diff --git a/0001-build-detect-endianness-at-configure-time.patch b/0001-build-detect-endianness-at-configure-time.patch index 86c37fd..1a8da77 100644 --- a/0001-build-detect-endianness-at-configure-time.patch +++ b/0001-build-detect-endianness-at-configure-time.patch @@ -11,20 +11,14 @@ Signed-off-by: David Disseldorp configure.ac | 7 +++++++ 1 file changed, 7 insertions(+) -Index: sssd-1.11.5.1/configure.ac -=================================================================== ---- sssd-1.11.5.1.orig/configure.ac -+++ sssd-1.11.5.1/configure.ac -@@ -301,6 +301,13 @@ AM_CHECK_CMOCKA +--- sssd-1.12.1.orig/configure.ac ++++ sssd-1.12.1/configure.ac +@@ -322,6 +322,9 @@ AM_CHECK_CMOCKA AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm]) -+AC_C_BIGENDIAN -+if test x$WORDS_BIGENDIAN != x; then -+ AC_DEFINE(HAVE_BIG_ENDIAN, 1, [whether platform is big endian]) -+else -+ AC_DEFINE(HAVE_LITTLE_ENDIAN, 1, [whether platform is little endian]) -+fi ++AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])], ++ [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])]) + abs_build_dir=`pwd` AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory]) diff --git a/sssd-1.12.0.tar.gz b/sssd-1.12.0.tar.gz deleted file mode 100644 index 347fd26..0000000 --- a/sssd-1.12.0.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d536471fbc4d4b9948adfb751b7a9df3405ddfbc58274d73adc0c997c91c6472 -size 3968855 diff --git a/sssd-1.12.0.tar.gz.asc b/sssd-1.12.0.tar.gz.asc deleted file mode 100644 index 91c9957..0000000 --- a/sssd-1.12.0.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlO9gK0ACgkQHsardTLnvCVxmACg1tRelGxCTMeHLjDkHAonfQzG -bz4AoL7RQa1oHlGtazWSzoMrambqy621 -=noRD ------END PGP SIGNATURE----- diff --git a/sssd-1.12.2.tar.gz b/sssd-1.12.2.tar.gz new file mode 100644 index 0000000..e2d6d31 --- /dev/null +++ b/sssd-1.12.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:55a06a191b2e2506b23f80cf3d15f58b8d94d1f5a1bc5dc77ccf010c0eaafa5d +size 4149084 diff --git a/sssd-1.12.2.tar.gz.asc b/sssd-1.12.2.tar.gz.asc new file mode 100644 index 0000000..0af3ab6 --- /dev/null +++ b/sssd-1.12.2.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlRFH8kACgkQHsardTLnvCXMOACeKY1jciw1hTsvG/aOYK3h0+N1 +1/QAniL6o+Rhb0HReZPsMGYlQv41MI2C +=chdM +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 74e55c9..c3de741 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,67 @@ +------------------------------------------------------------------- +Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.2 (bugfix release, bnc#900159) +* Fixed a regression where the IPA provider did not fetch User + Private Groups correctly +* An important bug in the GPO access control which resulted in a + wrong principal being used, was fixed. +* Several new options are available for deployments that need to + restrict a certain PAM service from connecting to a certain SSSD + domain. For more details, see the description of + pam_trusted_users and pam_public_domains options in the + sssd.conf(5) man page and the domains option in the pam_sss(8) + man page. +* When SSSD is acting as an IPA client in setup with trusted AD + domains, it is able to return group members or full group + memberships for users from trusted AD domains. +* Support for the "views" feature of IPA. +- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch + (merged upstream) + +------------------------------------------------------------------- +Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de + +- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch + to workaround bad autoconf invocation + +------------------------------------------------------------------- +Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org + +- 0001-build-detect-endianness-at-configure-time.patch + Correct defective endianness test. + +------------------------------------------------------------------- +Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.1 +* The GPO access control was further enhanced to allow the access + control decisions while offline and map the Windows logon + rights onto Linux PAM services. +* The SSSD now ships a plugin for the rpc.idmapd daemon, + sss_rpcidmapd(5). +* A MIT Kerberos localauth plugin was added to SSSD. This plugin + helps translating principals to user names in IPA-AD trust + scenarios, allowing the krb5.conf configuration to be less + complex. +* A libwbclient plugin implementation is now part of the SSSD. + The main purpose is to map Active Directory users and groups + identified by their SID to POSIX users and groups for the + file-server use-case. +* Active