Commit Graph

502 Commits

Author SHA1 Message Date
Lukas Slebodnik
6b01857bc5 Bump release 2016-03-22 09:07:32 +01:00
Lukas Slebodnik
e37379577b Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password
prompts (e.g. Password + Token)
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
                           by remote host" if locale not available
2016-03-22 09:06:29 +01:00
Lukas Slebodnik
e32d50862e Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA
groups during getgrnam and getgrgid
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
                           in call to 'print'
2016-02-25 13:58:00 +01:00
Lukas Slebodnik
00dde99057 Move libsss_autofs.so outside sssd-common
It will reduce dependency chain in container world.
libsss_autofs.so depends only on libc and requires
sssd unix sockets. And sssd-common has many requirements.
2016-02-19 09:27:27 +01:00
Lukas Slebodnik
584e0c3964 Remove unnecessary requirements
We do not need to requires specific version of libldb
or libtdb because it is automatically detected from
binary/library dependencies. We also need never version
of that libraries as it was specified in spec file.

e.g.
  sh$ rpm -q --requires sssd-common | grep -E "TDB|LDB"
  libldb.so.1(LDB_0.9.10)(64bit)
  libtdb.so.1(TDB_1.2.1)(64bit)

There is also redundant dependency on sssd-common-pac
sssd -> sssd-ipa -> sssd-common-pac
     -> sssd-ad -> sssd-common-pac
     -> sssd-common-pac

  sh$ rpm -q --whatrequires sssd-common-pac
  sssd-ipa-1.13.3-1.fc23.x86_64
  sssd-ad-1.13.3-1.fc23.x86_64
  sssd-1.13.3-1.fc23.x86_64
2016-02-17 16:30:01 +01:00
Fedora Release Engineering
0a5378a924 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 00:37:31 +00:00
Lukas Slebodnik
c38b881d88 Package uses only $RPM_BUILD_ROOT
Note: Using both %{buildroot} and $RPM_BUILD_ROOT
See: http://fedoraproject.org/wiki/Packaging/Guidelines#macros
2016-02-02 21:45:47 +01:00
Lukas Slebodnik
5719fdd6f8 Fix rpmlint issue for libsss_simpleifp
Patch removes unnecessary requires of dbus-libs
because it's already detected from library.
However we forgot to call ldconfig after (un)installation.

sh$ rpm -q -p --requires libsss_simpleifp-1.13.90-0.fc23.x86_64.rpm | grep dbus
    libdbus-1.so.3()(64bit)
    libdbus-1.so.3(LIBDBUS_1_3)(64bit)
    sssd-dbus = 1.13.90-0.fc23

sh$ rpm -q --whatprovides "libdbus-1.so.3()(64bit)"
    dbus-libs-1.10.6-1.fc23.x86_64
2016-02-02 18:07:45 +01:00
Lukas Slebodnik
fb84da9380 Remove unnecessary clean-up of buildroot
rhel5 required to clean buildroot in install section.
The %clean section is not required for F-13 and above, and EPEL 6 and
above. EPEL 5 MUST have a %clean section that cleans the buildroot:

https://fedoraproject.org/wiki/EPEL:Packaging#Prepping_BuildRoot_For_.25install
2016-02-02 18:06:09 +01:00
Lukas Slebodnik
d384e14059 Fix rpmlint warnings
fedpkg/sssd/sssd.spec:1232: W: macro-in-%changelog %preun
fedpkg/sssd/sssd.spec:1366: W: macro-in-%changelog %{_lib}
fedpkg/sssd/sssd.spec:1366: W: macro-in-comment %{_lib}
2016-02-02 11:59:36 +01:00
Lukas Slebodnik
6d11a34b89 Additional upstream fixes 2016-01-20 18:40:57 +01:00
Lukas Slebodnik
9bfc8ef4de Resolves: rhbz#1256849 - SUDO: Support the IPA schema 2016-01-19 18:23:34 +01:00
Michal Sekletar
94f4c4dd6d Use macros and don't call systemctl directly
- Resolves: rhbz#850328 - Introduce new systemd-rpm macros in sssd spec file
2016-01-19 15:26:15 +01:00
Lukas Slebodnik
9f85549912 Fix unowned directories
- https://fedoraproject.org/wiki/Packaging:UnownedDirectories
- Resolves: rhbz#1266940 - sssd-client.i686 on x86_64 has unowned directories
2016-01-19 15:15:32 +01:00
Lukas Slebodnik
f50233afd2 Move libsss_sudo.so outside sssd-common
The module ${libdir}/libsss_sudo.so is used only by /usr/bin/sudo.
If libsss_sudo.so was part of sssd-client then 32 bit version would
never be used on 64 bit machine and files in sssd-client can be used
by multilib applications e.g. libnss_sss.so can be indirectly "dlopened"
by 64 bit applications and 32 bit application.
(32-bit web browser; ordinary 64bit applications ...)
2016-01-19 15:06:17 +01:00
Lukas Slebodnik
aa27da2e1f Change package ownership of %{pubconfpath}/krb5.include.d
krb5 domain mapping files are stored to the directory
%{pubconfpath}/krb5.include.d. It can be stored by ipa or ad provider.
However this directory was owned by sub-package sssd-ipa. And ad provider
can be installed without this package. Therefore %{pubconfpath}/krb5.include.d
should be owned by common dependency.

The owner of this directory was also fixed to sssd.
It's already done by make install. It was changed only in spec file.
2016-01-19 15:02:47 +01:00
Lukas Slebodnik
a89ed4b83f Additional patch for upstream #2829 2015-12-16 08:51:17 +01:00
Lukas Slebodnik
5df019d5aa New upstream release 1.13.3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
2015-12-16 08:47:07 +01:00
Lukas Slebodnik
31ed44fa55 Backport patches from sssd master #2829
Use after free in failover
2015-11-20 09:47:17 +01:00
Lukas Slebodnik
bdedaaad52 New upstream release 1.13.2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
2015-11-20 09:47:17 +01:00
Robert Kuska
2b3b752656 Rebuilt for Python3.5 rebuild 2015-11-06 15:40:37 +01:00
Lukas Slebodnik
9f8eeed0c9 Fix building pac responder with the krb5-1.14 2015-10-27 09:41:14 +01:00
Lukas Slebodnik
c08e64289b python-sssdconfig: Fix parssing sssd.conf without config_file_version
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
2015-10-19 15:04:51 +02:00
Lukas Slebodnik
4bdb4e48cd Revert "Temporary disable tests due to broken krb5"
This reverts commit 1bedb06db6.

