SHA256
1
0
forked from jengelh/sssd

Accepting request 536206 from home:stroeder:branches:network:ldap

Update to new upstream release 1.16.0.

Successfully tested with Howard's test scripts on openSUSE Tumbleweed x86_64.

Build of man pages seems broken. But this is not caused by this sssd update because the man pages are already broken in sssd-tools-1.15.2-1.4 package in Tumbleweed.

OBS-URL: https://build.opensuse.org/request/show/536206
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=188
This commit is contained in:
Michael Ströder 2017-10-25 11:56:22 +00:00 committed by Git OBS Bridge
parent 63b85c3a82
commit c7db1552cb
6 changed files with 345 additions and 236 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:4cd5fcb314d77a58029a216b7e6001c6cb41c5b784cf570c5761c97d1c12d264
size 5248134

View File

@ -1,6 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iEYEABECAAYFAljJcscACgkQHsardTLnvCVCdwCgj0g3CSbz/gIS37W553d0QI7i
waoAnRN8+lQjwHQS+76q5nz2eSdRLnIG
=4tQo
-----END PGP SIGNATURE-----

3
sssd-1.16.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f
size 5899127

6
sssd-1.16.0.tar.gz.asc Normal file
View File

@ -0,0 +1,6 @@
-----BEGIN PGP SIGNATURE-----
iEYEABECAAYFAlnqDFQACgkQHsardTLnvCU79wCg3b6eA8KEVLV8WECtUpTuFOb4
WtAAoIQpjJYhg/z0wNqa2wh5v7CLpZdP
=MMlI
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,74 @@
-------------------------------------------------------------------
Mon Oct 23 16:31:54 UTC 2017 - michael@stroeder.com
- consequently use curly brackets when referencing variables
- Update to new upstream release 1.16.0
Security fixes
* This release fixes CVE-2017-12173: Unsanitized input when searching in
local cache database. SSSD stores its cached data in an LDAP like local
database file using libldb. To lookup cached data LDAP search filters
like (objectClass=user)(name=user_name) are used. However, in
sysdb_search_user_by_upn_res(), the input was not sanitized and
allowed to manipulate the search filter for cache lookups. This would
allow a logged in user to discover the password hash of a different user.
New Features
* SSSD now supports session recording configuration through tlog. This
feature enables recording of everything specific users see or type
during their sessions on a text terminal. For more information, see
the sssd-session-recording(5) manual page.
* SSSD can act as a client agent to deliver
Fleet Commander <https://wiki.gnome.org/Projects/FleetCommander>
policies defined on an IPA server. Fleet Commander provides a
configuration management interface that is controlled centrally and
that covers desktop, applications and network configuration.
* Several new systemtap <https://sourceware.org/systemtap/> probes
were added into various locations in SSSD code to assist in
troubleshooting and analyzing performance related issues. Please see the
sssd-systemtap(5) manual page for more information.
* A new LDAP provide access control mechanism that allows to restrict
access based on PAM's rhost data field was added. For more details,
please consult the sssd-ldap(5) manual page, in particular the
options ldap_user_authorized_rhost and the rhost value of
ldap_access_filter.
-------------------------------------------------------------------
Tue Jul 25 15:46:23 UTC 2017 - michael@stroeder.com
- Update to new upstream release 1.15.3 (KCM disabled)
New Features
* In a setup where an IPA domain trusts an Active Directory domain,
it is now possible to define the domain resolution order
(see http://www.freeipa.org/page/Releases/4.5.0#AD_User_Short_Names).
* Design page - Shortnames in trusted domains <https://docs.pagure.org/SSSD.sssd/design_pages/shortnames.html>
* SSSD ships with a new service called KCM. This service acts as a
storage for Kerberos tickets when "libkrb5" is configured to use
"KCM:" in "krb5.conf".
* Design page - KCM server for SSSD <https://docs.pagure.org/SSSD.sssd/design_pages/kcm.html>
* NOTE: There are several known issues in the "KCM" responder that
will be handled in the next release.
* Support for user and group resolution through the D-Bus interface and
authentication and/or authorization through the PAM interface even
for setups without UIDs or Windows SIDs present on the LDAP directory
side. This enhancement allows SSSD to be used together with apache
modules <https://github.com/adelton/mod_lookup_identity> to provide
identities for applications
* Design page - Support for non-POSIX users and groups <https://docs.pagure.org/SSSD.sssd/design_pages/non_posix_support.html>
* SSSD ships a new public library called "libsss_certmap" that allows
a flexible and configurable way of mapping a certificate to a user
identity.
