Compare commits
26 Commits
Author | SHA1 | Date |
---|---|---|
|
08da919e6e | |
|
ebddd863fe | |
|
54472e5fa7 | |
|
a7f0d3bcea | |
|
5ad6b83fb0 | |
|
d75e73e916 | |
|
8671db2885 | |
|
cc12e9ce85 | |
|
ce34a1f8d1 | |
|
b29a4a60fe | |
|
383b66a9c8 | |
|
32d7aea6a7 | |
|
7c5e4bf4d8 | |
|
d7cda9fb87 | |
|
a473c10d60 | |
|
b566de8129 | |
|
9831967558 | |
|
730db27157 | |
|
f27dd86331 | |
|
962d929572 | |
|
7d964f7f05 | |
|
6ae4794c4a | |
|
7d665d25e4 | |
|
87898049de | |
|
93b5f5f461 | |
|
cea07f72b3 |
|
@ -7,3 +7,14 @@ sssd-1.2.91.tar.gz
|
|||
/sssd-1.5.2.tar.gz
|
||||
/sssd-1.5.3.tar.gz
|
||||
/sssd-1.5.4.tar.gz
|
||||
/sssd-1.5.5.tar.gz
|
||||
/sssd-1.5.6.tar.gz
|
||||
/sssd-1.5.6.1.tar.gz
|
||||
/sssd-1.5.7.tar.gz
|
||||
/sssd-1.5.8.tar.gz
|
||||
/sssd-1.5.9.tar.gz
|
||||
/sssd-1.5.10.tar.gz
|
||||
/sssd-1.5.11.tar.gz
|
||||
/sssd-1.5.12.tar.gz
|
||||
/sssd-1.5.13.tar.gz
|
||||
/sssd-1.5.14.tar.gz
|
||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
d1459f6e0d0a5246374f08e6ab24c7de sssd-1.5.4.tar.gz
|
||||
4a00b154c90e40379275d20247b97ce5 sssd-1.5.14.tar.gz
|
||||
|
|
190
sssd.spec
190
sssd.spec
|
@ -5,10 +5,10 @@
|
|||
|
||||
# Determine the location of the LDB modules directory
|
||||
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
|
||||
%global ldb_version 1.0.2
|
||||
%global ldb_version 0.9.10
|
||||
|
||||
Name: sssd
|
||||
Version: 1.5.4
|
||||
Version: 1.5.14
|
||||
Release: 1%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
|
@ -24,8 +24,8 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|||
Requires: libldb = %{ldb_version}
|
||||
Requires: libtdb >= 1.1.3
|
||||
Requires: sssd-client = %{version}-%{release}
|
||||
Requires: libipa_hbac = %{version}-%{release}
|
||||
Requires: cyrus-sasl-gssapi
|
||||
Requires: krb5-libs >= 1.9
|
||||
Requires(post): initscripts chkconfig /sbin/ldconfig
|
||||
Requires(preun): initscripts chkconfig
|
||||
Requires(postun): initscripts chkconfig /sbin/ldconfig
|
||||
|
@ -66,7 +66,7 @@ BuildRequires: pcre-devel
|
|||
BuildRequires: libxslt
|
||||
BuildRequires: libxml2
|
||||
BuildRequires: docbook-style-xsl
|
||||
BuildRequires: krb5-devel >= 1.9
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: c-ares-devel
|
||||
BuildRequires: python-devel
|
||||
BuildRequires: check-devel
|
||||
|
@ -78,6 +78,9 @@ BuildRequires: keyutils-libs-devel
|
|||
BuildRequires: libnl-devel
|
||||
BuildRequires: nscd
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: libunistring-devel
|
||||
BuildRequires: findutils
|
||||
|
||||
%description
|
||||
Provides a set of daemons to manage access to remote directories and
|
||||
|
@ -108,6 +111,34 @@ SSSD when using id_provider = local in /etc/sssd/sssd.conf.
|
|||
Also provides a userspace tool for generating an obfuscated LDAP password for
|
||||
use with ldap_default_authtok_type = obfuscated_password.
|
||||
|
||||
%package -n libipa_hbac
|
||||
Summary: FreeIPA HBAC Evaluator library
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
|
||||
%description -n libipa_hbac
|
||||
Utility library to validate FreeIPA HBAC rules for authorization requests
|
||||
|
||||
%package -n libipa_hbac-devel
|
||||
Summary: FreeIPA HBAC Evaluator library
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
Requires: libipa_hbac = %{version}-%{release}
|
||||
|
||||
%description -n libipa_hbac-devel
|
||||
Utility library to validate FreeIPA HBAC rules for authorization requests
|
||||
|
||||
%package -n libipa_hbac-python
|
||||
Summary: Python bindings for the FreeIPA HBAC Evaluator library
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
Requires: libipa_hbac = %{version}-%{release}
|
||||
|
||||
%description -n libipa_hbac-python
|
||||
The libipa_hbac-python contains the bindings so that libipa_hbac can be
|
||||
used by Python applications.
