide-active-directory-client"></a>Active Directory client software</h2></div></div></div>
	24	<p>As part of configuring an Active Directory domain for use
	25	on the local computer, <span class="command"><strong>realmd</strong></span> will configure
	26	client software to enable domain accounts to be used on the local
	27	computer.</p>
	28	<p><span class="command"><strong>realmd</strong></span> supports two types of client
	29	software for Active Directory:
	30	<a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> and
	31	<a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a>.
	32	By default SSSD is used.</p>
	33	<div class="section">
	34	<div class="titlepage"><div><div><h3 class="title">
	35	<a name="idp10880368"></a>Using SSSD with Active Directory</h3></div></div></div>
	36	<p><a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a>
	37	provides client software for various kerberos and/or LDAP
	38	directories. Since version 1.9.x it provides good support
	39	for Active Directory.</p>
	40	<p>When joining a computer to an Active Directory domain,
	41	<span class="command"><strong>realmd</strong></span> will use SSSD as the client software
	42	by default. You can force use of SSSD by specifying the
	43	<code class="option">--client-software=sssd</code> when joining the
	44	domain with the
	45	<a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
	46	command like this:</p>
	47	<div class="informalexample"><pre class="screen">
	48	$ <span class="command"><strong>realm join --client-software=sssd domain.example.com</strong></span>
	49	</pre></div>
	50	</div>
	51	<div class="section">
	52	<div class="titlepage"><div><div><h3 class="title">
	53	<a name="idp6592816"></a>Using Winbind with Active Directory</h3></div></div></div>
	54	<p>Samba
	55	<a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Winbind</a>
	56	provides client software for use with Active Directory.</p>
	57	<p>To have <span class="command"><strong>realmd</strong></span> use Winbind as the
	58	client software, configure the
	59	<a class="link" href="guide-configuring.html#guide-configuring-active-directory" title="active-directory"><code class="option">default-client</code> setting</a>.
	60	You can force use of Winbind by specifying the
	61	<code class="option">--client-software=winbind</code> when joining the
	62	domain with the
	63	<a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
	64	command like this:</p>
	65	<div class="informalexample"><pre class="screen">
	66	$ <span class="command"><strong>realm join --client-software=winbind domain.example.com</strong></span>
	67	</pre></div>
	68	</div>
	69	</div>
	70	<div class="footer">
	71	<hr>
	72	Generated by GTK-Doc V1.18</div>
	73	</body>
	74	</html>⏎

+64

-0

doc/html/guide-active-directory-join.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Joining an Active Directory domain</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide-active-directory.html" title="Using with Active Directory">
	8	<link rel="prev" href="guide-active-directory-client.html" title="Active Directory client software">
	9	<link rel="next" href="guide-active-directory-permit.html" title="Logins using Domain Accounts">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-active-directory-client.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide-active-directory.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-active-directory-permit.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="section">
	22	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	23	<a name="guide-active-directory-join"></a>Joining an Active Directory domain</h2></div></div></div>
	24	<p>To join an Active Directory domain with <span class="command"><strong>realmd</strong></span>
	25	you can use the <a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
	26	command line tool:</p>
	27	<div class="informalexample"><pre class="screen">
	28	$ <span class="command"><strong>realm join --verbose domain.example.com</strong></span>
	29	</pre></div>
	30	<p>By specifying the <code class="option">--verbose</code> it's easier
	31	to see what went wrong if the join fails.</p>
	32	<p>Other tools also use <span class="command"><strong>realmd</strong></span> which can
	33	be used to perform the join operation, for example: GNOME
	34	Control Center.</p>
	35	<p>The join operation does the following:</p>
	36	<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
	37	<li class="listitem"><p>Discovers information about the domain.</p></li>
	38	<li class="listitem"><p>Installs the necessary software to join the domain, such as SSSD or Winbind.</p></li>
	39	<li class="listitem"><p>Tries to join the domain automatically, without administrative credentials.</p></li>
	40	<li class="listitem"><p>If administrative credentials are required, a password will be prompted for.</p></li>
	41	<li class="listitem"><p>A computer account in the domain will be created, and or updated.</p></li>
	42	<li class="listitem"><p>A host keytab file at <code class="filename">/etc/krb5.keytab</code> is created.</p></li>
	43	<li class="listitem"><p>Configures the SSSD or Winbind services, and restarts and enables them as appropriate.</p></li>
	44	<li class="listitem"><p>Enables domain users in <code class="filename">/etc/nsswitch.conf</code></p></li>
	45	</ul></div>
	46	<p>After the join operation is complete, domain accounts should
	47	be usable locally, although logins using domain accounts are
	48	not necessarily enabled.</p>
	49	<p>You verify that domain accounts are working with with a
	50	command like this:</p>
	51	<div class="informalexample"><pre class="screen">
	52	$ <span class="command"><strong>getent passwd DOMAIN\Administrator</strong></span>
	53	</pre></div>
	54	<p>The join operation will create or update a computer account
	55	in the domain. If you wish to specify a specific organizational unit
	56	where this account is created, you can use the
	57	<a class="link" href="guide-configuring-realm.html" title="Realm specific settings"><code class="option">computer-ou</code> setting</a>.</p>
	58	</div>
	59	<div class="footer">
	60	<hr>
	61	Generated by GTK-Doc V1.18</div>
	62	</body>
	63	</html>⏎

+52

-0

doc/html/guide-active-directory-permit.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Logins using Domain Accounts</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide-active-directory.html" title="Using with Active Directory">
	8	<link rel="prev" href="guide-active-directory-join.html" title="Joining an Active Directory domain">
	9	<link rel="next" href="guide-freeipa.html" title="Using with FreeIPA">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-active-directory-join.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide-active-directory.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-freeipa.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="section">
	22	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	23	<a name="guide-active-directory-permit"></a>Logins using Domain Accounts</h2></div></div></div>
	24	<p>Once the
	25	<a class="link" href="guide-active-directory-join.html" title="Joining an Active Directory domain">computer is joined</a>
	26	to an Active Directory domain, you can configure the machine so
	27	that you can log in with domain accounts.</p>
	28	<p>To permit any domain account to log in, use the following
	29	command.</p>
	30	<div class="informalexample"><pre class="screen">
	31	$ <span class="command"><strong>realm permit --realm domain.example.com --all</strong></span>
	32	</pre></div>
	33	<p>To permit only specific accounts from the domain to log in
	34	use the following command. The first time this command is run
	35	it will change the mode to only allow logins by specific accounts,
	36	and then add the specified accounts to the list of accounts
	37	to permit.</p>
	38	<div class="informalexample"><pre class="screen">
	39	$ <span class="command"><strong>realm permit --realm domain.example.com DOMAIN\\User1 DOMAIN\\User2</strong></span>
	40	</pre></div>
	41	<p>To deny logins from any domain account, use the following
	42	command.</p>
	43	<div class="informalexample"><pre class="screen">
	44	$ <span class="command"><strong>realm deny --realm domain.example.com --all</strong></span>
	45	</pre></div>
	46	</div>
	47	<div class="footer">
	48	<hr>
	49	Generated by GTK-Doc V1.18</div>
	50	</body>
	51	</html>⏎

+76

-0

doc/html/guide-active-directory.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Using with Active Directory</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide.html" title="Part I. Administrative Guide">
	8	<link rel="prev" href="realm.html" title="realm">
	9	<link rel="next" href="guide-active-directory-client.html" title="Active Directory client software">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="realm.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-active-directory-client.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="chapter">
	22	<div class="titlepage"><div><div><h2 class="title">
	23	<a name="guide-active-directory"></a>Using with Active Directory</h2></div></div></div>
	24	<div class="toc"><dl>
	25	<dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
	26	<dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
	27	<dd><dl>
	28	<dt><span class="section"><a href="guide-active-directory-client.html#idp10880368">Using SSSD with Active Directory</a></span></dt>
	29	<dt><span class="section"><a href="guide-active-directory-client.html#idp6592816">Using Winbind with Active Directory</a></span></dt>
	30	</dl></dd>
	31	<dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
	32	<dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
	33	</dl></div>
	34	<p><span class="command"><strong>realmd</strong></span> can discover Active Directory domains
	35	and join the current computer as an account on that domain. This allows
	36	using domain users locally, as well as use a domain account to log
	37	into the machine.</p>
	38	<div class="section">
	39	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	40	<a name="guide-active-directory-discover"></a>Discovering Active Directory domains</h2></div></div></div>
	41	<p><span class="command"><strong>realmd</strong></span> discovers which domains or
	42	realms it can use or configure. It can discover and identify
	43	Active Directory domains by looking up the appropriate DNS SRV
	44	records.</p>
	45	<p>The following DNS SRV records are required to be present
	46	for <span class="command"><strong>realmd</strong></span> to identify a provided realm as
	47	an Active Directory domain. The DNS server that comes with
	48	Active Directory on Windows Server automatically creates
	49	these DNS records.</p>
	50	<div class="informalexample"><pre class="screen">
	51	# In this example the Active Directory domain is 'domain.example.com'
	52	<span class="emphasis"><em>_kerberos._udp.</em></span>domain.example.com.
	53	<span class="emphasis"><em>_kerberos._tcp.dc._msdcs.</em></span>domain.example.com.
	54	</pre></div>
	55	<p>To see how <span class="command"><strong>realmd</strong></span> is discovering a
	56	particular domain name, try a command like the following. Using
	57	the <code class="option">--verbose</code> argument displays verbose
	58	discovery information.</p>
	59	<div class="informalexample"><pre class="screen">
	60	$ <span class="command"><strong>realm --verbose domain.example.com</strong></span>
	61	* Searching for kerberos SRV records for domain: _kerberos._udp.domain.example.com
	62	* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.domain.example.com
	63	* dc.domain.example.com:88
	64	* Found kerberos DNS records for: domain.example.com
	65	* Found AD style DNS records for: domain.example.com
	66	* Successfully discovered: domain.example.com
	67	...
	68	</pre></div>
	69	</div>
	70	</div>
	71	<div class="footer">
	72	<hr>
	73	Generated by GTK-Doc V1.18</div>
	74	</body>
	75	</html>⏎

+70

-0

doc/html/guide-configuring-realm.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Realm specific settings</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide-configuring.html" title="Configuring realmd">
	8	<link rel="prev" href="guide-configuring-users.html" title="user">
	9	<link rel="next" href="guide-integration.html" title="Integration">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-configuring-users.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide-configuring.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-integration.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="section">
	22	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	23	<a name="guide-configuring-realm"></a>Realm specific settings</h2></div></div></div>
	24	<p>These options should go in an section with the same name
	25	as the realm in the <code class="filename">/etc/realmd.conf</code> file.
	26	For example for the <code class="option">domain.example.com</code> domain
	27	the section would be called <code class="option">[domain.example.com]</code>.
	28	To figure out the canonical name for a realm use the
	29	<span class="command"><strong>realm</strong></span> command:</p>
	30	<div class="informalexample"><pre class="screen">
	31	$ <span class="command"><strong>realm discover --name DOMAIN.example.com</strong></span>
	32	domain.example.com
	33	...
	34	</pre></div>
	35	<p>Only specify the settings you wish to override.</p>
	36	<div class="section">
	37	<div class="titlepage"><div><div><h3 class="title">
	38	<a name="idp9639264"></a>computer-ou</h3></div></div></div>
	39	<p>Specify this option to create directory computer accounts
	40	in a location other than the default. This currently only works
	41	with Active Directory domains.</p>
	42	<div class="informalexample">
	43	<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
	44	<tbody>
	45	<tr>
	46	<td class="listing_lines" align="right"><pre>1
	47	2
	48	3</pre></td>
	49	<td class="listing_code"><pre class="programlisting"><span class="symbol">[</span><span class="normal">domain</span><span class="symbol">.</span><span class="normal">example</span><span class="symbol">.</span><span class="normal">com</span><span class="symbol">]</span>
	50	<span class="normal">computer</span><span class="symbol">-</span><span class="normal">ou </span><span class="symbol">=</span><span class="normal"> OU</span><span class="symbol">=</span><span class="usertype">Linux</span><span class="normal"> Computers</span><span class="symbol">,</span><span class="normal">DC</span><span class="symbol">=</span><span class="normal">domain</span><span class="symbol">,</span><span class="normal">DC</span><span class="symbol">=</span><span class="normal">example</span><span class="symbol">,</span><span class="normal">DC</span><span class="symbol">=</span><span class="normal">com</span>
	51	<span class="preproc"># computer</span><span class="symbol">-</span><span class="normal">ou </span><span class="symbol">=</span><span class="normal"> OU</span><span class="symbol">=</span><span class="usertype">Linux</span><span class="normal"> Computers</span><span class="symbol">,</span></pre></td>
	52	</tr>
	53	</tbody>
	54	</table>
	55	</div>
	56
	57	<p>Specify the OU as an LDAP DN. It can be relative to the
	58	Root DSE, or a complete LDAP DN. Obviously the OU must exist
	59	in the directory.</p>
	60	<p>It is also possible to use the <code class="option">--computer-ou</code>
	61	argument of the <a class="link" href="realm.html" title="realm">realm</a> command to
	62	create a computer account at a specific OU.</p>
	63	</div>
	64	</div>
	65	<div class="footer">
	66	<hr>
	67	Generated by GTK-Doc V1.18</div>
	68	</body>
	69	</html>⏎

+96

-0

doc/html/guide-configuring-users.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>user</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide-configuring.html" title="Configuring realmd">
	8	<link rel="prev" href="guide-configuring.html" title="Configuring realmd">
	9	<link rel="next" href="guide-configuring-realm.html" title="Realm specific settings">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-configuring.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide-configuring.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-configuring-realm.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="section">
	22	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	23	<a name="guide-configuring-users"></a>user</h2></div></div></div>
	24	<p>These options should go in an <code class="option">[users]</code>
	25	section of the <code class="filename">/etc/realmd.conf</code> file. Only
	26	specify the settings you wish to override.</p>
	27	<div class="section">
	28	<div class="titlepage"><div><div><h3 class="title">
	29	<a name="idp6023568"></a>default-home</h3></div></div></div>
	30	<p>Specify the <code class="option">default-home</code> setting in
	31	order to control how to set the home directory for accounts
	32	that have no home directory explicitly set.</p>
	33	<div class="informalexample">
	34	<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
	35	<tbody>
	36	<tr>
	37	<td class="listing_lines" align="right"><pre>1
	38	2
	39	3</pre></td>
	40	<td class="listing_code"><pre class="programlisting"><span class="symbol">[</span><span class="normal">active</span><span class="symbol">-</span><span class="normal">directory</span><span class="symbol">]</span>
	41	<span class="keyword">default</span><span class="symbol">-</span><span class="normal">home </span><span class="symbol">=</span><span class="normal"> </span><span class="symbol">/</span><span class="normal">home</span><span class="symbol">/%</span><span class="normal">D</span><span class="symbol">/%</span><span class="normal">U</span>
	42	<span class="preproc"># default</span><span class="symbol">-</span><span class="normal">home </span><span class="symbol">=</span><span class="normal"> </span><span class="symbol">/</span><span class="normal">nfs</span><span class="symbol">/</span><span class="normal">home</span><span class="symbol">/%</span><span class="normal">D</span><span class="symbol">-%</span><span class="normal">U</span></pre></td>
	43	</tr>
	44	</tbody>
	45	</table>
	46	</div>
	47
	48	<p>The default setting for this is <code class="option">/home/%D/%U</code>. The
	49	<code class="option">%D</code> format is replaced by the domain name. In the case of
	50	Active Directory this is the short domain name. The <code class="option">%U</code>
	51	format is replaced by the user name.</p>
	52	<p>You can verify the home directory for a user by running the
	53	following command.</p>
	54	<div class="informalexample"><pre class="screen">
	55	$ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span>
	56	DOMAIN\user:*:1344600500:1344600513:User Name:/home/DOMAIN/user:/bin/bash
	57	</pre></div>
	58	</div>
	59	<div class="section">
	60	<div class="titlepage"><div><div><h3 class="title">
	61	<a name="idp6557504"></a>default-shell</h3></div></div></div>
	62	<p>Specify the <code class="option">default-shell</code> setting in
	63	order to control how to set the Unix shell for accounts that
	64	have no shell explicitly set.</p>
	65	<div class="informalexample">
	66	<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
	67	<tbody>
	68	<tr>
	69	<td class="listing_lines" align="right"><pre>1
	70	2
	71	3</pre></td>
	72	<td class="listing_code"><pre class="programlisting"><span class="symbol">[</span><span class="normal">active</span><span class="symbol">-</span><span class="normal">directory</span><span class="symbol">]</span>
	73	<span class="keyword">default</span><span class="symbol">-</span><span class="normal">shell </span><span class="symbol">=</span><span class="normal"> </span><span class="symbol">/</span><span class="normal">bin</span><span class="symbol">/</span><span class="normal">bash</span>
	74	<span class="preproc"># default</span><span class="symbol">-</span><span class="normal">shell </span><span class="symbol">=</span><span class="normal"> </span><span class="symbol">/</span><span class="normal">bin</span><span class="symbol">/</span><span class="normal">sh</span></pre></td>
	75	</tr>
	76	</tbody>
	77	</table>
	78	</div>
	79
	80	<p>The default setting for this is <code class="option">/bin/bash</code> shell. The
	81	shell should be a valid shell if you expect the domain users be able to log
	82	in. For example it should exist in the <code class="filename">/etc/shells</code> file.</p>
	83	<p>You can verify the shell for a user by running the
	84	following command.</p>
	85	<div class="informalexample"><pre class="screen">
	86	$ <span class="command"><strong>getent passwd 'DOMAIN/User'</strong></span>
	87	DOMAIN\user:*:1344600500:1344600513:User Name:/home/DOMAIN/user:/bin/bash
	88	</pre></div>
	89	</div>
	90	</div>
	91	<div class="footer">
	92	<hr>
	93	Generated by GTK-Doc V1.18</div>
	94	</body>
	95	</html>⏎

+112

-0

doc/html/guide-configuring.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Configuring realmd</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide.html" title="Part I. Administrative Guide">
	8	<link rel="prev" href="guide-freeipa.html" title="Using with other Kerberos realms">
	9	<link rel="next" href="guide-configuring-users.html" title="user">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-freeipa.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-configuring-users.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="chapter">
	22	<div class="titlepage"><div><div><h2 class="title">
	23	<a name="guide-configuring"></a>Configuring realmd</h2></div></div></div>
	24	<div class="toc"><dl>
	25	<dt><span class="section"><a href="guide-configuring.html#guide-configuring-active-directory">active-directory</a></span></dt>
	26	<dd><dl><dt><span class="section"><a href="guide-configuring.html#idp7104192">default-client</a></span></dt></dl></dd>
	27	<dt><span class="section"><a href="guide-configuring-users.html">user</a></span></dt>
	28	<dd><dl>
	29	<dt><span class="section"><a href="guide-configuring-users.html#idp6023568">default-home</a></span></dt>
	30	<dt><span class="section"><a href="guide-configuring-users.html#idp6557504">default-shell</a></span></dt>
	31	</dl></dd>
	32	<dt><span class="section"><a href="guide-configuring-realm.html">Realm specific settings</a></span></dt>
	33	<dd><dl><dt><span class="section"><a href="guide-configuring-realm.html#idp9639264">computer-ou</a></span></dt></dl></dd>
	34	</dl></div>
	35	<p><span class="command"><strong>realmd</strong></span> can be tweaked by network administrators
	36	to act in specific ways. This is done by placing settings in a
	37	<code class="filename">/etc/realmd.conf</code>. The syntax of this file is the
	38	same as an INI file or Desktop Entry file.</p>
	39	<p>Only specify the settings you wish to override in the
	40	<code class="filename">/etc/realmd.conf</code> file. Settings not specified will
	41	be loaded either from their packaged defaults. Only override the settings
	42	below. You may find other settings if you root around the
	43	<span class="command"><strong>realmd</strong></span> source code. However these are not guaranteed
	44	to remain stable.</p>
	45	<div class="section">
	46	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	47	<a name="guide-configuring-active-directory"></a>active-directory</h2></div></div></div>
	48	<p>These options should go in an <code class="option">[active-directory]</code>
	49	section of the <code class="filename">/etc/realmd.conf</code> file. Only
	50	specify the settings you wish to override.</p>
	51	<div class="section">
	52	<div class="titlepage"><div><div><h3 class="title">
	53	<a name="idp7104192"></a>default-client</h3></div></div></div>
	54	<p>Specify the <code class="option">default-client</code> setting in
	55	order to control which client software is the preferred default
	56	for use with Active Directory.</p>
	57	<div class="informalexample">
	58	<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
	59	<tbody>
	60	<tr>
	61	<td class="listing_lines" align="right"><pre>1
	62	2
	63	3</pre></td>
	64	<td class="listing_code"><pre class="programlisting"><span class="symbol">[</span><span class="normal">active</span><span class="symbol">-</span><span class="normal">directory</span><span class="symbol">]</span>
	65	<span class="keyword">default</span><span class="symbol">-</span><span class="normal">client </span><span class="symbol">=</span><span class="normal"> sssd</span>
	66	<span class="preproc"># default</span><span class="symbol">-</span><span class="normal">client </span><span class="symbol">=</span><span class="normal"> winbind</span></pre></td>
	67	</tr>
	68	</tbody>
	69	</table>
	70	</div>
	71
	72	<p>The default setting for this is
	73	<code class="option">sssd</code> which uses
	74	<a class="ulink" href="https://fedorahosted.org/sssd/" target="_top">SSSD</a> as
	75	the Active Directory client. You can also specify
	76	<code class="option">winbind</code> to use
	77	<a class="ulink" href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html" target="_top">Samba Winbind</a>.
	78	</p>
	79	<p>Some callers of <span class="command"><strong>realmd</strong></span> such as the
	80	<a class="link" href="realm.html" title="realm"><span class="command"><strong>realm</strong></span></a>
	81	command line tool allow specifying which client software should
	82	be used. Others, such as GNOME Control Center, simplify choose
	83	the default.</p>
	84	<p>You can verify the preferred default client softawre by
	85	running the following command. The realm with the preferred
	86	client software will be listed first.</p>
	87	<div class="informalexample"><pre class="screen">
	88	$ <span class="command"><strong>realm discover domain.example.com</strong></span>
	89	domain.example.com
	90	configured: no
	91	server-software: active-directory
	92	client-software: sssd
	93	type: kerberos
	94	realm-name: AD.THEWALTER.LAN
	95	domain-name: ad.thewalter.lan
	96	domain.example.com
	97	configured: no
	98	server-software: active-directory
	99	client-software: winbind
	100	type: kerberos
	101	realm-name: AD.THEWALTER.LAN
	102	domain-name: ad.thewalter.lan
	103	</pre></div>
	104	</div>
	105	</div>
	106	</div>
	107	<div class="footer">
	108	<hr>
	109	Generated by GTK-Doc V1.18</div>
	110	</body>
	111	</html>⏎

+61

-0

doc/html/guide-freeipa.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Using with other Kerberos realms</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide.html" title="Part I. Administrative Guide">
	8	<link rel="prev" href="guide-freeipa.html" title="Using with FreeIPA">
	9	<link rel="next" href="guide-configuring.html" title="Configuring realmd">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-freeipa.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-configuring.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="chapter">
	22	<div class="titlepage"><div><div><h2 class="title">
	23	<a name="guide-freeipa"></a>Using with other Kerberos realms</h2></div></div></div>
	24	<div class="toc"><dl><dt><span class="section"><a href="guide-freeipa.html#idp8851920">Discovering Kerberos realms</a></span></dt></dl></div>
	25	<p><span class="command"><strong>realmd</strong></span> can discover generic Kerberos realms.
	26	Since there is no standard way to enroll a computer against a Kerberos
	27	server, it is not possible to do this with <span class="command"><strong>realmd</strong></span>.</p>
	28	<div class="section">
	29	<div class="titlepage"><div><div><h2 class="title" style="clear: both">
	30	<a name="idp8851920"></a>Discovering Kerberos realms</h2></div></div></div>
	31	<p><span class="command"><strong>realmd</strong></span> discovers which domains or
	32	realms it can use or configure. It can discover and identify
	33	Kerberos domains by looking up the appropriate DNS SRV
	34	records.</p>
	35	<p>The following DNS SRV record is required to be present
	36	for <span class="command"><strong>realmd</strong></span> to identify a provided realm as
	37	a Kerberos domain.</p>
	38	<div class="informalexample"><pre class="screen">
	39	# In this example the Kerberos domain is 'domain.example.com'
	40	<span class="emphasis"><em>_kerberos._udp.</em></span>domain.example.com.
	41	</pre></div>
	42	<div class="informalexample"><pre class="screen">
	43	$ <span class="command"><strong>realm --verbose discover domain.example.com</strong></span>
	44	* Searching for kerberos SRV records for domain: _kerberos._udp.domain.example.com
	45	* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.domain.example.com
	46	* dc.domain.example.com:88
	47	* Trying to retrieve IPA certificate from dc.domain.example.com
	48	! Couldn't read certificate via HTTP: No PEM-encoded certificate found
	49	! Couldn't discover IPA KDC: No PEM-encoded certificate found
	50	* Found kerberos DNS records for: domain.example.com
	51	* Successfully discovered: domain.example.com
	52	...
	53	</pre></div>
	54	</div>
	55	</div>
	56	<div class="footer">
	57	<hr>
	58	Generated by GTK-Doc V1.18</div>
	59	</body>
	60	</html>⏎

+28

-0

doc/html/guide-integration.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Integration</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide.html" title="Part I. Administrative Guide">
	8	<link rel="prev" href="guide-configuring-realm.html" title="Realm specific settings">
	9	<link rel="next" href="development.html" title="Part II. Developer Reference">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide-configuring-realm.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="development.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="chapter"><div class="titlepage"><div><div><h2 class="title">
	22	<a name="guide-integration"></a>Integration</h2></div></div></div></div>
	23	<div class="footer">
	24	<hr>
	25	Generated by GTK-Doc V1.18</div>
	26	</body>
	27	</html>⏎

+67

-0

doc/html/guide.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Part I. Administrative Guide</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="index.html" title="realmd">
	8	<link rel="prev" href="index.html" title="realmd">
	9	<link rel="next" href="realm-manual.html" title="Command manual pages">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="index.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td> </td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="realm-manual.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="part">
	22	<div class="titlepage"><div><div><h1 class="title">
	23	<a name="guide"></a>Part I. Administrative Guide</h1></div></div></div>
	24	<div class="toc">
	25	<p><b>Table of Contents</b></p>
	26	<dl>
	27	<dt><span class="chapter"><a href="realm-manual.html">Command manual pages</a></span></dt>
	28	<dd><dl><dt>
	29	<span class="refentrytitle"><a href="realm.html">realm</a></span><span class="refpurpose"> — Manage enrollment in realms</span>
	30	</dt></dl></dd>
	31	<dt><span class="chapter"><a href="guide-active-directory.html">Using with Active Directory</a></span></dt>
	32	<dd><dl>
	33	<dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
	34	<dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
	35	<dd><dl>
	36	<dt><span class="section"><a href="guide-active-directory-client.html#idp10880368">Using SSSD with Active Directory</a></span></dt>
	37	<dt><span class="section"><a href="guide-active-directory-client.html#idp6592816">Using Winbind with Active Directory</a></span></dt>
	38	</dl></dd>
	39	<dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
	40	<dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
	41	</dl></dd>
	42	<dt><span class="chapter"><a href="guide-freeipa.html">Using with FreeIPA</a></span></dt>
	43	<dd><dl><dt><span class="section"><a href="guide-freeipa.html#idp9009232">Discovering FreeIPA domains</a></span></dt></dl></dd>
	44	<dt><span class="chapter"><a href="guide-freeipa.html">Using with other Kerberos realms</a></span></dt>
	45	<dd><dl><dt><span class="section"><a href="guide-freeipa.html#idp8851920">Discovering Kerberos realms</a></span></dt></dl></dd>
	46	<dt><span class="chapter"><a href="guide-configuring.html">Configuring realmd</a></span></dt>
	47	<dd><dl>
	48	<dt><span class="section"><a href="guide-configuring.html#guide-configuring-active-directory">active-directory</a></span></dt>
	49	<dd><dl><dt><span class="section"><a href="guide-configuring.html#idp7104192">default-client</a></span></dt></dl></dd>
	50	<dt><span class="section"><a href="guide-configuring-users.html">user</a></span></dt>
	51	<dd><dl>
	52	<dt><span class="section"><a href="guide-configuring-users.html#idp6023568">default-home</a></span></dt>
	53	<dt><span class="section"><a href="guide-configuring-users.html#idp6557504">default-shell</a></span></dt>
	54	</dl></dd>
	55	<dt><span class="section"><a href="guide-configuring-realm.html">Realm specific settings</a></span></dt>
	56	<dd><dl><dt><span class="section"><a href="guide-configuring-realm.html#idp9639264">computer-ou</a></span></dt></dl></dd>
	57	</dl></dd>
	58	<dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt>
	59	</dl>
	60	</div>
	61	</div>
	62	<div class="footer">
	63	<hr>
	64	Generated by GTK-Doc V1.18</div>
	65	</body>
	66	</html>⏎

+11

-0

doc/html/html.css less more

90	90	left: -1em;
91	91	font-weight: normal !important;
92	92	}
	93
	94	DD > DL {
	95	margin-top: 0.3em;
	96	margin-bottom: 0.3em;
	97	}
	98
	99	PRE.screen {
	100	border: solid 1px #729fcf;
	101	padding: 0.5em;
	102	background: #e6f3ff;
	103	}

+40

-2

doc/html/index.html less more

4	4	<title>realmd</title>
5	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
6	6	<link rel="home" href="index.html" title="realmd">
7		<link rel="next" href="dbus-interface-reference.html" title="DBus Interface Reference">
	7	<link rel="next" href="guide.html" title="Part I. Administrative Guide">
8	8	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
9	9	<link rel="stylesheet" href="html.css" type="text/css">
10	10	</head>

13	13	<div class="titlepage">
14	14	<div>
15	15	<div><table class="navigation" id="top" width="100%" cellpadding="2" cellspacing="0"><tr><th valign="middle"><p class="title">realmd</p></th></tr></table></div>
16		<div><p class="releaseinfo">for 0.7
	16	<div><p class="releaseinfo">for 0.8.1
17	17	</p></div>
18	18	</div>
19	19	<hr>
20	20	</div>
21	21	<div class="toc"><dl>
	22	<dt><span class="part"><a href="guide.html">I. Administrative Guide</a></span></dt>
	23	<dd><dl>
	24	<dt><span class="chapter"><a href="realm-manual.html">Command manual pages</a></span></dt>
	25	<dd><dl><dt>
	26	<span class="refentrytitle"><a href="realm.html">realm</a></span><span class="refpurpose"> — Manage enrollment in realms</span>
	27	</dt></dl></dd>
	28	<dt><span class="chapter"><a href="guide-active-directory.html">Using with Active Directory</a></span></dt>
	29	<dd><dl>
	30	<dt><span class="section"><a href="guide-active-directory.html#guide-active-directory-discover">Discovering Active Directory domains</a></span></dt>
	31	<dt><span class="section"><a href="guide-active-directory-client.html">Active Directory client software</a></span></dt>
	32	<dd><dl>
	33	<dt><span class="section"><a href="guide-active-directory-client.html#idp10880368">Using SSSD with Active Directory</a></span></dt>
	34	<dt><span class="section"><a href="guide-active-directory-client.html#idp6592816">Using Winbind with Active Directory</a></span></dt>
	35	</dl></dd>
	36	<dt><span class="section"><a href="guide-active-directory-join.html">Joining an Active Directory domain</a></span></dt>
	37	<dt><span class="section"><a href="guide-active-directory-permit.html">Logins using Domain Accounts</a></span></dt>
	38	</dl></dd>
	39	<dt><span class="chapter"><a href="guide-freeipa.html">Using with FreeIPA</a></span></dt>
	40	<dd><dl><dt><span class="section"><a href="guide-freeipa.html#idp9009232">Discovering FreeIPA domains</a></span></dt></dl></dd>
	41	<dt><span class="chapter"><a href="guide-freeipa.html">Using with other Kerberos realms</a></span></dt>
	42	<dd><dl><dt><span class="section"><a href="guide-freeipa.html#idp8851920">Discovering Kerberos realms</a></span></dt></dl></dd>
	43	<dt><span class="chapter"><a href="guide-configuring.html">Configuring realmd</a></span></dt>
	44	<dd><dl>
	45	<dt><span class="section"><a href="guide-configuring.html#guide-configuring-active-directory">active-directory</a></span></dt>
	46	<dd><dl><dt><span class="section"><a href="guide-configuring.html#idp7104192">default-client</a></span></dt></dl></dd>
	47	<dt><span class="section"><a href="guide-configuring-users.html">user</a></span></dt>
	48	<dd><dl>
	49	<dt><span class="section"><a href="guide-configuring-users.html#idp6023568">default-home</a></span></dt>
	50	<dt><span class="section"><a href="guide-configuring-users.html#idp6557504">default-shell</a></span></dt>
	51	</dl></dd>
	52	<dt><span class="section"><a href="guide-configuring-realm.html">Realm specific settings</a></span></dt>
	53	<dd><dl><dt><span class="section"><a href="guide-configuring-realm.html#idp9639264">computer-ou</a></span></dt></dl></dd>
	54	</dl></dd>
	55	<dt><span class="chapter"><a href="guide-integration.html">Integration</a></span></dt>
	56	</dl></dd>
	57	<dt><span class="part"><a href="development.html">II. Developer Reference</a></span></dt>
	58	<dd><dl>
22	59	<dt><span class="chapter"><a href="dbus-interface-reference.html">DBus Interface Reference</a></span></dt>
23	60	<dd><dl>
24	61	<dt>

38	75	</dt>
39	76	</dl></dd>
40	77	<dt><span class="chapter"><a href="dbus-interface-raw.html">Raw DBus Interfaces</a></span></dt>
	78	</dl></dd>
41	79	</dl></div>
42	80	</div>
43	81	<div class="footer">

