Compare commits
38 Commits
Author | SHA1 | Date |
---|---|---|
Jakub Hrozek | 8cddeb0995 | |
Jakub Hrozek | 80a7c9e7ec | |
Jakub Hrozek | 6d9ab0af41 | |
Jakub Hrozek | e4cf1d484c | |
Jakub Hrozek | a8c0fcfcc2 | |
Jakub Hrozek | 9b3fa2aa6b | |
Jakub Hrozek | 54e39be6cc | |
Jakub Hrozek | 0fd198bcce | |
Jakub Hrozek | 724093789c | |
Jakub Hrozek | ffc5798988 | |
Jakub Hrozek | 372462b128 | |
Jakub Hrozek | b090a9286f | |
Jakub Hrozek | bf49fa800f | |
Jakub Hrozek | 47cc240f66 | |
Jakub Hrozek | c6c53733cc | |
Jakub Hrozek | be350caba3 | |
Jakub Hrozek | 6ce1d927ac | |
Jakub Hrozek | b1071ab9d9 | |
Jakub Hrozek | e87a1aab76 | |
Jakub Hrozek | a4fc989e6c | |
Stephen Gallagher | 50c80f955f | |
Stephen Gallagher | bc83438257 | |
Stephen Gallagher | 48472a4c55 | |
Jakub Hrozek | a579cab96a | |
Dan Horák | 5c6a89ad0d | |
Jakub Hrozek | 11749ff4df | |
Jakub Hrozek | 99dbe10767 | |
Jakub Hrozek | 2e5bd19d3f | |
Jakub Hrozek | 3a14edc2d9 | |
Jakub Hrozek | ff5e380e3a | |
Jakub Hrozek | 5afdcafadb | |
Jakub Hrozek | 8445320f4f | |
Jakub Hrozek | b24f0d940d | |
Jakub Hrozek | eda364402d | |
Jakub Hrozek | c9aa541902 | |
Jakub Hrozek | 624a18044d | |
Jakub Hrozek | 776d2dc404 | |
Jakub Hrozek | 19d0660e6d |
|
@ -41,3 +41,16 @@ sssd-1.2.91.tar.gz
|
|||
/sssd-1.9.2.tar.gz
|
||||
/sssd-1.9.3.tar.gz
|
||||
/sssd-1.9.4.tar.gz
|
||||
/sssd-1.10.0alpha1.tar.gz
|
||||
/sssd-1.10.0beta1.tar.gz
|
||||
/sssd-1.10.0beta2.tar.gz
|
||||
/sssd-1.10.0.tar.gz
|
||||
/sssd-1.10.1.tar.gz
|
||||
/sssd-1.11.0beta2.tar.gz
|
||||
/sssd-1.11.0.tar.gz
|
||||
/sssd-1.11.1.tar.gz
|
||||
/sssd-1.11.2.tar.gz
|
||||
/sssd-1.11.3.tar.gz
|
||||
/sssd-1.11.4.tar.gz
|
||||
/sssd-1.11.5.tar.gz
|
||||
/sssd-1.11.5.1.tar.gz
|
||||
|
|
|
@ -1,39 +0,0 @@
|
|||
From cae3bf6af22855adc8dd7b270e11207f0a33c385 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Wed, 30 Jan 2013 13:45:27 +0100
|
||||
Subject: [PATCH] krb: recreate ccache if it was deleted
|
||||
|
||||
https://fedorahosted.org/sssd/ticket/1512
|
||||
|
||||
If directory where a ccache file was stored was missing and user
|
||||
was still logged in, we erroneously considered the ccache file
|
||||
still active. Thus the ccache file was not recreated and user was
|
||||
unable to login.
|
||||
---
|
||||
src/providers/krb5/krb5_utils.c | 9 ++++++++-
|
||||
1 file changed, 8 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c
|
||||
index b770714be030076203b6578f90ef726226cb72f8..7b56be52497ae66fa536b76ca0561ec3cc3208ce 100644
|
||||
--- a/src/providers/krb5/krb5_utils.c
|
||||
+++ b/src/providers/krb5/krb5_utils.c
|
||||
@@ -770,8 +770,15 @@ cc_residual_is_used(uid_t uid, const char *ccname,
|
||||
|
||||
ret = lstat(ccname, &stat_buf);
|
||||
|
||||
- if (ret == -1 && errno != ENOENT) {
|
||||
+ if (ret == -1) {
|
||||
ret = errno;
|
||||
+ if (ret == ENOENT) {
|
||||
+ DEBUG(SSSDBG_FUNC_DATA, ("Cache file [%s] does not exists, "
|
||||
+ "it will be recreated\n", ccname));
|
||||
+ *result = false;
|
||||
+ return EOK;
|
||||
+ }
|
||||
+
|
||||
DEBUG(SSSDBG_OP_FAILURE,
|
||||
("stat failed [%d][%s].\n", ret, strerror(ret)));
|
||||
return ret;
|
||||
--
|
||||
1.7.11.7
|
||||
|
|
@ -1,30 +0,0 @@
|
|||
From 2cdcd10751f2e3f152124f698ae35d7947ca4771 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||
Date: Thu, 31 Jan 2013 18:52:08 +0100
|
||||
Subject: [PATCH] Don't use srcdir with tests
|
||||
|
||||
Fixes build with automake 1.13 or newer.
|
||||
---
|
||||
Makefile.am | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 8a47af8ddb4eb274d390ec0bf3010736cb23b992..64708216103e48facf780f246de5668c8e0b26a7 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -146,9 +146,9 @@ check_PROGRAMS = \
|
||||
PYTHON_TESTS =
|
||||
|
||||
if BUILD_PYTHON_BINDINGS
|
||||
-PYTHON_TESTS += $(srcdir)/src/config/SSSDConfigTest.py \
|
||||
- $(srcdir)/src/tests/pyhbac-test.py \
|
||||
- $(srcdir)/src/tests/pysss_murmur-test.py
|
||||
+PYTHON_TESTS += src/config/SSSDConfigTest.py \
|
||||
+ src/tests/pyhbac-test.py \
|
||||
+ src/tests/pysss_murmur-test.py
|
||||
endif
|
||||
|
||||
TESTS = \
|
||||
--
|
||||
1.8.1
|
||||
|
|
@ -1,52 +0,0 @@
|
|||
From 4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||
Date: Mon, 4 Feb 2013 11:30:48 -0500
|
||||
Subject: [PATCH] krb5: include backwards compatible declaration of
|
||||
krb5_trace_info
|
||||
|
||||
krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11
|
||||
includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info".
