63ef38d783
David O'Brien (1): Copy-edit sssd-ipa man page Dmitri Pal (5): COMMON Improvements to the trace macro COLLECTION Create reference to the top level collection COLLECTION: Cleaning FIXME comments INI: Cleaning FIXME comments. INI Correcting build warnings. Fabian Affolter (1): Add German translation Göran Uddeborg (2): Add Swedish translation for sss_client Add Swedish translation for SSSD server Jakub Hrozek (30): Fix migration script for pre-0.5 local domains Do not migrate Data Provider Free the PCRE regexp with destructor Do not delete users, groups outside domain range Add missing include IPA time rules parsing routines Fix regression in error message when deleting groups Assorted manpage fixes Make the password field configurable in NSS Add Simo's ipachangeconf SSSDChangeConf - a wrapper around ipachangeconf Change the upgrade script to use ipachangeconf Convert SSSDConfig API to ipachangeconf SSSDConfigAPI fixes upgrade_config fixes for SSSD 0.6 and later Split helpers for child processes Get TGT in a child process. Warn visibly about permission problems with the config file Better error message when there is no local domain configured Setup ldap child logging from IPA backend Check the services started against a list of known services Handle spaces in config parser Fail on nonexistent input file Do not start with provider=files Reduce code duplication between LDAP child and Kerberos child Change ares usage to be c-ares 1.7.0 compatible Import ares 1.7.0 helpers Don't build the SRV and TXT parsing code except for tests Document the failover feature in manpages Consolidate code for splitting strings by separator Martin Nagy (8): Add missing include file to files-tests.c Fix a bad free in async_resolv.c Add DLIST_FOR_EACH() macro Add simple reference counting wrappers for talloc Add fail over utility functions Fix egg-info file generation in the spec file Add some debugging statements to fail_over and resolver Correctly restart server status after the timeout Piotr Drąg (1): Updating polish translation for 0.7.0 Simo Sorce (65): Copy option overrides. Read the right buffer, avoids potential segfaults Add IPA conf template Zero pointers on free Use standard coding practice to set last login Fix segfault Add proper support for IPA/AD schemas Move responsibility for entry expiration timeout Kill the ldap connection when we go offline Tidy up ipa options Add support to get rootDSE from the LDAP server. Fix segfault when SASL is not used at all Rename sdap_id_map to sdap_attr_map Make available method to quickly retrive string Make useful function more broadly available. Store the original memberof attributes if any Unify parse routines, use maps in generic searches Fix and enhance initgroups call Unify code to use the generic search interface Reorganize ldap id provider files Split async helpers in multiple files Always set last update and expire time Fix build Fix ldap driver Check return, zero free hostent, adhere to style Fix enumerations Fix tevent_req error checking. Refactor delete functions and add a few Add cleanup task Try to fix offline logins Fix double free case. Fix check_cache bug in dealing with the callback Change var name to make its use more clear. Fix crash due to uninitialized timeout variable Change initgroups code to use and check the cache Change the pam code to perform an initgroups call Store initgr expire time on initgr call Failover fixes and additions Better behavior on cleanup Correctly escape DN value. Add reference to sssd-krb5 man page. Optimize sysdb_enumgrent Filter by id range before actually storing entries. Raise some timeouts Add initial failover support for ldap and ipa Fix ticket #289 Fix internal options numbers test In IPA, the realm is always the domain uppercased. Fix tabs Fix memberof plugin Compute and save memberuid in cache as well Use memberuid and not member in group enumerations Use the custom password field in groups too. Resolve nested groups also when rfc2307bis is used Make strdn build functions more available Fix nested group memberships Allow nesting to fix #310 Fix bug #311, properly set callback attribute Change dhash API to be talloc-friendly dhash: Add private pointer for delete callback Add comments to document latest changes Add rebuild task to memberof plugin Handle the special 02 upgrade case for 04->05 Fix for #316 Fix for #322, update from old database versions. Stephen Gallagher (60): Remove DP from example configuration Remove [dp] section from example config Fix sssd.api.conf with correct entry_cache_timeout Clean up warnings in dhash tests Make config_file_version a hidden setting in SSSDConfig API Remove magic_private_groups from SSSDConfig API schema Add support for option