forked from jengelh/sssd
Accepting request 77655 from home:rhafer:branches:network:ldap
bnc#705768,bnc#709747 OBS-URL: https://build.opensuse.org/request/show/77655 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=56
This commit is contained in:
parent
cd5612d3e6
commit
6482163856
@ -1,34 +0,0 @@
|
|||||||
From 90fc734631c26c762cc87bd0cd90a8e6b3ee9e95 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
||||||
Date: Fri, 29 Jul 2011 09:51:23 +0200
|
|
||||||
Subject: [PATCH] Silence autoconf 2.28 warnings
|
|
||||||
|
|
||||||
---
|
|
||||||
configure.ac | 8 ++++----
|
|
||||||
1 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
|
||||||
index ec29cb7..d79ccfd 100644
|
|
||||||
--- a/configure.ac
|
|
||||||
+++ b/configure.ac
|
|
||||||
@@ -177,13 +177,13 @@ AC_CHECK_HEADERS([sys/inotify.h])
|
|
||||||
AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
|
|
||||||
|
|
||||||
AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))],
|
|
||||||
- sss_client_attribute_destructor,
|
|
||||||
+ sss_client_cv_attribute_destructor,
|
|
||||||
[AC_COMPILE_IFELSE(
|
|
||||||
- [__attribute__((destructor)) static void cleanup(void) { }],
|
|
||||||
- sss_client_attribute_destructor=yes)
|
|
||||||
+ [AC_LANG_SOURCE([__attribute__((destructor)) static void cleanup(void) { }])],
|
|
||||||
+ sss_client_cv_attribute_destructor=yes)
|
|
||||||
])
|
|
||||||
|
|
||||||
-if test x"$sss_client_attribute_destructor" = xyes ; then
|
|
||||||
+if test x"$sss_client_cv_attribute_destructor" = xyes ; then
|
|
||||||
AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
|
|
||||||
[whether compiler supports __attribute__((destructor))])
|
|
||||||
fi
|
|
||||||
--
|
|
||||||
1.7.6
|
|
||||||
|
|
@ -1,34 +1,32 @@
|
|||||||
>From b28d5e5f7eddf504cbe36cff1ddba5b240822668 Mon Sep 17 00:00:00 2001
|
From 151681511c4519463c2fe10c656db29a12c01821 Mon Sep 17 00:00:00 2001
|
||||||
From: Simo Sorce <ssorce@redhat.com>
|
From: Simo Sorce <ssorce@redhat.com>
|
||||||
Date: Thu, 28 Jul 2011 15:15:26 -0400
|
Date: Thu, 28 Jul 2011 15:15:26 -0400
|
||||||
Subject: [PATCH] sss_client: avoid leaking file descriptors
|
Subject: sss_client: avoid leaking file descriptors
|
||||||
|
|
||||||
If a pam or nss module is dlcolse()d and unloaded we were leaking
|
If a pam or nss module is dlcolse()d and unloaded we were leaking
|
||||||
the file descriptor used to communicate to sssd in the process.
|
the file descriptor used to communicate to sssd in the process.
|
||||||
|
|
||||||
Make sure the fucntion used to close the socket file descriptor is
|
Make sure the fucntion used to close the socket file descriptor is
|
||||||
called on dlclose()
|
called on dlclose()
|
||||||
---
|
|
||||||
configure.ac | 12 ++++++++++++
|
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
||||||
src/sss_client/common.c | 3 +++
|
|
||||||
2 files changed, 15 insertions(+), 0 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/configure.ac b/configure.ac
|
diff --git a/configure.ac b/configure.ac
|
||||||
index 0e2e6d44a0cc4b33fda39b3eaf3dcd383d1e09dc..ec29cb71a2153d29f73231e92646ea46eacd68a2 100644
|
index 84b83eb..c0b7f8f 100644
|
||||||
--- a/configure.ac
|
--- a/configure.ac
|
||||||
+++ b/configure.ac
|
+++ b/configure.ac
|
||||||
@@ -176,6 +176,18 @@ AC_CHECK_HEADERS([sys/inotify.h])
|
@@ -170,6 +170,18 @@ AC_CHECK_HEADERS([sys/inotify.h])
|
||||||
|
|
||||||
AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
|
AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
|
||||||
|
|
||||||
+AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))],
|
+AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))],
|
||||||
+ sss_client_attribute_destructor,
|
+ sss_client_cv_attribute_destructor,
|
||||||
+ [AC_COMPILE_IFELSE(
|
+ [AC_COMPILE_IFELSE(
|
||||||
+ [__attribute__((destructor)) static void cleanup(void) { }],
|
+ [AC_LANG_SOURCE([__attribute__((destructor)) static void cleanup(void) { }])],
|
||||||
+ sss_client_attribute_destructor=yes)
|
+ sss_client_cv_attribute_destructor=yes)
|
||||||
+ ])
|
+ ])
|
||||||
+
|
+
|
||||||
