63ef38d783
David O'Brien (1): Copy-edit sssd-ipa man page
Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create
reference to the top level collection COLLECTION: Cleaning FIXME
comments INI: Cleaning FIXME comments. INI Correcting build warnings.
Fabian Affolter (1): Add German translation
Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish
translation for SSSD server
Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not
migrate Data Provider Free the PCRE regexp with destructor Do not
delete users, groups outside domain range Add missing include IPA time
rules parsing routines Fix regression in error message when deleting
groups Assorted manpage fixes Make the password field configurable in
NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around
ipachangeconf Change the upgrade script to use ipachangeconf Convert
SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config
fixes for SSSD 0.6 and later Split helpers for child processes Get TGT
in a child process. Warn visibly about permission problems with the
config file Better error message when there is no local domain
configured Setup ldap child logging from IPA backend Check the services
started against a list of known services Handle spaces in config parser
Fail on nonexistent input file Do not start with provider=files Reduce
code duplication between LDAP child and Kerberos child Change ares
usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't
build the SRV and TXT parsing code except for tests Document the
failover feature in manpages Consolidate code for splitting strings by
separator
Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free
in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference
counting wrappers for talloc Add fail over utility functions Fix
egg-info file generation in the spec file Add some debugging statements
to fail_over and resolver Correctly restart server status after the
timeout
Piotr Drąg (1): Updating polish translation for 0.7.0
Simo Sorce (65): Copy option overrides. Read the right buffer, avoids
potential segfaults Add IPA conf template Zero pointers on free Use
standard coding practice to set last login Fix segfault Add proper
support for IPA/AD schemas Move responsibility for entry expiration
timeout Kill the ldap connection when we go offline Tidy up ipa options
Add support to get rootDSE from the LDAP server. Fix segfault when SASL
is not used at all Rename sdap_id_map to sdap_attr_map Make available
method to quickly retrive string Make useful function more broadly
available. Store the original memberof attributes if any Unify parse
routines, use maps in generic searches Fix and enhance initgroups call
Unify code to use the generic search interface Reorganize ldap id
provider files Split async helpers in multiple files Always set last
update and expire time Fix build Fix ldap driver Check return, zero
free hostent, adhere to style Fix enumerations Fix tevent_req error
checking. Refactor delete functions and add a few Add cleanup task Try
to fix offline logins Fix double free case. Fix check_cache bug in
dealing with the callback Change var name to make its use more clear.
Fix crash due to uninitialized timeout variable Change initgroups code
to use and check the cache Change the pam code to perform an initgroups
call Store initgr expire time on initgr call Failover fixes and
additions Better behavior on cleanup Correctly escape DN value. Add
reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id
range before actually storing entries. Raise some timeouts Add initial
failover support for ldap and ipa Fix ticket #289 Fix internal options
numbers test In IPA, the realm is always the domain uppercased. Fix
tabs Fix memberof plugin Compute and save memberuid in cache as well
Use memberuid and not member in group enumerations Use the custom
password field in groups too. Resolve nested groups also when
rfc2307bis is used Make strdn build functions more available Fix nested
group memberships Allow nesting to fix #310 Fix bug #311, properly set
callback attribute Change dhash API to be talloc-friendly dhash: Add
private pointer for delete callback Add comments to document latest
changes Add rebuild task to memberof plugin Handle the special 02
upgrade case for 04->05 Fix for #316 Fix for #322, update from old
database versions.
