From 34dc95e4aa599196f899206ba978afd6cb486d00 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 8 Jun 2009 17:40:52 +0000 Subject: [PATCH] - latest upstream release. - also add a patch that fixes debugging output (potential segfault) --- .cvsignore | 2 +- ...ttribute-for-cached-passwords-change.patch | 34 ----- ...erent-attribute-for-cached-passwords.patch | 61 --------- ...ine-handling-for-native-LDAP-backend.patch | 123 ------------------ ...-handle-other-pam-calls-when-offline.patch | 33 ----- ...ok-which-is-already-in-the-pam-stack.patch | 74 ----------- sources | 2 +- sssd-0.4.1-debug_fn.patch | 58 +++++++++ sssd.spec | 88 +++++-------- 9 files changed, 96 insertions(+), 379 deletions(-) delete mode 100644 0001-Use-different-attribute-for-cached-passwords-change.patch delete mode 100644 0001-Use-different-attribute-for-cached-passwords.patch delete mode 100644 0001-enable-offline-handling-for-native-LDAP-backend.patch delete mode 100644 0001-handle-other-pam-calls-when-offline.patch delete mode 100644 0001-reuse-authtok-which-is-already-in-the-pam-stack.patch create mode 100644 sssd-0.4.1-debug_fn.patch diff --git a/.cvsignore b/.cvsignore index f98ad18..a7f9aa5 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -sssd-0.3.3.tar.gz +sssd-0.4.1.tar.gz diff --git a/0001-Use-different-attribute-for-cached-passwords-change.patch b/0001-Use-different-attribute-for-cached-passwords-change.patch deleted file mode 100644 index 63bf379..0000000 --- a/0001-Use-different-attribute-for-cached-passwords-change.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 11d01e05e08a9acf11af9aea96910b4795627082 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 28 Apr 2009 10:20:55 +0200 -Subject: [PATCH] Use different attribute for cached passwords change time - ---- - server/responder/pam/pamsrv_cache.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c -index 5e492a5..302f70c 100644 ---- a/server/responder/pam/pamsrv_cache.c -+++ b/server/responder/pam/pamsrv_cache.c -@@ -153,7 +153,7 @@ int pam_cache_credentials(struct pam_auth_req *preq) - if (ret) goto done; - - /* FIXME: should we use a different attribute for chache passwords ?? */ -- ret = sysdb_attrs_add_long(ctx->attrs, "lastPasswordChange", -+ ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange", - (long)time(NULL)); - if (ret) goto done; - -@@ -256,7 +256,7 @@ int pam_cache_auth(struct pam_auth_req *preq) - SYSDB_CACHEDPWD, - SYSDB_DISABLED, - SYSDB_LAST_LOGIN, -- "lastPasswordChange", -+ "lastCachedPasswordChange", - "accountExpires", - "failedLoginAttempts", - "lastFailedLogin", --- -1.6.0.6 - diff --git a/0001-Use-different-attribute-for-cached-passwords.patch b/0001-Use-different-attribute-for-cached-passwords.patch deleted file mode 100644 index 9fb3246..0000000 --- a/0001-Use-different-attribute-for-cached-passwords.patch +++ /dev/null @@ -1,61 +0,0 @@ -From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001 -From: Simo Sorce -Date: Mon, 27 Apr 2009 18:21:25 -0400 -Subject: [PATCH] Use different attribute for cached passwords - -This fixes a bug with legacy backends where the cached password would be cleared -on a user update. -Using a different attribute we make sure a userPassword coming from the remote -backend does not interfere with a cachedPassword (and vice versa). ---- - server/db/sysdb.h | 2 ++ - server/responder/pam/pamsrv_cache.c | 6 +++--- - 2 files changed, 5 insertions(+), 3 deletions(-) - -diff --git a/server/db/sysdb.h b/server/db/sysdb.h -index df49bc7..7bfe1fd 100644 ---- a/server/db/sysdb.h -+++ b/server/db/sysdb.h -@@ -63,6 +63,8 @@ - - #define SYSDB_LAST_UPDATE "lastUpdate" - -+#define SYSDB_CACHEDPWD "cachedPassword" -+ - #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)" - - #define