SLFO-pool/sssd
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main sssd revision 1b32f8cf8720a2dd7e9fd5ebcbe3c8c5

Browse Source
This commit is contained in:
Adrian Schröter 2024-08-02 15:18:14 +02:00
parent 80360b95e5
commit 04063848c3
10 changed files with 369 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
_scmsync.obsinfo Normal file
View File

@ -0,0 +1,4 @@
mtime: 1721128452
commit: 747483e6173b31472d61e166a581bb9c9034cf6a690a8bc476176dd5b5befaba
url: https://src.opensuse.org/jengelh/sssd
revision: master

2
baselibs.conf
View File

@ -2,3 +2,5 @@ sssd
supplements "packageand(sssd:pam-<targettype>)" supplements "packageand(sssd:pam-<targettype>)"
supplements "packageand(sssd:glibc-<targettype>)" supplements "packageand(sssd:glibc-<targettype>)"
-/usr/lib(64)?/* -/usr/lib(64)?/*
obsoletes "sssd-common-<targettype> < <version>"
provides "sssd-common-<targettype> = <version>"

BIN
build.specials.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
sssd-2.8.2.tar.gz (Stored with Git LFS)
View File

Binary file not shown.

16
sssd-2.8.2.tar.gz.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmOTMrkACgkQ09IbKRDP
Z1kFrw//T/qEAStAfg8Fx6PDiTpgNazXQjgxDzdAhggrq7whqKFc5hiWLnzzYEHT
9M0f6ZpLEn02oTpv27qLtQU8Sq2tDH0vpWXSSWs2XHS4yMhqK0QiGG/chmYEt57c
mEIBXm5xiNATzFNYKyb44e5afCXO8w1e7YChZamIRftqwSZWqGzCge+Itn16yPO7
CIycneia1d5rZz2O5gTO2lkBNz9v5CLiWYtop2ey7PoPn967TZ9USh/1Y71wwQuc
3tPHsk651Wn5RzupB2YAeU3NHCc5FrI5nN9fm6bo+BZe6jCXmS2oLR9QPNCEVjW6
FPxsXS6/n7ZsrBvyxAAcDOB+xgwv9aLHCoJuhmzasjjuWQQMUi1YNPSbpCMa8XRl
T0MbYheqIhkJtcLF2/ZVTcSUIHEjVQVlDkHXGQXC4+qshhkNv/Eg5HQO66A0Y++Z
nQ83D5dNPEpnbySfm0mTQGT0A06EAmPs11E+FJMnHGmnfI/icOX7gs8Iif31lSFF
5az4QFD/E7gQl4ByP0REvYHoW2KvHgypJicFPxhSyznRuYsNzQvjYDWD4R8PMN22
96rnXzWlKgRL4ETA+/1eiW+l3ODj/SZfffvK887t3AvetxepkJ0LMaPkNoTowf2T
4XU0ii7mFrkwuLUn0Bkv6iEWaO3zf+hVqmDFP4B8UJrtjdiYd68=
=M9gu
-----END PGP SIGNATURE-----

BIN
sssd-2.9.5.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

16
sssd-2.9.5.tar.gz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmZF8CMACgkQ09IbKRDP
Z1lSVQ/9EPVvWUX1z/pHfbvDjRpfD+LDbDceYB4YBh0caYpMVFm/2wHhFIjTYEpf
SmIR+SQp50NkRSK6tE/u+Swu+YUkiCqnEWv2y9wd4Uh2NKiukyiqBC1k2cn9URNu
oRreBM1KIRvTkdoyZwteELJ7vMLVr0UT2iIXZQFIIZX+LM3FNZJ5vFcj5fF0Hz1f
v8zR0VTB7xY/6U+4KikvMyM3fOPeTOJvEtMp4xDWyquRjCADjZasOQcKRQzXp1er
zs/qLcQ8eCODXhKelGqmppVIElW+72f1FNbMpBnlQ7VtFn6pn4sPazO0Hr7eNfZJ
Vc6GXN8zZ/oF5U4x7XSMVqeOHLQoLeb2HxgUzS+1Ig19FHOs6Xoj0dO5l/TOEFav
l61qytYnj3DNZjrMVLsMvOx3qGYK7PmyaWNoIJlLO2GbWKMP/8yBm35Ugd0jybSi
T7VWX+isQHfVhSZ9wD4/yYOBAU3lABORAjXkCWQp/vMR/KiHbfaajCAbl56KiijQ
eKYaq57EH3N+qKd1sqCrPfSw3HSqm3rngG1CsMasBQgLFs2aW+Mwo3UvQ1U/ykED
mOo2D9uhOQluv4AUSpKK6E8EXoPSxDFZI4WX37depO2VGXDO90JNfVamJXjy1+bH
d/RnoZfC7h7Vb1P1bPgGdsAFQBOP0FinbEjehpw0P0U2xAZQWek=
=pY7t
-----END PGP SIGNATURE-----

208
sssd.changes
View File

@ -1,3 +1,139 @@
-------------------------------------------------------------------
Thu Jul 11 09:41:21 UTC 2024 - Samuel Cabrero <scabrero@suse.de>
- Revert the change dropping the default configuration file. If
/usr/etc exists will be installed there, otherwise in /etc.
(bsc#1226157);
-------------------------------------------------------------------
Thu May 16 12:13:02 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.5
* Added failover_primary_timout configuration option. This can
be used to configure how often SSSD tries to reconnect to a
primary server after a successful connection to a backup
server. This was previously hardcoded to 31 seconds which is
kept as the default value.
-------------------------------------------------------------------
Fri Mar 8 12:49:59 UTC 2024 - pgajdos@suse.com
- remove dependency on /usr/bin/python3 using
%python3_fix_shebang_path macro, [bsc#1212476]
-------------------------------------------------------------------
Fri Jan 12 14:02:10 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.4
* Fixes a crash when PAM passkey processing incorrectly handles
non-passkey data.
* Fixed group membership handling when members are coming from
different forest domains and using ldap token groups is
prohibited.
* Files provider was erroneously taking into consideration
``local_auth_policy`` config option, thus breaking smartcard
authentication of local user in setups that did not explicitly
specify this option. This is now fixed.
-------------------------------------------------------------------
Tue Nov 21 09:43:57 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Adapt spec file for SLE 15 SP6/Leap 15.6; (jsc#PED-6714);
* Remove package sssd-common, merged into sssd
* Continue building deprecated files provider and infopipe
responder
* Disable selinux and semanage
* Provide rcsssd shortcut
-------------------------------------------------------------------
Fri Nov 17 14:52:30 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Fix spec file for Leap
-------------------------------------------------------------------
Fri Nov 17 12:30:33 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- /usr/etc migration, restore /etc/sssd/sssd.conf.rpmsave after
update (bsc#1216865)
- Do not install the KRB5 IDP plugin, it is useless without the
OIDC child
- Drop no longer valid --without-secrets configure switch
-------------------------------------------------------------------
Mon Nov 13 12:48:09 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.3
* The proxy provider is now able to handle certificate mapping
and matching rules and users handled by the proxy provider can
be configured for local Smartcard authentication. Besides the
mapping rule local Smartcard authentication should be enabled
with the `local_auth_policy` option in the backend and with
`pam_cert_auth` in the PAM responder.