Stephen Gallagher (60): Remove DP from example configuration Remove [dp]
section from example config Fix sssd.api.conf with correct
entry_cache_timeout Clean up warnings in dhash tests Make
config_file_version a hidden setting in SSSDConfig API Remove
magic_private_groups from SSSDConfig API schema Add support for option
descriptions to SSSDConfig API Localize SSSDConfig strings Add complete
pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify
debug_fn() Add configure check for sasl.h Update midpoint refresh logic
to be relative to cache timeout Increase the sbus dispatch DEBUG level
to 9 Build files.c only for tools Clean up unused dependencies Update
sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault
on unknown user/domain Fix Requires: sssd-client line in specfile Make
the sysdb user and group names case-sensitive Upgrade cache and local
databases to case-sensitive names Update translatable strings Fix sysdb
upgrade bug Add empty NL translation Only display errors in unit tests
Update PL translation Update NL translation Make backend request type a
bitfield Speed up user requests while offline Update translation
strings for string freeze Fix bug with bad ldb pkg-config files Update
version to 0.99.0 Remove ELAPI from build and tarball Stop configuring
ELAPI Make debug log timestamps human-readable Raise debug log level
for LDB_DEBUG_WARNING Add allocation error check Avoid returning
uninitialized result. Fix potential uninitialized value errors in
nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c
SSSDDomain.remove_provider() requires only the provider type Make
SSSDDomain.remove_provider() remove configured options Run dhash tests
Add SSSDDomain.set_name() function to SSSDConfig API Reduce the
verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set()
function Fix SSSDConfig API bugs around [de-]activation of domains Fix
RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain()
SSSDConfig.get_domain() should properly detect active state Ensure that
list_active_domains returns the real value Properly deny
id_provider=files Add missing options to sssd-ipa configuraion Add
missing SSSDConfig file for IPA for make install Fix processing of
Boolean values in SSSDConfig Add 'permit' and 'deny' access providers
to SSSDConfig API Remove default for ldap_use_start_tls in IPA
providers Run SSSDConfig tests during 'make check' Fix stupid
copy-paste error Updating to version 0.99.1
Sumit Bose (45): store original DN with cached group objects if available
added a ASQ search API for sysdb Allow sysdb_search_entry request to
return more than one result Add AM_CFLAGS to unit tests Fix compiler
warnings in krb5_utils-tests. remove old sysdb file before starting
tests set ipa_hostname if not given in config file Make debug message
less irritating. add sysdb_delete_recursive request to sysdb API Add
sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during
recursive delete add replacements for missing Kerberos calls Check is
ccache structure is initialized before calling krb5_cc_destroy added
access module of IPA provider Simplify krb5 child handler Add check for
access-time rules to ipa_access. Add support for host, source host and
user category Fix inconsistent use of krb5_ccname_template Fixes for
proxy provider Make 'permit' the default for the access target Fix
option name krb5_changepw_principal Validate Kerberos credentials with
local keytab Improve handling of ccache files Add ipa_auth Enhance
check for remote hosts Add ldap_pwd_policy option Read KDC info from
file instead from environment Really check return value from
pam_set_item Use ldb modules from build root for tests Make ldb lib dir
configurable Fix an internal error when cache_credentials=FALSE Remove
unneeded debugging code Do not include libsss_ipa.la in rpm package
Immediately return a krb5 change password request when offline Check
LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom
request Do not treat missing proc files as errors. Add basic OS
detection Make packaging of *.egg-info files more flexible Try to renew
Kerberos credentials Add checks to test the memberuid handling Add
offline support for ipa_access Add dummy credentials to an empty ccache
file Always update sysdb to the latest version Fix DEBUG message for
sysdb_init
beckerde (1): Add Spanish translation
deneb (1): Add Italian translation for sss_client
noriko (1): Adding Japanese translation
raven (1): Update PL translation
ruigo (1): Add Portuguese translation
307 lines
9.6 KiB
RPMSpec
307 lines
9.6 KiB
RPMSpec
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib(1))")}
|
|
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")}
|
|
|
|
Name: sssd
|
|
Version: 0.99.1
|
|
Release: 1%{?dist}
|
|
