SHA256
1
0
forked from pool/sssd

Accepting request 259244 from network:ldap

- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
* Fixed a regression where the IPA provider did not fetch User
  Private Groups correctly
* An important bug in the GPO access control which resulted in a
  wrong principal being used, was fixed.
* Several new options are available for deployments that need to
  restrict a certain PAM service from connecting to a certain SSSD
  domain. For more details, see the description of
  pam_trusted_users and pam_public_domains options in the
  sssd.conf(5) man page and the domains option in the pam_sss(8)
  man page.
* When SSSD is acting as an IPA client in setup with trusted AD
  domains, it is able to return group members or full group
  memberships for users from trusted AD domains.
* Support for the "views" feature of IPA.
- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
  (merged upstream)

- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
  to workaround bad autoconf invocation

- 0001-build-detect-endianness-at-configure-time.patch 
  Correct defective endianness test.

- Update to new upstream release 1.12.1
* The GPO access control was further enhanced to allow the access
  control decisions while offline and map the Windows logon
  rights onto Linux PAM services.
* The SSSD now ships a plugin for the rpc.idmapd daemon,
  sss_rpcidmapd(5).

OBS-URL: https://build.opensuse.org/request/show/259244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=60
This commit is contained in:
Stephan Kulow 2014-11-04 16:27:34 +00:00 committed by Git OBS Bridge
commit 52bbec6e3f
7 changed files with 169 additions and 73 deletions

View File

@ -11,20 +11,14 @@ Signed-off-by: David Disseldorp <ddiss@samba.org>
configure.ac | 7 +++++++ configure.ac | 7 +++++++
1 file changed, 7 insertions(+) 1 file changed, 7 insertions(+)
Index: sssd-1.11.5.1/configure.ac --- sssd-1.12.1.orig/configure.ac
=================================================================== +++ sssd-1.12.1/configure.ac
--- sssd-1.11.5.1.orig/configure.ac @@ -322,6 +322,9 @@ AM_CHECK_CMOCKA
+++ sssd-1.11.5.1/configure.ac
@@ -301,6 +301,13 @@ AM_CHECK_CMOCKA
AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm]) AM_CONDITIONAL([HAVE_DEVSHM], [test -d /dev/shm])
+AC_C_BIGENDIAN +AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])],
+if test x$WORDS_BIGENDIAN != x; then + [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])])
+ AC_DEFINE(HAVE_BIG_ENDIAN, 1, [whether platform is big endian])
+else
+ AC_DEFINE(HAVE_LITTLE_ENDIAN, 1, [whether platform is little endian])
+fi
+ +
abs_build_dir=`pwd` abs_build_dir=`pwd`
AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory]) AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory])

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d536471fbc4d4b9948adfb751b7a9df3405ddfbc58274d73adc0c997c91c6472
size 3968855

View File

@ -1,7 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlO9gK0ACgkQHsardTLnvCVxmACg1tRelGxCTMeHLjDkHAonfQzG
bz4AoL7RQa1oHlGtazWSzoMrambqy621
=noRD
-----END PGP SIGNATURE-----

3
sssd-1.12.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:55a06a191b2e2506b23f80cf3d15f58b8d94d1f5a1bc5dc77ccf010c0eaafa5d
size 4149084