-------------------------------------------------------------------
Thu Nov 2 16:09:55 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Offer the sssd.conf template as %doc (for examples, do actually
see the "Examples" section of the sssd.conf(5) manpage)
-------------------------------------------------------------------
Tue Oct 31 15:20:37 UTC 2023 - Samuel Cabrero <scabrero@suse.de>
- Update dependencies to require the same subpackages version and
release
- Fix /usr/etc migration fragment in wrong "%pre kcm" instead of
"%pre"
- Move sss_analyze to sssd-tools package
-------------------------------------------------------------------
Tue Oct 31 11:04:57 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Default config is unworkable, just stop installing it altogether
[boo#1216739]
-------------------------------------------------------------------
Thu Sep 7 12:07:10 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9.2
* sssctl cert-show and cert-show cert-eval-rule can now be run as
non-root user.
* New option local_auth_policy is added to control which offline
authentication methods will be enabled by SSSD.
* Fix sssd entering failed state under heavy load by adding
watchdog to monitor sbus_call_DBus_Hello_send(); (bsc#1213283);
Drop SLE patch 0001-sssd-watchdog.patch
-------------------------------------------------------------------
Fri Jun 23 14:49:30 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to relese 2.9.1
* A regression was fixed that prevented autofs lookups to
function correctly when cache_first is set to True.
* A regression where SSSD failed to properly watch for changes
in ``/etc/resolv.conf`` when it was a symbolic link or was a
relative path, was fixed.
* ldap password policy: return failure if there are no grace logins
left; (bsc#1214434); Drop SLE patch
0006-ldap-return-failure-if-there-are-no-grace-logins-lef.patch
-------------------------------------------------------------------
Fri May 5 10:47:41 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.9
* The sss_simpleifp library is deprecated (and for openSUSE,
already removed)
* The "Files provider" (i.e. id_provider = files) is deprecated
(and for openSUSE, already removed)
* SSSD will no longer warn about changed defaults when using
ldap_schema = rfc2307 and default autofs mapping.
* New passkey functionality, which will allow the use of FIDO2
compliant devices to authenticate a centrally managed user
locally.
* Add support for ldapi:// URLs to allow connections to local
LDAP servers.
* NSS IDMAP has two new methods: getsidbyusername and
getsidbygroupname.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jan 26 15:23:54 UTC 2023 - Callum Farmer <gmbr3@opensuse.org> Thu Jan 26 15:23:54 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
@ -6,14 +142,14 @@ Thu Jan 26 15:23:54 UTC 2023 - Callum Farmer <gmbr3@opensuse.org>
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Jan 3 12:01:41 UTC 2023 - Stefan Schubert <schubi@suse.com> Tue Jan 3 12:01:41 UTC 2023 - Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d. - Migration of PAM settings to /usr/lib/pam.d.
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt <jengelh@inai.de> Wed Dec 21 19:29:45 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
- Take systemd units off the restart list that have - Take systemd units off the restart list that have
RefuseManualStart=yes [boo#1206592] RefuseManualStart=yes [boo#1206592]
- Add symvers.patch [boo#1206592] - Add symvers.patch [boo#1206592] [bsc#1182058] [bsc#1196166]
------------------------------------------------------------------- -------------------------------------------------------------------
Sun Dec 11 14:17:23 UTC 2022 - Jan Engelhardt <jengelh@inai.de> Sun Dec 11 14:17:23 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
@ -45,12 +181,17 @@ Fri Oct 7 12:05:29 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
level independently. level independently.
* A number of new configuration options are available, * A number of new configuration options are available,
cf. https://sssd.io/release-notes/sssd-2.8.0.html . cf. https://sssd.io/release-notes/sssd-2.8.0.html .
* Fix sdap_access_host No matching host rule found;
(bsc#1202559); Drop SLE patch
0001-Fix-sdap_access_host-No-matching-host-rule-found.patch
* Accept krb5 1.20 for building the PAC plugin; Drop SLE patch
0004-BUILD-Accept-krb5-1.20-for-building-the-PAC-plugin.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 1 13:45:36 UTC 2022 - Stefan Schubert <schubi@suse.com> Thu Sep 1 13:45:36 UTC 2022 - Stefan Schubert <schubi@suse.com>
- Migration to /usr/etc: Saving user changed configuration files - Migration to /usr/etc: Saving user changed configuration files
in /etc and restoring them while an RPM update. in /etc and restoring them while an RPM update.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 26 20:54:33 UTC 2022 - Jan Engelhardt <jengelh@inai.de> Fri Aug 26 20:54:33 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
@ -130,6 +271,10 @@ Thu Apr 14 22:43:03 UTC 2022 - Jan Engelhardt <jengelh@inai.de>
* Added support for anonymous PKINIT to get FAST credentials. * Added support for anonymous PKINIT to get FAST credentials.
* SSSD now correctly falls back to UPN search if the user was * SSSD now correctly falls back to UPN search if the user was
not found even with `cache_first = true`. not found even with `cache_first = true`.
* Add 'ldap_ignore_unreadable_references' parameter to skip
unreadable objects referenced by 'member' attributte;
(bsc#1190775); (gh#SSSD/sssd#4893); Drop SLE patch
0001-ldap-ignore-unreadable-references.patch
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Feb 21 14:50:38 UTC 2022 - Callum Farmer <gmbr3@opensuse.org> Mon Feb 21 14:50:38 UTC 2022 - Callum Farmer <gmbr3@opensuse.org>
@ -207,14 +352,15 @@ Fri Oct 15 13:41:13 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
* Support of long time deprecated local provider was dropped. * Support of long time deprecated local provider was dropped.
* The sssctl command was vulnerable to shell command injection * The sssctl command was vulnerable to shell command injection
via the logs-fetch and cache-expire subcommands, via the logs-fetch and cache-expire subcommands,
which was fixed. which was fixed; (CVE-2021-3621); (bsc#1189492); Drop SLE patch
0002-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
* Basic support of user's 'subuid and subgid ranges' for IPA * Basic support of user's 'subuid and subgid ranges' for IPA
provider and corresponding plugin for shadow-utils were added. provider and corresponding plugin for shadow-utils were added.
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 12 19:45:37 UTC 2021 - Jan Engelhardt <jengelh@inai.de> Mon Jul 12 19:45:37 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
- Update to release 2.5.2 - Update to release 2.5.2; (jsc#SLE-17763);
* originalADgidNumber attribute in the SSSD cache is now indexed. * originalADgidNumber attribute in the SSSD cache is now indexed.
