rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
23b784cf95
sssd/sssd.spec

317 lines
9.9 KiB
RPMSpec
Raw Normal View History

Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib(1))")}
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")}
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
Name: sssd
== Highlights == One serious security issue was resolved related to the kerberos provider. Users who authenticate against Kerberos and have cached credentials could log in with a zero-length password The network exposure of this bug was limited, as users logged in this way would not have valid network credentials (by lucky accident). This issue was present only in the 0.99.x preview releases and not in any of the stable releases (0.7.1 and earlier) Stability fixes since the 0.99.1 preview release Added or updated several translations Fixed long-standing "I have no name!" issue with X-based terminals SSSD now passes "make distcheck" cleanly SSSD PAM now conforms better to standards regarding PAM_PRELIM_CHECK == Detailed Changelog == Göran Uddeborg (2): Update SV translation Update SV translation Marina Latini (1): Update IT translation Martin Nagy (2): Don't consider one address with different port numbers as the same Change the first server pick logic Sergei V. Kovylov (1): sssd.spec for SLES Simo Sorce (2): Fix upgrade bug #323 Fix ldap child memory hierarchy and other issues Stephen Gallagher (14): Properly close STDERR when daemonizing Fix tight loop in monitor Don't set explicit default for "timeout" in domains Fix warning in server.c Raise DEBUG level of sdap_get_generic_done() Change default for enumeration to TRUE Fix tight-loop in monitor part 2 Properly handle EINTR from poll() Updating ES translation Add DEBUG messages to getpwnam_callback and getpwuid_callback Clarify access_provider manpage entry Do not blindly accept zero-length passwords Fix broken password changes for local users Release SSSD 1.0 Sumit Bose (9): Use sys.exit instead of exit Check for minimal version of check Build python modules in builddir Use --with-ldb-lib-dir while running make distcheck Cleanup db files after test run disable password migration code Handle chauthtok with PAM_PRELIM_CHECK separately Do not overwrite valid TGTs when offline Fix for #345
2009-12-19 00:03:20 +00:00
Version: 1.0.0
Fix https://bugzilla.redhat.com/show_bug.cgi?id=549482
2009-12-21 20:56:43 +00:00
Release: 2%{?dist}
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
Group: Applications/System
Summary: System Security Services Daemon
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
License: GPLv3+ and LGPLv3+
- Version 0.2.0
2009-03-10 20:43:08 +00:00
URL: http://fedorahosted.org/sssd
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Fix https://bugzilla.redhat.com/show_bug.cgi?id=549482
2009-12-21 20:56:43 +00:00
Patch1: cfg_dbg_timestamps.patch
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
### Patches ###
### Dependencies ###
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
Requires: libldb >= 0.9.3
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
Requires: libtdb >= 1.1.3
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
Requires: sssd-client = %{version}-%{release}
Requires: cyrus-sasl-gssapi
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
Requires(post): python
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
Requires(preun): initscripts chkconfig
Requires(postun): /sbin/service
%define servicename sssd
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
%define sssdstatedir %{_localstatedir}/lib/sss
%define dbpath %{sssdstatedir}/db
%define pipepath %{sssdstatedir}/pipes
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
%define pubconfpath %{sssdstatedir}/pubconf
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
### Build Dependencies ###
BuildRequires: autoconf
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
BuildRequires: automake
BuildRequires: libtool
BuildRequires: m4
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%{?fedora:BuildRequires: popt-devel}
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
%if 0%{?rhel} <= 5
BuildRequires: popt
%endif
%if 0%{?rhel} >= 6
BuildRequires: popt-devel
%endif
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtdb-devel
BuildRequires: libldb-devel
BuildRequires: dbus-devel
BuildRequires: dbus-libs
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: nss-devel
BuildRequires: nspr-devel
Some more build requires
2009-04-13 17:11:39 +00:00
BuildRequires: pcre-devel
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
BuildRequires: libxslt
BuildRequires: libxml2
BuildRequires: docbook-style-xsl
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
BuildRequires: krb5-devel
BuildRequires: c-ares-devel
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
BuildRequires: python-devel
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%package client
Summary: SSSD Client libraries for NSS and PAM
Group: Applications/System
%description client
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
service.