* Design page - Matching and Mapping Certificates <https://docs.pagure.org/SSSD.sssd/design_pages/matching_and_mapping_certificates.html>
* The Kerberos locator plugin can be disabled using an environment variable
"SSSD_KRB5_LOCATOR_DISABLE". Please refer to the
"sssd_krb5_locator_plugin" manual page for mode details.
* The "sssctl" command line tool supports a new command "user-checks"
that enables the administrator to check whether a certain user should be
allowed or denied access to a certain PAM service.
* The "secrets" responder now forwards requests to a proxy Custodia
back end over a secure channel.
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com

492
sssd.spec
View File

@ -17,7 +17,7 @@
Name: sssd Name: sssd
Version: 1.15.2 Version: 1.16.0
Release: 0 Release: 0
Summary: System Security Services Daemon Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+ License: GPL-3.0+ and LGPL-3.0+
@ -25,18 +25,18 @@ Group: System/Daemons
Url: https://pagure.io/SSSD/sssd Url: https://pagure.io/SSSD/sssd
#Git-Clone: git://git.fedorahosted.org/sssd #Git-Clone: git://git.fedorahosted.org/sssd
Source: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz Source: http://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
Source2: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz.asc Source2: http://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz.asc
Source3: baselibs.conf Source3: baselibs.conf
Source4: sssd.service Source4: sssd.service
Source5: %name.keyring Source5: %{name}.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%define servicename sssd %define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss %define sssdstatedir %{_localstatedir}/lib/sss
%define dbpath %sssdstatedir/db %define dbpath %{sssdstatedir}/db
%define pipepath %sssdstatedir/pipes %define pipepath %{sssdstatedir}/pipes
%define pubconfpath %sssdstatedir/pubconf %define pubconfpath %{sssdstatedir}/pubconf
BuildRequires: autoconf >= 2.59 BuildRequires: autoconf >= 2.59
BuildRequires: automake BuildRequires: automake
@ -82,11 +82,11 @@ BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(tevent)
BuildRequires: pkgconfig(ndr_krb5pac) BuildRequires: pkgconfig(ndr_krb5pac)
%{?systemd_requires} %{?systemd_requires}
Requires: sssd-ldap = %version-%release Requires: sssd-ldap = %{version}-%{release}
Requires(postun): pam-config Requires(postun): pam-config
Provides: libsss_sudo = %version-%release Provides: libsss_sudo = %{version}-%{release}
Provides: sssd-client = %version-%release Provides: sssd-client = %{version}-%{release}
Obsoletes: libsss_sudo < %version-%release Obsoletes: libsss_sudo < %{version}-%{release}
%description %description
Provides a set of daemons to manage access to remote directories and Provides a set of daemons to manage access to remote directories and
@ -99,7 +99,7 @@ services for projects like FreeIPA.
Summary: The ActiveDirectory backend plugin for sssd Summary: The ActiveDirectory backend plugin for sssd
License: GPL-3.0+ License: GPL-3.0+
Group: System/Daemons Group: System/Daemons
Requires: %name-krb5-common = %version Requires: %{name}-krb5-common = %{version}
%description ad %description ad
Provides the Active Directory back end that the SSSD can utilize to Provides the Active Directory back end that the SSSD can utilize to
@ -110,7 +110,7 @@ server.
Summary: The D-Bus responder of sssd Summary: The D-Bus responder of sssd
License: GPL-3.0+ License: GPL-3.0+
Group: System/Base Group: System/Base
Requires: %name = %version Requires: %{name} = %{version}
%description dbus %description dbus
Provides the D-Bus responder of sssd, called InfoPipe, which allows Provides the D-Bus responder of sssd, called InfoPipe, which allows
@ -120,10 +120,10 @@ information from sssd to be transmitted over the system bus.
Summary: FreeIPA backend plugin for sssd Summary: FreeIPA backend plugin for sssd
License: GPL-3.0+ License: GPL-3.0+
Group: System/Daemons Group: System/Daemons
Requires: %name = %version Requires: %{name} = %{version}
Requires: %name-krb5-common = %version-%release Requires: %{name}-krb5-common = %{version}-%{release}
Obsoletes: %name-ipa-provider < %version-%release Obsoletes: %{name}-ipa-provider < %{version}-%{release}
Provides: %name-ipa-provider = %version-%release Provides: %{name}-ipa-provider = %{version}-%{release}
%description ipa %description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity Provides the IPA back end that the SSSD can utilize to fetch identity
@ -133,7 +133,7 @@ data from and authenticate against an IPA server.