7
sssd-1.12.2.tar.gz.asc Normal file
View File

@ -0,0 +1,7 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEABECAAYFAlRFH8kACgkQHsardTLnvCXMOACeKY1jciw1hTsvG/aOYK3h0+N1
1/QAniL6o+Rhb0HReZPsMGYlQv41MI2C
=chdM
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,67 @@
-------------------------------------------------------------------
Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de
- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
* Fixed a regression where the IPA provider did not fetch User
Private Groups correctly
* An important bug in the GPO access control which resulted in a
wrong principal being used, was fixed.
* Several new options are available for deployments that need to
restrict a certain PAM service from connecting to a certain SSSD
domain. For more details, see the description of
pam_trusted_users and pam_public_domains options in the
sssd.conf(5) man page and the domains option in the pam_sss(8)
man page.
* When SSSD is acting as an IPA client in setup with trusted AD
domains, it is able to return group members or full group
memberships for users from trusted AD domains.
* Support for the "views" feature of IPA.
- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
(merged upstream)
-------------------------------------------------------------------
Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de
- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
to workaround bad autoconf invocation
-------------------------------------------------------------------
Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org
- 0001-build-detect-endianness-at-configure-time.patch
Correct defective endianness test.
-------------------------------------------------------------------
Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de
- Update to new upstream release 1.12.1
* The GPO access control was further enhanced to allow the access
control decisions while offline and map the Windows logon
rights onto Linux PAM services.
* The SSSD now ships a plugin for the rpc.idmapd daemon,
sss_rpcidmapd(5).
* A MIT Kerberos localauth plugin was added to SSSD. This plugin
helps translating principals to user names in IPA-AD trust
scenarios, allowing the krb5.conf configuration to be less
complex.
* A libwbclient plugin implementation is now part of the SSSD.
The main purpose is to map Active Directory users and groups
identified by their SID to POSIX users and groups for the
file-server use-case.
* Active Directory users ca nnow use their User Logon Name to log
in.
* The sss_cache tool was enhanced to allow invalidating the SSH
host keys.
* Groups without full POSIX information can now be used to enroll
group membership (CVE-2014-0249).
* Detection of transition from offline to online state was
improved, resulting in fewer timeouts when SSSD is offline.
* The Active Directory provider now correctly detects Windows
Server 2012 R2. Previous versions would fall back to the slower
non-AD path with 2012 R2.
* Several other bugs related to deployments where SSSD is acting
as an AD client were fixed.
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com

