forked from pool/sssd
Accepting request 34177 from network:ldap
Copy from network:ldap/sssd based on submit request 34177 from user rhafer OBS-URL: https://build.opensuse.org/request/show/34177 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=1
This commit is contained in:
parent
6492cfd9b5
commit
ec865ab044
@ -1,27 +0,0 @@
|
||||
From 303d096f920801f7b06a7ad406ea83b4cd0219da Mon Sep 17 00:00:00 2001
|
||||
From: David Disseldorp <ddiss@samba.org>
|
||||
Date: Tue, 6 May 2014 15:56:42 +0200
|
||||
Subject: [PATCH] build: detect endianness at configure time
|
||||
|
||||
WORDS_BIGENDIAN, HAVE_BIG_ENDIAN and HAVE_LITTLE_ENDIAN are needed by
|
||||
Samba. See Samba's byteorder.h header for an example.
|
||||
|
||||
Signed-off-by: David Disseldorp <ddiss@samba.org>
|
||||
---
|
||||
configure.ac | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
Index: sssd-1.13.3/configure.ac
|
||||
===================================================================
|
||||
--- sssd-1.13.3.orig/configure.ac
|
||||
+++ sssd-1.13.3/configure.ac
|
||||
@@ -428,6 +428,9 @@ AM_CONDITIONAL([HAVE_DEVSHM], [test -d /
|
||||
ENABLE_POLKIT_RULES_PATH
|
||||
AM_CONDITIONAL([HAVE_POLKIT_RULES_D], [test x$HAVE_POLKIT_RULES_D != x])
|
||||
|
||||
+AC_C_BIGENDIAN([AC_DEFINE(HAVE_BIG_ENDIAN, [1], [whether platform is big endian])],
|
||||
+ [AC_DEFINE(HAVE_LITTLE_ENDIAN, [1], [whether platform is little endian])])
|
||||
+
|
||||
abs_build_dir=`pwd`
|
||||
AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory])
|
||||
AC_SUBST([abs_builddir], $abs_build_dir)
|
@ -1,4 +0,0 @@
|
||||
sssd
|
||||
supplements "packageand(sssd:pam-<targettype>)"
|
||||
supplements "packageand(sssd:glibc-<targettype>)"
|
||||
-/usr/lib(64)?/*
|
3
sssd-1.0.5.tar.gz
Normal file
3
sssd-1.0.5.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2f3a8dca78a14b03e1a273fa7cfe5598120b83aa7477ab4c467a7dcd655c9017
|
||||
size 2688987
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3fd8fe8e6ee9f50b33eecd1bcccfaa44791f30d4e5f3113ba91457ba5f411f85
|
||||
size 4661143
|
@ -1,7 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v1
|
||||
|
||||
iEYEABECAAYFAlZwc5IACgkQHsardTLnvCXyOgCg20lBb2owmQRYRjPZClBcn9+y
|
||||
GU4AnR/tg+KqvfA/djm5yoV4/Ys3LA2g
|
||||
=zefD
|
||||
-----END PGP SIGNATURE-----
|
847
sssd.changes
847
sssd.changes
@ -1,850 +1,3 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Dec 16 14:08:01 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Update to new maintenance release 1.13.3
|
||||
* A bug that prevented user lookups and logins after migration from
|
||||
winsync to IPA-AD trusts was fixed.
|
||||
* A bug that prevented the ignore_group_members option from working
|
||||
correctly in AD provider setups that use a dedicated primary
|
||||
group (as opposed to a user-private group) was fixed.
|
||||
* Offline detection and offline login timeouts were improved for AD
|
||||
users logging in from a domain trusted by an IPA server.
|
||||
* The AD provider supports setting up autofs_provider=ad .
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 20 10:39:56 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.13.2
|
||||
* Initial support for Smart Card authentication was added.
|
||||
* The PAM prompting was enhanced so that when Two-Factor
|
||||
Authentication is used, both factors (password and token) can be
|
||||
entered separately on separate prompts.
|
||||
* This release supports authenticating againt a KDC proxy.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 30 11:44:21 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- Update to new upstream release 1.13.1
|
||||
* Initial support for Smart Card authentication was added. The
|
||||
feature can be activated with the new pam_cert_auth option.
|
||||
* The PAM prompting was enhanced so that when Two-Factor
|
||||
Authentication is used, both factors (password and token) can
|
||||
be entered separately on separate prompts. At the same time,
|
||||
only the long-term password is cached, so offline access would
|
||||
still work using the long term password.
|
||||
* A new command line tool sss_override is present in this
|
||||
release. The tools allows to override attributes on the SSSD
|
||||
side. It's helpful in environment where e.g. some hosts need to
|
||||
have a different view of POSIX attributes than others. Please
|
||||
note that the overrides are stored in the cache as well, so
|
||||
removing the cache will also remove the overrides.
|
||||
* Several enhancements to the dynamic DNS update code. Notably,
|
||||
clients that update multiple interfaces work better with this
|
||||
release.
|
||||
* This release supports authenticating againt a KDC proxy
|
||||
* The fail over code was enhanced so that if a trusted domain is
|
||||
not reachable, only that domain will be marked as inactive but
|
||||
the backed would stay in online mode.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Aug 20 08:34:44 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.13
|
||||
* Support for separate prompts when using two-factor authentication
|
||||
* Added support for one-way trusts between an IPA and Active
|
||||
Directory environment. (Depends on IPA 4.2)
|
||||
* The fast memory cache now also supports the initgroups operation.
|
||||
* The PAM responder is now capable of caching authentication for
|
||||
configurable period, which might reduce server load in cases
|
||||
where accounts authenticate very frequently.
|
||||
Refer to the "cached_auth_timeout" option in sssd.conf(5).
|
||||
* The Active Directory provider has changed the default value of
|
||||
the "ad_gpo_access_control" option from permissive to enforcing.
|
||||
As a consequence, the GPO access control now affects all clients
|
||||
that set access_provider to ad. In order to restore the previous
|
||||
behaviour, set ad_gpo_access_control to permissive or use a
|
||||
different access_provider type.
|
||||
* Group Policy objects defined in a different AD domain that the
|
||||
computer object is defined in are now supported.
|
||||
* Credential caching and Offline authentication are also available
|
||||
when using two-factor authentication
|
||||
* The Python bindings are now built for both Python2 and Python3.
|
||||
* The LDAP bind timeout, StartTLS timeout and password change
|
||||
timeout are now configurable using the ldap_opt_timeout option.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 12 18:20:25 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Kill unused libsss_sudo-devel solvable.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 11 07:41:07 UTC 2015 - hguo@suse.com
|
||||
|
||||
- Obsolete/provide libsss_sudo in sssd main package.
|
||||
Sudo capability is an integral feature in SSSD and the library
|
||||
is not supposed to be used separately.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 25 16:44:49 UTC 2015 - crrodriguez@opensuse.org
|
||||
|
||||
- sssd.service: add Before= and Wants=nss-user-lookup.target
|
||||
correct fix for bsc#926961
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 14 17:44:20 UTC 2015 - michael@stroeder.com
|
||||
|
||||
- Update to new upstream release 1.12.5
|
||||
* The background refresh tasks now supports refreshing users and
|
||||
groups as well. See the "refresh_expired_interval" parameter in
|
||||
the sssd.conf manpage.
|
||||
* A new option subdomain_inherit was added.
|
||||
* When an expired account attempts to log in, a configurable
|
||||
error message can be displayed with sufficient pam_verbosity
|
||||
setting. See the "pam_account_expired_message" option.
|
||||
* OpenLDAP ppolicy can be honored even when an alternate login
|
||||
method (such as SSH key) is used. See the "ldap_access_order"
|
||||
option.
|
||||
* A new option :krb5_map_user" was added, allowing the admin to
|
||||
map UNIX usernames to Kerberos principals.
|
||||
* BUG FIXES:
|
||||
* Fixed AD-specific bugs that resulted in the incorrect set of
|
||||
groups being displayed after the initgroups operation.
|
||||
* Fixes related to the IPA ID views feature. Setups using this
|
||||
should update sssd on both IPA servers and clients.
|
||||
* The AD provider now handles binary GUIDs correctly.
|
||||
* A bug that prevented the `ignore_group_members` parameter to be
|
||||
used with the AD provider was fixed.
|
||||
* The failover code now reads and honors TTL value for SRV
|
||||
queries as well.
|
||||
* Race condition between setting the timeout in the back ends and
|
||||
reading it in the front end during initgroup operation was
|
||||
fixed. This bug affected applications that perform the
|
||||
initgroups(3) operation in multiple processes simultaneously.
|
||||
* Setups that only want to use the domain SSSD is connected to,
|
||||
but not the autodiscovered trusted domains by setting
|
||||
`subdomains_provider=none` now work correctly as long as the
|
||||
domain SID is set manually in the config file.
|
||||
* In case only "allow" rules are used, the simple access provider
|
||||
is now able to skip unresolvable groups.
|
||||
* The GPO access control code now handles situations where user
|
||||
and computer objects were in different domains.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 19 10:51:22 UTC 2015 - hguo@suse.com
|
||||
|
||||
- Update to new upstream release 1.12.4 (Changelog highlights following)
|
||||
* This is mostly a bug fixing release with only minor enhancements
|
||||
visible to the end user.
|
||||
* Contains many fixes and enhancements related to the ID views
|
||||
functionality of FreeIPA servers.
|
||||
* Several fixes related to retrieving AD group membership in an
|
||||
IPA-AD trust scenario.
|
||||
* Fixes a bug where the GPO access control previously didn't work
|
||||
at all if debugging was enabled in smb.conf.
|
||||
* SSSD can now be pinned to a particular AD site instead of
|
||||
autodiscovering the site.