Summary: The Kerberos authentication backend plugin for sssd Summary: The Kerberos authentication backend plugin for sssd
License: GPL-3.0+ License: GPL-3.0+
Group: System/Daemons Group: System/Daemons
Requires: %name-krb5-common = %version-%release Requires: %{name}-krb5-common = %{version}-%{release}
%description krb5 %description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate Provides the Kerberos back end that the SSSD can utilize authenticate
@ -153,7 +153,7 @@ use for Kerberos user or host authentication.
Summary: The LDAP backend plugin for sssd Summary: The LDAP backend plugin for sssd
License: GPL-3.0+ License: GPL-3.0+
Group: System/Daemons Group: System/Daemons
Requires: %name-krb5-common = %version-%release Requires: %{name}-krb5-common = %{version}-%{release}
%description ldap %description ldap
Provides the LDAP back end that the SSSD can utilize to fetch Provides the LDAP back end that the SSSD can utilize to fetch
@ -172,8 +172,8 @@ and/or PAM modules to leverage SSSD caching.
Summary: Commandline tools for sssd Summary: Commandline tools for sssd
License: GPL-3.0+ and LGPL-3.0+ License: GPL-3.0+ and LGPL-3.0+
Group: System/Management Group: System/Management
Requires: python-sssd-config = %version Requires: python-sssd-config = %{version}
Requires: sssd = %version Requires: sssd = %{version}
%py_requires %py_requires
%description tools %description tools
@ -198,7 +198,7 @@ by their POSIX UIDs and GIDs respectively.
Summary: Development files for SSSD winbind Summary: Development files for SSSD winbind
License: LGPL-3.0+ License: LGPL-3.0+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: %name-wbclient = %version Requires: %{name}-wbclient = %{version}
%description wbclient-devel %description wbclient-devel
sssd-wbclient implements the libwbclient API for Samba daemons and sssd-wbclient implements the libwbclient API for Samba daemons and
@ -214,6 +214,23 @@ Group: System/Libraries
The idmap_sss module provides a way for Winbind to call SSSD to map The idmap_sss module provides a way for Winbind to call SSSD to map
UIDs/GIDs and SIDs. UIDs/GIDs and SIDs.
%package -n libsss_certmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0+
Group: System/Libraries
%description -n libsss_certmap0
A utility library for FreeIPA to map certs.
%package -n libsss_certmap-devel
Summary: Development files for the FreeIPA certmap library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libsss_certmap0 = %{version}
%description -n libsss_certmap-devel
A utility library for FreeIPA to map certs.
%package -n libipa_hbac0 %package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0+ License: LGPL-3.0+
@ -227,7 +244,7 @@ requests.
Summary: Development files for the FreeIPA HBAC Evaluator library Summary: Development files for the FreeIPA HBAC Evaluator library
License: LGPL-3.0+ License: LGPL-3.0+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libipa_hbac0 = %version Requires: libipa_hbac0 = %{version}
%description -n libipa_hbac-devel %description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization Utility library to validate FreeIPA HBAC rules for authorization
@ -254,7 +271,7 @@ A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
Summary: Development files for the FreeIPA idmap library Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0+ License: LGPL-3.0+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libsss_idmap0 = %version Requires: libsss_idmap0 = %{version}
%description -n libsss_idmap-devel %description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
@ -271,7 +288,7 @@ A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
Summary: Development files for the FreeIPA idmap library Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0+ License: LGPL-3.0+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libsss_nss_idmap0 = %version Requires: libsss_nss_idmap0 = %{version}
%description -n libsss_nss_idmap-devel %description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
@ -289,7 +306,7 @@ the SSSD InfoPipe responder.
Summary: Development files for the SSSD D-Bus responder helper library Summary: Development files for the SSSD D-Bus responder helper library
License: GPL-3.0+ License: GPL-3.0+
Group: Development/Libraries/C and C++ Group: Development/Libraries/C and C++
Requires: libsss_simpleifp0 = %version Requires: libsss_simpleifp0 = %{version}
%description -n libsss_simpleifp-devel %description -n libsss_simpleifp-devel
This subpackage provides the development files for sssd's simpleifp, This subpackage provides the development files for sssd's simpleifp,
@ -385,7 +402,7 @@ Security Services Daemon (sssd).