-0

doc/html/index.sgml less more

	0	<ANCHOR id="realm" href="realmd/realm.html">
0	1	<ANCHOR id="gdbus-org.freedesktop.realmd.Provider" href="realmd/gdbus-org.freedesktop.realmd.Provider.html">
1	2	<ANCHOR id="gdbus-interface-org-freedesktop-realmd-Provider" href="realmd/gdbus-org.freedesktop.realmd.Provider.html#gdbus-interface-org-freedesktop-realmd-Provider">
2	3	<ANCHOR id="gdbus-methods-org.freedesktop.realmd.Provider" href="realmd/gdbus-org.freedesktop.realmd.Provider.html#gdbus-methods-org.freedesktop.realmd.Provider">

+33

-0

doc/html/realm-manual.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>Command manual pages</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="guide.html" title="Part I. Administrative Guide">
	8	<link rel="prev" href="guide.html" title="Part I. Administrative Guide">
	9	<link rel="next" href="realm.html" title="realm">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="guide.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="guide.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="realm.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="chapter">
	22	<div class="titlepage"><div><div><h2 class="title">
	23	<a name="realm-manual"></a>Command manual pages</h2></div></div></div>
	24	<div class="toc"><dl><dt>
	25	<span class="refentrytitle"><a href="realm.html">realm</a></span><span class="refpurpose"> — Manage enrollment in realms</span>
	26	</dt></dl></div>
	27	</div>
	28	<div class="footer">
	29	<hr>
	30	Generated by GTK-Doc V1.18</div>
	31	</body>
	32	</html>⏎

+337

-0

doc/html/realm.html less more

	0	<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
	1	<html>
	2	<head>
	3	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
	4	<title>realm</title>
	5	<meta name="generator" content="DocBook XSL Stylesheets V1.77.1">
	6	<link rel="home" href="index.html" title="realmd">
	7	<link rel="up" href="realm-manual.html" title="Command manual pages">
	8	<link rel="prev" href="realm-manual.html" title="Command manual pages">
	9	<link rel="next" href="guide-active-directory.html" title="Using with Active Directory">
	10	<meta name="generator" content="GTK-Doc V1.18 (XML mode)">
	11	<link rel="stylesheet" href="html.css" type="text/css">
	12	</head>
	13	<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
	14	<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="2"><tr valign="middle">
	15	<td><a accesskey="p" href="realm-manual.html"><img src="left.png" width="24" height="24" border="0" alt="Prev"></a></td>
	16	<td><a accesskey="u" href="realm-manual.html"><img src="up.png" width="24" height="24" border="0" alt="Up"></a></td>
	17	<td><a accesskey="h" href="index.html"><img src="home.png" width="24" height="24" border="0" alt="Home"></a></td>
	18	<th width="100%" align="center">realmd</th>
	19	<td><a accesskey="n" href="guide-active-directory.html"><img src="right.png" width="24" height="24" border="0" alt="Next"></a></td>
	20	</tr></table>
	21	<div class="refentry">
	22	<a name="realm"></a><div class="titlepage"></div>
	23	<div class="refnamediv"><table width="100%"><tr>
	24	<td valign="top">
	25	<h2><span class="refentrytitle">realm</span></h2>
	26	<p>realm — Manage enrollment in realms</p>
	27	</td>
	28	<td valign="top" align="right"></td>
	29	</tr></table></div>
	30	<div class="refsynopsisdiv">
	31	<h2>Synopsis</h2>
	32	<div class="cmdsynopsis"><p><code class="command">realm discover -v [realm-name]</code> </p></div>
	33	<div class="cmdsynopsis"><p><code class="command">realm join -v [-U user] [realm-name]</code> </p></div>
	34	<div class="cmdsynopsis"><p><code class="command">realm leave -v [-U user] [realm-name]</code> </p></div>
	35	<div class="cmdsynopsis"><p><code class="command">realm list</code> </p></div>
	36	<div class="cmdsynopsis"><p><code class="command">realm permit [-a] [-R realm] {user} ...</code> </p></div>
	37	<div class="cmdsynopsis"><p><code class="command">realm deny [-a] [-R realm] {user} ...</code> </p></div>
	38	</div>
	39	<div class="refsect1">
	40	<a name="idp7433168"></a><h2>Description</h2>
	41	<p><span class="command"><strong>realm</strong></span> is a command line tool that
	42	can be used to manage enrollment in kerberos realms, like Active
	43	Directory domains or IPA domains.</p>
	44	</div>
	45	<div class="refsect1">
	46	<a name="idp7435184"></a><h2>Discover</h2>
	47	<p>Discover a realm and its capabilities.</p>
	48	<div class="informalexample">
	49	<pre class="programlisting">
	50	$ realm discover
	51	</pre>
	52	<pre class="programlisting">
	53	$ realm discover domain.example.com
	54	</pre>
	55	</div>
	56	<p>After discovering a realm,
	57	its name, type and capabilities are displayed.</p>
	58	<p>If no domain is specified, then the domain assigned through
	59	DHCP is used as a default.</p>
	60	<p>The following options can be used:</p>
	61	<div class="variablelist"><table border="0" class="variablelist">
	62	<colgroup>
	63	<col align="left" valign="top">
	64	<col>
	65	</colgroup>
	66	<tbody>
	67	<tr>
	68	<td><p><span class="term"><code class="option">--client-software=xxx</code></span></p></td>
	69	<td><p>Only discover realms for which we can
	70	use the given client software. Possible values include
	71	<em class="replaceable"><code>sssd</code></em> or
	72	<em class="replaceable"><code>winbind</code></em>.</p></td>
	73	</tr>
	74	<tr>
	75	<td><p><span class="term"><code class="option">--server-software=xxx</code></span></p></td>
	76	<td><p>Only discover realms for run the
	77	given server software. Possible values include
	78	<em class="replaceable"><code>active-directory</code></em> or
	79	<em class="replaceable"><code>freeipa</code></em>.</p></td>
	80	</tr>
	81	<tr>
	82	<td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
	83	<td><p>Display verbose diagnostics while doing
	84	the discovery.</p></td>
	85	</tr>
	86	</tbody>
	87	</table></div>
	88	</div>
	89	<div class="refsect1">
	90	<a name="idp7446752"></a><h2>Join</h2>
	91	<p>Configure the local machine for use with a realm.</p>
	92	<div class="informalexample">
	93	<pre class="programlisting">
	94	$ realm join domain.example.com
	95	</pre>
	96	<pre class="programlisting">
	97	$ realm join -user=admin --computer-ou=OU=Special domain.example.com
	98	</pre>
	99	</div>
	100	<p>The realm is first discovered, as we would with the
	101	<code class="option">discover</code> command. If no domain is specified, then the
	102	domain assigned through DHCP is used as a default.</p>
	103	<p>After a successful join, the computer will be in a state where
	104	it is able to resolve remote user and group names from the realm.
	105	For kerberos realms, a computer account and host keytab is created.</p>
	106	<p>Joining arbitrary kerberos realms is not supported. The realm
	107	must have a supported mechanism for joining from a client machine, such
	108	as Active Directory or FreeIPA.</p>
	109	<p>Unless a [--user] is explicitly specified, then if
	110	possible, an automatic join is attempted first.</p>
	111	<p>The following options can be used:</p>
	112	<div class="variablelist"><table border="0" class="variablelist">
	113	<colgroup>
	114	<col align="left" valign="top">
	115	<col>
	116	</colgroup>
	117	<tbody>
	118	<tr>
	119	<td><p><span class="term"><code class="option">--client-software=xxx</code></span></p></td>
	120	<td><p>Only join realms for which we can
	121	use the given client software. Possible values include
	122	<em class="replaceable"><code>sssd</code></em> or
	123	<em class="replaceable"><code>winbind</code></em>. Not all values are
	124	supported for all realms. By default the client software
	125	is automatically selected.</p></td>
	126	</tr>
	127	<tr>
	128	<td><p><span class="term"><code class="option">--computer-ou=OU=xxx</code></span></p></td>
	129	<td><p>The distinguished name of an organizational
	130	unit to create the computer account. The exact format
	131	of the distinguished name depends on the client software
	132	and membership software. You can usually omit the root
	133	DSE portion of distinguished name.</p></td>
	134	</tr>
	135	<tr>
	136	<td><p><span class="term"><code class="option">--membership-software=xxx</code></span></p></td>
	137	<td><p>The software to use when joining to the
	138	realm. Possible values include <em class="replaceable"><code>samba</code></em> or
	139	<em class="replaceable"><code>adcli</code></em>. Not all values are
	140	supported for all realms. By default the membership software
	141	is automatically selected.</p></td>
	142	</tr>
	143	<tr>
	144	<td><p><span class="term"><code class="option">--one-time-password=xxxx</code></span></p></td>
	145	<td><p>Perform the join using a one time password
	146	specified on the command line. This is not possible with
	147	all types of realms.</p></td>
	148	</tr>
	149	<tr>
	150	<td><p><span class="term"><code class="option">--server-software=xxx</code></span></p></td>
	151	<td><p>Only join realms for run the
	152	given server software. Possible values include
	153	<em class="replaceable"><code>active-directory</code></em> or
	154	<em class="replaceable"><code>freeipa</code></em>.</p></td>
	155	</tr>
	156	<tr>
	157	<td><p><span class="term"><code class="option">--user</code></span></p></td>
	158	<td><p>The user name to be used to authenticate
	159	with when joining the machine to the realm. You will
	160	be prompted for a password.</p></td>
	161	</tr>
	162	<tr>
	163	<td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
	164	<td><p>Display verbose diagnostics while doing
	165	the discovery and join.</p></td>
	166	</tr>
	167	</tbody>
	168	</table></div>
	169	</div>
	170	<div class="refsect1">
	171	<a name="idp7469072"></a><h2>Leave</h2>
	172	<p>Deconfigure the local machine for use with a realm.</p>
	173	<div class="informalexample">
	174	<pre class="programlisting">
	175	$ realm leave
	176	</pre>
	177	<pre class="programlisting">
	178	$ realm leave domain.example.com
	179	</pre>
	180	</div>
	181	<p>If no realm name is specified, then the first configured realm
	182	will be used.</p>
	183	<p>The following options can be used:</p>
	184	<div class="variablelist"><table border="0" class="variablelist">
	185	<colgroup>
	186	<col align="left" valign="top">
	187	<col>
	188	</colgroup>
	189	<tbody>
	190	<tr>
	191	<td><p><span class="term"><code class="option">--client-software=xxx</code></span></p></td>
	192	<td><p>Only leave the realm which is using
	193	the given client software. Possible values include
	194	<em class="replaceable"><code>sssd</code></em> or
	195	<em class="replaceable"><code>winbind</code></em>.</p></td>
	196	</tr>
	197	<tr>
	198	<td><p><span class="term"><code class="option">--server-software=xxx</code></span></p></td>
	199	<td><p>Only leave the realm which is using the
	200	given server software. Possible values include
	201	<em class="replaceable"><code>active-directory</code></em> or
	202	<em class="replaceable"><code>freeipa</code></em>.</p></td>
	203	</tr>
	204	<tr>
	205	<td><p><span class="term"><code class="option">--remove</code></span></p></td>
	206	<td><p>Remove or disable computer account from the
	207	directory while leaving the realm. This will usually prompt
	208	for a pasword.</p></td>
	209	</tr>
	210	<tr>
	211	<td><p><span class="term"><code class="option">--user</code></span></p></td>
	212	<td><p>The user name to be used to authenticate
	213	with when leaving the realm. You will be prompted for a
	214	password. Implies <code class="option">--remove</code>.</p></td>
	215	</tr>
	216	<tr>
	217	<td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
	218	<td><p>Display verbose diagnostics while doing
	219	the leave operation.</p></td>
	220	</tr>
	221	</tbody>
	222	</table></div>
	223	</div>
	224	<div class="refsect1">
	225	<a name="idp10245296"></a><h2>List</h2>
	226	<p>List all the discovered and configured realms.</p>
	227	<div class="informalexample">
	228	<table class="listing_frame" border="0" cellpadding="0" cellspacing="0">
	229	<tbody>
	230	<tr>
	231	<td class="listing_lines" align="right"><pre>1</pre></td>
	232	<td class="listing_code"><pre class="programlisting"><span class="normal">$ realm list</span></pre></td>
	233	</tr>
	234	</tbody>
	235	</table>
	236	</div>
	237
	238	<p>The following options can be used:</p>
	239	<div class="variablelist"><table border="0" class="variablelist">
	240	<colgroup>
	241	<col align="left" valign="top">
	242	<col>
	243	</colgroup>
	244	<tbody><tr>
	245	<td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
	246	<td><p>Display verbose diagnostics while
	247	listing.</p></td>
	248	</tr></tbody>
	249	</table></div>
	250	</div>
	251	<div class="refsect1">
	252	<a name="idp10249632"></a><h2>Permit</h2>
	253	<p>Permit local login by users of the realm.</p>
	254	<div class="informalexample">
	255	<pre class="programlisting">
	256	$ realm permit -a
	257	</pre>
	258	<pre class="programlisting">
	259	$ realm permit DOMAIN\User
	260	</pre>
	261	</div>
	262	<p>If more than one realm is configured, then use the <code class="option">--realm</code>
	263	option to specify which realm to permit the users on.</p>
	264	<p>The format of the user name can be seen by using the
	265	<code class="option">list</code> command.</p>
	266	<p>The following options can be used:</p>
	267	<div class="variablelist"><table border="0" class="variablelist">
	268	<colgroup>
	269	<col align="left" valign="top">
	270	<col>
	271	</colgroup>
	272	<tbody>
	273	<tr>
	274	<td><p><span class="term"><code class="option">--all, -a</code></span></p></td>
	275	<td><p>Permit login by any valid user of the
	276	realm.</p></td>
	277	</tr>
	278	<tr>
	279	<td><p><span class="term"><code class="option">--realm, -R</code></span></p></td>
	280	<td><p>Specify the name of the realm to permit
	281	users to log into.</p></td>
	282	</tr>
	283	<tr>
	284	<td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
	285	<td><p>Display verbose diagnostics while
	286	doing the operation.</p></td>
	287	</tr>
	288	</tbody>
	289	</table></div>
	290	</div>
	291	<div class="refsect1">
	292	<a name="idp10258944"></a><h2>Deny</h2>
	293	<p>Deny local login by users of the realm.</p>
	294	<div class="informalexample">
	295	<pre class="programlisting">
	296	$ realm deny -a
	297	</pre>
	298	<pre class="programlisting">
	299	$ realm deny DOMAIN\User
	300	</pre>
	301	</div>
	302	<p>If more than one realm is configured, then use the <code class="option">--realm</code>
	303	option to specify which realm to deny the users' login via.</p>
	304	<p>The format of the user name can be seen by using the
	305	<code class="option">list</code> command.</p>
	306	<p>The following options can be used:</p>
	307	<div class="variablelist"><table border="0" class="variablelist">
	308	<colgroup>
	309	<col align="left" valign="top">
	310	<col>
	311	</colgroup>
	312	<tbody>
	313	<tr>
	314	<td><p><span class="term"><code class="option">--all, -a</code></span></p></td>
	315	<td><p>Deny login by any validuser of the
	316	realm.</p></td>
	317	</tr>
	318	<tr>
	319	<td><p><span class="term"><code class="option">--realm, -R</code></span></p></td>
	320	<td><p>Specify the name of the realm to deny
	321	users login to.</p></td>
	322	</tr>
	323	<tr>
	324	<td><p><span class="term"><code class="option">--verbose, -v</code></span></p></td>
	325	<td><p>Display verbose diagnostics while
	326	doing the operation.</p></td>
	327	</tr>
	328	</tbody>
	329	</table></div>
	330	</div>
	331	</div>
	332	<div class="footer">
	333	<hr>
	334	Generated by GTK-Doc V1.18</div>
	335	</body>
	336	</html>⏎

+42

-7

doc/html/realmd.devhelp2 less more

1	1	<!DOCTYPE book PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
2	2	<book xmlns="http://www.devhelp.net/book" title="realmd" link="index.html" author="" name="realmd" version="2" language="c">
3	3	<chapters>
4		<sub name="DBus Interface Reference" link="dbus-interface-reference.html">
5		<sub name="org.freedesktop.realmd.Provider" link="gdbus-org.freedesktop.realmd.Provider.html"/>
6		<sub name="org.freedesktop.realmd.Realm" link="gdbus-org.freedesktop.realmd.Realm.html"/>
7		<sub name="org.freedesktop.realmd.Kerberos" link="gdbus-org.freedesktop.realmd.Kerberos.html"/>
8		<sub name="org.freedesktop.realmd.KerberosMembership" link="gdbus-org.freedesktop.realmd.KerberosMembership.html"/>
9		<sub name="org.freedesktop.realmd.Service" link="gdbus-org.freedesktop.realmd.Service.html"/>
	4	<sub name="Administrative Guide" link="guide.html">
	5	<sub name="Command manual pages" link="realm-manual.html">
	6	<sub name="realm" link="realm.html"/>
	7	</sub>
	8	<sub name="Using with Active Directory" link="guide-active-directory.html">
	9	<sub name="Discovering Active Directory domains" link="guide-active-directory.html#guide-active-directory-discover"/>
	10	<sub name="Active Directory client software" link="guide-active-directory-client.html">
	11	<sub name="Using SSSD with Active Directory" link="guide-active-directory-client.html#idp10880368"/>
	12	<sub name="Using Winbind with Active Directory" link="guide-active-directory-client.html#idp6592816"/>
	13	</sub>
	14	<sub name="Joining an Active Directory domain" link="guide-active-directory-join.html"/>
	15	<sub name="Logins using Domain Accounts" link="guide-active-directory-permit.html"/>
	16	</sub>
	17	<sub name="Using with FreeIPA" link="guide-freeipa.html">
	18	<sub name="Discovering FreeIPA domains" link="guide-freeipa.html#idp9009232"/>
	19	</sub>
	20	<sub name="Using with other Kerberos realms" link="guide-freeipa.html">
	21	<sub name="Discovering Kerberos realms" link="guide-freeipa.html#idp8851920"/>
	22	</sub>
	23	<sub name="Configuring realmd" link="guide-configuring.html">
	24	<sub name="active-directory" link="guide-configuring.html#guide-configuring-active-directory">
	25	<sub name="default-client" link="guide-configuring.html#idp7104192"/>
	26	</sub>
	27	<sub name="user" link="guide-configuring-users.html">
	28	<sub name="default-home" link="guide-configuring-users.html#idp6023568"/>
	29	<sub name="default-shell" link="guide-configuring-users.html#idp6557504"/>
	30	</sub>
	31	<sub name="Realm specific settings" link="guide-configuring-realm.html">
	32	<sub name="computer-ou" link="guide-configuring-realm.html#idp9639264"/>
	33	</sub>
	34	</sub>
	35	<sub name="Integration" link="guide-integration.html"/>
10	36	</sub>
11		<sub name="Raw DBus Interfaces" link="dbus-interface-raw.html"/>
	37	<sub name="Developer Reference" link="development.html">
	38	<sub name="DBus Interface Reference" link="dbus-interface-reference.html">
	39	<sub name="org.freedesktop.realmd.Provider" link="gdbus-org.freedesktop.realmd.Provider.html"/>
	40	<sub name="org.freedesktop.realmd.Realm" link="gdbus-org.freedesktop.realmd.Realm.html"/>
	41	<sub name="org.freedesktop.realmd.Kerberos" link="gdbus-org.freedesktop.realmd.Kerberos.html"/>
	42	<sub name="org.freedesktop.realmd.KerberosMembership" link="gdbus-org.freedesktop.realmd.KerberosMembership.html"/>
	43	<sub name="org.freedesktop.realmd.Service" link="gdbus-org.freedesktop.realmd.Service.html"/>
	44	</sub>
	45	<sub name="Raw DBus Interfaces" link="dbus-interface-raw.html"/>
	46	</sub>
12	47	</chapters>
13	48	<functions>
14	49	<keyword type="method" name="The Discover() method" link="gdbus-org.freedesktop.realmd.Provider.html#gdbus-method-org-freedesktop-realmd-Provider.Discover"/>

+11

-0

doc/html.css less more

90	90	left: -1em;
91	91	font-weight: normal !important;
92	92	}
	93
	94	DD > DL {
	95	margin-top: 0.3em;
	96	margin-bottom: 0.3em;
	97	}
	98
	99	PRE.screen {
	100	border: solid 1px #729fcf;
	101	padding: 0.5em;
	102	background: #e6f3ff;
	103	}

+352

-0

doc/realm.xml less more

	0	<?xml version='1.0'?>
	1	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
	2	"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
	3
	4	<refentry id="realm">
	5
	6	<refentryinfo>
	7	<title>realm</title>
	8	<productname>realmd</productname>
	9	<authorgroup>
	10	<author>
	11	<contrib>Maintainer</contrib>
	12	<firstname>Stef</firstname>
	13	<surname>Walter</surname>
	14	<email>stef@thewalter.net</email>
	15	</author>
	16	</authorgroup>
	17	</refentryinfo>
	18
	19	<refmeta>
	20	<refentrytitle>realm</refentrytitle>
	21	<manvolnum>8</manvolnum>
	22	<refmiscinfo class="manual">User Commands</refmiscinfo>
	23	</refmeta>
	24
	25	<refnamediv>
	26	<refname>realm</refname>
	27	<refpurpose>Manage enrollment in realms</refpurpose>
	28	</refnamediv>
	29
	30	<refsynopsisdiv>
	31	<cmdsynopsis>
	32	<command>realm discover <arg choice="plain">-v</arg> <arg choice="opt">realm-name</arg></command>
	33	</cmdsynopsis>
	34	<cmdsynopsis>
	35	<command>realm join <arg choice="plain">-v</arg> <arg choice="opt">-U user</arg> <arg choice="opt">realm-name</arg></command>
	36	</cmdsynopsis>
	37	<cmdsynopsis>
	38	<command>realm leave <arg choice="plain">-v</arg> <arg choice="opt">-U user</arg> <arg choice="opt">realm-name</arg></command>
	39	</cmdsynopsis>
	40	<cmdsynopsis>
	41	<command>realm list</command>
	42	</cmdsynopsis>
	43	<cmdsynopsis>
	44	<command>realm permit <arg choice="opt">-a</arg> <arg choice="opt">-R realm</arg> <arg choice="req">user</arg> ...</command>
	45	</cmdsynopsis>
	46	<cmdsynopsis>
	47	<command>realm deny <arg choice="opt">-a</arg> <arg choice="opt">-R realm</arg> <arg choice="req">user</arg> ...</command>
	48	</cmdsynopsis>
	49	</refsynopsisdiv>
	50
	51	<refsect1>
	52	<title>Description</title>
	53	<para><command>realm</command> is a command line tool that
	54	can be used to manage enrollment in kerberos realms, like Active
	55	Directory domains or IPA domains.</para>
	56	</refsect1>
	57
	58	<refsect1>
	59	<title>Discover</title>
	60
	61	<para>Discover a realm and its capabilities.</para>
	62
	63	<informalexample>
	64	<programlisting>
	65	$ realm discover
	66	</programlisting>
	67	<programlisting>
	68	$ realm discover domain.example.com
	69	</programlisting>
	70	</informalexample>
	71
	72	<para>After discovering a realm,
	73	its name, type and capabilities are displayed.</para>
	74
	75	<para>If no domain is specified, then the domain assigned through
	76	DHCP is used as a default.</para>
	77
	78	<para>The following options can be used:</para>
	79
	80	<variablelist>
	81	<varlistentry>
	82	<term><option>--client-software=xxx</option></term>
	83	<listitem><para>Only discover realms for which we can
	84	use the given client software. Possible values include
	85	<replaceable>sssd</replaceable> or
	86	<replaceable>winbind</replaceable>.</para></listitem>
	87	</varlistentry>
	88	<varlistentry>
	89	<term><option>--server-software=xxx</option></term>
	90	<listitem><para>Only discover realms for run the
	91	given server software. Possible values include
	92	<replaceable>active-directory</replaceable> or
	93	<replaceable>freeipa</replaceable>.</para></listitem>
	94	</varlistentry>
	95	<varlistentry>
	96	<term><option>--verbose, -v</option></term>
	97	<listitem><para>Display verbose diagnostics while doing
	98	the discovery.</para></listitem>
	99	</varlistentry>
	100	</variablelist>
	101
	102	</refsect1>
	103
	104	<refsect1>
	105	<title>Join</title>
	106
	107	<para>Configure the local machine for use with a realm.</para>
	108
	109	<informalexample>
	110	<programlisting>
	111	$ realm join domain.example.com
	112	</programlisting>
	113	<programlisting>
	114	$ realm join -user=admin --computer-ou=OU=Special domain.example.com
	115	</programlisting>
	116	</informalexample>
	117
	118	<para>The realm is first discovered, as we would with the
	119	<option>discover</option> command. If no domain is specified, then the
	120	domain assigned through DHCP is used as a default.</para>
	121
	122	<para>After a successful join, the computer will be in a state where
	123	it is able to resolve remote user and group names from the realm.
	124	For kerberos realms, a computer account and host keytab is created.</para>
	125
	126	<para>Joining arbitrary kerberos realms is not supported. The realm
	127	must have a supported mechanism for joining from a client machine, such
	128	as Active Directory or FreeIPA.</para>
	129
	130	<para>Unless a <arg>--user</arg> is explicitly specified, then if
	131	possible, an automatic join is attempted first.</para>
	132
	133	<para>The following options can be used:</para>
	134
	135	<variablelist>
	136	<varlistentry>
	137	<term><option>--client-software=xxx</option></term>
	138	<listitem><para>Only join realms for which we can
	139	use the given client software. Possible values include
	140	<replaceable>sssd</replaceable> or
	141	<replaceable>winbind</replaceable>. Not all values are
	142	supported for all realms. By default the client software
	143	is automatically selected.</para></listitem>
	144	</varlistentry>
	145	<varlistentry>
	146	<term><option>--computer-ou=OU=xxx</option></term>
	147	<listitem><para>The distinguished name of an organizational
	148	unit to create the computer account. The exact format
	149	of the distinguished name depends on the client software
	150	and membership software. You can usually omit the root
	151	DSE portion of distinguished name.</para></listitem>
	152	</varlistentry>
	153	<varlistentry>
	154	<term><option>--membership-software=xxx</option></term>
	155	<listitem><para>The software to use when joining to the
	156	realm. Possible values include <replaceable>samba</replaceable> or
	157	<replaceable>adcli</replaceable>. Not all values are
	158	supported for all realms. By default the membership software
	159	is automatically selected.</para></listitem>
	160	</varlistentry>
	161	<varlistentry>
	162	<term><option>--one-time-password=xxxx</option></term>
	163	<listitem><para>Perform the join using a one time password
	164	specified on the command line. This is not possible with
	165	all types of realms.</para></listitem>
	166	</varlistentry>
	167	<varlistentry>
	168	<term><option>--server-software=xxx</option></term>
	169	<listitem><para>Only join realms for run the
	170	given server software. Possible values include
	171	<replaceable>active-directory</replaceable> or
	172	<replaceable>freeipa</replaceable>.</para></listitem>
	173	</varlistentry>
	174	<varlistentry>
	175	<term><option>--user</option></term>
	176	<listitem><para>The user name to be used to authenticate
	177	with when joining the machine to the realm. You will
	178	be prompted for a password.</para></listitem>
	179	</varlistentry>
	180	<varlistentry>
	181	<term><option>--verbose, -v</option></term>
	182	<listitem><para>Display verbose diagnostics while doing
	183	the discovery and join.</para></listitem>
	184	</varlistentry>
	185	</variablelist>
	186
	187	</refsect1>
	188
	189	<refsect1>
	190	<title>Leave</title>
	191
	192	<para>Deconfigure the local machine for use with a realm.</para>
	193
	194	<informalexample>
	195	<programlisting>
	196	$ realm leave
	197	</programlisting>
	198	<programlisting>
	199	$ realm leave domain.example.com
	200	</programlisting>
	201	</informalexample>
	202
	203	<para>If no realm name is specified, then the first configured realm
	204	will be used.</para>
	205
	206	<para>The following options can be used:</para>
	207
	208	<variablelist>
	209	<varlistentry>
	210	<term><option>--client-software=xxx</option></term>
	211	<listitem><para>Only leave the realm which is using
	212	the given client software. Possible values include
	213	<replaceable>sssd</replaceable> or
	214	<replaceable>winbind</replaceable>.</para></listitem>
	215	</varlistentry>
	216	<varlistentry>
	217	<term><option>--server-software=xxx</option></term>
	218	<listitem><para>Only leave the realm which is using the
	219	given server software. Possible values include
	220	<replaceable>active-directory</replaceable> or
	221	<replaceable>freeipa</replaceable>.</para></listitem>
	222	</varlistentry>
	223	<varlistentry>
	224	<term><option>--remove</option></term>
	225	<listitem><para>Remove or disable computer account from the
	226	directory while leaving the realm. This will usually prompt
	227	for a pasword.</para></listitem>
	228	</varlistentry>
	229	<varlistentry>
	230	<term><option>--user</option></term>
	231	<listitem><para>The user name to be used to authenticate
	232	with when leaving the realm. You will be prompted for a
	233	password. Implies <option>--remove</option>.</para></listitem>
	234	</varlistentry>
	235	<varlistentry>
	236	<term><option>--verbose, -v</option></term>
	237	<listitem><para>Display verbose diagnostics while doing
	238	the leave operation.</para></listitem>
	239	</varlistentry>
	240	</variablelist>
	241
	242	</refsect1>
	243
	244	<refsect1>
	245	<title>List</title>
	246
	247	<para>List all the discovered and configured realms.</para>
	248
	249	<informalexample>
	250	<programlisting>
	251	$ realm list
	252	</programlisting>
	253	</informalexample>
	254
	255	<para>The following options can be used:</para>
	256
	257	<variablelist>
	258	<varlistentry>
	259	<term><option>--verbose, -v</option></term>
	260	<listitem><para>Display verbose diagnostics while
	261	listing.</para></listitem>
	262	</varlistentry>
	263	</variablelist>
	264
	265	</refsect1>
	266
	267	<refsect1>
	268	<title>Permit</title>
	269
	270	<para>Permit local login by users of the realm.</para>
	271
	272	<informalexample>
	273	<programlisting>
	274	$ realm permit -a
	275	</programlisting>
	276	<programlisting>
	277	$ realm permit DOMAIN\User
	278	</programlisting>
	279	</informalexample>
	280
	281	<para>If more than one realm is configured, then use the <option>--realm</option>
	282	option to specify which realm to permit the users on.</para>
	283
	284	<para>The format of the user name can be seen by using the
	285	<option>list</option> command.</para>
	286
	287	<para>The following options can be used:</para>
	288
	289	<variablelist>
	290	<varlistentry>
	291	<term><option>--all, -a</option></term>
	292	<listitem><para>Permit login by any valid user of the
	293	realm.</para></listitem>
	294	</varlistentry>
	295	<varlistentry>
	296	<term><option>--realm, -R</option></term>
	297	<listitem><para>Specify the name of the realm to permit
	298	users to log into.</para></listitem>
	299	</varlistentry>
	300	<varlistentry>
	301	<term><option>--verbose, -v</option></term>
	302	<listitem><para>Display verbose diagnostics while
	303	doing the operation.</para></listitem>
	304	</varlistentry>
	305	</variablelist>
	306
	307	</refsect1>
	308
	309	<refsect1>
	310	<title>Deny</title>
	311
	312	<para>Deny local login by users of the realm.</para>
	313
	314	<informalexample>
	315	<programlisting>
	316	$ realm deny -a
	317	</programlisting>
	318	<programlisting>
	319	$ realm deny DOMAIN\User
	320	</programlisting>
	321	</informalexample>
	322
	323	<para>If more than one realm is configured, then use the <option>--realm</option>
	324	option to specify which realm to deny the users' login via.</para>
	325
	326	<para>The format of the user name can be seen by using the
	327	<option>list</option> command.</para>
	328
	329	<para>The following options can be used:</para>
	330
	331	<variablelist>
	332	<varlistentry>
	333	<term><option>--all, -a</option></term>
	334	<listitem><para>Deny login by any validuser of the
	335	realm.</para></listitem>
	336	</varlistentry>
	337	<varlistentry>
	338	<term><option>--realm, -R</option></term>
	339	<listitem><para>Specify the name of the realm to deny
	340	users login to.</para></listitem>
	341	</varlistentry>
	342	<varlistentry>
	343	<term><option>--verbose, -v</option></term>
	344	<listitem><para>Display verbose diagnostics while
	345	doing the operation.</para></listitem>
	346	</varlistentry>
	347	</variablelist>
	348
	349	</refsect1>
	350
	351	</refentry>

+35

-14

doc/realmd-docs.sgml less more

10	10	<releaseinfo>for &version;</releaseinfo>
11	11	</bookinfo>
12	12
13		<chapter xml:id="dbus-interface-reference">
14		<title>DBus Interface Reference</title>
15		<xi:include href="realmd-org.freedesktop.realmd.Provider.xml"/>
16		<xi:include href="realmd-org.freedesktop.realmd.Realm.xml"/>
17		<xi:include href="realmd-org.freedesktop.realmd.Kerberos.xml"/>
18		<xi:include href="realmd-org.freedesktop.realmd.KerberosMembership.xml"/>
19		<xi:include href="realmd-org.freedesktop.realmd.Service.xml"/>
20		</chapter>
21		<chapter xml:id="dbus-interface-raw">
22		<title>Raw DBus Interfaces</title>
23		<para>These are the current raw DBus interfaces for realmd.</para>
24		<programlisting role="rawhtml">
	13	<part id="guide">
	14	<title>Administrative Guide</title>
	15	<chapter xml:id="realm-manual">
	16	<title>Command manual pages</title>
	17	<xi:include href="realm.xml"/>
	18	</chapter>
	19
	20	<xi:include href="realmd-guide-active-directory.xml"/>
	21	<xi:include href="realmd-guide-freeipa.xml"/>
	22	<xi:include href="realmd-guide-kerberos.xml"/>
	23	<xi:include href="realmd-guide-configuring.xml"/>
	24
	25	<chapter id="guide-integration">
	26	<title>Integration</title>
	27	</chapter>
	28	</part>
	29
	30	<part id="development">
	31	<title>Developer Reference</title>
	32	<chapter xml:id="dbus-interface-reference">
	33	<title>DBus Interface Reference</title>
	34	<xi:include href="realmd-org.freedesktop.realmd.Provider.xml"/>
	35	<xi:include href="realmd-org.freedesktop.realmd.Realm.xml"/>
	36	<xi:include href="realmd-org.freedesktop.realmd.Kerberos.xml"/>
	37	<xi:include href="realmd-org.freedesktop.realmd.KerberosMembership.xml"/>
	38	<xi:include href="realmd-org.freedesktop.realmd.Service.xml"/>
	39	</chapter>
	40	<chapter xml:id="dbus-interface-raw">
	41	<title>Raw DBus Interfaces</title>
	42	<para>These are the current raw DBus interfaces for realmd.</para>
	43	<programlisting role="rawhtml">
25	44	<textobject>
26	45	<?dbhtml-include href="realmd-org.freedesktop.realmd.xml"?>
27	46	</textobject>
28		</programlisting>
29		</chapter>
	47	</programlisting>
	48	</chapter>
	49	</part>
	50
30	51	</book>