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%prep
%setup -q
Fix https://bugzilla.redhat.com/show_bug.cgi?id=549482
2009-12-21 20:56:43 +00:00
%patch1 -p1 -b .cfg_dbg_timestamps
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%build
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
NSS_LIBS=-lnss3 \
KRB5_LIBS=-lkrb5 \
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
%configure \
--without-tests \
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
--with-db-path=%{dbpath} \
--with-pipe-path=%{pipepath} \
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
--with-pubconf-path=%{pubconfpath} \
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib}
- Version 0.3.0 - Provides file based configuration and lots of improvements
2009-04-13 15:49:54 +00:00
make %{?_smp_mflags}
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
# Prepare language files
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_daemon
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
# Copy default sssd.conf file
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
New upstream release Fix segfaults and upgrade issues. Provide newer default configuration.
2009-10-27 20:00:57 +00:00
install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf
install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
# Remove .la files created by libtool
rm -f \
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
then
# Apppend this file to the sss_daemon.lang
# Older versions of rpmbuild can only handle one -f option
echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sss_daemon.lang
fi
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
do
echo %{python_sitelib}/`basename $file` >> sss_daemon.lang
done
- Version 0.3.0 - Provides file based configuration and lots of improvements
2009-04-13 15:49:54 +00:00
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%clean
rm -rf $RPM_BUILD_ROOT
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%files -f sss_daemon.lang
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%defattr(-,root,root,-)
%doc COPYING
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
%{_initrddir}/%{name}
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%{_sbindir}/sssd
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
- Version 0.2.0
2009-03-10 20:43:08 +00:00
%{_sbindir}/sss_usermod
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%{_sbindir}/sss_groupadd
%{_sbindir}/sss_groupdel
- Version 0.2.0
2009-03-10 20:43:08 +00:00
%{_sbindir}/sss_groupmod
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%{_libexecdir}/%{servicename}/
%{_libdir}/%{name}/
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
%{_libdir}/ldb/memberof.so
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
%dir %{sssdstatedir}
%attr(700,root,root) %dir %{dbpath}
%attr(755,root,root) %dir %{pipepath}
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
%attr(755,root,root) %dir %{pubconfpath}
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
%attr(700,root,root) %dir %{pipepath}/private
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd
- Version 0.3.0 - Provides file based configuration and lots of improvements
2009-04-13 15:49:54 +00:00
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%config %{_sysconfdir}/sssd/sssd.api.conf
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
%config %{_sysconfdir}/sssd/sssd.api.d/
%{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-ipa.5*
%{_mandir}/man5/sssd-krb5.5*
%{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man8/sssd.8*
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%{python_sitearch}/pysss.so
%{python_sitelib}/*.py*
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%files client -f sss_client.lang
%defattr(-,root,root,-)
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%{_mandir}/man8/pam_sss.8*
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%post
/sbin/ldconfig
/sbin/chkconfig --add %{servicename}
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
if [ $1 -ge 2 ] ; then
# a one-time upgrade from confdb v1 to v2, only if upgrading
python %{_libexecdir}/%{servicename}/upgrade_config.py
fi
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%preun
if [ $1 = 0 ]; then
/sbin/service %{servicename} stop 2>&1 > /dev/null
/sbin/chkconfig --del %{servicename}
fi
%postun
/sbin/ldconfig
if [ $1 -ge 1 ] ; then
/sbin/service %{servicename} condrestart 2>&1 > /dev/null
fi
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
%post client -p /sbin/ldconfig
%postun client -p /sbin/ldconfig
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
%changelog
Fix https://bugzilla.redhat.com/show_bug.cgi?id=549482
2009-12-21 20:56:43 +00:00
* Mon Dec 21 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-2
- Patch SSSDConfig API to address
- https://bugzilla.redhat.com/show_bug.cgi?id=549482