# pkgconfig file not present # pkgconfig file not present
export LDB_LIBS="-lldb" export LDB_LIBS="-lldb"
export LDB_CFLAGS=" " export LDB_CFLAGS=" "
export LDB_DIR="%_libdir/ldb" export LDB_DIR="%{_libdir}/ldb"
%else %else
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
%endif %endif
@ -398,45 +415,45 @@ export CFLAGS="%optflags -fPIE"
export LDFLAGS="-pie" export LDFLAGS="-pie"
%configure \ %configure \
--with-crypto=libcrypto \ --with-crypto=libcrypto \
--with-db-path="%dbpath" \ --with-db-path="%{dbpath}" \
--with-pipe-path="%pipepath" \ --with-pipe-path="%{pipepath}" \
--with-pubconf-path="%pubconfpath" \ --with-pubconf-path="%{pubconfpath}" \
--with-init-dir="%_initrddir" \ --with-init-dir="%{_initrddir}" \
--enable-nsslibdir="/%_lib" \ --enable-nsslibdir="/%{_lib}" \
--enable-pammoddir="/%_lib/security" \ --enable-pammoddir="/%{_lib}/security" \
--with-ldb-lib-dir="$LDB_DIR" \ --with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \ --with-selinux=no \
--with-os=suse \ --with-os=suse \
--with-semanage=no \ --with-semanage=no \
--disable-ldb-version-check \ --disable-ldb-version-check \
--without-kcm \
--without-secrets --without-secrets
make %{?_smp_mflags} all make %{?_smp_mflags} all
%install %install
b="%buildroot" make install DESTDIR="%{buildroot}"
make install DESTDIR="$b"
# Copy default sssd.conf file # Copy default sssd.conf file
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ install -d "%{buildroot}/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
"$b/%_mandir"/{uk/man5,uk/man8} "%{buildroot}/%_mandir"/{uk/man5,uk/man8}
install -d "$b/%_sysconfdir/sssd" install -d "%{buildroot}/%{_sysconfdir}/sssd"
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" install -m600 src/examples/sssd-example.conf "%{buildroot}/%{_sysconfdir}/sssd/sssd.conf"
install -d "$b/%_sysconfdir/sssd/conf.d" install -d "%{buildroot}/%{_sysconfdir}/sssd/conf.d"
install -d "$b/%_unitdir" install -d "%{buildroot}/%{_unitdir}"
install -m644 %{S:4} "$b/%_unitdir/sssd.service" install -m644 %{S:4} "%{buildroot}/%{_unitdir}/sssd.service"
rm -Rf "$b/%_initddir" rm -Rf "%{buildroot}/%{_initddir}"
ln -s service "$b/%_sbindir/rcsssd" ln -s service "%{buildroot}/%{_sbindir}/rcsssd"
mkdir -p "$b/%sssdstatedir/mc" mkdir -p "%{buildroot}/%{sssdstatedir}/mc"
mkdir -p "$b/%_sysconfdir/ld.so.conf.d" mkdir -p "%{buildroot}/%{_sysconfdir}/ld.so.conf.d"
cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF cat >"%{buildroot}/%{_sysconfdir}/ld.so.conf.d/sssd-wbclient.conf" <<-EOF
%_libdir/%name/modules %{_libdir}/%{name}/modules
EOF EOF
find "$b" -type f -name "*.la" -delete find "%{buildroot}" -type f -name "*.la" -delete
rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" rm -Rf "%{buildroot}/%{_sysconfdir}/dbus-1" "%{buildroot}/%{_datadir}/dbus-1"
%find_lang %name --all-name %find_lang %{name} --all-name
%check %check
# sss_config-tests fails # sss_config-tests fails
@ -447,7 +464,7 @@ make %{?_smp_mflags} check ||:
%post %post
# migrate config variable krb5_kdcip to krb5_server (bnc#851048) # migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf /bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %{_sysconfdir}/sssd/sssd.conf
/sbin/ldconfig /sbin/ldconfig
%service_add_post sssd.service %service_add_post sssd.service
