From ca8df2f4bbd318488795caaba6b4eb70c0db476192773bb39ab18c80cbbe2d34 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 10 Aug 2014 14:40:01 +0000 Subject: [PATCH 1/3] sssd-1.12 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=121 --- ...ss_ldap_common.so-to-libsss_idmap.so.patch | 48 ---------- sssd-1.11.5.1.tar.gz | 3 - sssd-1.11.5.1.tar.gz.asc | 7 -- sssd-1.12.0.tar.gz | 3 + sssd-1.12.0.tar.gz.asc | 7 ++ sssd.changes | 28 ++++++ sssd.spec | 89 ++++++++++++++++--- 7 files changed, 115 insertions(+), 70 deletions(-) delete mode 100644 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch delete mode 100644 sssd-1.11.5.1.tar.gz delete mode 100644 sssd-1.11.5.1.tar.gz.asc create mode 100644 sssd-1.12.0.tar.gz create mode 100644 sssd-1.12.0.tar.gz.asc diff --git a/0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch b/0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch deleted file mode 100644 index b739f47..0000000 --- a/0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 7fc27c7a3ccbb6aecb8cf4a4a5f91962028cb897 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Mon, 17 Mar 2014 09:07:56 +0100 -Subject: [PATCH] BUILD: Link libsss_ldap_common.so to libsss_idmap.so - -Library libsss_ldap.so does not directly use functions from library -libsss_idmap.so. It only call function sdap_idmap_init (from file sdap_idmap.c) -which is in library libsss_ldap_common.so - -sh-4.2$ nm -D --undefined-only /usr/lib64/sssd/libsss_ldap.so | grep idmap - U sdap_idmap_init - -On the other hand, libsss_ldap_common.so uses functions from libsss_idmap -but it was not linked to libsss_idmap.so. - -sh-4.2$ objdump -p /usr/lib64/sssd/libsss_ldap_common.so | grep idmap -sh-4.2$ echo $? -1 - -Reviewed-by: Jakub Hrozek -Reviewed-by: Simo Sorce ---- - Makefile.am | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -Index: sssd-1.11.5.1/Makefile.am -=================================================================== ---- sssd-1.11.5.1.orig/Makefile.am -+++ sssd-1.11.5.1/Makefile.am -@@ -1618,6 +1618,8 @@ libsss_ldap_common_la_SOURCES = \ - src/providers/ldap/sdap_dyndns.c \ - src/providers/ldap/sdap_refresh.c \ - src/providers/ldap/sdap.c -+libsss_ldap_common_la_LIBADD = \ -+ libsss_idmap.la - libsss_ldap_common_la_LDFLAGS = \ - -avoid-version - -@@ -1675,8 +1677,7 @@ libsss_ldap_la_LIBADD = \ - $(OPENLDAP_LIBS) \ - $(DHASH_LIBS) \ - $(KRB5_LIBS) \ -- libsss_ldap_common.la \ -- libsss_idmap.la -+ libsss_ldap_common.la - libsss_ldap_la_LDFLAGS = \ - -avoid-version \ - -module diff --git a/sssd-1.11.5.1.tar.gz b/sssd-1.11.5.1.tar.gz deleted file mode 100644 index f6e93f2..0000000 --- a/sssd-1.11.5.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:5bf0d564de5193df0fc28df5e156109b32a7a66bc68f0366e06c00bcd68fea1b -size 3511029 diff --git a/sssd-1.11.5.1.tar.gz.asc b/sssd-1.11.5.1.tar.gz.asc deleted file mode 100644 index f6b8a73..0000000 --- a/sssd-1.11.5.1.tar.gz.asc +++ /dev/null @@ -1,7 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v1 - -iEYEABECAAYFAlNIGEUACgkQHsardTLnvCU6hwCg0pveLQy2nicOicGbNg1d7ANp -4PEAn0v0uCRsJLsuANezjLMM2C/uaf6Z -=HFIZ ------END PGP SIGNATURE----- diff --git a/sssd-1.12.0.tar.gz b/sssd-1.12.0.tar.gz new file mode 100644 index 0000000..347fd26 --- /dev/null +++ b/sssd-1.12.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d536471fbc4d4b9948adfb751b7a9df3405ddfbc58274d73adc0c997c91c6472 +size 3968855 diff --git a/sssd-1.12.0.tar.gz.asc b/sssd-1.12.0.tar.gz.asc new file mode 100644 index 0000000..91c9957 --- /dev/null +++ b/sssd-1.12.0.tar.gz.