- latest upstream release.
- also add a patch that fixes debugging output (potential segfault)
This commit is contained in:
parent
ba6b3db30f
commit
34dc95e4aa
@ -1 +1 @@
|
|||||||
sssd-0.3.3.tar.gz
|
sssd-0.4.1.tar.gz
|
||||||
|
@ -1,34 +0,0 @@
|
|||||||
From 11d01e05e08a9acf11af9aea96910b4795627082 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Tue, 28 Apr 2009 10:20:55 +0200
|
|
||||||
Subject: [PATCH] Use different attribute for cached passwords change time
|
|
||||||
|
|
||||||
---
|
|
||||||
server/responder/pam/pamsrv_cache.c | 4 ++--
|
|
||||||
1 files changed, 2 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
|
|
||||||
index 5e492a5..302f70c 100644
|
|
||||||
--- a/server/responder/pam/pamsrv_cache.c
|
|
||||||
+++ b/server/responder/pam/pamsrv_cache.c
|
|
||||||
@@ -153,7 +153,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
|
|
||||||
if (ret) goto done;
|
|
||||||
|
|
||||||
/* FIXME: should we use a different attribute for chache passwords ?? */
|
|
||||||
- ret = sysdb_attrs_add_long(ctx->attrs, "lastPasswordChange",
|
|
||||||
+ ret = sysdb_attrs_add_long(ctx->attrs, "lastCachedPasswordChange",
|
|
||||||
(long)time(NULL));
|
|
||||||
if (ret) goto done;
|
|
||||||
|
|
||||||
@@ -256,7 +256,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
|
|
||||||
SYSDB_CACHEDPWD,
|
|
||||||
SYSDB_DISABLED,
|
|
||||||
SYSDB_LAST_LOGIN,
|
|
||||||
- "lastPasswordChange",
|
|
||||||
+ "lastCachedPasswordChange",
|
|
||||||
"accountExpires",
|
|
||||||
"failedLoginAttempts",
|
|
||||||
"lastFailedLogin",
|
|
||||||
--
|
|
||||||
1.6.0.6
|
|
||||||
|
|
@ -1,61 +0,0 @@
|
|||||||
From c4f46b40e2f55abd9ae2296fd68daa88bd60e32f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Simo Sorce <ssorce@redhat.com>
|
|
||||||
Date: Mon, 27 Apr 2009 18:21:25 -0400
|
|
||||||
Subject: [PATCH] Use different attribute for cached passwords
|
|
||||||
|
|
||||||
This fixes a bug with legacy backends where the cached password would be cleared
|
|
||||||
on a user update.
|
|
||||||
Using a different attribute we make sure a userPassword coming from the remote
|
|
||||||
backend does not interfere with a cachedPassword (and vice versa).
|
|
||||||
---
|
|
||||||
server/db/sysdb.h | 2 ++
|
|
||||||
server/responder/pam/pamsrv_cache.c | 6 +++---
|
|
||||||
2 files changed, 5 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
|
|
||||||
index df49bc7..7bfe1fd 100644
|
|
||||||
--- a/server/db/sysdb.h
|
|
||||||
+++ b/server/db/sysdb.h
|
|
||||||
@@ -63,6 +63,8 @@
|
|
||||||
|
|
||||||
#define SYSDB_LAST_UPDATE "lastUpdate"
|
|
||||||
|
|
||||||
+#define SYSDB_CACHEDPWD "cachedPassword"
|
|
||||||
+
|
|
||||||
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
|
|
||||||
|
|
||||||
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
|
|
||||||
diff --git a/server/responder/pam/pamsrv_cache.c b/server/responder/pam/pamsrv_cache.c
|
|
||||||
index 10f4199..154c7d1 100644
|
|
||||||
