forked from jengelh/sssd
sssd 2.10.1
This commit is contained in:
parent
6e6893108a
commit
7a9befa693
@ -1,76 +0,0 @@
|
|||||||
From 8db2df4fcbd09badafbc207bd4150b5f1cc2d5fb Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
Date: Thu, 24 Oct 2024 15:34:26 +0200
|
|
||||||
Subject: [PATCH] Configuration: make sure /etc/sssd and everything
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
beneath is owned by 'sssd' group and readable by group.
|
|
||||||
|
|
||||||
This should allow for reasonable rw-r----- root:sssd
|
|
||||||
|
|
||||||
At some points those chown/chmod can be removed.
|
|
||||||
|
|
||||||
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
||||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
||||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
||||||
(cherry picked from commit 518db322fdd5a4de41813fbe5bc35fc20392ce67)
|
|
||||||
---
|
|
||||||
contrib/sssd.spec.in | 4 ++--
|
|
||||||
src/sysv/systemd/sssd-kcm.service.in | 5 ++---
|
|
||||||
src/sysv/systemd/sssd.service.in | 6 ++----
|
|
||||||
3 files changed, 6 insertions(+), 9 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
|
|
||||||
index 4fbacb959..83de563f3 100644
|
|
||||||
--- a/contrib/sssd.spec.in
|
|
||||||
+++ b/contrib/sssd.spec.in
|
|
||||||
@@ -1136,9 +1136,9 @@ getent passwd sssd >/dev/null || useradd -r -g sssd -d /run/sssd -s /sbin/nologi
|
|
||||||
%__rm -f %{mcpath}/group
|
|
||||||
%__rm -f %{mcpath}/initgroups
|
|
||||||
%__rm -f %{mcpath}/sid
|
|
||||||
+%__chown -f -R root:%{sssd_user} %{_sysconfdir}/sssd || true
|
|
||||||
+%__chmod -f -R g+r %{_sysconfdir}/sssd || true
|
|
||||||
%__chown -f %{sssd_user}:%{sssd_user} %{dbpath}/* || true
|
|
||||||
-%__chown -f %{sssd_user}:%{sssd_user} %{_sysconfdir}/sssd/sssd.conf || true
|
|
||||||
-%__chown -f -R %{sssd_user}:%{sssd_user} %{_sysconfdir}/sssd/conf.d || true
|
|
||||||
%__chown -f %{sssd_user}:%{sssd_user} %{_var}/log/%{name}/*.log || true
|
|
||||||
%__chown -f %{sssd_user}:%{sssd_user} %{secdbpath}/*.ldb || true
|
|
||||||
%__chown -f %{sssd_user}:%{sssd_user} %{gpocachepath}/* || true
|
|
||||||
diff --git a/src/sysv/systemd/sssd-kcm.service.in b/src/sysv/systemd/sssd-kcm.service.in
|
|
||||||
index 0c839ec5c..ba9e27cd9 100644
|
|
||||||
--- a/src/sysv/systemd/sssd-kcm.service.in
|
|
||||||
+++ b/src/sysv/systemd/sssd-kcm.service.in
|
|
||||||
@@ -9,9 +9,8 @@ Also=sssd-kcm.socket
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Environment=DEBUG_LOGGER=--logger=files
|
|
||||||
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@
|
|
||||||
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
|
|
||||||
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
|
|
||||||
+ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
|
|
||||||
+ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
|
|
||||||
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @secdbpath@/*.ldb"
|
|
||||||
ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/sssd_kcm.log
|
|
||||||
ExecStart=@libexecdir@/sssd/sssd_kcm ${DEBUG_LOGGER}
|
|
||||||
diff --git a/src/sysv/systemd/sssd.service.in b/src/sysv/systemd/sssd.service.in
|
|
||||||
index 37e0a63f8..a6f79ff8a 100644
|
|
||||||
--- a/src/sysv/systemd/sssd.service.in
|
|
||||||
+++ b/src/sysv/systemd/sssd.service.in
|
|
||||||
@@ -10,10 +10,8 @@ StartLimitBurst=5
|
|
||||||
[Service]
|
|
||||||
Environment=DEBUG_LOGGER=--logger=files
|
|
||||||
EnvironmentFile=-@environment_file@
|
|
||||||
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@
|
|
||||||
-ExecStartPre=+-/bin/chown -f @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/sssd.conf
|
|
||||||
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/conf.d
|
|
||||||
-ExecStartPre=+-/bin/chown -f -R @SSSD_USER@:@SSSD_USER@ @sssdconfdir@/pki
|
|
||||||
+ExecStartPre=+-/bin/chown -f -R root:@SSSD_USER@ @sssdconfdir@
|
|
||||||
+ExecStartPre=+-/bin/chmod -f -R g+r @sssdconfdir@
|
|
||||||
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @dbpath@/*.ldb"
|
|
||||||
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @gpocachepath@/*"
|
|
||||||
ExecStartPre=+-/bin/sh -c "/bin/chown -f @SSSD_USER@:@SSSD_USER@ @logpath@/*.log"
|
|
||||||
--
|
|
||||||
2.47.0
|
|
||||||
|
|
@ -1,135 +0,0 @@
|
|||||||
From 340671f16abb9c26ae97b11c4e2845337e67973e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
Date: Wed, 23 Oct 2024 20:59:32 +0200
|
|
||||||
Subject: [PATCH] INI: relax config files checks
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Only make sure:
|
|
||||||
- user is root or sssd
|
|
||||||
- group is root or sssd
|
|
||||||
- other can't access it
|
|
||||||
|
|
||||||
Don't make any assumptions wrt user/group read/write-ability.