== Highlights == One serious security issue was resolved related to the kerberos provider. Users who authenticate against Kerberos and have cached credentials could log in with a zero-length password The network exposure of this bug was limited, as users logged in this way would not have valid network credentials (by lucky accident). This issue was present only in the 0.99.x preview releases and not in any of the stable releases (0.7.1 and earlier) Stability fixes since the 0.99.1 preview release Added or updated several translations Fixed long-standing "I have no name!" issue with X-based terminals SSSD now passes "make distcheck" cleanly SSSD PAM now conforms better to standards regarding PAM_PRELIM_CHECK == Detailed Changelog == Göran Uddeborg (2): Update SV translation Update SV translation Marina Latini (1): Update IT translation Martin Nagy (2): Don't consider one address with different port numbers as the same Change the first server pick logic Sergei V. Kovylov (1): sssd.spec for SLES Simo Sorce (2): Fix upgrade bug #323 Fix ldap child memory hierarchy and other issues Stephen Gallagher (14): Properly close STDERR when daemonizing Fix tight loop in monitor Don't set explicit default for "timeout" in domains Fix warning in server.c Raise DEBUG level of sdap_get_generic_done() Change default for enumeration to TRUE Fix tight-loop in monitor part 2 Properly handle EINTR from poll() Updating ES translation Add DEBUG messages to getpwnam_callback and getpwuid_callback Clarify access_provider manpage entry Do not blindly accept zero-length passwords Fix broken password changes for local users Release SSSD 1.0 Sumit Bose (9): Use sys.exit instead of exit Check for minimal version of check Build python modules in builddir Use --with-ldb-lib-dir while running make distcheck Cleanup db files after test run disable password migration code Handle chauthtok with PAM_PRELIM_CHECK separately Do not overwrite valid TGTs when offline Fix for #345
2009-12-19 00:03:20 +00:00
* Fri Dec 18 2009 Stephen Gallagher <sgallagh@redhat.com> - 1.0.0-1
- New upstream stable release 1.0.0
Bouska (1): Add French translation to sss_client David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
2009-12-14 19:49:49 +00:00
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
- New upstream bugfix release 0.99.1
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
- New upstream release 0.99.0
New upstream release Fix segfaults and upgrade issues. Provide newer default configuration.
2009-10-27 20:00:57 +00:00
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
- Fix segfault in sssd_pam when cache_credentials was enabled
- Update the sample configuration
- Fix upgrade issues caused by data provider service removal
Fix upgrade issues from old (pre-0.5.0) releases of SSSD Configuration files before 0.5.0 did not enforce provider= in local domains it did special-case by domain name (LOCAL). Our script was relying on provider= value, this patch adds the special-casing in case the domain was called LOCAL.
2009-10-26 13:43:50 +00:00
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
- New upstream release 0.7.0
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
- Fix missing file permissions for sssd-clients
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
- Add SSSDConfig API
- Update polish translation for 0.6.0
- Fix long timeout on ldap operation
- Make dp requests more robust
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
- Ensure that the configuration upgrade script always writes the config
file with 0600 permissions
- Eliminate an infinite loop in group enumerations
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
- New upstream release 0.6.0
- New upstream release 0.5.0
2009-08-24 21:13:27 +00:00
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
- New upstream release 0.5.0
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)
2009-07-29 11:27:19 +00:00
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
without a password. (Patch by Stephen Gallagher)
Dmitri Pal (10): COLLECTION Adding item comparison and sorting COLLECTION Realigning collection code COLLECTION Making iterations pinnable COLLECTION Enhancing hashing and iteration functions ELAPI Event resolver ELAPI Resolving message attribute ELAPI Fixing warnings in the example ELAPI Rename variables and functions not to use word template ELAPI Fixed the host name resolution ELAPI Compatibility code for getifaddr() Jakub Hrozek (3): Fix python sync operations and mem hierarchy Fix error messages in tools User home directories management Martin Nagy (7): Use correct talloc context in sss_names_init() Fix potential memory leaks in the data provider Use talloc_get_type() for type safety Use talloc to copy data from c-ares Add a new set of helpful common functions for tests Various improvements to the resolv test suite Delete sssd-i18n.h and put it's old contents into util.h Piotr Dr?g (1): Update polish translation for 0.6.0 Ralf Haferkamp (2): LDAP provider needs to link against krb libraries SUSE specific init script Simo Sorce (21): Tighten up permission. Initial implementation of sasl bind support Fix tools sync operations and mem hierarchy Fix long timeout on ldap operation Make dp requests more robust Differentiate between search and network timeouts Remove DP process Start responders predictably after providers Remove magicPrivateGroups option Fix services startup when only LOCAL is configured Make options parser available to all providers Move ldap provider configuration into its own file Fix offline authentication Return the dp error from the providers Move all ldap provider init functions Move all krb5 provider init functions Add