Commit Graph

405 Commits

Author SHA1 Message Date
Jakub Hrozek
66374adaa7 Only create the SELinux login file if there are SELinux mappings on the IPA server 2012-08-17 15:00:20 +02:00
Jakub Hrozek
a1657400dd Don't discard HBAC rule processing result if SELinux is on
Resolves: rhbz#846792 (CVE-2012-3462)
2012-08-10 22:38:17 +02:00
Jakub Hrozek
292c0dcaf2 New upstream release 1.9.0-13.beta6 2012-08-02 18:04:25 +02:00
Dennis Gilmore
61dbc61004 Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-27 03:35:23 -05:00
Jakub Hrozek
b75ed0d13d New upstream release 1.9.0 beta 5 2012-07-19 12:51:26 +02:00
Stephen Gallagher
9e16356e4a Add missing patch 2012-07-16 10:02:33 -04:00
Stephen Gallagher
7a12c895a2 Fix broken ARM build
- Add missing DP_OPTION_TERMINATOR in AD provider options
2012-07-16 09:50:52 -04:00
Jakub Hrozek
f681bd4766 Own several directories
https://bugzilla.redhat.com/show_bug.cgi?id=839782
2012-07-15 17:14:01 +02:00
Jakub Hrozek
32842a881b New upstream release 1.9.0 beta 4 2012-07-11 09:57:09 +02:00
Stephen Gallagher
058cfb833c New upstream release 1.9.0 beta 3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
- Terminate idle connections to the NSS and PAM responders
2012-06-25 13:15:35 -04:00
Stephen Gallagher
2cb25205a4 Switch unicode library from libunistring to Glib
- Drop unnecessary explicit Requires on keyutils
- Guarantee that versioned Requires include the correct architecture
2012-06-20 10:32:39 -04:00
Stephen Gallagher
f8c88041e5 Fix accidental disabling of the DIR cache support 2012-06-18 10:16:49 -04:00
Stephen Gallagher
666a39284d New upstream release 1.9.0 beta 2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
- Add support for the Kerberos DIR cache for storing multiple TGTs
  automatically
- Major performance enhancement when storing large groups in the cache
- Major performance enhancement when performing initgroups() against Active
  Directory
- SSSDConfig data file default locations can now be set during configure for
  easier packaging
2012-06-15 15:43:49 -04:00
Stephen Gallagher
26151dabf9 Fix regression in endianness patch 2012-05-30 15:10:43 -04:00
Stephen Gallagher
12d78e10a6 Rebuild SSSD against ding-libs 0.3.0beta1
- Fix endianness bug in service map protocol
2012-05-29 11:23:46 -04:00
Stephen Gallagher
359d341a35 Fix several regressions since 1.5.x
- Ensure that the RPM creates the /var/lib/sss/mc directory
- Add support for Netscape password warning expiration control
- Rebuild against libldb 1.1.6
2012-05-24 08:23:25 -04:00
Stephen Gallagher
7fa00add1e New upstream release 1.9.0 beta 1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active Directory
- Support for sub-domains (will be used for dealing with trust relationships)
- Add a new fast in-memory cache to speed up lookups of cached data on
  repeated requests
2012-05-11 16:02:54 -04:00
Stephen Gallagher
05471b8b76 New upstream release 1.8.3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
- Numerous manpage and translation updates
- LDAP: Handle situations where the RootDSE isn't available anonymously
- LDAP: Fix regression for users using non-standard LDAP attributes for user
  information
2012-05-03 15:46:32 -04:00
Stephen Gallagher
77acf296a2 New upstream release 1.8.2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
- Several fixes to case-insensitive domain functions
- Fix for GSSAPI binds when the keytab contains unrelated principals
- Fixed several segfaults
- Workarounds added for LDAP servers with unreadable RootDSE
- SSH knownhostproxy will no longer enter an infinite loop preventing login
- The provided SYSV init script now starts SSSD earlier at startup and stops
  it later during shutdown
- Assorted minor fixes for issues discovered by static analysis tools
2012-04-09 15:06:43 -04:00
Stephen Gallagher
d023298922 Don't duplicate libsss_autofs.so in two packages
- Set explicit package contents instead of globbing
2012-03-26 09:35:25 -04:00
Stephen Gallagher
af80d0ea8a Fix uninitialized value bug causing crashes throughout the code
- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
2012-03-21 07:36:22 -04:00
Stephen Gallagher
8c71823719 New upstream release 1.8.1
- Resolve issue where we could enter an infinite loop trying to connect to an
  auth server
- Fix serious issue with complex (3+ levels) nested groups
- Fix netgroup support for case-insensitivity and aliases
- Fix serious issue with lookup bundling resulting in requests never
  completing
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
  in addition to pam_authenticate
- Fix several regressions in the proxy provider
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
                          against AD
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
2012-03-12 19:25:42 -04:00
Stephen Gallagher
41359781c6 New upstream release 1.8.0
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
- Include the IPA AutoFS provider
- Fixed several memory-corruption bugs
- Fixed a regression in group enumeration since 1.7.0
- Fixed a regression in the proxy provider
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
                          logged at each login
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
                          against AD
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
                          new LDAP features
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
2012-02-28 15:23:22 -05:00
Stephen Gallagher
d474da7ce3 Change default kerberos credential cache location to /run/user/<username> 2012-02-22 09:11:05 -05:00