|
|
||||||
|
|
||||||
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
||||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
||||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
||||||
(cherry picked from commit 8472777ec472607ea450ddb4c4666017bd0de704)
|
|
||||||
---
|
|
||||||
src/man/sssd.conf.5.xml | 5 ++-
|
|
||||||
src/util/sss_ini.c | 68 +++++++++++++++++++++++++++++++++++++++++
|
|
||||||
2 files changed, 70 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
|
|
||||||
index a074cc674..bf10acb2a 100644
|
|
||||||
--- a/src/man/sssd.conf.5.xml
|
|
||||||
+++ b/src/man/sssd.conf.5.xml
|
|
||||||
@@ -57,9 +57,8 @@
|
|
||||||
readable, and writeable only by 'root'.
|
|
||||||
</para>
|
|
||||||
<para condition="with_non_root_user_support">
|
|
||||||
- <filename>sssd.conf</filename> must be a regular file that is owned,
|
|
||||||
- readable, and writeable by the same user as configured to run SSSD
|
|
||||||
- service.
|
|
||||||
+ <filename>sssd.conf</filename> must be a regular file that is
|
|
||||||
+ accessible only by the user used to run SSSD service or root.
|
|
||||||
</para>
|
|
||||||
</refsect1>
|
|
||||||
|
|
||||||
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
|
|
||||||
index e989d8caf..74cf61e0e 100644
|
|
||||||
--- a/src/util/sss_ini.c
|
|
||||||
+++ b/src/util/sss_ini.c
|
|
||||||
@@ -26,6 +26,7 @@
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <errno.h>
|
|
||||||
+#include <sys/stat.h>
|
|
||||||
#include <talloc.h>
|
|
||||||
|
|
||||||
#include "config.h"
|
|
||||||
@@ -781,6 +782,71 @@ int sss_ini_open(struct sss_ini *self,
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
+static int access_check_file(const char *filename)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+ struct stat st;
|
|
||||||
+ uid_t uid;
|
|
||||||
+ gid_t gid;
|
|
||||||
+
|
|
||||||
+ sss_sssd_user_uid_and_gid(&uid, &gid);
|
|
||||||
+
|
|
||||||
+ ret = stat(filename, &st);
|
|
||||||
+ if (ret != 0) {
|
|
||||||
+ ret = errno;
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, "stat(%s) failed: %s\n",
|
|
||||||
+ filename, strerror(ret));
|
|
||||||
+ return EINVAL;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((st.st_uid != 0) && (st.st_uid != uid)) {
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected user owner of '%s': %"SPRIuid"\n",
|
|
||||||
+ filename, st.st_uid);
|
|
||||||
+ return ERR_INI_INVALID_PERMISSION;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((st.st_gid != 0) && (st.st_gid != gid)) {
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected group owner of '%s': %"SPRIgid"\n",
|
|
||||||
+ filename, st.st_gid);
|
|
||||||
+ return ERR_INI_INVALID_PERMISSION;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if ((st.st_mode & (S_IROTH|S_IWOTH|S_IXOTH)) != 0) {
|
|
||||||
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected access to '%s' by other users\n",
|
|
||||||
+ filename);
|
|
||||||
+ return ERR_INI_INVALID_PERMISSION;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return EOK;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static int access_check_ini(struct sss_ini *self)
|
|
||||||
+{
|
|
||||||
+ int ret;
|
|
||||||
+ const char *path;
|
|
||||||
+ uint32_t i;
|
|
||||||
+ const char **snippet;
|
|
||||||
+ struct ref_array *used_snippets;
|
|
||||||
+
|
|
||||||
+ if (self->main_config_exists) {
|
|
||||||
+ path = ini_config_get_filename(self->file);
|
|
||||||
+ ret = access_check_file(path);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ used_snippets = sss_ini_get_ra_success_list(self);
|
|
||||||
+ for (i = 0; (snippet = ref_array_get(used_snippets, i, NULL)) != NULL; ++i) {
|
|
||||||
+ ret = access_check_file(*snippet);
|
|
||||||
+ if (ret != EOK) {
|
|
||||||
+ return ret;
|
|
||||||
+ }
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ return EOK;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
int sss_ini_read_sssd_conf(struct sss_ini *self,
|
|
||||||
const char *config_file,
|
|
||||||
const char *config_dir)
|
|
||||||
@@ -833,5 +899,7 @@ int sss_ini_read_sssd_conf(struct sss_ini *self,
|
|
||||||
return ERR_INI_EMPTY_CONFIG;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ ret = access_check_ini(self);
|
|
||||||
+
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
--
|
|
||||||
2.47.0
|
|
||||||
|
|
@ -1,182 +0,0 @@
|
|||||||
From 1d19b8ad9415e0a12ed3aaf039d4d0956ef4dbad Mon Sep 17 00:00:00 2001
|
|
||||||
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
Date: Wed, 23 Oct 2024 19:53:09 +0200
|
|
||||||
Subject: [PATCH] INI: stop using 'libini_config' for access check
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
||||||
