SHA256
1
0
forked from jengelh/sssd

Accepting request 108828 from home:jengelh:branches:network:ldap

- Update to new upstream release 1.8.0
* Support for the service map in NSS
* Support for setting default SELinux user context from FreeIPA
* Support for retrieving SSH user and host keys from LDAP
* Support for caching autofs LDAP requests
* Support for caching SUDO rules
* Include the IPA AutoFS provider
* Fixed several memory-corruption bugs
* Fixed a regression in the proxy provider

OBS-URL: https://build.opensuse.org/request/show/108828
OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=62
This commit is contained in:
Ralf Haferkamp 2012-03-15 12:56:41 +00:00 committed by Git OBS Bridge
parent 7f6a4a0e70
commit d193a7e341
8 changed files with 214 additions and 175 deletions

View File

@ -1,53 +0,0 @@
From 151681511c4519463c2fe10c656db29a12c01821 Mon Sep 17 00:00:00 2001
From: Simo Sorce <ssorce@redhat.com>
Date: Thu, 28 Jul 2011 15:15:26 -0400
Subject: sss_client: avoid leaking file descriptors
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
diff --git a/configure.ac b/configure.ac
index 84b83eb..c0b7f8f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -170,6 +170,18 @@ AC_CHECK_HEADERS([sys/inotify.h])
AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
+AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))],
+ sss_client_cv_attribute_destructor,
+ [AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([__attribute__((destructor)) static void cleanup(void) { }])],
+ sss_client_cv_attribute_destructor=yes)
+ ])
+
+if test x"$sss_client_cv_attribute_destructor" = xyes ; then
+ AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
+ [whether compiler supports __attribute__((destructor))])
+fi
+
PKG_CHECK_MODULES([CHECK], [check >= 0.9.5], [have_check=1], [have_check=])
if test x$have_check = x; then
AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite])
diff --git a/src/sss_client/common.c b/src/sss_client/common.c
index c17629a..5f6af41 100644
--- a/src/sss_client/common.c
+++ b/src/sss_client/common.c
@@ -55,6 +55,9 @@
int sss_cli_sd = -1; /* the sss client socket descriptor */
struct stat sss_cli_sb; /* the sss client stat buffer */
+#if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
+__attribute__((destructor))
+#endif
static void sss_cli_close_socket(void)
{
if (sss_cli_sd != -1) {
--
1.7.3.4

View File

@ -1,42 +0,0 @@
From 587b013d0b6f8a9411617b5faac2750d2e4b7a5d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 1 Aug 2011 15:22:53 +0200
Subject: Request password control unconditionally during bind
https://fedorahosted.org/sssd/ticket/940
diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
index cab3657..9d543ec 100644
--- a/src/providers/ldap/sdap_async_connection.c
+++ b/src/providers/ldap/sdap_async_connection.c
@@ -437,10 +437,10 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
state->user_dn = user_dn;
state->pw = pw;
- ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
- 0, NULL, 0, &ctrls[0]);
+ ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ 0, NULL, 0, &ctrls[0]);
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
- DEBUG(1, ("sdap_control_create failed to create "
+ DEBUG(1, ("sss_ldap_control_create failed to create "
"Password Policy control.\n"));
goto fail;
}
@@ -1634,10 +1634,10 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
sasl_mech = dp_opt_get_string(p->opts->basic, SDAP_SASL_MECH);
if (sasl_mech == NULL) {
- ret = sdap_control_create(p->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
- 0, NULL, 0, &ctrls[0]);
+ ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
+ 0, NULL, 0, &ctrls[0]);
if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
- DEBUG(1, ("sdap_control_create failed to create "
+ DEBUG(1, ("sss_ldap_control_create failed to create "
"Password Policy control.\n"));
goto done;
}
--
1.7.3.4