* Add new config option fallback_to_nss. * Add new config option fallback_to_nss.
@ -226,8 +372,7 @@ Tue Jun 8 16:35:25 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
range setting in IPA (see ipa idrange commands family). This range setting in IPA (see ipa idrange commands family). This
feature requires SSSD update on both client and server. This feature requires SSSD update on both client and server. This
feature also requires freeipa 4.9.4 and newer. feature also requires freeipa 4.9.4 and newer.
* Fix getsidbyname issues with IPA users with a * Fix getsidbyname issues with IPA users with a user-private-group.
user-private-group.
* Default value of ldap_sudo_random_offset changed to 0 * Default value of ldap_sudo_random_offset changed to 0
(disabled). This makes sure that sudo rules are available as (disabled). This makes sure that sudo rules are available as
soon as possible after SSSD start in default configuration. soon as possible after SSSD start in default configuration.
@ -241,8 +386,25 @@ Mon May 10 13:58:04 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
tgt_renewal = true. See the sssd-kcm man page for more tgt_renewal = true. See the sssd-kcm man page for more
details. This feature requires MIT Kerberos details. This feature requires MIT Kerberos
krb5-1.19-0.beta2.3 or higher. krb5-1.19-0.beta2.3 or higher.
* Backround sudo periodic tasks (smart and full refresh) periods are
now extended by a random offset to spread the load on the server in
environments with many clients.
* Completing a sudo full refresh now postpones the smart refresh by
ldap_sudo_smart_refresh_interval value. This ensure that the smart
refresh is not run too soon after a successful full refresh.
* If debug_backtrace_enabled is set to true then on any error all prior
debug messages (to some limit) are printed even if debug_level is set
to low value.
* Besides trusted domains known by the forest root, trusted domains known
by the local domain are used as well.
* New configuration option offline_timeout_random_offset to control random
factor in backend probing interval when SSSD is in offline mode.
* ad_gpo_implicit_deny is now respected even if there are no * ad_gpo_implicit_deny is now respected even if there are no
applicable GPOs present. applicable GPOs present.
* During the IPA subdomains request a failure in reading a single specific
configuration option is not considered fatal and the request will
continue.
* Unknown IPA id-range types are not considered as an error
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Apr 6 12:08:29 UTC 2021 - Samuel Cabrero <scabrero@suse.de> Tue Apr 6 12:08:29 UTC 2021 - Samuel Cabrero <scabrero@suse.de>
@ -298,6 +460,8 @@ Fri Feb 5 12:56:44 UTC 2021 - Jan Engelhardt <jengelh@inai.de>
with principal that can be associated with target user. with principal that can be associated with target user.
* Added pam_gssapi_services to list PAM services that can * Added pam_gssapi_services to list PAM services that can
authenticate using GSSAPI. authenticate using GSSAPI.
* Create timestamp attribute in cache objects if missing;
(bsc#1182637);
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Oct 12 13:10:26 UTC 2020 - Jan Engelhardt <jengelh@inai.de> Mon Oct 12 13:10:26 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
@ -331,6 +495,7 @@ Fri Jul 24 16:57:58 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
lookups are no longer considered fatal. lookups are no longer considered fatal.
* Fixed regression in proxy provider: pwfield=x is now default * Fixed regression in proxy provider: pwfield=x is now default
value only for sssd-shadowutils target. value only for sssd-shadowutils target.
* Rotate child debug file descriptors on SIGHUP (bsc#1080156)
- sssd-wbclient is obsolete and no longer shipped - sssd-wbclient is obsolete and no longer shipped
------------------------------------------------------------------- -------------------------------------------------------------------
@ -350,6 +515,9 @@ Tue May 19 11:32:22 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
* SSSD now accepts host entries from GPO's security filter. * SSSD now accepts host entries from GPO's security filter.
* New debug level (0x10000) added for low level LDB messages * New debug level (0x10000) added for low level LDB messages
only (see sssd.conf man page). only (see sssd.conf man page).
* Update samba secrets after changing machine password; (jsc#SLE-11503);
* Delete linked local user overrides when deleting a user
(bsc#1133168)
- Drop sssd-gpo_host_security_filter-2.2.2.patch, - Drop sssd-gpo_host_security_filter-2.2.2.patch,
0001-Resolve-computer-lookup-failure-when-sam-cn.patch, 0001-Resolve-computer-lookup-failure-when-sam-cn.patch,
0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch (merged) 0001-AD-use-getaddrinfo-with-AI_CANONNAME-to-find-the-FQD.patch (merged)
@ -367,11 +535,12 @@ Tue Mar 24 10:49:17 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
the checks for revoked certificates more flexible if the the checks for revoked certificates more flexible if the
system is offline. system is offline.
* Smart card authentication in polkit is now allowed by default. * Smart card authentication in polkit is now allowed by default.
* Fixes: * Handling of FreeIPA users and groups containing @ sign now works.
* Handling of FreeIPA users and groups containing @ sign now * Issue when autofs was unable to mount shares was fixed.
works.
* SSSD was unable to hande ldap_uri containing URIs with * SSSD was unable to hande ldap_uri containing URIs with
different port numbers, which has been rectified. different port numbers, which has been rectified.
* Fix domain offline after first boot when resolv.conf is a symlink
(bsc#1136139)
- Add 0001-Fix-build-failure-against-samba-4.12.0rc1.patch - Add 0001-Fix-build-failure-against-samba-4.12.0rc1.patch
------------------------------------------------------------------- -------------------------------------------------------------------
@ -440,6 +609,10 @@ Tue Jun 18 08:00:46 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
"GSS-SPNEGO" in addition to "GSSAPI". "GSS-SPNEGO" in addition to "GSSAPI".
* The sssctl tool has two new commands, "cert-show" and * The sssctl tool has two new commands, "cert-show" and
"cert-map". "cert-map".
* Added an option to skip GPOs that have groupPolicyContainers,
unreadable by SSSD (bsc#1124194) (CVE-2018-16838)
* Fix fallback_homedir returning '/' for empty home directories
(CVE-2019-3811) (bsc#1121759)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Apr 26 10:59:25 UTC 2019 - Samuel Cabrero <scabrero@suse.de> Fri Apr 26 10:59:25 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
@ -461,12 +634,16 @@ Sat Mar 16 11:50:58 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
users even if there is not applicable GPO. users even if there is not applicable GPO.
* The dynamic DNS update can now batch DNS updates to include * The dynamic DNS update can now batch DNS updates to include
all address family updates in a single transaction. all address family updates in a single transaction.