@ -456,7 +473,7 @@ make %{?_smp_mflags} check ||:
%postun %postun
if [ "$1" = "0" ]; then if [ "$1" = "0" ]; then
"%_sbindir/pam-config" -d --sss || : "%{_sbindir}/pam-config" -d --sss || :
fi fi
/sbin/ldconfig /sbin/ldconfig
# Clear caches, which may have an incompatible format afterwards # Clear caches, which may have an incompatible format afterwards
@ -477,243 +494,264 @@ rm -f /var/lib/sss/db/*.ldb
%files -f sssd.lang %files -f sssd.lang
%defattr(-,root,root) %defattr(-,root,root)
%doc COPYING %doc COPYING
%_unitdir %{_unitdir}
%_bindir/sss_ssh_* %_bindir/sss_ssh_*
%_sbindir/sssctl %{_sbindir}/sssctl
%_sbindir/sssd %{_sbindir}/sssd
%_sbindir/rcsssd %{_sbindir}/rcsssd
%dir %_mandir/??/ %dir %{_mandir}/??/
%dir %_mandir/??/man[158]/ %dir %{_mandir}/??/man[158]/
%_mandir/??/man1/sss_ssh_* %{_mandir}/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5* %{_mandir}/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5* %{_mandir}/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd.conf.5* #%{_mandir}/??/man5/sssd.conf.5*
%_mandir/??/man8/sssd.8* %{_mandir}/??/man8/sssd.8*
%_mandir/man1/sss_ssh_* %{_mandir}/??/man5/sss-certmap.5.gz
%_mandir/man8/sssctl.8* %{_mandir}/??/man5/sssd-ad.5.gz
%_mandir/man5/sssd-files.5* %{_mandir}/??/man5/sssd-files.5.gz
%_mandir/man5/sssd-simple.5* %{_mandir}/??/man5/sssd-secrets.5.gz
%_mandir/man5/sssd-sudo.5* %{_mandir}/??/man5/sssd.conf.5.gz
%_mandir/man5/sssd.conf.5* %{_mandir}/??/man8/idmap_sss.8.gz
%_mandir/man8/sssd.8* %{_mandir}/??/man8/sssctl.8.gz
%dir %_libdir/%name/ %{_mandir}/??/man8/sssd-kcm.8.gz
%_libdir/%name/conf/ %{_mandir}/??/man5/sssd-simple.5*
%_libdir/%name/libsss_child* %{_mandir}/man1/sss_ssh_*
%_libdir/%name/libsss_cert* %{_mandir}/man8/sssctl.8*
%_libdir/%name/libsss_crypt* %{_mandir}/man5/sssd-files.5*
%_libdir/%name/libsss_debug* %{_mandir}/man5/sssd-simple.5*
%_libdir/%name/libsss_files* %{_mandir}/man5/sssd-sudo.5*
%_libdir/%name/libsss_semanage* %{_mandir}/man5/sssd.conf.5*
%_libdir/%name/libsss_simple* %{_mandir}/man5/sss-certmap.5.gz
%_libdir/%name/libsss_util* %{_mandir}/man5/sssd-session-recording.5.gz
%dir %_libdir/%name/modules/ %{_mandir}/man8/sssd.8*
%_libdir/%name/modules/libsss_autofs.so %dir %{_libdir}/%{name}/
%_libdir/libsss_sudo.so %{_libdir}/%{name}/conf/
%dir %_libdir/ldb/ %{_libdir}/%{name}/libsss_child*
%_libdir/ldb/memberof.so %{_libdir}/%{name}/libsss_cert*
%dir %_libexecdir/%name/ %{_libdir}/%{name}/libsss_crypt*
%_libexecdir/%name/sssd_autofs %{_libdir}/%{name}/libsss_debug*
%_libexecdir/%name/sssd_be %{_libdir}/%{name}/libsss_files*
%_libexecdir/%name/sssd_nss %{_libdir}/%{name}/libsss_semanage*
%_libexecdir/%name/sssd_pam %{_libdir}/%{name}/libsss_simple*
%_libexecdir/%name/sssd_ssh %{_libdir}/%{name}/libsss_util*
%_libexecdir/%name/sssd_sudo %dir %{_libdir}/%{name}/modules/
%_libexecdir/%name/sss_signal %{_libdir}/%{name}/modules/libsss_autofs.so
%dir %sssdstatedir %{_libdir}/libsss_sudo.so
%attr(700,root,root) %dir %dbpath/ %dir %{_libdir}/ldb/
%attr(755,root,root) %dir %pipepath/ %{_libdir}/ldb/memberof.so
%attr(700,root,root) %dir %pipepath/private/ %dir %{_libexecdir}/%{name}/
%attr(755,root,root) %dir %pubconfpath/ %{_libexecdir}/%{name}/sssd_autofs
%attr(755,root,root) %dir %sssdstatedir/mc/ %{_libexecdir}/%{name}/sssd_be