Stephen Gallagher
e16d49fc65 New upstream release 1.8.0 beta 3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
- Fixed a regression in group enumeration since 1.7.0
- Fixed several memory-corruption bugs
- Finalized the ABI for the autofs support
- Fixed a regression in the proxy provider
2012-02-15 16:11:31 -05:00
Stephen Gallagher
14c3c0777e Fix python Provides: filtering 2012-02-15 10:38:10 -05:00
Petr Písař
111a1d5cbe Rebuild against PCRE 8.30 2012-02-10 13:08:38 +01:00
Stephen Gallagher
01ac0e1a3e New upstream release
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
- Fix two minor manpage bugs
- Include the IPA AutoFS provider
2012-02-07 09:57:04 -05:00
Stephen Gallagher
881479933b New upstream release
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
2012-02-06 20:08:04 -05:00
Stephen Gallagher
e8905f5363 Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
new LDAP features - fix netgroups and sudo as well
2012-02-04 20:20:10 -05:00
Stephen Gallagher
b6ef581001 Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider. 2012-02-02 14:23:16 -05:00
Stephen Gallagher
2381e855ec Fix typo in date and version 2012-02-01 14:27:24 -05:00
Stephen Gallagher
ae664ccc43 Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
new LDAP features
2012-02-01 14:24:12 -05:00
Dennis Gilmore
6ec779e9e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 22:24:58 -06:00
Stephen Gallagher
a885ab8a9d New upstream release 1.7.0
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
Support for case-insensitive domains
Support for multiple search bases in the LDAP provider
Support for the native FreeIPA netgroup implementation
Reliability improvements to the process monitor
New DEBUG facility with more consistent log levels
New tool to change debug log levels without restarting SSSD
SSSD will now disconnect from LDAP server when idle
FreeIPA HBAC rules can choose to ignore srchost options for significant
performance gains
Assorted performance improvements in the LDAP provider
2011-12-22 15:20:15 -05:00
Stephen Gallagher
f73d44d40a New upstream release 1.6.4
Rolls up previous patches applied to the 1.6.3 tarball
Fixes a rare issue causing crashes in the failover logic
Fixes an issue where SSSD would return the wrong PAM error code for users
that it does not recognize.
2011-12-19 16:13:43 -05:00
Stephen Gallagher
5633dc7e99 Rebuild against libldb 1.1.4 2011-12-07 07:47:53 -05:00
Stephen Gallagher
ece3519410 Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
username in getpwnam()
Resolves: rhbz#758425 - LDAP failover not working if server refuses
connections
2011-11-29 14:20:31 -05:00
Jakub Hrozek
95fec2a877 Rebuild for libldb 1.1.3 2011-11-24 14:18:54 +01:00
Stephen Gallagher
50d0fe5c94 Resolves: rhbz#752495 - Crash when apply settings 2011-11-10 12:03:57 -05:00
Stephen Gallagher
dd4aa148dd Rebuild for new libldb 2011-11-09 09:02:44 -05:00
Stephen Gallagher
46a6ee6147 New upstream release 1.6.3
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
Fixes a major cache performance issue introduced in 1.6.2
Fixes a potential infinite-loop with certain LDAP layouts
2011-11-04 12:29:04 -04:00
Dennis Gilmore
9ef1f397c1 - Rebuilt for glibc bug#747377 2011-10-26 19:24:26 -05:00
Stephen Gallagher
9a79ed0faa Change selinux policy requirement to Conflicts: with the old version,
rather than Requires: the supported version.
2011-10-23 13:48:09 -07:00
Stephen Gallagher
14552a85ab Add explicit requirement on selinux-policy version to address new SBUS symlinks. 2011-10-21 08:03:20 -07:00
Stephen Gallagher
359707a48b Remove %%files reference to sss_debuglevel copied from wrong upstreeam spec file. 2011-10-19 07:32:09 -04:00
Stephen Gallagher
75138e2284 Improved handling of users and groups with multi-valued name attributes
(aliases)
Performance enhancements
Initgroups on RFC2307bis/FreeIPA
HBAC rule processing
Improved process-hang detection and restarting
Enabled the midpoint cache refresh by default (fewer cache misses on
commonly-used entries)
Cleaned up the example configuration
New tool to change debug level on the fly
2011-10-18 17:24:31 -04:00
Stephen Gallagher
a6910c0007 New upstream release 1.6.1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
Fixes a serious issue with LDAP connections when the communication is
dropped (e.g. VPN disconnection, waking from sleep)
SSSD is now less strict when dealing with users/groups with multiple names
when a definitive primary name cannot be determined
The LDAP provider will no longer attempt to canonicalize by default when
using SASL. An option to re-enable this has been provided.
Fixes for non-standard LDAP attribute names (e.g. those used by Active
Directory)
Three HBAC regressions have been fixed.
Fix for an infinite loop in the deref code
2011-08-29 15:45:02 -04:00
Stephen Gallagher
04d8c969b5 Build with _hardened_build macro 2011-08-03 09:31:33 -04:00
Stephen Gallagher
679b5f7a1b New upstream release 1.6.0
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
Add host access control support for LDAP (similar to pam_host_attr)
Finer-grained control on principals used with Kerberos (such as for FAST or
validation)
Added a new tool sss_cache to allow selective expiring of cached entries
Added support for LDAP DEREF and ASQ controls
Added access control features for Novell Directory Server
FreeIPA dynamic DNS update now checks first to see if an update is needed
Complete rewrite of the HBAC library
New libraries: libipa_hbac and libipa_hbac-python
2011-08-03 08:08:26 -04:00