New upstream release 1.8.5
This commit is contained in:
parent
75380a749d
commit
c13be84ef8
1
.gitignore
vendored
1
.gitignore
vendored
@ -29,3 +29,4 @@ sssd-1.2.91.tar.gz
|
|||||||
/sssd-1.8.2.tar.gz
|
/sssd-1.8.2.tar.gz
|
||||||
/sssd-1.8.3.tar.gz
|
/sssd-1.8.3.tar.gz
|
||||||
/sssd-1.8.4.tar.gz
|
/sssd-1.8.4.tar.gz
|
||||||
|
/sssd-1.8.5.tar.gz
|
||||||
|
@ -1,246 +0,0 @@
|
|||||||
From cb79e6cad17849be94dff05309a5ca0b9ea62613 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Cholasta <jcholast@redhat.com>
|
|
||||||
Date: Wed, 30 May 2012 09:40:13 -0400
|
|
||||||
Subject: [PATCH 1/2] Assorted SSH fixes
|
|
||||||
|
|
||||||
SSH: Update sss_ssh_knownhostsproxy manual page
|
|
||||||
|
|
||||||
Don't use GlobalKnownHostsFile2 in ssh_config, as it has been deprecated in
|
|
||||||
OpenSSH 5.9.
|
|
||||||
|
|
||||||
SSH: Supress error message output in sss_ssh_knownhostsproxy
|
|
||||||
|
|
||||||
SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are missing
|
|
||||||
|
|
||||||
https://fedorahosted.org/sssd/ticket/1356
|
|
||||||
---
|
|
||||||
src/man/sss_ssh_knownhostsproxy.1.xml | 2 +-
|
|
||||||
src/sss_client/ssh/sss_ssh_client.c | 8 +--
|
|
||||||
src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 94 ++++++++++++++------------
|
|
||||||
3 files changed, 55 insertions(+), 49 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/man/sss_ssh_knownhostsproxy.1.xml b/src/man/sss_ssh_knownhostsproxy.1.xml
|
|
||||||
index 241e8a7ffbef102f367ba108b2f5fe3e6e68103c..5767e8426da34fb0124c927162aae6448ed8f89e 100644
|
|
||||||
--- a/src/man/sss_ssh_knownhostsproxy.1.xml
|
|
||||||
+++ b/src/man/sss_ssh_knownhostsproxy.1.xml
|
|
||||||
@@ -53,7 +53,7 @@
|
|
||||||
<manvolnum>1</manvolnum></citerefentry> configuration:
|
|
||||||
<programlisting>
|
|
||||||
ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h
|
|
||||||
-GlobalKnownHostsFile2 /var/lib/sss/pubconf/known_hosts
|
|
||||||
+GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts
|
|
||||||
</programlisting>
|
|
||||||
</para>
|
|
||||||
<para>
|
|
||||||
diff --git a/src/sss_client/ssh/sss_ssh_client.c b/src/sss_client/ssh/sss_ssh_client.c
|
|
||||||
index 8520cd1b1704f1387a105a854ea72a9fcd2c85fc..645f2928985637f26213ab7a0d48a626b088ad58 100644
|
|
||||||
--- a/src/sss_client/ssh/sss_ssh_client.c
|
|
||||||
+++ b/src/sss_client/ssh/sss_ssh_client.c
|
|
||||||
@@ -146,14 +146,14 @@ sss_ssh_get_ent(TALLOC_CTX *mem_ctx,
|
|
||||||
rd.len = req_len;
|
|
||||||
|
|
||||||
req_ret = sss_ssh_make_request(command, &rd, &rep, &rep_len, &req_errno);
|
|
||||||
- if (req_ret != SSS_STATUS_SUCCESS) {
|
|
||||||
- ret = EFAULT;
|
|
||||||
- goto done;
|
|
||||||
- }
|
|
||||||
if (req_errno != EOK) {
|
|
||||||
ret = req_errno;
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
+ if (req_ret != SSS_STATUS_SUCCESS) {
|
|
||||||
+ ret = EFAULT;
|
|
||||||
+ goto done;
|
|
||||||
+ }
|
|
||||||
|
|
||||||
/* parse reply */
|
|
||||||
c = 0;
|
|
||||||
diff --git a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
|
|
||||||
index 6424d7b7c3c17375ad4ac8dc6ec2276786bf0560..cac8eb7ef47eb70591dfb274a01cfbb392eee8aa 100644
|
|
||||||
--- a/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