Rawhide contain krb5-1.13.2-12.fc24 which fixed bug with missing
/usr/share/krb5.conf.d. So, unit test should pass.
2015-10-07 13:42:42 +02:00
Lukas Slebodnik
69b9d3f518 Fix few segfaults
- Resolves: upstream #2811 - PAM responder crashed if user was not set
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
2015-10-07 13:42:03 +02:00
Lukas Slebodnik
1bedb06db6 Temporary disable tests due to broken krb5
Should be fixed with krb5 >= 1.14-2.fc24
2015-10-01 08:16:23 +02:00
Lukas Slebodnik
00d900ad6f Remove unnecessary requirement
libini-config-1.1 already provides version definition
which substitute this requirement.

sh$ objdump -p /usr/lib64/libini_config.so | grep -A4 definition
Version definitions:
1 0x01 0x05f25695 libini_config.so.5
2 0x00 0x00acdc20 INI_CONFIG_1.1.0
3 0x00 0x00acdd20 INI_CONFIG_1.2.0
        INI_CONFIG_1.1.0
2015-10-01 08:16:23 +02:00
Lukas Slebodnik
05c3b14125 New upstream release 1.13.1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
2015-10-01 08:16:16 +02:00
Lukas Slebodnik
996f9ec8f7 Fix OTP bug
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
                             entered separately
2015-09-10 14:26:47 +02:00
Lukas Slebodnik
cc6c9ff159 Backport upstream patches required by FreeIPA 4.2.1 2015-09-07 18:37:40 +02:00
Lukas Slebodnik
cc1ba0d674 Fix ipa-migration bug
- Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled
                             migration mode
2015-07-21 09:11:06 +02:00
Lukas Slebodnik
b46d3ce3db New upstream release 1.13.0
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0
2015-07-08 19:15:17 +02:00
Lukas Slebodnik
aa1a6b1ea9 Unify return type of list_active_domains for python{2,3} 2015-06-30 16:54:06 +02:00
Lukas Slebodnik
3fa3e7c22a New upstream release 1.13 alpha
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha
2015-06-22 13:52:08 +02:00
Dennis Gilmore
b4d3da407f - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-19 01:41:15 +00:00
Lukas Slebodnik
89ed4ffc3c Fix libwbclient alternatives 2015-06-12 20:50:06 +02:00
Lukas Slebodnik
aac3cde5be New upstream release 1.12.5
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5
    - backport important patches from upstream 1.13 prerelease
2015-06-12 14:49:22 +02:00
Lukas Slebodnik
70e9980ac6 Backport important patches from upstream 1.13 prerelease
- Resolves: rhbz#1060325 - Does sssd-ad use the most suitable
                           attribute for group name
- Resolves: upstream #2335 - Investigate using the krb5 responder
                             for driving the PAM conversation with OTPs
- Enable cmocka tests for secondary architectures
2015-05-08 14:53:58 +02:00
Lukas Slebodnik
a0e4fecc9c Fix cyclic dependencies between sssd-{krb5,}-common
The upstream ticket #2507 is prerequisite for BZ1212503
Patch also enables cmocka tests with secondary architectures.
2015-05-08 14:32:52 +02:00
Lukas Slebodnik
40a97f0f88 Backport patches from upstream 1.12.5 prerelease - contains many fixes 2015-05-08 14:13:58 +02:00
Lukas Slebodnik
6cfd9704c1 Bump version for patches related to #2624 2015-04-15 14:19:39 +02:00
Lukas Slebodnik
c4cf951d60 Fix slow login with ipa and SELinux
- Resolves: upstream #2624 - Only set the selinux context if the context
                             differs from the local one
2015-04-15 14:17:32 +02:00
Lukas Slebodnik
9a0389188d Small spec file clean-up
* remove workaround for old rpmbuild (rhel5)
* remove conversion sysv scripts to systemd
* small code style update in bash scripts
2015-04-09 18:06:13 +02:00
Lukas Slebodnik
36805df397 Fix regressions with ipa and SELinux
- Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security
                             context on client is staff_u
2015-03-23 17:17:30 +01:00
Jakub Hrozek
9f97bec3b0 Also relax libldb Requires and remove --enable-ldb-version-check 2015-03-06 11:45:13 +01:00
Jakub Hrozek
9c5af4ac2d Relax libldb BuildRequires
Originally, we tried to stay on the safe side with libldb since it never
really commited to stable ABI or API, but since there were never any
issues in many years, it's safe to relax the requirement.

This change will benefit especially the storage developers who often
need a different (typically newer) libldb version and would like to
avoid to rebuild sssd for no reason.
2015-03-06 10:50:45 +01:00
Lukas Slebodnik
ed82d05320 Add support for python3 bindings
- Add requirement to python3 or python3 bindings
- Resolves: rhbz#1014594 - sssd: Support Python 3
2015-02-25 14:21:45 +01:00
Lukas Slebodnik
16372c2465 Replace python_* rpm macros with python2_* 2015-02-25 13:34:08 +01:00
Lukas Slebodnik
a8d019e332 Old python file names are just symbolic links
* add real files to packages as well.
2015-02-25 13:29:49 +01:00
Lukas Slebodnik
e37fc598a5 Move python bindings to separate packages
Some python bindings pysss and pysss_murmur was in package sssd-common.
Therefore package sssd-common had python as a dependency.
2015-02-25 10:35:28 +01:00
Lukas Slebodnik
7601087c69 Backport upstream patches for building python{2,3} bindings 2015-02-25 10:15:06 +01:00
Lukas Slebodnik
5e6bda777e New upstream release 1.12.4
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4
2015-02-18 21:24:59 +01:00
Lukas Slebodnik
59bb05ded2 Reverting change of rhbz ticket in changelog
This change was part of initial patch from BZ1184623.