|
||||
|
||||
Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
|
||||
---
|
||||
src/external/krb5.m4 | 2 +-
|
||||
src/util/sss_krb5.c | 8 +++++++-
|
||||
2 files changed, 8 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/external/krb5.m4 b/src/external/krb5.m4
|
||||
index 5bc871128193e19038c7325b7dbab40e94128171..f1679a151b613b3f685953453a314f734419fa41 100644
|
||||
--- a/src/external/krb5.m4
|
||||
+++ b/src/external/krb5.m4
|
||||
@@ -37,7 +37,7 @@ SAVE_LIBS=$LIBS
|
||||
CFLAGS="$CFLAGS $KRB5_CFLAGS"
|
||||
LIBS="$LIBS $KRB5_LIBS"
|
||||
AC_CHECK_HEADERS([krb5.h krb5/krb5.h])
|
||||
-AC_CHECK_TYPES([krb5_ticket_times, krb5_times], [], [],
|
||||
+AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
|
||||
[ #ifdef HAVE_KRB5_KRB5_H
|
||||
#include <krb5/krb5.h>
|
||||
#else
|
||||
diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
|
||||
index bb61d10938a74d768c31869cae79fa1e348d3693..ab0344c8048523e08dbe29a05aefbc45e2f7668e 100644
|
||||
--- a/src/util/sss_krb5.c
|
||||
+++ b/src/util/sss_krb5.c
|
||||
@@ -1001,9 +1001,15 @@ sss_krb5_residual_check_type(const char *full_location,
|
||||
}
|
||||
|
||||
#ifdef HAVE_KRB5_SET_TRACE_CALLBACK
|
||||
+
|
||||
+#ifndef HAVE_KRB5_TRACE_INFO
|
||||
+/* krb5-1.10 had struct krb5_trace_info, 1.11 has type named krb5_trace_info */
|
||||
+typedef struct krb5_trace_info krb5_trace_info;
|
||||
+#endif /* HAVE_KRB5_TRACE_INFO */
|
||||
+
|
||||
static void
|
||||
sss_child_krb5_trace_cb(krb5_context context,
|
||||
- const struct krb5_trace_info *info, void *data)
|
||||
+ const krb5_trace_info *info, void *data)
|
||||
{
|
||||
if (info == NULL) {
|
||||
/* Null info means destroy the callback data. */
|
||||
--
|
||||
1.8.1.2
|
||||
|
|
@ -1,69 +0,0 @@
|
|||
From a0388dc52f5461f72f8221c9bb7c92008e1fe2c5 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
||||
Date: Fri, 1 Feb 2013 12:17:47 +0100
|
||||
Subject: [PATCH] subdomains: replace invalid characters with underscore in
|
||||
krb5 mapping file name
|
||||
|
||||
https://fedorahosted.org/sssd/ticket/1795
|
||||
|
||||
Only alpha-numeric chars, dashes and underscores are allowed in
|
||||
krb5 include directory.
|
||||
---
|
||||
src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++-
|
||||
1 file changed, 25 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
||||
index ef6195d19de72be7fd2b12a309b33fcf20e0e3a1..f959c4e6eb1d830e3990f552c9f4cf962298ef48 100644
|
||||
--- a/src/providers/ipa/ipa_subdomains.c
|
||||
+++ b/src/providers/ipa/ipa_subdomains.c
|
||||
@@ -287,22 +287,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain,
|
||||
errno_t err;
|
||||
TALLOC_CTX *tmp_ctx;
|
||||
const char *mapping_file;
|
||||
+ char *sanitized_domain;
|
||||
char *tmp_file = NULL;
|
||||
int fd = -1;
|
||||
mode_t old_mode;
|
||||
FILE *fstream = NULL;
|
||||
size_t i;
|
||||
|
||||
+ if (domain == NULL || domain->name == NULL) {
|
||||
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
|
||||
+ return EINVAL;
|
||||
+ }
|
||||
+
|
||||
tmp_ctx = talloc_new(NULL);
|
||||
if (!tmp_ctx) return ENOMEM;
|
||||
|
||||
+ sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
|
||||
+ if (sanitized_domain == NULL) {
|
||||
+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
|
||||
+ return ENOMEM;
|
||||
+ }
|
||||
+
|
||||
+ /* only alpha-numeric chars, dashes and underscores are allowed in
|
||||
+ * krb5 include directory */
|
||||
+ for (i = 0; sanitized_domain[i] != '\0'; i++) {
|
||||
+ if (!isalnum(sanitized_domain[i])
|
||||
+ && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
|
||||
+ sanitized_domain[i] = '_';
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
|
||||
- IPA_SUBDOMAIN_MAPPING_DIR, domain->name);
|
||||
+ IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain);
|
||||
if (!mapping_file) {
|
||||
ret = ENOMEM;
|
||||
goto done;
|
||||
}
|
||||
|
||||
+ DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
|
||||
+ domain->name, mapping_file));
|
||||
+
|
||||
tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
|
||||
if (tmp_file == NULL) {
|
||||
ret = ENOMEM;
|
||||
--
|
||||
1.7.11.7
|
||||
|
|
@ -1,39 +0,0 @@
|
|||
From e354a96bbca5da8525ee51f91907e75af897b856 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||
Date: Thu, 14 Feb 2013 10:13:59 +0100
|
||||
Subject: [PATCH] Fix the krb5 password expiration warning
|
||||
|
||||
https://fedorahosted.org/sssd/ticket/1808
|
||||
---
|
||||
src/confdb/confdb.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
|
||||
index 31efd9443be8490715961c8a45f9352bd1ade653..31c48bd28aee37008687e7e255ebf2ef2d79798a 100644
|
||||
--- a/src/confdb/confdb.c
|
||||
+++ b/src/confdb/confdb.c
|
||||
@@ -1020,7 +1020,11 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
|
||||
goto done;
|
||||
}
|
||||
|
||||
- /* Set the PAM warning time, if specified */
|
||||
+ /* Set the PAM warning time, if specified. If not specified, pass on
|
||||
+ * the "not set" value of "-1" which means "use provider default". The
|
||||
+ * value 0 means "always display the warning if server sends one" */
|
||||
+ domain->pwd_expiration_warning = -1;
|
||||
+
|
||||
val = ldb_msg_find_attr_as_int(res->msgs[0],
|
||||
CONFDB_DOMAIN_PWD_EXPIRATION_WARNING,
|
||||
-1);
|
||||
@@ -1035,6 +1039,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
|
||||
}
|
||||
|
||||
if (val > 0) {
|
||||
+ DEBUG(SSSDBG_CONF_SETTINGS,
|
||||
+ ("Setting domain password expiration warning to %d days\n", val));
|
||||
/* The value is in days, transform it to seconds */
|
||||
domain->pwd_expiration_warning = val * 24 * 3600;
|
||||
}
|
||||
--
|
||||
1.8.1.2
|
||||
|
|
@ -1,134 +0,0 @@
|
|||
From 96453f402831275a39d5fb89c33c9776e148d03f Mon Sep 17 00:00:00 2001
|
||||
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||
Date: Fri, 22 Feb 2013 15:58:52 +0100
|
||||
Subject: [PATCH] BUILD: Build shared components as an internal shared library
|
||||
|
||||
There is a large amount of duplicated code being linked into multiple
|
||||
SSSD binaries. Instead of statically linking this code throughout the
|
||||
SSSD, we should instead create private shared libraries for them and
|
||||
drop this code on the system only once.