|
||||
* A regression that caused setting the SELinux context for IPA users
|
||||
to fail, was fixed.
|
||||
* Fixed a potential crash caused by a double-free error when an SSSD
|
||||
service was killed by the monitor process.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Feb 16 10:09:18 UTC 2015 - howard@localhost
|
||||
|
||||
- A minor rpmspec cleanup to get rid of five rpmlint warnings
|
||||
* Remove mentioning of system-wide dbus configuration file from comments.
|
||||
* Remove traditional init script.
|
||||
* Remove compatibility for producing packages on older OpenSUSE releases.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 8 22:23:42 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.12.3
|
||||
* SSSD now allows the IPA client to move from one ID view to
|
||||
another after SSSD restart.
|
||||
* It is possible to apply ID views to IPA domains as well.
|
||||
Previous SSSD versions only allowed views to be applied to AD
|
||||
trusted domains.
|
||||
* Overriding SSH public keys is supported in this release.
|
||||
* Move semanage related functions to a separate library.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 1 22:01:02 UTC 2015 - meissner@suse.com
|
||||
|
||||
- build with PIE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Nov 10 00:37:00 UTC 2014 - Led <ledest@gmail.com>
|
||||
|
||||
- fix bashism in postun script
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 30 12:22:06 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.12.2 (bugfix release, bnc#900159)
|
||||
* Fixed a regression where the IPA provider did not fetch User
|
||||
Private Groups correctly
|
||||
* An important bug in the GPO access control which resulted in a
|
||||
wrong principal being used, was fixed.
|
||||
* Several new options are available for deployments that need to
|
||||
restrict a certain PAM service from connecting to a certain SSSD
|
||||
domain. For more details, see the description of
|
||||
pam_trusted_users and pam_public_domains options in the
|
||||
sssd.conf(5) man page and the domains option in the pam_sss(8)
|
||||
man page.
|
||||
* When SSSD is acting as an IPA client in setup with trusted AD
|
||||
domains, it is able to return group members or full group
|
||||
memberships for users from trusted AD domains.
|
||||
* Support for the "views" feature of IPA.
|
||||
- Remove 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
|
||||
(merged upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 11 13:36:48 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Add 0001-build-call-AC_BUILD_AUX_DIR-before-anything-else.patch
|
||||
to workaround bad autoconf invocation
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Oct 11 00:16:15 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
- 0001-build-detect-endianness-at-configure-time.patch
|
||||
Correct defective endianness test.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 6 13:25:23 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.12.1
|
||||
* The GPO access control was further enhanced to allow the access
|
||||
control decisions while offline and map the Windows logon
|
||||
rights onto Linux PAM services.
|
||||
* The SSSD now ships a plugin for the rpc.idmapd daemon,
|
||||
sss_rpcidmapd(5).
|
||||
* A MIT Kerberos localauth plugin was added to SSSD. This plugin
|
||||
helps translating principals to user names in IPA-AD trust
|
||||
scenarios, allowing the krb5.conf configuration to be less
|
||||
complex.
|
||||
* A libwbclient plugin implementation is now part of the SSSD.
|
||||
The main purpose is to map Active Directory users and groups
|
||||
identified by their SID to POSIX users and groups for the
|
||||
file-server use-case.
|
||||
* Active Directory users ca nnow use their User Logon Name to log
|
||||
in.
|
||||
* The sss_cache tool was enhanced to allow invalidating the SSH
|
||||
host keys.
|
||||
* Groups without full POSIX information can now be used to enroll
|
||||
group membership (CVE-2014-0249).
|
||||
* Detection of transition from offline to online state was
|
||||
improved, resulting in fewer timeouts when SSSD is offline.
|
||||
* The Active Directory provider now correctly detects Windows
|
||||
Server 2012 R2. Previous versions would fall back to the slower
|
||||
non-AD path with 2012 R2.
|
||||
* Several other bugs related to deployments where SSSD is acting
|
||||
as an AD client were fixed.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 22 15:44:14 UTC 2014 - lchiquitto@suse.com
|
||||
|
||||
- The utility sss_obfuscate uses the Python module pysss, so add a
|
||||
dependency on python-sssd-config to sssd-tools (bnc#890242)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Aug 10 12:20:50 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.12.0
|
||||
* A new responder, called InfoPipe was added. This responder
|
||||
provides a public D-Bus interface accessible over the system bus.
|
||||
In this release, methods for retrieving user attributes and list
|
||||
of groups were added as well as objects representing SSSD domains
|
||||
and processes. (The next 1.12.x releases will publish objects
|
||||
representing users and groups, too.)
|
||||
* SSSD provides an ID-mapping plugin for cifs-utils so that Windows
|
||||
SIDs can be mapped onto POSIX IDs and/or names without requiring
|
||||
Winbind and using the same code as the SSSD uses for identity
|
||||
information.
|
||||
* First phase of Group Policy-based access control for the AD
|
||||
provider was added. At the moment, the gpo-ldap component that
|
||||
downloads the list of GPOs that apply for the specific client has
|
||||
been implemented as well as the gpo-smb component that retrieves
|
||||
the group policy files and determines the access control check
|
||||
results based on those files. Future improvements will focus on
|
||||
storing the GPO policies as local files and mapping the Windows
|
||||
logon rights onto Linux PAM services.
|
||||
* Added a new library called sss_sifp that provides a simple
|
||||
synchronous API for communication with our new InfoPipe responder
|
||||
over the system bus.
|
||||
- Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch
|
||||
(merged upstream)
|
||||
- Provide "rcsssd" in systemd environments
|
||||
- Ensure sssd is always startable by removing /var/lib/sss/db/*.ldb
|
||||
on package installation so as to avoid potentially cache
|
||||
format incompatibility which would cause sssd to exit
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 12 14:18:30 UTC 2014 - ckornacker@suse.com
|
||||
|
||||
- fix %postun to not erroneously remove sss pam module
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 27 16:56:42 UTC 2014 - crrodriguez@opensuse.org
|
||||
|
||||
- Switch to libnl-3 so we can get rid of libnl-1.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat May 24 14:36:43 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Redo 0001-build-detect-endianness-at-configure-time.patch to be -p1
|
||||
- Add 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch
|
||||
to resolve runtime loading problems
|
||||
(http://lists.opensuse.org/opensuse-factory/2014-05/msg00181.html )
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 13 11:11:59 UTC 2014 - varkoly@suse.com
|
||||
|
||||
- bnc#877457 - 78 Configuration file /usr/lib/systemd/system/sssd.service is marked executable.
|
||||
Please remove executable permission bits.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue May 6 14:01:29 UTC 2014 - ddiss@suse.com
|
||||
|
||||
- Detect endianness at configure time, for use by Samba's byteorder.h header;
|
||||
(bnc#876544).
|
||||
+ 0001-build-detect-endianness-at-configure-time.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 29 10:00:57 UTC 2014 - varkoly@suse.com
|
||||
|
||||
- Update to new upstream release 1.11.5.1
|
||||
* sssd crashes after upgrade from 1.11.4 to 1.11.5 when using a samba4 domain
|
||||
* SSSD pam module accepts usernames with leading spaces
|
||||
* [RFE] Expose the list of trusted domains to IPA
|
||||
* If both IPA and LDAP are set up with enumeration on, two enum tasks are running
|
||||
* sssd.conf man pages don't list a configuration option.
|
||||
* Make SSSD compilable on systems with non-standard paths to krb5 includes
|
||||
* [freebsd] pam_sss: add ignore_unknown_user option
|
||||
* MAN: Remove misleading memberof example from ldap_access_filter example
|
||||
* not retrieving homedirs of AD users with posix attributes
|
||||
* Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes
|
||||
* Check IPA idranges before saving them to the cache
|
||||
* Evaluate usage of sudo LDAP provider together with the AD provider
|
||||
* Setting int option to 0 yields the default value
|
||||
* ipa-server-mode: Use lower-case user name component in home dir path
|
||||
* SSSD Does not cache SELinux map from FreeIPA correctly
|
||||
* IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in
|
||||
* sssd fails to handle expired passwords when OTP is used
|
||||
* Add another Kerberos error code to trigger IPA password migration
|
||||
* Double OK when starting the service
|
||||
* SSSD should create the SELinux mapping file with format expected by pam_selinux
|
||||
* Valgrind: Invalid read of int while processing netgroup
|
||||
* other subdomains are unavailable when joined to a subdomain in the ad forest
|
||||
* Error during password change
|
||||
* configure time variables not expanded when running ./configure
|
||||
* RHEL7 IPA selinuxusermap hbac rule not always matching
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 7 15:18:34 UTC 2014 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.11.4
|
||||
* The simple access provider supports specifying users and groups
|
||||
using their NetBIOS domain name (such as DOMAIN\username)
|
||||
* Support for enumerating users and groups from trusted AD domains
|
||||
was added to the AD provider
|
||||
* The Active Directory site discovery was made more robust for
|
||||
configurations which use multiple trusted domains
|
||||
* Several bugs in the LDAP provider that affected setups which
|
||||
mapped Windows SIDs to POSIX IDs were fixed
|
||||
* The SSSD is now able to use One Time Password (OTP)
|
||||
authentication configured on an IPA server.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 20 21:54:58 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.11.3
|
||||
* The AD provider is able to resolve group memberships for groups
|
||||
with Global and Universal scope
|
||||
* The initgroups (get groups for user) operation for users from
|
||||
trusted AD domains was made more reliable by reading the required
|
||||
tokenGroups attribute from LDAP instead of Global Catalog
|
||||
* A new option ad_enable_gc was added to the AD provider. This
|
||||
option allows the administrator to force SSSD to talk to LDAP
|
||||
port only and never try the Global Catalog
|
||||
* The AD provider is now able to leverage the tokenGroups attribute
|
||||
even when POSIX attributes are used, providing better performance
|
||||
during logins.