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
||||||
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
||||||
---
|
|
||||||
src/util/sss_ini.c | 100 +----------------------------------------------------
|
|
||||||
src/util/sss_ini.h | 12 ------
|
|
||||||
2 files changed, 3 insertions(+), 109 deletions(-)
|
|
||||||
|
|
||||||
Index: sssd-2.10.0/src/util/sss_ini.c
|
|
||||||
===================================================================
|
|
||||||
--- sssd-2.10.0.orig/src/util/sss_ini.c
|
|
||||||
+++ sssd-2.10.0/src/util/sss_ini.c
|
|
||||||
@@ -147,81 +147,6 @@ static int sss_ini_config_file_from_mem(
|
|
||||||
&self->file);
|
|
||||||
}
|
|
||||||
|
|
||||||
-/* Check configuration file permissions */
|
|
||||||
-
|
|
||||||
-static bool is_running_sssd(void)
|
|
||||||
-{
|
|
||||||
- static char exe[1024];
|
|
||||||
- int ret;
|
|
||||||
- const char *s = NULL;
|
|
||||||
-
|
|
||||||
- ret = readlink("/proc/self/exe", exe, sizeof(exe) - 1);
|
|
||||||
- if ((ret > 0) && (ret < 1024)) {
|
|
||||||
- exe[ret] = 0;
|
|
||||||
- s = strstr(exe, debug_prg_name);
|
|
||||||
- if ((s != NULL) && (strlen(s) == strlen(debug_prg_name))) {
|
|
||||||
- return true;
|
|
||||||
- }
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- return false;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-static int sss_ini_access_check(struct sss_ini *self)
|
|
||||||
-{
|
|
||||||
- int ret;
|
|
||||||
- uint32_t flags = INI_ACCESS_CHECK_MODE;
|
|
||||||
-
|
|
||||||
- if (!self->main_config_exists) {
|
|
||||||
- return EOK;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- if (is_running_sssd()) {
|
|
||||||
- flags |= INI_ACCESS_CHECK_UID | INI_ACCESS_CHECK_GID;
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
- ret = ini_config_access_check(self->file,
|
|
||||||
- flags,
|
|
||||||
- geteuid(),
|
|
||||||
- getegid(),
|
|
||||||
- S_IRUSR, /* r**------ */
|
|
||||||
- ALLPERMS & ~(S_IWUSR|S_IXUSR));
|
|
||||||
-
|
|
||||||
- return ret;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-/* Get cstat */
|
|
||||||
-
|
|
||||||
-int sss_ini_get_stat(struct sss_ini *self)
|
|
||||||
-{
|
|
||||||
- self->cstat = ini_config_get_stat(self->file);
|
|
||||||
-
|
|
||||||
- if (!self->cstat) return EIO;
|
|
||||||
-
|
|
||||||
- return EOK;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-
|
|
||||||
-/* Get mtime */
|
|
||||||
-
|
|
||||||
-int sss_ini_get_mtime(struct sss_ini *self,
|
|
||||||
- size_t timestr_len,
|
|
||||||
- char *timestr)
|
|
||||||
-{
|
|
||||||
- return snprintf(timestr, timestr_len, "%llu",
|
|
||||||
- (long long unsigned)self->cstat->st_mtime);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-/* Get file_exists */
|
|
||||||
-
|
|
||||||
-bool sss_ini_exists(struct sss_ini *self)
|
|
||||||
-{
|
|
||||||
- return self->main_config_exists;
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
/* Print ini_config errors */
|
|
||||||
|
|
||||||
static void sss_ini_config_print_errors(char **error_list)
|
|
||||||
@@ -289,7 +214,6 @@ static int sss_ini_add_snippets(struct s
|
|
||||||
uint32_t i = 0;
|
|
||||||
char *msg = NULL;
|
|
||||||
struct ini_cfgobj *modified_sssd_config = NULL;
|
|
||||||
- struct access_check snip_check;
|
|
||||||
|
|
||||||
if (self == NULL || self->sssd_config == NULL || config_dir == NULL) {
|
|
||||||
return EINVAL;
|
|
||||||
@@ -297,21 +221,11 @@ static int sss_ini_add_snippets(struct s
|
|
||||||
|
|
||||||
sss_ini_free_ra_messages(self);
|
|
||||||
|
|
||||||
- snip_check.flags = INI_ACCESS_CHECK_MODE;
|
|
||||||
-
|
|
||||||
- if (is_running_sssd()) {
|
|
||||||
- snip_check.flags |= INI_ACCESS_CHECK_UID | INI_ACCESS_CHECK_GID;
|
|
||||||
- }
|
|
||||||
- snip_check.uid = geteuid();
|
|
||||||
- snip_check.gid = getegid();
|
|
||||||
- snip_check.mode = S_IRUSR; /* r**------ */
|
|
||||||
- snip_check.mask = ALLPERMS & ~(S_IWUSR | S_IXUSR);
|
|
||||||
-
|
|
||||||
ret = ini_config_augment(self->sssd_config,
|
|
||||||
config_dir,
|
|
||||||
patterns,
|
|
||||||
sections,
|
|
||||||
- &snip_check,
|
|
||||||
+ NULL,
|
|
||||||
INI_STOP_ON_ANY,
|
|
||||||
INI_MV1S_OVERWRITE,
|
|
||||||
INI_PARSE_NOWRAP,
|
|
||||||
@@ -894,15 +808,7 @@ int sss_ini_read_sssd_conf(struct sss_in
|
|
||||||
return ERR_INI_OPEN_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (sss_ini_exists(self)) {
|
|
||||||
- ret = sss_ini_access_check(self);
|
|
||||||
- if (ret != EOK) {
|
|
||||||
- DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
- "Permission check on config file %s failed: %d\n",
|
|
||||||
- config_file, ret);
|
|
||||||
- return ERR_INI_INVALID_PERMISSION;
|
|
||||||
- }
|
|
||||||
- } else {
|
|
||||||
+ if (!self->main_config_exists) {
|
|
||||||