|
||||
---
|
||||
Makefile.am | 25 +++++++++++++++++++------
|
||||
contrib/sssd.spec.in | 8 ++++++++
|
||||
2 files changed, 27 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 64708216103e48facf780f246de5668c8e0b26a7..4ff02b8e7f65876c6d42217e955053f420111132 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -176,7 +176,9 @@ krb5authdata_plugin_LTLIBRARIES = \
|
||||
sssd_pac_plugin.la
|
||||
endif
|
||||
|
||||
-noinst_LTLIBRARIES = \
|
||||
+noinst_LTLIBRARIES =
|
||||
+
|
||||
+pkglib_LTLIBRARIES = \
|
||||
libsss_crypt.la
|
||||
|
||||
if HAVE_NSS
|
||||
@@ -203,6 +205,8 @@ libsss_crypt_la_CFLAGS = \
|
||||
$(DHASH_CFLAGS)
|
||||
libsss_crypt_la_LIBADD = \
|
||||
$(SSS_CRYPT_LIBS)
|
||||
+libsss_crypt_la_LDFLAGS = \
|
||||
+ -avoid-version
|
||||
|
||||
if BUILD_PYTHON_BINDINGS
|
||||
pyexec_LTLIBRARIES = \
|
||||
@@ -471,15 +475,18 @@ endif
|
||||
#####################
|
||||
# Utility libraries #
|
||||
#####################
|
||||
-noinst_LTLIBRARIES += libsss_debug.la
|
||||
+pkglib_LTLIBRARIES += libsss_debug.la
|
||||
libsss_debug_la_SOURCES = \
|
||||
src/util/debug.c \
|
||||
src/util/sss_log.c
|
||||
+libsss_debug_la_LDFLAGS = \
|
||||
+ -avoid-version
|
||||
|
||||
-noinst_LTLIBRARIES += libsss_child.la
|
||||
+pkglib_LTLIBRARIES += libsss_child.la
|
||||
libsss_child_la_SOURCES = src/util/child_common.c
|
||||
+libsss_child_la_LDFLAGS = -avoid-version
|
||||
|
||||
-noinst_LTLIBRARIES += libsss_util.la
|
||||
+pkglib_LTLIBRARIES += libsss_util.la
|
||||
libsss_util_la_SOURCES = \
|
||||
src/confdb/confdb.c \
|
||||
src/db/sysdb.c \
|
||||
@@ -532,6 +539,7 @@ libsss_util_la_SOURCES += \
|
||||
src/db/sysdb_ssh.c \
|
||||
src/util/sss_ssh.c
|
||||
endif
|
||||
+libsss_util_la_LDFLAGS = -avoid-version
|
||||
|
||||
lib_LTLIBRARIES = libipa_hbac.la libsss_idmap.la
|
||||
dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc
|
||||
@@ -1251,7 +1259,7 @@ endif
|
||||
# Plugin Libraries #
|
||||
####################
|
||||
|
||||
-noinst_LTLIBRARIES += libsss_ldap_common.la
|
||||
+pkglib_LTLIBRARIES += libsss_ldap_common.la
|
||||
libsss_ldap_common_la_SOURCES = \
|
||||
src/providers/ldap/ldap_id.c \
|
||||
src/providers/ldap/ldap_id_enum.c \
|
||||
@@ -1278,6 +1286,8 @@ libsss_ldap_common_la_SOURCES = \
|
||||
src/providers/ldap/sdap_range.c \
|
||||
src/providers/ldap/sdap_reinit.c \
|
||||
src/providers/ldap/sdap.c
|
||||
+libsss_ldap_common_la_LDFLAGS = \
|
||||
+ -avoid-version
|
||||
|
||||
if BUILD_SUDO
|
||||
libsss_ldap_common_la_SOURCES += \
|
||||
@@ -1295,7 +1305,7 @@ libsss_ldap_common_la_SOURCES += \
|
||||
endif
|
||||
|
||||
|
||||
-noinst_LTLIBRARIES += libsss_krb5_common.la
|
||||
+pkglib_LTLIBRARIES += libsss_krb5_common.la
|
||||
libsss_krb5_common_la_SOURCES = \
|
||||
src/providers/krb5/krb5_utils.c \
|
||||
src/providers/krb5/krb5_become_user.c \
|
||||
@@ -1307,6 +1317,8 @@ libsss_krb5_common_la_SOURCES = \
|
||||
src/providers/krb5/krb5_access.c \
|
||||
src/providers/krb5/krb5_child_handler.c \
|
||||
src/providers/krb5/krb5_init_shared.c
|
||||
+libsss_krb5_common_la_LDFLAGS = \
|
||||
+ -avoid-version
|
||||
|
||||
libsss_ldap_la_SOURCES = \
|
||||
src/util/find_uid.c \
|
||||
@@ -1658,6 +1670,7 @@ installsssddirs::
|
||||
$(DESTDIR)$(dbusintrospectdir) \
|
||||
$(DESTDIR)$(pipepath)/private \
|
||||
$(DESTDIR)$(sssdlibdir) \
|
||||
+ $(DESTDIR)$(pkglibdir) \
|
||||
$(DESTDIR)$(sssdconfdir) \
|
||||
$(DESTDIR)$(sssddatadir) \
|
||||
$(DESTDIR)$(dbpath) \
|
||||
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
|
||||
index 2a0401d1b8bb538fe596b2c762f7e0bbeb1abef9..7f124f5cd9dc602481cb5f4ae7a5a9418b6c8bf9 100644
|
||||
--- a/contrib/sssd.spec.in
|
||||
+++ b/contrib/sssd.spec.in
|
||||
@@ -385,6 +385,14 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_libdir}/%{name}/libsss_proxy.so
|
||||
%{_libdir}/%{name}/libsss_simple.so
|
||||
|
||||
+#Internal shared libraries
|
||||
+%{_libdir}/%{name}/libsss_child.so
|
||||
+%{_libdir}/%{name}/libsss_crypt.so
|
||||
+%{_libdir}/%{name}/libsss_debug.so
|
||||
+%{_libdir}/%{name}/libsss_krb5_common.so
|
||||
+%{_libdir}/%{name}/libsss_ldap_common.so
|
||||
+%{_libdir}/%{name}/libsss_util.so
|
||||
+
|
||||
%{ldb_modulesdir}/memberof.so
|
||||
%{_bindir}/sss_ssh_authorizedkeys
|
||||
%{_bindir}/sss_ssh_knownhostsproxy
|
||||
--
|
||||
1.8.1.2
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
diff -up sssd-1.8.96/src/man/sssd-krb5.5.xml.ccache sssd-1.8.96/src/man/sssd-krb5.5.xml
|
||||
--- sssd-1.8.96/src/man/sssd-krb5.5.xml.ccache 2012-08-24 17:08:01.619610422 +0200
|
||||
+++ sssd-1.8.96/src/man/sssd-krb5.5.xml 2012-08-24 17:09:15.447826123 +0200
|
||||
@@ -148,7 +148,7 @@
|
||||
</citerefentry> for details) is created.