|
||||
* A memory leak in the NSS responder that affected long-lived
|
||||
clients that requested netgroup data was fixed
|
||||
- Remove sssd-ldflags.diff (merged upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 28 16:51:39 UTC 2013 - ckornacker@suse.com
|
||||
|
||||
- Migrate deprecated krb5_kdcip variable to krb5_server (bnc#851048)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 1 22:12:03 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.11.2
|
||||
* A new option ad_access_filter was added. This option allows the
|
||||
administrator to easily configure LDAP search filter that the users
|
||||
logging in must match in order to be granted access.
|
||||
* The Kerberos provider will no longer try to create public
|
||||
directories when evaluating the krb5_ccachedir option.
|
||||
- Remove 0005-implicit-decl.diff (merged upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 3 21:12:37 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.11.0
|
||||
* The sudo integration was made more robust. SSSD is now able to
|
||||
gracefully handle situations where it is not able to resolve the
|
||||
client host name or sudo rules have multiple name attributes.
|
||||
* Several nested group membership bugs were fixed
|
||||
* The PAC responder was made more robust and efficient, modifying
|
||||
existing cache entries instead of always recreating them.
|
||||
* The Kerberos provider now supports the new KEYRING ccache type.
|
||||
- Remove sssd-no-ldb-check.diff, now implemented through a
|
||||
configure argument --disable-ldb-version-check
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 16 16:11:42 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Explicitly formulate SASL BuildRequires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 2 09:20:49 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.9.5
|
||||
* Includes a fix for CVE-2013-0287: A simple access provider flaw
|
||||
prevents intended ACL use when SSSD is configured as an Active
|
||||
Directory client.
|
||||
* Fixed spurious password expiration warning that was printed on
|
||||
login with the Kerberos back end.
|
||||
* A new option ldap_rfc2307_fallback_to_local_users was added. If
|
||||
this option is set to true, SSSD is be able to resolve local
|
||||
group members of LDAP groups.
|
||||
* Fixed an indexing bug that prevented the contents of autofs maps
|
||||
from being returned to the automounter deamon in case the map
|
||||
contained a large number of entries.
|
||||
* Several fixes for safer handling of Kerberos credential caches
|
||||
for cases where the ccache is set to be stored in a DIR: type.
|
||||
- Remove Provide-a-be_get_account_info_send-function.patch,
|
||||
Add-unit-tests-for-simple-access-test-by-groups.patch,
|
||||
Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch,
|
||||
Resolve-GIDs-in-the-simple-access-provider.patch
|
||||
(CVE-2013-0287 material is in upstream),
|
||||
sssd-sysdb-binary-attrs.diff (merged upstream)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 5 16:35:07 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Implement signature verification
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 20 10:05:00 UTC 2013 - rhafer@suse.com
|
||||
|
||||
- Fixed security issue: CVE-2013-0287 (bnc#809153):
|
||||
When SSSD is configured as an Active Directory client by using
|
||||
the new Active Directory provider or equivalent configuration
|
||||
of the LDAP provider, the Simple Access Provider does not
|
||||
handle access control correctly. If any groups are specified
|
||||
with the simple_deny_groups option, the group members are
|
||||
permitted access. New patches:
|
||||
* Provide-a-be_get_account_info_send-function.patch
|
||||
* Add-unit-tests-for-simple-access-test-by-groups.patch
|
||||
* Do-not-compile-main-in-DP-if-UNIT_TESTING-is-defined.patch
|
||||
* Resolve-GIDs-in-the-simple-access-provider.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 26 08:29:43 UTC 2013 - jengelh@inai.de
|
||||
|
||||
- Resolve user retrieval problems when encountering binary data
|
||||
in LDAP attributes (bnc#806078),
|
||||
added sssd-sysdb-binary-attrs.diff
|
||||
- Added sssd-no-ldb-check.diff so that SSSD continues to start
|
||||
even after an LDB update.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 8 10:31:52 UTC 2013 - rhafer@suse.com
|
||||
|
||||
- fix package name in baselibs.conf (bnc#796423)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 31 16:34:47 UTC 2013 - rhafer@suse.com
|
||||
|
||||
- update to 1.9.4 (bnc#801036):
|
||||
* A security bug assigned CVE-2013-0219 was fixed - TOCTOU race
|
||||
conditions when creating or removing home directories for users
|
||||
in local domain
|
||||
* A security bug assigned CVE-2013-0220 was fixed - out-of-bounds
|
||||
reads in autofs and ssh responder
|
||||
* The sssd_pam responder processes pending requests after
|
||||
reconnect
|
||||
* A serious memory leak in the NSS responder was fixed
|
||||
* Requests that were processing group entries with DNs pointing
|
||||
out of any configured search bases were not terminated
|
||||
correctly, causing long timeouts
|
||||
* Kerberos tickets are correctly renewed even after SSSD daemon
|
||||
restart
|
||||
* Multiple fixes related to SUDO integration, in particular
|
||||
fixing functionality when the sssd back end process was
|
||||
changing its online/offline status
|
||||
* The pwd_exp_warning option was fixed to function as documented
|
||||
in the manual page
|
||||
- refreshed sssd-ldflags.diff to apply cleanly
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 10 09:55:35 UTC 2012 - rhafer@suse.com
|
||||
|
||||
- Removed left-over "Requires" for no longer existing sssd-client
|
||||
subpackage.
|
||||
- New patch: sssd-ldflags.diff to fix link failures due to erroneous
|
||||
LDFLAGS usage
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 6 10:38:59 UTC 2012 - rhafer@suse.com
|
||||
|
||||
- Switch back to using libcrypto instead of mozilla-nss as it seems
|
||||
to be supported upstream again, cf.
|
||||
https://lists.fedorahosted.org/pipermail/sssd-devel/2012-June/010202.html
|
||||
- Cleanup PAM configuration after uninstalling sssd (bnc#788328)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Dec 6 09:05:29 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.9.3
|
||||
* Many fixes related to deployments where the SSSD is running as
|
||||
a client of IPA server with trust relation established with an
|
||||
Active Directory server
|
||||
* Multiple fixes related to correct reporting of group
|
||||
memberships, especially in setups that use nested groups
|
||||
* Fixed a bug that prevented upgrade from the 1.8 series if the
|
||||
cache contained nested groups before the upgrade
|
||||
* Restarting the responders is more robust for cases where the
|
||||
machine is under heavy load during back end restart
|
||||
* The default_shell option can now be also set per-domain in
|
||||
addition to global setting.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Nov 10 00:27:06 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.9.2
|
||||
* Users or groups from trusted domains can be retrieved by UID or
|
||||
GID as well
|
||||
* Several fixes that mitigate file descriptor leak during logins
|
||||
* SSH host keys are also removed from the cache after being
|
||||
removed from the server
|
||||
* Fix intermittent crash in responders if the responder was
|
||||
shutting down while requests were still pending
|
||||
* Catch an error condition that might have caused a tight loop in
|
||||
the sssd_nss process while refreshing expired enumeration request
|
||||
* Fixed memory hierarchy of subdomains discovery requests that
|
||||
caused use-after-free access bugs
|
||||
* The krb5_child and ldap_child processes can print libkrb5 tracing
|
||||
information in the debug logs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 27 12:32:05 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.8.93 (1.9.0~beta3)
|
||||
* Add native support for autofs to the IPA provider
|
||||
* Support for id mapping when connecting to Active Directory
|
||||
* Support for handling very large (> 1500 users) groups in
|
||||
Active Directory
|
||||
* Add a new fast in-memory cache to speed up lookups of cached data
|
||||
on repeated requests
|
||||
* Add support for the Kerberos DIR cache for storing multiple TGTs
|
||||
automatically
|
||||
* Add a new PAC responder for dealing with cross-realm Kerberos
|
||||
trusts
|
||||
* Terminate idle connections to the NSS and PAM responders
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 10 04:22:47 UTC 2012 - jengelh@inai.de
|
||||
|
||||
- Update to new upstream release 1.8.3
|
||||
* LDAP: Handle situations where the RootDSE is not available
|
||||
anonymously
|
||||
* LDAP: Fix regression for users using non-standard LDAP attributes
|
||||
for user information
|
||||
- Switch from openssl to mozilla-nss, as this is the officially
|
||||
supported crypto integration
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 13 13:03:44 PDT 2012 - ben.kevan@gmail.com
|
||||
|
||||
- Fix build error on SLES 11 builds
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 9 21:45:45 PDT 2012 - ben.kevan@gmail.com
|
||||
|
||||
- Add suse_version condition for glib over libunistring for
|
||||
SLES 11 SP2.