%attr(700,root,root) %dir %sssdstatedir/keytabs/ %{_libexecdir}/%{name}/sssd_nss
%attr(750,root,root) %dir %_localstatedir/log/%name/ %{_libexecdir}/%{name}/sssd_pam
%dir %_sysconfdir/sssd/ %{_libexecdir}/%{name}/sssd_ssh
%config(noreplace) %_sysconfdir/sssd/sssd.conf %{_libexecdir}/%{name}/sssd_sudo
%dir %_sysconfdir/sssd/conf.d %{_libexecdir}/%{name}/sss_signal
%dir %_sysconfdir/pam.d/ %dir %{sssdstatedir}
%config(noreplace) %_sysconfdir/pam.d/sssd-shadowutils %attr(700,root,root) %dir %{dbpath}/
%dir %_datadir/%name/ %attr(755,root,root) %dir %{pipepath}/
%_datadir/%name/cfg_rules.ini %attr(700,root,root) %dir %{pipepath}/private/
%_datadir/%name/sssd.api.conf %attr(755,root,root) %dir %{pubconfpath}/
%dir %_datadir/%name/sssd.api.d/ %attr(755,root,root) %dir %{sssdstatedir}/mc/
%_datadir/%name/sssd.api.d/sssd-local.conf %attr(700,root,root) %dir %{sssdstatedir}/keytabs/
%_datadir/%name/sssd.api.d/sssd-simple.conf %attr(750,root,root) %dir %{_localstatedir}/log/%{name}/
%dir %{_sysconfdir}/sssd/
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%dir %{_sysconfdir}/sssd/conf.d
%dir %{_sysconfdir}/pam.d/
%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils
%dir %{_datadir}/%{name}/
%{_datadir}/%{name}/cfg_rules.ini
%{_datadir}/%{name}/sssd.api.conf
%dir %{_datadir}/%{name}/sssd.api.d/
%{_datadir}/%{name}/sssd.api.d/sssd-local.conf
%{_datadir}/%{name}/sssd.api.d/sssd-simple.conf
# #
# sssd-client # sssd-client
# #
/%_lib/libnss_sss.so.2 /%{_lib}/libnss_sss.so.2
/%_lib/security/pam_sss.so /%{_lib}/security/pam_sss.so
%_libdir/cifs-utils/ %{_libdir}/cifs-utils/
%_libdir/krb5/ %{_libdir}/krb5/
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so %{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so
%_mandir/??/man8/pam_sss.8* %{_mandir}/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8* %{_mandir}/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8* %{_mandir}/man8/pam_sss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8* %{_mandir}/man8/sssd_krb5_locator_plugin.8*
%files ad %files ad
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %{_libdir}/%{name}/
%_libdir/%name/libsss_ad.so %{_libdir}/%{name}/libsss_ad.so
%dir %_libexecdir/%name/ %dir %{_libexecdir}/%{name}/
%_libexecdir/%name/sssd_pac %{_libexecdir}/%{name}/sssd_pac
%_libexecdir/%name/gpo_child %{_libexecdir}/%{name}/gpo_child
%dir %_datadir/%name/ %dir %{_datadir}/%{name}/
%dir %_datadir/%name/sssd.api.d/ %dir %{_datadir}/%{name}/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf %{_datadir}/%{name}/sssd.api.d/sssd-ad.conf
%_mandir/man5/sssd-ad.5* %{_mandir}/man5/sssd-ad.5*
%dir %_mandir/??/ %dir %{_mandir}/??/
%dir %_mandir/??/man5/ %dir %{_mandir}/??/man5/
%files dbus %files dbus
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libexecdir/sssd/ %dir %{_libexecdir}/sssd/
%_libexecdir/sssd/sssd_ifp %{_libexecdir}/sssd/sssd_ifp
%dir %_libdir/sssd/ %dir %{_libdir}/sssd/
%_mandir/man5/sssd-ifp.5* %{_mandir}/man5/sssd-ifp.5*
%dir %_mandir/??/ %dir %{_mandir}/??/
%dir %_mandir/??/man5/ %dir %{_mandir}/??/man5/
%_mandir/??/man5/sssd-ifp.5* %{_mandir}/??/man5/sssd-ifp.5*
%files ipa %files ipa
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %{_libdir}/%{name}/
%_libdir/%name/libsss_ipa* %{_libdir}/%{name}/libsss_ipa*
%dir %_datadir/%name/ %dir %{_datadir}/%{name}/