2015-02-14 16:36:31 +01:00
Lukas Slebodnik
3412a6a279 Backport patches with Python3 support from upstream 2015-02-14 16:20:30 +01:00
Lukas Slebodnik
781433f093 Fix bogus date 2015-02-12 22:01:16 +01:00
Lukas Slebodnik
7d37b73369 Fix double free in monitor
- Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort():
                        sssd killed by SIGABRT
2015-02-12 21:58:28 +01:00
Jakub Hrozek
42e3400582 Rebuild for new libldb 2015-01-28 10:43:17 +01:00
Lukas Slebodnik
8fcc4c26b2 Decrease priority of sssd-libwbclient
- It should be lower than priority of samba veriosn of libwbclient.
- https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18
2015-01-22 11:11:33 +01:00
Lukas Slebodnik
35a0ddc9bc Apply a number of patches from upstream to fix issues found 1.12.3
- Resolves: rhbz#1176373 - dyndns_iface does not accept multiple
                           interfaces, or isn't documented to be able to
- Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is
                          not running
- Resolves: upstream #2557  authentication failure with user from AD
2015-01-19 13:39:53 +01:00
Lukas Slebodnik
1823f50b32 Reorder entries in spec file to match upstream version 2015-01-19 10:18:01 +01:00
Lukas Slebodnik
5e0303787e Minor spec file updates
- Fix build requires for libini_config-devel (we need 1.1 for gpo)
- Remove rhel5 relics
- execute lddconfig in post/postun for libsss_nss_idmap
2015-01-19 09:57:27 +01:00
Lukas Slebodnik
572b806e90 Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus
Resolves: rhbz#1179379 - gzip: stdin: file size changed while
                         zipping when rotating logfile
2015-01-09 15:12:09 +01:00
Lukas Slebodnik
d747a9c497 New upstream release 1.12.3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3
- Fix spelling errors in description (fedpkg lint)
2015-01-08 21:04:11 +01:00
Lukas Slebodnik
5bb93bf105 Rebuild for libldb 1.1.19 2015-01-06 11:49:40 +01:00
Sumit Bose
a7fd9ee43a Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes
crash in wbinfo
                           - in addition to the patch libwbclient.so is
                             filtered out of the Provides list of the package
2014-12-19 22:31:43 +01:00
Lukas Slebodnik
ebb3a9f2b4 Fix regressions and bugs in sssd upstream 1.12.2
- https://fedorahosted.org/sssd/ticket/{id}
- Regressions: #2471, #2475, #2483, #2487, #2529, #2535
- Bugs: #2287, #2445
2014-12-17 22:45:11 +01:00
Jakub Hrozek
9638a21d11 Rebuild for libldb 1.1.18 2014-12-07 20:45:08 +01:00
Jakub Hrozek
ab6f3739e8 Fix typo in libwbclient-devel %preun 2014-11-26 11:17:29 +01:00
Jakub Hrozek
1dcb9c312d Use alternatives for libwbclient 2014-11-25 14:53:03 +01:00
Jakub Hrozek
3161db3512 Backport several patches from upstream.
- Fix a potential crash against old (pre-4.0) IPA servers
2014-10-22 13:09:58 +02:00
Jakub Hrozek
1caa247c9e New upstream release 1.12.2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2
2014-10-20 17:29:11 +02:00
Jakub Hrozek
f5fb14a9ce Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server 2014-09-15 10:27:34 +02:00
Jakub Hrozek
19acdd3ef7 New upstream release 1.12.1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1
2014-09-08 22:06:09 +02:00
Jakub Hrozek
34e089bd00 Do not crash on resolving a group SID in IPA server mode 2014-08-22 15:33:51 +02:00
Peter Robinson
a6a5820ca0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-18 03:41:37 +00:00
Stephen Gallagher
f73310eae6 Fix release version for upgrades 2014-07-10 12:41:28 -04:00
Jakub Hrozek
95cd407957 New upstream release 1.12.0 2014-07-09 21:04:06 +02:00
Dennis Gilmore
2b26bf5bcb - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-08 02:10:13 -05:00
Jakub Hrozek
1113dec8d0 New upstream release 1.12 beta1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2
2014-06-04 21:46:10 +02:00
Jakub Hrozek
6307570cd8 Fix tests on big-endian 2014-06-02 11:08:39 +02:00
Jakub Hrozek
c9a7a9b259 New upstream release 1.12 beta1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1
2014-05-30 22:16:22 +02:00
Jakub Hrozek
03322d356d Rebuild against new ding-libs 2014-05-29 09:30:16 +02:00
Stephen Gallagher
793c29a821 Make LDB dependency a strict equivalency 2014-05-08 16:26:19 -04:00
Stephen Gallagher
f1284494dc Rebuild against new libldb 2014-05-08 16:14:33 -04:00
Jakub Hrozek
4c0bb78ec9 New upstream release 1.11.5.1 2014-04-11 19:34:52 +02:00
Stephen Gallagher
72f83f8ad8 Fix bug in generation of systemd unit file
There was a bug in the generation of the tarball that results in
a unit file with a path to /usr/local/sbin, which is incorrect.