DEBUG(SSSDBG_CONF_SETTINGS,
|
|
||||||
"File %s does not exist.\n", config_file);
|
|
||||||
}
|
|
||||||
@@ -923,7 +829,7 @@ int sss_ini_read_sssd_conf(struct sss_in
|
|
||||||
return ERR_INI_ADD_SNIPPETS_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if (!sss_ini_exists(self) &&
|
|
||||||
+ if ((!self->main_config_exists) &&
|
|
||||||
(ref_array_len(sss_ini_get_ra_success_list(self)) == 0)) {
|
|
||||||
return ERR_INI_EMPTY_CONFIG;
|
|
||||||
}
|
|
||||||
Index: sssd-2.10.0/src/util/sss_ini.h
|
|
||||||
===================================================================
|
|
||||||
--- sssd-2.10.0.orig/src/util/sss_ini.h
|
|
||||||
+++ sssd-2.10.0/src/util/sss_ini.h
|
|
||||||
@@ -81,18 +81,6 @@ int sss_ini_open(struct sss_ini *self,
|
|
||||||
const char *fallback_cfg);
|
|
||||||
|
|
||||||
/**
|
|
||||||
- * @brief Check whether sss_ini_open() reported that ini file is
|
|
||||||
- * not present
|
|
||||||
- *
|
|
||||||
- * @param[in] self pointer to sss_ini structure
|
|
||||||
- *
|
|
||||||
- * @return
|
|
||||||
- * - true we are using ini file
|
|
||||||
- * - false file was not found
|
|
||||||
- */
|
|
||||||
-bool sss_ini_exists(struct sss_ini *self);
|
|
||||||
-
|
|
||||||
-/**
|
|
||||||
* @brief get Cstat structure of the ini file
|
|
||||||
*/
|
|
||||||
int sss_ini_get_stat(struct sss_ini *self);
|
|
@ -1,75 +0,0 @@
|
|||||||
From 1a743a4123c104a10c694f7ee9d2f0a1e7182513 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Jan Engelhardt <jengelh@inai.de>
|
|
||||||
Date: Wed, 16 Oct 2024 09:55:50 +0200
|
|
||||||
Subject: [PATCH] sssd: always print path when config object is rejected
|
|
||||||
References: https://github.com/SSSD/sssd/pull/7649
|
|
||||||
|
|
||||||
Observed:
|
|
||||||
|
|
||||||
```
|
|
||||||
Oct 16 09:44:04 a4 sssd[28717]: [sssd] [sss_ini_read_sssd_conf] (0x0020): Permission check on config file failed.
|
|
||||||
Oct 16 09:44:04 a4 sssd[28717]: Can't read config: 'File ownership and permissions check failed'
|
|
||||||
Oct 16 09:44:04 a4 sssd[28717]: Failed to read configuration: 'File ownership and permissions check failed'
|
|
||||||
```
|
|
||||||
|
|
||||||
Expected:
|
|
||||||
|
|
||||||
_Well yes, but **which one**_!?
|
|
||||||
|
|
||||||
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
||||||
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
||||||
(cherry picked from commit 2b7915dd84a6b8c3ee26e45357283677fe22f2cb)
|
|
||||||
---
|
|
||||||
src/util/sss_ini.c | 14 ++++++++------
|
|
||||||
1 file changed, 8 insertions(+), 6 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
|
|
||||||
index 7f9824d88..2a611eb8c 100644
|
|
||||||
--- a/src/util/sss_ini.c
|
|
||||||
+++ b/src/util/sss_ini.c
|
|
||||||
@@ -888,7 +888,7 @@ int sss_ini_read_sssd_conf(struct sss_ini *self,
|
|
||||||
ret = sss_ini_open(self, config_file, "[sssd]\n");
|
|
||||||
if (ret != EOK) {
|
|
||||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
- "The sss_ini_open failed %s: %d\n",
|
|
||||||
+ "sss_ini_open on %s failed: %d\n",
|
|
||||||
config_file,
|
|
||||||
ret);
|
|
||||||
return ERR_INI_OPEN_FAILED;
|
|
||||||
@@ -898,26 +898,28 @@ int sss_ini_read_sssd_conf(struct sss_ini *self,
|
|
||||||
ret = sss_ini_access_check(self);
|
|
||||||
if (ret != EOK) {
|
|
||||||
DEBUG(SSSDBG_CRIT_FAILURE,
|
|
||||||
- "Permission check on config file failed.\n");
|
|
||||||
+ "Permission check on config file %s failed: %d\n",
|
|
||||||
+ config_file, ret);
|
|
||||||
return ERR_INI_INVALID_PERMISSION;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
DEBUG(SSSDBG_CONF_SETTINGS,
|
|
||||||
- "File %1$s does not exist.\n",
|
|
||||||
- (config_file ? config_file : "NULL"));
|
|
||||||
+ "File %s does not exist.\n", config_file);
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = sss_ini_parse(self);
|
|
||||||
if (ret != EOK) {
|
|
||||||
sss_ini_config_print_errors(self->error_list);
|
|
||||||
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse configuration.\n");
|
|
||||||
+ DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse configuration file %s: %d\n",
|
|
||||||
+ config_file, ret);
|
|
||||||
return ERR_INI_PARSE_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = sss_ini_add_snippets(self, config_dir);
|
|
||||||
if (ret != EOK) {
|
|
||||||
DEBUG(SSSDBG_FATAL_FAILURE,
|
|
||||||
- "Error while reading configuration directory.\n");
|
|
||||||
+ "Error while reading configuration directory %s: %d\n",
|
|
||||||
+ config_dir, ret);
|
|
||||||
return ERR_INI_ADD_SNIPPETS_FAILED;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.47.0
|
|
||||||
|
|
BIN
sssd-2.10.0.tar.gz
(Stored with Git LFS)
BIN
sssd-2.10.0.tar.gz
(Stored with Git LFS)
Binary file not shown.