142
sssd.spec
View File

@ -17,7 +17,7 @@
Name: sssd Name: sssd
Version: 1.12.0 Version: 1.12.2
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+ License: GPL-3.0+ and LGPL-3.0+
@ -39,23 +39,29 @@ Patch1: 0001-build-detect-endianness-at-configure-time.patch
%define pipepath %sssdstatedir/pipes %define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf %define pubconfpath %sssdstatedir/pubconf
%if %suse_version <= 1110
# SLES11 doesn't know the python_* macros
%define python_sitelib %py_sitedir
%define python_sitearch %py_sitedir
%endif
BuildRequires: autoconf >= 2.59 BuildRequires: autoconf >= 2.59
BuildRequires: automake BuildRequires: automake
BuildRequires: bind-utils BuildRequires: bind-utils
BuildRequires: cifs-utils-devel BuildRequires: cifs-utils-devel
BuildRequires: cyrus-sasl-devel BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets BuildRequires: docbook-xsl-stylesheets
%if 0%{?suse_version} >= 1320
BuildRequires: krb5-devel >= 1.12
%define have_localauth 1
%else
BuildRequires: krb5-devel BuildRequires: krb5-devel
%define have_localauth 0
%endif
BuildRequires: libsmbclient-devel BuildRequires: libsmbclient-devel
BuildRequires: libtool BuildRequires: libtool
BuildRequires: libxml2-tools
BuildRequires: libxslt-tools
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: pkgconfig >= 0.21 BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version} >= 1210 BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(augeas) >= 1.0.0 BuildRequires: pkgconfig(augeas) >= 1.0.0
BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0 BuildRequires: pkgconfig(dbus-1) >= 1.0.0
@ -64,54 +70,22 @@ BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(ini_config) >= 1.1.0 BuildRequires: pkgconfig(ini_config) >= 1.1.0
BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libcrypto)
BuildRequires: pkgconfig(libnfsidmap)
BuildRequires: pkgconfig(libnl-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-3.0) >= 3.0
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0 BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires: pkgconfig(libpcre) >= 7 BuildRequires: pkgconfig(libpcre) >= 7
BuildRequires: pkgconfig(libsystemd-login)
BuildRequires: pkgconfig(ndr_nbt) BuildRequires: pkgconfig(ndr_nbt)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt) BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python) BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(tevent)
%else
BuildRequires: augeas-devel
BuildRequires: dbus-1-devel >= 1.0.0
BuildRequires: glib2-devel
BuildRequires: libcares-devel
BuildRequires: libcollection-devel >= 0.5.1
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libini_config-devel >= 1.1.0
BuildRequires: libldb-devel >= 0.9.2
BuildRequires: libnl-devel >= 1.1
BuildRequires: libopenssl-devel
BuildRequires: libtalloc-devel
BuildRequires: libtdb-devel >= 1.1.3
BuildRequires: libtevent-devel
BuildRequires: pcre-devel >= 7
BuildRequires: popt-devel
BuildRequires: python-devel
BuildRequires: samba-devel >= 4
%endif
BuildRequires: samba-libs >= 4
%if 0%{?suse_version} >= 1220
BuildRequires: libxml2-tools
BuildRequires: libxslt-tools
%else
BuildRequires: libxml2
BuildRequires: libxslt
%endif
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
%if %suse_version >= 1210
BuildRequires: systemd-rpm-macros
BuildRequires: pkgconfig(libsystemd-login)
%{?systemd_requires} %{?systemd_requires}
%endif
Requires: sssd-ldap = %version-%release Requires: sssd-ldap = %version-%release
Requires(postun): pam-config Requires(postun): pam-config
Provides: sssd-client = %version-%release
%description %description
Provides a set of daemons to manage access to remote directories and Provides a set of daemons to manage access to remote directories and
@ -203,6 +177,32 @@ Requires: sssd = %version
The packages contains commandline tools for managing users and groups using The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd). the "local" id provider of the System Security Services Daemon (sssd).
%package wbclient
Summary: SSSD's implementation of the Winbind pipe protocol
License: LGPL-3.0+
Group: System/Libraries
%description wbclient
libwbclient is a plugin for the Samba client, though it has been
implemented as a regular shared library requested via DT_NEEDED.
sssd-wbclient implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and
groups identified by their SID to POSIX users and groups identified
by their POSIX UIDs and GIDs respectively.
%package wbclient-devel
Summary: Development files for SSSD winbind
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: %name-wbclient = %version
%description wbclient-devel
sssd-wbclient implements the libwbclient API for Samba daemons and
utilities. The main purpose is to map Active Directory users and
groups identified by their SID to POSIX users and groups identified
by their POSIX UIDs and GIDs respectively.
%package -n libipa_hbac0 %package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0+ License: LGPL-3.0+
@ -222,6 +222,15 @@ Requires: libipa_hbac0 = %version
Utility library to validate FreeIPA HBAC rules for authorization Utility library to validate FreeIPA HBAC rules for authorization
requests. requests.
%package -n libnfsidmap-sss
Summary: Library to allow communication between libnfsidmap and SSSD
License: GPL-3.0+
Group: System/Libraries
Supplements: packageand(nfsidmap:sssd-client)
%description -n libnfsidmap-sss
A utility library to allow communication between libnfsidmap and SSSD.
%package -n libsss_idmap0 %package -n libsss_idmap0
Summary: FreeIPA ID mapping library Summary: FreeIPA ID mapping library
License: LGPL-3.0+ License: LGPL-3.0+