|
||||
- Update to new upstream release 1.8.2
|
||||
* Fix for GSSAPI binds when the keytab contains unrelated
|
||||
principals
|
||||
* Workarounds added for LDAP servers with unreadable RootDSE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 4 16:13:33 PDT 2012 - ben.kevan@gmail.com
|
||||
|
||||
- Update to new upstream release 1.8.1
|
||||
* Resolve issue where we could enter an infinite loop trying to
|
||||
connect to an auth server
|
||||
|
||||
-------------------------------------------------------------------
|
||||
|
||||
Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de
|
||||
|
||||
- Update to new upstream release 1.8.0
|
||||
* Support for the service map in NSS
|
||||
* Support for setting default SELinux user context from FreeIPA
|
||||
* Support for retrieving SSH user and host keys from LDAP
|
||||
* Support for caching autofs LDAP requests
|
||||
* Support for caching SUDO rules
|
||||
* Include the IPA AutoFS provider
|
||||
* Fixed several memory-corruption bugs
|
||||
* Fixed a regression in the proxy provider
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Oct 19 13:56:57 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Fixed systemd related packaging issues (bnc#724157)
|
||||
- fixed build on older openSUSE releases
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 19 17:07:24 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Resolve "have choice for libnl-devel:
|
||||
libnl-1_1-devel libnl3-devel"
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 2 08:46:53 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Fixed typos in configure args
|
||||
- Cherry-picked password policy fixes from 1.5 branch (bnc#705768)
|
||||
- switched to fd-leak fix cherry-picked from 1.5 branch
|
||||
- Add /usr/sbin to the search path to make configure find nscd
|
||||
(bnc#709747)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 29 10:39:51 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Add patches to fix an fd leak in sssd_pam
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 28 10:03:32 UTC 2011 - jengelh@medozas.de
|
||||
|
||||
- Update to new upstream release 1.5.11
|
||||
* Support for overriding home directory, shell and primary GID
|
||||
locally
|
||||
* Properly honor TTL values from SRV record lookups
|
||||
* Support non-POSIX groups in nested group chains (for RFC2307bis
|
||||
LDAP servers)
|
||||
* Properly escape IPv6 addresses in the failover code
|
||||
* Do not crash if inotify fails (e.g. resource exhaustion)
|
||||
- Remove redundant %clean section; delete .la files more
|
||||
efficiently
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jun 7 08:59:04 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Update to 1.5.8:
|
||||
* Support for the LDAP paging control
|
||||
* Support for multiple DNS servers for name resolution
|
||||
* Fixes for several group membership bugs
|
||||
* Fixes for rare crash bugs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 4 09:22:20 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Update to 1.5.7
|
||||
* A flaw was found in the handling of cached passwords when
|
||||
kerberos renewal tickets is enabled. Due to a bug, the cached
|
||||
password was overwritten with a (moderately) predictable
|
||||
filename, which could allow a user to authenticate as someone
|
||||
else if they knew the name of the cache file (bnc#691135,
|
||||
CVE-2011-1758)
|
||||
- Changes in 1.5.6:
|
||||
* Fixed a serious memory leak in the memberOf plugin
|
||||
* Fixed a regression with the negative cache that caused it to be
|
||||
essentially nonfunctional
|
||||
* Fixed an issue where the user's full name would sometimes be
|
||||
removed from the cache
|
||||
* Fixed an issue with password changes in the kerberos provider
|
||||
not working with kpasswd
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 14 11:31:38 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Update to 1.5.5
|
||||
* Fixes for several crash bugs
|
||||
* LDAP group lookups will no longer abort if there is a
|
||||
zero-length member attribute
|
||||
* Add automatic fallback to 'cn' if the 'gecos' attribute does not
|
||||
exist
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 30 09:47:23 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Should build in SLE-11-SP1 now
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 29 13:23:57 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Updated to 1.5.4
|
||||
* Fixes for Active Directory when not all users and groups have
|
||||
POSIX attributes
|
||||
* Fixes for handling users and groups that have name aliases
|
||||
(aliases are ignored)
|
||||
* Fix group memberships after initgroups in the IPA provider
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 24 15:42:02 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Updated to 1.5.3
|
||||
* Support for libldb >= 1.0.0
|
||||
* Proper detection of manpage translations
|
||||
* Changes between 1.5.1 and 1.5.2
|
||||
* Fixes for support of FreeIPA v2
|
||||
* Fixes for failover if DNS entries change
|
||||
* Improved sss_obfuscate tool with better interactive mode
|
||||
* Fix several crash bugs
|
||||
* Don't attempt to use START_TLS over SSL. Some LDAP servers
|
||||
can't handle this
|
||||
* Delete users from the local cache if initgroups calls return
|
||||
'no such user' (previously only worked for getpwnam/getpwuid)
|
||||
* Use new Transifex.net translations
|
||||
* Better support for automatic TGT renewal (now survives
|
||||
restart)
|
||||
* Netgroup fixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 8 13:22:58 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- Updated to 1.5.1
|
||||
* Vast performance improvements when enumerate = true
|
||||
* All PAM actions will now perform a forced initgroups lookup
|
||||
instead of just a user information lookup This guarantees that
|
||||
all group information is available to other providers, such as
|
||||
the simple provider.
|
||||
* For backwards-compatibility, DNS lookups will also fall back to
|
||||
trying the SSSD domain name as a DNS discovery domain.
|
||||
* Support for more password expiration policies in LDAP
|
||||
- 389 Directory Server
|
||||
- FreeIPA
|
||||
- ActiveDirectory
|
||||
* Support for ldap_tls_{cert,key,cipher_suite} config options
|
||||
* Assorted bugfixes
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 19 09:32:35 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- /var/lib/sss/pubconf was missing (bnc#665442)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jan 18 09:08:35 UTC 2011 - rhafer@suse.de
|
||||
|
||||
- It was possible to make sssd hang forever inside a loop in the
|
||||
PAM responder by sending a carefully crafted packet to sssd.
|
||||
This could be exploited by a local attacker to crash sssd and
|
||||
prevent other legitimate users from logging into the system.
|
||||
(bnc#660481, CVE-2010-4341)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Dec 19 13:37:32 UTC 2010 - aj@suse.de
|
||||
|
||||
- Own /etc/systemd directories to fix build.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 25 16:30:40 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- install systemd service file
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Nov 16 11:06:02 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- Updated to 1.4.1
|
||||
* Add support for netgroups to the LDAP and proxy providers
|
||||
* Fixes a minor bug with UIDs/GIDs >= 2^31
|
||||
* Fixes a segfault in the kerberos provider
|
||||
* Fixes a segfault in the NSS responder if a data provider crashes
|
||||
* Correctly use sdap_netgroup_search_base
|
||||
* the utility libraries libpath_utils1, libpath_utils-devel,
|
||||
libref_array1 and libref_array-devel moved to their own
|
||||
separate upstream project (ding-libs)
|
||||
* Performance improvements made to group processing of RFC2307
|
||||
LDAP servers
|
||||
* Fixed nested group issues with RFC2307bis LDAP servers without
|
||||
a memberOf plugin
|
||||
* Manpage reviewed and updated
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 13 12:23:47 UTC 2010 - coolo@novell.com
|
||||
|
||||
- remove hard coded python version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 3 13:17:48 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- No dependencies on %{release}
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 30 12:57:47 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- Updated to 1.3.1
|
||||
* Fixes to the HBAC backend for obsolete or removed HBAC entries
|
||||
* Improvements to log messages around TLS and GSSAPI for LDAP
|
||||
* Support for building in environments using --as-needed LDFLAGS
|
||||
* Vast performance improvement for initgroups on RFC2307 LDAP servers
|
||||
* Long-running SSSD clients (e.g. GDM) will now reconnect properly to the
|
||||
daemon if SSSD is restarted
|
||||
* Rewrote the internal LDB cache API. As a synchronous API it is now faster
|
||||
to access and easier to work with
|
||||
* Eugene Indenbom contributed a sizeable amount of code to the LDAP provider
|
||||
- We now handle failover situations much more reliably than we did
|
||||
previously
|
||||
- We also will now monitor the GSSAPI kerberos ticket and automatically
|
||||