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmcOPUoACgkQ09IbKRDP
|
|
||||||
Z1myuA//anDvdZcQp0EUia2NsiWt2MFE8esmsEIN6QmEYjUxvEeXI9q4YJQimMi8
|
|
||||||
wdt0zqZE1PLrTcroWaeGcgt2+CJWUbVanZtNn3oo7lUVYrLKemrUzavM7dXTaA43
|
|
||||||
cdKAFyEO+nHJQ2yBNUt6sRXc3tM0H27yZs0iL+CcYu6YshUTbMnZuwdpz7DqDTN8
|
|
||||||
nbG+LWa+U0en5mI3waP8Ionwmdv9AJAuCHQZLlZDpM0+YfGumcIUJdbxU/I8pqP8
|
|
||||||
MQaulPv3e+BNwdbUiLlk0cXRjuEfSd0bmMa3MqB4IqMvvjACU0GuSgK3FDhutZJe
|
|
||||||
HfmzYSo/Zntmr7F/eYLz6zy/GU3VewEilOyRV08oz+EVJRbGyo2t4k6PUYbn+I4V
|
|
||||||
kJ/maed5jnBzIZGf6o+P1r+3mavJg7k2LDV4s48MsZ4Y5ED4X0c+boT1L5FZbquW
|
|
||||||
gp99Di0RG4VoWiYOfVfszLzeDWOLbOrKMyA6PTqlmjGYAdV9SBwZP5WEdwXyPovo
|
|
||||||
D7uual7Eqdd+Y/lt+8O4Wd+Y+a9xI2kwVFo8KYmHc8PhgLpPIKTWbBTEI+0nw3fJ
|
|
||||||
qqyyA7JWA81bt4WKVuJaeS87S/9F4yn8ps2dzSgHjZ2Tzr7Eu1a3RWLjKYsjKZrT
|
|
||||||
PPd2d/02rQAZPwLYHN5qM3Xjh0DD7IiXav1QuIPxmUQA9z8ZiuA=
|
|
||||||
=mJVY
|
|
||||||
-----END PGP SIGNATURE-----
|
|
BIN
sssd-2.10.1.tar.gz
(Stored with Git LFS)
Normal file
BIN
sssd-2.10.1.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
16
sssd-2.10.1.tar.gz.asc
Normal file
16
sssd-2.10.1.tar.gz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEEwTzQf/stsUCORXo809IbKRDPZ1kFAmdYSb4ACgkQ09IbKRDP
|
||||||
|
Z1kRyRAAmkKhCUcBs4h2mDg7uzz7DfYFkHXEiY8EMoVP5Iw6ZsNL/V9fwF9xhj49
|
||||||
|
XbnCfxj2zFfVWZd5VYnTpl86Hg3NrxuPehgM+iMAXS6U/55TvRPunCtTiRwoTZ4t
|
||||||
|
zSgiBaSg3I2hmSN2cnSU8PpilEDCIeSP3uafmGXI1KUxEQltVbp0EeJ5CL5GP3xU
|
||||||
|
rFgI1pKdTySlw6jZ3vjkAaHwdsJGB0MKtjiBJYtqvHmIzbUdSNN/iE5Wf5xsdtez
|
||||||
|
KKLUrnKeQFuNyYWpjipJvbs7i9+E5VKFvCfrqFb6vQbp+Rgd98epVjp2VKovNy8p
|
||||||
|
gZQmgfbi5GCWKuBx+dbaRSFa8hWemEwnBNboV6JKq4+CoPsMkI367utZV5gd58V5
|
||||||
|
RHgLsrZfjahAXgG4ytwPhgKDV+sX+sSn4aXIdaSgc+vP7+ykLMxyzyR2GXyG+y11
|
||||||
|
WrnovdR0HywHfzvlUnKQmcLUjCkXKVwIMw0oBRa8+YLTD08EeYgu+oXXDpGD0oL1
|
||||||
|
YJLLBdr6ycR9Rk/sUqbZgEnzQZPYXazIraUrd71Ry8CaNvqi86Of7sX6SgSQQeg/
|
||||||
|
ZPLNcPWPadG/9jpMNJNsXXEZicNJXznQczlXKvRXINOJzknJYwwgH+/55otbzNzq
|
||||||
|
EjlOmFEn07bGAHCsHTfydlCeYqD9x+WV/X8CReMFjcaaBH4TDms=
|
||||||
|
=S0c5
|
||||||
|
-----END PGP SIGNATURE-----
|
16
sssd.changes
16
sssd.changes
@ -1,3 +1,19 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Dec 10 20:17:10 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Update to release 2.10.1
|
||||||
|
* SSSD does not create anymore missing path components of
|
||||||
|
DIR:/FILE: ccache types while acquiring user's TGT. The
|
||||||
|
parent directory of requested ccache directory must exist and
|
||||||
|
the user trying to log in must have rwx access to this
|
||||||
|
directory. This matches behavior of /usr/bin/kinit.