Group: Applications/System
|
|
Summary: System Security Services Daemon
|
|
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
|
|
License: GPLv3+ and LGPLv3+
|
|
URL: http://fedorahosted.org/sssd
|
|
Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz
|
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|
|
|
### Patches ###
|
|
|
|
### Dependencies ###
|
|
|
|
Requires: libldb >= 0.9.3
|
|
Requires: libtdb >= 1.1.3
|
|
Requires: sssd-client = %{version}-%{release}
|
|
Requires: cyrus-sasl-gssapi
|
|
Requires(post): python
|
|
Requires(preun): initscripts chkconfig
|
|
Requires(postun): /sbin/service
|
|
|
|
%define servicename sssd
|
|
%define sssdstatedir %{_localstatedir}/lib/sss
|
|
%define dbpath %{sssdstatedir}/db
|
|
%define pipepath %{sssdstatedir}/pipes
|
|
%define pubconfpath %{sssdstatedir}/pubconf
|
|
|
|
### Build Dependencies ###
|
|
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: libtool
|
|
BuildRequires: m4
|
|
%{?fedora:BuildRequires: popt-devel}
|
|
%if 0%{?rhel} <= 5
|
|
BuildRequires: popt
|
|
%endif
|
|
%if 0%{?rhel} >= 6
|
|
BuildRequires: popt-devel
|
|
%endif
|
|
BuildRequires: libtalloc-devel
|
|
BuildRequires: libtevent-devel
|
|
BuildRequires: libtdb-devel
|
|
BuildRequires: libldb-devel
|
|
BuildRequires: dbus-devel
|
|
BuildRequires: dbus-libs
|
|
BuildRequires: openldap-devel
|
|
BuildRequires: pam-devel
|
|
BuildRequires: nss-devel
|
|
BuildRequires: nspr-devel
|
|
BuildRequires: pcre-devel
|
|
BuildRequires: libxslt
|
|
BuildRequires: libxml2
|
|
BuildRequires: docbook-style-xsl
|
|
BuildRequires: krb5-devel
|
|
BuildRequires: c-ares-devel
|
|
BuildRequires: python-devel
|
|
|
|
%description
|
|
Provides a set of daemons to manage access to remote directories and
|
|
authentication mechanisms. It provides an NSS and PAM interface toward
|
|
the system and a pluggable backend system to connect to multiple different
|
|
account sources. It is also the basis to provide client auditing and policy
|
|
services for projects like FreeIPA.
|
|
|
|
%package client
|
|
Summary: SSSD Client libraries for NSS and PAM
|
|
Group: Applications/System
|
|
|
|
%description client
|
|
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
|
|
service.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
NSS_LIBS=-lnss3 \
|
|
KRB5_LIBS=-lkrb5 \
|
|
%configure \
|
|
--without-tests \
|
|
--with-db-path=%{dbpath} \
|
|
--with-pipe-path=%{pipepath} \
|
|
--with-pubconf-path=%{pubconfpath} \
|
|
--with-init-dir=%{_initrddir} \
|
|
--enable-nsslibdir=/%{_lib}
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
# Prepare language files
|
|
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_daemon
|
|
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client
|
|
|
|
# Copy default sssd.conf file
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
|
install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
|
install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf
|
|
install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/
|
|
|
|
# Remove .la files created by libtool
|
|
rm -f \
|
|
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
|
|
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
|
|
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
|
|
|
|
if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
|
|
then
|
|
# Apppend this file to the sss_daemon.lang
|
|
# Older versions of rpmbuild can only handle one -f option
|
|
echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sss_daemon.lang
|
|
fi
|
|
for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
|
|
do
|
|
echo %{python_sitelib}/`basename $file` >> sss_daemon.lang
|
|
done
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files -f sss_daemon.lang
|
|
%defattr(-,root,root,-)
|
|
%doc COPYING
|
|
%{_initrddir}/%{name}
|
|
%{_sbindir}/sssd
|
|
%{_sbindir}/sss_useradd
|
|
%{_sbindir}/sss_userdel
|
|
%{_sbindir}/sss_usermod
|
|
%{_sbindir}/sss_groupadd
|
|
%{_sbindir}/sss_groupdel
|
|
%{_sbindir}/sss_groupmod
|
|
%{_libexecdir}/%{servicename}/
|
|
%{_libdir}/%{name}/
|
|
%{_libdir}/ldb/memberof.so
|
|
%dir %{sssdstatedir}
|
|
%attr(700,root,root) %dir %{dbpath}
|
|
%attr(755,root,root) %dir %{pipepath}
|
|
%attr(755,root,root) %dir %{pubconfpath}
|
|
%attr(700,root,root) %dir %{pipepath}/private
|
|
%attr(750,root,root) %dir %{_var}/log/%{name}
|
|
%attr(700,root,root) %dir %{_sysconfdir}/sssd
|
|
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
|
%config %{_sysconfdir}/sssd/sssd.api.conf
|
|
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
|
|
%config %{_sysconfdir}/sssd/sssd.api.d/
|
|
%{_mandir}/man5/sssd.conf.5*
|
|
%{_mandir}/man5/sssd-ipa.5*
|
|
%{_mandir}/man5/sssd-krb5.5*
|
|
%{_mandir}/man5/sssd-ldap.5*
|
|
%{_mandir}/man8/sssd.8*
|
|