first basic IPA provider Always list inputs before outputs Start implementing ipa specific options. Better offline/enumeration behavior Fix setting the schema in the ipa provider Stephen Gallagher (24): Update version to 0.6.0 Fix infinite loop with empty group enumeration Updating release script to use the VERSION file Change requirement on libldb to libldb >= 0.9.3 INI Add config_from_fd() to ini_config Remove unused btreemap code Add new SSSDConfig python API Add plugin configuration schema for proxy provider Package SSSDConfig API Clean up warnings in pysss.c Remove warnings caused by 5e2301b8a75d10e5cbbe11e26e5192b894af6ad7 Remove two unused functions. Fix segfault when using SSS tools with no local provider Do not allow setting auth, access or chpass providers for LOCAL Add krb5_common.h to the list of headers to 'make dist' Use Python 3-compatible sitearch and sitelib Better detect installed language files Clean up rpmlint errors and warnings in sssd-client package Set the Default-Stop LSB option for the SSSD sysv init script Fix RPM builds on older versions of rpmbuild Bring SSSDConfig API options up-to-date Add pam_ctx (similar to nss_ctx) for storing global PAM config Add support for offline auth cache timeout Update version to 0.7.0 Sumit Bose (28): update sysdb tests to new config file version add utility call check_and_open_readonly more documentation and test for sssd.conf handle expired password during authentication move password handling into subroutines ask for new password if password is expired remove redundant talloc_free add description of chpass_provider option to sssd.conf man page add support for server side LDAP password policies add syslog message similar to pam_unix use the correct kerberos context for each target fix a wrong argument to unpack_buffer add -Werror-implicit-function-declaration to default gcc flags add a replacement if ldap_control_create is missing use PYTHON_PREFIX to install SSSDConfig python API add missing %defattr to the filelist of the client package make sdap_id_connect_* independent of sdap_id_ctx send a message if a backend target is not configured use old password if available during password change set chpass_provider implicit if not set explicit more implicit provider target settings enable debugging of krb5_child Check for expired passwords in LDAP provider added generic LDAP search sdap_get_generic_send/_recv add store/search/delete interface for custom sysdb objects update krb5 option handling to new option scheme update ipa auth options to new option scheme fix a compiler warning about redefinition of DEBUG Detailed changes since 0.5.0 Dmitri Pal (8): ELAPI sinks and providers ELAPI Adding file provider and CSV format ELAPI Laying foundation for the async processing COLLECTION Copy collection flat with concatenated names COLLECTION Improvements to copy functions COLLECTION Functions to deal with hash ELAPI Better separation from collection internals. INI Error handling and interface cleanup Jakub Hrozek (17): Remove shadow-utils support from tools Small changes to the example config and manpage Add copyright notices Fix dispatcher structure initialization Add binaries and backup files to .gitignore Refactor tools code Decouple synchronous sysdb interface from tools Provide python bindings for sysdb Use syslog for logging error conditions in SSSD fix varargs call, update unit tests Ticket 161: Initialize structures with calloc instead of enumerating members Allow entering parent groups as FQDN Remove provider=files Manpages update script to upgrade config to v2 Send debug messages to logfile Convert the example config to v2 format, upgrade config on update only Jeff Schroeder (1): Add documentation for installing build dependencies Piotr Drąg (1): Add pl translation Ralf Haferkamp (2): Fix initgroups search filter when using rfc2307bis Avoid crash when timestamp is NULL Simo Sorce (30): Use the correct structure. Initial support for multiple schema types Always save using member/memberOf Fix group replies when using member/memberof Upgrade database to 0.2 Remove redunant function and always pass attrs. Make enumeration an independent task Speed-up enumerations. Correctly handle !DbusWatch behavior. Turn enumeration into a boolean value Honor enumerate option in ldap_id Fix proxy enumeration Fix two possible uninitialized values Split database in multiple files Tools are allowed to touch only the 'local' domain Fix Ldap id backend offline code Fix memory mishandling. Fix ldap enumeration async task Fix getgrnam and getgrgid calls Complete the removal of "legacy" option. Update documentation and examples Make the offline status backend-global Turn ldap driver options into multitype Fix copy&paste error. Better handle groups w/o members Fix copy&paste of wrong structure Don't try to use initgroups_dyn if not available Handle suspend cases Split out an sssd-clients package Let backend respond while fetching large results Stephen Gallagher (26): Move RPM specfiles into contrib/ Consolidate cache lookups in the NSS Add support for the !EntryCacheNoWaitRefreshTimeout Check for valid min and max IDs in confdb_get_domains Update manpage to reflect new syntax for enumerate Add strtoint32 and strtouint32 convenience functions Properly detect