* Fix sss_cache spurious error messages when invoked from shadow-utils;
(bsc#1185017);
* Fix building with newer samba versions (bsc#1137876)
* Fix memory leak in nss netgroup enumeration (bsc#1139247);
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Feb 20 16:01:52 UTC 2019 - Samuel Cabrero <scabrero@suse.de> Wed Feb 20 16:01:52 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
- Install systemd service unit file created from source's template - Install systemd service unit file created from source's template
(bsc#1120852) (bsc#1120852); (bsc#1185185);
- Install logrotate configuration (bsc#1004220) - Install logrotate configuration (bsc#1004220)
- Set journald as system logger - Set journald as system logger
@ -502,6 +679,7 @@ Fri Sep 7 18:52:18 UTC 2018 - Jan Engelhardt <jengelh@inai.de>
* The list of PAM services which are allowed to authenticate * The list of PAM services which are allowed to authenticate
using a Smart Card is now configurable using a new option using a Smart Card is now configurable using a new option
pam_p11_allowed_services. pam_p11_allowed_services.
* Allow defaults sudoRole without sudoUser attribute (bsc#1135247)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 31 07:14:39 UTC 2018 - kbabioch@suse.com Fri Aug 31 07:14:39 UTC 2018 - kbabioch@suse.com
@ -534,6 +712,9 @@ Fri Aug 31 07:14:39 UTC 2018 - kbabioch@suse.com
* The grace logins with an expired password when authenticating * The grace logins with an expired password when authenticating
against certain newer versions of the 389DS/RHDS LDAP server against certain newer versions of the 389DS/RHDS LDAP server
did not work. did not work.
* Fix login not possible when email address is duplicated in ldap
attributes (bsc#1149597)
* Strip whitespaces in netgroup triples (bsc#1087320)
- Removed patches that are included upstream now: - Removed patches that are included upstream now:
0001-SUDO-Create-the-socket-with-stricter-permissions.patch, 0001-SUDO-Create-the-socket-with-stricter-permissions.patch,
0002-intg-Do-not-hardcode-nsslibdir.patch, 0002-intg-Do-not-hardcode-nsslibdir.patch,
@ -603,6 +784,10 @@ Bugfixes:
domain resolution order was used (#3740) domain resolution order was used (#3740)
* SSSD start up issue on systems that use the libldb library * SSSD start up issue on systems that use the libldb library
with version 1.4.0 or newer was fixed. with version 1.4.0 or newer was fixed.
* Update winbind idmap plugin to support interface version 6
(jsc#SLE-9819)
* Add a netgroup counter to struct nss_enum_index (bsc#1132657)
* Fix sssd not starting in foreground mode (bsc#1125277)
Introduce a patch: Introduce a patch:
* Fix build of sssd of 1.16.2 version: * Fix build of sssd of 1.16.2 version:
0003-Fix-build-for-1-16-2-version.patch 0003-Fix-build-for-1-16-2-version.patch
@ -1912,3 +2097,4 @@ Fri Sep 4 08:59:21 UTC 2009 - rhafer@novell.com
Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com Tue Sep 1 08:58:37 UTC 2009 - rhafer@novell.com
- initial package submission - initial package submission

161
sssd.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package sssd # spec file for package sssd
# #
# Copyright (c) 2023 SUSE LLC # Copyright (c) 2024 SUSE LLC
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -17,7 +17,7 @@
Name: sssd Name: sssd
Version: 2.8.2 Version: 2.9.5
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0-or-later AND LGPL-3.0-or-later License: GPL-3.0-or-later AND LGPL-3.0-or-later
@ -41,7 +41,9 @@ BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel >= 1.12 BuildRequires: krb5-devel >= 1.12
BuildRequires: libcmocka-devel BuildRequires: libcmocka-devel
%if 0%{?suse_version} >= 1600
BuildRequires: libsubid-devel BuildRequires: libsubid-devel
%endif
BuildRequires: libtool BuildRequires: libtool
BuildRequires: libunistring-devel BuildRequires: libunistring-devel
BuildRequires: libxml2-tools BuildRequires: libxml2-tools
@ -63,12 +65,16 @@ BuildRequires: pkgconfig(jansson)
BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libcrypto) BuildRequires: pkgconfig(libcrypto)
%if 0%{?suse_version} >= 1600
BuildRequires: pkgconfig(libcurl) BuildRequires: pkgconfig(libcurl)
%endif
BuildRequires: pkgconfig(libnfsidmap) BuildRequires: pkgconfig(libnfsidmap)
BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires: pkgconfig(libpcre2-8) BuildRequires: pkgconfig(libpcre2-8)
%if 0%{?suse_version} >= 1600
BuildRequires: pkgconfig(libsemanage) BuildRequires: pkgconfig(libsemanage)
%endif
BuildRequires: pkgconfig(libsystemd) BuildRequires: pkgconfig(libsystemd)
BuildRequires: pkgconfig(ndr_krb5pac) BuildRequires: pkgconfig(ndr_krb5pac)
BuildRequires: pkgconfig(ndr_nbt) BuildRequires: pkgconfig(ndr_nbt)
@ -82,10 +88,12 @@ BuildRequires: pkgconfig(tevent)
BuildRequires: pkgconfig(uuid) BuildRequires: pkgconfig(uuid)
%{?systemd_ordering} %{?systemd_ordering}
Requires: sssd-ldap = %version-%release Requires: sssd-ldap = %version-%release
Requires(postun):pam-config Requires(postun): pam-config
Provides: libsss_sudo = %version-%release Provides: libsss_sudo = %version-%release
Provides: sssd-client = %version-%release Provides: sssd-client = %version-%release
Obsoletes: libsss_sudo < %version-%release Obsoletes: libsss_sudo < %version-%release
Provides: sssd-common = %version-%release
Obsoletes: sssd-common < %version-%release
%define servicename sssd %define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss %define sssdstatedir %_localstatedir/lib/sss
@ -96,7 +104,7 @@ Obsoletes: libsss_sudo < %version-%release
%define ldbdir %(pkg-config ldb --variable=modulesdir) %define ldbdir %(pkg-config ldb --variable=modulesdir)
# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko # Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
# /etc/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins # %_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins
# * cifs-utils one is the default (priority 20) # * cifs-utils one is the default (priority 20)
# * installing SSSD should NOT switch to SSSD plugin (priority 10) # * installing SSSD should NOT switch to SSSD plugin (priority 10)
%define cifs_idmap_plugin %_sysconfdir/cifs-utils/idmap-plugin %define cifs_idmap_plugin %_sysconfdir/cifs-utils/idmap-plugin
@ -104,7 +112,7 @@ Obsoletes: libsss_sudo < %version-%release
%define cifs_idmap_name cifs-idmap-plugin %define cifs_idmap_name cifs-idmap-plugin
%define cifs_idmap_priority 10 %define cifs_idmap_priority 10
Requires(post): update-alternatives Requires(post): update-alternatives
Requires(postun):update-alternatives Requires(postun): update-alternatives
%description %description
Provides a set of daemons to manage access to remote directories and Provides a set of daemons to manage access to remote directories and
@ -117,7 +125,7 @@ services for projects like FreeIPA.