renew it when appropriate, instead of waiting for a connection to fail
|
||||
* Support for netlink now allows us to more quickly detect situations
|
||||
where we may have come online
|
||||
* New option "dns_discovery_domain" allows better configuration for
|
||||
using SRV records for failover
|
||||
- New subpackages: libpath_utils1, libpath_utils-devel, libref_array1
|
||||
and libref_array-devel
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 31 14:02:43 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- Package pam- and nss-Modules as baselibs
|
||||
- cleaned up file list and dependencies
|
||||
- fixed init script dependencies
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 31 07:57:25 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- Updated to 1.1.0
|
||||
* Support for IPv6
|
||||
* Support for LDAP referrals
|
||||
* Offline failed login counter
|
||||
* Fix for the long-standing cache cleanup performance issues
|
||||
* libini_config, libcollection, libdhash, libref_array and
|
||||
libpath_utils are now built as shared libraries for general
|
||||
consumption (libref_array and libpath_utils are currently not
|
||||
packaged, as no component in sssd links against them)
|
||||
* Users get feedback from PAM if they authenticated offline
|
||||
* Native local backend now has a utility to show nested memberships
|
||||
(sss_groupshow)
|
||||
* New "simple" access provider for easy restriction of users
|
||||
- Backported libcrypto support from master to avoid Mozilla NSS
|
||||
dependency
|
||||
- Backported password policy improvments for LDAP provider from
|
||||
master
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 8 14:06:29 UTC 2010 - rhafer@novell.com
|
||||
|
||||
- use logfiles for debug messages by default
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Mar 5 12:57:25 UTC 2010 - rhafer@novell.com
|
||||
|
||||
|
34
sssd.keyring
34
sssd.keyring
@ -1,34 +0,0 @@
|
||||
pub 1024D/32E7BC25 2007-02-02
|
||||
uid Jakub Hrozek <jhrozek@redhat.com>
|
||||
sub 2048g/132DCA21 2007-02-02
|
||||
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Version: GnuPG v2.0.19 (GNU/Linux)
|
||||
|
||||
mQGiBEXDdfURBACLDLdnY7LeLJ7fh3HQWojKuMtJGV3tmTRtt58XnEf/FPJae0MU
|
||||
XQDAKJM7MDYf0yDNT6Nq6WMQDAIHznFdGRTTSaD97kMeYO11i60FfZ9nM88XJCv0
|
||||
R+OiWh8d7ChCG6riv/AUeNtg++casIQNB8xK9HKLFBS1e+q3b+rXTS9crwCg7FWX
|
||||
qZoZrm4lPlBZQltfhzdmvn8D/3CyvgtW5hwr7w+ScQcYnBxdVCtMPSEo541Ealjg
|
||||
q9Knn4sE9lnGjtG4RCYMT2Sideognk9Ah5nWOGynwta6cluCEqlF6ORJPKpAeqG1
|
||||
a2zpn3iSPbUiyRF+udta9sbwL0hsJTcPTGzvDZO/XtMoHSSyPi/Xum6R+jwISv7n
|
||||
TMQpA/0efY/Gy/SZrulBgQqKBMbaW2phvgRThph4n31IYrlSB6tAqN0G7VL6AFcs
|
||||
iOJZPhu0TNqEOSYE6Mh5/YBwRPnrKMHZYXiKOeUrfjvURVq+l5dTX7KNtbnCrhS+
|
||||
Rlgq1uin5L7g8QbAKMns32Mo1MxB5aN0YUL5pTbJuWL0Sb2Kb7QhSmFrdWIgSHJv
|
||||
emVrIDxqaHJvemVrQHJlZGhhdC5jb20+iF8EExECACAFAkXDdfUCGwMGCwkIBwMC
|
||||
BBUCCAMEFgIDAQIeAQIXgAAKCRAexqt1Mue8JSHBAKCjYF/HshYkJ8pSZTilLO0y
|
||||
bMWOFwCYlOqF7icGVDFT42W3CoqLfgajCrkCDQRFw3YAEAgAuqo0FxH1XtdOi/qW
|
||||
6v+tWdqYHLj/f0Voqj1cbpS+cODNTaX1/Xf4Jnv6vm4lOG5gIkqD1e5UCpG5pDJv
|
||||
MkrpY0lYRr5RGoC29tHZYXfEBVEkdhuU7ZTSQRaoitK5TSwjOj5aKvFSHEjMrCWc
|
||||
GSUajECQkRHwZb3HK2wqqBWrJjjjPtj+5cQg+sKp7Zp6xU3iZlMoVfdYi/zGenum
|
||||
Cp5SMm8CZZ5gcsNZhjItkTww5K//N6Kz41oMYyHlgh029JD0LHPgKacP3KeEEDzS
|
||||
DEx/SSEF4zD/EfLDHehga/n0ZisNmxdxue/BI2Lm7qqGNDtV+qa17pIJ6fPfafbS
|
||||
AKYatwAECwf/SuMkZN36UDsoOn06qIrYi5JBss3sOfheJEnqUIEO0JCpyb+fqisd
|
||||
qoTJM0G5gFpCvuZOACpzzVv0WjhlMIyPl/7UuP4KYI6LGqAARqNxsHT7FNxT0Uv6
|
||||
QR8fGPQqVdFLFBd66EBL9PnOt3RDYwtJlD9cMNUNpzWEXjJ3RCk0lZF2eljpPlu0
|
||||
Or53OuiommnhmcmjxR5gvMf4pLqURhEZ2U0ylRiTiTIk0YyIASsDnAf0BClFXz4i
|
||||
4qSD6jJloKorRC7Mu87xi1DG4ML+FYC/2d53I8OqHBRhtNUt/GbcthsHDxFq5iVp
|
||||
NxwDAX1vr65PWv98pvTMnJmjIDhfgwJMdIhJBBgRAgAJBQJFw3YAAhsMAAoJEB7G
|
||||
q3Uy57wllOcAoKkHB3lDFWlUNcSLdRCQxfsCCy7zAJ9GLSU2G0HR+hQVMi2ONorE
|
||||
i/EyTA==
|
||||
=nO6v
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
15
sssd.service
15
sssd.service
@ -1,15 +0,0 @@
|
||||
[Unit]
|
||||
Description=System Security Services Daemon
|
||||
Before=nss-user-lookup.target
|
||||
Wants=nss-user-lookup.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/sysconfig/sssd
|
||||
ExecStart=/usr/sbin/sssd -D -f
|
||||
# These two should be used with traditional UNIX forking daemons
|
||||
# consult systemd.service(5) for more details
|
||||
Type=forking
|
||||
PIDFile=/var/run/sssd.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
788
sssd.spec
788
sssd.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package sssd
|
||||
# spec file for package sssd (Version 1.0.5)
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -16,73 +16,50 @@
|
||||
#
|
||||
|
||||
|
||||
|
||||
Name: sssd
|
||||
Version: 1.13.3
|
||||
Release: 0
|
||||
Summary: System Security Services Daemon
|
||||
License: GPL-3.0+ and LGPL-3.0+
|
||||
Version: 1.0.5
|
||||
Release: 1
|
||||
Group: System/Daemons
|
||||
Summary: System Security Services Daemon
|
||||
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
|
||||
License: GPLv3+ and LGPLv3+
|
||||
Url: https://fedorahosted.org/sssd/
|
||||
|
||||
#Git-Clone: git://git.fedorahosted.org/sssd
|
||||
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
|
||||
Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc
|
||||
Source3: baselibs.conf
|
||||
Source4: sssd.service
|
||||
Source5: %name.keyring
|
||||
Source0: %{name}-%{version}.tar.gz
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
Patch1: 0001-build-detect-endianness-at-configure-time.patch
|
||||
|
||||
%define servicename sssd
|
||||
%define sssdstatedir %_localstatedir/lib/sss
|
||||
%define dbpath %sssdstatedir/db
|
||||
%define pipepath %sssdstatedir/pipes
|
||||
%define pubconfpath %sssdstatedir/pubconf
|
||||
### Patches ###
|
||||
|
||||
BuildRequires: autoconf >= 2.59
|
||||
### Dependencies ###
|
||||
%define servicename sssd
|
||||
%define sssdstatedir %{_localstatedir}/lib/sss
|
||||
%define dbpath %{sssdstatedir}/db
|
||||
%define pipepath %{sssdstatedir}/pipes
|
||||
|
||||
### Build Dependencies ###
|
||||
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: bind-utils
|
||||
BuildRequires: cifs-utils-devel
|
||||
BuildRequires: cyrus-sasl-devel
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: krb5-devel >= 1.12
|
||||
BuildRequires: libsmbclient-devel
|
||||
BuildRequires: libtool
|
||||
BuildRequires: libxml2-tools
|
||||
BuildRequires: libxslt-tools
|
||||
BuildRequires: nscd
|
||||
BuildRequires: m4
|
||||
BuildRequires: popt-devel
|
||||
BuildRequires: libtalloc-devel
|
||||
BuildRequires: libtevent-devel
|
||||
BuildRequires: libtdb-devel
|
||||
BuildRequires: libldb-devel
|
||||
BuildRequires: dbus-1-devel
|
||||
BuildRequires: openldap2-devel
|
||||
BuildRequires: pam-devel
|
||||
BuildRequires: pkg-config >= 0.21
|
||||
BuildRequires: pkg-config
|
||||
BuildRequires: mozilla-nss-devel
|
||||
BuildRequires: mozilla-nspr-devel
|
||||
BuildRequires: pcre-devel
|
||||
BuildRequires: libxslt
|
||||
BuildRequires: libxml2
|
||||
BuildRequires: docbook-xsl-stylesheets
|
||||
BuildRequires: krb5-devel
|
||||
BuildRequires: libcares-devel
|
||||
BuildRequires: python-devel
|
||||
BuildRequires: python3-devel
|
||||
BuildRequires: systemd-rpm-macros
|
||||
BuildRequires: pkgconfig(augeas) >= 1.0.0
|
||||
BuildRequires: pkgconfig(collection) >= 0.5.1
|
||||
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
|
||||
BuildRequires: pkgconfig(dhash) >= 0.4.2
|
||||
BuildRequires: pkgconfig(glib-2.0)
|
||||
BuildRequires: pkgconfig(ini_config) >= 1.1.0
|
||||
BuildRequires: pkgconfig(ldb) >= 0.9.2
|
||||
BuildRequires: pkgconfig(libcares)
|
||||
BuildRequires: pkgconfig(libcrypto)
|
||||
BuildRequires: pkgconfig(libnfsidmap)
|
||||
BuildRequires: pkgconfig(libnl-3.0) >= 3.0
|
||||
BuildRequires: pkgconfig(libnl-route-3.0) >= 3.0
|
||||
BuildRequires: pkgconfig(libpcre) >= 7
|
||||
BuildRequires: pkgconfig(libsystemd-login)
|
||||
BuildRequires: pkgconfig(ndr_nbt)
|
||||
BuildRequires: pkgconfig(popt)
|
||||
BuildRequires: pkgconfig(python)
|
||||
BuildRequires: pkgconfig(talloc)
|
||||
BuildRequires: pkgconfig(tdb) >= 1.1.3
|
||||
BuildRequires: pkgconfig(tevent)
|
||||
%{?systemd_requires}
|
||||
Requires: sssd-ldap = %version-%release
|
||||
Requires(postun): pam-config
|
||||
Provides: libsss_sudo = %version-%release
|
||||
Provides: sssd-client = %version-%release
|
||||
Obsoletes: libsss_sudo < %version-%release
|
||||
|
||||
%description
|
||||
Provides a set of daemons to manage access to remote directories and
|
||||
@ -91,638 +68,147 @@ the system and a pluggable backend system to connect to multiple different
|
||||
account sources. It is also the basis to provide client auditing and policy
|
||||
services for projects like FreeIPA.
|
||||
|
||||
%package ad
|
||||
Summary: The ActiveDirectory backend plugin for sssd
|
||||
License: GPL-3.0+
|
||||
%package ipa-provider
|
||||
License: GPLv3+ and LGPLv3+
|
||||
Summary: FreeIPA provider plugin for sssd
|
||||
Group: System/Daemons
|
||||
Requires: %name-krb5-common = %version
|
||||
Requires: sssd = %{version}
|
||||
|
||||
%description ad
|
||||
Provides the Active Directory back end that the SSSD can utilize to
|
||||
fetch identity data from and authenticate against an Active Directory
|
||||
server.