SYSDB_UC "objectclass="SYSDB_USER_CLASS -diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c -index 10f4199..154c7d1 100644 ---- a/server/responder/pam/pamsrv_cache.c -+++ b/server/responder/pam/pamsrv_cache.c -@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq) - goto done; - } - -- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash); -+ ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash); - if (ret) goto done; - - /* FIXME: should we use a different attribute for chache passwords ?? */ -@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status, - goto done; - } - -- userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL); -+ userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL); - if (userhash == NULL || *userhash == '\0') { - DEBUG(4, ("Cached credentials not available.\n")); - ret = PAM_AUTHINFO_UNAVAIL; -@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq) - int ret; - - static const char *attrs[] = {SYSDB_NAME, -- SYSDB_PWD, -+ SYSDB_CACHEDPWD, - SYSDB_DISABLED, - SYSDB_LAST_LOGIN, - "lastPasswordChange", --- -1.6.0.6 - diff --git a/0001-enable-offline-handling-for-native-LDAP-backend.patch b/0001-enable-offline-handling-for-native-LDAP-backend.patch deleted file mode 100644 index 8a15ce8..0000000 --- a/0001-enable-offline-handling-for-native-LDAP-backend.patch +++ /dev/null @@ -1,123 +0,0 @@ ->From 39ffa138c698f0fe1a440a05406852d1add7c73c Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 28 Apr 2009 13:37:33 +0200 -Subject: [PATCH] enable offline handling for native LDAP backend - ---- - server/providers/ldap_be.c | 52 ++++++++++++++++++++++++++++++++++++++++--- - 1 files changed, 48 insertions(+), 4 deletions(-) - -diff --git a/server/providers/ldap_be.c b/server/providers/ldap_be.c -index e654702..365b7d0 100644 ---- a/server/providers/ldap_be.c -+++ b/server/providers/ldap_be.c -@@ -49,6 +49,8 @@ struct sdap_ctx { - char *default_authtok_type; - uint32_t default_authtok_size; - char *default_authtok; -+ int network_timeout; -+ int opt_timeout; - }; - - struct sdap_ops; -@@ -197,6 +199,8 @@ static int sdap_init(struct sdap_req *lr) - int status=EOK; - int ldap_vers = LDAP_VERSION3; - int msgid; -+ struct timeval network_timeout; -+ struct timeval opt_timeout; - - ret = ldap_initialize(&(lr->ldap), lr->sdap_ctx->ldap_uri); - if (ret != LDAP_SUCCESS) { -@@ -212,13 +216,35 @@ static int sdap_init(struct sdap_req *lr) - goto cleanup; - } - -+ network_timeout.tv_sec = lr->sdap_ctx->network_timeout; -+ network_timeout.tv_usec = 0; -+ opt_timeout.tv_sec = lr->sdap_ctx->opt_timeout; -+ opt_timeout.tv_usec = 0; -+ ret = ldap_set_option(lr->ldap, LDAP_OPT_NETWORK_TIMEOUT, &network_timeout); -+ if (ret != LDAP_OPT_SUCCESS) { -+ DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); -+ status = EIO; -+ goto cleanup; -+ } -+ ret = ldap_set_option(lr->ldap, LDAP_OPT_TIMEOUT, &opt_timeout); -+ if (ret != LDAP_OPT_SUCCESS) { -+ DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret))); -+ status = EIO; -+ goto cleanup; -+ } -+ - /* For now TLS is forced. Maybe it would be necessary to make this - * configurable to allow people to expose their passwords over the - * network. */ - ret = ldap_start_tls(lr->ldap, NULL, NULL, &msgid); - if (ret != LDAP_SUCCESS) { -- DEBUG(1, ("ldap_start_tls failed: %s\n", ldap_err2string(ret))); -- status = EIO; -+ DEBUG(1, ("ldap_start_tls failed: [%d][%s]\n", ret, -+ ldap_err2string(ret))); -+ if (ret == LDAP_SERVER_DOWN) { -+ status = EAGAIN; -+ } else { -+ status = EIO; -+ } - goto cleanup; - } - -@@ -289,7 +315,11 @@ static void sdap_pam_loop(struct tevent_context *ev, struct tevent_fd *te, - if (ret != EOK) { - DEBUG(1, ("sdap_init failed.