|
|
||||||
+++ b/src/sss_client/ssh/sss_ssh_knownhostsproxy.c
|
|
||||||
@@ -73,7 +73,6 @@ connect_socket(int family, struct sockaddr *addr, size_t addr_len)
|
|
||||||
ret = errno;
|
|
||||||
DEBUG(SSSDBG_OP_FAILURE, ("socket() failed (%d): %s\n",
|
|
||||||
ret, strerror(ret)));
|
|
||||||
- ERROR("Failed to open a socket\n");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -83,7 +82,6 @@ connect_socket(int family, struct sockaddr *addr, size_t addr_len)
|
|
||||||
ret = errno;
|
|
||||||
DEBUG(SSSDBG_OP_FAILURE, ("connect() failed (%d): %s\n",
|
|
||||||
ret, strerror(ret)));
|
|
||||||
- ERROR("Failed to connect to the server\n");
|
|
||||||
goto done;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -176,7 +174,6 @@ connect_proxy_command(char **args)
|
|
||||||
ret = errno;
|
|
||||||
DEBUG(SSSDBG_OP_FAILURE, ("execv() failed (%d): %s\n",
|
|
||||||
ret, strerror(ret)));
|
|
||||||
- ERROR("Failed to execute proxy command\n");
|
|
||||||
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
@@ -185,7 +182,7 @@ int main(int argc, const char **argv)
|
|
||||||
{
|
|
||||||
TALLOC_CTX *mem_ctx = NULL;
|
|
||||||
int pc_debug = SSSDBG_DEFAULT;
|
|
||||||
- const char *pc_port = "22";
|
|
||||||
+ int pc_port = 22;
|
|
||||||
const char *pc_domain = NULL;
|
|
||||||
const char *pc_host = NULL;
|
|
||||||
const char **pc_args = NULL;
|
|
||||||
@@ -193,17 +190,18 @@ int main(int argc, const char **argv)
|
|
||||||
POPT_AUTOHELP
|
|
||||||
{ "debug", '\0', POPT_ARG_INT | POPT_ARGFLAG_DOC_HIDDEN, &pc_debug, 0,
|
|
||||||
_("The debug level to run with"), NULL },
|
|
||||||
- { "port", 'p', POPT_ARG_STRING, &pc_port, 0,
|
|
||||||
+ { "port", 'p', POPT_ARG_INT, &pc_port, 0,
|
|
||||||
_("The port to use to connect to the host"), NULL },
|
|
||||||
{ "domain", 'd', POPT_ARG_STRING, &pc_domain, 0,
|
|
||||||
_("The SSSD domain to use"), NULL },
|
|
||||||
POPT_TABLEEND
|
|
||||||
};
|
|
||||||
poptContext pc = NULL;
|
|
||||||
+ char strport[6];
|
|
||||||
struct addrinfo ai_hint;
|
|
||||||
struct addrinfo *ai = NULL;
|
|
||||||
char canonhost[NI_MAXHOST];
|
|
||||||
- const char *host;
|
|
||||||
+ const char *host = NULL;
|
|
||||||
struct sss_ssh_ent *ent;
|
|
||||||
int ret;
|
|
||||||
|
|
||||||
@@ -213,14 +211,13 @@ int main(int argc, const char **argv)
|
|
||||||
if (ret != EOK) {
|
|
||||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
("set_locale() failed (%d): %s\n", ret, strerror(ret)));
|
|
||||||
- ERROR("Error setting the locale\n");
|
|
||||||
ret = EXIT_FAILURE;
|
|
||||||
goto fini;
|
|
||||||
}
|
|
||||||
|
|
||||||
mem_ctx = talloc_new(NULL);
|
|
||||||
if (!mem_ctx) {
|
|
||||||
- ERROR("Not enough memory\n");
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n"));
|
|
||||||
ret = EXIT_FAILURE;
|
|
||||||
goto fini;
|
|
||||||
}
|
|
||||||
@@ -237,6 +234,10 @@ int main(int argc, const char **argv)
|
|
||||||
BAD_POPT_PARAMS(pc, poptStrerror(ret), ret, fini);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (pc_port < 1 || pc_port > 65535) {
|
|
||||||
+ BAD_POPT_PARAMS(pc, _("Invalid port\n"), ret, fini);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
pc_host = poptGetArg(pc);
|
|
||||||