--- a/server/responder/pam/pamsrv_cache.c
|
|
||||||
+++ b/server/responder/pam/pamsrv_cache.c
|
|
||||||
@@ -149,7 +149,7 @@ int pam_cache_credentials(struct pam_auth_req *preq)
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_PWD, comphash);
|
|
||||||
+ ret = sysdb_attrs_add_string(ctx->attrs, SYSDB_CACHEDPWD, comphash);
|
|
||||||
if (ret) goto done;
|
|
||||||
|
|
||||||
/* FIXME: should we use a different attribute for chache passwords ?? */
|
|
||||||
@@ -219,7 +219,7 @@ static void pam_cache_auth_callback(void *pvt, int ldb_status,
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
- userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_PWD, NULL);
|
|
||||||
+ userhash = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_CACHEDPWD, NULL);
|
|
||||||
if (userhash == NULL || *userhash == '\0') {
|
|
||||||
DEBUG(4, ("Cached credentials not available.\n"));
|
|
||||||
ret = PAM_AUTHINFO_UNAVAIL;
|
|
||||||
@@ -253,7 +253,7 @@ int pam_cache_auth(struct pam_auth_req *preq)
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
static const char *attrs[] = {SYSDB_NAME,
|
|
||||||
- SYSDB_PWD,
|
|
||||||
+ SYSDB_CACHEDPWD,
|
|
||||||
SYSDB_DISABLED,
|
|
||||||
SYSDB_LAST_LOGIN,
|
|
||||||
"lastPasswordChange",
|
|
||||||
--
|
|
||||||
1.6.0.6
|
|
||||||
|
|
@ -1,123 +0,0 @@
|
|||||||
>From 39ffa138c698f0fe1a440a05406852d1add7c73c Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Tue, 28 Apr 2009 13:37:33 +0200
|
|
||||||
Subject: [PATCH] enable offline handling for native LDAP backend
|
|
||||||
|
|
||||||
---
|
|
||||||
server/providers/ldap_be.c | 52 ++++++++++++++++++++++++++++++++++++++++---
|
|
||||||
1 files changed, 48 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/server/providers/ldap_be.c b/server/providers/ldap_be.c
|
|
||||||
index e654702..365b7d0 100644
|
|
||||||
--- a/server/providers/ldap_be.c
|
|
||||||
+++ b/server/providers/ldap_be.c
|
|
||||||
@@ -49,6 +49,8 @@ struct sdap_ctx {
|
|
||||||
char *default_authtok_type;
|
|
||||||
uint32_t default_authtok_size;
|
|
||||||
char *default_authtok;
|
|
||||||
+ int network_timeout;
|
|
||||||
+ int opt_timeout;
|
|
||||||
};
|
|
||||||
|
|
||||||
struct sdap_ops;
|
|
||||||
@@ -197,6 +199,8 @@ static int sdap_init(struct sdap_req *lr)
|
|
||||||
int status=EOK;
|
|
||||||
int ldap_vers = LDAP_VERSION3;
|
|
||||||
int msgid;
|
|
||||||
+ struct timeval network_timeout;
|
|
||||||
+ struct timeval opt_timeout;
|
|
||||||
|
|
||||||
ret = ldap_initialize(&(lr->ldap), lr->sdap_ctx->ldap_uri);
|
|
||||||
if (ret != LDAP_SUCCESS) {
|
|
||||||
@@ -212,13 +216,35 @@ static int sdap_init(struct sdap_req *lr)
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ network_timeout.tv_sec = lr->sdap_ctx->network_timeout;
|
|
||||||
+ network_timeout.tv_usec = 0;
|
|
||||||
+ opt_timeout.tv_sec = lr->sdap_ctx->opt_timeout;
|
|
||||||
+ opt_timeout.tv_usec = 0;
|
|
||||||
+ ret = ldap_set_option(lr->ldap, LDAP_OPT_NETWORK_TIMEOUT, &network_timeout);
|