|
||||
|
||||
%package dbus
|
||||
Summary: The D-Bus responder of sssd
|
||||
License: GPL-3.0+
|
||||
Group: System/Base
|
||||
Requires: %name = %version
|
||||
|
||||
%description dbus
|
||||
Provides the D-Bus responder of sssd, called InfoPipe, which allows
|
||||
information from sssd to be transmitted over the system bus.
|
||||
|
||||
%package ipa
|
||||
Summary: FreeIPA backend plugin for sssd
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %name = %version
|
||||
Requires: %name-krb5-common = %version-%release
|
||||
Obsoletes: %name-ipa-provider < %version-%release
|
||||
Provides: %name-ipa-provider = %version-%release
|
||||
|
||||
%description ipa
|
||||
Provides the IPA back end that the SSSD can utilize to fetch identity
|
||||
data from and authenticate against an IPA server.
|
||||
|
||||
%package krb5
|
||||
Summary: The Kerberos authentication backend plugin for sssd
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %name-krb5-common = %version-%release
|
||||
|
||||
%description krb5
|
||||
Provides the Kerberos back end that the SSSD can utilize authenticate
|
||||
against a Kerberos server.
|
||||
|
||||
%package krb5-common
|
||||
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
|
||||
%description krb5-common
|
||||
Provides helper processes that the LDAP and Kerberos back ends can
|
||||
use for Kerberos user or host authentication.
|
||||
|
||||
%package ldap
|
||||
Summary: The LDAP backend plugin for sssd
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
Requires: %name-krb5-common = %version-%release
|
||||
|
||||
%description ldap
|
||||
Provides the LDAP back end that the SSSD can utilize to fetch
|
||||
identity data from and authenticate against an LDAP server.
|
||||
|
||||
%package proxy
|
||||
Summary: The proxy backend plugin for sssd
|
||||
License: GPL-3.0+
|
||||
Group: System/Daemons
|
||||
|
||||
%description proxy
|
||||
Provides the proxy back end which can be used to wrap an existing NSS
|
||||
and/or PAM modules to leverage SSSD caching.
|
||||
%description ipa-provider
|
||||
This package provide the FreeIPA provider plugin for the System Security
|
||||
Services Daemon (sssd).
|
||||
|
||||
%package tools
|
||||
License: GPLv3+ and LGPLv3+
|
||||
Summary: Commandline tools for sssd
|
||||
License: GPL-3.0+ and LGPL-3.0+
|
||||
Group: System/Management
|
||||
Requires: python-sssd-config = %version
|
||||
Requires: sssd = %version
|
||||
%py_requires
|
||||
Requires: sssd = %{version}
|
||||
|
||||
%description tools
|
||||
The packages contains commandline tools for managing users and groups using
|
||||
the "local" id provider of the System Security Services Daemon (sssd).
|
||||
|
||||
%package wbclient
|
||||
Summary: SSSD's implementation of the Winbind pipe protocol
|
||||
License: LGPL-3.0+
|
||||
Group: System/Libraries
|
||||
|
||||
%description wbclient
|
||||
libwbclient is a plugin for the Samba client, though it has been
|
||||
implemented as a regular shared library requested via DT_NEEDED.
|
||||
|
||||
sssd-wbclient implements the libwbclient API for Samba daemons and
|
||||
utilities. The main purpose is to map Active Directory users and
|
||||
groups identified by their SID to POSIX users and groups identified
|
||||
by their POSIX UIDs and GIDs respectively.
|
||||
|
||||
%package wbclient-devel
|
||||
Summary: Development files for SSSD winbind
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: %name-wbclient = %version
|
||||
|
||||
%description wbclient-devel
|
||||
sssd-wbclient implements the libwbclient API for Samba daemons and
|
||||
utilities. The main purpose is to map Active Directory users and
|
||||
groups identified by their SID to POSIX users and groups identified
|
||||
by their POSIX UIDs and GIDs respectively.
|
||||
|
||||
%package -n libipa_hbac0
|
||||
Summary: FreeIPA HBAC Evaluator library
|
||||
License: LGPL-3.0+
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libipa_hbac0
|
||||
Utility library to validate FreeIPA HBAC rules for authorization
|
||||
requests.
|
||||
|
||||
%package -n libipa_hbac-devel
|
||||
Summary: Development files for the FreeIPA HBAC Evaluator library
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libipa_hbac0 = %version
|
||||
|
||||
%description -n libipa_hbac-devel
|
||||
Utility library to validate FreeIPA HBAC rules for authorization
|
||||
requests.
|
||||
|
||||
%package -n libnfsidmap-sss
|
||||
Summary: Library to allow communication between libnfsidmap and SSSD
|
||||
License: GPL-3.0+
|
||||
Group: System/Libraries
|
||||
Supplements: packageand(nfsidmap:sssd-client)
|
||||
|
||||
%description -n libnfsidmap-sss
|
||||
A utility library to allow communication between libnfsidmap and SSSD.
|
||||
|
||||
%package -n libsss_idmap0
|
||||
Summary: FreeIPA ID mapping library
|
||||
License: LGPL-3.0+
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libsss_idmap0
|
||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
||||
|
||||
%package -n libsss_idmap-devel
|
||||
Summary: Development files for the FreeIPA idmap library
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libsss_idmap0 = %version
|
||||
|
||||
%description -n libsss_idmap-devel
|
||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
||||
|
||||
%package -n libsss_nss_idmap0
|
||||
Summary: FreeIPA ID mapping library
|
||||
License: LGPL-3.0+
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libsss_nss_idmap0
|
||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
||||
|
||||
%package -n libsss_nss_idmap-devel
|
||||
Summary: Development files for the FreeIPA idmap library
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libsss_nss_idmap0 = %version
|
||||
|
||||
%description -n libsss_nss_idmap-devel
|
||||
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
|
||||
|
||||
%package -n libsss_simpleifp0
|
||||
Summary: The SSSD D-Bus responder helper library
|
||||
License: GPL-3.0+
|
||||
Group: System/Libraries
|
||||
|
||||
%description -n libsss_simpleifp0
|
||||
This subpackage provides a library that simplifies the D-Bus API for
|
||||
the SSSD InfoPipe responder.
|
||||
|
||||
%package -n libsss_simpleifp-devel
|
||||
Summary: Development files for the SSSD D-Bus responder helper library
|
||||
License: GPL-3.0+
|
||||
Group: Development/Libraries/C and C++
|
||||
Requires: libsss_simpleifp0 = %version
|
||||
|
||||
%description -n libsss_simpleifp-devel
|
||||
This subpackage provides the development files for sssd's simpleifp,
|
||||
a library that simplifies the D-Bus API for the SSSD InfoPipe
|
||||
responder.
|
||||
|
||||
%package -n libsss_sudo
|
||||
Summary: A library to allow communication between sudo and SSSD
|
||||
License: LGPL-3.0+
|
||||
Group: System/Libraries
|
||||
Supplements: packageand(sudo:sssd-client)
|
||||
|
||||
%description -n libsss_sudo
|
||||
A utility library to allow communication between sudo and SSSD.
|
||||
|
||||
%package -n python-ipa_hbac
|
||||
Summary: Python bindings for the FreeIPA HBAC Evaluator library
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python-ipa_hbac
|
||||
The python-ipa_hbac package contains the bindings so that libipa_hbac
|
||||
can be used by Python applications.
|
||||
|
||||
%package -n python3-ipa_hbac
|
||||
Summary: Python bindings for the FreeIPA HBAC Evaluator library
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python3-ipa_hbac
|
||||
The python-ipa_hbac package contains the bindings so that libipa_hbac
|
||||
can be used by Python applications.
|
||||
|
||||
%package -n python-sss-murmur
|
||||
Summary: Python2 bindings for SSSD Murmur hash function
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python-sss-murmur
|
||||
This subpackage provides the python2 module for calculating the
|
||||
Murmur hash version 3.
|
||||
|
||||
%package -n python3-sss-murmur
|
||||
Summary: Python3 bindings for SSSD Murmur hash function
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python3-sss-murmur
|
||||
This subpackage provides the python3 module for calculating the
|
||||
Murmur hash version 3.
|
||||
|
||||
%package -n python-sss_nss_idmap
|
||||
Summary: Python bindings for libsss_nss_idmap
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python-sss_nss_idmap
|
||||
The libsss_nss_idmap-python contains the bindings so that
|
||||
libsss_nss_idmap can be used by Python applications.
|
||||
|
||||
%package -n python3-sss_nss_idmap
|
||||
Summary: Python bindings for libsss_nss_idmap
|
||||
License: LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python3-sss_nss_idmap
|
||||
The libsss_nss_idmap-python contains the bindings so that
|
||||
libsss_nss_idmap can be used by Python applications.
|
||||
|
||||
%package -n python-sssd-config
|
||||
License: GPLv3+ and LGPLv3+
|
||||
Summary: Python API for configuring sssd
|
||||
License: GPL-3.0+ and LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
%{py_requires}
|
||||
|
||||
%description -n python-sssd-config
|
||||
Provide python module to access and manage configuration of the System
|
||||
Security Services Daemon (sssd).
|
||||
|
||||
%package -n python3-sssd-config
|
||||
Summary: Python API for configuring sssd
|
||||
License: GPL-3.0+ and LGPL-3.0+
|
||||
Group: Development/Libraries/Python
|
||||
|
||||
%description -n python3-sssd-config
|
||||
Provide python module to access and manage configuration of the System
|
||||
Security Services Daemon (sssd).