if (pc_host == NULL) {
|
|
||||||
BAD_POPT_PARAMS(pc, _("Host not specified\n"), ret, fini);
|
|
||||||
@@ -249,59 +250,64 @@ int main(int argc, const char **argv)
|
|
||||||
ret, fini);
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* get IP addresses of the host */
|
|
||||||
+ /* canonicalize hostname */
|
|
||||||
+ snprintf(strport, 6, "%d", pc_port);
|
|
||||||
+
|
|
||||||
memset(&ai_hint, 0, sizeof(struct addrinfo));
|
|
||||||
ai_hint.ai_family = AF_UNSPEC;
|
|
||||||
ai_hint.ai_socktype = SOCK_STREAM;
|
|
||||||
ai_hint.ai_protocol = IPPROTO_TCP;
|
|
||||||
- ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICSERV;
|
|
||||||
+ ai_hint.ai_flags = AI_ADDRCONFIG | AI_NUMERICHOST | AI_NUMERICSERV;
|
|
||||||
|
|
||||||
- ret = getaddrinfo(pc_host, pc_port, &ai_hint, &ai);
|
|
||||||
+ ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
|
|
||||||
if (ret) {
|
|
||||||
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
- ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
|
|
||||||
- ERROR("Host name cannot be resolved\n");
|
|
||||||
- ret = EXIT_FAILURE;
|
|
||||||
- goto fini;
|
|
||||||
- }
|
|
||||||
+ ai_hint.ai_flags = AI_ADDRCONFIG | AI_CANONNAME | AI_NUMERICSERV;
|
|
||||||
|
|
||||||
- /* canonicalize hostname */
|
|
||||||
- ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
|
|
||||||
- canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
|
|
||||||
- if (ret) {
|
|
||||||
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
- ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
|
|
||||||
- ERROR("Reverse lookup failed\n");
|
|
||||||
- ret = EXIT_FAILURE;
|
|
||||||
- goto fini;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- /* append domain to hostname if domain is specified */
|
|
||||||
- if (pc_domain) {
|
|
||||||
- host = talloc_asprintf(mem_ctx, "%s@%s", canonhost, pc_domain);
|
|
||||||
- if (!host) {
|
|
||||||
- ERROR("Not enough memory\n");
|
|
||||||
- ret = EXIT_FAILURE;
|
|
||||||
- goto fini;
|
|
||||||
+ ret = getaddrinfo(pc_host, strport, &ai_hint, &ai);
|
|
||||||
+ if (ret) {
|
|
||||||
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
||||||
+ ("getaddrinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
|
|
||||||
+ } else {
|
|
||||||
+ host = ai[0].ai_canonname;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
- host = canonhost;
|
|
||||||
+ ret = getnameinfo(ai[0].ai_addr, ai[0].ai_addrlen,
|
|
||||||
+ canonhost, NI_MAXHOST, NULL, 0, NI_NAMEREQD);
|
|
||||||
+ if (ret) {
|
|
||||||
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
||||||
+ ("getnameinfo() failed (%d): %s\n", ret, gai_strerror(ret)));
|
|
||||||
+ } else {
|
|
||||||
+ host = canonhost;
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
- /* look up public keys */
|
|
||||||
- ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
|
|
||||||
- host, pc_host, &ent);
|
|
||||||
- if (ret != EOK) {
|
|
||||||
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
- ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
|
|
||||||
- ERROR("Error looking up public keys\n");
|
|
||||||
+ if (host) {
|
|
||||||
+ /* append domain to hostname if domain is specified */
|
|
||||||
+ if (pc_domain) {