2014-04-10 13:21:12 -04:00
Jakub Hrozek
5b600e343d New upstream release 1.11.5
- Remove upstreamed patches
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
2014-04-08 13:39:37 +02:00
Sumit Bose
cfb3146269 Handle new error code for IPA password migration 2014-03-13 20:14:42 +01:00
Jakub Hrozek
1fd6df7177 Include couple of patches from upstream 1.11 branch 2014-03-11 13:35:03 +01:00
Jakub Hrozek
4d4fe7434d New upstream release 1.11.4
- Remove upstreamed patch
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
2014-02-17 20:53:20 +01:00
Jakub Hrozek
4b219e485d Fix the double separator error in sssd.spec (Thanks, baude) 2014-02-12 23:15:07 +01:00
Jakub Hrozek
42c4dcb65e Fix changelog entry to be in descending order (wow, it's 2014 already) 2014-02-11 15:49:49 +01:00
Jakub Hrozek
9c2fb314df Handle OTP response from FreeIPA server gracefully 2014-02-11 15:46:54 +01:00
Jakub Hrozek
d323e2f10a New upstream release 1.11.3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
2013-12-19 20:01:09 +01:00
Jakub Hrozek
4dcc16e6e6 New upstream release 1.11.2
- Remove upstreamed patches
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
2013-10-31 00:33:55 +01:00
Jakub Hrozek
0b3b35863c Remove the explicit ccache dir setting 2013-10-29 18:20:16 +01:00
Jakub Hrozek
797caead4f Fix potential crash with external groups in trusted IPA-AD setup 2013-10-16 14:01:28 +02:00
Sumit Bose
df4dbc81ab Add plugin for cifs-utils
- Resolves: rhbz#998544
2013-10-15 12:35:12 +02:00
Jakub Hrozek
f99cfe2513 Fix failover from Global Catalog to LDAP in case GC is not available 2013-10-08 15:26:18 +02:00
Jakub Hrozek
72c2cb49be Remove the ability to create public ccachedir (#1015089) 2013-10-04 09:51:35 +02:00
Jakub Hrozek
36fd89e84a Backport the sssd-common-pac subpackage from upstream 2013-09-27 22:42:45 +02:00
Jakub Hrozek
b524a0328d New upstream release 1.11.1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
2013-09-27 22:28:08 +02:00
Jakub Hrozek
3ec8adb72a Fix multicast checks in the SSSD
- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
                           code getting the host info
2013-09-26 01:33:52 +02:00
Jakub Hrozek
8d72fcd900 Backport simplification of ccache management from 1.11.1
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
2013-09-23 14:45:29 +02:00
Jakub Hrozek
c5481c88cf Relax the libldb requirement 2013-09-02 12:13:25 +02:00
Jakub Hrozek
5a4b44398b New upstream release 1.11.0 2013-08-29 00:37:47 +02:00
Jakub Hrozek
413e09fdbc Fix #967012 and #996214 2013-08-23 15:41:45 +02:00
Jakub Hrozek
a35bab9380 Remove stray leading slash from file path
Related: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries
2013-08-09 10:28:06 +02:00
Dennis Gilmore
fd29083550 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-04 10:45:00 -05:00
Jakub Hrozek
6fdf7eb42e Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries 2013-07-31 13:00:22 +02:00
Jakub Hrozek
b2e72bcb34 New upstream release 1.11 beta 2 2013-07-24 16:36:08 +02:00
Jakub Hrozek
8190be00e7 New upstream release 1.10.1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
2013-07-18 17:29:52 +02:00
Jakub Hrozek
1c82bbb70c sssd-tools should require sssd-common, not sssd
This bug was already fixed upstream.
2013-07-08 12:16:10 +02:00
Stephen Gallagher
d7b4fa2655 Move sssd_pac to the sssd-ipa and sssd-ad subpackages
- Trim out RHEL5-specific macros since we don't build on RHEL 5
- Trim out macros for Fedora older than F18
- Update libldb requirement to 1.1.16
- Trim RPM changelog down to the last year
2013-07-02 12:31:25 -04:00
Stephen Gallagher
94bf18fb85 Move sssd_pac to the sssd-krb5 subpackage 2013-07-02 09:23:43 -04:00
Stephen Gallagher
604fe3f870 Fix Obsoletes: to account for dist tag
- Convert post and pre scripts to run on the sssd-common subpackage
- Remove old conversion from SYSV
2013-07-01 18:57:07 -04:00
Jakub Hrozek
e7f2b6f482 New upstream release 1.10
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
2013-06-27 23:36:41 +02:00
Dan Horák
bc0fb19593 - the cmocka toolkit exists only on selected arches 2013-06-17 15:43:14 +02:00
Jakub Hrozek
ba06c0ac1d Apply a number of patches from upstream to fix issues found post-beta
In particular:
-- segfault with a high DEBUG level
-- Fix IPA password migration (upstream #1873)
-- Fix fail over when retrying SRV resolution (upstream #1886)
2013-06-16 13:12:37 +02:00
Jakub Hrozek
31184a1e66 Only BuildRequire libcmocka on Fedora 2013-06-13 12:33:22 +02:00
Jakub Hrozek
63b3e9558a Fix typo in Requires that prevented an upgrade (#973916)
- Use a hardcoded version in Conflicts, not less-than-current
2013-06-13 11:14:50 +02:00
Jakub Hrozek
20cbf86dca Fix date in changelog 2013-06-12 13:03:15 +02:00
Jakub Hrozek
6739bfa630 Enable hardened build for RHEL7 2013-06-12 13:01:57 +02:00
Jakub Hrozek
b9ffc0a290 New upstream release 1.10 beta2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
- BuildRequire libcmocka-devel in order to run all upstream tests during build
- BuildRequire libnl3 instead of libnl1
- No longer BuildRequire initscripts, we no longer use /sbin/service
- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry
  any older krb5-libs version
2013-06-12 12:22:15 +02:00
Jakub Hrozek
af82f760d4 Always initialize ID mapping objects
Apply a couple of patches from upstream git that resolve crashes when
ID mapping object was not initialized properly but needed later
2013-05-24 10:44:53 +02:00
Jakub Hrozek
2f295ac01f Backport fixes for rhbz#961278, rhbz#961278 and rhbz#961251
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
                          realm join
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
                          default for AD Provider
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
                          parent directory when logging in
2013-05-14 16:51:09 +02:00
Jakub Hrozek
3cfed3426f Bump release number 2013-05-07 15:22:24 +02:00
Jakub Hrozek