|
||||||
+ if (ret != LDAP_OPT_SUCCESS) {
|
|
||||||
+ DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
|
|
||||||
+ status = EIO;
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+ ret = ldap_set_option(lr->ldap, LDAP_OPT_TIMEOUT, &opt_timeout);
|
|
||||||
+ if (ret != LDAP_OPT_SUCCESS) {
|
|
||||||
+ DEBUG(1, ("ldap_set_option failed: %s\n", ldap_err2string(ret)));
|
|
||||||
+ status = EIO;
|
|
||||||
+ goto cleanup;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
/* For now TLS is forced. Maybe it would be necessary to make this
|
|
||||||
* configurable to allow people to expose their passwords over the
|
|
||||||
* network. */
|
|
||||||
ret = ldap_start_tls(lr->ldap, NULL, NULL, &msgid);
|
|
||||||
if (ret != LDAP_SUCCESS) {
|
|
||||||
- DEBUG(1, ("ldap_start_tls failed: %s\n", ldap_err2string(ret)));
|
|
||||||
- status = EIO;
|
|
||||||
+ DEBUG(1, ("ldap_start_tls failed: [%d][%s]\n", ret,
|
|
||||||
+ ldap_err2string(ret)));
|
|
||||||
+ if (ret == LDAP_SERVER_DOWN) {
|
|
||||||
+ status = EAGAIN;
|
|
||||||
+ } else {
|
|
||||||
+ status = EIO;
|
|
||||||
+ }
|
|
||||||
goto cleanup;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -289,7 +315,11 @@ static void sdap_pam_loop(struct tevent_context *ev, struct tevent_fd *te,
|
|
||||||
if (ret != EOK) {
|
|
||||||
DEBUG(1, ("sdap_init failed.\n"));
|
|
||||||
lr->ldap = NULL;
|
|
||||||
- pam_status = PAM_SYSTEM_ERR;
|
|
||||||
+ if (ret == EAGAIN) {
|
|
||||||
+ pam_status = PAM_AUTHINFO_UNAVAIL;
|
|
||||||
+ } else {
|
|
||||||
+ pam_status = PAM_SYSTEM_ERR;
|
|
||||||
+ }
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
case SDAP_CHECK_INIT_RESULT:
|
|
||||||
@@ -573,7 +603,11 @@ static void sdap_start(struct tevent_context *ev, struct tevent_timer *te,
|
|
||||||
if (ret != EOK) {
|
|
||||||
DEBUG(1, ("sdap_init failed.\n"));
|
|
||||||
lr->ldap = NULL;
|
|
||||||
- pam_status = PAM_SYSTEM_ERR;
|
|
||||||
+ if (ret == EAGAIN) {
|
|
||||||
+ pam_status = PAM_AUTHINFO_UNAVAIL;
|
|
||||||
+ } else {
|
|
||||||
+ pam_status = PAM_SYSTEM_ERR;
|
|
||||||
+ }
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -663,6 +697,8 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
|
|
||||||
char *user_search_base;
|
|
||||||
char *user_name_attribute;
|
|
||||||
char *user_object_class;
|
|
||||||
+ int network_timeout;
|
|
||||||
+ int opt_timeout;
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
ctx = talloc(bectx, struct sdap_ctx);
|
|
||||||
@@ -715,7 +751,15 @@ int sssm_ldap_auth_init(struct be_ctx *bectx,
|
|
||||||
ctx->default_authtok = default_authtok;
|
|
||||||
ctx->default_authtok_size = (default_authtok==NULL?0:strlen(default_authtok));
|
|
||||||
|
|
||||||
+ ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path,
|
|
||||||
+ "network_timeout", 5, &network_timeout);
|
|
||||||
+ if (ret != EOK) goto done;
|
|
||||||
+ ctx->network_timeout = network_timeout;
|
|
||||||
|
|
||||||