|
||||
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
|
||||
|
@ -118,13 +149,14 @@ autoreconf -ivf
|
|||
--with-pipe-path=%{pipepath} \
|
||||
--with-pubconf-path=%{pubconfpath} \
|
||||
--with-init-dir=%{_initrddir} \
|
||||
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
|
||||
--enable-nsslibdir=/%{_lib} \
|
||||
--enable-pammoddir=/%{_lib}/security \
|
||||
--disable-static \
|
||||
--disable-rpath \
|
||||
--with-test-dir=/dev/shm
|
||||
|
||||
make %{?_smp_mflags}
|
||||
make %{?_smp_mflags} all docs
|
||||
|
||||
%check
|
||||
export CK_TIMEOUT_MULTIPLIER=10
|
||||
|
@ -154,17 +186,11 @@ mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/rwtab.d
|
|||
install -m644 src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
|
||||
|
||||
# Remove .la files created by libtool
|
||||
rm -f \
|
||||
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
|
||||
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
|
||||
$RPM_BUILD_ROOT/%{ldb_modulesdir}/memberof.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_simple.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
|
||||
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
|
||||
find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
|
||||
|
||||
# Suppress developer-only documentation
|
||||
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}/doc
|
||||
|
||||
|
||||
# Older versions of rpmbuild can only handle one -f option
|
||||
# So we need to append to the sssd.lang file
|
||||
|
@ -199,6 +225,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_libdir}/%{name}/
|
||||
%{ldb_modulesdir}/memberof.so
|
||||
%dir %{sssdstatedir}
|
||||
%dir %{_localstatedir}/cache/krb5rcache
|
||||
%attr(700,root,root) %dir %{dbpath}
|
||||
%attr(755,root,root) %dir %{pipepath}
|
||||
%attr(755,root,root) %dir %{pubconfpath}
|
||||
|
@ -249,6 +276,22 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/sss_usermod.8*
|
||||
%{_mandir}/man8/sss_obfuscate.8*
|
||||
|
||||
%files -n libipa_hbac
|
||||
%defattr(-,root,root,-)
|
||||
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
%{_libdir}/libipa_hbac.so.*
|
||||
|
||||
%files -n libipa_hbac-devel
|
||||
%defattr(-,root,root,-)
|
||||
%doc hbac_doc/html
|
||||
%{_includedir}/ipa_hbac.h
|
||||
%{_libdir}/libipa_hbac.so
|
||||
%{_libdir}/pkgconfig/ipa_hbac.pc
|
||||
|
||||
%files -n libipa_hbac-python
|
||||
%defattr(-,root,root,-)
|
||||
%{python_sitearch}/pyhbac.so
|
||||
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
/sbin/chkconfig --add %{servicename}
|
||||
|
@ -269,7 +312,110 @@ fi
|
|||
|
||||
%postun client -p /sbin/ldconfig
|
||||
|
||||
%post -n libipa_hbac -p /sbin/ldconfig
|
||||
|
||||
%postun -n libipa_hbac -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Wed Oct 19 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.14-1
|
||||
- New upstream release 1.5.14
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.14
|
||||
- Improved handling of users and groups with multi-valued name attributes
|
||||
(aliases)
|
||||
- Performance enhancements
|
||||
* Initgroups on RFC2307bis/FreeIPA
|
||||
* HBAC rule processing
|
||||
- Improved process-hang detection and restarting
|
||||
- Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries)
|
||||
- Cleaned up the example configuration
|
||||
|
||||
* Mon Aug 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.13-1
|
||||
- New upstream release 1.5.13
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.13
|
||||
- Fixes a serious issue with LDAP connections when the communication is
|
||||
dropped (e.g. VPN disconnection, waking from sleep)
|
||||
- SSSD is now less strict when dealing with users/groups with multiple names
|
||||
when a definitive primary name cannot be determined
|
||||
- The LDAP provider will no longer attempt to canonicalize by default when
|
||||
using SASL. An option to re-enable this has been provided
|
||||
- Fixes for non-standard LDAP attribute names (e.g. those used by Active
|
||||
Directory)
|
||||
- Three HBAC regressions have been fixed
|
||||
|
||||
* Fri Aug 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.12-1
|
||||
- New upstream release 1.5.12
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.12
|
||||
- Fixes a regression introduced in 1.5.11 with hostname resolution
|
||||
- Fixes an issue where sssd_pam would leak file descriptors until resource
|
||||
exhaustion
|
||||
- Complete rewrite of the FreeIPA Host-Based Access Control (HBAC) resolver
|
||||
- New shared library for HBAC access-control
|
||||
- Fixes for password expiration handling with LDAP auth
|
||||
- New option to veto certain centrally-managed shells (Patch by John Hodrien)
|
||||
|
||||
* Tue Jul 05 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.11-2
|
||||
- New upstream release 1.5.11
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11
|
||||
- Fix a serious regression that prevented SSSD from working with ldaps:// URIs
|
||||
- IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6
|
||||
- address being saved to the AAAA record
|
||||
|
||||
* Fri Jul 01 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.10-1
|
||||
- New upstream release 1.5.10
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10
|
||||
- Fixed a regression introduced in 1.5.9 that could result in blocking calls
|
||||
- to LDAP
|
||||
|
||||
* Thu Jun 30 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.9-1
|
||||
- New upstream release 1.5.9
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9
|
||||
- Support for overriding home directory, shell and primary GID locally
|
||||
- Properly honor TTL values from SRV record lookups
|
||||
- Support non-POSIX groups in nested group chains (for RFC2307bis LDAP
|
||||
- servers)
|
||||
- Properly escape IPv6 addresses in the failover code
|
||||
- Do not crash if inotify fails (e.g. resource exhaustion)
|
||||
- Don't add multiple TGT renewal callbacks (too many log messages)
|
||||
|
||||
* Fri May 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.8-1
|
||||
- New upstream release 1.5.8
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8
|
||||
- Support for the LDAP paging control
|
||||
- Support for multiple DNS servers for name resolution
|
||||
- Fixes for several group membership bugs
|
||||
- Fixes for rare crash bugs
|
||||
|
||||
* Fri Apr 29 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.7-1
|
||||
- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites
|
||||
- cached password with predicatable filename
|
||||
|
||||
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6.1-1
|
||||
- Re-add manpage translations
|
||||
|
||||
* Wed Apr 20 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.6-1
|
||||
- New upstream release 1.5.6
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
|
||||
- Fixed a serious memory leak in the memberOf plugin
|
||||
- Fixed a regression with the negative cache that caused it to be essentially
|
||||
- nonfunctional
|
||||
- Fixed an issue where the user's full name would sometimes be removed from
|
||||
- the cache
|
||||
- Fixed an issue with password changes in the kerberos provider not working
|
||||
- with kpasswd
|
||||
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
|
||||
- kadmin server != kdc server
|
||||
- Fix a serious memory leak in the memberOf plugin
|
||||
- Fix an issue where the user's full name would sometimes be removed
|
||||
- from the cache
|
||||
|
||||
* Tue Apr 12 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.5-1
|
||||
- New upstream release 1.5.5
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5
|
||||
- Fixes for several crash bugs
|
||||
- LDAP group lookups will no longer abort if there is a zero-length member
|
||||
- attribute
|
||||
- Add automatic fallback to 'cn' if the 'gecos' attribute does not exist
|
||||
|
||||
* Thu Mar 24 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.4-1
|
||||
- New upstream release 1.5.4
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4
|
||||
|
@ -277,6 +423,9 @@ fi
|
|||
- Fixes for handling users and groups that have name aliases (aliases are ignored)
|
||||
- Fix group memberships after initgroups in the IPA provider
|
||||
|
||||
* Fri Mar 18 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-3
|
||||
- Fix version requirement on libldb
|
||||
|
||||
* Thu Mar 17 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.3-2
|
||||
- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication
|
||||
|
||||
|
@ -298,9 +447,8 @@ fi
|
|||
- Better support for automatic TGT renewal (now survives restart)
|
||||
- Netgroup fixes
|
||||
|
||||
* Sun Feb 27 2011 Simo Sorce <ssorce@redhat.com> - 1.5.1-9
|
||||
- Rebuild sssd against libldb 1.0.2 so the memberof module loads again.
|
||||
- Related: rhbz#677425
|
||||
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-9
|
||||
- Fix build against older libldb
|
||||
|
||||
* Mon Feb 21 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-8
|
||||
- Resolves: rhbz#677768 - name service caches names, so id command shows
|
||||
|
@ -323,6 +471,9 @@ fi
|
|||
- Fix nested group member filter sanitization for RFC2307bis
|
||||
- Put translated tool manpages into the sssd-tools subpackage
|
||||
|
||||
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2.1
|
||||
- Remove requirement on krb5-devel 1.9
|
||||
|
||||
* Thu Jan 27 2011 Stephen Gallagher <sgallagh@redhat.com> - 1.5.1-2
|
||||
- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during
|
||||
- rpmbuild
|
||||
|
@ -368,7 +519,6 @@ fi
|
|||
- platforms where LDAP referrals are not supported
|
||||
- Added support for manpage translations
|
||||
|
||||
|
||||
* Thu Nov 18 2010 Stephen Gallagher <sgallagh@redhat.com> - 1.4.1-3
|
||||
- Solve a shutdown race-condition that sometimes left processes running
|
||||
- Resolves: rhbz#606887 - SSSD stops on upgrade
|
||||
|
|
Loading…
Reference in New Issue