a0794d8e0f BuildRequire recent libini_config to ensure consistent behaviour 2013-05-07 15:11:22 +02:00
Jakub Hrozek
14fef6c6d9 Update SSSD for the F19 test day
- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs
- Fix SSH integration with fully-qualified domains
- Add the ability to dynamically discover the NetBIOS name
2013-05-07 15:02:05 +02:00
Jakub Hrozek
6d4f357f0c New upstream release 1.10 beta1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
2013-05-03 22:24:02 +02:00
Jakub Hrozek
90d9c5609a Add a patch to fix krb5 ccache creation issue with krb5 1.11 2013-04-17 13:35:52 +02:00
Jakub Hrozek
809727fd06 New upstream release 1.10 alpha1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
2013-04-02 20:08:54 +02:00
Jakub Hrozek
7ad84675dd Add a patch to fix krb5 unit tests 2013-03-29 13:59:48 +01:00
Stephen Gallagher
c0672862e6 Split internal helper libraries into a shared object
- Significantly reduce disk-space usage
2013-03-01 08:23:37 -05:00
Jakub Hrozek
21a05ac540 Fix the Kerberos password expiration warning (#912223) 2013-02-21 11:53:21 +01:00
Jakub Hrozek
c7ed4e1efe Do not write out dots in the domain-realm mapping file (#905650) 2013-02-14 19:47:00 +01:00
Jakub Hrozek
15e195c705 Include upstream patch to build with krb5-1.11 2013-02-11 16:04:12 +01:00
Jakub Hrozek
930a3f3778 Rebuild against new libldb 2013-02-07 11:49:02 +01:00
Jakub Hrozek
9507d125c2 Fix build with new automake versions 2013-02-04 16:38:36 +01:00
Jakub Hrozek
2da8f67cdb Recreate Kerberos ccache directory if it's missing
Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache
                        directory /run/user/UID/ccdir does not exist
2013-01-30 14:45:14 +01:00
Jakub Hrozek
e4c185bf07 Fix changelog dates to make F19 rpmbuild happy 2013-01-29 11:00:35 +01:00
Jakub Hrozek
ad9c6955a3 New upstream release 1.9.4 2013-01-28 23:42:27 +01:00
Jakub Hrozek
36b8b7a8cb New upstream release 1.9.3 2012-12-06 19:51:06 +01:00
Jakub Hrozek
a2ee98d91a rhbz#867874: sssd does not resolve group names from AD 2012-10-30 19:39:45 +01:00
Jakub Hrozek
fdd9aa55f7 rhbz:#871176 Check the validity of namingContext 2012-10-30 10:59:25 +01:00
Jakub Hrozek
81d04d0257 Move the sss_cache tool to the main package 2012-10-18 20:00:12 +02:00
Jakub Hrozek
86429099a5 Include the 1.9.2 sources for real 2012-10-14 21:45:46 +02:00
Jakub Hrozek
89ce7cbfb4 New upstream version 1.9.2 2012-10-14 21:43:04 +02:00
Jakub Hrozek
a48646c55d New upstream release 1.9.1 2012-10-07 16:17:58 +02:00
Jakub Hrozek
fbc5fa9bce Require latest libldb 2012-10-03 11:00:52 +02:00
Jakub Hrozek
3a1ca05a36 BuildRequire diffstat 2012-09-25 14:55:48 +02:00
Jakub Hrozek
1756cca820 Use mcpath insted of mcachepath macro to be consistent with upstream spec file 2012-09-25 14:13:46 +02:00
Jakub Hrozek
827279f87c New upstream release 1.9.0 2012-09-25 13:20:37 +02:00
Jakub Hrozek
6cde68d41f New upstream release 1.9.0 RC1 2012-09-14 14:36:08 +02:00
Jakub Hrozek
586ea1b402 Obsolete patches that are part of the beta7 upstream 2012-09-06 22:04:39 +02:00
Jakub Hrozek
64a7ceb4e2 New upstream release 1.9.0 beta 7 2012-09-06 21:44:03 +02:00
Jakub Hrozek
26c9bc8ead Rebuild against libldb 1.12 2012-09-03 13:10:15 +02:00
Jakub Hrozek
b19546a95d Rebuild against libldb 1.11 2012-08-28 12:46:57 +02:00
Jakub Hrozek
5be1b0deaf rhbz#851304: Change the default ccache location to DIR:/run/user/1001/krb5cc 2012-08-24 17:11:43 +02:00
Jakub Hrozek
a35b2922c3 Rebuild against libldb 1.10 2012-08-20 18:45:15 +02:00
Jakub Hrozek
66374adaa7 Only create the SELinux login file if there are SELinux mappings on the IPA server 2012-08-17 15:00:20 +02:00
Jakub Hrozek
a1657400dd Don't discard HBAC rule processing result if SELinux is on
Resolves: rhbz#846792 (CVE-2012-3462)
2012-08-10 22:38:17 +02:00
Jakub Hrozek
292c0dcaf2 New upstream release 1.9.0-13.beta6 2012-08-02 18:04:25 +02:00
Dennis Gilmore
61dbc61004 Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-27 03:35:23 -05:00
Jakub Hrozek
b75ed0d13d New upstream release 1.9.0 beta 5 2012-07-19 12:51:26 +02:00
Stephen Gallagher
7a12c895a2 Fix broken ARM build
- Add missing DP_OPTION_TERMINATOR in AD provider options
2012-07-16 09:50:52 -04:00
Jakub Hrozek
f681bd4766 Own several directories
https://bugzilla.redhat.com/show_bug.cgi?id=839782
2012-07-15 17:14:01 +02:00
Jakub Hrozek
32842a881b New upstream release 1.9.0 beta 4 2012-07-11 09:57:09 +02:00
Stephen Gallagher
058cfb833c New upstream release 1.9.0 beta 3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3
- Add a new PAC responder for dealing with cross-realm Kerberos trusts
- Terminate idle connections to the NSS and PAM responders
2012-06-25 13:15:35 -04:00
Stephen Gallagher
2cb25205a4 Switch unicode library from libunistring to Glib
- Drop unnecessary explicit Requires on keyutils
- Guarantee that versioned Requires include the correct architecture
2012-06-20 10:32:39 -04:00
Stephen Gallagher
f8c88041e5 Fix accidental disabling of the DIR cache support 2012-06-18 10:16:49 -04:00
Stephen Gallagher
666a39284d New upstream release 1.9.0 beta 2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2
- Add support for the Kerberos DIR cache for storing multiple TGTs
  automatically
- Major performance enhancement when storing large groups in the cache
- Major performance enhancement when performing initgroups() against Active
  Directory
- SSSDConfig data file default locations can now be set during configure for
  easier packaging
2012-06-15 15:43:49 -04:00
Stephen Gallagher
26151dabf9 Fix regression in endianness patch 2012-05-30 15:10:43 -04:00
Stephen Gallagher
12d78e10a6 Rebuild SSSD against ding-libs 0.3.0beta1
- Fix endianness bug in service map protocol
2012-05-29 11:23:46 -04:00
Stephen Gallagher
359d341a35 Fix several regressions since 1.5.x
- Ensure that the RPM creates the /var/lib/sss/mc directory
- Add support for Netscape password warning expiration control
- Rebuild against libldb 1.1.6