+208

-0

doc/realmd-guide-active-directory.xml less more

	0	<?xml version="1.0"?>
	1	<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	2	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
	3	[
	4	<!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
	5	]>
	6
	7	<chapter id="guide-active-directory">
	8	<title>Using with Active Directory</title>
	9
	10	<para><command>realmd</command> can discover Active Directory domains
	11	and join the current computer as an account on that domain. This allows
	12	using domain users locally, as well as use a domain account to log
	13	into the machine.</para>
	14
	15	<section id="guide-active-directory-discover">
	16	<title>Discovering Active Directory domains</title>
	17	<para><command>realmd</command> discovers which domains or
	18	realms it can use or configure. It can discover and identify
	19	Active Directory domains by looking up the appropriate DNS SRV
	20	records.</para>
	21
	22	<para>The following DNS SRV records are required to be present
	23	for <command>realmd</command> to identify a provided realm as
	24	an Active Directory domain. The DNS server that comes with
	25	Active Directory on Windows Server automatically creates
	26	these DNS records.</para>
	27
	28	<informalexample>
	29	<screen>
	30	# In this example the Active Directory domain is 'domain.example.com'
	31	<emphasis>_kerberos._udp.</emphasis>domain.example.com.
	32	<emphasis>_kerberos._tcp.dc._msdcs.</emphasis>domain.example.com.
	33	</screen>
	34	</informalexample>
	35
	36	<para>To see how <command>realmd</command> is discovering a
	37	particular domain name, try a command like the following. Using
	38	the <option>--verbose</option> argument displays verbose
	39	discovery information.</para>
	40
	41	<informalexample>
	42	<screen>
	43	$ <command>realm --verbose domain.example.com</command>
	44	* Searching for kerberos SRV records for domain: _kerberos._udp.domain.example.com
	45	* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.domain.example.com
	46	* dc.domain.example.com:88
	47	* Found kerberos DNS records for: domain.example.com
	48	* Found AD style DNS records for: domain.example.com
	49	* Successfully discovered: domain.example.com
	50	...
	51	</screen>
	52	</informalexample>
	53
	54	</section>
	55
	56	<section id="guide-active-directory-client">
	57	<title>Active Directory client software</title>
	58	<para>As part of configuring an Active Directory domain for use
	59	on the local computer, <command>realmd</command> will configure
	60	client software to enable domain accounts to be used on the local
	61	computer.</para>
	62
	63	<para><command>realmd</command> supports two types of client
	64	software for Active Directory:
	65	<ulink url="https://fedorahosted.org/sssd/">SSSD</ulink> and
	66	<ulink url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html">Winbind</ulink>.
	67	By default SSSD is used.</para>
	68
	69	<section>
	70	<title>Using SSSD with Active Directory</title>
	71	<para><ulink url="https://fedorahosted.org/sssd/">SSSD</ulink>
	72	provides client software for various kerberos and/or LDAP
	73	directories. Since version 1.9.x it provides good support
	74	for Active Directory.</para>
	75
	76	<para>When joining a computer to an Active Directory domain,
	77	<command>realmd</command> will use SSSD as the client software
	78	by default. You can force use of SSSD by specifying the
	79	<option>--client-software=sssd</option> when joining the
	80	domain with the
	81	<link linkend="realm"><command>realm</command></link>
	82	command like this:</para>
	83
	84	<informalexample>
	85	<screen>
	86	$ <command>realm join --client-software=sssd domain.example.com</command>
	87	</screen>
	88	</informalexample>
	89	</section>
	90
	91	<section>
	92	<title>Using Winbind with Active Directory</title>
	93	<para>Samba
	94	<ulink url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html">Winbind</ulink>
	95	provides client software for use with Active Directory.</para>
	96
	97	<para>To have <command>realmd</command> use Winbind as the
	98	client software, configure the
	99	<link linkend="guide-configuring-active-directory"><option>default-client</option> setting</link>.
	100	You can force use of Winbind by specifying the
	101	<option>--client-software=winbind</option> when joining the
	102	domain with the
	103	<link linkend="realm"><command>realm</command></link>
	104	command like this:</para>
	105
	106	<informalexample>
	107	<screen>
	108	$ <command>realm join --client-software=winbind domain.example.com</command>
	109	</screen>
	110	</informalexample>
	111
	112	</section>
	113	</section>
	114
	115	<section id="guide-active-directory-join">
	116	<title>Joining an Active Directory domain</title>
	117
	118	<para>To join an Active Directory domain with <command>realmd</command>
	119	you can use the <link linkend="realm"><command>realm</command></link>
	120	command line tool:</para>
	121
	122	<informalexample>
	123	<screen>
	124	$ <command>realm join --verbose domain.example.com</command>
	125	</screen>
	126	</informalexample>
	127
	128	<para>By specifying the <option>--verbose</option> it's easier
	129	to see what went wrong if the join fails.</para>
	130
	131	<para>Other tools also use <command>realmd</command> which can
	132	be used to perform the join operation, for example: GNOME
	133	Control Center.</para>
	134
	135	<para>The join operation does the following:</para>
	136	<itemizedlist>
	137	<listitem><para>Discovers information about the domain.</para></listitem>
	138	<listitem><para>Installs the necessary software to join the domain, such as SSSD or Winbind.</para></listitem>
	139	<listitem><para>Tries to join the domain automatically, without administrative credentials.</para></listitem>
	140	<listitem><para>If administrative credentials are required, a password will be prompted for.</para></listitem>
	141	<listitem><para>A computer account in the domain will be created, and or updated.</para></listitem>
	142	<listitem><para>A host keytab file at <filename>/etc/krb5.keytab</filename> is created.</para></listitem>
	143	<listitem><para>Configures the SSSD or Winbind services, and restarts and enables them as appropriate.</para></listitem>
	144	<listitem><para>Enables domain users in <filename>/etc/nsswitch.conf</filename></para></listitem>
	145	</itemizedlist>
	146
	147	<para>After the join operation is complete, domain accounts should
	148	be usable locally, although logins using domain accounts are
	149	not necessarily enabled.</para>
	150
	151	<para>You verify that domain accounts are working with with a
	152	command like this:</para>
	153
	154	<informalexample>
	155	<screen>
	156	$ <command>getent passwd DOMAIN\Administrator</command>
	157	</screen>
	158	</informalexample>
	159
	160	<para>The join operation will create or update a computer account
	161	in the domain. If you wish to specify a specific organizational unit
	162	where this account is created, you can use the
	163	<link linkend="guide-configuring-realm"><option>computer-ou</option> setting</link>.</para>
	164
	165	</section>
	166
	167	<section id="guide-active-directory-permit">
	168	<title>Logins using Domain Accounts</title>
	169
	170	<para>Once the
	171	<link linkend="guide-active-directory-join">computer is joined</link>
	172	to an Active Directory domain, you can configure the machine so
	173	that you can log in with domain accounts.</para>
	174
	175	<para>To permit any domain account to log in, use the following
	176	command.</para>
	177
	178	<informalexample>
	179	<screen>
	180	$ <command>realm permit --realm domain.example.com --all</command>
	181	</screen>
	182	</informalexample>
	183
	184	<para>To permit only specific accounts from the domain to log in
	185	use the following command. The first time this command is run
	186	it will change the mode to only allow logins by specific accounts,
	187	and then add the specified accounts to the list of accounts
	188	to permit.</para>
	189
	190	<informalexample>
	191	<screen>
	192	$ <command>realm permit --realm domain.example.com DOMAIN\\User1 DOMAIN\\User2</command>
	193	</screen>
	194	</informalexample>
	195
	196	<para>To deny logins from any domain account, use the following
	197	command.</para>
	198
	199	<informalexample>
	200	<screen>
	201	$ <command>realm deny --realm domain.example.com --all</command>
	202	</screen>
	203	</informalexample>
	204
	205	</section>
	206
	207	</chapter>

+200

-0

doc/realmd-guide-configuring.xml less more

	0	<?xml version="1.0"?>
	1	<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	2	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
	3	[
	4	<!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
	5	]>
	6
	7	<chapter id="guide-configuring">
	8	<title>Configuring realmd</title>
	9
	10	<para><command>realmd</command> can be tweaked by network administrators
	11	to act in specific ways. This is done by placing settings in a
	12	<filename>/etc/realmd.conf</filename>. The syntax of this file is the
	13	same as an INI file or Desktop Entry file.</para>
	14
	15	<para>Only specify the settings you wish to override in the
	16	<filename>/etc/realmd.conf</filename> file. Settings not specified will
	17	be loaded either from their packaged defaults. Only override the settings
	18	below. You may find other settings if you root around the
	19	<command>realmd</command> source code. However these are not guaranteed
	20	to remain stable.</para>
	21
	22	<section id="guide-configuring-active-directory">
	23	<title>active-directory</title>
	24	<para>These options should go in an <option>[active-directory]</option>
	25	section of the <filename>/etc/realmd.conf</filename> file. Only
	26	specify the settings you wish to override.</para>
	27
	28	<section>
	29	<title>default-client</title>
	30
	31	<para>Specify the <option>default-client</option> setting in
	32	order to control which client software is the preferred default
	33	for use with Active Directory.</para>
	34
	35	<informalexample>
	36	<programlisting language="js">
	37	[active-directory]
	38	default-client = sssd
	39	# default-client = winbind
	40	</programlisting>
	41	</informalexample>
	42
	43	<para>The default setting for this is
	44	<option>sssd</option> which uses
	45	<ulink url="https://fedorahosted.org/sssd/">SSSD</ulink> as
	46	the Active Directory client. You can also specify
	47	<option>winbind</option> to use
	48	<ulink url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/winbind.html">Samba Winbind</ulink>.
	49	</para>
	50
	51	<para>Some callers of <command>realmd</command> such as the
	52	<link linkend="realm"><command>realm</command></link>
	53	command line tool allow specifying which client software should
	54	be used. Others, such as GNOME Control Center, simplify choose
	55	the default.</para>
	56
	57	<para>You can verify the preferred default client softawre by
	58	running the following command. The realm with the preferred
	59	client software will be listed first.</para>
	60
	61	<informalexample>
	62	<screen>
	63	$ <command>realm discover domain.example.com</command>
	64	domain.example.com
	65	configured: no
	66	server-software: active-directory
	67	client-software: sssd
	68	type: kerberos
	69	realm-name: AD.THEWALTER.LAN
	70	domain-name: ad.thewalter.lan
	71	domain.example.com
	72	configured: no
	73	server-software: active-directory
	74	client-software: winbind
	75	type: kerberos
	76	realm-name: AD.THEWALTER.LAN
	77	domain-name: ad.thewalter.lan
	78	</screen>
	79	</informalexample>
	80
	81	</section>
	82
	83	</section>
	84
	85	<section id="guide-configuring-users">
	86	<title>user</title>
	87	<para>These options should go in an <option>[users]</option>
	88	section of the <filename>/etc/realmd.conf</filename> file. Only
	89	specify the settings you wish to override.</para>
	90
	91	<section>
	92	<title>default-home</title>
	93
	94	<para>Specify the <option>default-home</option> setting in
	95	order to control how to set the home directory for accounts
	96	that have no home directory explicitly set.</para>
	97
	98	<informalexample>
	99	<programlisting language="js">
	100	[active-directory]
	101	default-home = /home/%D/%U
	102	# default-home = /nfs/home/%D-%U
	103	</programlisting>
	104	</informalexample>
	105
	106	<para>The default setting for this is <option>/home/%D/%U</option>. The
	107	<option>%D</option> format is replaced by the domain name. In the case of
	108	Active Directory this is the short domain name. The <option>%U</option>
	109	format is replaced by the user name.</para>
	110
	111	<para>You can verify the home directory for a user by running the
	112	following command.</para>
	113
	114	<informalexample>
	115	<screen>
	116	$ <command>getent passwd 'DOMAIN/User'</command>
	117	DOMAIN\user:*:1344600500:1344600513:User Name:/home/DOMAIN/user:/bin/bash
	118	</screen>
	119	</informalexample>
	120
	121	</section>
	122
	123	<section>
	124	<title>default-shell</title>
	125
	126	<para>Specify the <option>default-shell</option> setting in
	127	order to control how to set the Unix shell for accounts that
	128	have no shell explicitly set.</para>
	129
	130	<informalexample>
	131	<programlisting language="js">
	132	[active-directory]
	133	default-shell = /bin/bash
	134	# default-shell = /bin/sh
	135	</programlisting>
	136	</informalexample>
	137
	138	<para>The default setting for this is <option>/bin/bash</option> shell. The
	139	shell should be a valid shell if you expect the domain users be able to log
	140	in. For example it should exist in the <filename>/etc/shells</filename> file.</para>
	141
	142	<para>You can verify the shell for a user by running the
	143	following command.</para>
	144
	145	<informalexample>
	146	<screen>
	147	$ <command>getent passwd 'DOMAIN/User'</command>
	148	DOMAIN\user:*:1344600500:1344600513:User Name:/home/DOMAIN/user:/bin/bash
	149	</screen>
	150	</informalexample>
	151
	152	</section>
	153
	154	</section>
	155
	156	<section id="guide-configuring-realm">
	157	<title>Realm specific settings</title>
	158	<para>These options should go in an section with the same name
	159	as the realm in the <filename>/etc/realmd.conf</filename> file.
	160	For example for the <option>domain.example.com</option> domain
	161	the section would be called <option>[domain.example.com]</option>.
	162	To figure out the canonical name for a realm use the
	163	<command>realm</command> command:</para>
	164
	165	<informalexample>
	166	<screen>
	167	$ <command>realm discover --name DOMAIN.example.com</command>
	168	domain.example.com
	169	...
	170	</screen>
	171	</informalexample>
	172
	173	<para>Only specify the settings you wish to override.</para>
	174	<section>
	175	<title>computer-ou</title>
	176
	177	<para>Specify this option to create directory computer accounts
	178	in a location other than the default. This currently only works
	179	with Active Directory domains.</para>
	180
	181	<informalexample>
	182	<programlisting>
	183	[domain.example.com]
	184	computer-ou = OU=Linux Computers,DC=domain,DC=example,DC=com
	185	# computer-ou = OU=Linux Computers,
	186	</programlisting>
	187	</informalexample>
	188
	189	<para>Specify the OU as an LDAP DN. It can be relative to the
	190	Root DSE, or a complete LDAP DN. Obviously the OU must exist
	191	in the directory.</para>
	192
	193	<para>It is also possible to use the <option>--computer-ou</option>
	194	argument of the <link linkend="realm">realm</link> command to
	195	create a computer account at a specific OU.</para>
	196
	197	</section>
	198	</section>
	199	</chapter>

+62

-0

doc/realmd-guide-freeipa.xml less more

	0	<?xml version="1.0"?>
	1	<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	2	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
	3	[
	4	<!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
	5	]>
	6
	7	<chapter id="guide-freeipa">
	8	<title>Using with FreeIPA</title>
	9
	10	<para><command>realmd</command> can discover FreeIPA domains. It is not
	11	yet possible to join the computer to the domain.</para>
	12
	13	<section>
	14	<title>Discovering FreeIPA domains</title>
	15	<para><command>realmd</command> discovers which domains or
	16	realms it can use or configure. It can discover and identify
	17	FreeIPA domains by looking up the appropriate DNS SRV
	18	records and by connecting to the server and retrieving
	19	its TLS certificate.</para>
	20
	21	<para>The following DNS SRV records are required to be present
	22	for <command>realmd</command> to identify a provided realm as
	23	an Kerberos domain.</para>
	24
	25	<informalexample>
	26	<screen>
	27	# In this example the FreeIPA domain is 'domain.example.com'
	28	<emphasis>_kerberos._udp.</emphasis>domain.example.com.
	29	</screen>
	30	</informalexample>
	31
	32	<para>In addition <command>realmd</command> connects to the first
	33	three KDC's listed and tests if they are FreeIPA servers. It
	34	does this by connecting via HTTPS and retrieving their certificate
	35	from the <filename>/ipa/config/ca.crt</filename> location. It
	36	compares this certificate with the one being used on KDC HTTPS
	37	server. If they match the domain is treated as a FreeIPA domain.</para>
	38
	39	<para>To see how <command>realmd</command> is discovering a
	40	particular domain name, try a command like the following. Using
	41	the <option>--verbose</option> argument displays verbose
	42	discovery information.</para>
	43
	44	<informalexample>
	45	<screen>
	46	$ <command>realm --verbose discover domain.example.com</command>
	47	* Searching for kerberos SRV records for domain: _kerberos._udp.ipa.thewalter.lan
	48	* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.ipa.thewalter.lan
	49	* dc.domain.example.com:88
	50	* Trying to retrieve IPA certificate from dc.domain.example.com
	51	* Retrieved IPA CA certificate verifies the HTTPS connection
	52	* Found kerberos DNS records for: domain.example.com
	53	* Found IPA style certificate for: domain.example.com
	54	* Successfully discovered: domain.example.com
	55	...
	56	</screen>
	57	</informalexample>
	58
	59	</section>
	60
	61	</chapter>

+50

-0

doc/realmd-guide-kerberos.xml less more

	0	<?xml version="1.0"?>
	1	<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	2	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"
	3	[
	4	<!ENTITY % local.common.attrib "xmlns:xi CDATA #FIXED 'http://www.w3.org/2003/XInclude'">
	5	]>
	6
	7	<chapter id="guide-freeipa">
	8	<title>Using with other Kerberos realms</title>
	9
	10	<para><command>realmd</command> can discover generic Kerberos realms.
	11	Since there is no standard way to enroll a computer against a Kerberos
	12	server, it is not possible to do this with <command>realmd</command>.</para>
	13
	14	<section>
	15	<title>Discovering Kerberos realms</title>
	16	<para><command>realmd</command> discovers which domains or
	17	realms it can use or configure. It can discover and identify
	18	Kerberos domains by looking up the appropriate DNS SRV
	19	records.</para>
	20
	21	<para>The following DNS SRV record is required to be present
	22	for <command>realmd</command> to identify a provided realm as
	23	a Kerberos domain.</para>
	24
	25	<informalexample>
	26	<screen>
	27	# In this example the Kerberos domain is 'domain.example.com'
	28	<emphasis>_kerberos._udp.</emphasis>domain.example.com.
	29	</screen>
	30	</informalexample>
	31
	32	<informalexample>
	33	<screen>
	34	$ <command>realm --verbose discover domain.example.com</command>
	35	* Searching for kerberos SRV records for domain: _kerberos._udp.domain.example.com
	36	* Searching for MSDCS SRV records on domain: _kerberos._tcp.dc._msdcs.domain.example.com
	37	* dc.domain.example.com:88
	38	* Trying to retrieve IPA certificate from dc.domain.example.com
	39	! Couldn't read certificate via HTTP: No PEM-encoded certificate found
	40	! Couldn't discover IPA KDC: No PEM-encoded certificate found
	41	* Found kerberos DNS records for: domain.example.com
	42	* Successfully discovered: domain.example.com
	43	...
	44	</screen>
	45	</informalexample>
	46
	47	</section>
	48
	49	</chapter>

-1

doc/version.xml less more

0		0.8
	0	0.9

-5

service/Makefile.am less more

4	4
5	5	REALMD_CONFIGS = \
6	6	realmd-defaults.conf \
7		realmd-redhat.conf
	7	realmd-redhat.conf \
	8	realmd-debian.conf \
	9	$(NULL)
8	10
9	11	private_DATA = \
10	12	net-ads-smb.conf \

40	42	realm-samba-util.c realm-samba-util.h \
41	43	realm-samba-winbind.c realm-samba-winbind.h \
42	44	realm-service.c realm-service.h \
43		realm-service-systemd.c realm-service-systemd.h \
44		realm-service-upstart.c realm-service-upstart.h \
45	45	realm-settings.c realm-settings.h \
46	46	realm-sssd.c realm-sssd.h \
47	47	realm-sssd-ad.c realm-sssd-ad.h \
48		realm-sssd-ad-provider.c realm-sssd-ad-provider.h \
	48	realm-sssd-provider.c realm-sssd-provider.h \
49	49	realm-sssd-config.c realm-sssd-config.h \
50	50	realm-sssd-ipa.c realm-sssd-ipa.h \
51		realm-sssd-ipa-provider.c realm-sssd-ipa-provider.h \
52	51	$(NULL)
53	52
54	53	realmd_CFLAGS = \

+23

-72

service/Makefile.in less more

84	84	realmd-realm-samba-provider.$(OBJEXT) \
85	85	realmd-realm-samba-util.$(OBJEXT) \
86	86	realmd-realm-samba-winbind.$(OBJEXT) \
87		realmd-realm-service.$(OBJEXT) \
88		realmd-realm-service-systemd.$(OBJEXT) \
89		realmd-realm-service-upstart.$(OBJEXT) \
90		realmd-realm-settings.$(OBJEXT) realmd-realm-sssd.$(OBJEXT) \
91		realmd-realm-sssd-ad.$(OBJEXT) \
92		realmd-realm-sssd-ad-provider.$(OBJEXT) \
	87	realmd-realm-service.$(OBJEXT) realmd-realm-settings.$(OBJEXT) \
	88	realmd-realm-sssd.$(OBJEXT) realmd-realm-sssd-ad.$(OBJEXT) \
	89	realmd-realm-sssd-provider.$(OBJEXT) \
93	90	realmd-realm-sssd-config.$(OBJEXT) \
94		realmd-realm-sssd-ipa.$(OBJEXT) \
95		realmd-realm-sssd-ipa-provider.$(OBJEXT) $(am__objects_1)
	91	realmd-realm-sssd-ipa.$(OBJEXT) $(am__objects_1)
96	92	realmd_OBJECTS = $(am_realmd_OBJECTS)
97	93	am__DEPENDENCIES_1 =
98	94	realmd_DEPENDENCIES = $(top_builddir)/dbus/librealm-dbus.a \

274	270	USE_NLS = @USE_NLS@
275	271	VERSION = @VERSION@
276	272	XGETTEXT = @XGETTEXT@
	273	XSLTPROC = @XSLTPROC@
277	274	abs_builddir = @abs_builddir@
278	275	abs_srcdir = @abs_srcdir@
279	276	abs_top_builddir = @abs_top_builddir@

344	341	SUFFIXES = .conf .conf.in .desktop.in .desktop.in.in .service .service.in
345	342	REALMD_CONFIGS = \
346	343	realmd-defaults.conf \
347		realmd-redhat.conf
	344	realmd-redhat.conf \
	345	realmd-debian.conf \
	346	$(NULL)
348	347
349	348	private_DATA = \
350	349	net-ads-smb.conf \

378	377	realm-samba-util.c realm-samba-util.h \
379	378	realm-samba-winbind.c realm-samba-winbind.h \
380	379	realm-service.c realm-service.h \
381		realm-service-systemd.c realm-service-systemd.h \
382		realm-service-upstart.c realm-service-upstart.h \
383	380	realm-settings.c realm-settings.h \
384	381	realm-sssd.c realm-sssd.h \
385	382	realm-sssd-ad.c realm-sssd-ad.h \
386		realm-sssd-ad-provider.c realm-sssd-ad-provider.h \
	383	realm-sssd-provider.c realm-sssd-provider.h \
387	384	realm-sssd-config.c realm-sssd-config.h \
388	385	realm-sssd-ipa.c realm-sssd-ipa.h \
389		realm-sssd-ipa-provider.c realm-sssd-ipa-provider.h \
390	386	$(NULL)
391	387
392	388	realmd_CFLAGS = \

539	535	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-samba-util.Po@am__quote@
540	536	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-samba-winbind.Po@am__quote@
541	537	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-samba.Po@am__quote@
542		@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-service-systemd.Po@am__quote@
543		@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-service-upstart.Po@am__quote@
544	538	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-service.Po@am__quote@
545	539	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-settings.Po@am__quote@
546		@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd-ad-provider.Po@am__quote@
547	540	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd-ad.Po@am__quote@
548	541	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd-config.Po@am__quote@
549		@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd-ipa-provider.Po@am__quote@
550	542	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd-ipa.Po@am__quote@
	543	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd-provider.Po@am__quote@
551	544	@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/realmd-realm-sssd.Po@am__quote@
552	545
553	546	.c.o:

900	893	@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
901	894	@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-service.obj `if test -f 'realm-service.c'; then $(CYGPATH_W) 'realm-service.c'; else $(CYGPATH_W) '$(srcdir)/realm-service.c'; fi`
902	895
903		realmd-realm-service-systemd.o: realm-service-systemd.c
904		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-service-systemd.o -MD -MP -MF $(DEPDIR)/realmd-realm-service-systemd.Tpo -c -o realmd-realm-service-systemd.o `test -f 'realm-service-systemd.c' \|\| echo '$(srcdir)/'`realm-service-systemd.c
905		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-service-systemd.Tpo $(DEPDIR)/realmd-realm-service-systemd.Po
906		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-service-systemd.c' object='realmd-realm-service-systemd.o' libtool=no @AMDEPBACKSLASH@
907		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
908		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-service-systemd.o `test -f 'realm-service-systemd.c' \|\| echo '$(srcdir)/'`realm-service-systemd.c
909
910		realmd-realm-service-systemd.obj: realm-service-systemd.c
911		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-service-systemd.obj -MD -MP -MF $(DEPDIR)/realmd-realm-service-systemd.Tpo -c -o realmd-realm-service-systemd.obj `if test -f 'realm-service-systemd.c'; then $(CYGPATH_W) 'realm-service-systemd.c'; else $(CYGPATH_W) '$(srcdir)/realm-service-systemd.c'; fi`
912		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-service-systemd.Tpo $(DEPDIR)/realmd-realm-service-systemd.Po
913		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-service-systemd.c' object='realmd-realm-service-systemd.obj' libtool=no @AMDEPBACKSLASH@
914		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
915		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-service-systemd.obj `if test -f 'realm-service-systemd.c'; then $(CYGPATH_W) 'realm-service-systemd.c'; else $(CYGPATH_W) '$(srcdir)/realm-service-systemd.c'; fi`
916
917		realmd-realm-service-upstart.o: realm-service-upstart.c
918		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-service-upstart.o -MD -MP -MF $(DEPDIR)/realmd-realm-service-upstart.Tpo -c -o realmd-realm-service-upstart.o `test -f 'realm-service-upstart.c' \|\| echo '$(srcdir)/'`realm-service-upstart.c
919		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-service-upstart.Tpo $(DEPDIR)/realmd-realm-service-upstart.Po
920		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-service-upstart.c' object='realmd-realm-service-upstart.o' libtool=no @AMDEPBACKSLASH@
921		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
922		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-service-upstart.o `test -f 'realm-service-upstart.c' \|\| echo '$(srcdir)/'`realm-service-upstart.c
923
924		realmd-realm-service-upstart.obj: realm-service-upstart.c
925		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-service-upstart.obj -MD -MP -MF $(DEPDIR)/realmd-realm-service-upstart.Tpo -c -o realmd-realm-service-upstart.obj `if test -f 'realm-service-upstart.c'; then $(CYGPATH_W) 'realm-service-upstart.c'; else $(CYGPATH_W) '$(srcdir)/realm-service-upstart.c'; fi`
926		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-service-upstart.Tpo $(DEPDIR)/realmd-realm-service-upstart.Po
927		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-service-upstart.c' object='realmd-realm-service-upstart.obj' libtool=no @AMDEPBACKSLASH@
928		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
929		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-service-upstart.obj `if test -f 'realm-service-upstart.c'; then $(CYGPATH_W) 'realm-service-upstart.c'; else $(CYGPATH_W) '$(srcdir)/realm-service-upstart.c'; fi`
930
931	896	realmd-realm-settings.o: realm-settings.c
932	897	@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-settings.o -MD -MP -MF $(DEPDIR)/realmd-realm-settings.Tpo -c -o realmd-realm-settings.o `test -f 'realm-settings.c' \|\| echo '$(srcdir)/'`realm-settings.c
933	898	@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-settings.Tpo $(DEPDIR)/realmd-realm-settings.Po

970	935	@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
971	936	@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-ad.obj `if test -f 'realm-sssd-ad.c'; then $(CYGPATH_W) 'realm-sssd-ad.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-ad.c'; fi`
972	937
973		realmd-realm-sssd-ad-provider.o: realm-sssd-ad-provider.c
974		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-ad-provider.o -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-ad-provider.Tpo -c -o realmd-realm-sssd-ad-provider.o `test -f 'realm-sssd-ad-provider.c' \|\| echo '$(srcdir)/'`realm-sssd-ad-provider.c
975		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-sssd-ad-provider.Tpo $(DEPDIR)/realmd-realm-sssd-ad-provider.Po
976		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-ad-provider.c' object='realmd-realm-sssd-ad-provider.o' libtool=no @AMDEPBACKSLASH@
977		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
978		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-ad-provider.o `test -f 'realm-sssd-ad-provider.c' \|\| echo '$(srcdir)/'`realm-sssd-ad-provider.c
979
980		realmd-realm-sssd-ad-provider.obj: realm-sssd-ad-provider.c
981		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-ad-provider.obj -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-ad-provider.Tpo -c -o realmd-realm-sssd-ad-provider.obj `if test -f 'realm-sssd-ad-provider.c'; then $(CYGPATH_W) 'realm-sssd-ad-provider.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-ad-provider.c'; fi`
982		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-sssd-ad-provider.Tpo $(DEPDIR)/realmd-realm-sssd-ad-provider.Po
983		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-ad-provider.c' object='realmd-realm-sssd-ad-provider.obj' libtool=no @AMDEPBACKSLASH@
984		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
985		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-ad-provider.obj `if test -f 'realm-sssd-ad-provider.c'; then $(CYGPATH_W) 'realm-sssd-ad-provider.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-ad-provider.c'; fi`
	938	realmd-realm-sssd-provider.o: realm-sssd-provider.c
	939	@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-provider.o -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-provider.Tpo -c -o realmd-realm-sssd-provider.o `test -f 'realm-sssd-provider.c' \|\| echo '$(srcdir)/'`realm-sssd-provider.c
	940	@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-sssd-provider.Tpo $(DEPDIR)/realmd-realm-sssd-provider.Po
	941	@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-provider.c' object='realmd-realm-sssd-provider.o' libtool=no @AMDEPBACKSLASH@
	942	@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
	943	@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-provider.o `test -f 'realm-sssd-provider.c' \|\| echo '$(srcdir)/'`realm-sssd-provider.c
	944
	945	realmd-realm-sssd-provider.obj: realm-sssd-provider.c
	946	@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-provider.obj -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-provider.Tpo -c -o realmd-realm-sssd-provider.obj `if test -f 'realm-sssd-provider.c'; then $(CYGPATH_W) 'realm-sssd-provider.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-provider.c'; fi`
	947	@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-sssd-provider.Tpo $(DEPDIR)/realmd-realm-sssd-provider.Po
	948	@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-provider.c' object='realmd-realm-sssd-provider.obj' libtool=no @AMDEPBACKSLASH@
	949	@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
	950	@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-provider.obj `if test -f 'realm-sssd-provider.c'; then $(CYGPATH_W) 'realm-sssd-provider.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-provider.c'; fi`
986	951
987	952	realmd-realm-sssd-config.o: realm-sssd-config.c
988	953	@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-config.o -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-config.Tpo -c -o realmd-realm-sssd-config.o `test -f 'realm-sssd-config.c' \|\| echo '$(srcdir)/'`realm-sssd-config.c

1011	976	@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-ipa.c' object='realmd-realm-sssd-ipa.obj' libtool=no @AMDEPBACKSLASH@
1012	977	@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
1013	978	@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-ipa.obj `if test -f 'realm-sssd-ipa.c'; then $(CYGPATH_W) 'realm-sssd-ipa.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-ipa.c'; fi`
1014
1015		realmd-realm-sssd-ipa-provider.o: realm-sssd-ipa-provider.c
1016		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-ipa-provider.o -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-ipa-provider.Tpo -c -o realmd-realm-sssd-ipa-provider.o `test -f 'realm-sssd-ipa-provider.c' \|\| echo '$(srcdir)/'`realm-sssd-ipa-provider.c
1017		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-sssd-ipa-provider.Tpo $(DEPDIR)/realmd-realm-sssd-ipa-provider.Po
1018		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-ipa-provider.c' object='realmd-realm-sssd-ipa-provider.o' libtool=no @AMDEPBACKSLASH@
1019		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
1020		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-ipa-provider.o `test -f 'realm-sssd-ipa-provider.c' \|\| echo '$(srcdir)/'`realm-sssd-ipa-provider.c
1021
1022		realmd-realm-sssd-ipa-provider.obj: realm-sssd-ipa-provider.c
1023		@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -MT realmd-realm-sssd-ipa-provider.obj -MD -MP -MF $(DEPDIR)/realmd-realm-sssd-ipa-provider.Tpo -c -o realmd-realm-sssd-ipa-provider.obj `if test -f 'realm-sssd-ipa-provider.c'; then $(CYGPATH_W) 'realm-sssd-ipa-provider.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-ipa-provider.c'; fi`
1024		@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/realmd-realm-sssd-ipa-provider.Tpo $(DEPDIR)/realmd-realm-sssd-ipa-provider.Po
1025		@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='realm-sssd-ipa-provider.c' object='realmd-realm-sssd-ipa-provider.obj' libtool=no @AMDEPBACKSLASH@
1026		@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
1027		@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(realmd_CFLAGS) $(CFLAGS) -c -o realmd-realm-sssd-ipa-provider.obj `if test -f 'realm-sssd-ipa-provider.c'; then $(CYGPATH_W) 'realm-sssd-ipa-provider.c'; else $(CYGPATH_W) '$(srcdir)/realm-sssd-ipa-provider.c'; fi`
1028	979	install-polkit_policyDATA: $(polkit_policy_DATA)
1029	980	@$(NORMAL_INSTALL)
1030	981	@list='$(polkit_policy_DATA)'; test -n "$(polkit_policydir)" \|\| list=; \