Summary: The ActiveDirectory backend plugin for sssd Summary: The ActiveDirectory backend plugin for sssd
License: GPL-3.0-or-later License: GPL-3.0-or-later
Group: System/Daemons Group: System/Daemons
Requires: %name-krb5-common = %version Requires: %name-krb5-common = %version-%release
Requires: adcli Requires: adcli
%description ad %description ad
@ -202,7 +210,7 @@ and/or PAM modules to leverage SSSD caching.
Summary: Commandline tools for sssd Summary: Commandline tools for sssd
License: GPL-3.0-or-later AND LGPL-3.0-or-later License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Management Group: System/Management
Requires: python3-sssd-config = %version Requires: python3-sssd-config = %version-%release
Requires: sssd = %version Requires: sssd = %version
%description tools %description tools
@ -296,10 +304,14 @@ Requires: libsss_nss_idmap0 = %version
%description -n libsss_nss_idmap-devel %description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%if 0%{?suse_version} < 1600
%package -n libsss_simpleifp0 %package -n libsss_simpleifp0
Summary: The SSSD D-Bus responder helper library Summary: The SSSD D-Bus responder helper library
License: GPL-3.0-or-later License: GPL-3.0-or-later
Group: System/Libraries Group: System/Libraries
# Even though sssd has obsoleted simpleifp, the plan here is to retain ABI
# compatibility with the existing SUSE 15.x product line. ...at least, until
# sssd completely removes SIFP from source.
%description -n libsss_simpleifp0 %description -n libsss_simpleifp0
This subpackage provides a library that simplifies the D-Bus API for This subpackage provides a library that simplifies the D-Bus API for
@ -315,6 +327,7 @@ Requires: libsss_simpleifp0 = %version
This subpackage provides the development files for sssd's simpleifp, This subpackage provides the development files for sssd's simpleifp,
a library that simplifies the D-Bus API for the SSSD InfoPipe a library that simplifies the D-Bus API for the SSSD InfoPipe
responder. responder.
%endif
%package -n libsss_sudo %package -n libsss_sudo
Summary: A library to allow communication between sudo and SSSD Summary: A library to allow communication between sudo and SSSD
@ -378,7 +391,6 @@ autoreconf -fiv
--with-pipe-path="%pipepath" \ --with-pipe-path="%pipepath" \
--with-pubconf-path="%pubconfpath" \ --with-pubconf-path="%pubconfpath" \
--with-gpo-cache-path="%gpocachepath" \ --with-gpo-cache-path="%gpocachepath" \
--with-init-dir="%_initrddir" \
--with-environment-file="%_sysconfdir/sysconfig/sssd" \ --with-environment-file="%_sysconfdir/sysconfig/sssd" \
--with-initscript=systemd \ --with-initscript=systemd \
--with-syslog=journald \ --with-syslog=journald \
@ -386,24 +398,35 @@ autoreconf -fiv
--enable-nsslibdir="/%_lib" \ --enable-nsslibdir="/%_lib" \
--enable-pammoddir="%_pam_moduledir" \ --enable-pammoddir="%_pam_moduledir" \
--with-ldb-lib-dir="%ldbdir" \ --with-ldb-lib-dir="%ldbdir" \
--with-selinux=yes \
--with-subid \
--with-os=suse \ --with-os=suse \
--disable-ldb-version-check \ --disable-ldb-version-check \
--without-secrets \
--without-python2-bindings \ --without-python2-bindings \
--without-oidc-child --without-oidc-child \
%if 0%{?suse_version} >= 1600
--with-selinux=yes \
--with-subid
%else
--with-selinux=no \
--with-semanage=no \
--with-libsifp \
--with-files-provider
%endif
%make_build all %make_build all
%install %install
# sss_obfuscate is compatible with both python 2 and 3 # sss_obfuscate is compatible with both python 2 and 3
perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate
%make_install dbuspolicydir=%{_datadir}/dbus-1/system.d %make_install dbuspolicydir=%_datadir/dbus-1/system.d
b="%buildroot" b="%buildroot"
# Copy some defaults # Copy some defaults
mkdir -pv "$b/%_sysconfdir/sssd" "$b/%_sysconfdir/sssd/conf.d" %if %{?_distconfdir:1}
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
install -d -m 0755 "$b/%_distconfdir/sssd/conf.d"
%else
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d"
%endif
install -d "$b/%_unitdir" install -d "$b/%_unitdir"
%if 0%{?suse_version} > 1500 %if 0%{?suse_version} > 1500
install -d "$b/%_distconfdir/logrotate.d" install -d "$b/%_distconfdir/logrotate.d"
@ -416,6 +439,10 @@ install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
%endif %endif
rm -Rfv "$b/%_initddir" rm -Rfv "$b/%_initddir"
%if 0%{?suse_version} < 1600
ln -s service "$b/%_sbindir/rcsssd"
%endif
mkdir -pv "$b/%sssdstatedir/mc" mkdir -pv "$b/%sssdstatedir/mc"
find "$b" -type f -name "*.la" -print -delete find "$b" -type f -name "*.la" -print -delete
%find_lang %name --all-name %find_lang %name --all-name
@ -423,6 +450,10 @@ find "$b" -type f -name "*.la" -print -delete
# dummy target for cifs-idmap-plugin # dummy target for cifs-idmap-plugin
mkdir -pv %buildroot/%_sysconfdir/alternatives %buildroot/%_sysconfdir/cifs-utils mkdir -pv %buildroot/%_sysconfdir/alternatives %buildroot/%_sysconfdir/cifs-utils
ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
%python3_fix_shebang
%if 0%{?suse_version} >= 1600
%python3_fix_shebang_path %buildroot/%_libexecdir/%name/
%endif
%check %check
# sss_config-tests fails # sss_config-tests fails
@ -430,17 +461,19 @@ ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
%pre %pre
%service_add_pre sssd.service %service_add_pre sssd.service
%if 0%{?suse_version} > 1500 %if %{?_distconfdir:1}
# Prepare for migration to /usr/etc; save any old .rpmsave # Prepare for migration to /usr/etc; save any old .rpmsave
for i in pam.d/sssd-shadowutils ; do for i in sssd/sssd.conf pam.d/sssd-shadowutils logrotate.d/sssd ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||: test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || :
done done
%endif %endif
%post %post
/sbin/ldconfig /sbin/ldconfig
# migrate config variable krb5_kdcip to krb5_server (bnc#851048) # migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' "%_sysconfdir/sssd/sssd.conf"
fi
%service_add_post sssd.service %service_add_post sssd.service
# install SSSD cifs-idmap plugin as an alternative # install SSSD cifs-idmap plugin as an alternative
@ -469,10 +502,12 @@ fi
%postun -n libsss_idmap0 -p /sbin/ldconfig %postun -n libsss_idmap0 -p /sbin/ldconfig
%post -n libsss_nss_idmap0 -p /sbin/ldconfig %post -n libsss_nss_idmap0 -p /sbin/ldconfig
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig %postun -n libsss_nss_idmap0 -p /sbin/ldconfig
%if 0%{?suse_version} < 1600
%post -n libsss_simpleifp0 -p /sbin/ldconfig %post -n libsss_simpleifp0 -p /sbin/ldconfig
%postun -n libsss_simpleifp0 -p /sbin/ldconfig %postun -n libsss_simpleifp0 -p /sbin/ldconfig
%endif
%triggerun -- %{name} < %{version}-%{release} %triggerun -- %name < %version-%release
# sssd takes care of upgrading the database but it doesn't handle downgrades. # sssd takes care of upgrading the database but it doesn't handle downgrades.