|
||||
</para>
|
||||
<para>
|
||||
- Default: /tmp
|
||||
+ Default: /run/user/%U
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@@ -208,7 +208,7 @@
|
||||
used to create a unique filename in a safe way.
|
||||
</para>
|
||||
<para>
|
||||
- Default: FILE:%d/krb5cc_%U_XXXXXX
|
||||
+ Default: DIR:%d/krb5cc
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
2
sources
2
sources
|
@ -1 +1 @@
|
|||
a72cda079a287e62a4beaa4d4f48fa89 sssd-1.9.4.tar.gz
|
||||
1aa92011bf08adaf66199c28a2973c9a sssd-1.11.5.1.tar.gz
|
||||
|
|
546
sssd.spec
546
sssd.spec
|
@ -1,22 +1,14 @@
|
|||
%if ! (0%{?fedora} > 12 || 0%{?rhel} > 5)
|
||||
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
|
||||
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
|
||||
%endif
|
||||
|
||||
# we don't want to provide private python extension libs
|
||||
%define __provides_exclude_from %{python_sitearch}/.*\.so$
|
||||
|
||||
%if (0%{?fedora} > 15)
|
||||
%define _hardened_build 1
|
||||
%endif
|
||||
|
||||
# Determine the location of the LDB modules directory
|
||||
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
|
||||
%global ldb_version 1.1.15
|
||||
%global ldb_version 1.1.16
|
||||
|
||||
Name: sssd
|
||||
Version: 1.9.4
|
||||
Release: 9%{?dist}
|
||||
Version: 1.11.5.1
|
||||
Release: 1%{?dist}
|
||||
Group: Applications/System
|
||||
Summary: System Security Services Daemon
|
||||
License: GPLv3+
|
||||
|
@ -25,28 +17,16 @@ Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
|
|||
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
||||
|
||||
### Patches ###
|
||||
Patch0001: 0001-krb-recreate-ccache-if-it-was-deleted.patch
|
||||
Patch0002: 0002-Don-t-use-srcdir-with-tests.patch
|
||||
Patch0003: 0003-krb5-include-backwards-compatible-declaration-of-krb.patch
|
||||
Patch0004: 0004-subdomains-replace-invalid-characters-with-underscor.patch
|
||||
Patch0005: 0005-Fix-the-krb5-password-expiration-warning.patch
|
||||
Patch0006: 0006-BUILD-Build-shared-components-as-an-internal-shared-.patch
|
||||
|
||||
Patch0501: 0501-FEDORA-Switch-the-default-ccache-location.patch
|
||||
|
||||
### Dependencies ###
|
||||
|
||||
Conflicts: selinux-policy < 3.10.0-46
|
||||
Requires: libldb%{?_isa} = %{ldb_version}
|
||||
Requires: libtdb%{?_isa} >= 1.1.3
|
||||
Requires: sssd-client%{?_isa} = %{version}-%{release}
|
||||
Requires: cyrus-sasl-gssapi%{?_isa}
|
||||
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
|
||||
Requires: libsss_idmap%{?_isa} = %{version}-%{release}
|
||||
Requires: krb5-libs%{?_isa} >= 1.10
|
||||
Requires(post): systemd-units initscripts chkconfig
|
||||
Requires(preun): systemd-units initscripts chkconfig
|
||||
Requires(postun): systemd-units initscripts chkconfig
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-ldap = %{version}-%{release}
|
||||
Requires: sssd-krb5 = %{version}-%{release}
|
||||
Requires: sssd-ipa = %{version}-%{release}
|
||||
Requires: sssd-common-pac = %{version}-%{release}
|
||||
Requires: sssd-ad = %{version}-%{release}
|
||||
Requires: sssd-proxy = %{version}-%{release}
|
||||
Requires: python-sssdconfig = %{version}-%{release}
|
||||
|
||||
%global servicename sssd
|
||||
%global sssdstatedir %{_localstatedir}/lib/sss
|
||||
|
@ -61,20 +41,14 @@ BuildRequires: autoconf
|
|||
BuildRequires: automake
|
||||
BuildRequires: libtool
|
||||
BuildRequires: m4
|
||||
%{?fedora:BuildRequires: popt-devel}
|
||||
%if 0%{?rhel} <= 5
|
||||
BuildRequires: popt
|
||||
%endif
|
||||
%if 0%{?rhel} >= 6
|
||||
BuildRequires: popt-devel
|
||||
%endif
|
||||
BuildRequires: libtalloc-devel
|
||||
BuildRequires: libtevent-devel
|
||||
BuildRequires: libtdb-devel
|
||||
BuildRequires: libldb-devel = %{ldb_version}
|
||||
BuildRequires: libdhash-devel >= 0.4.2
|
||||
BuildRequires: libcollection-devel
|
||||
BuildRequires: libini_config-devel
|
||||
BuildRequires: libini_config-devel >= 1.0.0.1
|
||||
BuildRequires: dbus-devel
|
||||
BuildRequires: dbus-libs
|
||||
BuildRequires: openldap-devel
|
||||
|
@ -94,7 +68,7 @@ BuildRequires: libselinux-devel
|
|||
BuildRequires: libsemanage-devel
|
||||
BuildRequires: bind-utils
|
||||
BuildRequires: keyutils-libs-devel
|
||||
BuildRequires: libnl-devel
|
||||
BuildRequires: libnl3-devel
|
||||
BuildRequires: gettext-devel
|
||||
BuildRequires: pkgconfig
|
||||
BuildRequires: glib2-devel
|
||||
|
@ -102,6 +76,9 @@ BuildRequires: diffstat
|
|||
BuildRequires: findutils
|
||||
BuildRequires: samba4-devel >= samba4-4.0.0-59beta2
|
||||
BuildRequires: selinux-policy-targeted
|
||||
%ifarch %{ix86} x86_64 %{arm}
|
||||
BuildRequires: libcmocka-devel
|
||||
%endif
|
||||
|
||||
%description
|
||||
Provides a set of daemons to manage access to remote directories and
|
||||
|
@ -110,6 +87,40 @@ the system and a pluggable backend system to connect to multiple different
|
|||
account sources. It is also the basis to provide client auditing and policy
|
||||
services for projects like FreeIPA.