|
||||||
|
* The option default_domain_suffix is deprecated.
|
||||||
|
- Delete 0001-Configuration-make-sure-etc-sssd-and-everything.patch,
|
||||||
|
0001-INI-relax-config-files-checks.patch,
|
||||||
|
0001-INI-stop-using-libini_config-for-access-check.patch,
|
||||||
|
0001-sssd-always-print-path-when-config-object-is-rejecte.patch
|
||||||
|
(merged)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 15 12:59:51 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
Tue Oct 15 12:59:51 UTC 2024 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
19
sssd.spec
19
sssd.spec
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.10.0
|
Version: 2.10.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
License: GPL-3.0-or-later AND LGPL-3.0-or-later
|
||||||
@ -28,10 +28,6 @@ Source: https://github.com/SSSD/sssd/releases/download/%version/%name-%v
|
|||||||
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
|
Source2: https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
|
||||||
Source3: baselibs.conf
|
Source3: baselibs.conf
|
||||||
Source5: %name.keyring
|
Source5: %name.keyring
|
||||||
Patch3: 0001-sssd-always-print-path-when-config-object-is-rejecte.patch
|
|
||||||
Patch4: 0001-INI-stop-using-libini_config-for-access-check.patch
|
|
||||||
Patch5: 0001-INI-relax-config-files-checks.patch
|
|
||||||
Patch6: 0001-Configuration-make-sure-etc-sssd-and-everything.patch
|
|
||||||
Patch11: krb-noversion.diff
|
Patch11: krb-noversion.diff
|
||||||
Patch12: harden_sssd-ifp.service.patch
|
Patch12: harden_sssd-ifp.service.patch
|
||||||
Patch13: harden_sssd-kcm.service.patch
|
Patch13: harden_sssd-kcm.service.patch
|
||||||
@ -489,11 +485,11 @@ cat >"$b/etc/permissions.d/sssd" <<-EOF
|
|||||||
%_libexecdir/sssd/sssd_pam root:sssd 0750
|
%_libexecdir/sssd/sssd_pam root:sssd 0750
|
||||||
+capabilities cap_dac_read_search=p
|
+capabilities cap_dac_read_search=p
|
||||||
%_libexecdir/sssd/selinux_child root:sssd 0750
|
%_libexecdir/sssd/selinux_child root:sssd 0750
|
||||||
+capabilities %child_capabilities
|
+capabilities cap_setgid,cap_setuid=p
|
||||||
%_libexecdir/sssd/krb5_child root:sssd 0750
|
%_libexecdir/sssd/krb5_child root:sssd 0750
|
||||||
+capabilities %child_capabilities
|
+capabilities cap_dac_read_search,cap_setgid,cap_setuid=p
|
||||||
%_libexecdir/sssd/ldap_child root:sssd 0750
|
%_libexecdir/sssd/ldap_child root:sssd 0750
|
||||||
+capabilities %child_capabilities
|
+capabilities cap_dac_read_search=p
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
%check
|
%check
|
||||||
@ -691,7 +687,6 @@ fi
|
|||||||
%_libdir/%name/libsss_files*
|
%_libdir/%name/libsss_files*
|
||||||
%endif
|
%endif
|
||||||
%_libdir/%name/libsss_iface*
|
%_libdir/%name/libsss_iface*
|
||||||
%_libdir/%name/libsss_semanage*
|
|
||||||
%_libdir/%name/libsss_sbus*
|
%_libdir/%name/libsss_sbus*
|
||||||
%_libdir/%name/libsss_simple*
|
%_libdir/%name/libsss_simple*
|
||||||
%_libdir/%name/libsss_util*
|
%_libdir/%name/libsss_util*
|
||||||
@ -710,7 +705,7 @@ fi
|
|||||||
%_libexecdir/%name/sss_signal
|
%_libexecdir/%name/sss_signal
|
||||||
%_libexecdir/%name/sssd_check_socket_activated_responders
|
%_libexecdir/%name/sssd_check_socket_activated_responders
|
||||||
%if 0%{?suse_version} >= 1600
|
%if 0%{?suse_version} >= 1600
|
||||||
%attr(750,root,%sssd_user) %caps(%child_capabilities) %_libexecdir/%name/selinux_child
|
%attr(750,root,%sssd_user) %caps(cap_setgid,cap_setuid=p) %_libexecdir/%name/selinux_child
|
||||||
%endif
|
%endif
|
||||||
%dir %sssdstatedir
|
%dir %sssdstatedir
|
||||||
%attr(700,%sssd_user,%sssd_user) %dir %dbpath/
|
%attr(700,%sssd_user,%sssd_user) %dir %dbpath/
|
||||||
@ -839,8 +834,8 @@ fi
|
|||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
%_libdir/%name/libsss_krb5_common.so
|
%_libdir/%name/libsss_krb5_common.so
|
||||||
%dir %_libexecdir/%name/
|
%dir %_libexecdir/%name/
|
||||||
%attr(750,root,%sssd_user) %caps(%child_capabilities) %_libexecdir/%name/krb5_child
|
%attr(750,root,%sssd_user) %caps(cap_dac_read_search,cap_setgid,cap_setuid=p) %_libexecdir/%name/krb5_child
|
||||||
%attr(750,root,%sssd_user) %caps(%child_capabilities) %_libexecdir/%name/ldap_child
|
%attr(750,root,%sssd_user) %caps(cap_dac_read_search=p) %_libexecdir/%name/ldap_child
|
||||||
|
|
||||||
%files ldap
|
%files ldap
|
||||||
%dir %_libdir/%name/
|
%dir %_libdir/%name/
|
||||||
|
@ -12,14 +12,14 @@ libsss_ldap.so(-2.7.4) cannot find a libsss_util.so(-2.7.4), since
|
|||||||
the system only has libsss_util.so(-2.8.2) at this point.