# Clear caches when downgrading the package, which may have an # Clear caches when downgrading the package, which may have an
# incompatible format afterwards preventing the daemon from startup. # incompatible format afterwards preventing the daemon from startup.
@ -495,20 +530,6 @@ fi
%pre kcm %pre kcm
%service_add_pre sssd-kcm.service sssd-kcm.socket %service_add_pre sssd-kcm.service sssd-kcm.socket
%if 0%{?suse_version} > 1500
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in logrotate.d/sssd ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i}.rpmsave.old ||:
done
%endif
%if 0%{?suse_version} > 1500
%posttrans
# Migration to /usr/etc, restore just created .rpmsave
for i in logrotate.d/sssd pam.d/sssd-shadowutils ; do
test -f %{_sysconfdir}/${i}.rpmsave && mv -v %{_sysconfdir}/${i}.rpmsave %{_sysconfdir}/${i} ||:
done
%endif
%post kcm %post kcm
%service_add_post sssd-kcm.service sssd-kcm.socket %service_add_post sssd-kcm.service sssd-kcm.socket
@ -519,6 +540,44 @@ done
%postun kcm %postun kcm
%service_del_postun sssd-kcm.service sssd-kcm.socket %service_del_postun sssd-kcm.service sssd-kcm.socket
%pretrans
# Migrate sssd.service from sssd-common to sssd
systemctl is-enabled sssd.service > /dev/null
if [ $? -eq 0 ]; then
mkdir -p /run/systemd/rpm/
touch /run/systemd/rpm/sssd-was-enabled
fi
systemctl is-active sssd.service > /dev/null
if [ $? -eq 0 ]; then
mkdir -p /run/systemd/rpm/
touch /run/systemd/rpm/sssd-was-active
fi
%posttrans
%if %{?_distconfdir:1}
# Migration to /usr/etc, restore just created .rpmsave
for i in sssd/sssd.conf logrotate.d/sssd pam.d/sssd-shadowutils ; do
test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i" || :
done
%endif
# Migrate sssd.service from sssd-common to sssd
if [ -e /run/systemd/rpm/sssd-was-enabled ]; then
systemctl is-enabled sssd.service > /dev/null
if [ $? -ne 0 ]; then
echo "Migrating sssd.service, was enabled"
systemctl enable sssd.service
fi
rm /run/systemd/rpm/sssd-was-enabled
fi
if [ -e /run/systemd/rpm/sssd-was-active ]; then
systemctl is-active sssd.service > /dev/null
if [ $? -ne 0 ]; then
echo "Migrating sssd.service, was active"
systemctl start sssd.service
fi
rm /run/systemd/rpm/sssd-was-active
fi
%files -f sssd.lang %files -f sssd.lang
%license COPYING %license COPYING
%_unitdir/sssd.service %_unitdir/sssd.service
@ -537,12 +596,17 @@ done
%_unitdir/sssd-sudo.service %_unitdir/sssd-sudo.service
%_bindir/sss_ssh_* %_bindir/sss_ssh_*
%_sbindir/sssd %_sbindir/sssd
%if 0%{?suse_version} < 1600
%_sbindir/rcsssd
%endif
%dir %_mandir/??/ %dir %_mandir/??/
%dir %_mandir/??/man[158]/ %dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_* %_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sss-certmap.5* %_mandir/??/man5/sss-certmap.5*
%_mandir/??/man5/sssd-ad.5* %_mandir/??/man5/sssd-ad.5*
%if 0%{?suse_version} < 1600
%_mandir/??/man5/sssd-files.5* %_mandir/??/man5/sssd-files.5*
%endif
%_mandir/??/man5/sssd-ldap-attributes.5* %_mandir/??/man5/sssd-ldap-attributes.5*
%_mandir/??/man5/sssd-session-recording.5* %_mandir/??/man5/sssd-session-recording.5*
%_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-simple.5*
@ -553,7 +617,9 @@ done
%_mandir/??/man8/sssd.8* %_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_* %_mandir/man1/sss_ssh_*
%_mandir/man5/sss-certmap.5* %_mandir/man5/sss-certmap.5*
%if 0%{?suse_version} < 1600
%_mandir/man5/sssd-files.5* %_mandir/man5/sssd-files.5*
%endif
%_mandir/man5/sssd-ldap-attributes.5* %_mandir/man5/sssd-ldap-attributes.5*
%_mandir/man5/sssd-session-recording.5* %_mandir/man5/sssd-session-recording.5*
%_mandir/man5/sssd-simple.5* %_mandir/man5/sssd-simple.5*
@ -567,7 +633,9 @@ done
%_libdir/%name/libsss_cert* %_libdir/%name/libsss_cert*
%_libdir/%name/libsss_crypt* %_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug* %_libdir/%name/libsss_debug*
%if 0%{?suse_version} < 1600
%_libdir/%name/libsss_files* %_libdir/%name/libsss_files*
%endif
%_libdir/%name/libsss_iface* %_libdir/%name/libsss_iface*
%_libdir/%name/libsss_semanage* %_libdir/%name/libsss_semanage*
%_libdir/%name/libsss_sbus* %_libdir/%name/libsss_sbus*
@ -585,10 +653,11 @@ done
%_libexecdir/%name/sssd_pam %_libexecdir/%name/sssd_pam
%_libexecdir/%name/sssd_ssh %_libexecdir/%name/sssd_ssh
%_libexecdir/%name/sssd_sudo %_libexecdir/%name/sssd_sudo
%_libexecdir/%name/sss_analyze
%_libexecdir/%name/sss_signal %_libexecdir/%name/sss_signal
%_libexecdir/%name/sssd_check_socket_activated_responders %_libexecdir/%name/sssd_check_socket_activated_responders
%if 0%{?suse_version} >= 1600
%_libexecdir/%name/selinux_child %_libexecdir/%name/selinux_child
%endif
%dir %sssdstatedir %dir %sssdstatedir
%attr(700,root,root) %dir %dbpath/ %attr(700,root,root) %dir %dbpath/
%attr(755,root,root) %dir %pipepath/ %attr(755,root,root) %dir %pipepath/
@ -599,8 +668,15 @@ done
%attr(755,root,root) %dir %sssdstatedir/mc/ %attr(755,root,root) %dir %sssdstatedir/mc/