2012-05-24 08:23:25 -04:00
Stephen Gallagher
7fa00add1e New upstream release 1.9.0 beta 1
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active Directory
- Support for sub-domains (will be used for dealing with trust relationships)
- Add a new fast in-memory cache to speed up lookups of cached data on
  repeated requests
2012-05-11 16:02:54 -04:00
Stephen Gallagher
05471b8b76 New upstream release 1.8.3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3
- Numerous manpage and translation updates
- LDAP: Handle situations where the RootDSE isn't available anonymously
- LDAP: Fix regression for users using non-standard LDAP attributes for user
  information
2012-05-03 15:46:32 -04:00
Stephen Gallagher
77acf296a2 New upstream release 1.8.2
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2
- Several fixes to case-insensitive domain functions
- Fix for GSSAPI binds when the keytab contains unrelated principals
- Fixed several segfaults
- Workarounds added for LDAP servers with unreadable RootDSE
- SSH knownhostproxy will no longer enter an infinite loop preventing login
- The provided SYSV init script now starts SSSD earlier at startup and stops
  it later during shutdown
- Assorted minor fixes for issues discovered by static analysis tools
2012-04-09 15:06:43 -04:00
Stephen Gallagher
d023298922 Don't duplicate libsss_autofs.so in two packages
- Set explicit package contents instead of globbing
2012-03-26 09:35:25 -04:00
Stephen Gallagher
af80d0ea8a Fix uninitialized value bug causing crashes throughout the code
- Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup
2012-03-21 07:36:22 -04:00
Stephen Gallagher
8c71823719 New upstream release 1.8.1
- Resolve issue where we could enter an infinite loop trying to connect to an
  auth server
- Fix serious issue with complex (3+ levels) nested groups
- Fix netgroup support for case-insensitivity and aliases
- Fix serious issue with lookup bundling resulting in requests never
  completing
- IPA provider will now check the value of nsAccountLock during pam_acct_mgmt
  in addition to pam_authenticate
- Fix several regressions in the proxy provider
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
                          against AD
- Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work
2012-03-12 19:25:42 -04:00
Stephen Gallagher
41359781c6 New upstream release 1.8.0
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
- Include the IPA AutoFS provider
- Fixed several memory-corruption bugs
- Fixed a regression in group enumeration since 1.7.0
- Fixed a regression in the proxy provider
- Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD
- Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is
                          logged at each login
- Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process
                          /usr/sbin/sssd was killed by signal 11 (SIGSEGV)
- Resolves: rhbz#743133 - Performance regression with Kerberos authentication
                          against AD
- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
                          new LDAP features
- Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc
2012-02-28 15:23:22 -05:00
Stephen Gallagher
d474da7ce3 Change default kerberos credential cache location to /run/user/<username> 2012-02-22 09:11:05 -05:00
Stephen Gallagher
e16d49fc65 New upstream release 1.8.0 beta 3
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3
- Fixed a regression in group enumeration since 1.7.0
- Fixed several memory-corruption bugs
- Finalized the ABI for the autofs support
- Fixed a regression in the proxy provider
2012-02-15 16:11:31 -05:00
Stephen Gallagher
14c3c0777e Fix python Provides: filtering 2012-02-15 10:38:10 -05:00
Petr Písař
111a1d5cbe Rebuild against PCRE 8.30 2012-02-10 13:08:38 +01:00
Stephen Gallagher
01ac0e1a3e New upstream release
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2
- Fix two minor manpage bugs
- Include the IPA AutoFS provider
2012-02-07 09:57:04 -05:00
Stephen Gallagher
881479933b New upstream release
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1
- Support for the service map in NSS
- Support for setting default SELinux user context from FreeIPA
- Support for retrieving SSH user and host keys from LDAP (Experimental)
- Support for caching autofs LDAP requests (Experimental)
- Support for caching SUDO rules (Experimental)
2012-02-06 20:08:04 -05:00
Stephen Gallagher
e8905f5363 Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
new LDAP features - fix netgroups and sudo as well
2012-02-04 20:20:10 -05:00
Stephen Gallagher
b6ef581001 Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider. 2012-02-02 14:23:16 -05:00
Stephen Gallagher
2381e855ec Fix typo in date and version 2012-02-01 14:27:24 -05:00
Stephen Gallagher
ae664ccc43 Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for
new LDAP features
2012-02-01 14:24:12 -05:00
Dennis Gilmore
6ec779e9e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 22:24:58 -06:00
Stephen Gallagher
a885ab8a9d New upstream release 1.7.0
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0
Support for case-insensitive domains
Support for multiple search bases in the LDAP provider
Support for the native FreeIPA netgroup implementation
Reliability improvements to the process monitor
New DEBUG facility with more consistent log levels
New tool to change debug log levels without restarting SSSD
SSSD will now disconnect from LDAP server when idle
FreeIPA HBAC rules can choose to ignore srchost options for significant
performance gains
Assorted performance improvements in the LDAP provider
2011-12-22 15:20:15 -05:00
Stephen Gallagher
f73d44d40a New upstream release 1.6.4
Rolls up previous patches applied to the 1.6.3 tarball
Fixes a rare issue causing crashes in the failover logic
Fixes an issue where SSSD would return the wrong PAM error code for users
that it does not recognize.