@ -284,6 +293,7 @@ Provides: libsss_sudo-devel = %version-%release
Obsoletes: libsss_sudo-devel < %version-%release Obsoletes: libsss_sudo-devel < %version-%release
# No provides: true obsolete. # No provides: true obsolete.
Obsoletes: libsss_sudo1 Obsoletes: libsss_sudo1
Supplements: packageand(sudo:sssd-client)
%description -n libsss_sudo %description -n libsss_sudo
A utility library to allow communication between sudo and SSSD. A utility library to allow communication between sudo and SSSD.
@ -335,7 +345,7 @@ export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
# help configure find nscd # help configure find nscd
export PATH="$PATH:/usr/sbin" export PATH="$PATH:/usr/sbin"
autoreconf -fi; autoreconf -fiv;
%configure \ %configure \
--with-crypto=libcrypto \ --with-crypto=libcrypto \
--with-db-path="%dbpath" \ --with-db-path="%dbpath" \
@ -374,6 +384,10 @@ install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd";
ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd" ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd"
%endif %endif
mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
%_libdir/%name/modules
EOF
find "$b" -type f -name "*.la" -delete; find "$b" -type f -name "*.la" -delete;
%if %suse_version <= 1110 %if %suse_version <= 1110
@ -441,7 +455,7 @@ rm -f /var/lib/sss/db/*.ldb
%_sbindir/sssd %_sbindir/sssd
%_sbindir/rcsssd %_sbindir/rcsssd
%dir %_mandir/??/ %dir %_mandir/??/
%dir %_mandir/??/man?/ %dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_* %_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5* %_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5* %_mandir/??/man5/sssd-sudo.5*
@ -458,7 +472,8 @@ rm -f /var/lib/sss/db/*.ldb
%_libdir/%name/libsss_debug* %_libdir/%name/libsss_debug*
%_libdir/%name/libsss_simple* %_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util* %_libdir/%name/libsss_util*
%_libdir/%name/modules/ %dir %_libdir/%name/modules/
%_libdir/%name/modules/libsss_autofs.so
%dir %_libdir/ldb/ %dir %_libdir/ldb/
%_libdir/ldb/memberof.so %_libdir/ldb/memberof.so
%dir %_libexecdir/%name/ %dir %_libexecdir/%name/
@ -489,6 +504,9 @@ rm -f /var/lib/sss/db/*.ldb
/%_lib/security/pam_sss.so /%_lib/security/pam_sss.so
%_libdir/cifs-utils/ %_libdir/cifs-utils/
%_libdir/krb5/ %_libdir/krb5/
%if %have_localauth
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%endif
%_mandir/??/man8/pam_sss.8* %_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8* %_mandir/man8/pam_sss.8*
@ -504,9 +522,7 @@ rm -f /var/lib/sss/db/*.ldb
%dir %_datadir/%name/ %dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf %_datadir/%name/sssd.api.d/sssd-ad.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-ad.5* %_mandir/man5/sssd-ad.5*
%_mandir/??/man5/sssd-ad.5*
%files dbus %files dbus
%defattr(-,root,root) %defattr(-,root,root)
@ -515,6 +531,8 @@ rm -f /var/lib/sss/db/*.ldb
%dir %_libdir/sssd/ %dir %_libdir/sssd/
%_libdir/sssd/libsss_config.so %_libdir/sssd/libsss_config.so
%_mandir/man5/sssd-ifp.5* %_mandir/man5/sssd-ifp.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5* %_mandir/??/man5/sssd-ifp.5*
#%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf #%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
#%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service #%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
@ -526,9 +544,7 @@ rm -f /var/lib/sss/db/*.ldb
%dir %_datadir/%name/ %dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d %dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf %_datadir/%name/sssd.api.d/sssd-ipa.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-ipa.5* %_mandir/man5/sssd-ipa.5*
%_mandir/??/man5/sssd-ipa.5*
%files krb5 %files krb5
%defattr(-,root,root) %defattr(-,root,root)
@ -537,6 +553,7 @@ rm -f /var/lib/sss/db/*.ldb
%dir %_datadir/%name/ %dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf %_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/
%dir %_mandir/??/man5/ %dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5* %_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5* %_mandir/??/man5/sssd-krb5.5*
@ -556,9 +573,10 @@ rm -f /var/lib/sss/db/*.ldb
%dir %_datadir/%name/ %dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/ %dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf %_datadir/%name/sssd.api.d/sssd-ldap.conf
%_mandir/man5/sssd-ldap.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/ %dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5* %_mandir/??/man5/sssd-ldap.5*
%_mandir/man5/sssd-ldap.5*
%files proxy %files proxy
%defattr(-,root,root) %defattr(-,root,root)
@ -587,6 +605,21 @@ rm -f /var/lib/sss/db/*.ldb
%_mandir/??/man8/sss_*.8* %_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8* %_mandir/man8/sss_*.8*
%files wbclient
%defattr(-,root,root)
%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf
%dir %_libdir/sssd/
%dir %_libdir/sssd/modules/
%_libdir/sssd/modules/libwbclient.so.*
%files wbclient-devel
%defattr(-,root,root)
%_includedir/wbclient_sssd.h
%dir %_libdir/sssd/
%dir %_libdir/sssd/modules/
%_libdir/sssd/modules/libwbclient.so
%_libdir/pkgconfig/wbclient_sssd.pc
%files -n libipa_hbac0 %files -n libipa_hbac0
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libipa_hbac.so.0* %_libdir/libipa_hbac.so.0*
@ -597,6 +630,11 @@ rm -f /var/lib/sss/db/*.ldb
%_libdir/libipa_hbac.so %_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc %_libdir/pkgconfig/ipa_hbac.pc
%files -n libnfsidmap-sss
%defattr(-,root,root)
%_libdir/libnfsidmap/
%_mandir/man5/sss_rpcidmapd.5*
%files -n libsss_idmap0 %files -n libsss_idmap0
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libsss_idmap.so.0* %_libdir/libsss_idmap.so.0*