-1

service/realm-command.c less more

32	32	NUM_FDS
33	33	};
34	34
	35	#define DEBUG_VERBOSE 0
35	36
36	37	typedef struct {
37	38	GBytes *input;

73	74	static void
74	75	complete_source_is_done (ProcessSource *process_source)
75	76	{
	77	#if DEBUG_VERBOSE
76	78	g_debug ("all fds closed and process exited, completing");
	79	#endif
77	80
78	81	g_assert (process_source->child_sig == 0);
79	82

94	97	{
95	98	g_assert (fd);
96	99	if (*fd >= 0) {
	100	#if DEBUG_VERBOSE
97	101	g_debug ("closing fd: %d", *fd);
	102	#endif
98	103	close (*fd);
99	104	}
100	105	*fd = -1;

379	384	{
380	385	ProcessSource *process_source = user_data;
381	386
382		g_debug ("process cancelled");
	387	g_debug ("process cancelled: %d", process_source->child_pid);
383	388
384	389	/* Set an error, which is respected when this actually completes. */
385	390	g_simple_async_result_set_error (process_source->res, G_IO_ERROR, G_IO_ERROR_CANCELLED,

+13

-8

service/realm-daemon.c less more

22	22	#include "realm-kerberos-provider.h"
23	23	#include "realm-samba-provider.h"
24	24	#include "realm-settings.h"
25		#include "realm-sssd-ad-provider.h"
26		#include "realm-sssd-ipa-provider.h"
	25	#include "realm-sssd-provider.h"
27	26
28	27	#include <glib.h>
29	28	#include <glib/gi18n.h>

420	419
421	420	all_provider = realm_all_provider_new_and_export (connection);
422	421
423		provider = realm_sssd_ad_provider_new ();
424		g_dbus_object_manager_server_export (object_server, G_DBUS_OBJECT_SKELETON (provider));
425		realm_all_provider_register (all_provider, provider);
426		g_object_unref (provider);
427
428		provider = realm_sssd_ipa_provider_new ();
	422	provider = realm_sssd_provider_new ();
429	423	g_dbus_object_manager_server_export (object_server, G_DBUS_OBJECT_SKELETON (provider));
430	424	realm_all_provider_register (all_provider, provider);
431	425	g_object_unref (provider);

489	483	RealmDbusService *service;
490	484	GOptionContext *context;
491	485	GError *error = NULL;
	486	const gchar *env;
	487	gchar *path;
492	488
493	489	GOptionEntry option_entries[] = {
494	490	{ "debug", 'd', 0, G_OPTION_ARG_NONE, &service_debug,

503	499	#endif
504	500
505	501	g_type_init ();
	502
	503	/*
	504	* Add /sbin to path as a around for problems with authconfig.
	505	* See bug:
	506	*/
	507	env = g_getenv ("PATH");
	508	path = g_strdup_printf ("%s:/usr/sbin:/sbin", env ? env : "/usr/bin:/bin");
	509	g_setenv ("PATH", path, TRUE);
	510	g_free (path);
506	511
507	512	context = g_option_context_new ("realmd");
508	513	g_option_context_add_main_entries (context, option_entries, NULL);

+22

-0

service/realm-ini-config.c less more

773	773	line->bytes = g_bytes_new_take (data, strlen (data));
774	774	line->name = g_strdup (name);
775	775	insert_config_line (self, sect->tail, line);
	776	g_hash_table_insert (sect->parameters, line->name, line);
776	777
777	778	/* Already have this line, replace the data */
778	779	} else {

975	976	return g_hash_table_lookup (self->sections, section) != NULL;
976	977	}
977	978
	979	static gboolean
	980	is_blank_line (GBytes *bytes)
	981	{
	982	const gchar *data;
	983	gsize length;
	984
	985	data = g_bytes_get_data (bytes, &length);
	986	return (length == 1 && data[0] == '\n');
	987	}
	988
978	989	void
979	990	realm_ini_config_remove_section (RealmIniConfig *self,
980	991	const gchar *section)

993	1004	g_assert (sect->tail != NULL);
994	1005	head = sect->head;
995	1006	tail = sect->tail;
	1007
	1008	/*
	1009	* If the prior line is a blank line, remove that too.
	1010	* This matches the behavior of config_set_value() so that
	1011	* when we add/remove sections we don't get a file full of
	1012	* empty lines.
	1013	*/
	1014	if (head->prev != NULL) {
	1015	if (is_blank_line (head->prev->bytes))
	1016	head = head->prev;
	1017	}
996	1018
997	1019	g_hash_table_remove (self->sections, section);
998	1020

+17

-9

service/realm-kerberos-discover.c less more

127	127	} DiscoverClosure;
128	128
129	129	static void
130		kerberos_discover_complete (RealmKerberosDiscover *self)
	130	kerberos_discover_call_callbacks (RealmKerberosDiscover *self)
131	131	{
132	132	Callback call, next;
133	133
134		g_object_ref (self);
135
136		g_assert (!self->completed);
137		self->completed = TRUE;
138	134	call = self->callback;
139	135	self->callback = NULL;
140	136

148	144	g_slice_free (Callback, call);
149	145	call = next;
150	146	}
151
	147	}
	148
	149	static void
	150	kerberos_discover_complete (RealmKerberosDiscover *self)
	151	{
	152	g_object_ref (self);
	153
	154	g_assert (!self->completed);
	155	self->completed = TRUE;
	156	kerberos_discover_call_callbacks (self);
152	157	g_object_unref (self);
153	158	}
154	159

422	427	{
423	428	RealmKerberosDiscover *self = REALM_KERBEROS_DISCOVER (user_data);
424	429	g_assert (self->completed);
425		kerberos_discover_complete (self);
	430	kerberos_discover_call_callbacks (self);
426	431	return FALSE;
427	432	}
428	433

492	497	{
493	498	RealmKerberosDiscover *self;
494	499	gchar *realm;
	500	gchar *name;
495	501
496	502	g_return_val_if_fail (REALM_IS_KERBEROS_DISCOVER (result), NULL);
497	503	g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);

510	516	return NULL;
511	517
512	518	realm = g_ascii_strup (self->domain, -1);
	519	name = g_ascii_strdown (self->domain, -1);
513	520
514	521	if (discovery) {
515	522	*discovery = realm_discovery_new ();

538	545	}
539	546	}
540	547
541		return realm;
542		}
	548	g_free (realm);
	549	return name;
	550	}

+153

-29

service/realm-kerberos.c less more

13	13
14	14	#include "config.h"
15	15
	16	#include "realm-command.h"
16	17	#include "realm-daemon.h"
17	18	#include "realm-dbus-constants.h"
18	19	#include "realm-dbus-generated.h"

52	53
53	54	G_DEFINE_TYPE (RealmKerberos, realm_kerberos, G_TYPE_DBUS_OBJECT_SKELETON);
54	55
	56	#define return_if_krb5_failed(ctx, code) G_STMT_START \
	57	if G_LIKELY ((code) == 0) { } else { \
	58	g_warn_message (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
	59	krb5_get_error_message ((ctx), (code))); \
	60	return; \
	61	} G_STMT_END
	62
	63	#define return_val_if_krb5_failed(ctx, code, val) G_STMT_START \
	64	if G_LIKELY ((code) == 0) { } else { \
	65	g_warn_message (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
	66	krb5_get_error_message ((ctx), (code))); \
	67	return (val); \
	68	} G_STMT_END
	69
	70	#define warn_if_krb5_failed(ctx, code) G_STMT_START \
	71	if G_LIKELY ((code) == 0) { } else { \
	72	g_warn_message (G_LOG_DOMAIN, __FILE__, __LINE__, G_STRFUNC, \
	73	krb5_get_error_message ((ctx), (code))); \
	74	} G_STMT_END
	75
55	76	typedef struct {
56	77	RealmKerberos *self;
57	78	GDBusMethodInvocation *invocation;

97	118	}
98	119
99	120	static void
	121	on_name_caches_flush (GObject *source,
	122	GAsyncResult *result,
	123	gpointer user_data)
	124	{
	125	MethodClosure *closure = user_data;
	126	GError *error = NULL;
	127	gint status;
	128
	129	status = realm_command_run_finish (result, NULL, &error);
	130	if (status != 0) {
	131	realm_diagnostics_error (closure->invocation, error,
	132	"Flushing name caches failed");
	133	}
	134
	135	g_clear_error (&error);
	136	enroll_method_reply (closure->invocation, NULL);
	137	method_closure_free (closure);
	138	}
	139
	140	static void
100	141	on_enroll_complete (GObject *source,
101	142	GAsyncResult *result,
102	143	gpointer user_data)

109	150	g_return_if_fail (iface->unenroll_finish != NULL);
110	151
111	152	(iface->enroll_finish) (REALM_KERBEROS_MEMBERSHIP (closure->self), result, &error);
112		enroll_method_reply (closure->invocation, error);
113
114		g_clear_error (&error);
115		method_closure_free (closure);
	153
	154	if (error == NULL) {
	155	realm_command_run_known_async ("name-caches-flush", NULL, closure->invocation,
	156	NULL, on_name_caches_flush, closure);
	157
	158	} else {
	159	enroll_method_reply (closure->invocation, error);
	160	method_closure_free (closure);
	161	g_clear_error (&error);
	162	}
116	163	}
117	164
118	165	static void

456	503	RealmKerberos *self = REALM_KERBEROS (user_data);
457	504	RealmKerberosFlags flags = 0;
458	505	GVariant *creds;
	506	const gchar *computer_ou;
459	507	RealmKerberosCredential cred_type;
460	508
461	509	/* Make note of the current operation id, for diagnostics */
462	510	realm_diagnostics_setup_options (invocation, options);
	511
	512	if (g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_OU, "&s", &computer_ou)) {
	513	g_dbus_method_invocation_return_error (invocation, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
	514	"The computer-ou argument is not supported when leaving a domain.");
	515	return TRUE;
	516	}
463	517
464	518	if (!validate_and_parse_credentials (invocation, credentials, &flags, &cred_type, &creds))
465	519	return TRUE;

881	935
882	936
883	937	static void
884		kinit_handle_error (GSimpleAsyncResult *async,
885		krb5_error_code code,
886		krb5_context context,
887		const gchar *message,
888		...)
	938	set_krb5_error (GError **error,
	939	krb5_error_code code,
	940	krb5_context context,
	941	const gchar *message,
	942	...)
889	943	{
890	944	gchar *string;
891	945	va_list va;

894	948	string = g_strdup_vprintf (message, va);
895	949	va_end (va);
896	950
897		g_simple_async_result_set_error (async, REALM_KRB5_ERROR, code,
898		"%s: %s", string, krb5_get_error_message (context, code));
	951	g_set_error (error, REALM_KRB5_ERROR, code,
	952	"%s: %s", string, krb5_get_error_message (context, code));
899	953	g_free (string);
900	954	}
901	955

946	1000	krb5_error_code code;
947	1001	krb5_ccache ccache = NULL;
948	1002	krb5_creds my_creds;
	1003	GError *error = NULL;
949	1004	int temp_fd;
950	1005
951	1006	code = krb5_init_context (&context);
952	1007	if (code != 0) {
953		kinit_handle_error (async, code, NULL, "Couldn't initialize kerberos");
	1008	set_krb5_error (&error, code, NULL, "Couldn't initialize kerberos");
	1009	g_simple_async_result_take_error (async, error);
954	1010	goto cleanup;
955	1011	}
956	1012
957	1013	code = krb5_parse_name (context, kinit->principal, &principal);
958	1014	if (code != 0) {
959		kinit_handle_error (async, code, context,
960		"Couldn't parse principal: %s", kinit->principal);
	1015	set_krb5_error (&error, code, context, "Couldn't parse principal: %s", kinit->principal);
	1016	g_simple_async_result_take_error (async, error);
961	1017	goto cleanup;
962	1018	}
963	1019
964	1020	code = krb5_get_init_creds_opt_alloc (context, &options);
965		if (code != 0) {
966		g_warning ("Couldn't setup kerberos options: %s",
967		krb5_get_error_message (context, code));
968		goto cleanup;
969		}
	1021	warn_if_krb5_failed (context, code);
970	1022
971	1023	kinit->ccache_file = g_build_filename (g_get_tmp_dir (), "realmd-krb5-cache.XXXXXX", NULL);
972	1024	temp_fd = g_mkstemp_full (kinit->ccache_file, O_RDWR, S_IRUSR \| S_IWUSR);

980	1032
981	1033	code = krb5_cc_resolve (context, kinit->ccache_file, &ccache);
982	1034	if (code != 0) {
983		kinit_handle_error (async, code, context,
984		"Couldn't resolve credential cache: %s", kinit->ccache_file);
	1035	set_krb5_error (&error, code, context, "Couldn't resolve credential cache: %s", kinit->ccache_file);
	1036	g_simple_async_result_take_error (async, error);
985	1037	goto cleanup;
986	1038	}
987	1039

989	1041	krb5_get_init_creds_opt_set_etype_list (options, kinit->enctypes, kinit->n_enctypes);
990	1042
991	1043	code = krb5_get_init_creds_opt_set_out_ccache (context, options, ccache);
992		if (code != 0) {
993		g_warning ("Couldn't setup credential cache: %s",
994		krb5_get_error_message (context, code));
995		goto cleanup;
996		}
	1044	warn_if_krb5_failed (context, code);
997	1045
998	1046	code = krb5_get_init_creds_password (context, &my_creds, principal,
999	1047	NULL, bytes_prompter, kinit->password,
1000	1048	0, NULL, options);
1001	1049	if (code != 0) {
1002		kinit_handle_error (async, code, context,
1003		"Couldn't authenticate as: %s", kinit->principal);
	1050	set_krb5_error (&error, code, context, "Couldn't authenticate as: %s", kinit->principal);
	1051	g_simple_async_result_take_error (async, error);
1004	1052	goto cleanup;
1005	1053	}
1006	1054

1190	1238	policy = REALM_DBUS_LOGIN_POLICY_PERMITTED;
1191	1239	break;
1192	1240	case REALM_KERBEROS_DENY_ANY_LOGIN:
1193		policy = REALM_DBUS_LOGIN_POLICY_ANY;
	1241	policy = REALM_DBUS_LOGIN_POLICY_DENY;
1194	1242	break;
1195	1243	case REALM_KERBEROS_POLICY_NOT_SET:
1196	1244	policy = "";

1275	1323
1276	1324	return g_strdup (computer_ou);
1277	1325	}
	1326
	1327	static gboolean
	1328	flush_keytab_entries (krb5_context ctx,
	1329	krb5_keytab keytab,
	1330	krb5_principal realm_princ,
	1331	GError **error)
	1332	{
	1333	krb5_error_code code;
	1334	krb5_kt_cursor cursor;
	1335	krb5_keytab_entry entry;
	1336
	1337	code = krb5_kt_start_seq_get (ctx, keytab, &cursor);
	1338	if (code == KRB5_KT_END \|\| code == ENOENT )
	1339	return TRUE;
	1340
	1341	while (!krb5_kt_next_entry (ctx, keytab, &entry, &cursor)) {
	1342	if (krb5_realm_compare (ctx, realm_princ, entry.principal)) {
	1343	code = krb5_kt_end_seq_get (ctx, keytab, &cursor);
	1344	return_val_if_krb5_failed (ctx, code, FALSE);
	1345
	1346	code = krb5_kt_remove_entry (ctx, keytab, &entry);
	1347	return_val_if_krb5_failed (ctx, code, FALSE);
	1348
	1349	code = krb5_kt_start_seq_get (ctx, keytab, &cursor);
	1350	return_val_if_krb5_failed (ctx, code, FALSE);
	1351	}
	1352
	1353	code = krb5_kt_free_entry (ctx, &entry);
	1354	return_val_if_krb5_failed (ctx, code, FALSE);
	1355	}
	1356
	1357	code = krb5_kt_end_seq_get (ctx, keytab, &cursor);
	1358	return_val_if_krb5_failed (ctx, code, FALSE);
	1359
	1360	return TRUE;
	1361	}
	1362
	1363	gboolean
	1364	realm_kerberos_flush_keytab (const gchar *realm_name,
	1365	GError **error)
	1366	{
	1367	krb5_error_code code;
	1368	krb5_keytab keytab;
	1369	krb5_context ctx;
	1370	krb5_principal princ;
	1371	gchar *name;
	1372	gboolean ret;
	1373
	1374	code = krb5_init_context (&ctx);
	1375	if (code != 0) {
	1376	set_krb5_error (error, code, NULL, "Couldn't initialize kerberos");
	1377	return FALSE;
	1378	}
	1379
	1380	code = krb5_kt_default (ctx, &keytab);
	1381	if (code != 0) {
	1382	set_krb5_error (error, code, NULL, "Couldn't open default host keytab");
	1383	krb5_free_context (ctx);
	1384	return FALSE;
	1385	}
	1386
	1387	name = g_strdup_printf ("user@%s", realm_name);
	1388	code = krb5_parse_name (ctx, name, &princ);
	1389	return_val_if_krb5_failed (ctx, code, FALSE);
	1390	g_free (name);
	1391
	1392	ret = flush_keytab_entries (ctx, keytab, princ, error);
	1393	krb5_free_principal (ctx, princ);
	1394
	1395	code = krb5_kt_close (ctx, keytab);
	1396	warn_if_krb5_failed (ctx, code);
	1397
	1398	krb5_free_context (ctx);
	1399	return ret;
	1400
	1401	}

-0

service/realm-kerberos.h less more

93	93
94	94	void realm_keberos_ccache_delete_and_free (gchar *ccache_file);
95	95
	96	gboolean realm_kerberos_flush_keytab (const gchar *realm_name,
	97	GError **error);
	98
96	99	const gchar * realm_kerberos_get_name (RealmKerberos *self);
97	100
98	101	const gchar * realm_kerberos_get_realm_name (RealmKerberos *self);

+57

-58

service/realm-samba-enroll.c less more

71	71	join_closure_init (const gchar *realm,
72	72	const gchar *user_name,
73	73	GBytes *password,
74		GDBusMethodInvocation *invocation,
75		GError **error)
	74	GDBusMethodInvocation *invocation)
76	75	{
77	76	JoinClosure *join;
78	77	GByteArray *array;

280	279	}
281	280
282	281	static void
283		on_conf_do_join (GObject *source,
	282	on_conf_kerberos_method_do_join (GObject *source,
284	283	GAsyncResult *result,
285	284	gpointer user_data)
286	285	{

301	300	"-U", join->user_name, "ads", "join", join->realm,
302	301	join->create_computer_arg, NULL);
303	302
	303	} else {
	304	g_simple_async_result_take_error (res, error);
	305	g_simple_async_result_complete (res);
	306	}
	307
	308	g_object_unref (res);
	309	}
	310
	311	static void
	312	on_conf_realm_do_kerberos_method (GObject *source,
	313	GAsyncResult *result,
	314	gpointer user_data)
	315	{
	316	GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
	317	JoinClosure *join = g_simple_async_result_get_op_res_gpointer (res);
	318	GError *error = NULL;
	319	gint status;
	320
	321	status = realm_command_run_finish (result, NULL, &error);
	322	if (error == NULL && status != 0) {
	323	g_set_error (&error, REALM_ERROR, REALM_ERROR_INTERNAL,
	324	"Configuring samba failed");
	325	}
	326
	327	if (error == NULL) {
	328	begin_net_process (join, NULL,
	329	on_conf_kerberos_method_do_join, g_object_ref (res),
	330	"conf", "setparm", REALM_SAMBA_CONFIG_GLOBAL,
	331	"kerberos method", "system keytab", NULL);
304	332	} else {
305	333	g_simple_async_result_take_error (res, error);
306	334	g_simple_async_result_complete (res);

330	358	res = g_simple_async_result_new (NULL, callback, user_data,
331	359	realm_samba_enroll_join_async);
332	360
333		join = join_closure_init (realm, user_name, password, invocation, &error);
334
335		if (error == NULL) {
336		g_simple_async_result_set_op_res_gpointer (res, join, join_closure_free);
337
338		if (computer_ou != NULL) {
339		strange_ou = realm_samba_util_build_strange_ou (computer_ou, realm);
340		if (strange_ou) {
341		join->create_computer_arg = g_strdup_printf ("createcomputer=%s", strange_ou);
342		g_free (strange_ou);
343		} else {
344		g_set_error (&error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
345		"The computer-ou argument must be a valid LDAP DN and contain only OU=xxx RDN values.");
346		}
	361	join = join_closure_init (realm, user_name, password, invocation);
	362
	363	g_simple_async_result_set_op_res_gpointer (res, join, join_closure_free);
	364
	365	if (computer_ou != NULL) {
	366	strange_ou = realm_samba_util_build_strange_ou (computer_ou, realm);
	367	if (strange_ou) {
	368	join->create_computer_arg = g_strdup_printf ("createcomputer=%s", strange_ou);
	369	g_free (strange_ou);
	370	} else {
	371	g_set_error (&error, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
	372	"The computer-ou argument must be a valid LDAP DN and contain only OU=xxx RDN values.");
347	373	}
348	374	}
349	375

352	378	g_simple_async_result_complete_in_idle (res);
353	379	} else {
354	380	begin_net_process (join, NULL,
355		on_conf_do_join, g_object_ref (res),
	381	on_conf_realm_do_kerberos_method, g_object_ref (res),
356	382	"conf", "setparm", REALM_SAMBA_CONFIG_GLOBAL,
357	383	"realm", join->realm, NULL);
358	384	}

403	429	g_simple_async_result_take_error (res, error);
404	430
405	431	g_simple_async_result_complete (res);
406		g_object_unref (res);
407		}
408
409		static void
410		on_flush_do_leave (GObject *source,
411		GAsyncResult *result,
412		gpointer user_data)
413		{
414		GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
415		JoinClosure *join = g_simple_async_result_get_op_res_gpointer (res);
416		GError *error = NULL;
417		gint status;
418
419		status = realm_command_run_finish (result, NULL, &error);
420		if (error != NULL \|\| status != 0)
421		realm_diagnostics_error (join->invocation, error, "Flushing entries from the keytab failed");
422		g_clear_error (&error);
423
424		begin_net_process (join, join->password_input,
425		on_leave_complete, g_object_ref (res),
426		"-U", join->user_name, "ads", "leave", NULL);
427	432	g_object_unref (res);
428	433	}
429	434

435	440	GAsyncReadyCallback callback,
436	441	gpointer user_data)
437	442	{
438		GSimpleAsyncResult *res;
	443	GSimpleAsyncResult *async;
439	444	JoinClosure *join;
440		GError *error = NULL;
441
442		res = g_simple_async_result_new (NULL, callback, user_data,
443		realm_samba_enroll_leave_async);
444
445		join = join_closure_init (realm, user_name, password, invocation, &error);
446		if (error == NULL) {
447		g_simple_async_result_set_op_res_gpointer (res, join, join_closure_free);
448		begin_net_process (join, join->password_input,
449		on_flush_do_leave, g_object_ref (res),
450		"-U", join->user_name, "ads", "keytab", "flush", NULL);
451
452		} else {
453		g_simple_async_result_take_error (res, error);
454		g_simple_async_result_complete_in_idle (res);
455		}
456
457		g_object_unref (res);
	445
	446	async = g_simple_async_result_new (NULL, callback, user_data,
	447	realm_samba_enroll_leave_async);
	448
	449	join = join_closure_init (realm, user_name, password, invocation);
	450	g_simple_async_result_set_op_res_gpointer (async, join, join_closure_free);
	451
	452	begin_net_process (join, join->password_input,
	453	on_leave_complete, g_object_ref (async),
	454	"-U", join->user_name, "ads", "leave", NULL);
	455
	456	g_object_unref (async);
458	457	}
459	458
460	459	gboolean

+10

-7

service/realm-samba-provider.c less more

60	60	realm_samba_provider_constructed (GObject *obj)
61	61	{
62	62	RealmSambaProvider *self;
63		gchar *name = NULL;
	63	gchar *krb_realm = NULL;
64	64	gchar *security;
	65	gchar *name;
65	66
66	67	G_OBJECT_CLASS (realm_samba_provider_parent_class)->constructed (obj);
67	68

71	72
72	73	security = realm_ini_config_get (self->config, REALM_SAMBA_CONFIG_GLOBAL, "security");
73	74	if (security != NULL && g_ascii_strcasecmp (security, "ADS") == 0)
74		name = realm_ini_config_get (self->config, REALM_SAMBA_CONFIG_GLOBAL, "realm");
75
76		if (name != NULL) {
	75	krb_realm = realm_ini_config_get (self->config, REALM_SAMBA_CONFIG_GLOBAL, "realm");
	76
	77	if (krb_realm != NULL) {
	78	name = g_ascii_strdown (krb_realm, -1);
77	79	realm_provider_lookup_or_register_realm (REALM_PROVIDER (self),
78	80	REALM_TYPE_SAMBA, name, NULL);
79		}
80
81		g_free (name);
	81	g_free (name);
	82	}
	83
	84	g_free (krb_realm);
82	85	g_free (security);
83	86	}
84	87

-3

service/realm-samba-winbind.c less more

76	76	{
77	77	GSimpleAsyncResult *res;
78	78	GError *error = NULL;
79		const gchar *service;
80	79
81	80	g_return_if_fail (config != NULL);
82	81	g_return_if_fail (invocation != NULL \|\| G_IS_DBUS_METHOD_INVOCATION (invocation));

100	99	NULL);
101	100
102	101	if (error == NULL) {
103		service = realm_settings_string ("services", "winbind");
104		realm_service_enable_and_restart (service, invocation,
	102	realm_service_enable_and_restart ("winbind", invocation,
105	103	on_enable_do_nss, g_object_ref (res));
106	104	} else {
107	105	g_simple_async_result_take_error (res, error);

+170

-114

service/realm-samba.c less more

27	27	#include "realm-samba-config.h"
28	28	#include "realm-samba-enroll.h"
29	29	#include "realm-samba-winbind.h"
	30	#include "realm-settings.h"
30	31
31	32	#include <glib/gstdio.h>
32	33	#include <glib/gi18n.h>

76	77
77	78	/*
78	79	* Each line is a combination of owner and what kind of credentials are supported,
79		* same for enroll/unenroll. We can't accept a ccache, because samba3 needs
	80	* same for enroll/leave. We can't accept a ccache, because samba3 needs
80	81	* to have credentials limited to RC4.
81	82	*/
82	83	supported = realm_kerberos_membership_build_supported (
83	84	REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_OWNER_ADMIN,
84	85	REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_OWNER_USER,
	86	REALM_KERBEROS_CREDENTIAL_AUTOMATIC, REALM_KERBEROS_OWNER_NONE,
85	87	0);
86	88	g_variant_ref_sink (supported);
87	89	realm_kerberos_set_supported_join_creds (kerberos, supported);

203	205	"security", "ads",
204	206	"realm", enroll->realm_name,
205	207	"workgroup", workgroup,
	208	"template homedir", realm_settings_string ("users", "default-home"),
	209	"template shell", realm_settings_string ("users", "default-shell"),
206	210	NULL);
207	211	}
208	212

313	317	GDBusMethodInvocation *invocation;
314	318	gchar *realm_name;
315	319	gchar *ccache_file;
316		} UnenrollClosure;
317
318		static void
319		unenroll_closure_free (gpointer data)
320		{
321		UnenrollClosure *unenroll = data;
322		g_free (unenroll->realm_name);
323		if (unenroll->ccache_file)
324		realm_keberos_ccache_delete_and_free (unenroll->ccache_file);
325		g_object_unref (unenroll->invocation);
326		g_slice_free (UnenrollClosure, unenroll);
327		}
328
329		static void
330		on_remove_winbind_done (GObject *source,
331		GAsyncResult *result,
332		gpointer user_data)
333		{
334		GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
	320	} LeaveClosure;
	321
	322	static void
	323	leave_closure_free (gpointer data)
	324	{
	325	LeaveClosure *leave = data;
	326	g_free (leave->realm_name);
	327	if (leave->ccache_file)
	328	realm_keberos_ccache_delete_and_free (leave->ccache_file);
	329	g_object_unref (leave->invocation);
	330	g_slice_free (LeaveClosure, leave);
	331	}
	332
	333	static void
	334	on_deconfigure_done (GObject *source,
	335	GAsyncResult *result,
	336	gpointer user_data)
	337	{
	338	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
335	339	GError *error = NULL;
336	340
337	341	realm_samba_winbind_deconfigure_finish (result, &error);
338	342	if (error != NULL)
339		g_simple_async_result_take_error (res, error);
340		g_simple_async_result_complete (res);
341
342		g_object_unref (res);
343		}
344
345		static void
346		on_leave_do_winbind (GObject *source,
347		GAsyncResult *result,
348		gpointer user_data)
	343	g_simple_async_result_take_error (async, error);
	344	g_simple_async_result_complete (async);
	345	g_object_unref (async);
	346	}
	347
	348	static void
	349	leave_deconfigure_begin (RealmSamba *self,
	350	GSimpleAsyncResult *async)
	351	{
	352	LeaveClosure *leave;
	353	GError *error = NULL;
	354
	355	leave = g_simple_async_result_get_op_res_gpointer (async);
	356
	357	/* Flush the keytab of all the entries for this realm */
	358	realm_diagnostics_info (leave->invocation, "Removing entries from keytab for realm");
	359
	360	if (!realm_kerberos_flush_keytab (leave->realm_name, &error)) {
	361	g_simple_async_result_take_error (async, error);
	362	g_simple_async_result_complete_in_idle (async);
	363	return;
	364	}
	365
	366	/* Deconfigure smb.conf */
	367	realm_diagnostics_info (leave->invocation, "Updating smb.conf file");
	368	if (!realm_ini_config_change (self->config, REALM_SAMBA_CONFIG_GLOBAL, &error,
	369	"workgroup", NULL,
	370	"realm", NULL,
	371	"security", "user",
	372	NULL)) {
	373	g_simple_async_result_take_error (async, error);
	374	g_simple_async_result_complete_in_idle (async);
	375	return;
	376	}
	377
	378	/* And then deconfigure winbind */
	379	realm_samba_winbind_deconfigure_async (self->config, leave->invocation,
	380	on_deconfigure_done, g_object_ref (async));
	381	}
	382
	383	static void
	384	on_leave_do_deconfigure (GObject *source,
	385	GAsyncResult *result,
	386	gpointer user_data)
349	387	{
350	388	GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
351		UnenrollClosure *unenroll = g_simple_async_result_get_op_res_gpointer (res);
	389	LeaveClosure *leave = g_simple_async_result_get_op_res_gpointer (res);
352	390	RealmSamba *self = REALM_SAMBA (g_async_result_get_source_object (user_data));
353	391	GError *error = NULL;
354	392
355	393	/* We don't care if we can leave or not, just continue with other steps */
356		realm_samba_enroll_leave_finish (result, NULL);
357
358		realm_ini_config_change (self->config, REALM_SAMBA_CONFIG_GLOBAL, &error,
359		"workgroup", NULL,
360		"realm", NULL,
361		"security", "user",
362		NULL);
363
364		if (error == NULL) {
365		realm_samba_winbind_deconfigure_async (self->config,
366		unenroll->invocation,
367		on_remove_winbind_done,
368		g_object_ref (res));
369		} else {
370		g_simple_async_result_take_error (res, error);
371		g_simple_async_result_complete (res);
372		}
	394	realm_samba_enroll_leave_finish (result, &error);
	395	if (error != NULL) {
	396	realm_diagnostics_error (leave->invocation, error, NULL);
	397	g_error_free (error);
	398	}
	399
	400	leave_deconfigure_begin (self, res);
373	401
374	402	g_object_unref (self);
375	403	g_object_unref (res);
376	404	}
377	405
378		static void
379		realm_samba_unenroll_async (RealmKerberosMembership *membership,
380		const gchar *name,
381		GBytes *password,
382		RealmKerberosFlags flags,
383		GVariant *options,
384		GDBusMethodInvocation *invocation,
385		GAsyncReadyCallback callback,
386		gpointer user_data)
387		{
388		RealmKerberos *realm = REALM_KERBEROS (membership);
389		RealmSamba *self = REALM_SAMBA (realm);
390		GSimpleAsyncResult *res;
391		UnenrollClosure *unenroll;
	406	static GSimpleAsyncResult *
	407	setup_leave (RealmSamba *self,
	408	GVariant *options,
	409	GDBusMethodInvocation *invocation,
	410	GAsyncReadyCallback callback,
	411	gpointer user_data)
	412	{
	413	LeaveClosure *leave;
	414	GSimpleAsyncResult *async;
392	415	const gchar *realm_name;
393		const gchar *computer_ou;
394	416	gchar *enrolled;
395	417
396	418	realm_name = realm_kerberos_get_realm_name (REALM_KERBEROS (self));
397	419
398		res = g_simple_async_result_new (G_OBJECT (realm), callback, user_data,
399		realm_samba_unenroll_async);
400		unenroll = g_slice_new0 (UnenrollClosure);
401		unenroll->realm_name = g_strdup (realm_name);
402		unenroll->invocation = g_object_ref (invocation);
403		g_simple_async_result_set_op_res_gpointer (res, unenroll, unenroll_closure_free);
	420	async = g_simple_async_result_new (G_OBJECT (self), callback, user_data, setup_leave);
	421	leave = g_slice_new0 (LeaveClosure);
	422	leave->realm_name = g_strdup (realm_name);
	423	leave->invocation = g_object_ref (invocation);
	424	g_simple_async_result_set_op_res_gpointer (async, leave, leave_closure_free);
404	425
405	426	/* Check that enrolled in this realm */
406	427	enrolled = lookup_enrolled_realm (self);
407	428	if (g_strcmp0 (enrolled, realm_name) != 0) {
408		g_simple_async_result_set_error (res, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED,
409		_("Not currently joined to a domain"));
410		g_simple_async_result_complete_in_idle (res);
411
412		} else if (g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_OU, "&s", &computer_ou)) {
413		g_simple_async_result_set_error (res, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
414		"The computer-ou argument is not supported when leaving a domain (using samba).");
415		g_simple_async_result_complete_in_idle (res);
416
417		} else {
418		realm_samba_enroll_leave_async (unenroll->realm_name, name, password,
419		unenroll->invocation, on_leave_do_winbind,
420		g_object_ref (res));
421		}
422
423		g_object_unref (res);
	429	g_simple_async_result_set_error (async, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED,
	430	_("Not currently joined to this domain"));
	431	g_simple_async_result_complete_in_idle (async);
	432	g_object_unref (async);
	433	return NULL;
	434
	435	}
	436
	437	return async;
	438	}
	439
	440	static void
	441	realm_samba_leave_password_async (RealmKerberosMembership *membership,
	442	const gchar *name,
	443	GBytes *password,
	444	RealmKerberosFlags flags,
	445	GVariant *options,
	446	GDBusMethodInvocation *invocation,
	447	GAsyncReadyCallback callback,
	448	gpointer user_data)
	449	{
	450	RealmSamba *self = REALM_SAMBA (membership);
	451	GSimpleAsyncResult *async;
	452	LeaveClosure *leave;
	453
	454	async = setup_leave (self, options, invocation, callback, user_data);
	455	if (async == NULL)
	456	return;
	457
	458	leave = g_simple_async_result_get_op_res_gpointer (async);
	459	realm_samba_enroll_leave_async (leave->realm_name, name, password,
	460	leave->invocation, on_leave_do_deconfigure,
	461	g_object_ref (async));
	462	g_object_unref (async);
	463	}
	464
	465	static void
	466	realm_samba_leave_automatic_async (RealmKerberosMembership *membership,
	467	RealmKerberosFlags flags,
	468	GVariant *options,
	469	GDBusMethodInvocation *invocation,
	470	GAsyncReadyCallback callback,
	471	gpointer user_data)
	472	{
	473	RealmSamba *self = REALM_SAMBA (membership);
	474	GSimpleAsyncResult *async;
	475
	476	async = setup_leave (self, options, invocation, callback, user_data);
	477	if (async == NULL)
	478	return;
	479
	480	leave_deconfigure_begin (self, async);
	481	g_object_unref (async);
424	482	}
425	483
426	484	static gboolean