descriptions to SSSDConfig API Localize SSSDConfig strings Add complete pydoc for SSSDConfig API Add Requires: cyrus-sasl-gssapi Simplify debug_fn() Add configure check for sasl.h Update midpoint refresh logic to be relative to cache timeout Increase the sbus dispatch DEBUG level to 9 Build files.c only for tools Clean up unused dependencies Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS Fix segfault on unknown user/domain Fix Requires: sssd-client line in specfile Make the sysdb user and group names case-sensitive Upgrade cache and local databases to case-sensitive names Update translatable strings Fix sysdb upgrade bug Add empty NL translation Only display errors in unit tests Update PL translation Update NL translation Make backend request type a bitfield Speed up user requests while offline Update translation strings for string freeze Fix bug with bad ldb pkg-config files Update version to 0.99.0 Remove ELAPI from build and tarball Stop configuring ELAPI Make debug log timestamps human-readable Raise debug log level for LDB_DEBUG_WARNING Add allocation error check Avoid returning uninitialized result. Fix potential uninitialized value errors in nsssrv_cmd.c Fix potential uninitialized value error in responder_dp.c SSSDDomain.remove_provider() requires only the provider type Make SSSDDomain.remove_provider() remove configured options Run dhash tests Add SSSDDomain.set_name() function to SSSDConfig API Reduce the verbosity of the SSSDConfigTest Fix broken SSSDChangeConf.set() function Fix SSSDConfig API bugs around [de-]activation of domains Fix RPM spec for RHEL6 SSSDConfig API: fix deactivate_domain() SSSDConfig.get_domain() should properly detect active state Ensure that list_active_domains returns the real value Properly deny id_provider=files Add missing options to sssd-ipa configuraion Add missing SSSDConfig file for IPA for make install Fix processing of Boolean values in SSSDConfig Add 'permit' and 'deny' access providers to SSSDConfig API Remove default for ldap_use_start_tls in IPA providers Run SSSDConfig tests during 'make check' Fix stupid copy-paste error Updating to version 0.99.1 Sumit Bose (45): store original DN with cached group objects if available added a ASQ search API for sysdb Allow sysdb_search_entry request to return more than one result Add AM_CFLAGS to unit tests Fix compiler warnings in krb5_utils-tests. remove old sysdb file before starting tests set ipa_hostname if not given in config file Make debug message less irritating. add sysdb_delete_recursive request to sysdb API Add sysdb_attrs_replace_name to sysdb API. Fix for a seg fault during recursive delete add replacements for missing Kerberos calls Check is ccache structure is initialized before calling krb5_cc_destroy added access module of IPA provider Simplify krb5 child handler Add check for access-time rules to ipa_access. Add support for host, source host and user category Fix inconsistent use of krb5_ccname_template Fixes for proxy provider Make 'permit' the default for the access target Fix option name krb5_changepw_principal Validate Kerberos credentials with local keytab Improve handling of ccache files Add ipa_auth Enhance check for remote hosts Add ldap_pwd_policy option Read KDC info from file instead from environment Really check return value from pam_set_item Use ldb modules from build root for tests Make ldb lib dir configurable Fix an internal error when cache_credentials=FALSE Remove unneeded debugging code Do not include libsss_ipa.la in rpm package Immediately return a krb5 change password request when offline Check LDAP structure before calling ldap_unbind_ext() Add sysdb_search_custom request Do not treat missing proc files as errors. Add basic OS detection Make packaging of *.egg-info files more flexible Try to renew Kerberos credentials Add checks to test the memberuid handling Add offline support for ipa_access Add dummy credentials to an empty ccache file Always update sysdb to the latest version Fix DEBUG message for sysdb_init beckerde (1): Add Spanish translation deneb (1): Add Italian translation for sss_client noriko (1): Adding Japanese translation raven (1): Update PL translation ruigo (1): Add Portuguese translation
307 lines
9.6 KiB
RPMSpec
307 lines
9.6 KiB
RPMSpec
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib(1))")}
|
|
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")}
|
|
|
|
Name: sssd
|
|
Version: 0.99.1
|
|
Release: 1%{?dist}
|
|
Group: Applications/System
|
|
Summary: System Security Services Daemon
|
|
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
|
|
License: GPLv3+ and LGPLv3+
|
|
URL: http://fedorahosted.org/sssd
|
|
Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz
|
|