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iEYEABECAAYFAlO9gK0ACgkQHsardTLnvCVxmACg1tRelGxCTMeHLjDkHAonfQzG +bz4AoL7RQa1oHlGtazWSzoMrambqy621 +=noRD +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index 29ced7e..b80b681 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,31 @@ +------------------------------------------------------------------- +Sun Aug 10 12:20:50 UTC 2014 - jengelh@inai.de + +- Update to new upstream release 1.12.0 +* A new responder, called InfoPipe was added. This responder + provides a public D-Bus interface accessible over the system bus. + In this release, methods for retrieving user attributes and list + of groups were added as well as objects representing SSSD domains + and processes. (The next 1.12.x releases will publish objects + representing users and groups, too.) +* SSSD provides an ID-mapping plugin for cifs-utils so that Windows + SIDs can be mapped onto POSIX IDs and/or names without requiring + Winbind and using the same code as the SSSD uses for identity + information. +* First phase of Group Policy-based access control for the AD + provider was added. At the moment, the gpo-ldap component that + downloads the list of GPOs that apply for the specific client has + been implemented as well as the gpo-smb component that retrieves + the group policy files and determines the access control check + results based on those files. Future improvements will focus on + storing the GPO policies as local files and mapping the Windows + logon rights onto Linux PAM services. +* Added a new library called sss_sifp that provides a simple + synchronous API for communication with our new InfoPipe responder + over the system bus. +- Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch + (merged upstream) + ------------------------------------------------------------------- Thu Jun 12 14:18:30 UTC 2014 - ckornacker@suse.com diff --git a/sssd.spec b/sssd.spec index 250c0c3..9f8f5de 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.11.5.1 +Version: 1.12.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -32,7 +32,6 @@ Source4: sssd.service Source5: %name.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build Patch1: 0001-build-detect-endianness-at-configure-time.patch -Patch2: 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch %define servicename sssd %define sssdstatedir %_localstatedir/lib/sss @@ -49,17 +48,20 @@ Patch2: 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch BuildRequires: autoconf >= 2.59 BuildRequires: automake BuildRequires: bind-utils +BuildRequires: cifs-utils-devel BuildRequires: cyrus-sasl-devel BuildRequires: docbook-xsl-stylesheets BuildRequires: krb5-devel +BuildRequires: libsmbclient-devel BuildRequires: libtool BuildRequires: pkgconfig >= 0.21 %if 0%{?suse_version} >= 1210 +BuildRequires: pkgconfig(augeas) >= 1.0.0 BuildRequires: pkgconfig(collection) >= 0.5.1 BuildRequires: pkgconfig(dbus-1) >= 1.0.0 BuildRequires: pkgconfig(dhash) >= 0.4.2 BuildRequires: pkgconfig(glib-2.0) -BuildRequires: pkgconfig(ini_config) >= 0.6.1 +BuildRequires: pkgconfig(ini_config) >= 1.1.0 BuildRequires: pkgconfig(ldb) >= 0.9.2 BuildRequires: pkgconfig(libcares) BuildRequires: pkgconfig(libnl-3.0) >= 3.0 @@ -73,12 +75,13 @@ BuildRequires: pkgconfig(talloc) BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) %else +BuildRequires: augeas-devel BuildRequires: dbus-1-devel >= 1.0.0 BuildRequires: glib2-devel BuildRequires: libcares-devel BuildRequires: libcollection-devel >= 0.5.1 BuildRequires: libdhash-devel >= 0.4.2 -BuildRequires: libini_config-devel >= 0.6.1 +BuildRequires: libini_config-devel >= 1.1.0 BuildRequires: libldb-devel >= 0.9.2 BuildRequires: libnl-devel >= 1.1 BuildRequires: libopenssl-devel @@ -103,12 +106,10 @@ BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: pkg-config %if %suse_version >= 1210 -BuildRequires: systemd +BuildRequires: systemd-rpm-macros +BuildRequires: pkgconfig(libsystemd-login) %{?systemd_requires} %endif -%if %suse_version >= 1230 -BuildRequires: gpg-offline -%endif Requires: sssd-ldap = %version-%release Requires(postun): pam-config @@ -130,6 +131,16 @@ Provides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server. +%package dbus +Summary: The D-Bus responder of sssd +License: GPL-3.0+ +Group: System/Base +Requires: %name = %version + +%description dbus +Provides the D-Bus responder of sssd, called InfoPipe, which allows +information from sssd to be transmitted over the system bus. + %package ipa Summary: FreeIPA backend plugin for sssd License: GPL-3.0+ @@ -244,6 +255,26 @@ Requires: libsss_nss_idmap0 = %version %description -n libsss_nss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. +%package -n libsss_simpleifp0 +Summary: The SSSD D-Bus responder helper library +License: GPL-3.0+ +Group: System/Libraries + +%description -n libsss_simpleifp0 +This subpackage provides a library that simplifies the D-Bus API for +the SSSD InfoPipe responder. + +%package -n libsss_simpleifp-devel +Summary: Development files for the SSSD D-Bus responder helper library +License: GPL-3.0+ +Group: Development/Libraries/C and C++ +Requires: libsss_simpleifp0 = %version + +%description -n libsss_simpleifp-devel +This subpackage provides the development files for sssd's simpleifp, +a library that simplifies the D-Bus API for the SSSD InfoPipe +responder. + %package -n libsss_sudo Summary: A library to allow communication between sudo and SSSD License: LGPL-3.0+ @@ -287,9 +318,8 @@ Provide python module to access and manage configuration of the System Security Services Daemon (sssd). %prep -%{?gpg_verify: %gpg_verify %{S:2}} %setup -q -%patch -P 1 -P 2 -p1 +%patch -P 1 -p1 %build %if 0%{?suse_version} < 1210 @@ -350,6 +380,8 @@ find "$b" -type f -name "*.la" -delete; rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN} %endif +rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" + %find_lang %name --all-name %if 0%{?_unitdir:1} @@ -386,6 +418,8 @@ fi; %postun -n libsss_idmap0 -p /sbin/ldconfig %post -n libsss_nss_idmap0 -p /sbin/ldconfig %postun -n libsss_nss_idmap0 -p /sbin/ldconfig +%post -n libsss_simpleifp0 -p /sbin/ldconfig +%postun -n libsss_simpleifp0 -p /sbin/ldconfig %files -f sssd.lang %defattr(-,root,root) @@ -420,7 +454,13 @@ fi; %dir %_libdir/ldb/ %_libdir/ldb/memberof.so %dir %_libexecdir/%name/ -%_libexecdir/%name/sssd_* +%_libexecdir/%name/sssd_autofs +%_libexecdir/%name/sssd_be +%_libexecdir/%name/sssd_nss +%_libexecdir/%name/sssd_pam +%_libexecdir/%name/sssd_ssh +%_libexecdir/%name/sssd_sudo +%_libexecdir/%name/sss_signal %dir %sssdstatedir %attr(700,root,root) %dir %dbpath/ %attr(755,root,root) %dir %pipepath/ @@ -439,7 +479,8 @@ fi; # /%_lib/libnss_sss.so.2 /%_lib/security/pam_sss.so -%_libdir/krb5/plugins/libkrb5/* +%_libdir/cifs-utils/ +%_libdir/krb5/ %_mandir/??/man8/pam_sss.8* %_mandir/??/man8/sssd_krb5_locator_plugin.8* %_mandir/man8/pam_sss.8* @@ -449,6 +490,9 @@ fi; %defattr(-,root,root) %dir %_libdir/%name/ %_libdir/%name/libsss_ad.so +%_libdir/%name/libsss_ad_common.so +%dir %_libexecdir/%name/ +%_libexecdir/%name/gpo_child %dir %_datadir/%name/ %dir %_datadir/%name/sssd.api.d/ %_datadir/%name/sssd.api.d/sssd-ad.conf @@ -456,6 +500,17 @@ fi; %_mandir/man5/sssd-ad.5* %_mandir/??/man5/sssd-ad.5* +%files dbus +%defattr(-,root,root) +%dir %_libexecdir/sssd/ +%_libexecdir/sssd/sssd_ifp +%dir %_libdir/sssd/ +%_libdir/sssd/libsss_config.so +%_mandir/man5/sssd-ifp.5* +%_mandir/??