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch -P 1 -p1
|
||||
|
||||
%build
|
||||
%if 0%{?suse_version} < 1210
|
||||
# pkgconfig file not present
|
||||
export LDB_LIBS="-lldb"
|
||||
export LDB_CFLAGS=" "
|
||||
export LDB_DIR="%_libdir/ldb"
|
||||
%else
|
||||
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
|
||||
%endif
|
||||
|
||||
# help configure find nscd
|
||||
export PATH="$PATH:/usr/sbin"
|
||||
|
||||
autoreconf -fiv;
|
||||
export CFLAGS="%optflags -fPIE"
|
||||
export LDFLAGS="-pie"
|
||||
export LDB_LIBS="-lldb"
|
||||
export LDB_CFLAGS="-I/usr/include"
|
||||
%configure \
|
||||
--with-crypto=libcrypto \
|
||||
--with-db-path="%dbpath" \
|
||||
--with-pipe-path="%pipepath" \
|
||||
--with-pubconf-path="%pubconfpath" \
|
||||
--with-init-dir="%_initrddir" \
|
||||
--enable-nsslibdir="/%_lib" \
|
||||
--enable-pammoddir="/%_lib/security" \
|
||||
--with-ldb-lib-dir="$LDB_DIR" \
|
||||
--with-selinux=no \
|
||||
--with-os=suse \
|
||||
--with-semanage=no \
|
||||
--disable-ldb-version-check \
|
||||
--disable-pac-responder
|
||||
--without-tests \
|
||||
--with-db-path=%{dbpath} \
|
||||
--with-pipe-path=%{pipepath} \
|
||||
--with-init-dir=%{_initrddir} \
|
||||
--enable-nsslibdir=/%{_lib} \
|
||||
--with-ldb-lib-dir=%{_libdir}/ldb \
|
||||
--with-selinux=no
|
||||
|
||||
make %{?_smp_mflags} all
|
||||
#make %{?_smp_mflags}
|
||||
make
|
||||
|
||||
%install
|
||||
b="%buildroot";
|
||||
make install DESTDIR="$b"
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
make install DESTDIR=$RPM_BUILD_ROOT
|
||||
|
||||
# Copy default sssd.conf file
|
||||
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
|
||||
"$b/%_mandir"/{uk/man5,uk/man8};
|
||||
install -d "$b/%_sysconfdir/sssd";
|
||||
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
|
||||
install -d "$b/%_unitdir";
|
||||
install -m644 %{S:4} "$b/%_unitdir/sssd.service";
|
||||
rm -Rf "$b/%_initddir"
|
||||
ln -s service "$b/%_sbindir/rcsssd"
|
||||
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
|
||||
install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
|
||||
install server/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd
|
||||
ln -sf ../../etc/init.d/sssd $RPM_BUILD_ROOT/usr/sbin/rcsssd
|
||||
|
||||
mkdir -p "$b/%sssdstatedir/mc"
|
||||
mkdir -p "$b/%_sysconfdir/ld.so.conf.d"
|
||||
cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
|
||||
%_libdir/%name/modules
|
||||
EOF
|
||||
find "$b" -type f -name "*.la" -delete;
|
||||
# Remove .la files created by libtool
|
||||
rm -f \
|
||||
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
|
||||
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/python2.6/site-packages/pysss.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
|
||||
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la
|
||||
|
||||
rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1"
|
||||
%find_lang sss_daemon
|
||||
%find_lang sss_client
|
||||
cat sss_client.lang >> sss_daemon.lang
|
||||
|
||||
%find_lang %name --all-name
|
||||
%clean
|
||||
rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%pre
|
||||
%service_add_pre sssd.service
|
||||
|
||||
%post
|
||||
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
|
||||
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
|
||||
/sbin/ldconfig
|
||||
%service_add_post sssd.service
|
||||
|
||||
%preun
|
||||
%service_del_preun sssd.service
|
||||
|
||||
%postun
|
||||
if [ "$1" = "0" ]; then
|
||||
"%_sbindir/pam-config" -d --sss || :;
|
||||
fi;
|
||||
/sbin/ldconfig
|
||||
# Clear caches, which may have an incompatible format afterwards
|
||||
# (especially, downgrades)
|
||||
rm -f /var/lib/sss/db/*.ldb
|
||||
# del_postun includes a try-restart
|
||||
%service_del_postun sssd.service
|
||||
%insserv_cleanup
|
||||
|
||||
%post -n libipa_hbac0 -p /sbin/ldconfig
|
||||
%postun -n libipa_hbac0 -p /sbin/ldconfig
|
||||
%post -n libsss_idmap0 -p /sbin/ldconfig
|
||||
%postun -n libsss_idmap0 -p /sbin/ldconfig
|
||||
%post -n libsss_nss_idmap0 -p /sbin/ldconfig
|
||||
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
|
||||
%post -n libsss_simpleifp0 -p /sbin/ldconfig
|
||||
%postun -n libsss_simpleifp0 -p /sbin/ldconfig
|
||||
|
||||
%files -f sssd.lang
|
||||
%defattr(-,root,root)
|
||||
%files -f sss_daemon.lang
|
||||
%defattr(-,root,root,-)
|
||||
%doc COPYING
|
||||
%_unitdir
|
||||
%_bindir/sss_ssh_*
|
||||
%_sbindir/sssd
|
||||
%_sbindir/rcsssd
|
||||
%dir %_mandir/??/
|
||||
%dir %_mandir/??/man[158]/
|
||||
%_mandir/??/man1/sss_ssh_*
|
||||
%_mandir/??/man5/sssd-simple.5*
|
||||
%_mandir/??/man5/sssd-sudo.5*
|
||||
%_mandir/??/man5/sssd.conf.5*
|
||||
%_mandir/??/man8/sssd.8*
|
||||
%_mandir/man1/sss_ssh_*
|
||||
%_mandir/man5/sssd-simple.5*
|
||||
%_mandir/man5/sssd-sudo.5*
|
||||
%_mandir/man5/sssd.conf.5*
|
||||
%_mandir/man8/sssd.8*
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_child*
|
||||
%_libdir/%name/libsss_cert*
|
||||
%_libdir/%name/libsss_crypt*
|
||||
%_libdir/%name/libsss_debug*
|
||||
%_libdir/%name/libsss_semanage*
|
||||
%_libdir/%name/libsss_simple*
|
||||
%_libdir/%name/libsss_util*
|
||||
%dir %_libdir/%name/modules/
|
||||
%_libdir/%name/modules/libsss_autofs.so
|
||||
%_libdir/libsss_sudo.so
|
||||
%dir %_libdir/ldb/
|
||||
%_libdir/ldb/memberof.so
|
||||
%dir %_libexecdir/%name/
|
||||
%_libexecdir/%name/sssd_autofs
|
||||
%_libexecdir/%name/sssd_be
|
||||
%_libexecdir/%name/sssd_nss
|
||||
%_libexecdir/%name/sssd_pam
|
||||
%_libexecdir/%name/sssd_ssh
|
||||
%_libexecdir/%name/sssd_sudo
|
||||
%_libexecdir/%name/sss_signal
|
||||
%dir %sssdstatedir
|
||||
%attr(700,root,root) %dir %dbpath/
|
||||
%attr(755,root,root) %dir %pipepath/
|
||||
%attr(700,root,root) %dir %pipepath/private/
|
||||
%attr(755,root,root) %dir %pubconfpath/
|
||||
%attr(755,root,root) %dir %sssdstatedir/mc/
|
||||
%attr(700,root,root) %dir %sssdstatedir/keytabs/
|
||||
%attr(750,root,root) %dir %_localstatedir/log/%name/
|
||||
%dir %_sysconfdir/sssd/
|
||||
%config(noreplace) %_sysconfdir/sssd/sssd.conf
|
||||
%dir %_datadir/%name/
|
||||
%_datadir/%name/sssd.api.conf
|
||||
%dir %_datadir/%name/sssd.api.d/
|
||||
%_datadir/%name/sssd.api.d/sssd-local.conf
|
||||
%_datadir/%name/sssd.api.d/sssd-simple.conf
|
||||
#
|
||||
# sssd-client
|
||||
#
|
||||
/%_lib/libnss_sss.so.2
|
||||
/%_lib/security/pam_sss.so
|
||||
%_libdir/cifs-utils/
|
||||
%_libdir/krb5/
|
||||
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
|
||||
%_mandir/??/man8/pam_sss.8*
|
||||
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
|
||||
%_mandir/man8/pam_sss.8*
|
||||
%_mandir/man8/sssd_krb5_locator_plugin.8*
|
||||
|
||||
%files ad
|
||||
%defattr(-,root,root)
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_ad.so
|
||||
%dir %_libexecdir/%name/
|
||||
%_libexecdir/%name/gpo_child
|
||||
%dir %_datadir/%name/
|
||||
%dir %_datadir/%name/sssd.api.d/
|
||||
%_datadir/%name/sssd.api.d/sssd-ad.conf
|
||||
%_mandir/man5/sssd-ad.5*
|
||||
%dir %_mandir/??/
|
||||
%dir %_mandir/??/man5/
|
||||
%_mandir/??/man5/sssd-ad.5*
|
||||
|
||||
%files dbus
|
||||
%defattr(-,root,root)
|
||||
%dir %_libexecdir/sssd/
|
||||
%_libexecdir/sssd/sssd_ifp
|
||||
%dir %_libdir/sssd/
|
||||
%_libdir/sssd/libsss_config.so
|
||||