\n")); - lr->ldap = NULL; -- pam_status = PAM_SYSTEM_ERR; -+ if (ret == EAGAIN) { -+ pam_status = PAM_AUTHINFO_UNAVAIL; -+ } else { -+ pam_status = PAM_SYSTEM_ERR; -+ } - goto done; - } - case SDAP_CHECK_INIT_RESULT: -@@ -573,7 +603,11 @@ static void sdap_start(struct tevent_context *ev, struct tevent_timer *te, - if (ret != EOK) { - DEBUG(1, ("sdap_init failed.\n")); - lr->ldap = NULL; -- pam_status = PAM_SYSTEM_ERR; -+ if (ret == EAGAIN) { -+ pam_status = PAM_AUTHINFO_UNAVAIL; -+ } else { -+ pam_status = PAM_SYSTEM_ERR; -+ } - goto done; - } - -@@ -663,6 +697,8 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, - char *user_search_base; - char *user_name_attribute; - char *user_object_class; -+ int network_timeout; -+ int opt_timeout; - int ret; - - ctx = talloc(bectx, struct sdap_ctx); -@@ -715,7 +751,15 @@ int sssm_ldap_auth_init(struct be_ctx *bectx, - ctx->default_authtok = default_authtok; - ctx->default_authtok_size = (default_authtok==NULL?0:strlen(default_authtok)); - -+ ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, -+ "network_timeout", 5, &network_timeout); -+ if (ret != EOK) goto done; -+ ctx->network_timeout = network_timeout; - -+ ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path, -+ "opt_timeout", 5, &opt_timeout); -+ if (ret != EOK) goto done; -+ ctx->network_timeout = opt_timeout; - - *ops = &sdap_mod_ops; - *pvt_data = ctx; --- -1.6.0.6 - diff --git a/0001-handle-other-pam-calls-when-offline.patch b/0001-handle-other-pam-calls-when-offline.patch deleted file mode 100644 index 2ee5b5c..0000000 --- a/0001-handle-other-pam-calls-when-offline.patch +++ /dev/null @@ -1,33 +0,0 @@ ->From 883549efb0a55291b2e6bce05b51e0a6c5847dbb Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Tue, 28 Apr 2009 10:17:38 +0200 -Subject: [PATCH] handle other pam calls when offline - ---- - server/responder/pam/pamsrv_cmd.c | 10 ++++++++++ - 1 files changed, 10 insertions(+), 0 deletions(-) - -diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c -index 4c7bf1f..6d3f899 100644 ---- a/server/responder/pam/pamsrv_cmd.c -+++ b/server/responder/pam/pamsrv_cmd.c -@@ -172,6 +172,16 @@ static void pam_reply(struct pam_auth_req *preq) - } - } - -+/* TODO: we need the pam session cookie here to make sure that cached -+ * authentication was successful */ -+ if ((pd->cmd == SSS_PAM_SETCRED || pd->cmd == SSS_PAM_ACCT_MGMT || -+ pd->cmd == SSS_PAM_OPEN_SESSION || pd->cmd == SSS_PAM_CLOSE_SESSION) && -+ pd->pam_status == PAM_AUTHINFO_UNAVAIL) { -+ DEBUG(2, ("Assuming offline authentication " -+ "setting status for pam call %d to PAM_SUCCESS.\n", pd->cmd)); -+ pd->pam_status = PAM_SUCCESS; -+ } -+ - cctx = preq->cctx; - - if (pd->response_delay > 0) { --- -1.6.0.6 - diff --git a/0001-reuse-authtok-which-is-already-in-the-pam-stack.patch b/0001-reuse-authtok-which-is-already-in-the-pam-stack.patch deleted file mode 100644 index fc1437a..0000000 --- a/0001-reuse-authtok-which-is-already-in-the-pam-stack.patch +++ /dev/null @@ -1,74 +0,0 @@ ->From 1560c380c7180a21c69f0828bd9439c2044282d9 Mon Sep 17 00:00:00 2001 -From: Sumit Bose -Date: Wed, 29 Apr 2009 21:11:05 +0200 -Subject: [PATCH] reuse authtok which is already in the pam stack - ---- - sss_client/pam_sss.c | 24 ++++++++++++++++++++++-- - 1 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c -index d03407c..b7588ca 100644 ---- a/sss_client/pam_sss.c -+++ b/sss_client/pam_sss.c -@@ -149,8 +149,14 @@ static void print_pam_items(struct pam_items pi) - D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)")); - D(("Ruser: %s", *pi.pam_ruser!='\0' ? pi.pam_ruser : "(not available)")); - D(("Rhost: %s", *pi.pam_rhost!