431	489	GError **error)
432	490	{
433	491	RealmSamba *self = REALM_SAMBA (realm);
434		gchar **remove_names = NULL;
435		gchar **add_names = NULL;
436		gboolean ret = FALSE;
	492	gchar **names;
437	493
438	494	if (!lookup_is_enrolled (self)) {
439	495	g_set_error (error, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED,

441	497	return FALSE;
442	498	}
443	499
444		add_names = realm_kerberos_parse_logins (realm, TRUE, add, error);
445		if (add_names != NULL)
446		remove_names = realm_kerberos_parse_logins (realm, TRUE, add, error);
447
448		if (add_names && remove_names) {
449		ret = realm_ini_config_change_list (self->config,
450		REALM_SAMBA_CONFIG_GLOBAL,
451		"realmd permitted logins", ",",
452		(const gchar **)add_names,
453		(const gchar **)remove_names,
454		error);
455		}
456
457		g_strfreev (remove_names);
458		g_strfreev (add_names);
459
460		return ret;
	500	/* We cannot handle removing logins */
	501	names = realm_kerberos_parse_logins (realm, TRUE, remove, error);
	502	if (names == NULL)
	503	return FALSE;
	504	if (names[0] != NULL) {
	505	g_set_error (error, G_DBUS_ERROR, G_DBUS_ERROR_NOT_SUPPORTED,
	506	_("The Samba provider cannot restrict permitted logins."));
	507	g_strfreev (names);
	508	return FALSE;
	509	}
	510
	511	g_strfreev (names);
	512	names = realm_kerberos_parse_logins (realm, TRUE, add, error);
	513	if (names == NULL)
	514	return FALSE;
	515
	516	/*
	517	* Samba cannot restrict the set of logins. We allow specific logins to be
	518	* added, but not changing the mode to only allow the permitted logins.
	519	* In addition we don't keep track of the list of permitted logins.
	520	*/
	521
	522	g_strfreev (names);
	523	return TRUE;
461	524	}
462	525
463	526	static void

499	562	const gchar *name;
500	563	gchar *domain;
501	564	gchar *realm;
502		gchar **values;
503	565	gchar *prefix;
504		gint i;
505	566
506	567	g_object_freeze_notify (G_OBJECT (self));
507	568

530	591	}
531	592
532	593	permitted = g_ptr_array_new_full (0, g_free);
533		values = realm_ini_config_get_list (self->config, REALM_SAMBA_CONFIG_GLOBAL,
534		"realmd permitted logins", ",");
535
536		for (i = 0; values != NULL && values[i] != NULL; i++)
537		g_ptr_array_add (permitted, realm_kerberos_format_login (REALM_KERBEROS (self), values[i]));
538	594	g_ptr_array_add (permitted, NULL);
539	595
540	596	realm_kerberos_set_permitted_logins (kerberos, (const gchar **)permitted->pdata);
541	597	g_ptr_array_free (permitted, TRUE);
542		g_strfreev (values);
543	598
544	599	g_object_thaw_notify (G_OBJECT (self));
545	600	}

642	697	{
643	698	iface->enroll_password_async = realm_samba_enroll_async;
644	699	iface->enroll_finish = realm_samba_membership_generic_finish;
645		iface->unenroll_password_async = realm_samba_unenroll_async;
	700	iface->unenroll_password_async = realm_samba_leave_password_async;
	701	iface->unenroll_automatic_async = realm_samba_leave_automatic_async;
646	702	iface->unenroll_finish = realm_samba_membership_generic_finish;
647	703	}
648	704

-305

~~service/realm-service-systemd.c~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#include "realm-diagnostics.h"
17		#include "realm-service.h"
18		#include "realm-service-systemd.h"
19
20		enum {
21		PROP_0,
22		PROP_SERVICE_NAME
23		};
24
25		struct _RealmServiceSystemd {
26		RealmService parent;
27		gchar *name;
28		};
29
30		typedef struct _RealmServiceSystemdClass {
31		RealmServiceClass parent_class;
32		} RealmServiceSystemdClass;
33
34		G_DEFINE_TYPE (RealmServiceSystemd, realm_service_systemd, REALM_TYPE_SERVICE);
35
36		static gboolean
37		realm_service_systemd_dbus_finish (RealmService *service,
38		GAsyncResult *result,
39		GError **error)
40		{
41		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (service);
42		GError *lerror = NULL;
43		GVariant *retval;
44
45		retval = g_dbus_proxy_call_finish (G_DBUS_PROXY (service), result, &lerror);
46		if (retval != NULL)
47		g_variant_unref (retval);
48
49		if (lerror != NULL) {
50		g_debug ("Service call failed: %s: %s", self->name, lerror->message);
51		g_propagate_error (error, lerror);
52		}
53
54		return retval != NULL;
55		}
56
57		static void
58		realm_service_systemd_enable (RealmService *service,
59		GDBusMethodInvocation *invocation,
60		GAsyncReadyCallback callback,
61		gpointer user_data)
62		{
63		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (service);
64
65		const gchar *unit_files[] = {
66		self->name,
67		NULL,
68		};
69
70		realm_diagnostics_info (invocation, "Enabling service via systemd: %s", self->name);
71
72		g_dbus_proxy_call (G_DBUS_PROXY (self), "EnableUnitFiles",
73		g_variant_new ("(^asbb)", unit_files, FALSE, FALSE),
74		G_DBUS_CALL_FLAGS_NONE, -1, NULL, callback, user_data);
75		}
76
77		static void
78		realm_service_systemd_disable (RealmService *service,
79		GDBusMethodInvocation *invocation,
80		GAsyncReadyCallback callback,
81		gpointer user_data)
82		{
83		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (service);
84
85		const gchar *unit_files[] = {
86		self->name,
87		NULL,
88		};
89
90		realm_diagnostics_info (invocation, "Disabling service via systemd: %s", self->name);
91
92		g_dbus_proxy_call (G_DBUS_PROXY (self), "DisableUnitFiles",
93		g_variant_new ("(^asb)", unit_files, FALSE),
94		G_DBUS_CALL_FLAGS_NONE, -1, NULL, callback, user_data);
95		}
96
97		static void
98		realm_service_systemd_restart (RealmService *service,
99		GDBusMethodInvocation *invocation,
100		GAsyncReadyCallback callback,
101		gpointer user_data)
102		{
103		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (service);
104
105		realm_diagnostics_info (invocation, "Restarting service via systemd: %s", self->name);
106
107		g_dbus_proxy_call (G_DBUS_PROXY (self), "RestartUnit",
108		g_variant_new ("(ss)", self->name, "fail"),
109		G_DBUS_CALL_FLAGS_NONE, -1, NULL, callback, user_data);
110		}
111
112		static void
113		realm_service_systemd_stop (RealmService *service,
114		GDBusMethodInvocation *invocation,
115		GAsyncReadyCallback callback,
116		gpointer user_data)
117		{
118		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (service);
119
120		realm_diagnostics_info (invocation, "Stopping service via systemd: %s", self->name);
121
122		g_dbus_proxy_call (G_DBUS_PROXY (self), "StopUnit",
123		g_variant_new ("(ss)", self->name, "fail"),
124		G_DBUS_CALL_FLAGS_NONE, -1, NULL, callback, user_data);
125		}
126
127		static void
128		realm_service_systemd_init (RealmServiceSystemd *self)
129		{
130
131		}
132
133		static void
134		realm_service_systemd_set_property (GObject *obj,
135		guint property_id,
136		const GValue *value,
137		GParamSpec *pspec)
138		{
139		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (obj);
140
141		switch (property_id) {
142		case PROP_SERVICE_NAME:
143		self->name = g_value_dup_string (value);
144		break;
145		default:
146		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, property_id, pspec);
147		break;
148		}
149		}
150
151		static void
152		realm_service_systemd_get_property (GObject *obj,
153		guint property_id,
154		GValue *value,
155		GParamSpec *pspec)
156		{
157		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (obj);
158
159		switch (property_id) {
160		case PROP_SERVICE_NAME:
161		g_value_set_string (value, self->name);
162		break;
163		default:
164		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, property_id, pspec);
165		break;
166		}
167		}
168
169		static void
170		realm_service_systemd_finalize (GObject *obj)
171		{
172		RealmServiceSystemd *self = REALM_SERVICE_SYSTEMD (obj);
173
174		g_free (self->name);
175
176		G_OBJECT_CLASS (realm_service_systemd_parent_class)->finalize (obj);
177		}
178
179		static void
180		realm_service_systemd_class_init (RealmServiceSystemdClass *klass)
181		{
182		RealmServiceClass *service_class = REALM_SERVICE_CLASS (klass);
183		GObjectClass *object_class = G_OBJECT_CLASS (klass);
184
185		object_class->get_property = realm_service_systemd_get_property;
186		object_class->set_property = realm_service_systemd_set_property;
187		object_class->finalize = realm_service_systemd_finalize;
188
189		service_class->enable = realm_service_systemd_enable;
190		service_class->enable_finish = realm_service_systemd_dbus_finish;
191		service_class->disable = realm_service_systemd_disable;
192		service_class->disable_finish = realm_service_systemd_dbus_finish;
193		service_class->restart = realm_service_systemd_restart;
194		service_class->restart_finish = realm_service_systemd_dbus_finish;
195		service_class->stop = realm_service_systemd_stop;
196		service_class->stop_finish = realm_service_systemd_dbus_finish;
197
198		g_object_class_install_property (object_class, PROP_SERVICE_NAME,
199		g_param_spec_string ("service-name", "Service Name", "Service Name",
200		"", G_PARAM_READWRITE \| G_PARAM_CONSTRUCT_ONLY \| G_PARAM_STATIC_STRINGS));
201		}
202
203		static void
204		on_systemd_ping (GObject *source,
205		GAsyncResult *result,
206		gpointer user_data)
207		{
208		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
209		GError *error = NULL;
210		GVariant *retval;
211
212		retval = g_dbus_connection_call_finish (G_DBUS_CONNECTION (source),
213		result, &error);
214		if (error == NULL) {
215		g_debug ("Pinged systemd successfully");
216		g_variant_unref (retval);
217		} else {
218		g_debug ("Pinging systemd failed: %s", error->message);
219		g_simple_async_result_take_error (async, error);
220		}
221
222		g_simple_async_result_complete (async);
223		g_object_unref (async);
224		}
225
226		static void
227		on_systemd_created (GObject *source,
228		GAsyncResult *result,
229		gpointer user_data)
230		{
231		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
232		GError *error = NULL;
233		GDBusProxy *self;
234
235		self = G_DBUS_PROXY (g_async_initable_new_finish (G_ASYNC_INITABLE (source),
236		result, &error));
237
238		if (error == NULL) {
239		g_debug ("Pinging systemd to make sure it's running");
240		g_simple_async_result_set_op_res_gpointer (async, self, g_object_unref);
241		g_dbus_connection_call (g_dbus_proxy_get_connection (self),
242		g_dbus_proxy_get_name (self),
243		"/", "org.freedesktop.DBus.Peer",
244		"Ping", g_variant_new ("()"),
245		G_VARIANT_TYPE ("()"),
246		G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START,
247		-1, NULL, on_systemd_ping, g_object_ref (async));
248		} else {
249		g_debug ("Failed to connect to systemd: %s", error->message);
250		g_simple_async_result_take_error (async, error);
251		g_simple_async_result_complete (async);
252		}
253
254		g_object_unref (async);
255		}
256
257		void
258		realm_service_systemd_new (const gchar *service_name,
259		GAsyncReadyCallback callback,
260		gpointer user_data)
261		{
262		GSimpleAsyncResult *async;
263		gchar *service;
264
265		g_debug ("Connecting to systemd for service: %s", service_name);
266
267		service = g_strdup_printf ("%s.service", service_name);
268		async = g_simple_async_result_new (NULL, callback, user_data,
269		realm_service_systemd_new);
270
271		g_async_initable_new_async (REALM_TYPE_SERVICE_SYSTEMD, G_PRIORITY_DEFAULT, NULL,
272		on_systemd_created, g_object_ref (async),
273		"service-name", service,
274		"g-flags", G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START,
275		"g-name", "org.freedesktop.systemd1",
276		"g-bus-type", G_BUS_TYPE_SYSTEM,
277		"g-object-path", "/org/freedesktop/systemd1",
278		"g-interface-name", "org.freedesktop.systemd1.Manager",
279		NULL);
280
281		g_free (service);
282		g_object_unref (async);
283		}
284
285		RealmService *
286		realm_service_systemd_new_finish (GAsyncResult *result,
287		GError **error)
288		{
289		GSimpleAsyncResult *async;
290		RealmService *service;
291
292		g_return_val_if_fail (g_simple_async_result_is_valid (result, NULL,
293		realm_service_systemd_new), NULL);
294		g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
295
296		async = G_SIMPLE_ASYNC_RESULT (result);
297		if (g_simple_async_result_propagate_error (async, error))
298		return NULL;
299
300		service = REALM_SERVICE (g_simple_async_result_get_op_res_gpointer (async));
301		if (service != NULL)
302		g_object_ref (service);
303		return service;
304		}

-41

~~service/realm-service-systemd.h~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#ifndef __REALM_SERVICE_SYSTEMD_H__
17		#define __REALM_SERVICE_SYSTEMD_H__
18
19		#include <gio/gio.h>
20
21		G_BEGIN_DECLS
22
23		#define REALM_TYPE_SERVICE_SYSTEMD (realm_service_systemd_get_type ())
24		#define REALM_SERVICE_SYSTEMD(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_SERVICE_SYSTEMD, RealmServiceSystemd))
25		#define REALM_IS_SERVICE_SYSTEMD(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_SERVICE_SYSTEMD))
26
27		typedef struct _RealmServiceSystemd RealmServiceSystemd;
28
29		GType realm_service_systemd_get_type (void) G_GNUC_CONST;
30
31		void realm_service_systemd_new (const gchar *service_name,
32		GAsyncReadyCallback callback,
33		gpointer user_data);
34
35		RealmService * realm_service_systemd_new_finish (GAsyncResult *result,
36		GError **error);
37
38		G_END_DECLS
39
40		#endif /* __REALM_SERVICE_SYSTEMD_H__ */

-362

~~service/realm-service-upstart.c~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#include "realm-diagnostics.h"
17		#include "realm-service.h"
18		#include "realm-service-upstart.h"
19
20		enum {
21		PROP_0,
22		PROP_SERVICE_NAME
23		};
24
25		struct _RealmServiceUpstart {
26		RealmService parent;
27		gchar *name;
28		};
29
30		typedef struct _RealmServiceUpstartClass {
31		RealmServiceClass parent_class;
32		} RealmServiceUpstartClass;
33
34		G_DEFINE_TYPE (RealmServiceUpstart, realm_service_upstart, REALM_TYPE_SERVICE);
35
36		static gboolean
37		realm_service_upstart_dbus_finish (RealmService *service,
38		GAsyncResult *result,
39		GError **error)
40		{
41		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (service);
42		GVariant *retval;
43		GError *lerror = NULL;
44
45		retval = g_dbus_proxy_call_finish (G_DBUS_PROXY (service), result, &lerror);
46		if (retval != NULL)
47		g_variant_unref (retval);
48
49		if (lerror != NULL) {
50		g_debug ("Service call failed: %s: %s", self->name, lerror->message);
51		g_propagate_error (error, lerror);
52		}
53
54		return retval != NULL;
55		}
56
57		static gboolean
58		realm_service_upstart_stub_finish (RealmService *service,
59		GAsyncResult *result,
60		GError **error)
61		{
62		if (g_simple_async_result_propagate_error (G_SIMPLE_ASYNC_RESULT (result), error))
63		return FALSE;
64		return TRUE;
65		}
66
67		static void
68		realm_service_upstart_enable (RealmService *service,
69		GDBusMethodInvocation *invocation,
70		GAsyncReadyCallback callback,
71		gpointer user_data)
72		{
73		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (service);
74		GSimpleAsyncResult *async;
75
76		/* TODO: Not sure what to do here for upstart */
77		g_debug ("Enabling Upstart service '%s' is not implemented", self->name);
78
79		async = g_simple_async_result_new (G_OBJECT (service), callback, user_data,
80		realm_service_upstart_stub_finish);
81		g_simple_async_result_complete_in_idle (async);
82
83		g_object_unref (async);
84		}
85
86		static void
87		realm_service_upstart_disable (RealmService *service,
88		GDBusMethodInvocation *invocation,
89		GAsyncReadyCallback callback,
90		gpointer user_data)
91		{
92		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (service);
93		GSimpleAsyncResult *async;
94
95		/* TODO: Not sure what to do here for upstart */
96		g_debug ("Disabling Upstart service '%s' is not implemented", self->name);
97
98		async = g_simple_async_result_new (G_OBJECT (service), callback, user_data,
99		realm_service_upstart_stub_finish);
100		g_simple_async_result_complete_in_idle (async);
101		g_object_unref (async);
102		}
103
104		static void
105		realm_service_upstart_restart (RealmService *service,
106		GDBusMethodInvocation *invocation,
107		GAsyncReadyCallback callback,
108		gpointer user_data)
109		{
110		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (service);
111		const char *environ = { NULL };
112
113		realm_diagnostics_info (invocation, "Restarting service via upstart: %s", self->name);
114
115		g_dbus_proxy_call (G_DBUS_PROXY (self), "Restart",
116		g_variant_new ("(^asb)", environ, TRUE),
117		G_DBUS_CALL_FLAGS_NONE, -1, NULL,
118		callback, user_data);
119		}
120
121		static void
122		realm_service_upstart_stop (RealmService *service,
123		GDBusMethodInvocation *invocation,
124		GAsyncReadyCallback callback,
125		gpointer user_data)
126		{
127		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (service);
128		const char *environ = { NULL };
129
130		realm_diagnostics_info (invocation, "Stopping service via upstart: %s", self->name);
131
132		g_dbus_proxy_call (G_DBUS_PROXY (self), "Stop",
133		g_variant_new ("(^asb)", environ, TRUE),
134		G_DBUS_CALL_FLAGS_NONE, -1, NULL,
135		callback, user_data);
136		}
137
138		static void
139		realm_service_upstart_init (RealmServiceUpstart *self)
140		{
141
142		}
143
144		static void
145		realm_service_upstart_set_property (GObject *obj,
146		guint property_id,
147		const GValue *value,
148		GParamSpec *pspec)
149		{
150		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (obj);
151
152		switch (property_id) {
153		case PROP_SERVICE_NAME:
154		self->name = g_value_dup_string (value);
155		break;
156		default:
157		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, property_id, pspec);
158		break;
159		}
160		}
161
162		static void
163		realm_service_upstart_get_property (GObject *obj,
164		guint property_id,
165		GValue *value,
166		GParamSpec *pspec)
167		{
168		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (obj);
169
170		switch (property_id) {
171		case PROP_SERVICE_NAME:
172		g_value_set_string (value, self->name);
173		break;
174		default:
175		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, property_id, pspec);
176		break;
177		}
178		}
179
180		static void
181		realm_service_upstart_finalize (GObject *obj)
182		{
183		RealmServiceUpstart *self = REALM_SERVICE_UPSTART (obj);
184
185		g_free (self->name);
186
187		G_OBJECT_CLASS (realm_service_upstart_parent_class)->finalize (obj);
188		}
189
190		static void
191		realm_service_upstart_class_init (RealmServiceUpstartClass *klass)
192		{
193		RealmServiceClass *service_class = REALM_SERVICE_CLASS (klass);
194		GObjectClass *object_class = G_OBJECT_CLASS (klass);
195
196		object_class->get_property = realm_service_upstart_get_property;
197		object_class->set_property = realm_service_upstart_set_property;
198		object_class->finalize = realm_service_upstart_finalize;
199
200		service_class->enable = realm_service_upstart_enable;
201		service_class->enable_finish = realm_service_upstart_stub_finish;
202		service_class->disable = realm_service_upstart_disable;
203		service_class->disable_finish = realm_service_upstart_stub_finish;
204		service_class->restart = realm_service_upstart_restart;
205		service_class->restart_finish = realm_service_upstart_dbus_finish;
206		service_class->stop = realm_service_upstart_stop;
207		service_class->stop_finish = realm_service_upstart_dbus_finish;
208
209		g_object_class_install_property (object_class, PROP_SERVICE_NAME,
210		g_param_spec_string ("service-name", "Service Name", "Service Name",
211		"", G_PARAM_READWRITE \| G_PARAM_CONSTRUCT_ONLY \| G_PARAM_STATIC_STRINGS));
212		}
213
214		typedef struct {
215		gchar *name;
216		RealmService *service;
217		} UpstartClosure;
218
219		static void
220		upstart_closure_free (gpointer data)
221		{
222		UpstartClosure *upstart = data;
223		g_free (upstart->name);
224		if (upstart->service)
225		g_object_unref (upstart->service);
226		g_slice_free (UpstartClosure, upstart);
227		}
228		static void
229		on_upstart_created (GObject *source,
230		GAsyncResult *result,
231		gpointer user_data)
232		{
233		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
234		UpstartClosure *upstart = g_simple_async_result_get_op_res_gpointer (async);
235		RealmService *self;
236		GError *error = NULL;
237
238		self = REALM_SERVICE (g_async_initable_new_finish (G_ASYNC_INITABLE (source),
239		result, &error));
240
241		if (error == NULL) {
242		g_debug ("Connected to Upstart job for service: %s", upstart->name);
243		upstart->service = self;
244
245		} else {
246		g_debug ("Failed to create proxy for Upstart job: %s", error->message);
247		g_simple_async_result_take_error (async, error);
248		}
249
250		g_simple_async_result_complete (async);
251		g_object_unref (async);
252		}
253
254		static void
255		on_upstart_get_job (GObject *source,
256		GAsyncResult *result,
257		gpointer user_data)
258		{
259		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
260		UpstartClosure *upstart = g_simple_async_result_get_op_res_gpointer (async);
261		const gchar *job_path;
262		GVariant *retval;
263		GError *error = NULL;
264
265		retval = g_dbus_connection_call_finish (G_DBUS_CONNECTION (source), result, &error);
266		if (error == NULL) {
267		g_variant_get (retval, "(&o)", &job_path);
268		g_debug ("GetJobByName returned object path '%s', creating proxy", job_path);
269
270		g_async_initable_new_async (REALM_TYPE_SERVICE_UPSTART,
271		G_PRIORITY_DEFAULT, NULL,
272		on_upstart_created, g_object_ref (async),
273		"service-name", upstart->name,
274		"g-flags", G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START,
275		"g-name", "com.ubuntu.Upstart",
276		"g-connection", G_DBUS_CONNECTION (source),
277		"g-object-path", job_path,
278		"g-interface-name", "com.ubuntu.Upstart0_6.Job",
279		NULL);
280		g_variant_unref (retval);
281		} else {
282		g_debug ("GetJobByName failed: %s", error->message);
283		g_simple_async_result_take_error (async, error);
284		g_simple_async_result_complete (async);
285		}
286
287		g_object_unref (async);
288		}
289
290		static void
291		on_upstart_bus (GObject *source,
292		GAsyncResult *result,
293		gpointer user_data)
294		{
295		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
296		UpstartClosure *upstart = g_simple_async_result_get_op_res_gpointer (async);
297		GError *error = NULL;
298		GDBusConnection *conn;
299
300		conn = g_bus_get_finish (result, &error);
301		if (error == NULL) {
302		g_debug ("Calling Upstart GetJobByName for service: %s", upstart->name);
303		g_dbus_connection_call (conn, "com.ubuntu.Upstart",
304		"/com/ubuntu/Upstart",
305		"com.ubuntu.Upstart0_6",
306		"GetJobByName",
307		g_variant_new ("(s)", upstart->name),
308		G_VARIANT_TYPE ("(o)"),
309		G_DBUS_PROXY_FLAGS_DO_NOT_AUTO_START,
310		-1, NULL, on_upstart_get_job,
311		g_object_ref (async));
312		} else {
313		g_debug ("Failed to connect to system bus: %s", error->message);
314		g_simple_async_result_take_error (async, error);
315		g_simple_async_result_complete (async);
316		}
317
318		g_object_unref (async);
319		}
320
321		void
322		realm_service_upstart_new (const gchar *service_name,
323		GAsyncReadyCallback callback,
324		gpointer user_data)
325		{
326		GSimpleAsyncResult *async;
327		UpstartClosure *upstart;
328
329		g_debug ("Connecting to Upstart for service: %s", service_name);
330
331		async = g_simple_async_result_new (NULL, callback, user_data,
332		realm_service_upstart_new);
333		upstart = g_slice_new0 (UpstartClosure);
334		upstart->name = g_strdup (service_name);
335		g_simple_async_result_set_op_res_gpointer (async, upstart, upstart_closure_free);
336
337		g_bus_get (G_BUS_TYPE_SYSTEM, NULL, on_upstart_bus, g_object_ref (async));
338
339		g_object_unref (async);
340		}
341
342		RealmService *
343		realm_service_upstart_new_finish (GAsyncResult *result,
344		GError **error)
345		{
346		GSimpleAsyncResult *async;
347		UpstartClosure *upstart;
348
349		g_return_val_if_fail (g_simple_async_result_is_valid (result, NULL,
350		realm_service_upstart_new), NULL);
351		g_return_val_if_fail (error == NULL \|\| *error == NULL, NULL);
352
353		async = G_SIMPLE_ASYNC_RESULT (result);
354		if (g_simple_async_result_propagate_error (async, error))
355		return NULL;
356
357		upstart = g_simple_async_result_get_op_res_gpointer (async);
358		if (upstart->service == NULL)
359		return NULL;
360		return g_object_ref (upstart->service);
361		}

-41

~~service/realm-service-upstart.h~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#ifndef __REALM_SERVICE_UPSTART_H__
17		#define __REALM_SERVICE_UPSTART_H__
18
19		#include <gio/gio.h>
20
21		G_BEGIN_DECLS
22
23		#define REALM_TYPE_SERVICE_UPSTART (realm_service_upstart_get_type ())
24		#define REALM_SERVICE_UPSTART(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_SERVICE_UPSTART, RealmServiceUpstart))
25		#define REALM_IS_SERVICE_UPSTART(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_SERVICE_UPSTART))
26
27		typedef struct _RealmServiceUpstart RealmServiceUpstart;
28
29		GType realm_service_upstart_get_type (void) G_GNUC_CONST;
30
31		void realm_service_upstart_new (const gchar *service_name,
32		GAsyncReadyCallback callback,
33		gpointer user_data);
34
35		RealmService * realm_service_upstart_new_finish (GAsyncResult *result,
36		GError **error);
37
38		G_END_DECLS
39
40		#endif /* __REALM_SERVICE_UPSTART_H__ */