/man5/sssd-ifp.5* +#%_sysconfdir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +#%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + %files ipa %defattr(-,root,root) %dir %_libdir/%name/ @@ -554,6 +609,16 @@ fi; %_libdir/libsss_nss_idmap.so %_libdir/pkgconfig/sss_nss_idmap.pc +%files -n libsss_simpleifp0 +%defattr(-,root,root) +%_libdir/libsss_simpleifp.so.0* + +%files -n libsss_simpleifp-devel +%defattr(-,root,root) +%_includedir/sss_sifp*.h +%_libdir/libsss_simpleifp.so +%_libdir/pkgconfig/sss_simpleifp.pc + %files -n libsss_sudo %defattr(-,root,root) %_libdir/libsss_sudo.so From 992327eeeb944f228d8694ae830f7882987d612e37bd8065d7d3918776443ebb Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 10 Aug 2014 15:23:36 +0000 Subject: [PATCH 2/3] Clear caches; rcsssd OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=122 --- sssd.changes | 4 ++++ sssd.spec | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/sssd.changes b/sssd.changes index b80b681..a851ea6 100644 --- a/sssd.changes +++ b/sssd.changes @@ -25,6 +25,10 @@ Sun Aug 10 12:20:50 UTC 2014 - jengelh@inai.de over the system bus. - Remove 0001-BUILD-Link-libsss_ldap_common.so-to-libsss_idmap.so.patch (merged upstream) +- Provide "rcsssd" in systemd environments +- Ensure sssd is always startable by removing /var/lib/sss/db/*.ldb + on package installation so as to avoid potentially cache + format incompatibility which would cause sssd to exit ------------------------------------------------------------------- Thu Jun 12 14:18:30 UTC 2014 - ckornacker@suse.com diff --git a/sssd.spec b/sssd.spec index 9f8f5de..11326b7 100644 --- a/sssd.spec +++ b/sssd.spec @@ -367,6 +367,7 @@ install -d "$b/%_unitdir"; #install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service"; install -m644 %{S:4} "$b/%_unitdir/sssd.service"; rm -Rf "$b/%_initddir" +ln -s service "$b/%_sbindir/rcsssd" %else install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd"; ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd" @@ -392,11 +393,12 @@ rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" %post # migrate config variable krb5_kdcip to krb5_server (bnc#851048) /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf - /sbin/ldconfig %if 0%{?_unitdir:1} %service_add_post sssd.service %endif +# Clear caches, which may have an incompatible format after (especially) downgrade +rm -f /var/lib/sss/db/*.ldb %if 0%{?_unitdir:1} %preun @@ -428,10 +430,10 @@ fi; %_unitdir %else %_initrddir/%name -%_sbindir/rcsssd %endif %_bindir/sss_ssh_* %_sbindir/sssd +%_sbindir/rcsssd %dir %_mandir/??/ %dir %_mandir/??/man?/ %_mandir/??/man1/sss_ssh_* From 96f34b16a6c27417be91fa46ff00883ca3396fcedf98491f644ece14571766b8 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Mon, 11 Aug 2014 00:18:49 +0000 Subject: [PATCH 3/3] put cache killer right before restart operation sysv restart OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=123 --- sssd.spec | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/sssd.spec b/sssd.spec index 11326b7..e4b7be0 100644 --- a/sssd.spec +++ b/sssd.spec @@ -397,8 +397,6 @@ rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" %if 0%{?_unitdir:1} %service_add_post sssd.service %endif -# Clear caches, which may have an incompatible format after (especially) downgrade -rm -f /var/lib/sss/db/*.ldb %if 0%{?_unitdir:1} %preun @@ -411,8 +409,15 @@ if [ "$1" == "0" ]; then fi; /sbin/ldconfig %if 0%{?_unitdir:1} +# Clear caches, which may have an incompatible format afterwards +# (especially, downgrades) +rm -f /var/lib/sss/db/*.ldb +# del_postun includes a try-restart %service_del_postun sssd.service +%else +%restart_on_update sssd %endif +%insserv_cleanup %post -n libipa_hbac0 -p /sbin/ldconfig %postun -n libipa_hbac0 -p /sbin/ldconfig