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|
|
|
### Patches ###
|
|
|
|
### Dependencies ###
|
|
|
|
Requires: libldb >= 0.9.3
|
|
Requires: libtdb >= 1.1.3
|
|
Requires: sssd-client = %{version}-%{release}
|
|
Requires: cyrus-sasl-gssapi
|
|
Requires(post): python
|
|
Requires(preun): initscripts chkconfig
|
|
Requires(postun): /sbin/service
|
|
|
|
%define servicename sssd
|
|
%define sssdstatedir %{_localstatedir}/lib/sss
|
|
%define dbpath %{sssdstatedir}/db
|
|
%define pipepath %{sssdstatedir}/pipes
|
|
%define pubconfpath %{sssdstatedir}/pubconf
|
|
|
|
### Build Dependencies ###
|
|
|
|
BuildRequires: autoconf
|
|
BuildRequires: automake
|
|
BuildRequires: libtool
|
|
BuildRequires: m4
|
|
%{?fedora:BuildRequires: popt-devel}
|
|
%if 0%{?rhel} <= 5
|
|
BuildRequires: popt
|
|
%endif
|
|
%if 0%{?rhel} >= 6
|
|
BuildRequires: popt-devel
|
|
%endif
|
|
BuildRequires: libtalloc-devel
|
|
BuildRequires: libtevent-devel
|
|
BuildRequires: libtdb-devel
|
|
BuildRequires: libldb-devel
|
|
BuildRequires: dbus-devel
|
|
BuildRequires: dbus-libs
|
|
BuildRequires: openldap-devel
|
|
BuildRequires: pam-devel
|
|
BuildRequires: nss-devel
|
|
BuildRequires: nspr-devel
|
|
BuildRequires: pcre-devel
|
|
BuildRequires: libxslt
|
|
BuildRequires: libxml2
|
|
BuildRequires: docbook-style-xsl
|
|
BuildRequires: krb5-devel
|
|
BuildRequires: c-ares-devel
|
|
BuildRequires: python-devel
|
|
|
|
%description
|
|
Provides a set of daemons to manage access to remote directories and
|
|
authentication mechanisms. It provides an NSS and PAM interface toward
|
|
the system and a pluggable backend system to connect to multiple different
|
|
account sources. It is also the basis to provide client auditing and policy
|
|
services for projects like FreeIPA.
|
|
|
|
%package client
|
|
Summary: SSSD Client libraries for NSS and PAM
|
|
Group: Applications/System
|
|
|
|
%description client
|
|
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
|
|
service.
|
|
|
|
%prep
|
|
%setup -q
|
|
|
|
%build
|
|
NSS_LIBS=-lnss3 \
|
|
KRB5_LIBS=-lkrb5 \
|
|
%configure \
|
|
--without-tests \
|
|
--with-db-path=%{dbpath} \
|
|
--with-pipe-path=%{pipepath} \
|
|
--with-pubconf-path=%{pubconfpath} \
|
|
--with-init-dir=%{_initrddir} \
|
|
--enable-nsslibdir=/%{_lib}
|
|
|
|
make %{?_smp_mflags}
|
|
|
|
%install
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
make install DESTDIR=$RPM_BUILD_ROOT
|
|
|
|
# Prepare language files
|
|
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_daemon
|
|
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client
|
|
|
|
# Copy default sssd.conf file
|
|
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
|
install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
|
install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf
|
|
install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/
|
|
|
|
# Remove .la files created by libtool
|
|
rm -f \
|
|
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
|
|
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
|
|
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
|
|
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
|
|
|
|
if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
|
|
then
|
|
# Apppend this file to the sss_daemon.lang
|
|
# Older versions of rpmbuild can only handle one -f option
|
|
echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sss_daemon.lang
|
|
fi
|
|
for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
|
|
do
|
|
echo %{python_sitelib}/`basename $file` >> sss_daemon.lang
|
|
done
|
|
|
|
%clean
|
|
rm -rf $RPM_BUILD_ROOT
|
|
|
|
%files -f sss_daemon.lang
|
|
%defattr(-,root,root,-)
|
|
%doc COPYING
|
|
%{_initrddir}/%{name}
|
|
%{_sbindir}/sssd
|
|
%{_sbindir}/sss_useradd
|
|
%{_sbindir}/sss_userdel
|
|
%{_sbindir}/sss_usermod
|
|
%{_sbindir}/sss_groupadd
|
|
%{_sbindir}/sss_groupdel
|
|
%{_sbindir}/sss_groupmod
|
|
%{_libexecdir}/%{servicename}/
|
|
%{_libdir}/%{name}/
|
|
%{_libdir}/ldb/memberof.so
|
|
%dir %{sssdstatedir}
|
|
%attr(700,root,root) %dir %{dbpath}
|
|
%attr(755,root,root) %dir %{pipepath}
|
|
%attr(755,root,root) %dir %{pubconfpath}
|
|
%attr(700,root,root) %dir %{pipepath}/private
|
|
%attr(750,root,root) %dir %{_var}/log/%{name}
|
|
%attr(700,root,root) %dir %{_sysconfdir}/sssd
|
|
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
|
%config %{_sysconfdir}/sssd/sssd.api.conf
|
|
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
|
|
%config %{_sysconfdir}/sssd/sssd.api.d/
|
|
%{_mandir}/man5/sssd.conf.5*
|
|
%{_mandir}/man5/sssd-ipa.5*
|
|
%{_mandir}/man5/sssd-krb5.5*
|
|
%{_mandir}/man5/sssd-ldap.5*
|
|
%{_mandir}/man8/sssd.8*
|
|
%{_mandir}/man8/sss_groupadd.8*
|
|
%{_mandir}/man8/sss_groupdel.8*
|
|
%{_mandir}/man8/sss_groupmod.8*