+111

-431

service/realm-service.c less more

13	13
14	14	#include "config.h"
15	15
	16	#include "realm-command.h"
16	17	#include "realm-service.h"
17		#include "realm-service-systemd.h"
18		#include "realm-service-upstart.h"
19	18	#include "realm-settings.h"
20	19
21	20	#include <glib/gi18n.h>
22	21
23		static void (* discovered_service_new) (const gchar *service_name,
24		GAsyncReadyCallback callback,
25		gpointer user_data);
26
27		static RealmService * (* discovered_service_new_finish) (GAsyncResult *result,
28		GError **error);
29
30		G_DEFINE_TYPE (RealmService, realm_service, G_TYPE_DBUS_PROXY);
31
32		static void
33		realm_service_init (RealmService *self)
34		{
35
36		}
37
38		static void
39		realm_service_class_init (RealmServiceClass *klass)
40		{
41
42		}
43
44		typedef struct {
45		gchar *name;
46		RealmService *service;
47		} InitClosure;
48
49		static void
50		init_closure_free (gpointer data)
51		{
52		InitClosure *init = data;
53		g_free (init->name);
54		if (init->service)
55		g_object_unref (init->service);
56		g_slice_free (InitClosure, init);
57		}
58
59		static void
60		on_service_new_upstart (GObject *source,
61		GAsyncResult *result,
62		gpointer user_data)
63		{
64		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
65		InitClosure *init = g_simple_async_result_get_op_res_gpointer (async);
66		GError *error = NULL;
67		RealmService *service;
68
69		service = realm_service_upstart_new_finish (result, &error);
70
71		if (error != NULL) {
72		g_simple_async_result_take_error (async, error);
73
74		} else {
75		g_debug ("Connected to Upstart, discovered the service manager");
76		discovered_service_new = realm_service_upstart_new;
77		discovered_service_new_finish = realm_service_upstart_new_finish;
78		init->service = service;
79		}
80
81		g_simple_async_result_complete (async);
82		g_object_unref (async);
83		}
84
85		static void
86		on_service_new_systemd (GObject *source,
87		GAsyncResult *result,
88		gpointer user_data)
89		{
90		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
91		InitClosure *init = g_simple_async_result_get_op_res_gpointer (async);
92		GError *error = NULL;
93		RealmService *service;
94
95		service = realm_service_systemd_new_finish (result, &error);
96
97		/* If no such service, then try Upstart */
98		if (g_error_matches (error, G_DBUS_ERROR, G_DBUS_ERROR_SERVICE_UNKNOWN)) {
99		g_debug ("Couldn't connect to systemd, trying Upstart");
100		realm_service_upstart_new (init->name, on_service_new_upstart,
101		g_object_ref (async));
102
103		/* Some other error? */
104		} else if (error != NULL) {
105		g_simple_async_result_take_error (async, error);
106		g_simple_async_result_complete (async);
107
108		/* Success yay */
109		} else {
110		g_debug ("Connected to systemd, discovered the service manager");
111		discovered_service_new = realm_service_systemd_new;
112		discovered_service_new_finish = realm_service_systemd_new_finish;
113		init->service = service;
114		g_simple_async_result_complete (async);
115		}
116
117		g_object_unref (async);
118		}
119
120		void
121		realm_service_new (const gchar *service_name,
122		GDBusMethodInvocation *invocation,
123		GAsyncReadyCallback callback,
124		gpointer user_data)
125		{
126		GSimpleAsyncResult *async;
127		InitClosure *init;
128		const gchar *name;
129
130		g_return_if_fail (service_name != NULL);
131
132		name = realm_settings_string ("services", service_name);
133		if (name == NULL)
134		name = service_name;
135
136		/* Discover which service type works */
137		if (discovered_service_new == NULL) {
138		g_debug ("No service manager discovered, trying systemd");
139		async = g_simple_async_result_new (NULL, callback, user_data,
140		realm_service_new);
141		init = g_slice_new0 (InitClosure);
142		init->name = g_strdup (name);
143		g_simple_async_result_set_op_res_gpointer (async, init, init_closure_free);
144		realm_service_systemd_new (init->name, on_service_new_systemd,
145		g_object_ref (async));
146		g_object_unref (async);
147
148		/* Already discovered which service type works */
149		} else {
150		discovered_service_new (name, callback, user_data);
151		}
152		}
153
154		RealmService *
155		realm_service_new_finish (GAsyncResult *result,
156		GError **error)
157		{
158		GSimpleAsyncResult *async;
159		RealmService *service = NULL;
160		InitClosure *init;
161
162		if (g_simple_async_result_is_valid (result, NULL, realm_service_new)) {
163		async = G_SIMPLE_ASYNC_RESULT (result);
164		if (g_simple_async_result_propagate_error (async, error))
165		return NULL;
166		init = g_simple_async_result_get_op_res_gpointer (async);
167		if (init->service == NULL)
168		return NULL;
169		else
170		return g_object_ref (init->service);
171		} else {
172		return discovered_service_new_finish (result, error);
173		}
174
175		return service;
176		}
177
178		void
179		realm_service_impl_enable (RealmService *self,
180		GDBusMethodInvocation *invocation,
181		GAsyncReadyCallback callback,
182		gpointer user_data)
183		{
184		RealmServiceClass *klass;
185
186		g_return_if_fail (REALM_IS_SERVICE (self));
187
188		klass = REALM_SERVICE_GET_CLASS (self);
189		g_return_if_fail (klass->enable != NULL);
190
191		(klass->enable) (self, invocation, callback, user_data);
192		}
193
194		gboolean
195		realm_service_impl_enable_finish (RealmService *self,
196		GAsyncResult *result,
197		GError **error)
198		{
199		RealmServiceClass *klass;
200
201		g_return_val_if_fail (REALM_IS_SERVICE (self), FALSE);
202
203		klass = REALM_SERVICE_GET_CLASS (self);
204		g_return_val_if_fail (klass->enable_finish != NULL, FALSE);
205
206		return (klass->enable_finish) (self, result, error);
207		}
208
209		void
210		realm_service_impl_disable (RealmService *self,
211		GDBusMethodInvocation *invocation,
212		GAsyncReadyCallback callback,
213		gpointer user_data)
214		{
215		RealmServiceClass *klass;
216
217		g_return_if_fail (REALM_IS_SERVICE (self));
218
219		klass = REALM_SERVICE_GET_CLASS (self);
220		g_return_if_fail (klass->disable != NULL);
221
222		(klass->disable) (self, invocation, callback, user_data);
223		}
224
225		gboolean
226		realm_service_impl_disable_finish (RealmService *self,
227		GAsyncResult *result,
228		GError **error)
229		{
230		RealmServiceClass *klass;
231
232		g_return_val_if_fail (REALM_IS_SERVICE (self), FALSE);
233
234		klass = REALM_SERVICE_GET_CLASS (self);
235		g_return_val_if_fail (klass->disable_finish != NULL, FALSE);
236
237		return (klass->disable_finish) (self, result, error);
238		}
239
240		void
241		realm_service_impl_restart (RealmService *self,
242		GDBusMethodInvocation *invocation,
243		GAsyncReadyCallback callback,
244		gpointer user_data)
245		{
246		RealmServiceClass *klass;
247
248		g_return_if_fail (REALM_IS_SERVICE (self));
249
250		klass = REALM_SERVICE_GET_CLASS (self);
251		g_return_if_fail (klass->restart != NULL);
252
253		(klass->restart) (self, invocation, callback, user_data);
254		}
255
256		gboolean
257		realm_service_impl_restart_finish (RealmService *self,
258		GAsyncResult *result,
259		GError **error)
260		{
261		RealmServiceClass *klass;
262
263		g_return_val_if_fail (REALM_IS_SERVICE (self), FALSE);
264
265		klass = REALM_SERVICE_GET_CLASS (self);
266		g_return_val_if_fail (klass->restart_finish != NULL, FALSE);
267
268		return (klass->restart_finish) (self, result, error);
269		}
270
271		void
272		realm_service_impl_stop (RealmService *self,
273		GDBusMethodInvocation *invocation,
274		GAsyncReadyCallback callback,
275		gpointer user_data)
276		{
277		RealmServiceClass *klass;
278
279		g_return_if_fail (REALM_IS_SERVICE (self));
280
281		klass = REALM_SERVICE_GET_CLASS (self);
282		g_return_if_fail (klass->stop != NULL);
283
284		(klass->stop) (self, invocation, callback, user_data);
285		}
286
287		gboolean
288		realm_service_impl_stop_finish (RealmService *self,
289		GAsyncResult *result,
290		GError **error)
291		{
292		RealmServiceClass *klass;
293
294		g_return_val_if_fail (REALM_IS_SERVICE (self), FALSE);
295
296		klass = REALM_SERVICE_GET_CLASS (self);
297		g_return_val_if_fail (klass->stop_finish != NULL, FALSE);
298
299		return (klass->stop_finish) (self, result, error);
300		}
301
302		static void
303		on_restart_restarted (GObject *source,
304		GAsyncResult *result,
	22	void
	23	realm_service_enable (const gchar *service_name,
	24	GDBusMethodInvocation *invocation,
	25	GAsyncReadyCallback callback,
305	26	gpointer user_data)
306	27	{
307		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
308		RealmService *service = REALM_SERVICE (source);
309		GError *error = NULL;
310
311		realm_service_impl_restart_finish (service, result, &error);
312		if (error != NULL)
313		g_simple_async_result_take_error (async, error);
314		g_simple_async_result_complete (async);
315
316		g_object_unref (async);
317		}
318
319		static void
320		on_restart_created (GObject *source,
321		GAsyncResult *result,
322		gpointer user_data)
323		{
324		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
325		GDBusMethodInvocation *invocation;
326		RealmService *service;
327		GError *error = NULL;
328
329		service = realm_service_new_finish (result, &error);
330		if (error == NULL) {
331		invocation = g_simple_async_result_get_op_res_gpointer (async);
332		realm_service_impl_restart (service, invocation, on_restart_restarted,
333		g_object_ref (async));
334		g_object_unref (service);
335		} else {
336		g_simple_async_result_take_error (async, error);
337		g_simple_async_result_complete (async);
338		}
339
340		g_object_unref (async);
	28	gchar *command;
	29
	30	command = g_strdup_printf ("%s-enable-service", service_name);
	31	realm_command_run_known_async (command, NULL, invocation, NULL, callback, user_data);
	32	g_free (command);
	33	}
	34
	35	gboolean
	36	realm_service_enable_finish (GAsyncResult *result,
	37	GError **error)
	38	{
	39	return realm_command_run_finish (result, NULL, error) != -1;
	40	}
	41
	42	void
	43	realm_service_disable (const gchar *service_name,
	44	GDBusMethodInvocation *invocation,
	45	GAsyncReadyCallback callback,
	46	gpointer user_data)
	47	{
	48	gchar *command;
	49
	50	command = g_strdup_printf ("%s-disable-service", service_name);
	51	realm_command_run_known_async (command, NULL, invocation, NULL, callback, user_data);
	52	g_free (command);
	53	}
	54
	55	gboolean
	56	realm_service_disable_finish (GAsyncResult *result,
	57	GError **error)
	58	{
	59	return realm_command_run_finish (result, NULL, error) != -1;
341	60	}
342	61
343	62	void

346	65	GAsyncReadyCallback callback,
347	66	gpointer user_data)
348	67	{
349		GSimpleAsyncResult *async;
350
351		async = g_simple_async_result_new (NULL, callback, user_data,
352		realm_service_restart);
353		if (invocation) {
354		g_simple_async_result_set_op_res_gpointer (async,
355		g_object_ref (invocation),
356		g_object_unref);
357		}
358
359		realm_service_new (service_name, invocation,
360		on_restart_created, g_object_ref (async));
361
362		g_object_unref (async);
	68	gchar *command;
	69
	70	command = g_strdup_printf ("%s-restart-service", service_name);
	71	realm_command_run_known_async (command, NULL, invocation, NULL, callback, user_data);
	72	g_free (command);
363	73	}
364	74
365	75	gboolean
366	76	realm_service_restart_finish (GAsyncResult *result,
367	77	GError **error)
368	78	{
369		GSimpleAsyncResult *async;
370
371		g_return_val_if_fail (g_simple_async_result_is_valid (result, NULL,
372		realm_service_restart), FALSE);
373		g_return_val_if_fail (error == NULL \|\| *error == NULL, FALSE);
374
375		async = G_SIMPLE_ASYNC_RESULT (result);
376		if (g_simple_async_result_propagate_error (async, error))
377		return FALSE;
378
379		return TRUE;
	79	return realm_command_run_finish (result, NULL, error) != -1;
	80	}
	81
	82	void
	83	realm_service_stop (const gchar *service_name,
	84	GDBusMethodInvocation *invocation,
	85	GAsyncReadyCallback callback,
	86	gpointer user_data)
	87	{
	88	gchar *command;
	89
	90	command = g_strdup_printf ("%s-stop-service", service_name);
	91	realm_command_run_known_async (command, NULL, invocation, NULL, callback, user_data);
	92	g_free (command);
	93	}
	94
	95	gboolean
	96	realm_service_stop_finish (GAsyncResult *result,
	97	GError **error)
	98	{
	99	return realm_command_run_finish (result, NULL, error) != -1;
	100	}
	101
	102	typedef struct {
	103	gchar *service_name;
	104	GDBusMethodInvocation *invocation;
	105	} CallClosure;
	106
	107	static void
	108	call_closure_free (gpointer data)
	109	{
	110	CallClosure *call = data;
	111	g_free (call->service_name);
	112	g_clear_object (&call->invocation);
	113	g_slice_free (CallClosure, call);
380	114	}
381	115
382	116	static void

385	119	gpointer user_data)
386	120	{
387	121	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
388		RealmService *service = REALM_SERVICE (source);
389		GError *error = NULL;
390
391		realm_service_impl_restart_finish (service, result, &error);
	122	GError *error = NULL;
	123
	124	realm_service_restart_finish (result, &error);
392	125	if (error != NULL)
393	126	g_simple_async_result_take_error (async, error);
394	127	g_simple_async_result_complete (async);

403	136	gpointer user_data)
404	137	{
405	138	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
406		RealmService *service = REALM_SERVICE (source);
407		GDBusMethodInvocation *invocation;
408		GError *error = NULL;
409
410		realm_service_impl_enable_finish (service, result, &error);
	139	CallClosure *call = g_simple_async_result_get_op_res_gpointer (async);
	140	GError *error = NULL;
	141
	142	realm_service_enable_finish (result, &error);
411	143	if (error == NULL) {
412		invocation = g_simple_async_result_get_op_res_gpointer (async);
413		realm_service_impl_restart (service, invocation, on_enable_restarted,
414		g_object_ref (async));
415		} else {
416		g_simple_async_result_take_error (async, error);
417		g_simple_async_result_complete (async);
418		}
419
420		g_object_unref (async);
421		}
422
423		static void
424		on_enable_created (GObject *source,
425		GAsyncResult *result,
426		gpointer user_data)
427		{
428		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
429		GDBusMethodInvocation *invocation;
430		RealmService *service;
431		GError *error = NULL;
432
433		service = realm_service_new_finish (result, &error);
434		if (error == NULL) {
435		invocation = g_simple_async_result_get_op_res_gpointer (async);
436		realm_service_impl_enable (service, invocation, on_enable_enabled,
437		g_object_ref (async));
438		g_object_unref (service);
	144	realm_service_restart (call->service_name, call->invocation,
	145	on_enable_restarted, g_object_ref (async));
439	146	} else {
440	147	g_simple_async_result_take_error (async, error);
441	148	g_simple_async_result_complete (async);

451	158	gpointer user_data)
452	159	{
453	160	GSimpleAsyncResult *async;
	161	CallClosure *call;
454	162
455	163	async = g_simple_async_result_new (NULL, callback, user_data,
456	164	realm_service_enable_and_restart);
457		if (invocation) {
458		g_simple_async_result_set_op_res_gpointer (async,
459		g_object_ref (invocation),
460		g_object_unref);
461		}
462
463		realm_service_new (service_name, invocation,
464		on_enable_created, g_object_ref (async));
	165	call = g_slice_new0 (CallClosure);
	166	call->service_name = g_strdup (service_name);
	167	call->invocation = invocation ? g_object_ref (invocation) : invocation;
	168	g_simple_async_result_set_op_res_gpointer (async, call, call_closure_free);
	169
	170	realm_service_enable (call->service_name, call->invocation,
	171	on_enable_enabled, g_object_ref (async));
465	172
466	173	g_object_unref (async);
467	174	}

489	196	gpointer user_data)
490	197	{
491	198	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
492		RealmService *service = REALM_SERVICE (source);
493		GError *error = NULL;
494
495		realm_service_impl_stop_finish (service, result, &error);
	199	GError *error = NULL;
	200
	201	realm_service_stop_finish (result, &error);
496	202	if (error != NULL)
497	203	g_simple_async_result_take_error (async, error);
498	204	g_simple_async_result_complete (async);

507	213	gpointer user_data)
508	214	{
509	215	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
510		RealmService *service = REALM_SERVICE (source);
511		GDBusMethodInvocation *invocation;
512		GError *error = NULL;
513
514		realm_service_impl_disable_finish (service, result, &error);
	216	CallClosure *call = g_simple_async_result_get_op_res_gpointer (async);
	217	GError *error = NULL;
	218
	219	realm_service_disable_finish (result, &error);
515	220	if (error == NULL) {
516		invocation = g_simple_async_result_get_op_res_gpointer (async);
517		realm_service_impl_stop (service, invocation, on_disable_stopped,
518		g_object_ref (async));
519		} else {
520		g_simple_async_result_take_error (async, error);
521		g_simple_async_result_complete (async);
522		}
523
524		g_object_unref (async);
525		}
526
527		static void
528		on_disable_created (GObject *source,
529		GAsyncResult *result,
530		gpointer user_data)
531		{
532		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
533		GDBusMethodInvocation *invocation;
534		RealmService *service;
535		GError *error = NULL;
536
537		service = realm_service_new_finish (result, &error);
538		if (error == NULL) {
539		invocation = g_simple_async_result_get_op_res_gpointer (async);
540		realm_service_impl_disable (service, invocation, on_disable_disabled,
541		g_object_ref (async));
542		g_object_unref (service);
	221	realm_service_stop (call->service_name, call->invocation,
	222	on_disable_stopped, g_object_ref (async));
543	223	} else {
544	224	g_simple_async_result_take_error (async, error);
545	225	g_simple_async_result_complete (async);

555	235	gpointer user_data)
556	236	{
557	237	GSimpleAsyncResult *async;
	238	CallClosure *call;
558	239
559	240	async = g_simple_async_result_new (NULL, callback, user_data,
560	241	realm_service_disable_and_stop);
561		if (invocation) {
562		g_simple_async_result_set_op_res_gpointer (async,
563		g_object_ref (invocation),
564		g_object_unref);
565		}
566
567		realm_service_new (service_name, invocation,
568		on_disable_created, g_object_ref (async));
	242	call = g_slice_new0 (CallClosure);
	243	call->service_name = g_strdup (service_name);
	244	call->invocation = invocation ? g_object_ref (invocation) : invocation;
	245	g_simple_async_result_set_op_res_gpointer (async, call, call_closure_free);
	246
	247	realm_service_disable (call->service_name, call->invocation,
	248	on_disable_disabled, g_object_ref (async));
569	249
570	250	g_object_unref (async);
571	251	}

-82

service/realm-service.h less more

20	20
21	21	G_BEGIN_DECLS
22	22
23		#define REALM_TYPE_SERVICE (realm_service_get_type ())
24		#define REALM_SERVICE(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_SERVICE, RealmService))
25		#define REALM_IS_SERVICE(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_SERVICE))
26		#define REALM_SERVICE_CLASS(klass) (G_TYPE_CHECK_CLASS_CAST ((klass), REALM_TYPE_SERVICE, RealmServiceClass))
27		#define REALM_IS_SERVICE_CLASS(klass) (G_TYPE_CHECK_CLASS_TYPE ((klass), REALM_TYPE_SERVICE))
28		#define REALM_SERVICE_GET_CLASS(obj) (G_TYPE_INSTANCE_GET_CLASS ((obj), REALM_TYPE_SERVICE, RealmServiceClass))
29
30		typedef struct _RealmService RealmService;
31		typedef struct _RealmServiceClass RealmServiceClass;
32
33		struct _RealmService {
34		GDBusProxy parent;
35		};
36
37		struct _RealmServiceClass {
38		GDBusProxyClass parent_class;
39
40		void (* enable) (RealmService *service,
41		GDBusMethodInvocation *invocation,
42		GAsyncReadyCallback callback,
43		gpointer user_data);
44
45		gboolean (* enable_finish) (RealmService *service,
46		GAsyncResult *result,
47		GError **error);
48
49		void (* disable) (RealmService *service,
50		GDBusMethodInvocation *invocation,
51		GAsyncReadyCallback callback,
52		gpointer user_data);
53
54		gboolean (* disable_finish) (RealmService *service,
55		GAsyncResult *result,
56		GError **error);
57
58		void (* restart) (RealmService *service,
59		GDBusMethodInvocation *invocation,
60		GAsyncReadyCallback callback,
61		gpointer user_data);
62
63		gboolean (* restart_finish) (RealmService *service,
64		GAsyncResult *result,
65		GError **error);
66
67		void (* stop) (RealmService *service,
68		GDBusMethodInvocation *invocation,
69		GAsyncReadyCallback callback,
70		gpointer user_data);
71
72		gboolean (* stop_finish) (RealmService *service,
73		GAsyncResult *result,
74		GError **error);
75		};
76
77		GType realm_service_get_type (void) G_GNUC_CONST;
78
79		void realm_service_new (const gchar *service_name,
	23	void realm_service_enable (const gchar *service_name,
80	24	GDBusMethodInvocation *invocation,
81	25	GAsyncReadyCallback callback,
82	26	gpointer user_data);
83	27
84		RealmService * realm_service_new_finish (GAsyncResult *result,
	28	gboolean realm_service_enable_finish (GAsyncResult *result,
85	29	GError **error);
86	30
87		void realm_service_impl_enable (RealmService *service,
	31	void realm_service_disable (const gchar *service_name,
88	32	GDBusMethodInvocation *invocation,
89	33	GAsyncReadyCallback callback,
90	34	gpointer user_data);
91	35
92		gboolean realm_service_impl_enable_finish (RealmService *service,
93		GAsyncResult *result,
	36	gboolean realm_service_disable_finish (GAsyncResult *result,
94	37	GError **error);
95	38
96		void realm_service_impl_disable (RealmService *service,
	39	void realm_service_stop (const gchar *service_name,
97	40	GDBusMethodInvocation *invocation,
98	41	GAsyncReadyCallback callback,
99	42	gpointer user_data);
100	43
101		gboolean realm_service_impl_disable_finish (RealmService *service,
102		GAsyncResult *result,
103		GError **error);
104
105		void realm_service_impl_restart (RealmService *service,
106		GDBusMethodInvocation *invocation,
107		GAsyncReadyCallback callback,
108		gpointer user_data);
109
110		gboolean realm_service_impl_restart_finish (RealmService *service,
111		GAsyncResult *result,
112		GError **error);
113
114		void realm_service_impl_stop (RealmService *service,
115		GDBusMethodInvocation *invocation,
116		GAsyncReadyCallback callback,
117		gpointer user_data);
118
119		gboolean realm_service_impl_stop_finish (RealmService *service,
120		GAsyncResult *result,
	44	gboolean realm_service_stop_finish (GAsyncResult *result,
121	45	GError **error);
122	46
123	47	void realm_service_restart (const gchar *service_name,

-228

~~service/realm-sssd-ad-provider.c~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#include "realm-command.h"
17		#include "realm-daemon.h"
18		#include "realm-dbus-constants.h"
19		#include "realm-diagnostics.h"
20		#include "realm-discovery.h"
21		#include "realm-errors.h"
22		#include "realm-kerberos.h"
23		#include "realm-kerberos-discover.h"
24		#include "realm-packages.h"
25		#include "realm-sssd-ad.h"
26		#include "realm-sssd-ad-provider.h"
27		#include "realm-sssd-config.h"
28
29		#include <glib/gstdio.h>
30
31		#include <errno.h>
32
33		struct _RealmSssdAdProvider {
34		RealmProvider parent;
35		RealmIniConfig *config;
36		};
37
38		typedef struct {
39		RealmProviderClass parent_class;
40		} RealmSssdAdProviderClass;
41
42		enum {
43		PROP_0,
44		PROP_SSSD_CONFIG,
45		};
46
47		#define REALM_DBUS_SSSD_AD_PATH "/org/freedesktop/realmd/SssdAd"
48
49		G_DEFINE_TYPE (RealmSssdAdProvider, realm_sssd_ad_provider, REALM_TYPE_PROVIDER);
50
51		static void
52		realm_sssd_ad_provider_init (RealmSssdAdProvider *self)
53		{
54		self->config = realm_sssd_config_new (NULL);
55		}
56
57		static void
58		realm_sssd_ad_provider_constructed (GObject *obj)
59		{
60		RealmSssdAdProvider *self;
61		gchar **domains;
62		gchar *section;
63		gchar *realm;
64		gchar *type;
65		gint i;
66
67		G_OBJECT_CLASS (realm_sssd_ad_provider_parent_class)->constructed (obj);
68
69		self = REALM_SSSD_AD_PROVIDER (obj);
70
71		realm_provider_set_name (REALM_PROVIDER (self), "SssdAd");
72
73		domains = realm_sssd_config_get_domains (self->config);
74		for (i = 0; domains && domains[i] != 0; i++) {
75		section = realm_sssd_config_domain_to_section (domains[i]);
76		type = realm_ini_config_get (self->config, section, "id_provider");
77		realm = realm_ini_config_get (self->config, section, "krb5_realm");
78		g_free (section);
79
80		if (g_strcmp0 (type, "ad") == 0) {
81		realm_provider_lookup_or_register_realm (REALM_PROVIDER (self),
82		REALM_TYPE_SSSD_AD,
83		realm ? realm : domains[i], NULL);
84		}
85
86		g_free (realm);
87		g_free (type);
88		}
89		g_strfreev (domains);
90		}
91
92		static void
93		on_kerberos_discover (GObject *source,
94		GAsyncResult *result,
95		gpointer user_data)
96		{
97		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
98		g_simple_async_result_set_op_res_gpointer (async, g_object_ref (result), g_object_unref);
99		g_simple_async_result_complete (async);
100		g_object_unref (async);
101		}
102
103		static void
104		realm_sssd_ad_provider_discover_async (RealmProvider *provider,
105		const gchar *string,
106		GVariant *options,
107		GDBusMethodInvocation *invocation,
108		GAsyncReadyCallback callback,
109		gpointer user_data)
110		{
111		GSimpleAsyncResult *async;
112
113		async = g_simple_async_result_new (G_OBJECT (provider), callback, user_data,
114		realm_sssd_ad_provider_discover_async);
115
116		if (!realm_provider_match_options (options,
117		REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY,
118		REALM_DBUS_IDENTIFIER_SSSD)) {
119		g_simple_async_result_complete_in_idle (async);
120
121		} else {
122		realm_kerberos_discover_async (string, invocation, on_kerberos_discover,
123		g_object_ref (async));
124		}
125
126		g_object_unref (async);
127		}
128
129		static gint
130		realm_sssd_ad_provider_discover_finish (RealmProvider *provider,
131		GAsyncResult *result,
132		GVariant **realms,
133		GError **error)
134		{
135		GSimpleAsyncResult *async;
136		GAsyncResult *ad_result;
137		RealmKerberos *realm = NULL;
138		GHashTable *discovery;
139		const gchar *object_path;
140		gchar *name;
141
142		async = G_SIMPLE_ASYNC_RESULT (result);
143		ad_result = g_simple_async_result_get_op_res_gpointer (async);
144		if (ad_result == NULL)
145		return 0;
146
147		name = realm_kerberos_discover_finish (ad_result, &discovery, error);
148		if (name == NULL)
149		return 0;
150
151		if (realm_discovery_has_string (discovery,
152		REALM_DBUS_OPTION_SERVER_SOFTWARE,
153		REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY)) {
154
155		realm = realm_provider_lookup_or_register_realm (provider,
156		REALM_TYPE_SSSD_AD,
157		name, discovery);
158		}
159
160		g_free (name);
161		g_hash_table_unref (discovery);
162
163		if (realm == NULL)
164		return 0;
165
166		object_path = g_dbus_object_get_object_path (G_DBUS_OBJECT (realm));
167		*realms = g_variant_new_objv (&object_path, 1);
168		g_variant_ref_sink (*realms);
169
170		/* Return a higher priority if we're the default */
171		return realm_provider_is_default (REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY, REALM_DBUS_IDENTIFIER_SSSD) ? 100 : 50;
172		}
173
174		static void
175		realm_sssd_ad_provider_get_property (GObject *obj,
176		guint prop_id,
177		GValue *value,
178		GParamSpec *pspec)
179		{
180		RealmSssdAdProvider *self = REALM_SSSD_AD_PROVIDER (obj);
181
182		switch (prop_id) {
183		case PROP_SSSD_CONFIG:
184		g_value_set_object (value, self->config);
185		break;
186		default:
187		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
188		break;
189		}
190		}
191
192		static void
193		realm_sssd_ad_provider_finalize (GObject *obj)
194		{
195		RealmSssdAdProvider *self = REALM_SSSD_AD_PROVIDER (obj);
196
197		g_object_unref (self->config);
198
199		G_OBJECT_CLASS (realm_sssd_ad_provider_parent_class)->finalize (obj);
200		}
201
202		void
203		realm_sssd_ad_provider_class_init (RealmSssdAdProviderClass *klass)
204		{
205		RealmProviderClass *provider_class = REALM_PROVIDER_CLASS (klass);
206		GObjectClass *object_class = G_OBJECT_CLASS (klass);
207
208		provider_class->discover_async = realm_sssd_ad_provider_discover_async;
209		provider_class->discover_finish = realm_sssd_ad_provider_discover_finish;
210
211		object_class->constructed = realm_sssd_ad_provider_constructed;
212		object_class->get_property = realm_sssd_ad_provider_get_property;
213		object_class->finalize = realm_sssd_ad_provider_finalize;
214
215		g_object_class_install_property (object_class, PROP_SSSD_CONFIG,
216		g_param_spec_object ("sssd-config", "Sssd Config", "Sssd Config",
217		REALM_TYPE_INI_CONFIG, G_PARAM_READABLE \| G_PARAM_STATIC_STRINGS));
218
219		}
220
221		RealmProvider *
222		realm_sssd_ad_provider_new (void)
223		{
224		return g_object_new (REALM_TYPE_SSSD_AD_PROVIDER,
225		"g-object-path", REALM_DBUS_SSSD_AD_PATH,
226		NULL);
227		}

-38

~~service/realm-sssd-ad-provider.h~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#ifndef __REALM_SSSD_AD_PROVIDER_H__
17		#define __REALM_SSSD_AD_PROVIDER_H__
18
19		#include <gio/gio.h>
20
21		#include "realm-provider.h"
22
23		G_BEGIN_DECLS
24
25		#define REALM_TYPE_SSSD_AD_PROVIDER (realm_sssd_ad_provider_get_type ())
26		#define REALM_SSSD_AD_PROVIDER(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_SSSD_AD_PROVIDER, RealmSssdAdProvider))
27		#define REALM_IS_SSSD_AD_PROVIDER(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_SSSD_AD_PROVIDER))
28
29		typedef struct _RealmSssdAdProvider RealmSssdAdProvider;
30
31		GType realm_sssd_ad_provider_get_type (void) G_GNUC_CONST;
32
33		RealmProvider * realm_sssd_ad_provider_new (void);
34
35		G_END_DECLS
36
37		#endif /* __REALM_SSSD_AD_PROVIDER_H__ */

+110

-115

service/realm-sssd-ad.c less more

22	22	#include "realm-packages.h"
23	23	#include "realm-samba-enroll.h"
24	24	#include "realm-service.h"
	25	#include "realm-settings.h"
25	26	#include "realm-sssd.h"
26	27	#include "realm-sssd-ad.h"
27	28	#include "realm-sssd-config.h"

79	80
80	81	/*
81	82	* Each line is a combination of owner and what kind of credentials are supported,
82		* same for enroll/unenroll. We can't accept a ccache, because samba3 needs
	83	* same for enroll/leave. We can't accept a ccache, because samba3 needs
83	84	* to have credentials limited to RC4.
84	85	*/
85	86	supported = realm_kerberos_membership_build_supported (

94	95	supported = realm_kerberos_membership_build_supported (
95	96	REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_OWNER_ADMIN,
96	97	REALM_KERBEROS_CREDENTIAL_PASSWORD, REALM_KERBEROS_OWNER_USER,
	98	REALM_KERBEROS_CREDENTIAL_AUTOMATIC, REALM_KERBEROS_OWNER_NONE,
97	99	0);
98	100	realm_kerberos_set_supported_leave_creds (kerberos, supported);
99	101

110	112	const gchar **packages;
111	113
112	114	/* Used for adcli enroll */
	115	gboolean automatic;
113	116	GBytes *one_time_password;
114	117	gchar *ccache_file;
115	118

187	190	gchar **parts;
188	191	gchar *rdn;
189	192	gchar *dn;
	193	gchar *home;
190	194	gint i;
191	195
192	196	/* Calculate the domain and dn */

200	204	dn = g_strjoinv (",", parts);
201	205	g_strfreev (parts);
202	206
	207	home = realm_sssd_build_default_home (realm_settings_string ("users", "default-home"));
	208
203	209	ret = realm_sssd_config_add_domain (config, workgroup, error,
204	210	"enumerate", "False",
205	211	"re_expression", "(?P<domain>[^\\\\]+)\\\\(?P<name>[^\\\\]+)",
206	212	"full_name_format", "%2$s\\%1$s",
207	213	"case_sensitive", "False",
208		"cache_credentials", "False",
	214	"cache_credentials", "True",
209	215	"use_fully_qualified_names", "True",
210	216
211	217	"id_provider", "ad",
212	218	"auth_provider", "ad",
213	219	"access_provider", "simple",
	220	"simple_allow_users", ",",
214	221	"chpass_provider", "ad",
215	222
216	223	"ad_domain", domain,
217	224	"krb5_realm", realm,
218	225	"krb5_store_password_if_offline", "True",
219	226
	227	"fallback_homedir", home,
220	228	NULL);
221	229
	230	g_free (home);
222	231	g_free (domain);
223	232	g_free (dn);
224	233

239	248
240	249
241	250	if (join->use_adcli) {
242		if (!realm_adcli_enroll_join_finish (result, &workgroup, &error))
	251	if (!realm_adcli_enroll_join_finish (result, &workgroup, &error)) {
243	252	workgroup = NULL;
	253	if (join->automatic &&
	254	g_error_matches (error, REALM_ERROR, REALM_ERROR_AUTH_FAILED)) {
	255	g_clear_error (&error);
	256	g_set_error (&error, REALM_ERROR, REALM_ERROR_AUTH_FAILED,
	257	_("Unable to automatically join the domain"));
	258	}
	259	}
244	260	} else {
245	261	if (realm_samba_enroll_join_finish (result, &settings, &error)) {
246	262	workgroup = g_strdup (g_hash_table_lookup (settings, "workgroup"));

300	316	g_object_ref (async));
301	317
302	318	} else if (join->use_adcli) {
	319	g_assert (join->automatic);
303	320	realm_adcli_enroll_join_automatic_async (join->realm_name,
304	321	join->computer_ou,
305	322	join->invocation,

487	504
488	505	if (async) {
489	506	join = g_simple_async_result_get_op_res_gpointer (async);
	507	join->automatic = TRUE;
490	508	realm_packages_install_async (join->packages, join->invocation,
491	509	on_install_do_join, g_object_ref (async));
492	510	g_object_unref (async);

536	554	if (async) {
537	555	join = g_simple_async_result_get_op_res_gpointer (async);
538	556
539		/* If using samba, then only for a subset of enctypes */
540	557	if (join->use_adcli) {
541	558	realm_kerberos_kinit_ccache_async (REALM_KERBEROS (membership),
542	559	user_name, password, NULL,