|
|
||||||
+ host = talloc_asprintf(mem_ctx, "%s@%s", host, pc_domain);
|
|
||||||
+ if (!host) {
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Not enough memory\n"));
|
|
||||||
+ ret = EXIT_FAILURE;
|
|
||||||
+ goto fini;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ /* look up public keys */
|
|
||||||
+ ret = sss_ssh_get_ent(mem_ctx, SSS_SSH_GET_HOST_PUBKEYS,
|
|
||||||
+ host, pc_host, &ent);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ DEBUG(SSSDBG_OP_FAILURE,
|
|
||||||
+ ("sss_ssh_get_ent() failed (%d): %s\n", ret, strerror(ret)));
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
|
|
||||||
/* connect to server */
|
|
||||||
if (pc_args) {
|
|
||||||
ret = connect_proxy_command(discard_const(pc_args));
|
|
||||||
- } else {
|
|
||||||
+ } else if (ai) {
|
|
||||||
ret = connect_socket(ai[0].ai_family, ai[0].ai_addr, ai[0].ai_addrlen);
|
|
||||||
+ } else {
|
|
||||||
+ ret = EFAULT;
|
|
||||||
}
|
|
||||||
ret = (ret == EOK) ? EXIT_SUCCESS : EXIT_FAILURE;
|
|
||||||
|
|
||||||
--
|
|
||||||
1.7.10.2
|
|
||||||
|
|
@ -1,75 +0,0 @@
|
|||||||
From d3c702624e0e83b3f1b33ba31d3583dbfa5292c9 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
Date: Mon, 2 Apr 2012 00:17:15 +0200
|
|
||||||
Subject: [PATCH 2/2] Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
|
|
||||||
|
|
||||||
https://fedorahosted.org/sssd/ticket/1271
|
|
||||||
|
|
||||||
Conflicts:
|
|
||||||
src/lib/idmap/sss_idmap.doxy.in
|
|
||||||
---
|
|
||||||
src/doxy.config.in | 7 ++++---
|
|
||||||
src/providers/ipa/ipa_hbac.doxy.in | 7 ++++---
|
|
||||||
src/sss_client/sudo/sss_sudo.doxy.in | 7 ++++---
|
|
||||||
3 files changed, 12 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/doxy.config.in b/src/doxy.config.in
|
|
||||||
index dc41b1fd156613808efa00cf9fe95bef4247c781..1f9b5a324f68aa189b309d5b7293d769c8ca5acf 100644
|
|
||||||
--- a/src/doxy.config.in
|
|
||||||
+++ b/src/doxy.config.in
|
|
||||||
@@ -784,10 +784,11 @@ IGNORE_PREFIX =
|
|
||||||
|
|
||||||
GENERATE_HTML = YES
|
|
||||||
|
|
||||||
-# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
|
|
||||||
-# add generated date, project name and doxygen version to HTML footer.
|
|
||||||
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
|
|
||||||
+# HTML page will contain the date and time when the page was generated. Setting
|
|
||||||
+# this to NO can help when comparing the output of multiple runs.
|
|
||||||
|
|
||||||
-HTML_FOOTER_DESCRIPTION= NO
|
|
||||||
+HTML_TIMESTAMP = NO
|
|
||||||
|
|
||||||
# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
|
|
||||||
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
|
|
||||||
diff --git a/src/providers/ipa/ipa_hbac.doxy.in b/src/providers/ipa/ipa_hbac.doxy.in
|
|
||||||
index 3c9672f01c04c5f42cdfffee8603cf6fb181b25f..37528efc2a0d7849b09763a6a0a91c54451f2cf2 100644
|
|
||||||
--- a/src/providers/ipa/ipa_hbac.doxy.in
|
|
||||||
+++ b/src/providers/ipa/ipa_hbac.doxy.in
|
|
||||||
@@ -782,10 +782,11 @@ IGNORE_PREFIX =
|
|
||||||
|
|
||||||
GENERATE_HTML = YES
|
|
||||||
|
|
||||||
-# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
|
|
||||||
-# add generated date, project name and doxygen version to HTML footer.