|
||||
|
||||
The sssd subpackage is a meta-package that contains the deamon as well as all
|
||||
the existing back ends.
|
||||
|
||||
%package common
|
||||
Summary: Common files for the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
# Conflicts
|
||||
Conflicts: selinux-policy < 3.10.0-46
|
||||
Conflicts: sssd < 1.10.0-8%{?dist}.beta2
|
||||
# Requires
|
||||
Requires: libldb%{?_isa} = %{ldb_version}
|
||||
Requires: libtdb%{?_isa} >= 1.1.3
|
||||
Requires: sssd-client%{?_isa} = %{version}-%{release}
|
||||
Requires: libsss_idmap%{?_isa} = %{version}-%{release}
|
||||
Requires: libini_config >= 1.0.0.1
|
||||
Requires(post): systemd-units chkconfig
|
||||
Requires(preun): systemd-units chkconfig
|
||||
Requires(postun): systemd-units chkconfig
|
||||
|
||||
|
||||
### Provides ###
|
||||
Provides: libsss_sudo = %{version}-%{release}
|
||||
Obsoletes: libsss_sudo <= 1.10.0-7%{?dist}.beta1
|
||||
Provides: libsss_sudo-devel = %{version}-%{release}
|
||||
Obsoletes: libsss_sudo-devel <= 1.10.0-7%{?dist}.beta1
|
||||
Provides: libsss_autofs = %{version}-%{release}
|
||||
Obsoletes: libsss_autofs <= 1.10.0-7%{?dist}.beta1
|
||||
|
||||
%description common
|
||||
Common files for the SSSD. The common package includes all the files needed
|
||||
to run a particular back end, however, the back ends are packaged in separate
|
||||
subpackages such as sssd-ldap.
|
||||
|
||||
%package client
|
||||
Summary: SSSD Client libraries for NSS and PAM
|
||||
Group: Applications/System
|
||||
|
@ -125,7 +136,7 @@ service.
|
|||
Summary: Userspace tools for use with the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Requires: sssd = %{version}-%{release}
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
||||
%description tools
|
||||
Provides userspace tools for manipulating users, groups, and nested groups in
|
||||
|
@ -136,6 +147,110 @@ Also provides several other administrative tools:
|
|||
* sss_seed which pre-creates a user entry for use in kickstarts
|
||||
* sss_obfuscate for generating an obfuscated LDAP password
|
||||
|
||||
%package -n python-sssdconfig
|
||||
Summary: SSSD and IPA configuration file manipulation classes and functions
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
BuildArch: noarch
|
||||
|
||||
%description -n python-sssdconfig
|
||||
Provides python files for manipulation SSSD and IPA configuration files.
|
||||
|
||||
%package ldap
|
||||
Summary: The LDAP back end of the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Conflicts: sssd < 1.10.0-8.beta2
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-krb5-common = %{version}-%{release}
|
||||
|
||||
%description ldap
|
||||
Provides the LDAP back end that the SSSD can utilize to fetch identity data
|
||||
from and authenticate against an LDAP server.
|
||||
|
||||
%package krb5-common
|
||||
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Conflicts: sssd < 1.10.0-8.beta2
|
||||
Requires: cyrus-sasl-gssapi%{?_isa}
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
||||
%description krb5-common
|
||||
Provides helper processes that the LDAP and Kerberos back ends can use for
|
||||
Kerberos user or host authentication.
|
||||
|
||||
%package krb5
|
||||
Summary: The Kerberos authentication back end for the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Conflicts: sssd < 1.10.0-8.beta2
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-krb5-common = %{version}-%{release}
|
||||
|
||||
%description krb5
|
||||
Provides the Kerberos back end that the SSSD can utilize authenticate
|
||||
against a Kerberos server.
|
||||
|
||||
# RHEL 5 is too old to support the PAC responder
|
||||
%if !0%{?is_rhel5}
|
||||
%package common-pac
|
||||
Summary: Common files needed for supporting PAC processing
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
||||
%description common-pac
|
||||
Provides common files needed by SSSD providers such as IPA and Active Directory
|
||||
for handling Kerberos PACs.
|
||||
%endif #is_rhel5
|
||||
|
||||
%package ipa
|
||||
Summary: The IPA back end of the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Conflicts: sssd < 1.10.0-8.beta2
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-krb5-common = %{version}-%{release}
|
||||
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
|
||||
Requires: bind-utils
|
||||
# RHEL 5 is too old to support the PAC responder
|
||||
%if !0%{?is_rhel5}
|
||||
Requires: sssd-common-pac = %{version}-%{release}
|
||||
%endif
|
||||
|
||||
%description ipa
|
||||
Provides the IPA back end that the SSSD can utilize to fetch identity data
|
||||
from and authenticate against an IPA server.
|
||||
|
||||
%package ad
|
||||
Summary: The AD back end of the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Conflicts: sssd < 1.10.0-8.beta2
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
Requires: sssd-krb5-common = %{version}-%{release}
|
||||
Requires: bind-utils
|
||||
# RHEL 5 is too old to support the PAC responder
|
||||
%if !0%{?is_rhel5}
|
||||
Requires: sssd-common-pac = %{version}-%{release}
|
||||
%endif
|
||||
|
||||
%description ad
|
||||
Provides the Active Directory back end that the SSSD can utilize to fetch
|
||||
identity data from and authenticate against an Active Directory server.
|
||||
|
||||
%package proxy
|
||||
Summary: The proxy back end of the SSSD
|
||||
Group: Applications/System
|
||||
License: GPLv3+
|
||||
Conflicts: sssd < 1.10.0-8.beta2
|
||||
Requires: sssd-common = %{version}-%{release}
|
||||
|
||||
%description proxy
|
||||
Provides the proxy back end which can be used to wrap an existing NSS and/or
|
||||
PAM modules to leverage SSSD caching.
|
||||
|
||||
%package -n libsss_idmap
|
||||
Summary: FreeIPA Idmap library
|
||||
Group: Development/Libraries
|
||||
|
@ -184,25 +299,34 @@ Requires: libipa_hbac = %{version}-%{release}
|
|||
The libipa_hbac-python contains the bindings so that libipa_hbac can be
|
||||
used by Python applications.