557	574	GDBusMethodInvocation *invocation;
558	575	gchar *realm_name;
559	576	gchar *ccache_file;
560		} UnenrollClosure;
561
562		static void
563		unenroll_closure_free (gpointer data)
564		{
565		UnenrollClosure *unenroll = data;
566		g_free (unenroll->realm_name);
567		if (unenroll->ccache_file)
568		realm_keberos_ccache_delete_and_free (unenroll->ccache_file);
569		g_object_unref (unenroll->invocation);
570		g_slice_free (UnenrollClosure, unenroll);
571		}
572
573		static void
574		on_service_disable_done (GObject *source,
	577	} LeaveClosure;
	578
	579	static void
	580	leave_closure_free (gpointer data)
	581	{
	582	LeaveClosure *leave = data;
	583	g_free (leave->realm_name);
	584	if (leave->ccache_file)
	585	realm_keberos_ccache_delete_and_free (leave->ccache_file);
	586	g_object_unref (leave->invocation);
	587	g_slice_free (LeaveClosure, leave);
	588	}
	589
	590	static void
	591	on_leave_do_deconfigure (GObject *source,
575	592	GAsyncResult *result,
576	593	gpointer user_data)
577	594	{
578	595	GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
579		GError *error = NULL;
580
581		realm_service_disable_and_stop_finish (result, &error);
582		if (error != NULL)
583		g_simple_async_result_take_error (res, error);
584		g_simple_async_result_complete (res);
585
586		g_object_unref (res);
587		}
588
589		static void
590		on_service_restart_done (GObject *source,
591		GAsyncResult *result,
592		gpointer user_data)
593		{
594		GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
595		GError *error = NULL;
596
597		realm_service_restart_finish (result, &error);
598		if (error != NULL)
599		g_simple_async_result_take_error (res, error);
600		g_simple_async_result_complete (res);
601
602		g_object_unref (res);
603		}
604
605		static void
606		on_leave_do_sssd (GObject *source,
607		GAsyncResult *result,
608		gpointer user_data)
609		{
610		GSimpleAsyncResult *res = G_SIMPLE_ASYNC_RESULT (user_data);
611		UnenrollClosure *unenroll = g_simple_async_result_get_op_res_gpointer (res);
	596	LeaveClosure *leave = g_simple_async_result_get_op_res_gpointer (res);
612	597	RealmSssd *sssd = REALM_SSSD (g_async_result_get_source_object (user_data));
613	598	GError *error = NULL;
614		RealmIniConfig *config;
615		gchar **domains;
616
617		realm_samba_enroll_leave_finish (result, NULL);
618	599
619	600	/* We don't care if we can leave or not, just continue with other steps */
620		config = realm_sssd_get_config (sssd);
621		realm_sssd_config_remove_domain (config, realm_sssd_get_config_domain (sssd), &error);
622
	601	realm_samba_enroll_leave_finish (result, &error);
623	602	if (error != NULL) {
624		g_simple_async_result_take_error (res, error);
625		g_simple_async_result_complete (res);
	603	realm_diagnostics_error (leave->invocation, error, NULL);
626	604	g_error_free (error);
627
628		} else {
629		/* If no domains, then disable sssd */
630		domains = realm_sssd_config_get_domains (config);
631		if (domains == NULL \|\| g_strv_length (domains) == 0) {
632		realm_service_disable_and_stop ("sssd", unenroll->invocation,
633		on_service_disable_done, g_object_ref (res));
634
635		/* If any domains left, then restart sssd */
636		} else {
637		realm_service_restart ("sssd", unenroll->invocation,
638		on_service_restart_done, g_object_ref (res));
639		}
640		g_strfreev (domains);
641		}
	605	}
	606
	607	realm_sssd_deconfigure_domain_tail (sssd, res, leave->invocation);
642	608
643	609	g_object_unref (sssd);
644	610	g_object_unref (res);
645	611	}
646	612
647		static void
648		realm_sssd_ad_unenroll_async (RealmKerberosMembership *membership,
649		const gchar *user_name,
650		GBytes *password,
651		RealmKerberosFlags flags,
652		GVariant *options,
653		GDBusMethodInvocation *invocation,
654		GAsyncReadyCallback callback,
655		gpointer user_data)
656		{
657		RealmKerberos *realm = REALM_KERBEROS (membership);
658		RealmSssd *sssd = REALM_SSSD (realm);
659		GSimpleAsyncResult *res;
660		UnenrollClosure *unenroll;
661		const gchar *computer_ou;
662
663		res = g_simple_async_result_new (G_OBJECT (realm), callback, user_data,
664		realm_sssd_ad_unenroll_async);
665		unenroll = g_slice_new0 (UnenrollClosure);
666		unenroll->realm_name = g_strdup (realm_kerberos_get_realm_name (realm));
667		unenroll->invocation = g_object_ref (invocation);
668		g_simple_async_result_set_op_res_gpointer (res, unenroll, unenroll_closure_free);
	613	static GSimpleAsyncResult *
	614	setup_leave (RealmSssdAd *self,
	615	GVariant *options,
	616	GDBusMethodInvocation *invocation,
	617	GAsyncReadyCallback callback,
	618	gpointer user_data)
	619	{
	620	GSimpleAsyncResult *async;
	621
	622	async = g_simple_async_result_new (G_OBJECT (self), callback, user_data, setup_leave);
669	623
670	624	/* Check that enrolled in this realm */
671		if (!realm_sssd_get_config_section (sssd)) {
672		g_simple_async_result_set_error (res, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED,
	625	if (!realm_sssd_get_config_section (REALM_SSSD (self))) {
	626	g_simple_async_result_set_error (async, REALM_ERROR, REALM_ERROR_NOT_CONFIGURED,
673	627	_("Not currently joined to this domain"));
674		g_simple_async_result_complete_in_idle (res);
675
676		} else if (g_variant_lookup (options, REALM_DBUS_OPTION_COMPUTER_OU, "&s", &computer_ou)) {
677		g_simple_async_result_set_error (res, G_DBUS_ERROR, G_DBUS_ERROR_INVALID_ARGS,
678		"The computer-ou argument is not supported when leaving a domain (using samba).");
679		g_simple_async_result_complete_in_idle (res);
680
681		} else {
682		realm_samba_enroll_leave_async (unenroll->realm_name, user_name, password,
683		unenroll->invocation, on_leave_do_sssd,
684		g_object_ref (res));
685		}
686
687		g_object_unref (res);
	628	g_simple_async_result_complete_in_idle (async);
	629	g_object_unref (async);
	630	return NULL;
	631	}
	632
	633	return async;
	634	}
	635
	636	static void
	637	realm_sssd_ad_leave_password_async (RealmKerberosMembership *membership,
	638	const gchar *user_name,
	639	GBytes *password,
	640	RealmKerberosFlags flags,
	641	GVariant *options,
	642	GDBusMethodInvocation *invocation,
	643	GAsyncReadyCallback callback,
	644	gpointer user_data)
	645	{
	646	RealmSssdAd *self = REALM_SSSD_AD (membership);
	647	GSimpleAsyncResult *async;
	648	LeaveClosure *leave;
	649
	650	async = setup_leave (self, options, invocation, callback, user_data);
	651	if (async == NULL)
	652	return;
	653
	654	leave = g_slice_new0 (LeaveClosure);
	655	leave->realm_name = g_strdup (realm_kerberos_get_realm_name (REALM_KERBEROS (self)));
	656	leave->invocation = g_object_ref (invocation);
	657	g_simple_async_result_set_op_res_gpointer (async, leave, leave_closure_free);
	658
	659	realm_samba_enroll_leave_async (leave->realm_name, user_name, password,
	660	leave->invocation, on_leave_do_deconfigure,
	661	g_object_ref (async));
	662	g_object_unref (async);
	663	}
	664
	665	static void
	666	realm_sssd_ad_leave_automatic_async (RealmKerberosMembership *membership,
	667	RealmKerberosFlags flags,
	668	GVariant *options,
	669	GDBusMethodInvocation *invocation,
	670	GAsyncReadyCallback callback,
	671	gpointer user_data)
	672	{
	673	RealmSssdAd *self = REALM_SSSD_AD (membership);
	674	GSimpleAsyncResult *async;
	675
	676	async = setup_leave (self, options, invocation, callback, user_data);
	677	if (async == NULL)
	678	return;
	679
	680	realm_sssd_deconfigure_domain_tail (REALM_SSSD (self), async, invocation);
	681	g_object_unref (async);
688	682	}
689	683
690	684	static gboolean

712	706	iface->enroll_password_async = realm_sssd_ad_join_password_async;
713	707	iface->enroll_secret_async = realm_sssd_ad_join_secret_async;
714	708	iface->enroll_finish = realm_sssd_ad_generic_finish;
715		iface->unenroll_password_async = realm_sssd_ad_unenroll_async;
	709	iface->unenroll_automatic_async = realm_sssd_ad_leave_automatic_async;
	710	iface->unenroll_password_async = realm_sssd_ad_leave_password_async;
716	711	iface->unenroll_finish = realm_sssd_ad_generic_finish;
717	712	}

-0

service/realm-sssd-config.c less more

107	107	const gchar *value;
108	108	const gchar *domains[2];
109	109	gchar *section;
	110	gchar *shell;
110	111	va_list va;
111	112
112	113	g_return_val_if_fail (REALM_IS_INI_CONFIG (config), FALSE);

130	131	realm_ini_config_set (config, "sssd", "services", "nss, pam");
131	132	realm_ini_config_set (config, "sssd", "config_file_version", "2");
132	133	}
	134
	135	/* Always make sure this is set */
	136	shell = realm_ini_config_get (config, "nss", "default_shell");
	137	if (shell == NULL) {
	138	realm_ini_config_set (config, "nss", "default_shell",
	139	realm_settings_string ("users", "default-shell"));
	140	}
	141	g_free (shell);
133	142
134	143	domains[0] = domain;
135	144	domains[1] = NULL;

-227

~~service/realm-sssd-ipa-provider.c~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#include "realm-command.h"
17		#include "realm-daemon.h"
18		#include "realm-dbus-constants.h"
19		#include "realm-diagnostics.h"
20		#include "realm-discovery.h"
21		#include "realm-errors.h"
22		#include "realm-kerberos.h"
23		#include "realm-kerberos-discover.h"
24		#include "realm-packages.h"
25		#include "realm-sssd-ipa.h"
26		#include "realm-sssd-ipa-provider.h"
27		#include "realm-sssd-config.h"
28
29		#include <glib/gstdio.h>
30
31		#include <errno.h>
32
33		struct _RealmSssdIpaProvider {
34		RealmProvider parent;
35		RealmIniConfig *config;
36		};
37
38		typedef struct {
39		RealmProviderClass parent_class;
40		} RealmSssdIpaProviderClass;
41
42		enum {
43		PROP_0,
44		PROP_SSSD_CONFIG,
45		};
46
47		#define REALM_DBUS_SSSD_IPA_PATH "/org/freedesktop/realmd/SssdIpa"
48
49		G_DEFINE_TYPE (RealmSssdIpaProvider, realm_sssd_ipa_provider, REALM_TYPE_PROVIDER);
50
51		static void
52		realm_sssd_ipa_provider_init (RealmSssdIpaProvider *self)
53		{
54		self->config = realm_sssd_config_new (NULL);
55		}
56
57		static void
58		realm_sssd_ipa_provider_constructed (GObject *obj)
59		{
60		RealmSssdIpaProvider *self;
61		gchar **domains;
62		gchar *section;
63		gchar *realm;
64		gchar *type;
65		gint i;
66
67		G_OBJECT_CLASS (realm_sssd_ipa_provider_parent_class)->constructed (obj);
68
69		self = REALM_SSSD_IPA_PROVIDER (obj);
70
71		realm_provider_set_name (REALM_PROVIDER (obj), "SssdIpa");
72
73		domains = realm_sssd_config_get_domains (self->config);
74		for (i = 0; domains && domains[i] != 0; i++) {
75		section = realm_sssd_config_domain_to_section (domains[i]);
76		type = realm_ini_config_get (self->config, section, "id_provider");
77		realm = realm_ini_config_get (self->config, section, "krb5_realm");
78		g_free (section);
79
80		if (g_strcmp0 (type, "ipa") == 0) {
81		realm_provider_lookup_or_register_realm (REALM_PROVIDER (self),
82		REALM_TYPE_SSSD_IPA,
83		realm ? realm : domains[i], NULL);
84		}
85
86		g_free (realm);
87		g_free (type);
88		}
89		g_strfreev (domains);
90		}
91
92		static void
93		on_ipa_discover (GObject *source,
94		GAsyncResult *result,
95		gpointer user_data)
96		{
97		GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
98		g_simple_async_result_set_op_res_gpointer (async, g_object_ref (result), g_object_unref);
99		g_simple_async_result_complete (async);
100		g_object_unref (async);
101		}
102
103		static void
104		realm_sssd_ipa_provider_discover_async (RealmProvider *provider,
105		const gchar *string,
106		GVariant *options,
107		GDBusMethodInvocation *invocation,
108		GAsyncReadyCallback callback,
109		gpointer user_data)
110		{
111		GSimpleAsyncResult *async;
112
113		async = g_simple_async_result_new (G_OBJECT (provider), callback, user_data,
114		realm_sssd_ipa_provider_discover_async);
115
116		if (!realm_provider_match_options (options,
117		REALM_DBUS_IDENTIFIER_FREEIPA,
118		REALM_DBUS_IDENTIFIER_SSSD)) {
119		g_simple_async_result_complete_in_idle (async);
120
121		} else {
122		realm_kerberos_discover_async (string, invocation, on_ipa_discover,
123		g_object_ref (async));
124		}
125
126		g_object_unref (async);
127
128		}
129
130		static gint
131		realm_sssd_ipa_provider_discover_finish (RealmProvider *provider,
132		GAsyncResult *result,
133		GVariant **realms,
134		GError **error)
135		{
136		GSimpleAsyncResult *async;
137		GAsyncResult *ipa_result;
138		RealmKerberos *realm = NULL;
139		GHashTable *discovery;
140		const gchar *object_path;
141		gchar *name;
142
143		async = G_SIMPLE_ASYNC_RESULT (result);
144		ipa_result = g_simple_async_result_get_op_res_gpointer (async);
145		if (ipa_result == NULL)
146		return 0;
147
148		name = realm_kerberos_discover_finish (ipa_result, &discovery, error);
149		if (name == NULL)
150		return 0;
151
152		if (realm_discovery_has_string (discovery,
153		REALM_DBUS_OPTION_SERVER_SOFTWARE,
154		REALM_DBUS_IDENTIFIER_FREEIPA)) {
155
156		realm = realm_provider_lookup_or_register_realm (provider,
157		REALM_TYPE_SSSD_IPA,
158		name, discovery);
159		}
160
161		g_free (name);
162		g_hash_table_unref (discovery);
163
164		if (realm == NULL)
165		return 0;
166
167		object_path = g_dbus_object_get_object_path (G_DBUS_OBJECT (realm));
168		*realms = g_variant_new_objv (&object_path, 1);
169		g_variant_ref_sink (*realms);
170
171		return 100;
172		}
173
174		static void
175		realm_sssd_ipa_provider_get_property (GObject *obj,
176		guint prop_id,
177		GValue *value,
178		GParamSpec *pspec)
179		{
180		RealmSssdIpaProvider *self = REALM_SSSD_IPA_PROVIDER (obj);
181
182		switch (prop_id) {
183		case PROP_SSSD_CONFIG:
184		g_value_set_object (value, self->config);
185		break;
186		default:
187		G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
188		break;
189		}
190		}
191
192		static void
193		realm_sssd_ipa_provider_finalize (GObject *obj)
194		{
195		RealmSssdIpaProvider *self = REALM_SSSD_IPA_PROVIDER (obj);
196
197		g_object_unref (self->config);
198
199		G_OBJECT_CLASS (realm_sssd_ipa_provider_parent_class)->finalize (obj);
200		}
201
202		void
203		realm_sssd_ipa_provider_class_init (RealmSssdIpaProviderClass *klass)
204		{
205		RealmProviderClass *provider_class = REALM_PROVIDER_CLASS (klass);
206		GObjectClass *object_class = G_OBJECT_CLASS (klass);
207
208		provider_class->discover_async = realm_sssd_ipa_provider_discover_async;
209		provider_class->discover_finish = realm_sssd_ipa_provider_discover_finish;
210
211		object_class->constructed = realm_sssd_ipa_provider_constructed;
212		object_class->get_property = realm_sssd_ipa_provider_get_property;
213		object_class->finalize = realm_sssd_ipa_provider_finalize;
214
215		g_object_class_install_property (object_class, PROP_SSSD_CONFIG,
216		g_param_spec_object ("sssd-config", "Sssd Config", "Sssd Config",
217		REALM_TYPE_INI_CONFIG, G_PARAM_READABLE \| G_PARAM_STATIC_STRINGS));
218		}
219
220		RealmProvider *
221		realm_sssd_ipa_provider_new (void)
222		{
223		return g_object_new (REALM_TYPE_SSSD_IPA_PROVIDER,
224		"g-object-path", REALM_DBUS_SSSD_IPA_PATH,
225		NULL);
226		}

-38

~~service/realm-sssd-ipa-provider.h~~ less more

0		/* realmd -- Realm configuration service
1		*
2		* Copyright 2012 Red Hat Inc
3		*
4		* This program is free software: you can redistribute it and/or modify
5		* it under the terms of the GNU Lesser General Public License as published
6		* by the Free Software Foundation; either version 2 of the licence or (at
7		* your option) any later version.
8		*
9		* See the included COPYING file for more information.
10		*
11		* Author: Stef Walter <stefw@gnome.org>
12		*/
13
14		#include "config.h"
15
16		#ifndef __REALM_SSSD_IPA_PROVIDER_H__
17		#define __REALM_SSSD_IPA_PROVIDER_H__
18
19		#include <gio/gio.h>
20
21		#include "realm-provider.h"
22
23		G_BEGIN_DECLS
24
25		#define REALM_TYPE_SSSD_IPA_PROVIDER (realm_sssd_ipa_provider_get_type ())
26		#define REALM_SSSD_IPA_PROVIDER(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_SSSD_IPA_PROVIDER, RealmSssdIpaProvider))
27		#define REALM_IS_SSSD_IPA_PROVIDER(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_SSSD_IPA_PROVIDER))
28
29		typedef struct _RealmSssdIpaProvider RealmSssdIpaProvider;
30
31		GType realm_sssd_ipa_provider_get_type (void) G_GNUC_CONST;
32
33		RealmProvider * realm_sssd_ipa_provider_new (void);
34
35		G_END_DECLS
36
37		#endif /* __REALM_SSSD_IPA_PROVIDER_H__ */

+259

-0

service/realm-sssd-provider.c less more

	0	/* realmd -- Realm configuration service
	1	*
	2	* Copyright 2012 Red Hat Inc
	3	*
	4	* This program is free software: you can redistribute it and/or modify
	5	* it under the terms of the GNU Lesser General Public License as published
	6	* by the Free Software Foundation; either version 2 of the licence or (at
	7	* your option) any later version.
	8	*
	9	* See the included COPYING file for more information.
	10	*
	11	* Author: Stef Walter <stefw@gnome.org>
	12	*/
	13
	14	#include "config.h"
	15
	16	#include "realm-command.h"
	17	#include "realm-daemon.h"
	18	#include "realm-dbus-constants.h"
	19	#include "realm-diagnostics.h"
	20	#include "realm-discovery.h"
	21	#include "realm-errors.h"
	22	#include "realm-kerberos.h"
	23	#include "realm-kerberos-discover.h"
	24	#include "realm-packages.h"
	25	#include "realm-sssd-ad.h"
	26	#include "realm-sssd-ipa.h"
	27	#include "realm-sssd-provider.h"
	28	#include "realm-sssd-config.h"
	29
	30	#include <glib/gstdio.h>
	31
	32	#include <errno.h>
	33
	34	struct _RealmSssdProvider {
	35	RealmProvider parent;
	36	RealmIniConfig *config;
	37	};
	38
	39	typedef struct {
	40	RealmProviderClass parent_class;
	41	} RealmSssdProviderClass;
	42
	43	enum {
	44	PROP_0,
	45	PROP_SSSD_CONFIG,
	46	};
	47
	48	#define REALM_DBUS_SSSD_PATH "/org/freedesktop/realmd/Sssd"
	49
	50	G_DEFINE_TYPE (RealmSssdProvider, realm_sssd_provider, REALM_TYPE_PROVIDER);
	51
	52	static void
	53	realm_sssd_provider_init (RealmSssdProvider *self)
	54	{
	55	self->config = realm_sssd_config_new (NULL);
	56	}
	57
	58	static void
	59	realm_sssd_provider_constructed (GObject *obj)
	60	{
	61	RealmSssdProvider *self;
	62	GType realm_type;
	63	const gchar *name;
	64	gchar **domains;
	65	gchar *section;
	66	gchar *realm;
	67	gchar *type;
	68	gchar *domain;
	69	gint i;
	70
	71	G_OBJECT_CLASS (realm_sssd_provider_parent_class)->constructed (obj);
	72
	73	self = REALM_SSSD_PROVIDER (obj);
	74
	75	realm_provider_set_name (REALM_PROVIDER (self), "Sssd");
	76
	77	domains = realm_sssd_config_get_domains (self->config);
	78	for (i = 0; domains && domains[i] != 0; i++) {
	79	section = realm_sssd_config_domain_to_section (domains[i]);
	80	type = realm_ini_config_get (self->config, section, "id_provider");
	81	realm = realm_ini_config_get (self->config, section, "krb5_realm");
	82	domain = NULL;
	83
	84	if (g_strcmp0 (type, "ad") == 0) {
	85	name = domain = realm_ini_config_get (self->config, section, "ad_domain");
	86	realm_type = REALM_TYPE_SSSD_AD;
	87	} else if (g_strcmp0 (type, "ipa") == 0) {
	88	name = domain = realm_ini_config_get (self->config, section, "ipa_domain");
	89	realm_type = REALM_TYPE_SSSD_IPA;
	90	} else {
	91	name = domain = NULL;
	92	realm_type = 0;
	93	}
	94
	95	if (name == NULL)
	96	name = realm;
	97	if (name == NULL)
	98	name = domains[i];
	99
	100	if (realm_type)
	101	realm_provider_lookup_or_register_realm (REALM_PROVIDER (self), realm_type, name, NULL);
	102
	103	g_free (realm);
	104	g_free (type);
	105	g_free (domain);
	106	g_free (section);
	107	}
	108	g_strfreev (domains);
	109	}
	110
	111	static void
	112	on_kerberos_discover (GObject *source,
	113	GAsyncResult *result,
	114	gpointer user_data)
	115	{
	116	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
	117	g_simple_async_result_set_op_res_gpointer (async, g_object_ref (result), g_object_unref);
	118	g_simple_async_result_complete (async);
	119	g_object_unref (async);
	120	}
	121
	122	static void
	123	realm_sssd_provider_discover_async (RealmProvider *provider,
	124	const gchar *string,
	125	GVariant *options,
	126	GDBusMethodInvocation *invocation,
	127	GAsyncReadyCallback callback,
	128	gpointer user_data)
	129	{
	130	GSimpleAsyncResult *async;
	131
	132	async = g_simple_async_result_new (G_OBJECT (provider), callback, user_data,
	133	realm_sssd_provider_discover_async);
	134
	135	if (!realm_provider_match_options (options, REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY,
	136	REALM_DBUS_IDENTIFIER_SSSD) &&
	137	!realm_provider_match_options (options, REALM_DBUS_IDENTIFIER_FREEIPA,
	138	REALM_DBUS_IDENTIFIER_SSSD)) {
	139	g_simple_async_result_complete_in_idle (async);
	140
	141	} else {
	142	realm_kerberos_discover_async (string, invocation, on_kerberos_discover,
	143	g_object_ref (async));
	144	}
	145
	146	g_object_unref (async);
	147	}
	148
	149	static gint
	150	realm_sssd_provider_discover_finish (RealmProvider *provider,
	151	GAsyncResult *result,
	152	GVariant **realms,
	153	GError **error)
	154	{
	155	GSimpleAsyncResult *async;
	156	GAsyncResult *ad_result;
	157	RealmKerberos *realm = NULL;
	158	GHashTable *discovery;
	159	const gchar *object_path;
	160	gint priority;
	161	gchar *name;
	162
	163	async = G_SIMPLE_ASYNC_RESULT (result);
	164	ad_result = g_simple_async_result_get_op_res_gpointer (async);
	165	if (ad_result == NULL)
	166	return 0;
	167
	168	name = realm_kerberos_discover_finish (ad_result, &discovery, error);
	169	if (name == NULL)
	170	return 0;
	171
	172	if (realm_discovery_has_string (discovery,
	173	REALM_DBUS_OPTION_SERVER_SOFTWARE,
	174	REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY)) {
	175
	176	realm = realm_provider_lookup_or_register_realm (provider,
	177	REALM_TYPE_SSSD_AD,
	178	name, discovery);
	179	priority = realm_provider_is_default (REALM_DBUS_IDENTIFIER_ACTIVE_DIRECTORY, REALM_DBUS_IDENTIFIER_SSSD) ? 100 : 50;
	180
	181	} else if (realm_discovery_has_string (discovery,
	182	REALM_DBUS_OPTION_SERVER_SOFTWARE,
	183	REALM_DBUS_IDENTIFIER_FREEIPA)) {
	184
	185	realm = realm_provider_lookup_or_register_realm (provider,
	186	REALM_TYPE_SSSD_IPA,
	187	name, discovery);
	188	priority = 100;
	189	}
	190
	191	g_free (name);
	192	g_hash_table_unref (discovery);
	193
	194	if (realm == NULL)
	195	return 0;
	196
	197	object_path = g_dbus_object_get_object_path (G_DBUS_OBJECT (realm));
	198	*realms = g_variant_new_objv (&object_path, 1);
	199	g_variant_ref_sink (*realms);
	200
	201	/* Return a higher priority if we're the default */
	202	return priority;
	203	}
	204
	205	static void
	206	realm_sssd_provider_get_property (GObject *obj,
	207	guint prop_id,
	208	GValue *value,
	209	GParamSpec *pspec)
	210	{
	211	RealmSssdProvider *self = REALM_SSSD_PROVIDER (obj);
	212
	213	switch (prop_id) {
	214	case PROP_SSSD_CONFIG:
	215	g_value_set_object (value, self->config);
	216	break;
	217	default:
	218	G_OBJECT_WARN_INVALID_PROPERTY_ID (obj, prop_id, pspec);
	219	break;
	220	}
	221	}
	222
	223	static void
	224	realm_sssd_provider_finalize (GObject *obj)
	225	{
	226	RealmSssdProvider *self = REALM_SSSD_PROVIDER (obj);
	227
	228	g_object_unref (self->config);
	229
	230	G_OBJECT_CLASS (realm_sssd_provider_parent_class)->finalize (obj);
	231	}
	232
	233	void
	234	realm_sssd_provider_class_init (RealmSssdProviderClass *klass)
	235	{
	236	RealmProviderClass *provider_class = REALM_PROVIDER_CLASS (klass);
	237	GObjectClass *object_class = G_OBJECT_CLASS (klass);
	238
	239	provider_class->discover_async = realm_sssd_provider_discover_async;
	240	provider_class->discover_finish = realm_sssd_provider_discover_finish;
	241
	242	object_class->constructed = realm_sssd_provider_constructed;
	243	object_class->get_property = realm_sssd_provider_get_property;
	244	object_class->finalize = realm_sssd_provider_finalize;
	245
	246	g_object_class_install_property (object_class, PROP_SSSD_CONFIG,
	247	g_param_spec_object ("sssd-config", "Sssd Config", "Sssd Config",
	248	REALM_TYPE_INI_CONFIG, G_PARAM_READABLE \| G_PARAM_STATIC_STRINGS));
	249
	250	}
	251
	252	RealmProvider *
	253	realm_sssd_provider_new (void)
	254	{
	255	return g_object_new (REALM_TYPE_SSSD_PROVIDER,
	256	"g-object-path", REALM_DBUS_SSSD_PATH,
	257	NULL);
	258	}

+38

-0

service/realm-sssd-provider.h less more

	0	/* realmd -- Realm configuration service
	1	*
	2	* Copyright 2012 Red Hat Inc
	3	*
	4	* This program is free software: you can redistribute it and/or modify
	5	* it under the terms of the GNU Lesser General Public License as published
	6	* by the Free Software Foundation; either version 2 of the licence or (at
	7	* your option) any later version.
	8	*
	9	* See the included COPYING file for more information.
	10	*
	11	* Author: Stef Walter <stefw@gnome.org>
	12	*/
	13
	14	#include "config.h"
	15
	16	#ifndef __REALM_SSSD_PROVIDER_H__
	17	#define __REALM_SSSD_PROVIDER_H__
	18
	19	#include <gio/gio.h>
	20
	21	#include "realm-provider.h"
	22
	23	G_BEGIN_DECLS
	24
	25	#define REALM_TYPE_SSSD_PROVIDER (realm_sssd_provider_get_type ())
	26	#define REALM_SSSD_PROVIDER(inst) (G_TYPE_CHECK_INSTANCE_CAST ((inst), REALM_TYPE_SSSD_PROVIDER, RealmSssdProvider))
	27	#define REALM_IS_SSSD_PROVIDER(inst) (G_TYPE_CHECK_INSTANCE_TYPE ((inst), REALM_TYPE_SSSD_PROVIDER))
	28
	29	typedef struct _RealmSssdProvider RealmSssdProvider;
	30
	31	GType realm_sssd_provider_get_type (void) G_GNUC_CONST;
	32
	33	RealmProvider * realm_sssd_provider_new (void);
	34
	35	G_END_DECLS
	36
	37	#endif /* __REALM_SSSD_PROVIDER_H__ */

+219

-20

service/realm-sssd.c less more

27	27
28	28	#include <glib/gstdio.h>
29	29
	30	#include <string.h>
	31
30	32	struct _RealmSssdPrivate {
31	33	gchar *domain;
32	34	gchar *section;

39	41	PROP_PROVIDER,
40	42	};
41	43
	44	static void update_properties (RealmSssd *self);
	45
42	46	G_DEFINE_TYPE (RealmSssd, realm_sssd, REALM_TYPE_KERBEROS);
43	47
44	48	static void

53	57	gpointer user_data)
54	58	{
55	59	GSimpleAsyncResult *async = G_SIMPLE_ASYNC_RESULT (user_data);
	60	RealmSssd *self = REALM_SSSD (g_async_result_get_source_object (user_data));
56	61	GError *error = NULL;
57	62
58	63	realm_service_restart_finish (result, &error);
59	64	if (error != NULL)
60	65	g_simple_async_result_take_error (async, error);
61	66
	67	update_properties (self);
62	68	g_simple_async_result_complete (async);
	69
63	70	g_object_unref (async);
	71	g_object_unref (self);
64	72	}
65	73
66	74	static gboolean

71	79	const gchar **remove_names,
72	80	GError **error)
73	81	{
	82	gchar *allow;
	83
74	84	if (!realm_ini_config_begin_change (config, error))
75	85	return FALSE;
76	86

78	88	realm_ini_config_set (config, section, "access_provider", access_provider);
79	89	realm_ini_config_set_list_diff (config, section, "simple_allow_users", ",",
80	90	add_names, remove_names);
	91
	92	/*
	93	* HACK: Work around for sssd problem where it allows users if
	94	* simple_allow_users is empty. Set it to a comma in this case.
	95	*/
	96	allow = realm_ini_config_get (config, section, "simple_allow_users");
	97	if (allow != NULL) {
	98	g_strstrip (allow);
	99	if (g_str_equal (allow, "") \|\| g_str_equal (allow, ",")) {
	100	g_free (allow);
	101	allow = NULL;
	102	}
	103	}
	104
	105	if (allow == NULL) {
	106	if (g_str_equal (access_provider, "simple"))
	107	realm_ini_config_set (config, section, "simple_allow_users", ",");
	108	else
	109	realm_ini_config_set (config, section, "simple_allow_users", NULL);
	110	}
	111
	112	g_free (allow);
	113
81	114	return realm_ini_config_finish_change (config, error);
82	115	}
83	116

138	171	return;
139	172	}
140	173
141		if (add_names && remove_names) {
142		ret = sssd_config_change_login_policy (self->pv->config,
143		self->pv->section,
144		access_provider,
145		(const gchar **)add_names,
146		(const gchar **)remove_names,
147		&error);
148
149		if (ret) {
150		realm_service_restart ("sssd", invocation,
151		on_logins_restarted,
152		g_object_ref (async));
153
154		} else {
155		g_simple_async_result_take_error (async, error);
156		g_simple_async_result_complete_in_idle (async);
157		}
	174	ret = sssd_config_change_login_policy (self->pv->config,
	175	self->pv->section,
	176	access_provider,
	177	(const gchar **)add_names,
	178	(const gchar **)remove_names,
	179	&error);
	180
	181	if (ret) {
	182	realm_service_restart ("sssd", invocation,
	183	on_logins_restarted,
	184	g_object_ref (async));
	185	} else {
	186	g_simple_async_result_take_error (async, error);
	187	g_simple_async_result_complete_in_idle (async);
158	188	}
159	189
160	190	g_strfreev (remove_names);

285	315	if (g_strcmp0 (access, "simple") == 0) {
286	316	values = realm_ini_config_get_list (self->pv->config, self->pv->section,
287	317	"simple_allow_users", ",");
288		for (i = 0; values != NULL && values[i] != NULL; i++)
289		g_ptr_array_add (permitted, realm_kerberos_format_login (kerberos, values[i]));
	318	for (i = 0; values != NULL && values[i] != NULL; i++) {
	319	if (!g_str_equal (values[i], ""))
	320	g_ptr_array_add (permitted, realm_kerberos_format_login (kerberos, values[i]));
	321	}
290	322	g_strfreev (values);
291	323	g_free (access);
292	324	policy = REALM_KERBEROS_ALLOW_PERMITTED_LOGINS;

325	357	for (i = 0; domains && domains[i]; i++) {
326	358	section = realm_sssd_config_domain_to_section (domains[i]);
327	359	realm = realm_ini_config_get (self->pv->config, section, "krb5_realm");
328		if (g_strcmp0 (realm, name) == 0) {
	360	if (realm && name && g_ascii_strcasecmp (realm, name) == 0) {
329	361	domain = g_strdup (domains[i]);
330	362	break;
331	363	} else {

441	473	g_return_val_if_fail (REALM_IS_SSSD (self), NULL);
442	474	return self->pv->domain;
443	475	}
	476
	477	gchar *
	478	realm_sssd_build_default_home (const gchar *value)
	479	{
	480	gchar *home;
	481	char *pos;
	482
	483	/* Change from our format to the sssd format place-holders */
	484	home = g_strdup (value);
	485	pos = strstr (home, "%U");
	486	if (pos)
	487	pos[1] = 'u';
	488	pos = strstr (home, "%D");
	489	if (pos)
	490	pos[1] = 'd';
	491
	492	return home;
	493	}
	494
	495	typedef struct {
	496	GSimpleAsyncResult *async;
	497	GDBusMethodInvocation *invocation;
	498	RealmIniConfig *config;
	499	gchar *domain;
	500	} DeconfClosure;
	501
	502	static void
	503	deconfigure_closure_free (gpointer data)
	504	{
	505	DeconfClosure *deconf = data;
	506	g_object_unref (deconf->async);
	507	g_object_unref (deconf->invocation);
	508	g_object_unref (deconf->config);
	509	g_free (deconf->domain);
	510	g_slice_free (DeconfClosure, deconf);
	511	}
	512
	513	static void
	514	on_service_disable_done (GObject *source,
	515	GAsyncResult *result,
	516	gpointer user_data)
	517	{
	518	DeconfClosure *deconf = user_data;
	519	GError *error = NULL;
	520
	521	realm_service_disable_and_stop_finish (result, &error);
	522	if (error != NULL) {
	523	realm_diagnostics_error (deconf->invocation, error, NULL);
	524	g_error_free (error);
	525	}
	526
	527	g_simple_async_result_complete (deconf->async);
	528	deconfigure_closure_free (deconf);
	529	}
	530
	531	static void
	532	on_service_restart_done (GObject *source,
	533	GAsyncResult *result,
	534	gpointer user_data)
	535	{
	536	DeconfClosure *deconf = user_data;
	537	GError *error = NULL;
	538
	539	realm_service_restart_finish (result, &error);
	540	if (error != NULL) {
	541	realm_diagnostics_error (deconf->invocation, error, NULL);
	542	g_error_free (error);
	543	}
	544
	545	g_simple_async_result_complete (deconf->async);
	546	deconfigure_closure_free (deconf);
	547	}
	548
	549	static void
	550	on_disable_nss_service (GObject *source,
	551	GAsyncResult *result,
	552	gpointer user_data)
	553	{
	554	DeconfClosure *deconf = user_data;
	555	GError *error = NULL;
	556	gint status;
	557
	558	status = realm_command_run_finish (result, NULL, &error);
	559	if (error == NULL && status != 0) {
	560	realm_diagnostics_error (deconf->invocation, error,
	561	"Disabling sssd in PAM failed.");
	562	g_clear_error (&error);
	563	}
	564
	565	realm_service_disable_and_stop ("sssd", deconf->invocation,
	566	on_service_disable_done, deconf);
	567	}
	568
	569	static void
	570	on_sssd_clear_cache (GObject *source,
	571	GAsyncResult *result,
	572	gpointer user_data)
	573	{
	574	DeconfClosure *deconf = user_data;
	575	GError *error = NULL;
	576	gchar **domains;
	577	gint status;
	578
	579	status = realm_command_run_finish (result, NULL, &error);
	580	if (status != 0) {
	581	realm_diagnostics_error (deconf->invocation, error,
	582	"Flushing the sssd cache failed");
	583	g_clear_error (&error);
	584	}
	585
	586	/* Deconfigure sssd.conf */
	587	realm_diagnostics_info (deconf->invocation, "Removing domain configuration from sssd.conf");
	588	if (!realm_sssd_config_remove_domain (deconf->config, deconf->domain, &error)) {
	589	g_simple_async_result_take_error (deconf->async, error);
	590	g_simple_async_result_complete (deconf->async);
	591	deconfigure_closure_free (deconf);
	592	return;
	593	}
	594
	595	/* If no domains, then disable sssd */
	596	domains = realm_sssd_config_get_domains (deconf->config);
	597	if (domains == NULL \|\| g_strv_length (domains) == 0) {
	598	realm_command_run_known_async ("sssd-disable-logins", NULL, deconf->invocation,
	599	NULL, on_disable_nss_service, deconf);
	600
	601	/* If any domains left, then restart sssd */
	602	} else {
	603	realm_service_restart ("sssd", deconf->invocation,
	604	on_service_restart_done, deconf);
	605	}
	606
	607	g_strfreev (domains);
	608	}
	609
	610	void
	611	realm_sssd_deconfigure_domain_tail (RealmSssd *self,
	612	GSimpleAsyncResult *async,
	613	GDBusMethodInvocation *invocation)
	614	{
	615	DeconfClosure *deconf;
	616	GError *error = NULL;
	617	const gchar *realm_name;
	618
	619	realm_name = realm_kerberos_get_realm_name (REALM_KERBEROS (self));
	620
	621	/* Flush the keytab of all the entries for this realm */
	622	realm_diagnostics_info (invocation, "Removing entries from keytab for realm");
	623	if (!realm_kerberos_flush_keytab (realm_name, &error)) {
	624	g_simple_async_result_take_error (async, error);
	625	g_simple_async_result_complete_in_idle (async);
	626	return;
	627	}
	628
	629	deconf = g_new0 (DeconfClosure, 1);
	630	deconf->async = g_object_ref (async);
	631	deconf->invocation = g_object_ref (invocation);
	632	deconf->config = g_object_ref (self->pv->config);
	633	deconf->domain = g_strdup (self->pv->domain);
	634
	635	/*
	636	* TODO: We would really like to do this after removing the domain, to prevent races
	637	* but we can't because otherwise sss_cache doesn't clear that domain :S
	638	*/
	639
	640	realm_command_run_known_async ("sssd-caches-flush", NULL, deconf->invocation,
	641	NULL, on_sssd_clear_cache, deconf);
	642	}