2011-12-19 16:13:43 -05:00
Stephen Gallagher
5633dc7e99 Rebuild against libldb 1.1.4 2011-12-07 07:47:53 -05:00
Stephen Gallagher
ece3519410 Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the
username in getpwnam()
Resolves: rhbz#758425 - LDAP failover not working if server refuses
connections
2011-11-29 14:20:31 -05:00
Jakub Hrozek
95fec2a877 Rebuild for libldb 1.1.3 2011-11-24 14:18:54 +01:00
Stephen Gallagher
50d0fe5c94 Resolves: rhbz#752495 - Crash when apply settings 2011-11-10 12:03:57 -05:00
Stephen Gallagher
dd4aa148dd Rebuild for new libldb 2011-11-09 09:02:44 -05:00
Stephen Gallagher
46a6ee6147 New upstream release 1.6.3
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3
Fixes a major cache performance issue introduced in 1.6.2
Fixes a potential infinite-loop with certain LDAP layouts
2011-11-04 12:29:04 -04:00
Dennis Gilmore
9ef1f397c1 - Rebuilt for glibc bug#747377 2011-10-26 19:24:26 -05:00
Stephen Gallagher
9a79ed0faa Change selinux policy requirement to Conflicts: with the old version,
rather than Requires: the supported version.
2011-10-23 13:48:09 -07:00
Stephen Gallagher
14552a85ab Add explicit requirement on selinux-policy version to address new SBUS symlinks. 2011-10-21 08:03:20 -07:00
Stephen Gallagher
359707a48b Remove %%files reference to sss_debuglevel copied from wrong upstreeam spec file. 2011-10-19 07:32:09 -04:00
Stephen Gallagher
75138e2284 Improved handling of users and groups with multi-valued name attributes
(aliases)
Performance enhancements
Initgroups on RFC2307bis/FreeIPA
HBAC rule processing
Improved process-hang detection and restarting
Enabled the midpoint cache refresh by default (fewer cache misses on
commonly-used entries)
Cleaned up the example configuration
New tool to change debug level on the fly
2011-10-18 17:24:31 -04:00
Stephen Gallagher
a6910c0007 New upstream release 1.6.1
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1
Fixes a serious issue with LDAP connections when the communication is
dropped (e.g. VPN disconnection, waking from sleep)
SSSD is now less strict when dealing with users/groups with multiple names
when a definitive primary name cannot be determined
The LDAP provider will no longer attempt to canonicalize by default when
using SASL. An option to re-enable this has been provided.
Fixes for non-standard LDAP attribute names (e.g. those used by Active
Directory)
Three HBAC regressions have been fixed.
Fix for an infinite loop in the deref code
2011-08-29 15:45:02 -04:00
Stephen Gallagher
04d8c969b5 Build with _hardened_build macro 2011-08-03 09:31:33 -04:00
Stephen Gallagher
679b5f7a1b New upstream release 1.6.0
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0
Add host access control support for LDAP (similar to pam_host_attr)
Finer-grained control on principals used with Kerberos (such as for FAST or
validation)
Added a new tool sss_cache to allow selective expiring of cached entries
Added support for LDAP DEREF and ASQ controls
Added access control features for Novell Directory Server
FreeIPA dynamic DNS update now checks first to see if an update is needed
Complete rewrite of the HBAC library
New libraries: libipa_hbac and libipa_hbac-python
2011-08-03 08:08:26 -04:00
Stephen Gallagher
ce222bafe5 New upstream release 1.5.11
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
Fix a serious regression that prevented SSSD from working with ldaps:// URIs
IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
address being saved to the AAAA record
2011-07-05 15:03:55 -04:00
Stephen Gallagher
72bc2e1636 New upstream release 1.5.11
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
Fix a serious regression that prevented SSSD from working with ldaps:// URIs
IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
address being saved to the AAAA record
2011-07-05 15:00:32 -04:00
Stephen Gallagher
807b79d3dd New upstream release 1.5.10
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
Fixed a regression introduced in 1.5.9 that could result in blocking calls
to LDAP
2011-07-01 08:31:11 -04:00
Stephen Gallagher
4ef0c7f5e6 New upstream release 1.5.9
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
Support for overriding home directory, shell and primary GID locally
Properly honor TTL values from SRV record lookups
Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
servers)
Properly escape IPv6 addresses in the failover code
Do not crash if inotify fails (e.g. resource exhaustion)
Don't add multiple TGT renewal callbacks (too many log messages)
2011-06-30 14:57:29 -04:00
Stephen Gallagher
91fde1e873 New upstream release 1.5.8
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
Support for the LDAP paging control
Support for multiple DNS servers for name resolution
Fixes for several group membership bugs
Fixes for rare crash bugs
2011-05-27 16:41:02 -04:00
Stephen Gallagher
5796dc7438 Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d
Make sure to properly convert to systemd if upgrading from newer
updates for Fedora 14
2011-05-23 14:51:01 -04:00
Stephen Gallagher
d4aff4665f Fix segfault in TGT renewal 2011-05-02 12:29:25 -04:00
Stephen Gallagher
e4bdfb2159 Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
cached password with predicatable filename
2011-04-29 14:36:34 -04:00
Stephen Gallagher
eedc5ecda8 Re-add manpage translations 2011-04-20 16:27:19 -04:00
Stephen Gallagher
8ada5dc2d5 New upstream release 1.5.6
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
Fixed a serious memory leak in the memberOf plugin
Fixed a regression with the negative cache that caused it to be essentially
nonfunctional
Fixed an issue where the user's full name would sometimes be removed from
the cache
Fixed an issue with password changes in the kerberos provider not working
with kpasswd
2011-04-20 15:26:05 -04:00
Stephen Gallagher
d9b22a78e6 Resolves: rhbz#697057 - kpasswd fails when using sssd and
kadmin server != kdc server
Upgrades from SysV should now maintain enabled/disabled status
2011-04-20 12:44:13 -04:00
Stephen Gallagher
d7effc61bd Fix %postun 2011-04-20 12:22:57 -04:00
Stephen Gallagher
d895a5f72c Fix systemd conversion. Upgrades from SysV to systemd weren't properly
enabling the systemd service.