='\0' ? pi.pam_rhost : "(not available)")); -- D(("Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)")); -- D(("Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)")); -+ D(("Pamstack_Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)")); -+ D(("Pamstack_Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)")); -+ if (pi.pam_authtok != NULL) { -+ D(("Authtok: %s", *pi.pam_authtok!='\0' ? pi.pam_authtok : "(not available)")); -+ } -+ if (pi.pam_newauthtok != NULL) { -+ D(("Newauthtok: %s", *pi.pam_newauthtok!='\0' ? pi.pam_newauthtok : "(not available)")); -+ } - } - - static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, -@@ -171,12 +177,15 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, - int pam_status; - char *newpwd[2]; - int forward_pass = 0; -+ int use_first_pass = 0; - - D(("Hello pam_sssd: %d", task)); - - for (; argc-- > 0; ++argv) { - if (strcmp(*argv, "forward_pass") == 0) { - forward_pass = 1; -+ } else if (strcmp(*argv, "use_first_pass") == 0) { -+ use_first_pass = 1; - } else { - D(("unknown option: %s", *argv)); - } -@@ -194,6 +203,16 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, - return ret; - } - -+ if (use_first_pass != 0 && -+ (*pi.pamstack_authtok != '\0' || *pi.pamstack_oldauthtok != '\0') && -+ (task == SSS_PAM_AUTHENTICATE || task == SSS_PAM_CHAUTHTOK)) { -+ pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD; -+ pi.pam_authtok = strdup(pi.pamstack_authtok); -+ pi.pam_authtok_size = strlen(pi.pamstack_authtok); -+ pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD; -+ pi.pam_newauthtok = strdup(pi.pamstack_oldauthtok); -+ pi.pam_newauthtok_size = strlen(pi.pamstack_oldauthtok); -+ } else { - pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY; - pi.pam_authtok = NULL; - pi.pam_authtok_size = 0; -@@ -297,6 +316,7 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc, - _pam_overwrite((void *)newpwd[1]); - free(newpwd[1]); - } -+ } - - print_pam_items(pi); - --- -1.6.0.6 - diff --git a/sources b/sources index 2a9f63d..ddd3579 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -39c3d5096081523dd41d1e68803620ff sssd-0.3.3.tar.gz +b1c6c3532e5bcc22de4849e52f9bad0a sssd-0.4.1.tar.gz diff --git a/sssd-0.4.1-debug_fn.patch b/sssd-0.4.1-debug_fn.patch new file mode 100644 index 0000000..5f3e3ac --- /dev/null +++ b/sssd-0.4.1-debug_fn.patch @@ -0,0 +1,58 @@ +From 832ef83184b1d67b7006becf149f1f8fce580ec3 Mon Sep 17 00:00:00 2001 +From: Stephen Gallagher +Date: Thu, 4 Jun 2009 13:37:10 -0400 +Subject: [PATCH] Fix invalid pointer error in ldb_debug_messages + +--- + server/util/debug.c | 21 +++++++++++++++++++-- + 1 files changed, 19 insertions(+), 2 deletions(-) + +diff --git a/server/util/debug.c b/server/util/debug.c +index f7f89f5..d6a98e2 100644 +--- a/server/util/debug.c ++++ b/server/util/debug.c +@@ -12,9 +12,16 @@ void debug_fn(const char *format, ...) + { + va_list ap; + char *s = NULL; ++ int ret; + + va_start(ap, format); +- vasprintf(&s, format, ap); ++ ++ ret = vasprintf(&s, format, ap); ++ if (ret < 0) { ++ /* ENOMEM */ ++ return; ++ } ++ + va_end(ap); + + /*write(state.fd, s, strlen(s));*/ +@@ -26,6 +33,9 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level, + const char *fmt, va_list ap) + { + int loglevel = -1; ++ int ret; ++ char * message = NULL; ++ + switch(level) { + case LDB_DEBUG_FATAL: + loglevel = 0; +@@ -41,5 +51,12 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level, + break; + } + +- DEBUG(loglevel, (fmt, ap)); ++ ret = vasprintf(&message, fmt, ap); ++ if (ret < 0) { ++ /* ENOMEM */ ++ return; ++ } ++ ++ DEBUG(loglevel, (message)); ++ free(message); + } +-- +1.6.2.2 + diff --git a/sssd.spec b/sssd.spec index 1997079..7cd406a 100644 --- a/sssd.spec +++ b/sssd.spec @@ -1,27 +1,22 @@ Name: sssd -Version: 0.3.3 -Release: 3%{?dist} +Version: 0.4.1 +Release: 0%{?dist} Group: Applications/System Summary: System