+ ret = confdb_get_int(bectx->cdb, ctx, bectx->conf_path,
|
|
||||||
+ "opt_timeout", 5, &opt_timeout);
|
|
||||||
+ if (ret != EOK) goto done;
|
|
||||||
+ ctx->network_timeout = opt_timeout;
|
|
||||||
|
|
||||||
*ops = &sdap_mod_ops;
|
|
||||||
*pvt_data = ctx;
|
|
||||||
--
|
|
||||||
1.6.0.6
|
|
||||||
|
|
@ -1,33 +0,0 @@
|
|||||||
>From 883549efb0a55291b2e6bce05b51e0a6c5847dbb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Tue, 28 Apr 2009 10:17:38 +0200
|
|
||||||
Subject: [PATCH] handle other pam calls when offline
|
|
||||||
|
|
||||||
---
|
|
||||||
server/responder/pam/pamsrv_cmd.c | 10 ++++++++++
|
|
||||||
1 files changed, 10 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/server/responder/pam/pamsrv_cmd.c b/server/responder/pam/pamsrv_cmd.c
|
|
||||||
index 4c7bf1f..6d3f899 100644
|
|
||||||
--- a/server/responder/pam/pamsrv_cmd.c
|
|
||||||
+++ b/server/responder/pam/pamsrv_cmd.c
|
|
||||||
@@ -172,6 +172,16 @@ static void pam_reply(struct pam_auth_req *preq)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+/* TODO: we need the pam session cookie here to make sure that cached
|
|
||||||
+ * authentication was successful */
|
|
||||||
+ if ((pd->cmd == SSS_PAM_SETCRED || pd->cmd == SSS_PAM_ACCT_MGMT ||
|
|
||||||
+ pd->cmd == SSS_PAM_OPEN_SESSION || pd->cmd == SSS_PAM_CLOSE_SESSION) &&
|
|
||||||
+ pd->pam_status == PAM_AUTHINFO_UNAVAIL) {
|
|
||||||
+ DEBUG(2, ("Assuming offline authentication "
|
|
||||||
+ "setting status for pam call %d to PAM_SUCCESS.\n", pd->cmd));
|
|
||||||
+ pd->pam_status = PAM_SUCCESS;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
cctx = preq->cctx;
|
|
||||||
|
|
||||||
if (pd->response_delay > 0) {
|
|
||||||
--
|
|
||||||
1.6.0.6
|
|
||||||
|
|
@ -1,74 +0,0 @@
|
|||||||
>From 1560c380c7180a21c69f0828bd9439c2044282d9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Wed, 29 Apr 2009 21:11:05 +0200
|
|
||||||
Subject: [PATCH] reuse authtok which is already in the pam stack
|
|
||||||
|
|
||||||
---
|
|
||||||
sss_client/pam_sss.c | 24 ++++++++++++++++++++++--
|
|
||||||
1 files changed, 22 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/sss_client/pam_sss.c b/sss_client/pam_sss.c
|
|
||||||
index d03407c..b7588ca 100644
|
|
||||||
--- a/sss_client/pam_sss.c
|
|
||||||
+++ b/sss_client/pam_sss.c
|
|
||||||
@@ -149,8 +149,14 @@ static void print_pam_items(struct pam_items pi)
|
|
||||||
D(("Tty: %s", *pi.pam_tty!='\0' ? pi.pam_tty : "(not available)"));
|
|
||||||
D(("Ruser: %s", *pi.pam_ruser!='\0' ? pi.pam_ruser : "(not available)"));
|
|
||||||
D(("Rhost: %s", *pi.pam_rhost!='\0' ? pi.pam_rhost : "(not available)"));
|
|
||||||
- D(("Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)"));
|
|
||||||
- D(("Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)"));
|
|
||||||
+ D(("Pamstack_Authtok: %s", *pi.pamstack_authtok!='\0' ? pi.pamstack_authtok : "(not available)"));
|
|
||||||
+ D(("Pamstack_Oldauthtok: %s", *pi.pamstack_oldauthtok!='\0' ? pi.pamstack_oldauthtok : "(not available)"));