Fix a serious memory leak in the memberOf plugin
Fix an issue where the user's full name would sometimes be removed
from the cache
2011-04-14 16:24:13 -04:00
Stephen Gallagher
7dcee20614 Install systemd unit file instead of sysv init script 2011-04-12 11:52:28 -04:00
Stephen Gallagher
c8fb340975 New upstream release 1.5.5
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
Fixes for several crash bugs
LDAP group lookups will no longer abort if there is a zero-length member
attribute
Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
2011-04-12 11:14:23 -04:00
Stephen Gallagher
3eed4c3557 Update to SSSD 1.5.4
Improve the way we detect the LDB plugin location

New upstream release 1.5.4
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
Fixes for Active Directory when not all users and groups have POSIX attributes
Fixes for handling users and groups that have name aliases (aliases are ignored)
Fix group memberships after initgroups in the IPA provider
2011-03-24 15:29:47 -04:00
Stephen Gallagher
f6c362454d Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication 2011-03-17 11:47:25 -04:00
Stephen Gallagher
53637a07d3 New upstream release 1.5.3
Support for libldb >= 1.0.0
2011-03-11 13:50:59 -05:00
Stephen Gallagher
3b364490a6 New upstream release 1.5.2
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2
Fixes for support of FreeIPA v2
Fixes for failover if DNS entries change
Improved sss_obfuscate tool with better interactive mode
Fix several crash bugs
Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this
Delete users from the local cache if initgroups calls return 'no such user'
(previously only worked for getpwnam/getpwuid)
Use new Transifex.net translations
Better support for automatic TGT renewal (now survives restart)
Netgroup fixes
2011-03-10 15:00:40 -05:00
Simo Sorce
b28cafe61b - Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
- Related: rhbz#677425
2011-02-27 21:54:52 -05:00
Stephen Gallagher
7a33e7710b - Resolves: rhbz#677768 - name service caches names, so id command shows
-                         recently deleted users
2011-02-21 15:42:00 -05:00
Stephen Gallagher
da2a04f651 - Ensure that SSSD builds against libldb-1.0.0 on F15 and later
- Remove .la for memberOf
2011-02-11 11:41:33 -05:00
Stephen Gallagher
0ad47aae65 - Fix memberOf install path 2011-02-11 11:22:33 -05:00
Stephen Gallagher
e8ab291d89 - Add support for libldb 1.0.0 2011-02-11 09:36:41 -05:00
Dennis Gilmore
8923e26c46 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-09 10:00:19 -06:00
Stephen Gallagher
d12cd5dd26 - Fix nested group member filter sanitization for RFC2307bis
- Put translated tool manpages into the sssd-tools subpackage
2011-02-01 09:20:57 -05:00
Stephen Gallagher
749bf2d662 Bump release number 2011-01-27 14:40:33 -05:00
Stephen Gallagher
7e3a2cd879 - Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
- rpmbuild
2011-01-27 14:38:13 -05:00
Stephen Gallagher
f151b0669b - New upstream release 1.5.1
- Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins
- Vast performance improvements when enumerate = true
- All PAM actions will now perform a forced initgroups lookup instead of just
- a user information lookup
-   This guarantees that all group information is available to other
-   providers, such as the simple provider.
- For backwards-compatibility, DNS lookups will also fall back to trying the
- SSSD domain name as a DNS discovery domain.
- Support for more password expiration policies in LDAP
-    389 Directory Server
-    FreeIPA
-    ActiveDirectory
- Support for ldap_tls_{cert,key,cipher_suite} config options
-Assorted bugfixes
2011-01-27 13:50:21 -05:00
Stephen Gallagher
3a15e92ce7 - CVE-2010-4341 - DoS in sssd PAM responder can prevent logins 2011-01-11 12:32:39 -05:00
Stephen Gallagher
5225c3262b - New upstream release 1.5.0
- Fixed issues with LDAP search filters that needed to be escaped
- Add Kerberos FAST support on platforms that support it
- Reduced verbosity of PAM_TEXT_INFO messages for cached credentials
- Added a Kerberos access provider to honor .k5login
- Addressed several thread-safety issues in the sss_client code
- Improved support for delayed online Kerberos auth
- Significantly reduced time between connecting to the network/VPN and
- acquiring a TGT
- Added feature for automatic Kerberos ticket renewal
- Provides the kerberos ticket for long-lived processes or cron jobs
- even when the user logs out
- Added several new features to the LDAP access provider
- Support for 'shadow' access control
- Support for authorizedService access control
- Ability to mix-and-match LDAP access control features
- Added an option for a separate password-change LDAP server for those
- platforms where LDAP referrals are not supported
- Added support for manpage translations
2010-12-22 14:08:33 -05:00
Stephen Gallagher
9600ada0fd Fix release number 2010-11-18 08:44:23 -05:00
Stephen Gallagher
069ad4076b - Solve a shutdown race-condition that sometimes left processes running
- Resolves: rhbz#606887 - SSSD stops on upgrade
2010-11-18 08:41:39 -05:00
Stephen Gallagher
4e1de07cd8 - Log startup errors to the syslog
- Allow cache cleanup to be disabled in sssd.conf
2010-11-16 12:48:57 -05:00
Stephen Gallagher
9d5bcde0eb - New upstream release 1.4.1
- Add support for netgroups to the proxy provider
- Fixes a minor bug with UIDs/GIDs >= 2^31
- Fixes a segfault in the kerberos provider
- Fixes a segfault in the NSS responder if a data provider crashes
- Correctly use sdap_netgroup_search_base
2010-11-01 09:02:47 -04:00
Stephen Gallagher
75efc48618 Fix incorrect tarball URL 2010-10-18 16:06:09 -04:00
Stephen Gallagher
d8a8ec9a9a Fix tarball URL 2010-10-18 16:04:39 -04:00
Stephen Gallagher
9b0ef1cecd - New upstream release 1.4.0
- Added support for netgroups to the LDAP provider
- Performance improvements made to group processing of RFC2307 LDAP servers
- Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin
- Build-system improvements to support Gentoo
- Split out several libraries into the ding-libs tarball
- Manpage reviewed and updated
2010-10-18 14:44:48 -04:00
Stephen Gallagher
2d631b340a - Fix pre and post script requirements 2010-10-04 09:47:22 -04:00
Stephen Gallagher
3f786445f0 - Resolves: rhbz#606887 - sssd stops on upgrade 2010-10-04 09:23:20 -04:00
Stephen Gallagher
8cdc9d4fbc - Resolves: rhbz#626205 - Unable to unlock screen 2010-10-04 09:14:17 -04:00