Security Services Daemon # The entire source code is GPLv3+ except replace/ which is LGPLv3+ License: GPLv3+ and LGPLv3+ URL: http://fedorahosted.org/sssd -Source: https://fedorahosted.org/sssd/attachment/wiki/WikiStart/sssd-%{version}.tar.gz - +Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz Source1: sssd.conf.default BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch1: 0001-Use-different-attribute-for-cached-passwords.patch -Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch -Patch3: 0001-enable-offline-handling-for-native-LDAP-backend.patch -Patch4: 0001-handle-other-pam-calls-when-offline.patch -Patch5: 0001-reuse-authtok-which-is-already-in-the-pam-stack.patch +Patch010: sssd-0.4.1-debug_fn.patch ### Dependencies ### -Requires: libldb = 0.9.3 +Requires: libldb >= 0.9.3 Requires(preun): initscripts chkconfig Requires(postun): /sbin/service @@ -31,6 +26,9 @@ Requires(postun): /sbin/service ### Build Dependencies ### BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 BuildRequires: popt-devel BuildRequires: libtalloc-devel BuildRequires: libtevent-devel @@ -43,8 +41,9 @@ BuildRequires: pam-devel BuildRequires: nss-devel BuildRequires: nspr-devel BuildRequires: pcre-devel -BuildRequires: automake -BuildRequires: libtool +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-style-xsl %description Provides a set of daemons to manage access to remote directories and @@ -56,54 +55,32 @@ services for projects like FreeIPA. %prep %setup -q -%patch1 -p 1 -b .pwd-attr -%patch2 -p 1 -b .pwd-cache-attr -%patch3 -p 1 -b .ldap-offline -%patch4 -p 1 -b .pam-offline -%patch5 -p 1 -b .use_first_pass +%patch010 -p1 -b .debug_fn %build - -# common -pushd common -autoreconf -i -f -%configure --disable-shared \ - --enable-static +%configure \ + --without-tests \ + --without-policykit \ + --without-infopipe \ + --with-init-dir=%{_initrddir} \ + --enable-nsslibdir=/%{_lib} make %{?_smp_mflags} -popd - -# sssd -pushd server -./autogen.sh -%configure --prefix=%{_usr} \ - --sysconfdir=%{_sysconfdir} \ - --without-tests \ - --without-policykit \ - --without-infopipe \ - --with-init-dir=%{_initrddir} \ - -make %{?_smp_mflags} -popd - -pushd sss_client -./autogen.sh -%configure --libdir=/%{_lib} -make %{?_smp_mflags} -popd %install rm -rf $RPM_BUILD_ROOT -# sssd -pushd server make install DESTDIR=$RPM_BUILD_ROOT -popd -pushd sss_client -make install DESTDIR=$RPM_BUILD_ROOT -popd +# Remove .la files created by libtool +rm -f \ + $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \ + $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \ + $RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf %clean @@ -112,7 +89,7 @@ rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root,-) %doc COPYING -%{_initrddir}/%{name} +%attr(755,root,root) %{_initrddir}/%{name} %{_sbindir}/sssd %{_sbindir}/sss_useradd %{_sbindir}/sss_userdel @@ -122,15 +99,18 @@ rm -rf $RPM_BUILD_ROOT %{_sbindir}/sss_groupmod %{_libexecdir}/%{servicename}/ %{_libdir}/%{name}/ -%{_libdir}/ldb/memberof.so* +%{_libdir}/ldb/memberof.so %dir /var/lib/sss/ %attr(700,root,root) %dir /var/lib/sss/db %dir /var/lib/sss/pipes %attr(700,root,root) %dir /var/lib/sss/pipes/private +%dir %{_sysconfdir}/sssd %config(noreplace) %{_sysconfdir}/sssd/sssd.conf -/%{_lib}/libnss_sss.so /%{_lib}/libnss_sss.so.2 /%{_lib}/security/pam_sss.so +%{_mandir}/man5/* +%{_mandir}/man8/* +%{_datadir}/locale/*/LC_MESSAGES/sss_client.mo %post /sbin/ldconfig @@ -149,6 +129,10 @@ if [ $1 -ge 1 ] ; then fi %changelog +* Mon Jun 8 2009 Simo Sorce - 0.4.1-0 +- latest upstream release. +- also add a patch that fixes debugging output (potential segfault) + * Tue Apr 29 2009 Simo Sorce - 0.3.3-3 - Add use_first_pass option to fix pam stack problems