|
|
||||||
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
|
|
||||||
+# HTML page will contain the date and time when the page was generated. Setting
|
|
||||||
+# this to NO can help when comparing the output of multiple runs.
|
|
||||||
|
|
||||||
-HTML_FOOTER_DESCRIPTION= NO
|
|
||||||
+HTML_TIMESTAMP = NO
|
|
||||||
|
|
||||||
# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
|
|
||||||
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
|
|
||||||
diff --git a/src/sss_client/sudo/sss_sudo.doxy.in b/src/sss_client/sudo/sss_sudo.doxy.in
|
|
||||||
index ee4a03885ca844a9e7c556a8fd8c4d705f7d3e57..4e777f427823b33d0ca286ae0a032c0dceb5f803 100644
|
|
||||||
--- a/src/sss_client/sudo/sss_sudo.doxy.in
|
|
||||||
+++ b/src/sss_client/sudo/sss_sudo.doxy.in
|
|
||||||
@@ -782,10 +782,11 @@ IGNORE_PREFIX =
|
|
||||||
|
|
||||||
GENERATE_HTML = YES
|
|
||||||
|
|
||||||
-# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
|
|
||||||
-# add generated date, project name and doxygen version to HTML footer.
|
|
||||||
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated
|
|
||||||
+# HTML page will contain the date and time when the page was generated. Setting
|
|
||||||
+# this to NO can help when comparing the output of multiple runs.
|
|
||||||
|
|
||||||
-HTML_FOOTER_DESCRIPTION= NO
|
|
||||||
+HTML_TIMESTAMP = NO
|
|
||||||
|
|
||||||
# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
|
|
||||||
# If a relative path is entered the value of OUTPUT_DIRECTORY will be
|
|
||||||
--
|
|
||||||
1.7.10.2
|
|
||||||
|
|
2
sources
2
sources
@ -1 +1 @@
|
|||||||
196cc355f74a1a431f9bd5dcd2c6cc41 sssd-1.8.4.tar.gz
|
385a5ecb6c9f69eadf93c863e1b7d6a4 sssd-1.8.5.tar.gz
|
||||||
|
10
sssd.spec
10
sssd.spec
@ -15,8 +15,8 @@
|
|||||||
%global ldb_version 1.1.6
|
%global ldb_version 1.1.6
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 1.8.4
|
Version: 1.8.5
|
||||||
Release: 14%{?dist}
|
Release: 1%{?dist}
|
||||||
Group: Applications/System
|
Group: Applications/System
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
@ -26,9 +26,6 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
|
|
||||||
Patch0001: 0001-Assorted-SSH-fixes.patch
|
|
||||||
Patch0002: 0002-Use-HTML_TIMESTAMP-instead-of-HTML_FOOTER_DESCRIPTIO.patch
|
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
Conflicts: selinux-policy < 3.10.0-46
|
Conflicts: selinux-policy < 3.10.0-46
|
||||||
@ -457,6 +454,9 @@ fi
|
|||||||
%postun -n libipa_hbac -p /sbin/ldconfig
|
%postun -n libipa_hbac -p /sbin/ldconfig
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Sun Oct 07 2012 Jakub Hrozek <jhrozek@redhat.com> - 1.8.5-1
|
||||||
|
- New upstream release 1.8.5
|
||||||
|
|
||||||
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.4-14
|
* Wed Jun 20 2012 Stephen Gallagher <sgallagh@redhat.com> - 1.8.4-14
|
||||||
- Switch unicode library from libunistring to Glib
|
- Switch unicode library from libunistring to Glib
|
||||||
- Drop unnecessary explicit Requires on keyutils
|
- Drop unnecessary explicit Requires on keyutils
|
||||||
|
Loading…
Reference in New Issue
Block a user