|
|
||||||
+ if (pi.pam_authtok != NULL) {
|
|
||||||
+ D(("Authtok: %s", *pi.pam_authtok!='\0' ? pi.pam_authtok : "(not available)"));
|
|
||||||
+ }
|
|
||||||
+ if (pi.pam_newauthtok != NULL) {
|
|
||||||
+ D(("Newauthtok: %s", *pi.pam_newauthtok!='\0' ? pi.pam_newauthtok : "(not available)"));
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
|
||||||
@@ -171,12 +177,15 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
|
||||||
int pam_status;
|
|
||||||
char *newpwd[2];
|
|
||||||
int forward_pass = 0;
|
|
||||||
+ int use_first_pass = 0;
|
|
||||||
|
|
||||||
D(("Hello pam_sssd: %d", task));
|
|
||||||
|
|
||||||
for (; argc-- > 0; ++argv) {
|
|
||||||
if (strcmp(*argv, "forward_pass") == 0) {
|
|
||||||
forward_pass = 1;
|
|
||||||
+ } else if (strcmp(*argv, "use_first_pass") == 0) {
|
|
||||||
+ use_first_pass = 1;
|
|
||||||
} else {
|
|
||||||
D(("unknown option: %s", *argv));
|
|
||||||
}
|
|
||||||
@@ -194,6 +203,16 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (use_first_pass != 0 &&
|
|
||||||
+ (*pi.pamstack_authtok != '\0' || *pi.pamstack_oldauthtok != '\0') &&
|
|
||||||
+ (task == SSS_PAM_AUTHENTICATE || task == SSS_PAM_CHAUTHTOK)) {
|
|
||||||
+ pi.pam_authtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
|
|
||||||
+ pi.pam_authtok = strdup(pi.pamstack_authtok);
|
|
||||||
+ pi.pam_authtok_size = strlen(pi.pamstack_authtok);
|
|
||||||
+ pi.pam_newauthtok_type = SSS_AUTHTOK_TYPE_PASSWORD;
|
|
||||||
+ pi.pam_newauthtok = strdup(pi.pamstack_oldauthtok);
|
|
||||||
+ pi.pam_newauthtok_size = strlen(pi.pamstack_oldauthtok);
|
|
||||||
+ } else {
|
|
||||||
pi.pam_authtok_type = SSS_AUTHTOK_TYPE_EMPTY;
|
|
||||||
pi.pam_authtok = NULL;
|
|
||||||
pi.pam_authtok_size = 0;
|
|
||||||
@@ -297,6 +316,7 @@ static int pam_sss(int task, pam_handle_t *pamh, int flags, int argc,
|
|
||||||
_pam_overwrite((void *)newpwd[1]);
|
|
||||||
free(newpwd[1]);
|
|
||||||
}
|
|
||||||
+ }
|
|
||||||
|
|
||||||
print_pam_items(pi);
|
|
||||||
|
|
||||||
--
|
|
||||||
1.6.0.6
|
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
39c3d5096081523dd41d1e68803620ff sssd-0.3.3.tar.gz
|
b1c6c3532e5bcc22de4849e52f9bad0a sssd-0.4.1.tar.gz
|
||||||
|
58
sssd-0.4.1-debug_fn.patch
Normal file
58
sssd-0.4.1-debug_fn.patch
Normal file
@ -0,0 +1,58 @@
|
|||||||
|
From 832ef83184b1d67b7006becf149f1f8fce580ec3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Thu, 4 Jun 2009 13:37:10 -0400
|
||||||
|
Subject: [PATCH] Fix invalid pointer error in ldb_debug_messages
|
||||||
|
|
||||||
|
---
|
||||||
|
server/util/debug.c | 21 +++++++++++++++++++--
|
||||||
|
1 files changed, 19 insertions(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/server/util/debug.c b/server/util/debug.c
|
||||||
|
index f7f89f5..d6a98e2 100644
|
||||||
|
--- a/server/util/debug.c
|
||||||
|
+++ b/server/util/debug.c
|
||||||
|
@@ -12,9 +12,16 @@ void debug_fn(const char *format, ...)