|
||||
|
||||
%package -n libsss_sudo
|
||||
Summary: A library to allow communication between SUDO and SSSD
|
||||
%package -n libsss_nss_idmap
|
||||
Summary: Library for SID based lookups
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
Requires(post): /sbin/ldconfig
|
||||
Requires(postun): /sbin/ldconfig
|
||||
Requires: sssd = %{version}-%{release}
|
||||
|
||||
%description -n libsss_sudo
|
||||
A utility library to allow communication between SUDO and SSSD
|
||||
%description -n libsss_nss_idmap
|
||||
Utility library for SID based lookups
|
||||
|
||||
%package -n libsss_sudo-devel
|
||||
Summary: A library to allow communication between SUDO and SSSD
|
||||
%package -n libsss_nss_idmap-devel
|
||||
Summary: Library for SID based lookups
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
Requires: libsss_sudo = %{version}-%{release}
|
||||
Requires: libsss_nss_idmap = %{version}-%{release}
|
||||
|
||||
%description -n libsss_sudo-devel
|
||||
A utility library to allow communication between SUDO and SSSD
|
||||
%description -n libsss_nss_idmap-devel
|
||||
Utility library for SID based lookups
|
||||
|
||||
%package -n libsss_nss_idmap-python
|
||||
Summary: Python bindings for libsss_nss_idmap
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
Requires: libsss_nss_idmap = %{version}-%{release}
|
||||
|
||||
%description -n libsss_nss_idmap-python
|
||||
The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can
|
||||
be used by Python applications.
|
||||
|
||||
%prep
|
||||
# Update timestamps on the files touched by a patch, to avoid non-equal
|
||||
|
@ -236,12 +360,12 @@ autoreconf -ivf
|
|||
--with-mcache-path=%{mcpath} \
|
||||
--with-init-dir=%{_initrddir} \
|
||||
--with-krb5-rcache-dir=%{_localstatedir}/cache/krb5rcache \
|
||||
--with-default-ccache-dir=/run/user/%U \
|
||||
--with-default-ccname-template=DIR:%d/krb5cc \
|
||||
--enable-nsslibdir=/%{_lib} \
|
||||
--enable-pammoddir=/%{_lib}/security \
|
||||
--enable-nsslibdir=%{_libdir} \
|
||||
--enable-pammoddir=%{_libdir}/security \
|
||||
--enable-ldb-version-check \
|
||||
--disable-static \
|
||||
--disable-rpath \
|
||||
--with-initscript=systemd \
|
||||
--with-test-dir=/dev/shm
|
||||
|
||||
make %{?_smp_mflags} all docs
|
||||
|
@ -283,14 +407,19 @@ find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
|
|||
rm -Rf ${RPM_BUILD_ROOT}/%{_docdir}/%{name}
|
||||
|
||||
# Older versions of rpmbuild can only handle one -f option
|
||||
# So we need to append to the sssd.lang file
|
||||
# So we need to append to the sssd*.lang file
|
||||
for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
|
||||
do
|
||||
echo %{python_sitelib}/`basename $file` >> sssd.lang
|
||||
echo %{python_sitelib}/`basename $file` >> python_sssdconfig.lang
|
||||
done
|
||||
|
||||
touch sssd_tools.lang
|
||||
touch sssd_client.lang
|
||||
for provider in ldap krb5 ipa ad proxy
|
||||
do
|
||||
touch sssd_$provider.lang
|
||||
done
|
||||
|
||||
for man in `find $RPM_BUILD_ROOT/%{_mandir}/??/man?/ -type f | sed -e "s#$RPM_BUILD_ROOT/%{_mandir}/##"`
|
||||
do
|
||||
lang=`echo $man | cut -c 1-2`
|
||||
|
@ -307,8 +436,20 @@ do
|
|||
pam_sss*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
|
||||
;;
|
||||
sssd_krb5_locator_plugin*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang
|
||||
sssd-ldap*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang
|
||||
;;
|
||||
sssd-krb5*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_krb5.lang
|
||||
;;
|
||||
sssd-ipa*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ipa.lang
|
||||
;;
|
||||
sssd-ad*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ad.lang
|
||||
;;
|
||||
sssd-proxy*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_proxy.lang
|
||||
;;
|
||||
*)
|
||||
echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd.lang
|
||||
|
@ -326,11 +467,21 @@ cat sssd_client.lang
|
|||
echo "sssd_tools.lang:"
|
||||
cat sssd_tools.lang
|
||||
|
||||
for provider in ldap krb5 ipa ad proxy
|
||||
do
|
||||
echo "sssd_$provider.lang:"
|
||||
cat sssd_$provider.lang
|
||||
done
|
||||
|
||||
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%files -f sssd.lang
|
||||
%files
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
|
||||
%files common -f sssd.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%doc src/examples/sssd-example.conf
|
||||
|
@ -338,33 +489,27 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_sbindir}/sssd
|
||||
|
||||
%dir %{_libexecdir}/%{servicename}
|
||||
%{_libexecdir}/%{servicename}/krb5_child
|
||||
%{_libexecdir}/%{servicename}/ldap_child
|
||||
%{_libexecdir}/%{servicename}/proxy_child
|
||||
%{_libexecdir}/%{servicename}/sssd_be
|
||||
%{_libexecdir}/%{servicename}/sssd_nss
|
||||
%{_libexecdir}/%{servicename}/sssd_pam
|
||||
%{_libexecdir}/%{servicename}/sssd_autofs
|
||||
%{_libexecdir}/%{servicename}/sssd_ssh
|
||||
%{_libexecdir}/%{servicename}/sssd_sudo
|
||||
%{_libexecdir}/%{servicename}/sssd_pac
|
||||
|
||||
%dir %{_libdir}/%{name}
|
||||
%{_libdir}/%{name}/libsss_ipa.so
|
||||
%{_libdir}/%{name}/libsss_krb5.so
|
||||
%{_libdir}/%{name}/libsss_ldap.so
|
||||
%{_libdir}/%{name}/libsss_proxy.so
|
||||
%{_libdir}/%{name}/libsss_simple.so
|
||||
%{_libdir}/%{name}/libsss_ad.so
|
||||
|
||||
#Internal shared libraries
|
||||
%{_libdir}/%{name}/libsss_child.so
|
||||
%{_libdir}/%{name}/libsss_crypt.so
|
||||
%{_libdir}/%{name}/libsss_debug.so
|
||||
%{_libdir}/%{name}/libsss_krb5_common.so
|
||||
%{_libdir}/%{name}/libsss_ldap_common.so
|
||||
%{_libdir}/%{name}/libsss_util.so
|
||||
|
||||
# 3rd party application libraries
|
||||
%{_libdir}/sssd/modules/libsss_autofs.so
|
||||
%{_libdir}/libsss_sudo.so
|
||||
|
||||
%{ldb_modulesdir}/memberof.so
|
||||
%{_bindir}/sss_ssh_authorizedkeys
|
||||
%{_bindir}/sss_ssh_knownhostsproxy
|
||||
|
@ -378,7 +523,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %{mcpath}/group
|
||||
%attr(755,root,root) %dir %{pipepath}
|
||||
%attr(755,root,root) %dir %{pubconfpath}
|
||||
%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
|
||||
%attr(700,root,root) %dir %{pipepath}/private
|
||||
%attr(750,root,root) %dir %{_var}/log/%{name}
|
||||
%attr(700,root,root) %dir %{_sysconfdir}/sssd
|
||||
|