Directory users ca nnow use their User Logon Name to log + in. +* The sss_cache tool was enhanced to allow invalidating the SSH + host keys. +* Groups without full POSIX information can now be used to enroll + group membership (CVE-2014-0249). +* Detection of transition from offline to online state was + improved, resulting in fewer timeouts when SSSD is offline. +* The Active Directory provider now correctly detects Windows + Server 2012 R2. Previous versions would fall back to the slower + non-AD path with 2012 R2. +* Several other bugs related to deployments where SSSD is acting + as an AD client were fixed. + ------------------------------------------------------------------- Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com diff --git a/sssd.spec b/sssd.spec index 70bbf35..8b1510a 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.12.0 +Version: 1.12.2 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -39,23 +39,29 @@ Patch1: 0001-build-detect-endianness-at-configure-time.patch %define pipepath %sssdstatedir/pipes %define pubconfpath %sssdstatedir/pubconf -%if %suse_version <= 1110 -# SLES11 doesn't know the python_* macros -%define python_sitelib %py_sitedir -%define python_sitearch %py_sitedir -%endif - BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils BuildRequires: cifs-utils-devel BuildRequires: cyrus-sasl-devel BuildRequires: docbook-xsl-stylesheets +%if 0%{?suse_version} >= 1320 +BuildRequires: krb5-devel >= 1.12 +%define have_localauth 1 +%else BuildRequires: krb5-devel +%define have_localauth 0 +%endif BuildRequires: libsmbclient-devel BuildRequires: libtool +BuildRequires: libxml2-tools +BuildRequires: libxslt-tools +BuildRequires: nscd +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: pkg-config BuildRequires: pkgconfig >= 0.21 -%if 0%{?suse_version} >= 1210 +BuildRequires: systemd-rpm-macros BuildRequires: pkgconfig(augeas) >= 1.0.0 BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(dbus-1) >= 1.0.0 @@ -64,54 +70,22 @@ BuildRequires: pkgconfig(glib-2.0) BuildRequires: pkgconfig(ini_config) >= 1.1.0 BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) +BuildRequires: pkgconfig(libcrypto) +BuildRequires: pkgconfig(libnfsidmap) BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libpcre) >= 7 +BuildRequires: pkgconfig(libsystemd-login) BuildRequires: pkgconfig(ndr_nbt) -BuildRequires: pkgconfig(openssl) BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) -%else -BuildRequires: augeas-devel -BuildRequires: dbus-1-devel >= 1.0.0 -BuildRequires: glib2-devel -BuildRequires: libcares-devel -BuildRequires: libcollection-devel >= 0.5.1 -BuildRequires: libdhash-devel >= 0.4.2 -BuildRequires: libini_config-devel >= 1.1.0 -BuildRequires: libldb-devel >= 0.9.2 -BuildRequires: libnl-devel >= 1.1 -BuildRequires: libopenssl-devel -BuildRequires: libtalloc-devel -BuildRequires: libtdb-devel >= 1.1.3 -BuildRequires: libtevent-devel -BuildRequires: pcre-devel >= 7 -BuildRequires: popt-devel -BuildRequires: python-devel -BuildRequires: samba-devel >= 4 -%endif -BuildRequires: samba-libs >= 4 -%if 0%{?suse_version} >= 1220 -BuildRequires: libxml2-tools -BuildRequires: libxslt-tools -%else -BuildRequires: libxml2 -BuildRequires: libxslt -%endif -BuildRequires: nscd -BuildRequires: openldap2-devel -BuildRequires: pam-devel -BuildRequires: pkg-config -%if %suse_version >= 1210 -BuildRequires: systemd-rpm-macros -BuildRequires: pkgconfig(libsystemd-login) %{?systemd_requires} -%endif Requires: sssd-ldap = %version-%release Requires(postun): pam-config +Provides: sssd-client = %version-%release %description Provides a set of daemons to manage access to remote directories and @@ -203,6 +177,32 @@ Requires: sssd = %version The packages contains commandline tools for managing users and groups using the "local" id provider of the System Security Services Daemon (sssd). +%package wbclient +Summary: SSSD's implementation of the Winbind pipe protocol +License: LGPL-3.0+ +Group: System/Libraries + +%description wbclient +libwbclient is a plugin for the Samba client, though it has been +implemented as a regular shared library requested via DT_NEEDED. + +sssd-wbclient implements the libwbclient API for Samba daemons and +utilities. The main purpose is to map Active Directory users and +groups identified by their SID to POSIX users and groups identified +by their POSIX UIDs and GIDs respectively. + +%package wbclient-devel +Summary: Development files for SSSD winbind +License: LGPL-3.0+ +Group: Development/Libraries/C and C++ +Requires: %name-wbclient = %version + +%description