%dir %_datadir/%name/sssd.api.d %dir %{_datadir}/%{name}/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf %{_datadir}/%{name}/sssd.api.d/sssd-ipa.conf
%_mandir/man5/sssd-ipa.5* %{_mandir}/man5/sssd-ipa.5*
%dir %_mandir/??/ %dir %{_mandir}/??/
%dir %_mandir/??/man5/ %dir %{_mandir}/??/man5/
%_mandir/??/man5/sssd-ipa.5* %{_mandir}/??/man5/sssd-ipa.5*
%files krb5 %files krb5
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %{_libdir}/%{name}/
%_libdir/%name/libsss_krb5.so %{_libdir}/%{name}/libsss_krb5.so
%dir %_datadir/%name/ %dir %{_datadir}/%{name}/
%dir %_datadir/%name/sssd.api.d/ %dir %{_datadir}/%{name}/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf %{_datadir}/%{name}/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/ %dir %{_mandir}/??/
%dir %_mandir/??/man5/ %dir %{_mandir}/??/man5/
%_mandir/man5/sssd-krb5.5* %{_mandir}/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5* %{_mandir}/??/man5/sssd-krb5.5*
%files krb5-common %files krb5-common
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %{_libdir}/%{name}/
%_libdir/%name/libsss_krb5_common.so %{_libdir}/%{name}/libsss_krb5_common.so
%dir %_libexecdir/%name/ %dir %{_libexecdir}/%{name}/
%_libexecdir/%name/krb5_child %{_libexecdir}/%{name}/krb5_child
%_libexecdir/%name/ldap_child %{_libexecdir}/%{name}/ldap_child
%files ldap %files ldap
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %{_libdir}/%{name}/
%_libdir/%name/libsss_ldap* %{_libdir}/%{name}/libsss_ldap*
%dir %_datadir/%name/ %dir %{_datadir}/%{name}/
%dir %_datadir/%name/sssd.api.d/ %dir %{_datadir}/%{name}/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf %{_datadir}/%{name}/sssd.api.d/sssd-ldap.conf
%_mandir/man5/sssd-ldap.5* %{_mandir}/man5/sssd-ldap.5*
%dir %_mandir/??/ %dir %{_mandir}/??/
%dir %_mandir/??/man5/ %dir %{_mandir}/??/man5/
%_mandir/??/man5/sssd-ldap.5* %{_mandir}/??/man5/sssd-ldap.5*
%files proxy %files proxy
%defattr(-,root,root) %defattr(-,root,root)
%dir %_libdir/%name/ %dir %{_libdir}/%{name}/
%_libdir/%name/libsss_proxy.so %{_libdir}/%{name}/libsss_proxy.so
%dir %_libexecdir/%name/ %dir %{_libexecdir}/%{name}/
%_libexecdir/%name/proxy_child %{_libexecdir}/%{name}/proxy_child
%dir %_datadir/%name/ %dir %{_datadir}/%{name}/
%dir %_datadir/%name/sssd.api.d/ %dir %{_datadir}/%{name}/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-proxy.conf %{_datadir}/%{name}/sssd.api.d/sssd-proxy.conf
%files tools %files tools
%defattr(-,root,root) %defattr(-,root,root)
%_sbindir/sss_cache %{_sbindir}/sss_cache
%_sbindir/sss_debuglevel %{_sbindir}/sss_debuglevel
%_sbindir/sss_groupadd %{_sbindir}/sss_groupadd
%_sbindir/sss_groupdel %{_sbindir}/sss_groupdel
%_sbindir/sss_groupmod %{_sbindir}/sss_groupmod
%_sbindir/sss_groupshow %{_sbindir}/sss_groupshow
%_sbindir/sss_seed %{_sbindir}/sss_seed
%_sbindir/sss_obfuscate %{_sbindir}/sss_obfuscate
%_sbindir/sss_override %{_sbindir}/sss_override
%_sbindir/sss_useradd %{_sbindir}/sss_useradd
%_sbindir/sss_userdel %{_sbindir}/sss_userdel
%_sbindir/sss_usermod %{_sbindir}/sss_usermod
%_sbindir/sss_override %dir %{_mandir}/??/man8/
%dir %_mandir/??/man8/ %{_mandir}/??/man8/sss_*.8*
%_mandir/??/man8/sss_*.8* %{_mandir}/man8/sss_*.8*
%_mandir/man8/sss_*.8*
%files wbclient %files wbclient
%defattr(-,root,root) %defattr(-,root,root)