+if test x"$sss_client_attribute_destructor" = xyes ; then
|
+if test x"$sss_client_cv_attribute_destructor" = xyes ; then
|
||||||
+ AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
|
+ AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
|
||||||
+ [whether compiler supports __attribute__((destructor))])
|
+ [whether compiler supports __attribute__((destructor))])
|
||||||
+fi
|
+fi
|
||||||
@ -37,10 +35,10 @@ index 0e2e6d44a0cc4b33fda39b3eaf3dcd383d1e09dc..ec29cb71a2153d29f73231e92646ea46
|
|||||||
if test x$have_check = x; then
|
if test x$have_check = x; then
|
||||||
AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite])
|
AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite])
|
||||||
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
|
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
|
||||||
index b603305596a3ed3fd653930388ff633daa187db2..55e393e57a1fc759dd7972a611a0d5e4e88abda7 100644
|
index c17629a..5f6af41 100644
|
||||||
--- a/src/sss_client/common.c
|
--- a/src/sss_client/common.c
|
||||||
+++ b/src/sss_client/common.c
|
+++ b/src/sss_client/common.c
|
||||||
@@ -53,6 +53,9 @@
|
@@ -55,6 +55,9 @@
|
||||||
int sss_cli_sd = -1; /* the sss client socket descriptor */
|
int sss_cli_sd = -1; /* the sss client socket descriptor */
|
||||||
struct stat sss_cli_sb; /* the sss client stat buffer */
|
struct stat sss_cli_sb; /* the sss client stat buffer */
|
||||||
|
|
||||||
@ -51,5 +49,5 @@ index b603305596a3ed3fd653930388ff633daa187db2..55e393e57a1fc759dd7972a611a0d5e4
|
|||||||
{
|
{
|
||||||
if (sss_cli_sd != -1) {
|
if (sss_cli_sd != -1) {
|
||||||
--
|
--
|
||||||
1.7.6
|
1.7.3.4
|
||||||
|
|
||||||
|
@ -0,0 +1,42 @@
|
|||||||
|
From 587b013d0b6f8a9411617b5faac2750d2e4b7a5d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
||||||
|
Date: Mon, 1 Aug 2011 15:22:53 +0200
|
||||||
|
Subject: Request password control unconditionally during bind
|
||||||
|
|
||||||
|
https://fedorahosted.org/sssd/ticket/940
|
||||||
|
|
||||||
|
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
|
||||||
|
index cab3657..9d543ec 100644
|
||||||
|
--- a/src/providers/ldap/sdap_async_connection.c
|
||||||
|
+++ b/src/providers/ldap/sdap_async_connection.c
|
||||||
|
@@ -437,10 +437,10 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
|
||||||
|
state->user_dn = user_dn;
|
||||||
|
state->pw = pw;
|
||||||
|
|
||||||
|
- ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
|
||||||
|
- 0, NULL, 0, &ctrls[0]);
|
||||||
|
+ ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
|
||||||
|
+ 0, NULL, 0, &ctrls[0]);
|
||||||
|
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
|
||||||
|
- DEBUG(1, ("sdap_control_create failed to create "
|
||||||
|
+ DEBUG(1, ("sss_ldap_control_create failed to create "
|
||||||
|
"Password Policy control.\n"));
|
||||||
|
goto fail;
|
||||||
|
}
|
||||||
|
@@ -1634,10 +1634,10 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
|
||||||
|
sasl_mech = dp_opt_get_string(p->opts->basic, SDAP_SASL_MECH);
|
||||||
|
|
||||||
|
if (sasl_mech == NULL) {
|
||||||
|
- ret = sdap_control_create(p->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
|
||||||
|
- 0, NULL, 0, &ctrls[0]);
|
||||||
|
+ ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
|
||||||
|
+ 0, NULL, 0, &ctrls[0]);
|
||||||
|
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
|
||||||
|
- DEBUG(1, ("sdap_control_create failed to create "
|
||||||
|
+ DEBUG(1, ("sss_ldap_control_create failed to create "
|
||||||
|
"Password Policy control.\n"));
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
--
|
||||||
|
1.7.3.4
|
||||||
|
|
@ -0,0 +1,33 @@
|
|||||||
|
From d0bf20038fddf5ad296287fb16bc80082088b770 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
||||||
|
Date: Mon, 1 Aug 2011 10:48:06 -0400
|
||||||
|
Subject: Allow LDAP to decide when an expiration warning is warranted
|
||||||
|
|
||||||
|
Previously, we were only displaying expiration warnings if the
|
||||||
|
password was going to expire within a day. We'll allow LDAP to
|
||||||
|
make this decision (by whether it passes us the expiration time).