|
||||||
|
{
|
||||||
|
va_list ap;
|
||||||
|
char *s = NULL;
|
||||||
|
+ int ret;
|
||||||
|
|
||||||
|
va_start(ap, format);
|
||||||
|
- vasprintf(&s, format, ap);
|
||||||
|
+
|
||||||
|
+ ret = vasprintf(&s, format, ap);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ /* ENOMEM */
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
va_end(ap);
|
||||||
|
|
||||||
|
/*write(state.fd, s, strlen(s));*/
|
||||||
|
@@ -26,6 +33,9 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level,
|
||||||
|
const char *fmt, va_list ap)
|
||||||
|
{
|
||||||
|
int loglevel = -1;
|
||||||
|
+ int ret;
|
||||||
|
+ char * message = NULL;
|
||||||
|
+
|
||||||
|
switch(level) {
|
||||||
|
case LDB_DEBUG_FATAL:
|
||||||
|
loglevel = 0;
|
||||||
|
@@ -41,5 +51,12 @@ void ldb_debug_messages(void *context, enum ldb_debug_level level,
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- DEBUG(loglevel, (fmt, ap));
|
||||||
|
+ ret = vasprintf(&message, fmt, ap);
|
||||||
|
+ if (ret < 0) {
|
||||||
|
+ /* ENOMEM */
|
||||||
|
+ return;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ DEBUG(loglevel, (message));
|
||||||
|
+ free(message);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.6.2.2
|
||||||
|
|
80
sssd.spec
80
sssd.spec
@ -1,27 +1,22 @@
|
|||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 0.3.3
|
Version: 0.4.1
|
||||||
Release: 3%{?dist}
|
Release: 0%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
|
|
||||||
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
|
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
|
||||||
License: GPLv3+ and LGPLv3+
|
License: GPLv3+ and LGPLv3+
|
||||||
URL: http://fedorahosted.org/sssd
|
URL: http://fedorahosted.org/sssd
|
||||||
Source: https://fedorahosted.org/sssd/attachment/wiki/WikiStart/sssd-%{version}.tar.gz
|
Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz
|
||||||
|
|
||||||
Source1: sssd.conf.default
|
Source1: sssd.conf.default
|
||||||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
Patch1: 0001-Use-different-attribute-for-cached-passwords.patch
|
Patch010: sssd-0.4.1-debug_fn.patch
|
||||||
Patch2: 0001-Use-different-attribute-for-cached-passwords-change.patch
|
|
||||||
Patch3: 0001-enable-offline-handling-for-native-LDAP-backend.patch
|
|
||||||
Patch4: 0001-handle-other-pam-calls-when-offline.patch
|
|
||||||
Patch5: 0001-reuse-authtok-which-is-already-in-the-pam-stack.patch
|
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
Requires: libldb = 0.9.3
|
Requires: libldb >= 0.9.3
|
||||||
|
|
||||||
Requires(preun): initscripts chkconfig
|
Requires(preun): initscripts chkconfig
|
||||||
Requires(postun): /sbin/service
|
Requires(postun): /sbin/service
|
||||||
@ -31,6 +26,9 @@ Requires(postun): /sbin/service
|
|||||||
### Build Dependencies ###
|
### Build Dependencies ###
|
||||||
|
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
|
BuildRequires: automake
|
||||||
|
BuildRequires: libtool
|
||||||
|
BuildRequires: m4
|
||||||
BuildRequires: popt-devel
|
BuildRequires: popt-devel
|
||||||
BuildRequires: libtalloc-devel
|
BuildRequires: libtalloc-devel
|
||||||
BuildRequires: libtevent-devel
|
BuildRequires: libtevent-devel
|
||||||
@ -43,8 +41,9 @@ BuildRequires: pam-devel
|
|||||||
BuildRequires: nss-devel
|
BuildRequires: nss-devel
|
||||||
BuildRequires: nspr-devel
|
BuildRequires: nspr-devel
|
||||||
BuildRequires: pcre-devel
|
BuildRequires: pcre-devel
|
||||||
BuildRequires: automake
|
BuildRequires: libxslt
|
||||||
BuildRequires: libtool
|
BuildRequires: libxml2
|
||||||
|
BuildRequires: docbook-style-xsl
|
||||||
|
|
||||||
%description
|
%description
|
||||||
Provides a set of daemons to manage access to remote directories and
|
Provides a set of daemons to manage access to remote directories and
|
||||||
@ -56,54 +55,32 @@ services for projects like FreeIPA.