%{_mandir}/man8/sss_groupadd.8*
|
|
%{_mandir}/man8/sss_groupdel.8*
|
|
%{_mandir}/man8/sss_groupmod.8*
|
|
%{_mandir}/man8/sss_useradd.8*
|
|
%{_mandir}/man8/sss_userdel.8*
|
|
%{_mandir}/man8/sss_usermod.8*
|
|
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
|
|
%{python_sitearch}/pysss.so
|
|
%{python_sitelib}/*.py*
|
|
|
|
|
|
%files client -f sss_client.lang
|
|
%defattr(-,root,root,-)
|
|
/%{_lib}/libnss_sss.so.2
|
|
/%{_lib}/security/pam_sss.so
|
|
%{_mandir}/man8/pam_sss.8*
|
|
|
|
%post
|
|
/sbin/ldconfig
|
|
/sbin/chkconfig --add %{servicename}
|
|
if [ $1 -ge 2 ] ; then
|
|
# a one-time upgrade from confdb v1 to v2, only if upgrading
|
|
python %{_libexecdir}/%{servicename}/upgrade_config.py
|
|
fi
|
|
|
|
%preun
|
|
if [ $1 = 0 ]; then
|
|
/sbin/service %{servicename} stop 2>&1 > /dev/null
|
|
/sbin/chkconfig --del %{servicename}
|
|
fi
|
|
|
|
%postun
|
|
/sbin/ldconfig
|
|
if [ $1 -ge 1 ] ; then
|
|
/sbin/service %{servicename} condrestart 2>&1 > /dev/null
|
|
fi
|
|
|
|
%post client -p /sbin/ldconfig
|
|
|
|
%postun client -p /sbin/ldconfig
|
|
|
|
%changelog
|
|
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
|
|
- New upstream bugfix release 0.99.1
|
|
|
|
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
|
|
- New upstream release 0.99.0
|
|
|
|
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
|
|
- Fix segfault in sssd_pam when cache_credentials was enabled
|
|
- Update the sample configuration
|
|
- Fix upgrade issues caused by data provider service removal
|
|
|
|
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
|
|
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
|
|
|
|
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
|
|
- New upstream release 0.7.0
|
|
|
|
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
|
|
- Fix missing file permissions for sssd-clients
|
|
|
|
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
|
|
- Add SSSDConfig API
|
|
- Update polish translation for 0.6.0
|
|
- Fix long timeout on ldap operation
|
|
- Make dp requests more robust
|
|
|
|
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
|
|
- Ensure that the configuration upgrade script always writes the config
|
|
file with 0600 permissions
|
|
- Eliminate an infinite loop in group enumerations
|
|
|
|
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
|
|
- New upstream release 0.6.0
|
|
|
|
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
|
|
- New upstream release 0.5.0
|
|
|
|
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
|
|
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
|
|
without a password. (Patch by Stephen Gallagher)
|
|
|
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
|
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
|
|
- Fix a couple of segfaults that may happen on reload
|
|
|
|
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
|
|
- add missing configure check that broke stopping the daemon
|
|
- also fix default config to add a missing required option
|
|
|
|
* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
|
|
- latest upstream release.
|
|
- also add a patch that fixes debugging output (potential segfault)
|
|
|
|
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
|
|
- release out of the official 0.3.2 tarball
|
|
|
|
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
|
|
- bugfix release 0.3.2
|
|
- includes previous release patches
|
|
- change permissions of the /etc/sssd/sssd.conf to 0600
|
|
|
|
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
|
|
- Add last minute bug fixes, found in testing the package
|
|
|
|
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
|
|
- Version 0.3.1
|
|
- includes previous release patches
|
|
|
|
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
|
|
- Try to fix build adding automake as an explicit BuildRequire
|
|
- Add also a couple of last minute patches from upstream
|
|
|
|
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
|
|
- Version 0.3.0
|
|
- Provides file based configuration and lots of improvements
|
|
|
|
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
|
|
- Version 0.2.1
|
|
|
|
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
|
|
- Version 0.2.0
|
|
|
|
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
|
|
- package git snapshot
|
|
|
|
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
|
|
- fixed items found during review
|
|
- added initscript
|
|
|
|
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
|
|
- added sss_client
|
|
|
|
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
|
|
- Small cleanup and fixes in the spec file
|
|
|
|
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
|
|
- Initial release (based on version 0.1.0 upstream code)
|