|
||||||
|
|
||||||
|
In the future, we can add an option to clamp this down to a
|
||||||
|
shorter period if the local admin prefers it.
|
||||||
|
|
||||||
|
diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
|
||||||
|
index 3c9d760..7fcf985 100644
|
||||||
|
--- a/src/responder/pam/pamsrv_cmd.c
|
||||||
|
+++ b/src/responder/pam/pamsrv_cmd.c
|
||||||
|
@@ -409,9 +409,10 @@ static errno_t filter_responses(struct confdb_ctx *cdb,
|
||||||
|
}
|
||||||
|
memcpy(&expire_warn, resp->data + sizeof(uint32_t),
|
||||||
|
sizeof(uint32_t));
|
||||||
|
- if(expire_warn > pam_expiration_warning * (60 * 60 * 24)) {
|
||||||
|
- resp->do_not_send_to_client = true;
|
||||||
|
- }
|
||||||
|
+ /* TODO: Add an option to limit the display of the
|
||||||
|
+ * expiration warning to a specified number of
|
||||||
|
+ * days (e.g. 14)
|
||||||
|
+ */
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
DEBUG(7, ("User info type [%d] not filtered.\n"));
|
||||||
|
--
|
||||||
|
1.7.3.4
|
||||||
|
|
@ -1,3 +1,12 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Aug 2 08:46:53 UTC 2011 - rhafer@suse.de
|
||||||
|
|
||||||
|
- Fixed typos in configure args
|
||||||
|
- Cherry-picked password policy fixes from 1.5 branch (bnc#705768)
|
||||||
|
- switched to fd-leak fix cherry-picked from 1.5 branch
|
||||||
|
- Add /usr/sbin to the search path to make configure find nscd
|
||||||
|
(bnc#709747)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 29 10:39:51 UTC 2011 - jengelh@medozas.de
|
Fri Jul 29 10:39:51 UTC 2011 - jengelh@medozas.de
|
||||||
|
|
||||||
|
14
sssd.spec
14
sssd.spec
@ -27,7 +27,8 @@ Url: https://fedorahosted.org/sssd/
|
|||||||
Source0: %{name}-%{version}.tar.bz2
|
Source0: %{name}-%{version}.tar.bz2
|
||||||
Source1: baselibs.conf
|
Source1: baselibs.conf
|
||||||
Patch1: 0001-sss_client-avoid-leaking-file-descriptors.patch
|
Patch1: 0001-sss_client-avoid-leaking-file-descriptors.patch
|
||||||
Patch2: 0001-Silence-autoconf-2.28-warnings.patch
|
Patch2: 0002-Request-password-control-unconditionally-during-bind.patch
|
||||||
|
Patch3: 0003-Allow-LDAP-to-decide-when-an-expiration-warning-is-w.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%define servicename sssd
|
%define servicename sssd
|
||||||
@ -111,24 +112,27 @@ Security Services Daemon (sssd).
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch -P 1 -P 2 -p1
|
%patch -P 1 -P 2 -P 3 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf
|
autoreconf
|
||||||
export LDB_LIBS="-lldb"
|
export LDB_LIBS="-lldb"
|
||||||
export LDB_CFLAGS="-I/usr/include"
|
export LDB_CFLAGS="-I/usr/include"
|
||||||
|
|
||||||
|
# help configure find nscd
|
||||||
|
export PATH=$PATH:/usr/sbin/
|
||||||
|
|
||||||
%configure \
|
%configure \
|
||||||
--without-tests \
|
|
||||||
--with-db-path=%{dbpath} \
|
--with-db-path=%{dbpath} \
|
||||||
--with-pipe-path=%{pipepath} \
|
--with-pipe-path=%{pipepath} \
|
||||||
--with-pubconf-path=%{pubconfpath} \
|
--with-pubconf-path=%{pubconfpath} \
|
||||||
--with-init-dir=%{_initrddir} \
|
--with-init-dir=%{_initrddir} \
|
||||||
--enable-nsslibdir=/%{_lib} \
|
--enable-nsslibdir=/%{_lib} \
|
||||||
--enable-pammoddir=/%{_lib}/security \
|
--enable-pammoddir=/%{_lib}/security \
|
||||||
--enable-cryptp=yes \
|
--enable-crypto=yes \
|
||||||
--with-ldb-lib-dir=%{_libdir}/ldb \
|
--with-ldb-lib-dir=%{_libdir}/ldb \
|
||||||
--with-selinux=no \
|
--with-selinux=no \
|
||||||
--with-so=suse \
|
--with-os=suse \
|
||||||
--with-semanage=no
|
--with-semanage=no
|
||||||
make %{?_smp_mflags}
|
make %{?_smp_mflags}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user