|
|||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
|
|
||||||
%patch1 -p 1 -b .pwd-attr
|
%patch010 -p1 -b .debug_fn
|
||||||
%patch2 -p 1 -b .pwd-cache-attr
|
|
||||||
%patch3 -p 1 -b .ldap-offline
|
|
||||||
%patch4 -p 1 -b .pam-offline
|
|
||||||
%patch5 -p 1 -b .use_first_pass
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
%configure \
|
||||||
# common
|
|
||||||
pushd common
|
|
||||||
autoreconf -i -f
|
|
||||||
%configure --disable-shared \
|
|
||||||
--enable-static
|
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
|
||||||
popd
|
|
||||||
|
|
||||||
# sssd
|
|
||||||
pushd server
|
|
||||||
./autogen.sh
|
|
||||||
%configure --prefix=%{_usr} \
|
|
||||||
--sysconfdir=%{_sysconfdir} \
|
|
||||||
--without-tests \
|
--without-tests \
|
||||||
--without-policykit \
|
--without-policykit \
|
||||||
--without-infopipe \
|
--without-infopipe \
|
||||||
--with-init-dir=%{_initrddir} \
|
--with-init-dir=%{_initrddir} \
|
||||||
|
--enable-nsslibdir=/%{_lib}
|
||||||
|
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
popd
|
|
||||||
|
|
||||||
pushd sss_client
|
|
||||||
./autogen.sh
|
|
||||||
%configure --libdir=/%{_lib}
|
|
||||||
make %{?_smp_mflags}
|
|
||||||
popd
|
|
||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf $RPM_BUILD_ROOT
|
rm -rf $RPM_BUILD_ROOT
|
||||||
|
|
||||||
# sssd
|
|
||||||
pushd server
|
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
make install DESTDIR=$RPM_BUILD_ROOT
|
||||||
popd
|
|
||||||
|
|
||||||
pushd sss_client
|
# Remove .la files created by libtool
|
||||||
make install DESTDIR=$RPM_BUILD_ROOT
|
rm -f \
|
||||||
popd
|
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
||||||
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la
|
||||||
|
|
||||||
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
||||||
install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
||||||
|
|
||||||
%clean
|
%clean
|
||||||
@ -112,7 +89,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%files
|
%files
|
||||||
%defattr(-,root,root,-)
|
%defattr(-,root,root,-)
|
||||||
%doc COPYING
|
%doc COPYING
|
||||||
%{_initrddir}/%{name}
|
%attr(755,root,root) %{_initrddir}/%{name}
|
||||||
%{_sbindir}/sssd
|
%{_sbindir}/sssd
|
||||||
%{_sbindir}/sss_useradd
|
%{_sbindir}/sss_useradd
|
||||||
%{_sbindir}/sss_userdel
|
%{_sbindir}/sss_userdel
|
||||||
@ -122,15 +99,18 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_sbindir}/sss_groupmod
|
%{_sbindir}/sss_groupmod
|
||||||
%{_libexecdir}/%{servicename}/
|
%{_libexecdir}/%{servicename}/
|
||||||
%{_libdir}/%{name}/
|
%{_libdir}/%{name}/
|
||||||
%{_libdir}/ldb/memberof.so*
|
%{_libdir}/ldb/memberof.so
|
||||||
%dir /var/lib/sss/
|
%dir /var/lib/sss/
|
||||||
%attr(700,root,root) %dir /var/lib/sss/db
|
%attr(700,root,root) %dir /var/lib/sss/db
|
||||||
%dir /var/lib/sss/pipes
|
%dir /var/lib/sss/pipes
|
||||||
%attr(700,root,root) %dir /var/lib/sss/pipes/private
|
%attr(700,root,root) %dir /var/lib/sss/pipes/private
|
||||||
|
%dir %{_sysconfdir}/sssd
|
||||||
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
||||||
/%{_lib}/libnss_sss.so
|
|
||||||
/%{_lib}/libnss_sss.so.2
|
/%{_lib}/libnss_sss.so.2
|
||||||
/%{_lib}/security/pam_sss.so
|
/%{_lib}/security/pam_sss.so
|
||||||
|
%{_mandir}/man5/*
|
||||||
|
%{_mandir}/man8/*
|
||||||
|
%{_datadir}/locale/*/LC_MESSAGES/sss_client.mo
|
||||||
|
|
||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
@ -149,6 +129,10 @@ if [ $1 -ge 1 ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
|
||||||
|
- latest upstream release.
|
||||||
|
- also add a patch that fixes debugging output (potential segfault)
|
||||||
|
|
||||||
* Tue Apr 29 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-3
|
* Tue Apr 29 2009 Simo Sorce <ssorce@redhat.com> - 0.3.3-3
|
||||||
- Add use_first_pass option to fix pam stack problems
|
- Add use_first_pass option to fix pam stack problems
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user