@ -391,25 +535,64 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
|
||||
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
|
||||
%{_mandir}/man5/sssd.conf.5*
|
||||
%{_mandir}/man5/sssd-ipa.5*
|
||||
%{_mandir}/man5/sssd-krb5.5*
|
||||
%{_mandir}/man5/sssd-ldap.5*
|
||||
%{_mandir}/man5/sssd-simple.5*
|
||||
%{_mandir}/man5/sssd-ad.5*
|
||||
%{_mandir}/man5/sssd-sudo.5*
|
||||
%{_mandir}/man8/sssd.8*
|
||||
%{_mandir}/man8/sss_cache.8*
|
||||
|
||||
%{python_sitearch}/pysss.so
|
||||
%{python_sitearch}/pysss_murmur.so
|
||||
%dir %{python_sitelib}/SSSDConfig
|
||||
%{python_sitelib}/SSSDConfig/*.py*
|
||||
|
||||
%files ldap -f sssd_ldap.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%{_libdir}/%{name}/libsss_ldap.so
|
||||
%{_mandir}/man5/sssd-ldap.5*
|
||||
|
||||
%files krb5-common
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%{_libdir}/%{name}/libsss_krb5_common.so
|
||||
%{_libexecdir}/%{servicename}/ldap_child
|
||||
%{_libexecdir}/%{servicename}/krb5_child
|
||||
|
||||
%files krb5 -f sssd_krb5.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%{_libdir}/%{name}/libsss_krb5.so
|
||||
%{_mandir}/man5/sssd-krb5.5*
|
||||
|
||||
# RHEL 5 is too old to support the PAC responder
|
||||
%if !0%{?is_rhel5}
|
||||
%files common-pac
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%{_libexecdir}/%{servicename}/sssd_pac
|
||||
%endif
|
||||
|
||||
%files ipa -f sssd_ipa.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%attr(755,root,root) %dir %{pubconfpath}/krb5.include.d
|
||||
%{_libdir}/%{name}/libsss_ipa.so
|
||||
%{_mandir}/man5/sssd-ipa.5*
|
||||
|
||||
%files ad -f sssd_ad.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%{_libdir}/%{name}/libsss_ad.so
|
||||
%{_mandir}/man5/sssd-ad.5*
|
||||
|
||||
%files proxy
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%{_libexecdir}/%{servicename}/proxy_child
|
||||
%{_libdir}/%{name}/libsss_proxy.so
|
||||
|
||||
%files client -f sssd_client.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
/%{_lib}/libnss_sss.so.2
|
||||
/%{_lib}/security/pam_sss.so
|
||||
%{_libdir}/libnss_sss.so.2
|
||||
%{_libdir}/security/pam_sss.so
|
||||
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
|
||||
%{_libdir}/krb5/plugins/authdata/sssd_pac_plugin.so
|
||||
%{_mandir}/man8/pam_sss.8*
|
||||
|
@ -439,6 +622,11 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%{_mandir}/man8/sss_debuglevel.8*
|
||||
%{_mandir}/man8/sss_seed.8*
|
||||
|
||||
%files -n python-sssdconfig -f python_sssdconfig.lang
|
||||
%defattr(-,root,root,-)
|
||||
%dir %{python_sitelib}/SSSDConfig
|
||||
%{python_sitelib}/SSSDConfig/*.py*
|
||||
|
||||
%files -n libsss_idmap
|
||||
%defattr(-,root,root,-)
|
||||
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
|
@ -467,55 +655,36 @@ rm -rf $RPM_BUILD_ROOT
|
|||
%defattr(-,root,root,-)
|
||||
%{python_sitearch}/pyhbac.so
|
||||
|
||||
%package -n libsss_autofs
|
||||
Summary: A library to allow communication between Autofs and SSSD
|
||||
Group: Development/Libraries
|
||||
License: LGPLv3+
|
||||
|
||||
%description -n libsss_autofs
|
||||
A utility library to allow communication between Autofs and SSSD
|
||||
|
||||
%files -n libsss_sudo
|
||||
%files -n libsss_nss_idmap
|
||||
%defattr(-,root,root,-)
|
||||
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
%{_libdir}/libsss_sudo.so*
|
||||
%{_libdir}/libsss_nss_idmap.so.*
|
||||
|
||||
%files -n libsss_sudo-devel
|
||||
%doc libsss_sudo_doc/html
|
||||
%{_includedir}/sss_sudo.h
|
||||
|
||||
%files -n libsss_autofs
|
||||
%files -n libsss_nss_idmap-devel
|
||||
%defattr(-,root,root,-)
|
||||
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
|
||||
%{_libdir}/sssd/modules/libsss_autofs.so*
|
||||
%doc nss_idmap_doc/html
|
||||
%{_includedir}/sss_nss_idmap.h
|
||||
%{_libdir}/libsss_nss_idmap.so
|
||||
%{_libdir}/pkgconfig/sss_nss_idmap.pc
|
||||
|
||||
%post
|
||||
%files -n libsss_nss_idmap-python
|
||||
%defattr(-,root,root,-)
|
||||
%{python_sitearch}/pysss_nss_idmap.so
|
||||
|
||||
%post common
|
||||
if [ $1 -ge 1 ] ; then
|
||||
# Initial installation
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%preun
|
||||
%preun common
|
||||
if [ $1 -eq 0 ]; then
|
||||
# Package removal, not upgrade
|
||||
/bin/systemctl --no-reload disable sssd.service > /dev/null 2>&1 || :
|
||||
/bin/systemctl stop sssd.service > /dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
%triggerun -- sssd < %{version}-%{release}
|
||||
if /sbin/chkconfig --level 3 sssd ; then
|
||||
/bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
if /sbin/chkconfig --level 5 sssd ; then
|
||||
/bin/systemctl --no-reload enable sssd.service >/dev/null 2>&1 || :
|
||||
fi
|
||||
|
||||
/sbin/chkconfig --del sssd >/dev/null 2>&1 || :
|
||||
|
||||
|
||||
|
||||
%postun
|
||||
%postun common
|
||||
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
|
||||
if [ $1 -ge 1 ] ; then
|
||||
/bin/systemctl try-restart sssd.service >/dev/null 2>&1 || :
|
||||
|
@ -533,12 +702,155 @@ fi
|
|||
|
||||
%postun -n libsss_idmap -p /sbin/ldconfig
|
||||
|
||||
%post -n libsss_sudo -p /sbin/ldconfig
|
||||
|
||||
%postun -n libsss_sudo -p /sbin/ldconfig
|
||||
|
||||
%changelog
|
||||
* Fri Mar 01 2013 Stpehen Gallagher <sgallagh@redhat.com> - 1.9.5-9
|
||||
* Fri Apr 11 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5.1-1
|
||||
- New upstream release 1.11.5.1
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1
|
||||
|
||||
* Tue Apr 08 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.5-1
|
||||
- New upstream release 1.11.5
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5
|
||||
|
||||
* Mon Feb 17 2014 Jakub Hrozek <jhrozek@redhat.com> - 1.11.4-1
|
||||
- New upstream release 1.11.4
|
||||
- Remove upstreamed patch
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4
|
||||
|
||||
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.3-1
|
||||
- New upstream release 1.11.3
|
||||
- Remove upstreamed patches
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3
|
||||
|
||||
* Wed Oct 30 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.2-1
|
||||
- New upstream release 1.11.2
|
||||
- Remove upstreamed patches
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2
|
||||
|