%config %_sysconfdir/ld.so.conf.d/sssd-wbclient.conf %config %{_sysconfdir}/ld.so.conf.d/sssd-wbclient.conf
%dir %_libdir/sssd/ %dir %{_libdir}/sssd/
%dir %_libdir/sssd/modules/ %dir %{_libdir}/sssd/modules/
%_libdir/sssd/modules/libwbclient.so.* %{_libdir}/sssd/modules/libwbclient.so.*
%files wbclient-devel %files wbclient-devel
%defattr(-,root,root) %defattr(-,root,root)
%_includedir/wbclient_sssd.h %{_includedir}/wbclient_sssd.h
%dir %_libdir/sssd/ %dir %{_libdir}/sssd/
%dir %_libdir/sssd/modules/ %dir %{_libdir}/sssd/modules/
%_libdir/sssd/modules/libwbclient.so %{_libdir}/sssd/modules/libwbclient.so
%_libdir/pkgconfig/wbclient_sssd.pc %{_libdir}/pkgconfig/wbclient_sssd.pc
%files winbind-idmap %files winbind-idmap
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/samba/ %{_libdir}/samba/
%_mandir/man8/idmap_sss.8* %{_mandir}/man8/idmap_sss.8*
%files -n libipa_hbac0 %files -n libipa_hbac0
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libipa_hbac.so.0* %{_libdir}/libipa_hbac.so.0*
%files -n libipa_hbac-devel %files -n libipa_hbac-devel
%defattr(-,root,root) %defattr(-,root,root)
%_includedir/ipa_hbac.h %{_includedir}/ipa_hbac.h
%_libdir/libipa_hbac.so %{_libdir}/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc %{_libdir}/pkgconfig/ipa_hbac.pc
%files -n libsss_certmap0
%defattr(-,root,root)
%{_libdir}/libsss_certmap.so
%{_libdir}/libsss_certmap.so.0*
%files -n libsss_certmap-devel
%defattr(-,root,root)
%{_includedir}/sss_certmap.h
%{_libdir}/libsss_certmap.so
%{_libdir}/pkgconfig/sss_certmap.pc
%files -n libnfsidmap-sss %files -n libnfsidmap-sss
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libnfsidmap/ %{_libdir}/libnfsidmap/
%_mandir/man5/sss_rpcidmapd.5* %{_mandir}/man5/sss_rpcidmapd.5*
%dir %_mandir/??/man5/ %dir %{_mandir}/??/man5/
%_mandir/??/man5/sss_rpcidmapd.5* %{_mandir}/??/man5/sss_rpcidmapd.5*
%files -n libsss_idmap0 %files -n libsss_idmap0
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libsss_idmap.so.0* %{_libdir}/libsss_idmap.so.0*
%files -n libsss_idmap-devel %files -n libsss_idmap-devel
%defattr(-,root,root) %defattr(-,root,root)
%_includedir/sss_idmap.h %{_includedir}/sss_idmap.h
%_libdir/libsss_idmap.so %{_libdir}/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc %{_libdir}/pkgconfig/sss_idmap.pc
%files -n libsss_nss_idmap0 %files -n libsss_nss_idmap0
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libsss_nss_idmap.so.0* %{_libdir}/libsss_nss_idmap.so.0*
%files -n libsss_nss_idmap-devel %files -n libsss_nss_idmap-devel
%defattr(-,root,root) %defattr(-,root,root)
%_includedir/sss_nss_idmap.h %{_includedir}/sss_nss_idmap.h
%_libdir/libsss_nss_idmap.so %{_libdir}/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc %{_libdir}/pkgconfig/sss_nss_idmap.pc
%files -n libsss_simpleifp0 %files -n libsss_simpleifp0
%defattr(-,root,root) %defattr(-,root,root)
%_libdir/libsss_simpleifp.so.0* %{_libdir}/libsss_simpleifp.so.0*
%files -n libsss_simpleifp-devel %files -n libsss_simpleifp-devel
%defattr(-,root,root) %defattr(-,root,root)
%_includedir/sss_sifp*.h %{_includedir}/sss_sifp*.h
%_libdir/libsss_simpleifp.so %{_libdir}/libsss_simpleifp.so
%_libdir/pkgconfig/sss_simpleifp.pc %{_libdir}/pkgconfig/sss_simpleifp.pc
%files -n python-ipa_hbac %files -n python-ipa_hbac
%defattr(-,root,root) %defattr(-,root,root)