%_mandir/man5/sssd-ifp.5*
|
||||
%dir %_mandir/??/
|
||||
%dir %_mandir/??/man5/
|
||||
%_mandir/??/man5/sssd-ifp.5*
|
||||
|
||||
%files ipa
|
||||
%defattr(-,root,root)
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_ipa*
|
||||
%dir %_datadir/%name/
|
||||
%dir %_datadir/%name/sssd.api.d
|
||||
%_datadir/%name/sssd.api.d/sssd-ipa.conf
|
||||
%_mandir/man5/sssd-ipa.5*
|
||||
%dir %_mandir/??/
|
||||
%dir %_mandir/??/man5/
|
||||
%_mandir/??/man5/sssd-ipa.5*
|
||||
|
||||
%files krb5
|
||||
%defattr(-,root,root)
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_krb5.so
|
||||
%dir %_datadir/%name/
|
||||
%dir %_datadir/%name/sssd.api.d/
|
||||
%_datadir/%name/sssd.api.d/sssd-krb5.conf
|
||||
%dir %_mandir/??/
|
||||
%dir %_mandir/??/man5/
|
||||
%_mandir/man5/sssd-krb5.5*
|
||||
%_mandir/??/man5/sssd-krb5.5*
|
||||
|
||||
%files krb5-common
|
||||
%defattr(-,root,root)
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_krb5_common.so
|
||||
%dir %_libexecdir/%name/
|
||||
%_libexecdir/%name/krb5_child
|
||||
%_libexecdir/%name/ldap_child
|
||||
|
||||
%files ldap
|
||||
%defattr(-,root,root)
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_ldap*
|
||||
%dir %_datadir/%name/
|
||||
%dir %_datadir/%name/sssd.api.d/
|
||||
%_datadir/%name/sssd.api.d/sssd-ldap.conf
|
||||
%_mandir/man5/sssd-ldap.5*
|
||||
%dir %_mandir/??/
|
||||
%dir %_mandir/??/man5/
|
||||
%_mandir/??/man5/sssd-ldap.5*
|
||||
|
||||
%files proxy
|
||||
%defattr(-,root,root)
|
||||
%dir %_libdir/%name/
|
||||
%_libdir/%name/libsss_proxy.so
|
||||
%dir %_libexecdir/%name/
|
||||
%_libexecdir/%name/proxy_child
|
||||
%dir %_datadir/%name/
|
||||
%dir %_datadir/%name/sssd.api.d/
|
||||
%_datadir/%name/sssd.api.d/sssd-proxy.conf
|
||||
%{_initrddir}/%{name}
|
||||
%{_sbindir}/sssd
|
||||
%{_sbindir}/rcsssd
|
||||
%{_libexecdir}/%{servicename}/
|
||||
%dir %{_libdir}/%{name}/
|
||||
%{_libdir}/%{name}/libsss_krb5*
|
||||
%{_libdir}/%{name}/libsss_ldap*
|
||||
%{_libdir}/%{name}/libsss_proxy*
|
||||
%{_libdir}/ldb/memberof.so
|
||||
%{_libdir}/krb5/plugins/libkrb5/*
|
||||
%dir %{sssdstatedir}
|
||||
%attr(700,root,root) %dir %{dbpath}
|
||||
%attr(755,root,root) %dir %{pipepath}
|
||||
%attr(700,root,root) %dir %{pipepath}/private
|
||||
%attr(750,root,root) %dir %{_var}/log/%{name}
|
||||
%dir %{_sysconfdir}/sssd
|
||||
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
|
||||
%config %{_sysconfdir}/sssd/sssd.api.conf
|
||||
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
|
||||
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-krb5.conf
|
||||
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ldap.conf
|
||||
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-local.conf
|
||||
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-proxy.conf
|
||||
/%{_lib}/libnss_sss.so.2
|
||||
/%{_lib}/security/pam_sss.so
|
||||
%{_mandir}/man5/sssd-krb5.*
|
||||
%{_mandir}/man5/sssd-ldap.*
|
||||
%{_mandir}/man5/sssd.conf.*
|
||||
|
||||
%files tools
|
||||
%defattr(-,root,root)
|
||||
%_sbindir/sss_cache
|
||||
%_sbindir/sss_debuglevel
|
||||
%_sbindir/sss_groupadd
|
||||
%_sbindir/sss_groupdel
|
||||
%_sbindir/sss_groupmod
|
||||
%_sbindir/sss_groupshow
|
||||
%_sbindir/sss_seed
|
||||
%_sbindir/sss_obfuscate
|
||||
%_sbindir/sss_override
|
||||
%_sbindir/sss_useradd
|
||||
%_sbindir/sss_userdel
|
||||
%_sbindir/sss_usermod
|
||||
%_sbindir/sss_override
|
||||
%dir %_mandir/??/man8/
|
||||
%_mandir/??/man8/sss_*.8*
|
||||
%_mandir/man8/sss_*.8*
|
||||
%defattr(-,root,root,-)
|
||||
%{_mandir}/man8/*
|
||||
%{_sbindir}/sss_useradd
|
||||
%{_sbindir}/sss_userdel
|
||||
%{_sbindir}/sss_usermod
|
||||
%{_sbindir}/sss_groupadd
|
||||
%{_sbindir}/sss_groupdel
|
||||
%{_sbindir}/sss_groupmod
|
||||
|
||||
%files wbclient
|
||||
%defattr(-,root,root)
|
||||
%config %_sysconfdir/ld.so.conf.d/sssd-wbclient.conf
|
||||
%dir %_libdir/sssd/
|
||||
%dir %_libdir/sssd/modules/
|
||||
%_libdir/sssd/modules/libwbclient.so.*
|
||||
|
||||
%files wbclient-devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/wbclient_sssd.h
|
||||
%dir %_libdir/sssd/
|
||||
%dir %_libdir/sssd/modules/
|
||||
%_libdir/sssd/modules/libwbclient.so
|
||||
%_libdir/pkgconfig/wbclient_sssd.pc
|
||||
|
||||
%files -n libipa_hbac0
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libipa_hbac.so.0*
|
||||
|
||||
%files -n libipa_hbac-devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/ipa_hbac.h
|
||||
%_libdir/libipa_hbac.so
|
||||
%_libdir/pkgconfig/ipa_hbac.pc
|
||||
|
||||
%files -n libnfsidmap-sss
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libnfsidmap/
|
||||
%_mandir/man5/sss_rpcidmapd.5*
|
||||
%dir %_mandir/??/man5/
|
||||
%_mandir/??/man5/sss_rpcidmapd.5*
|
||||
|
||||
%files -n libsss_idmap0
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libsss_idmap.so.0*
|
||||
|
||||
%files -n libsss_idmap-devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/sss_idmap.h
|
||||
%_libdir/libsss_idmap.so
|
||||
%_libdir/pkgconfig/sss_idmap.pc
|
||||
|
||||
%files -n libsss_nss_idmap0
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libsss_nss_idmap.so.0*
|
||||
|
||||
%files -n libsss_nss_idmap-devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/sss_nss_idmap.h
|
||||
%_libdir/libsss_nss_idmap.so
|
||||
%_libdir/pkgconfig/sss_nss_idmap.pc
|
||||
|
||||
%files -n libsss_simpleifp0
|
||||
%defattr(-,root,root)
|
||||
%_libdir/libsss_simpleifp.so.0*
|
||||
|
||||
%files -n libsss_simpleifp-devel
|
||||
%defattr(-,root,root)
|
||||
%_includedir/sss_sifp*.h
|
||||
%_libdir/libsss_simpleifp.so
|
||||
%_libdir/pkgconfig/sss_simpleifp.pc
|
||||
|
||||
%files -n python-ipa_hbac
|
||||
%defattr(-,root,root)
|
||||
%dir %python_sitearch
|
||||
%python_sitearch/pyhbac.so
|
||||
|
||||
%files -n python3-ipa_hbac
|
||||
%defattr(-,root,root)
|
||||
%dir %python3_sitearch
|
||||
%python3_sitearch/pyhbac.so
|
||||
|
||||
%files -n python-sss-murmur
|
||||
%defattr(-,root,root)
|
||||
%python_sitearch/pysss_murmur.so
|
||||
|
||||
%files -n python3-sss-murmur
|
||||
%defattr(-,root,root)
|
||||
%python3_sitearch/pysss_murmur.so
|
||||
|
||||
%files -n python-sss_nss_idmap
|
||||
%defattr(-,root,root)
|
||||
%dir %python_sitearch
|
||||
%python_sitearch/pysss_nss_idmap.so
|
||||
|
||||
%files -n python3-sss_nss_idmap
|
||||
%defattr(-,root,root)
|
||||
%dir %python3_sitearch
|
||||
%python3_sitearch/pysss_nss_idmap.so
|
||||
%files ipa-provider
|
||||
%defattr(-,root,root,-)
|
||||
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ipa.conf
|
||||
%{_libdir}/sssd/libsss_ipa*
|
||||
%{_mandir}/man5/sssd-ipa.*
|
||||
|
||||
%files -n python-sssd-config
|
||||
%defattr(-,root,root)
|
||||
%python_sitearch/pysss.so
|
||||
%python_sitelib/SSSDConfig*
|
||||
%defattr(-,root,root,-)
|
||||
%{python_sitearch}/pysss.so
|
||||
%{python_sitelib}/*.py*
|
||||
%{python_sitelib}/*.egg-info
|
||||
|
||||
%files -n python3-sssd-config
|
||||
%defattr(-,root,root)
|
||||
%python3_sitearch/pysss.so
|
||||
%python3_sitelib/SSSDConfig*
|
||||
%post
|
||||
/sbin/ldconfig
|
||||
|
||||
%preun
|
||||
%stop_on_removal sssd
|
||||
|
||||
%postun
|
||||
/sbin/ldconfig
|
||||
%restart_on_update sssd
|
||||
%insserv_cleanup
|
||||
|
||||
%changelog
|
||||
|
Loading…
Reference in New Issue
Block a user