negative/invalid values for the minId and maxId Remove unused event context argument from confdb_init Read the configuration parsing before daemonization Fix first-time confdb generation Add 'make tests' target Add strtoint32 and strtouint32 tests Print error message when connection to the config db fails Exit if the sssd is launched as a user other than root Include m4 directories in tarball Allow rerunning autoreconf from the tarball Add PRERELEASE_VERSION variable for use in sssd.spec.in Add missing updates to LINGUAS for pl translation Add missing reference to sssd-ldap(5) in sssd.conf(5) manpage Include groupSearchBase in sssd-ldap(5) manpage Several fixes and enhancements for config file processing Make configure script compatible with older python versions Revert "Use syslog for logging error conditions in SSSD" Temporarily disable automatic config file reread Upgrade confdb to version 2 Update version to 0.6.0 Sumit Bose (31): removed unused header file do not show server messages to user fix internal order of ldap user mapping options add configure check for errno_t send SSSD_REALM and SSSD_KDCIP environment to the client check if gid attribute is empty stop processing a domain if no provider is given check if libpcre version is above or below 7 remove the concept of a backend name configure cleanups fix libdbus configure check initialize sockaddr_in structure add change password target to krb5 backend use fork+exec for kerberos helper Let the PAM client send its PID remove unused client locale from PAM protocol make cli_pid mandatory and increase version number of pam protocol add krb5ccache_dir and krb5ccname_template option fix the wrong usage of an offset added child timeout handler Check if SSL/TLS handler is already in place use getaddrinfo to resolve IP address of KDC add a man page for pam_sss toggle debug output of sssd_krb5_locator_plugin with an environment variable add new config options ldap_tls_cacert and ldap_tls_cacertdir fix possible short reads in kerberos provider remove krb5_try_simple_upn option and make it a default fallback add defines for large file support to standard CFLAGS more fixes for older libpcre versions Cleanups for library linking added support for older MIT kerberos versions
2009-10-23 20:03:33 +00:00
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Fix a couple of segfaults that may happen on reload
2009-06-22 14:47:06 +00:00
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
- Fix a couple of segfaults that may happen on reload
- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option
2009-06-11 15:07:18 +00:00
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
- add missing configure check that broke stopping the daemon
- also fix default config to add a missing required option
- latest upstream release. - also add a patch that fixes debugging output (potential segfault)
2009-06-08 17:40:52 +00:00
* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
- latest upstream release.
- also add a patch that fixes debugging output (potential segfault)
- release out of the official 0.3.2 tarball
2009-04-20 19:27:26 +00:00
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
- release out of the official 0.3.2 tarball
Update to 0.3.2
2009-04-20 18:29:07 +00:00
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
- bugfix release 0.3.2
- includes previous release patches
- change permissions of the /etc/sssd/sssd.conf to 0600
- Add last minute bug fixes, found in testing the package
2009-04-14 21:24:36 +00:00
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
- Add last minute bug fixes, found in testing the package
- Version 0.3.1 - includes previous release patches
2009-04-13 22:37:11 +00:00
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
- Version 0.3.1
- includes previous release patches
- Try to fix build adding automake as an explicit BuildRequire
2009-04-13 16:04:16 +00:00
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
- Try to fix build adding automake as an explicit BuildRequire
- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream
2009-04-13 17:48:03 +00:00
- Add also a couple of last minute patches from upstream
- Try to fix build adding automake as an explicit BuildRequire
2009-04-13 16:04:16 +00:00
- Version 0.3.0 - Provides file based configuration and lots of improvements
2009-04-13 15:49:54 +00:00
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
- Version 0.3.0
- Provides file based configuration and lots of improvements
- Version 0.2.1
2009-03-10 21:34:16 +00:00
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
- Version 0.2.1
- Version 0.2.0
2009-03-10 20:43:08 +00:00
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
- Version 0.2.0
Initial import of sssd into Fedora
2009-03-09 17:07:25 +00:00
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
- package git snapshot
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
- fixed items found during review
- added initscript
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
- added sss_client
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
- Small cleanup and fixes in the spec file
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
- Initial release (based on version 0.1.0 upstream code)
Reference in New Issue Copy Permalink