|
the system only has libsss_util.so(-2.8.2) at this point.
|
||||||
|
|
||||||
---
|
---
|
||||||
Makefile.am | 47 ++++++++++++++++++++++++++++++++---------------
|
Makefile.am | 44 ++++++++++++++++++++++++++++++--------------
|
||||||
1 file changed, 32 insertions(+), 15 deletions(-)
|
1 file changed, 30 insertions(+), 14 deletions(-)
|
||||||
|
|
||||||
Index: sssd-2.9.2/Makefile.am
|
Index: sssd-2.10.1/Makefile.am
|
||||||
===================================================================
|
===================================================================
|
||||||
--- sssd-2.9.2.orig/Makefile.am
|
--- sssd-2.10.1.orig/Makefile.am
|
||||||
+++ sssd-2.9.2/Makefile.am
|
+++ sssd-2.10.1/Makefile.am
|
||||||
@@ -955,7 +955,11 @@ libsss_debug_la_SOURCES = \
|
@@ -971,7 +971,11 @@ libsss_debug_la_SOURCES = \
|
||||||
libsss_debug_la_LIBADD = \
|
libsss_debug_la_LIBADD = \
|
||||||
$(SYSLOG_LIBS)
|
$(SYSLOG_LIBS)
|
||||||
libsss_debug_la_LDFLAGS = \
|
libsss_debug_la_LDFLAGS = \
|
||||||
@ -32,7 +32,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_child.la
|
pkglib_LTLIBRARIES += libsss_child.la
|
||||||
libsss_child_la_SOURCES = src/util/child_common.c
|
libsss_child_la_SOURCES = src/util/child_common.c
|
||||||
@@ -965,7 +969,8 @@ libsss_child_la_LIBADD = \
|
@@ -981,7 +985,8 @@ libsss_child_la_LIBADD = \
|
||||||
$(DHASH_LIBS) \
|
$(DHASH_LIBS) \
|
||||||
libsss_debug.la \
|
libsss_debug.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
@ -42,7 +42,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_crypt.la
|
pkglib_LTLIBRARIES += libsss_crypt.la
|
||||||
|
|
||||||
@@ -1004,7 +1009,8 @@ libsss_crypt_la_LIBADD = \
|
@@ -1021,7 +1026,8 @@ libsss_crypt_la_LIBADD = \
|
||||||
libsss_debug.la \
|
libsss_debug.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_crypt_la_LDFLAGS = \
|
libsss_crypt_la_LDFLAGS = \
|
||||||
@ -52,7 +52,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_cert.la
|
pkglib_LTLIBRARIES += libsss_cert.la
|
||||||
|
|
||||||
@@ -1029,8 +1035,9 @@ libsss_cert_la_LIBADD = \
|
@@ -1046,8 +1052,9 @@ libsss_cert_la_LIBADD = \
|
||||||
libsss_debug.la \
|
libsss_debug.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_cert_la_LDFLAGS = \
|
libsss_cert_la_LDFLAGS = \
|
||||||
@ -63,7 +63,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
generate-sbus-code:
|
generate-sbus-code:
|
||||||
$(builddir)/sbus_generate.sh $(abs_srcdir)
|
$(builddir)/sbus_generate.sh $(abs_srcdir)
|
||||||
@@ -1131,8 +1138,9 @@ libsss_sbus_la_CFLAGS = \
|
@@ -1148,8 +1155,9 @@ libsss_sbus_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_sbus_la_LDFLAGS = \
|
libsss_sbus_la_LDFLAGS = \
|
||||||
@ -74,7 +74,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_sbus_sync.la
|
pkglib_LTLIBRARIES += libsss_sbus_sync.la
|
||||||
libsss_sbus_sync_la_SOURCES = \
|
libsss_sbus_sync_la_SOURCES = \
|
||||||
@@ -1167,8 +1175,9 @@ libsss_sbus_sync_la_CFLAGS = \
|
@@ -1184,8 +1192,9 @@ libsss_sbus_sync_la_CFLAGS = \
|
||||||
$(UNICODE_LIBS) \
|
$(UNICODE_LIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_sbus_sync_la_LDFLAGS = \
|
libsss_sbus_sync_la_LDFLAGS = \
|
||||||
@ -85,7 +85,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_iface.la
|
pkglib_LTLIBRARIES += libsss_iface.la
|
||||||
libsss_iface_la_SOURCES = \
|
libsss_iface_la_SOURCES = \
|
||||||
@@ -1197,8 +1206,9 @@ libsss_iface_la_CFLAGS = \
|
@@ -1214,8 +1223,9 @@ libsss_iface_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_iface_la_LDFLAGS = \
|
libsss_iface_la_LDFLAGS = \
|
||||||
@ -96,7 +96,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_iface_sync.la
|
pkglib_LTLIBRARIES += libsss_iface_sync.la
|
||||||
libsss_iface_sync_la_SOURCES = \
|
libsss_iface_sync_la_SOURCES = \
|
||||||
@@ -1225,8 +1235,9 @@ libsss_iface_sync_la_CFLAGS = \
|