%attr(700,root,root) %dir %sssdstatedir/keytabs/ %attr(700,root,root) %dir %sssdstatedir/keytabs/
%attr(750,root,root) %dir %_localstatedir/log/%name/ %attr(750,root,root) %dir %_localstatedir/log/%name/
%if %{?_distconfdir:1}
%dir %_distconfdir/sssd/
%%dir %_distconfdir/sssd/conf.d
%config(noreplace) %_distconfdir/sssd/sssd.conf
%else
%dir %_sysconfdir/sssd/ %dir %_sysconfdir/sssd/
%%dir %_sysconfdir/sssd/conf.d
%config(noreplace) %_sysconfdir/sssd/sssd.conf %config(noreplace) %_sysconfdir/sssd/sssd.conf
%endif
%if 0%{?suse_version} > 1500 %if 0%{?suse_version} > 1500
%_distconfdir/logrotate.d/sssd %_distconfdir/logrotate.d/sssd
%_pam_vendordir/sssd-shadowutils %_pam_vendordir/sssd-shadowutils
@ -608,13 +684,17 @@ done
%config(noreplace) %_sysconfdir/logrotate.d/sssd %config(noreplace) %_sysconfdir/logrotate.d/sssd
%config(noreplace) %_pam_confdir/sssd-shadowutils %config(noreplace) %_pam_confdir/sssd-shadowutils
%endif %endif
%dir %_sysconfdir/sssd/conf.d
%dir %_datadir/%name/ %dir %_datadir/%name/
%_datadir/%name/cfg_rules.ini %_datadir/%name/cfg_rules.ini
%_datadir/%name/sssd.api.conf %_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-simple.conf %_datadir/%name/sssd.api.d/sssd-simple.conf
%if 0%{?suse_version} < 1600
%_datadir/%name/sssd.api.d/sssd-files.conf %_datadir/%name/sssd.api.d/sssd-files.conf
%else
%exclude %_mandir/*/*/sssd-files.5.gz
%endif
%doc src/examples/sssd.conf
# #
# sssd-client # sssd-client
# #
@ -623,8 +703,10 @@ done
%_pam_moduledir/pam_sss_gss.so %_pam_moduledir/pam_sss_gss.so
%_libdir/krb5/ %_libdir/krb5/
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so %_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%_libdir/%name/modules/sssd_krb5_idp_plugin.so %exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so
%if 0%{?suse_version} >= 1600
%_libdir/libsubid_sss.so %_libdir/libsubid_sss.so
%endif
%_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/??/man8/pam_sss.8* %_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/pam_sss_gss.8* %_mandir/??/man8/pam_sss_gss.8*
@ -689,7 +771,7 @@ done
%dir %_libdir/%name/ %dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so %_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/ %dir %_datadir/%name/
%_datadir/%name/krb5-snippets/ %exclude %_datadir/%name/krb5-snippets/
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf %_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/ %dir %_mandir/??/
@ -731,6 +813,7 @@ done
%_sbindir/sss_seed %_sbindir/sss_seed
%_sbindir/sss_obfuscate %_sbindir/sss_obfuscate
%_sbindir/sss_override %_sbindir/sss_override
%_libexecdir/%name/sss_analyze
%dir %_mandir/??/man8/ %dir %_mandir/??/man8/
%_mandir/??/man8/sssctl.8* %_mandir/??/man8/sssctl.8*
%_mandir/??/man8/sss_*.8* %_mandir/??/man8/sss_*.8*
@ -780,6 +863,7 @@ done
%_libdir/libsss_nss_idmap.so %_libdir/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc %_libdir/pkgconfig/sss_nss_idmap.pc
%if 0%{?suse_version} < 1600
%files -n libsss_simpleifp0 %files -n libsss_simpleifp0
%_libdir/libsss_simpleifp.so.0* %_libdir/libsss_simpleifp.so.0*
@ -787,6 +871,7 @@ done
%_includedir/sss_sifp*.h %_includedir/sss_sifp*.h
%_libdir/libsss_simpleifp.so %_libdir/libsss_simpleifp.so
%_libdir/pkgconfig/sss_simpleifp.pc %_libdir/pkgconfig/sss_simpleifp.pc
%endif
%files -n python3-ipa_hbac %files -n python3-ipa_hbac
%dir %python3_sitearch %dir %python3_sitearch

42
symvers.patch
View File

@ -15,11 +15,11 @@ the system only has libsss_util.so(-2.8.2) at this point.
Makefile.am | 47 ++++++++++++++++++++++++++++++++--------------- Makefile.am | 47 ++++++++++++++++++++++++++++++++---------------
1 file changed, 32 insertions(+), 15 deletions(-) 1 file changed, 32 insertions(+), 15 deletions(-)
Index: sssd-2.8.2/Makefile.am Index: sssd-2.9.2/Makefile.am
=================================================================== ===================================================================
--- sssd-2.8.2.orig/Makefile.am --- sssd-2.9.2.orig/Makefile.am
+++ sssd-2.8.2/Makefile.am +++ sssd-2.9.2/Makefile.am
@@ -941,7 +941,11 @@ libsss_debug_la_SOURCES = \ @@ -955,7 +955,11 @@ libsss_debug_la_SOURCES = \
libsss_debug_la_LIBADD = \ libsss_debug_la_LIBADD = \
$(SYSLOG_LIBS) $(SYSLOG_LIBS)
libsss_debug_la_LDFLAGS = \ libsss_debug_la_LDFLAGS = \
@ -32,7 +32,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_child.la pkglib_LTLIBRARIES += libsss_child.la
libsss_child_la_SOURCES = src/util/child_common.c libsss_child_la_SOURCES = src/util/child_common.c
@@ -951,7 +955,8 @@ libsss_child_la_LIBADD = \ @@ -965,7 +969,8 @@ libsss_child_la_LIBADD = \
$(DHASH_LIBS) \ $(DHASH_LIBS) \
libsss_debug.la \ libsss_debug.la \
$(NULL) $(NULL)
@ -42,7 +42,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_crypt.la pkglib_LTLIBRARIES += libsss_crypt.la
@@ -990,7 +995,8 @@ libsss_crypt_la_LIBADD = \ @@ -1004,7 +1009,8 @@ libsss_crypt_la_LIBADD = \
libsss_debug.la \ libsss_debug.la \
$(NULL) $(NULL)
libsss_crypt_la_LDFLAGS = \ libsss_crypt_la_LDFLAGS = \