wbclient-devel +sssd-wbclient implements the libwbclient API for Samba daemons and +utilities. The main purpose is to map Active Directory users and +groups identified by their SID to POSIX users and groups identified +by their POSIX UIDs and GIDs respectively. + %package -n libipa_hbac0 Summary: FreeIPA HBAC Evaluator library License: LGPL-3.0+ @@ -222,6 +222,15 @@ Requires: libipa_hbac0 = %version Utility library to validate FreeIPA HBAC rules for authorization requests. +%package -n libnfsidmap-sss +Summary: Library to allow communication between libnfsidmap and SSSD +License: GPL-3.0+ +Group: System/Libraries +Supplements: packageand(nfsidmap:sssd-client) + +%description -n libnfsidmap-sss +A utility library to allow communication between libnfsidmap and SSSD. + %package -n libsss_idmap0 Summary: FreeIPA ID mapping library License: LGPL-3.0+ @@ -284,6 +293,7 @@ Provides: libsss_sudo-devel = %version-%release Obsoletes: libsss_sudo-devel < %version-%release # No provides: true obsolete. Obsoletes: libsss_sudo1 +Supplements: packageand(sudo:sssd-client) %description -n libsss_sudo A utility library to allow communication between sudo and SSSD. @@ -335,7 +345,7 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" # help configure find nscd export PATH="$PATH:/usr/sbin" -autoreconf -fi; +autoreconf -fiv; %configure \ --with-crypto=libcrypto \ --with-db-path="%dbpath" \ @@ -374,6 +384,10 @@ install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd"; ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd" %endif +mkdir -p "$b/%_sysconfdir/ld.so.conf.d" +cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF + %_libdir/%name/modules +EOF find "$b" -type f -name "*.la" -delete; %if %suse_version <= 1110 @@ -441,7 +455,7 @@ rm -f /var/lib/sss/db/*.ldb %_sbindir/sssd %_sbindir/rcsssd %dir %_mandir/??/ -%dir %_mandir/??/man?/ +%dir %_mandir/??/man[158]/ %_mandir/??/man1/sss_ssh_* %_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-sudo.5* @@ -458,7 +472,8 @@ rm -f /var/lib/sss/db/*.ldb %_libdir/%name/libsss_debug* %_libdir/%name/libsss_simple* %_libdir/%name/libsss_util* -%_libdir/%name/modules/ +%dir %_libdir/%name/modules/ +%_libdir/%name/modules/libsss_autofs.so %dir %_libdir/ldb/ %_libdir/ldb/memberof.so %dir %_libexecdir/%name/ @@ -489,6 +504,9 @@ rm -f /var/lib/sss/db/*.ldb /%_lib/security/pam_sss.so %_libdir/cifs-utils/ %_libdir/krb5/ +%if %have_localauth +%_libdir/%name/modules/sssd_krb5_localauth_plugin.so +%endif %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/pam_sss.8* @@ -504,9 +522,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ad.conf -%dir %_mandir/??/man5/ %_mandir/man5/sssd-ad.5* -%_mandir/??/man5/sssd-ad.5* %files dbus %defattr(-,root,root) @@ -515,6 +531,8 @@ rm -f /var/lib/sss/db/*.ldb %dir %_libdir/sssd/ %_libdir/sssd/libsss_config.so %_mandir/man5/sssd-ifp.5* +%dir %_mandir/??/ +%dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ifp.5* #%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf #%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service @@ -526,9 +544,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d %_datadir/%name/sssd.api.d/sssd-ipa.conf -%dir %_mandir/??/man5/ %_mandir/man5/sssd-ipa.5* -%_mandir/??/man5/sssd-ipa.5* %files krb5 %defattr(-,root,root) @@ -537,6 +553,7 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-krb5.conf +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/man5/sssd-krb5.5* %_mandir/??/man5/sssd-krb5.5* @@ -556,9 +573,10 @@ rm -f /var/lib/sss/db/*.ldb %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ldap.conf +%_mandir/man5/sssd-ldap.5* +%dir %_mandir/??/ %dir %_mandir/??/man5/ %_mandir/??/man5/sssd-ldap.5* -%_mandir/man5/sssd-ldap.5* %files proxy %defattr(-,root,root) @@ -587,6 +605,21 @@ rm -f /var/lib/sss/db/*.ldb %_mandir/??/man8/sss_*.8* %_mandir/man8/sss_*.8* +%files wbclient +%defattr(-,root,root) +%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf +%dir %_libdir/sssd/ +%dir %_libdir/sssd/modules/ +%_libdir/sssd/modules/libwbclient.so.* + +%files wbclient-devel +%defattr(-,root,root) +%_includedir/wbclient_sssd.h +%dir %_libdir/sssd/ +%dir %_libdir/sssd/modules/ +%_libdir/sssd/modules/libwbclient.so +%_libdir/pkgconfig/wbclient_sssd.pc + %files -n libipa_hbac0 %defattr(-,root,root) %_libdir/libipa_hbac.so.0* @@ -597,6 +630,11 @@ rm -f /var/lib/sss/db/*.ldb %_libdir/libipa_hbac.so %_libdir/pkgconfig/ipa_hbac.pc +%files -n libnfsidmap-sss +%defattr(-,root,root) +%_libdir/libnfsidmap/ +%_mandir/man5/sss_rpcidmapd.5* + %files -n libsss_idmap0 %defattr(-,root,root) %_libdir/libsss_idmap.so.0*