From 54472e5fa7b5e79b92c6895299860e13a9d79deb Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 5 Aug 2011 10:19:13 -0400
Subject: [PATCH] New upstream release 1.5.12
 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.12 Fixes a regression
 introduced in 1.5.11 with hostname resolution Fixes an issue where sssd_pam
 would leak file descriptors until resource exhaustion Complete rewrite of the
 FreeIPA Host-Based Access Control (HBAC) resolver New shared library for HBAC
 access-control Fixes for password expiration handling with LDAP auth New
 option to veto certain centrally-managed shells (Patch by John Hodrien)

Conflicts:

	sssd.spec
---
 .gitignore |  1 +
 sources    |  2 +-
 sssd.spec  | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 67 insertions(+), 4 deletions(-)

diff --git a/.gitignore b/.gitignore
index f27e8c4..d95e461 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,3 +15,4 @@ sssd-1.2.91.tar.gz
 /sssd-1.5.9.tar.gz
 /sssd-1.5.10.tar.gz
 /sssd-1.5.11.tar.gz
+/sssd-1.5.12.tar.gz
diff --git a/sources b/sources
index 55e82cf..ba6de2e 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-d4c7d20098f73a48053bf41d47d98b7b  sssd-1.5.11.tar.gz
+9aab979366c1143d7f8f40940ffe3146  sssd-1.5.12.tar.gz
diff --git a/sssd.spec b/sssd.spec
index d9a49c6..e977e52 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -8,8 +8,8 @@
 %global ldb_version 0.9.10
 
 Name: sssd
-Version: 1.5.11
-Release: 2%{?dist}
+Version: 1.5.12
+Release: 1%{?dist}
 Group: Applications/System
 Summary: System Security Services Daemon
 License: GPLv3+
@@ -24,6 +24,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
 Requires: libldb = %{ldb_version}
 Requires: libtdb >= 1.1.3
 Requires: sssd-client = %{version}-%{release}
+Requires: libipa_hbac = %{version}-%{release}
 Requires: cyrus-sasl-gssapi
 Requires(post): initscripts chkconfig /sbin/ldconfig
 Requires(preun):  initscripts chkconfig
@@ -78,6 +79,7 @@ BuildRequires: libnl-devel
 BuildRequires: nscd
 BuildRequires: gettext-devel
 BuildRequires: pkgconfig
+BuildRequires: libunistring-devel
 
 %description
 Provides a set of daemons to manage access to remote directories and
@@ -108,6 +110,34 @@ SSSD when using id_provider = local in /etc/sssd/sssd.conf.
 Also provides a userspace tool for generating an obfuscated LDAP password for
 use with ldap_default_authtok_type = obfuscated_password.
 
+%package -n libipa_hbac
+Summary: FreeIPA HBAC Evaluator library
+Group: Development/Libraries
+License: LGPLv3+
+
+%description -n libipa_hbac
+Utility library to validate FreeIPA HBAC rules for authorization requests
+
+%package -n libipa_hbac-devel
+Summary: FreeIPA HBAC Evaluator library
+Group: Development/Libraries
+License: LGPLv3+
+Requires: libipa_hbac = %{version}-%{release}
+
+%description -n libipa_hbac-devel
+Utility library to validate FreeIPA HBAC rules for authorization requests
+
+%package -n libipa_hbac-python
+Summary: Python bindings for the FreeIPA HBAC Evaluator library
+Group: Development/Libraries
+License: LGPLv3+
+Requires: libipa_hbac = %{version}-%{release}
+
+%description -n libipa_hbac-python
+The libipa_hbac-python contains the bindings so that libipa_hbac can be
+used by Python applications.
+
+
 %prep
 %setup -q
 
@@ -164,7 +194,9 @@ rm -f \
     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
     $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_simple.la \
     $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
-    $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
+    $RPM_BUILD_ROOT/%{_libdir}/libipa_hbac.la \
+    $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la \
+    $RPM_BUILD_ROOT/%{python_sitearch}/pyhbac.la
 
 # Older versions of rpmbuild can only handle one -f option
 # So we need to append to the sssd.lang file
@@ -249,6 +281,21 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man8/sss_usermod.8*
 %{_mandir}/man8/sss_obfuscate.8*
 
+%files -n libipa_hbac
+%defattr(-,root,root,-)
+%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
+%{_libdir}/libipa_hbac.so.*
+
+%files -n libipa_hbac-devel
+%defattr(-,root,root,-)
+%{_includedir}/ipa_hbac.h
+%{_libdir}/libipa_hbac.so
+%{_libdir}/pkgconfig/ipa_hbac.pc
+
+%files -n libipa_hbac-python
+%defattr(-,root,root,-)
+%{python_sitearch}/pyhbac.so
+
 %post
 /sbin/ldconfig
 /sbin/chkconfig --add %{servicename}
@@ -269,7 +316,22 @@ fi
 
 %postun client -p /sbin/ldconfig
 
+%post -n libipa_hbac -p /sbin/ldconfig
+
+%postun -n libipa_hbac -p /sbin/ldconfig
+
 %changelog
+* Fri Aug 05 2011 Stephen Gallagher <sgallagh@redhat.ocm> - 1.5.12-1
+- New upstream release 1.5.12
+- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.12
+- Fixes a regression introduced in 1.5.11 with hostname resolution
+- Fixes an issue where sssd_pam would leak file descriptors until resource
+  exhaustion
+- Complete rewrite of the FreeIPA Host-Based Access Control (HBAC) resolver
+- New shared library for HBAC access-control
+- Fixes for password expiration handling with LDAP auth
+- New option to veto certain centrally-managed shells (Patch by John Hodrien)
+
 * Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
 - New upstream release 1.5.11
 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11