@ -52,7 +52,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_cert.la pkglib_LTLIBRARIES += libsss_cert.la
@@ -1015,8 +1021,9 @@ libsss_cert_la_LIBADD = \ @@ -1029,8 +1035,9 @@ libsss_cert_la_LIBADD = \
libsss_debug.la \ libsss_debug.la \
$(NULL) $(NULL)
libsss_cert_la_LDFLAGS = \ libsss_cert_la_LDFLAGS = \
@ -63,7 +63,7 @@ Index: sssd-2.8.2/Makefile.am
generate-sbus-code: generate-sbus-code:
$(builddir)/sbus_generate.sh $(abs_srcdir) $(builddir)/sbus_generate.sh $(abs_srcdir)
@@ -1117,8 +1124,9 @@ libsss_sbus_la_CFLAGS = \ @@ -1131,8 +1138,9 @@ libsss_sbus_la_CFLAGS = \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(NULL) $(NULL)
libsss_sbus_la_LDFLAGS = \ libsss_sbus_la_LDFLAGS = \
@ -74,7 +74,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_sbus_sync.la pkglib_LTLIBRARIES += libsss_sbus_sync.la
libsss_sbus_sync_la_SOURCES = \ libsss_sbus_sync_la_SOURCES = \
@@ -1153,8 +1161,9 @@ libsss_sbus_sync_la_CFLAGS = \ @@ -1167,8 +1175,9 @@ libsss_sbus_sync_la_CFLAGS = \
$(UNICODE_LIBS) \ $(UNICODE_LIBS) \
$(NULL) $(NULL)
libsss_sbus_sync_la_LDFLAGS = \ libsss_sbus_sync_la_LDFLAGS = \
@ -85,7 +85,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_iface.la pkglib_LTLIBRARIES += libsss_iface.la
libsss_iface_la_SOURCES = \ libsss_iface_la_SOURCES = \
@@ -1183,8 +1192,9 @@ libsss_iface_la_CFLAGS = \ @@ -1197,8 +1206,9 @@ libsss_iface_la_CFLAGS = \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(NULL) $(NULL)
libsss_iface_la_LDFLAGS = \ libsss_iface_la_LDFLAGS = \
@ -96,7 +96,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_iface_sync.la pkglib_LTLIBRARIES += libsss_iface_sync.la
libsss_iface_sync_la_SOURCES = \ libsss_iface_sync_la_SOURCES = \
@@ -1211,8 +1221,9 @@ libsss_iface_sync_la_CFLAGS = \ @@ -1225,8 +1235,9 @@ libsss_iface_sync_la_CFLAGS = \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(NULL) $(NULL)
libsss_iface_sync_la_LDFLAGS = \ libsss_iface_sync_la_LDFLAGS = \
@ -107,17 +107,17 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libsss_util.la pkglib_LTLIBRARIES += libsss_util.la
libsss_util_la_SOURCES = \ libsss_util_la_SOURCES = \
@@ -1303,7 +1314,8 @@ endif @@ -1322,7 +1333,8 @@ endif
if BUILD_SYSTEMTAP if BUILD_PASSKEY
libsss_util_la_LIBADD += stap_generated_probes.lo libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c
endif endif # BUILD_PASSKEY
-libsss_util_la_LDFLAGS = -avoid-version -libsss_util_la_LDFLAGS = -avoid-version
+libsss_util_la_LDFLAGS = -avoid-version ${symv} +libsss_util_la_LDFLAGS = -avoid-version ${symv}
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym +EXTRA_libsss_util_la_DEPENDENCIES = x.sym
pkglib_LTLIBRARIES += libsss_semanage.la pkglib_LTLIBRARIES += libsss_semanage.la
libsss_semanage_la_CFLAGS = \ libsss_semanage_la_CFLAGS = \
@@ -1322,7 +1334,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_ @@ -1341,7 +1353,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_
endif endif
libsss_semanage_la_LDFLAGS = \ libsss_semanage_la_LDFLAGS = \
@ -127,7 +127,7 @@ Index: sssd-2.8.2/Makefile.am
SSSD_INTERNAL_LTLIBS = \ SSSD_INTERNAL_LTLIBS = \
libsss_util.la \ libsss_util.la \
@@ -1338,7 +1351,7 @@ lib_LTLIBRARIES = libipa_hbac.la \ @@ -1357,7 +1370,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
$(NULL) $(NULL)
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
@ -136,7 +136,7 @@ Index: sssd-2.8.2/Makefile.am
libipa_hbac_la_SOURCES = \ libipa_hbac_la_SOURCES = \
src/lib/ipa_hbac/hbac_evaluator.c \ src/lib/ipa_hbac/hbac_evaluator.c \
src/util/sss_utf8.c src/util/sss_utf8.c
@@ -1664,8 +1677,9 @@ libifp_iface_la_CFLAGS = \ @@ -1688,8 +1701,9 @@ libifp_iface_la_CFLAGS = \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(NULL) $(NULL)
libifp_iface_la_LDFLAGS = \ libifp_iface_la_LDFLAGS = \
@ -147,7 +147,7 @@ Index: sssd-2.8.2/Makefile.am
pkglib_LTLIBRARIES += libifp_iface_sync.la pkglib_LTLIBRARIES += libifp_iface_sync.la
libifp_iface_sync_la_SOURCES = \ libifp_iface_sync_la_SOURCES = \
@@ -1690,8 +1704,9 @@ libifp_iface_sync_la_CFLAGS = \ @@ -1714,8 +1728,9 @@ libifp_iface_sync_la_CFLAGS = \
$(DBUS_CFLAGS) \ $(DBUS_CFLAGS) \
$(NULL) $(NULL)
libifp_iface_sync_la_LDFLAGS = \ libifp_iface_sync_la_LDFLAGS = \
@ -158,7 +158,7 @@ Index: sssd-2.8.2/Makefile.am
sssd_ifp_SOURCES = \ sssd_ifp_SOURCES = \
src/responder/ifp/ifpsrv.c \ src/responder/ifp/ifpsrv.c \
@@ -4196,8 +4211,9 @@ libsss_ldap_common_la_LIBADD = \ @@ -4314,8 +4329,9 @@ libsss_ldap_common_la_LIBADD = \
$(SSSD_INTERNAL_LTLIBS) \ $(SSSD_INTERNAL_LTLIBS) \
$(NULL) $(NULL)
libsss_ldap_common_la_LDFLAGS = \ libsss_ldap_common_la_LDFLAGS = \
@ -169,7 +169,7 @@ Index: sssd-2.8.2/Makefile.am
if BUILD_SYSTEMTAP if BUILD_SYSTEMTAP
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
endif endif
@@ -4254,7 +4270,8 @@ libsss_krb5_common_la_LIBADD = \ @@ -4372,7 +4388,8 @@ libsss_krb5_common_la_LIBADD = \
$(SSSD_INTERNAL_LTLIBS) \ $(SSSD_INTERNAL_LTLIBS) \
$(NULL) $(NULL)
libsss_krb5_common_la_LDFLAGS = \ libsss_krb5_common_la_LDFLAGS = \