||||
* Wed Oct 16 2013 Sumit Bose <sbose@redhat.com> - 1.11.1-4
|
||||
- Fix potential crash with external groups in trusted IPA-AD setup
|
||||
|
||||
* Tue Oct 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-3
|
||||
- Fix failover from Global Catalog to LDAP in case GC is not available
|
||||
|
||||
* Fri Oct 04 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-2
|
||||
- Remove the ability to create public ccachedir (#1015089)
|
||||
|
||||
* Fri Sep 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.1-1
|
||||
- New upstream release 1.11.1
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1
|
||||
|
||||
* Thu Sep 26 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-3
|
||||
- Fix multicast checks in the SSSD
|
||||
- Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source
|
||||
code getting the host info
|
||||
|
||||
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-2
|
||||
- Backport simplification of ccache management from 1.11.1
|
||||
- Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login
|
||||
|
||||
* Wed Aug 28 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-1
|
||||
- New upstream release 1.11.0
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0
|
||||
|
||||
* Fri Aug 23 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0-0.2.beta2
|
||||
- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid:
|
||||
Process /usr/libexec/sssd/sssd_nss was killed by
|
||||
signal 11 (SIGSEGV)
|
||||
- Resolves: #996214 - sssd proxy_child segfault
|
||||
|
||||
* Wed Aug 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.11.0beta2
|
||||
- New upstream release 1.11 beta 2
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2
|
||||
|
||||
* Wed Jul 31 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-2
|
||||
- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and
|
||||
pam libraries
|
||||
|
||||
* Thu Jul 18 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.1-1
|
||||
- New upstream release 1.10.1
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1
|
||||
|
||||
* Mon Jul 08 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-17
|
||||
- sssd-tools should require sssd-common, not sssd
|
||||
|
||||
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-16
|
||||
- Move sssd_pac to the sssd-ipa and sssd-ad subpackages
|
||||
- Trim out RHEL5-specific macros since we don't build on RHEL 5
|
||||
- Trim out macros for Fedora older than F18
|
||||
- Update libldb requirement to 1.1.16
|
||||
- Trim RPM changelog down to the last year
|
||||
|
||||
* Tue Jul 02 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-15
|
||||
- Move sssd_pac to the sssd-krb5 subpackage
|
||||
|
||||
* Mon Jul 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.10.0-14
|
||||
- Fix Obsoletes: to account for dist tag
|
||||
- Convert post and pre scripts to run on the sssd-common subpackage
|
||||
- Remove old conversion from SYSV
|
||||
|
||||
* Thu Jun 27 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-13
|
||||
- New upstream release 1.10
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0
|
||||
|
||||
* Mon Jun 17 2013 Dan Horák <dan[at]danny.cz> - 1.10.0-12.beta2
|
||||
- the cmocka toolkit exists only on selected arches
|
||||
|
||||
* Sun Jun 16 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-11.beta2
|
||||
- Apply a number of patches from upstream to fix issues found post-beta,
|
||||
in particular:
|
||||
-- segfault with a high DEBUG level
|
||||
-- Fix IPA password migration (upstream #1873)
|
||||
-- Fix fail over when retrying SRV resolution (upstream #1886)
|
||||
|
||||
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-10.beta2
|
||||
- Only BuildRequire libcmocka on Fedora
|
||||
|
||||
* Thu Jun 13 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-9.beta2
|
||||
- Fix typo in Requires that prevented an upgrade (#973916)
|
||||
- Use a hardcoded version in Conflicts, not less-than-current
|
||||
|
||||
* Wed Jun 12 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-8.beta2
|
||||
- New upstream release 1.10 beta2
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2
|
||||
- BuildRequire libcmocka-devel in order to run all upstream tests during build
|
||||
- BuildRequire libnl3 instead of libnl1
|
||||
- No longer BuildRequire initscripts, we no longer use /sbin/service
|
||||
- Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any
|
||||
older krb5-libs version
|
||||
|
||||
* Thu Jun 06 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-7.beta1
|
||||
- Enable hardened build for RHEL7
|
||||
|
||||
* Fri May 24 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-6.beta1
|
||||
- Apply a couple of patches from upstream git that resolve crashes when
|
||||
ID mapping object was not initialized properly but needed later
|
||||
|
||||
* Tue May 14 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-5.beta1
|
||||
- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during
|
||||
realm join
|
||||
- Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by
|
||||
default for AD Provider
|
||||
- Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file
|
||||
parent directory when logging in
|
||||
|
||||
* Tue May 7 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-4.beta1
|
||||
- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug
|
||||
in ding-libs
|
||||
- Fix SSH integration with fully-qualified domains
|
||||
- Add the ability to dynamically discover the NetBIOS name
|
||||
|
||||
* Fri May 3 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-3.beta1
|
||||
- New upstream release 1.10 beta1
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1
|
||||
|
||||
* Wed Apr 17 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-2.alpha1
|
||||
- Add a patch to fix krb5 ccache creation issue with krb5 1.11
|
||||
|
||||
* Tue Apr 2 2013 Jakub Hrozek <jhrozek@redhat.com> - 1.10.0-1.alpha1
|
||||
- New upstream release 1.10 alpha1
|
||||
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1
|
||||
|
||||
* Fri Mar 01 2013 Stephen Gallagher <sgallagh@redhat.com> - 1.9.4-9
|
||||
- Split internal helper libraries into a shared object
|
||||
- Significantly reduce disk-space usage
|
||||
|
||||
|
|
Loading…
Reference in New Issue