@@ -1242,8 +1252,9 @@ libsss_iface_sync_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_iface_sync_la_LDFLAGS = \
|
libsss_iface_sync_la_LDFLAGS = \
|
||||||
@ -107,7 +107,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_util.la
|
pkglib_LTLIBRARIES += libsss_util.la
|
||||||
libsss_util_la_SOURCES = \
|
libsss_util_la_SOURCES = \
|
||||||
@@ -1322,7 +1333,8 @@ endif
|
@@ -1338,7 +1349,8 @@ endif
|
||||||
if BUILD_PASSKEY
|
if BUILD_PASSKEY
|
||||||
libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c
|
libsss_util_la_SOURCES += src/db/sysdb_passkey_user_verification.c
|
||||||
endif # BUILD_PASSKEY
|
endif # BUILD_PASSKEY
|
||||||
@ -115,19 +115,9 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
+libsss_util_la_LDFLAGS = -avoid-version ${symv}
|
+libsss_util_la_LDFLAGS = -avoid-version ${symv}
|
||||||
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym
|
+EXTRA_libsss_util_la_DEPENDENCIES = x.sym
|
||||||
|
|
||||||
pkglib_LTLIBRARIES += libsss_semanage.la
|
|
||||||
libsss_semanage_la_CFLAGS = \
|
|
||||||
@@ -1341,7 +1353,8 @@ libsss_semanage_la_LIBADD += $(SEMANAGE_
|
|
||||||
endif
|
|
||||||
|
|
||||||
libsss_semanage_la_LDFLAGS = \
|
|
||||||
- -avoid-version
|
|
||||||
+ -avoid-version ${symv}
|
|
||||||
+EXTRA_libsss_semanage_la_DEPENDENCIES = x.sym
|
|
||||||
|
|
||||||
SSSD_INTERNAL_LTLIBS = \
|
SSSD_INTERNAL_LTLIBS = \
|
||||||
libsss_util.la \
|
libsss_util.la \
|
||||||
@@ -1357,7 +1370,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
|
@@ -1354,7 +1366,7 @@ lib_LTLIBRARIES = libipa_hbac.la \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
|
|
||||||
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
|
pkgconfig_DATA += src/lib/ipa_hbac/ipa_hbac.pc
|
||||||
@ -136,7 +126,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
libipa_hbac_la_SOURCES = \
|
libipa_hbac_la_SOURCES = \
|
||||||
src/lib/ipa_hbac/hbac_evaluator.c \
|
src/lib/ipa_hbac/hbac_evaluator.c \
|
||||||
src/util/sss_utf8.c
|
src/util/sss_utf8.c
|
||||||
@@ -1688,8 +1701,9 @@ libifp_iface_la_CFLAGS = \
|
@@ -1682,8 +1694,9 @@ libifp_iface_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libifp_iface_la_LDFLAGS = \
|
libifp_iface_la_LDFLAGS = \
|
||||||
@ -147,7 +137,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
pkglib_LTLIBRARIES += libifp_iface_sync.la
|
pkglib_LTLIBRARIES += libifp_iface_sync.la
|
||||||
libifp_iface_sync_la_SOURCES = \
|
libifp_iface_sync_la_SOURCES = \
|
||||||
@@ -1714,8 +1728,9 @@ libifp_iface_sync_la_CFLAGS = \
|
@@ -1708,8 +1721,9 @@ libifp_iface_sync_la_CFLAGS = \
|
||||||
$(DBUS_CFLAGS) \
|
$(DBUS_CFLAGS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libifp_iface_sync_la_LDFLAGS = \
|
libifp_iface_sync_la_LDFLAGS = \
|
||||||
@ -158,7 +148,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
|
|
||||||
sssd_ifp_SOURCES = \
|
sssd_ifp_SOURCES = \
|
||||||
src/responder/ifp/ifpsrv.c \
|
src/responder/ifp/ifpsrv.c \
|
||||||
@@ -4314,8 +4329,9 @@ libsss_ldap_common_la_LIBADD = \
|
@@ -4314,8 +4328,9 @@ libsss_ldap_common_la_LIBADD = \
|
||||||
$(SSSD_INTERNAL_LTLIBS) \
|
$(SSSD_INTERNAL_LTLIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_ldap_common_la_LDFLAGS = \
|
libsss_ldap_common_la_LDFLAGS = \
|
||||||
@ -169,7 +159,7 @@ Index: sssd-2.9.2/Makefile.am
|
|||||||
if BUILD_SYSTEMTAP
|
if BUILD_SYSTEMTAP
|
||||||
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
|
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
|
||||||
endif
|
endif
|
||||||
@@ -4372,7 +4388,8 @@ libsss_krb5_common_la_LIBADD = \
|
@@ -4371,7 +4386,8 @@ libsss_krb5_common_la_LIBADD = \
|
||||||
$(SSSD_INTERNAL_LTLIBS) \
|
$(SSSD_INTERNAL_LTLIBS) \
|
||||||
$(NULL)
|
$(NULL)
|
||||||
libsss_krb5_common_la_LDFLAGS = \
|
libsss_krb5_common_la_LDFLAGS = \
|
||||||
|
Loading…
Reference in New Issue
Block a user