|
|
%{_mandir}/man8/sss_useradd.8*
|
|
%{_mandir}/man8/sss_userdel.8*
|
|
%{_mandir}/man8/sss_usermod.8*
|
|
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
|
|
%{python_sitearch}/pysss.so
|
|
%{python_sitelib}/*.py*
|
|
|
|
|
|
%files client -f sss_client.lang
|
|
%defattr(-,root,root,-)
|
|
/%{_lib}/libnss_sss.so.2
|
|
/%{_lib}/security/pam_sss.so
|
|
%{_mandir}/man8/pam_sss.8*
|
|
|
|
%post
|
|
/sbin/ldconfig
|
|
/sbin/chkconfig --add %{servicename}
|
|
if [ $1 -ge 2 ] ; then
|
|
# a one-time upgrade from confdb v1 to v2, only if upgrading
|
|
python %{_libexecdir}/%{servicename}/upgrade_config.py
|
|
fi
|
|
|
|
%preun
|
|
if [ $1 = 0 ]; then
|
|
/sbin/service %{servicename} stop 2>&1 > /dev/null
|
|
/sbin/chkconfig --del %{servicename}
|
|
fi
|
|
|
|
%postun
|
|
/sbin/ldconfig
|
|
if [ $1 -ge 1 ] ; then
|
|
/sbin/service %{servicename} condrestart 2>&1 > /dev/null
|
|
fi
|
|
|
|
%post client -p /sbin/ldconfig
|
|
|
|
%postun client -p /sbin/ldconfig
|
|
|
|
%changelog
|
|
* Fri Dec 11 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.1-1
|
|
- New upstream bugfix release 0.99.1
|
|
|
|
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
|
|
- New upstream release 0.99.0
|
|
|
|
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
|
|
- Fix segfault in sssd_pam when cache_credentials was enabled
|
|
- Update the sample configuration
|
|
- Fix upgrade issues caused by data provider service removal
|
|
|
|
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
|
|
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
|
|
|
|
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
|
|
- New upstream release 0.7.0
|
|
|
|
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
|
|
- Fix missing file permissions for sssd-clients
|
|
|
|
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
|
|
- Add SSSDConfig API
|
|
- Update polish translation for 0.6.0
|
|
- Fix long timeout on ldap operation
|
|
- Make dp requests more robust
|
|
|
|
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
|
|
- Ensure that the configuration upgrade script always writes the config
|
|
file with 0600 permissions
|
|
- Eliminate an infinite loop in group enumerations
|
|
|
|
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
|
|
- New upstream release 0.6.0
|
|
|
|
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
|
|
- New upstream release 0.5.0
|
|
|
|
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
|
|
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
|
|
without a password. (Patch by Stephen Gallagher)
|
|
|
|
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
|
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
|
|
|
|
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
|
|
- Fix a couple of segfaults that may happen on reload
|
|
|
|
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
|
|
- add missing configure check that broke stopping the daemon
|
|
- also fix default config to add a missing required option
|
|
|
|
* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
|
|
- latest upstream release.
|
|
- also add a patch that fixes debugging output (potential segfault)
|
|
|
|
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
|
|
- release out of the official 0.3.2 tarball
|
|
|
|
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
|
|
- bugfix release 0.3.2
|
|
- includes previous release patches
|
|
- change permissions of the /etc/sssd/sssd.conf to 0600
|
|
|
|
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
|
|
- Add last minute bug fixes, found in testing the package
|
|
|
|
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
|
|
- Version 0.3.1
|
|
- includes previous release patches
|
|
|
|
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
|
|
- Try to fix build adding automake as an explicit BuildRequire
|
|
- Add also a couple of last minute patches from upstream
|
|
|
|
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
|
|
- Version 0.3.0
|
|
- Provides file based configuration and lots of improvements
|
|
|
|
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
|
|
- Version 0.2.1
|
|
|
|
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
|
|
- Version 0.2.0
|
|
|
|
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
|
|
- package git snapshot
|
|
|
|
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
|
|
- fixed items found during review
|
|
- added initscript
|
|
|
|
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
|
|
- added sss_client
|
|
|
|
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
|
|
- Small cleanup and fixes in the spec file
|
|
|
|
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
|
|
- Initial release (based on version 0.1.0 upstream code)
|