-0

service/realm-sssd.h less more

50	50
51	51	const gchar * realm_sssd_get_config_domain (RealmSssd *self);
52	52
	53	gchar * realm_sssd_build_default_home (const gchar *value);
	54
	55	void realm_sssd_deconfigure_domain_tail (RealmSssd *self,
	56	GSimpleAsyncResult *async,
	57	GDBusMethodInvocation *invocation);
	58
53	59	G_END_DECLS
54	60
55	61	#endif /* __REALM_SSSD_H__ */

+48

-0

service/realmd-debian.conf less more

	0	# Distro specific overrides for debian
	1	[paths]
	2	smb.conf = /etc/samba/smb.conf
	3
	4	#
	5	# Normally in these packages sections we can specify a file
	6	# to quickly check if the package is installed. However
	7	# different archictectures put the pam and nss plugins in
	8	# different directories, so no really great way to check them.
	9	#
	10	# On the other hand package-kit + apt doesn't suck as much
	11	# as package-kit + yum, so lets just leave these blank and
	12	# check that they are installed through the package manager.
	13	#
	14	[samba-packages]
	15	samba-common-bin = /usr/bin/net
	16
	17	[winbind-packages]
	18	winbind = /usr/sbin/winbindd
	19	libpam-winbind =
	20
	21	[sssd-packages]
	22	sssd = /usr/sbin/sssd
	23	libnss-sss =
	24	libpam-sss =
	25
	26	[adcli-packages]
	27	adcli = /usr/sbin/adcli
	28
	29	[commands]
	30
	31	# Various pam and nss plugins are automatically configured when
	32	# installed on debian. So just stub them out.
	33
	34	winbind-enable-logins =
	35	winbind-disable-logins =
	36	sssd-enable-logins =
	37	sssd-disable-logins =
	38
	39	winbind-enable-service = /usr/sbin/update-rc.d winbind enable
	40	winbind-disable-service = /usr/sbin/update-rc.d winbind disable
	41	winbind-restart-service = /usr/sbin/service winbind restart
	42	winbind-stop-service = /usr/sbin/service winbind stop
	43
	44	sssd-enable-service = /usr/sbin/update-rc.d sssd enable
	45	sssd-disable-service = /usr/sbin/update-rc.d sssd disable
	46	sssd-restart-service = /usr/sbin/service sssd restart
	47	sssd-stop-service = /usr/sbin/service sssd restart

-6

service/realmd-defaults.conf less more

9	9	[active-directory]
10	10	default-client = sssd
11	11
12		[services]
13		winbind = winbind
14		sssd = sssd
15
16	12	[samba-packages]
17	13
18	14	[winbind-packages]

23	19
24	20	[commands]
25	21
26		[user]
27		shell = /bin/bash
	22	[users]
	23	default-shell = /bin/bash
	24	default-home = /home/%D/%U

+16

-3

service/realmd-redhat.conf less more

10	10
11	11	[sssd-packages]
12	12	sssd = /usr/sbin/sssd
	13	sssd-tools = /usr/sbin/sss_cache
13	14
14	15	[adcli-packages]
15	16	adcli = /usr/sbin/adcli
16	17
17	18	[commands]
18		winbind-enable-logins = /usr/sbin/authconfig --update --enablewinbind --enablewinbindauth
	19	winbind-enable-logins = /usr/sbin/authconfig --update --enablewinbind --enablewinbindauth --enablemkhomedir
19	20	winbind-disable-logins = /usr/sbin/authconfig --update --disablewinbind --disablewinbindauth
20		sssd-enable-logins = /usr/sbin/authconfig --update --enablesssd --enablesssdauth
21		sssd-disable-logins = /usr/sbin/authconfig --update --disablesssd --disablesssdauth
	21	winbind-enable-service = /usr/bin/systemctl enable winbind.service
	22	winbind-disable-service = /usr/bin/systemctl disable winbind.service
	23	winbind-restart-service = /usr/bin/systemctl restart winbind.service
	24	winbind-stop-service = /usr/bin/systemctl stop winbind.service
	25
	26	sssd-enable-logins = /usr/sbin/authconfig --update --enablesssd --enablesssdauth --enablemkhomedir
	27	sssd-disable-logins = /usr/sbin/authconfig --update --disablesssdauth
	28	sssd-enable-service = /usr/bin/systemctl enable sssd.service
	29	sssd-disable-service = /usr/bin/systemctl disable sssd.service
	30	sssd-restart-service = /usr/bin/systemctl restart sssd.service
	31	sssd-stop-service = /usr/bin/systemctl stop sssd.service
	32
	33	name-caches-flush = /usr/bin/systemctl try-restart accounts-daemon.service
	34	sssd-caches-flush = /usr/sbin/sss_cache --users --groups --netgroups --services --autofs-maps

-0

tests/Makefile.in less more

258	258	USE_NLS = @USE_NLS@
259	259	VERSION = @VERSION@
260	260	XGETTEXT = @XGETTEXT@
	261	XSLTPROC = @XSLTPROC@
261	262	abs_builddir = @abs_builddir@
262	263	abs_srcdir = @abs_srcdir@
263	264	abs_top_builddir = @abs_top_builddir@

-1

tests/files/realmd-defaults.conf less more

0		# Empty so far⏎
	0
	1	# Required for sssd config tests
	2	[users]
	3	default-shell = /bin/bash
	4	default-home = /home/%D/%U

+17

-0

tests/test-ini-config.c less more

328	328	}
329	329
330	330	static void
	331	test_set_and_get (Test *test,
	332	gconstpointer unused)
	333	{
	334	const gchar *data = "[section]\n1=one\n2=two\n\n[another]\n4=four";
	335	gchar *output;
	336
	337	realm_ini_config_read_string (test->config, data);
	338
	339	realm_ini_config_set (test->config, "section", "3", "three");
	340
	341	output = realm_ini_config_get (test->config, "section", "3");
	342	g_assert_cmpstr (output, ==, "three");
	343	g_free (output);
	344	}
	345
	346	static void
331	347	test_set_section (Test *test,
332	348	gconstpointer unused)
333	349	{

623	639
624	640	g_test_add ("/realmd/ini-config/set", Test, NULL, setup, test_set, teardown);
625	641	g_test_add ("/realmd/ini-config/set-middle", Test, NULL, setup, test_set_middle, teardown);
	642	g_test_add ("/realmd/ini-config/set-and-get", Test, NULL, setup, test_set_and_get, teardown);
626	643	g_test_add ("/realmd/ini-config/set-section", Test, NULL, setup, test_set_section, teardown);
627	644	g_test_add ("/realmd/ini-config/set-all", Test, NULL, setup, test_set_all, teardown);
628	645

+34

-2

tests/test-sssd-config.c less more

89	89	gconstpointer unused)
90	90	{
91	91	const gchar *data = "[domain/one]\nval=1\n[sssd]\ndomains=one";
92		const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\n\n[domain/two]\ndos = 2\n";
	92	const gchar *check = "[domain/one]\nval=1\n[sssd]\ndomains = one, two\n\n[nss]\ndefault_shell = /bin/bash\n\n[domain/two]\ndos = 2\n";
93	93	GError *error = NULL;
94	94	gchar *output;
95	95	gboolean ret;

139	139	test_add_domain_only (Test *test,
140	140	gconstpointer unused)
141	141	{
142		const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[domain/two]\ndos = 2\n";
	142	const gchar *check = "\n[sssd]\ndomains = two\nconfig_file_version = 2\nservices = nss, pam\n\n[nss]\ndefault_shell = /bin/bash\n\n[domain/two]\ndos = 2\n";
143	143	GError *error = NULL;
144	144	gchar *output;
145	145	gboolean ret;

247	247	g_free (output);
248	248	}
249	249
	250	static void
	251	test_remove_and_add_domain (Test *test,
	252	gconstpointer unused)
	253	{
	254	const gchar *data = "[domain/one]\nval = 1\n\n[nss]\ndefault_shell = /bin/bash\n\n[sssd]\ndomains = one, two\n\n[domain/two]\nval = 2\n";
	255	GError *error = NULL;
	256	gchar *output;
	257	gboolean ret;
	258
	259	realm_ini_config_read_string (test->config, data);
	260	ret = realm_ini_config_write_file (test->config, "/tmp/test-sssd.conf", &error);
	261	g_assert_no_error (error);
	262	g_assert (ret == TRUE);
	263
	264	ret = realm_sssd_config_remove_domain (test->config, "two", &error);
	265	g_assert_no_error (error);
	266	g_assert (ret == TRUE);
	267
	268	ret = realm_sssd_config_add_domain (test->config, "two", &error,
	269	"val", "2",
	270	NULL);
	271	g_assert_no_error (error);
	272	g_assert (ret == TRUE);
	273
	274	ret = g_file_get_contents ("/tmp/test-sssd.conf", &output, NULL, &error);
	275	g_assert_no_error (error);
	276	g_assert (ret == TRUE);
	277
	278	g_assert_cmpstr (output, ==, data);
	279	g_free (output);
	280	}
250	281
251	282	int
252	283	main (int argc,

267	298	g_test_add ("/realmd/sssd-config/remove-domain", Test, NULL, setup, test_remove_domain, teardown);
268	299	g_test_add ("/realmd/sssd-config/remove-domain-not-exist", Test, NULL, setup, test_remove_domain_not_exist, teardown);
269	300	g_test_add ("/realmd/sssd-config/remove-domain-only", Test, NULL, setup, test_remove_domain_only, teardown);
	301	g_test_add ("/realmd/sssd-config/remove-and-add-domain", Test, NULL, setup, test_remove_and_add_domain, teardown);
270	302
271	303	return g_test_run ();
272	304	}

-1

tools/Makefile.am less more

0	0	include $(top_srcdir)/Makefile.decl
1	1
2		bin_PROGRAMS = \
	2	sbin_PROGRAMS = \
3	3	realm
4	4
5	5	realm_SOURCES = \

+30

-29

tools/Makefile.in less more

49	49	POST_UNINSTALL = :
50	50	DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in \
51	51	$(top_srcdir)/Makefile.decl $(top_srcdir)/depcomp
52		bin_PROGRAMS = realm$(EXEEXT)
	52	sbin_PROGRAMS = realm$(EXEEXT)
53	53	subdir = tools
54	54	ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
55	55	am__aclocal_m4_deps = $(top_srcdir)/build/m4/gtk-doc.m4 \

60	60	CONFIG_HEADER = $(top_builddir)/config.h
61	61	CONFIG_CLEAN_FILES =
62	62	CONFIG_CLEAN_VPATH_FILES =
63		am__installdirs = "$(DESTDIR)$(bindir)"
64		PROGRAMS = $(bin_PROGRAMS)
	63	am__installdirs = "$(DESTDIR)$(sbindir)"
	64	PROGRAMS = $(sbin_PROGRAMS)
65	65	am__objects_1 =
66	66	am_realm_OBJECTS = realm.$(OBJEXT) realm-client.$(OBJEXT) \
67	67	realm-discover.$(OBJEXT) realm-join.$(OBJEXT) \

213	213	USE_NLS = @USE_NLS@
214	214	VERSION = @VERSION@
215	215	XGETTEXT = @XGETTEXT@
	216	XSLTPROC = @XSLTPROC@
216	217	abs_builddir = @abs_builddir@
217	218	abs_srcdir = @abs_srcdir@
218	219	abs_top_builddir = @abs_top_builddir@

340	341	$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
341	342	cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
342	343	$(am__aclocal_m4_deps):
343		install-binPROGRAMS: $(bin_PROGRAMS)
	344	install-sbinPROGRAMS: $(sbin_PROGRAMS)
344	345	@$(NORMAL_INSTALL)
345		@list='$(bin_PROGRAMS)'; test -n "$(bindir)" \|\| list=; \
	346	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" \|\| list=; \
346	347	if test -n "$$list"; then \
347		echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
348		$(MKDIR_P) "$(DESTDIR)$(bindir)" \|\| exit 1; \
	348	echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
	349	$(MKDIR_P) "$(DESTDIR)$(sbindir)" \|\| exit 1; \
349	350	fi; \
350	351	for p in $$list; do echo "$$p $$p"; done \| \
351	352	sed 's/$(EXEEXT)$$//' \| \

363	364	while read type dir files; do \
364	365	if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
365	366	test -z "$$files" \|\| { \
366		echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \
367		$(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" \|\| exit $$?; \
	367	echo " $(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
	368	$(INSTALL_PROGRAM_ENV) $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(sbindir)$$dir" \|\| exit $$?; \
368	369	} \
369	370	; done
370	371
371		uninstall-binPROGRAMS:
	372	uninstall-sbinPROGRAMS:
372	373	@$(NORMAL_UNINSTALL)
373		@list='$(bin_PROGRAMS)'; test -n "$(bindir)" \|\| list=; \
	374	@list='$(sbin_PROGRAMS)'; test -n "$(sbindir)" \|\| list=; \
374	375	files=`for p in $$list; do echo "$$p"; done \| \
375	376	sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
376	377	-e 's/$$/$(EXEEXT)/' `; \
377	378	test -n "$$list" \|\| exit 0; \
378		echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
379		cd "$(DESTDIR)$(bindir)" && rm -f $$files
380
381		clean-binPROGRAMS:
382		-test -z "$(bin_PROGRAMS)" \|\| rm -f $(bin_PROGRAMS)
	379	echo " ( cd '$(DESTDIR)$(sbindir)' && rm -f" $$files ")"; \
	380	cd "$(DESTDIR)$(sbindir)" && rm -f $$files
	381
	382	clean-sbinPROGRAMS:
	383	-test -z "$(sbin_PROGRAMS)" \|\| rm -f $(sbin_PROGRAMS)
383	384	realm$(EXEEXT): $(realm_OBJECTS) $(realm_DEPENDENCIES) $(EXTRA_realm_DEPENDENCIES)
384	385	@rm -f realm$(EXEEXT)
385	386	$(AM_V_CCLD)$(LINK) $(realm_OBJECTS) $(realm_LDADD) $(LIBS)

511	512	check: check-am
512	513	all-am: Makefile $(PROGRAMS)
513	514	installdirs:
514		for dir in "$(DESTDIR)$(bindir)"; do \
	515	for dir in "$(DESTDIR)$(sbindir)"; do \
515	516	test -z "$$dir" \|\| $(MKDIR_P) "$$dir"; \
516	517	done
517	518	install: install-am

546	547	@echo "it deletes files that may require special tools to rebuild."
547	548	clean: clean-am
548	549
549		clean-am: clean-binPROGRAMS clean-generic mostlyclean-am
	550	clean-am: clean-generic clean-sbinPROGRAMS mostlyclean-am
550	551
551	552	distclean: distclean-am
552	553	-rm -rf ./$(DEPDIR)

572	573
573	574	install-dvi-am:
574	575
575		install-exec-am: install-binPROGRAMS
	576	install-exec-am: install-sbinPROGRAMS
576	577
577	578	install-html: install-html-am
578	579

611	612
612	613	ps-am:
613	614
614		uninstall-am: uninstall-binPROGRAMS
	615	uninstall-am: uninstall-sbinPROGRAMS
615	616
616	617	.MAKE: install-am install-strip
617	618
618		.PHONY: CTAGS GTAGS all all-am check check-am clean clean-binPROGRAMS \
619		clean-generic cscopelist ctags distclean distclean-compile \
620		distclean-generic distclean-tags distdir dvi dvi-am html \
621		html-am info info-am install install-am install-binPROGRAMS \
	619	.PHONY: CTAGS GTAGS all all-am check check-am clean clean-generic \
	620	clean-sbinPROGRAMS cscopelist ctags distclean \
	621	distclean-compile distclean-generic distclean-tags distdir dvi \
	622	dvi-am html html-am info info-am install install-am \
622	623	install-data install-data-am install-dvi install-dvi-am \
623	624	install-exec install-exec-am install-html install-html-am \
624	625	install-info install-info-am install-man install-pdf \
625		install-pdf-am install-ps install-ps-am install-strip \
626		installcheck installcheck-am installdirs maintainer-clean \
627		maintainer-clean-generic mostlyclean mostlyclean-compile \
628		mostlyclean-generic pdf pdf-am ps ps-am tags uninstall \
629		uninstall-am uninstall-binPROGRAMS
	626	install-pdf-am install-ps install-ps-am install-sbinPROGRAMS \
	627	install-strip installcheck installcheck-am installdirs \
	628	maintainer-clean maintainer-clean-generic mostlyclean \
	629	mostlyclean-compile mostlyclean-generic pdf pdf-am ps ps-am \
	630	tags uninstall uninstall-am uninstall-sbinPROGRAMS
630	631
631	632
632	633	perform-memcheck: $(TEST_PROGS) $(TEST_SUPPRESSIONS)

-1

tools/realm-client.c less more

124	124	GDBusConnection *connection;
125	125	RealmDbusProvider *provider;
126	126	GError *error = NULL;
127		RealmClient *client;
	127	RealmClient *client = NULL;
128	128	GInitable *ret;
129	129
130	130	connection = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error);

+35

-12

tools/realm-discover.c less more

100	100	static int
101	101	perform_discover (RealmClient *client,
102	102	const gchar *string,
	103	gboolean all,
103	104	const gchar *server_software,
104	105	const gchar *client_software)
105	106	{
	107	GHashTable *seen;
106	108	gboolean found = FALSE;
107	109	GError *error = NULL;
	110	const gchar *name;
108	111	GList *realms;
109	112	GList *l;
110	113

116	119	return 1;
117	120	}
118	121
	122	seen = g_hash_table_new (g_str_hash, g_str_equal);
	123
119	124	for (l = realms; l != NULL; l = g_list_next (l)) {
120		print_realm_info (client, l->data);
121		found = TRUE;
122		}
123
	125	name = realm_dbus_realm_get_name (l->data);
	126	if (all \|\| !g_hash_table_lookup (seen, name)) {
	127	print_realm_info (client, l->data);
	128	g_hash_table_add (seen, (gchar *)name);
	129	found = TRUE;
	130	}
	131	}
	132
	133	g_hash_table_destroy (seen);
124	134	g_list_free_full (realms, g_object_unref);
125	135
126	136	if (!found) {

144	154	gchar *arg_client_software = NULL;
145	155	gchar *arg_server_software = NULL;
146	156	GError *error = NULL;
	157	gboolean arg_all = FALSE;
147	158	gint result = 0;
148	159	gint ret;
149	160	gint i;
150	161
151	162	GOptionEntry option_entries[] = {
	163	{ "all", 'a', 0, G_OPTION_ARG_NONE, &arg_all, N_("Show all discovered realms"), NULL },
152	164	{ "verbose", 'v', 0, G_OPTION_ARG_NONE, &arg_verbose, N_("Verbose output"), NULL },
153	165	{ "client-software", 0, 0, G_OPTION_ARG_STRING, &arg_client_software, N_("Use specific client software"), NULL },
154	166	{ "server-software", 0, 0, G_OPTION_ARG_STRING, &arg_server_software, N_("Use specific server software"), NULL },

173	185
174	186	/* The default realm? */
175	187	} else if (argc == 1) {
176		ret = perform_discover (client, NULL, arg_server_software,
177		arg_client_software);
	188	ret = perform_discover (client, NULL, arg_all,
	189	arg_server_software, arg_client_software);
178	190	g_object_unref (client);
179	191
180	192	/* Specific realms */
181	193	} else {
182	194	for (i = 1; i < argc; i++) {
183		ret = perform_discover (client, argv[i],
	195	ret = perform_discover (client, argv[i], arg_all,
184	196	arg_server_software, arg_client_software);
185	197	if (ret != 0)
186	198	result = ret;

196	208
197	209	static int
198	210	perform_list (RealmClient *client,
	211	gboolean all,
199	212	gboolean verbose)
200	213	{
201	214	RealmDbusProvider *provider;
202	215	const gchar const realms;
203	216	gboolean printed = FALSE;
	217	const gchar *configured;
204	218	RealmDbusRealm *realm;
205	219	gint i;
206	220

209	223
210	224	for (i = 0; realms && realms[i] != NULL; i++) {
211	225	realm = realm_client_get_realm (client, realms[i]);
212		print_realm_info (client, realm);
213		printed = TRUE;
	226	configured = realm_dbus_realm_get_configured (realm);
	227	if (all \|\| (configured && !g_str_equal (configured, ""))) {
	228	print_realm_info (client, realm);
	229	printed = TRUE;
	230	}
214	231	g_object_unref (realm);
215	232	}
216	233
217		if (verbose && !printed)
218		g_printerr ("No known realms\n");
	234	if (verbose && !printed) {
	235	if (all)
	236	g_printerr ("No known realms\n");
	237	else
	238	g_printerr ("No configured realms\n");
	239	}
219	240
220	241	return 0;
221	242	}

227	248	RealmClient *client;
228	249	GOptionContext *context;
229	250	gboolean arg_verbose = FALSE;
	251	gboolean arg_all = FALSE;
230	252	GError *error = NULL;
231	253	gint ret = 0;
232	254
233	255	GOptionEntry option_entries[] = {
	256	{ "all", 'a', 0, G_OPTION_ARG_NONE, &arg_all, N_("Show all realms"), NULL },
234	257	{ "verbose", 'v', 0, G_OPTION_ARG_NONE, &arg_verbose, N_("Verbose output"), NULL },
235	258	{ NULL, }
236	259	};

251	274	} else {
252	275	client = realm_client_new (arg_verbose);
253	276	if (client) {
254		ret = perform_list (client, arg_verbose);
	277	ret = perform_list (client, arg_all, arg_verbose);
255	278	g_object_unref (client);
256	279	} else {
257	280	ret = 1;

+122

-22

tools/realm-leave.c less more

66	66	return ret ? 0 : 1;
67	67	}
68	68
69		static RealmDbusKerberosMembership *
	69	static int
	70	call_deconfigure (RealmDbusRealm *realm,
	71	GVariant *options,
	72	GError **error)
	73	{
	74	SyncClosure sync;
	75	gboolean ret;
	76
	77	sync.result = NULL;
	78	sync.loop = g_main_loop_new (NULL, FALSE);
	79
	80	/* Start actual operation */
	81	realm_dbus_realm_call_deconfigure (realm, options,
	82	NULL, on_complete_get_result, &sync);
	83
	84	/* This mainloop is quit by on_complete_get_result */
	85	g_main_loop_run (sync.loop);
	86
	87	ret = realm_dbus_realm_call_deconfigure_finish (realm, sync.result, error);
	88
	89	g_object_unref (sync.result);
	90	g_main_loop_unref (sync.loop);
	91
	92	return ret ? 0 : 1;
	93	}
	94
	95	static gboolean
	96	match_kerberos_realm_to_detail (RealmDbusRealm *realm,
	97	const gchar *field,
	98	const gchar *value)
	99	{
	100	GVariantIter iter;
	101	const gchar *vfield;
	102	const gchar *vvalue;
	103	gboolean matching = FALSE;
	104
	105	/* If not set then anything matches */
	106	if (value == NULL)
	107	return TRUE;
	108
	109	g_variant_iter_init (&iter, realm_dbus_realm_get_details (realm));
	110	while (g_variant_iter_loop (&iter, "(&s&s)", &vfield, &vvalue)) {
	111	if (g_str_equal (field, vfield) && g_str_equal (value, vvalue)) {
	112	matching = TRUE;
	113	break;
	114	}
	115	}
	116
	117	return matching;
	118	}
	119
	120	static RealmDbusRealm *
70	121	locate_configured_matching_kerberos_realm (RealmClient *client,
71		const gchar *realm_name)
72		{
73		RealmDbusKerberosMembership *membership = NULL;
	122	const gchar *realm_name,
	123	const gchar *client_software,
	124	const gchar *server_software,
	125	RealmDbusKerberosMembership **membership)
	126	{
74	127	RealmDbusProvider *provider;
75	128	const gchar const paths;
76	129	RealmDbusRealm *realm;

79	132	gboolean matched;
80	133	gint i;
81	134
	135	*membership = NULL;
82	136	provider = realm_client_get_provider (client);
83	137	paths = realm_dbus_provider_get_realms (provider);
84	138

86	140	matched = FALSE;
87	141
88	142	realm = realm_client_get_realm (client, paths[i]);
89		membership = realm_client_to_kerberos_membership (client, realm);
	143	*membership = realm_client_to_kerberos_membership (client, realm);
90	144	configured = realm_dbus_realm_get_configured (realm);
91	145
92		if (membership != NULL && configured != NULL && !g_str_equal (configured, "")) {
	146	if (*membership != NULL && configured != NULL && !g_str_equal (configured, "")) {
93	147	if (realm_name == NULL) {
94	148	matched = TRUE;
95	149	} else {

98	152	}
99	153	}
100	154
	155	if (matched)
	156	matched = match_kerberos_realm_to_detail (realm, "client-software", client_software);
	157	if (matched)
	158	matched = match_kerberos_realm_to_detail (realm, "server-software", server_software);
	159
	160	if (matched)
	161	return realm;
	162
	163	g_clear_object (membership);
101	164	g_object_unref (realm);
102
103		if (matched)
104		break;
105
106		g_clear_object (&membership);
107		}
108
109		return membership;
	165	}
	166
	167	return NULL;
	168	}
	169
	170	static int
	171	perform_deconfigure (RealmClient *client,
	172	RealmDbusRealm *realm)
	173	{
	174	GError *error = NULL;
	175	GVariant *options;
	176	gint ret;
	177
	178	options = realm_build_options(NULL, NULL);
	179	ret = call_deconfigure (realm, options, &error);
	180
	181	if (error != NULL)
	182	realm_handle_error (error, _("Couldn't leave realm"));
	183
	184	return ret;
110	185	}
111	186
112	187	static int

139	214	static int
140	215	perform_leave (RealmClient *client,
141	216	const gchar *realm_name,
142		const gchar *user_name)
	217	gboolean remove,
	218	const gchar *user_name,
	219	const gchar *client_software,
	220	const gchar *server_software)
143	221	{
144	222	RealmDbusKerberosMembership *membership;
	223	RealmDbusRealm *realm;
145	224	gint ret;
146	225
147		membership = locate_configured_matching_kerberos_realm (client, realm_name);
148		if (membership == NULL) {
149		if (realm_name == NULL)
	226	realm = locate_configured_matching_kerberos_realm (client, realm_name, client_software,
	227	server_software, &membership);
	228	if (realm == NULL) {
	229	if (!realm_name && !client_software && !server_software)
150	230	realm_handle_error (NULL, "Couldn't find a configured realm");
151	231	else
152		realm_handle_error (NULL, "Couldn't find the configured realm: %s", realm_name);
	232	realm_handle_error (NULL, "Couldn't find a matching realm");
153	233	return 1;
154	234	}
155	235
156		ret = perform_user_leave (client, membership, user_name);
	236	/* Specifying a user name implies remov */
	237	if (user_name && !remove)
	238	remove = TRUE;
	239
	240	if (!remove)
	241	ret = perform_deconfigure (client, realm);
	242	else
	243	ret = perform_user_leave (client, membership, user_name);
	244
157	245	g_object_unref (membership);
	246	g_object_unref (realm);
158	247
159	248	return ret;
160	249	}

167	256	GOptionContext *context;
168	257	gchar *arg_user = NULL;
169	258	gboolean arg_verbose = FALSE;
	259	gboolean arg_remove = FALSE;
	260	gchar *arg_client_software = NULL;
	261	gchar *arg_server_software = NULL;
170	262	GError *error = NULL;
171	263	const gchar *realm_name;
172	264	gint ret = 0;
173	265
174	266	GOptionEntry option_entries[] = {
175		{ "user", 'U', 0, G_OPTION_ARG_STRING, &arg_user, N_("User name to use for enrollment"), NULL },
	267	{ "client-software", 0, 0, G_OPTION_ARG_STRING, &arg_client_software,
	268	N_("Use specific client software"), NULL },
	269	{ "remove", 'r', 0, G_OPTION_ARG_NONE, &arg_remove, N_("Remove computer from realm"), NULL, },
	270	{ "server-software", 0, 0, G_OPTION_ARG_STRING, &arg_server_software,
	271	N_("Use specific server software"), NULL },
	272	{ "user", 'U', 0, G_OPTION_ARG_STRING, &arg_user, N_("User name to use for removal"), NULL },
176	273	{ "verbose", 'v', 0, G_OPTION_ARG_NONE, &arg_verbose, N_("Verbose output"), NULL },
177	274	{ NULL, }
178	275	};

190	287	client = realm_client_new (arg_verbose);
191	288	if (client) {
192	289	realm_name = argc < 2 ? NULL : argv[1];
193		ret = perform_leave (client, realm_name, arg_user);
	290	ret = perform_leave (client, realm_name, arg_remove, arg_user,
	291	arg_client_software, arg_server_software);
194	292	g_object_unref (client);
195	293	} else {
196	294	ret = 1;

198	296	}
199	297
200	298	g_free (arg_user);
	299	g_free (arg_client_software);
	300	g_free (arg_server_software);
201	301	g_option_context_free (context);
202	302	return ret;
203	303	}

+29

-7

tools/realm-logins.c less more

43	43	{
44	44	RealmDbusProvider *provider;
45	45	const gchar const paths;
46		RealmDbusRealm *realm;
	46	RealmDbusRealm *realm = NULL;
	47	const gchar *configured;
47	48	gboolean matched;
48	49	gint i;
49	50

54	55	matched = FALSE;
55	56
56	57	realm = realm_client_get_realm (client, paths[i]);
57		if (realm != NULL && realm_dbus_realm_get_configured (realm)) {
	58	if (realm != NULL) {
	59	configured = realm_dbus_realm_get_configured (realm);
58	60	matched = (realm_name == NULL \|\|
59		g_strcmp0 (realm_dbus_realm_get_name (realm), realm_name) == 0);
	61	g_strcmp0 (realm_dbus_realm_get_name (realm), realm_name) == 0) &&
	62	(configured && !g_str_equal (configured, ""));
60	63	}
61	64
62	65	if (matched)

64	67
65	68	g_object_unref (realm);
66	69	realm = NULL;
	70	}
	71
	72	if (realm == NULL) {
	73	if (!realm_name)
	74	realm_handle_error (NULL, "Couldn't find a configured realm");
	75	else
	76	realm_handle_error (NULL, "Couldn't find a matching realm");
	77	return NULL;
67	78	}
68	79
69	80	return realm;

128	139	gboolean permit)
129	140	{
130	141	RealmDbusRealm *realm;
	142	SyncClosure sync;
131	143	const gchar *policy;
132	144	const gchar *logins[] = { NULL };
133	145	GError *error = NULL;

137	149	if (realm == NULL)
138	150	return 1;
139	151
	152	sync.result = NULL;
	153	sync.loop = g_main_loop_new (NULL, FALSE);
	154
140	155	options = realm_build_options (NULL, NULL);
141	156	g_variant_ref_sink (options);
142	157
143	158	policy = permit ? REALM_DBUS_LOGIN_POLICY_ANY : REALM_DBUS_LOGIN_POLICY_DENY;
144		realm_dbus_realm_call_change_login_policy_sync (realm, policy,
145		(const gchar * const *)logins,
146		(const gchar * const *)logins,
147		options, NULL, &error);
	159	realm_dbus_realm_call_change_login_policy (realm, policy,
	160	(const gchar * const *)logins,
	161	(const gchar * const *)logins,
	162	options, NULL, on_complete_get_result, &sync);
	163
	164	/* This mainloop is quit by on_complete_get_result */
	165	g_main_loop_run (sync.loop);
	166
	167	realm_dbus_realm_call_change_login_policy_finish (realm, sync.result, &error);
148	168
149	169	g_variant_unref (options);
	170	g_object_unref (sync.result);
	171	g_main_loop_unref (sync.loop);
150	172	g_object_unref (realm);
151	173
152	174	if (error != NULL) {