View File

@ -0,0 +1,40 @@
From: Jan Engelhardt <jengelh@medozas.de>
Date: 2012-03-11 21:45:34.708782973 +0100
build: restore libcrypto support in the autotools files.
References: https://bugzilla.redhat.com/show_bug.cgi?id=802169
---
configure.ac | 1 +
src/external/crypto.m4 | 4 ++--
2 files changed, 3 insertions(+), 2 deletions(-)
Index: sssd-1.8.0/configure.ac
===================================================================
--- sssd-1.8.0.orig/configure.ac
+++ sssd-1.8.0/configure.ac
@@ -210,6 +210,7 @@ if test x$HAVE_SYSTEMD_UNIT != x; then
fi
AM_CHECK_NSS
+AM_CHECK_LIBCRYPTO
AM_CONDITIONAL([HAVE_NSS], [test x"$NSS_CFLAGS" != x])
AC_CHECK_HEADERS([sys/inotify.h])
Index: sssd-1.8.0/src/external/crypto.m4
===================================================================
--- sssd-1.8.0.orig/src/external/crypto.m4
+++ sssd-1.8.0/src/external/crypto.m4
@@ -1,9 +1,9 @@
AC_DEFUN([AM_CHECK_NSS],
- [PKG_CHECK_MODULES([NSS],[nss])
+ [PKG_CHECK_MODULES([NSS],[nss],[:],[:])
AC_DEFINE_UNQUOTED(HAVE_NSS, 1, [Build with NSS crypto back end])
])
AC_DEFUN([AM_CHECK_LIBCRYPTO],
- [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
+ [PKG_CHECK_MODULES([CRYPTO],[libcrypto],[:],[:])
AC_DEFINE_UNQUOTED(HAVE_LIBCRYPTO, 1, [Build with libcrypt crypto back end])
])

28
0005-implicit-decl.diff Normal file
View File

@ -0,0 +1,28 @@
From: Jan Engelhardt <jengelh@medozas.de>
Date: 2012-03-11 23:31:50.889566758 +0100
build: resolve compiler warnings about implicitly-defined functions
crypto_sha512crypt.c: In function 'sha512_crypt_r':
crypto_sha512crypt.c:200:9: warning: implicit declaration of
function 'mempcpy' [-Wimplicit-function-declaration]
crypto_sha512crypt.c:200:14: warning: incompatible implicit
declaration of built-in function 'mempcpy' [enabled by default]
crypto_sha512crypt.c:221:14: warning: incompatible implicit
declaration of built-in function 'mempcpy' [enabled by default]
---
src/util/crypto/libcrypto/crypto_sha512crypt.c | 1 +
1 file changed, 1 insertion(+)
Index: sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c
===================================================================
--- sssd-1.8.0.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -10,6 +10,7 @@
/* SHA512-based Unix crypt implementation.
Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. */
+#define _GNU_SOURCE 1 /* mempcpy */
#include <endian.h>
#include <errno.h>
#include <limits.h>

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:08291561197651ebe3ebee9ca993ebdcebdfe4fb10a0bab3f72ea75f21363e34
size 1353669

3
sssd-1.8.0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:09f5e6d9f4ab7f7ad8d2cbe818f22de416963d62b995d030ecfdd34c55e56059
size 1733496

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de
- Update to new upstream release 1.8.0
* Support for the service map in NSS
* Support for setting default SELinux user context from FreeIPA
* Support for retrieving SSH user and host keys from LDAP
* Support for caching autofs LDAP requests
* Support for caching SUDO rules
* Include the IPA AutoFS provider
* Fixed several memory-corruption bugs
* Fixed a regression in the proxy provider
-------------------------------------------------------------------
Wed Oct 19 13:56:57 UTC 2011 - rhafer@suse.de

207
sssd.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package sssd
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -14,23 +14,20 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: sssd
Version: 1.5.11
Release: 2
Group: System/Daemons
Version: 1.8.0
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0+ and LGPL-3.0+
Group: System/Daemons
Url: https://fedorahosted.org/sssd/
Source0: %{name}-%{version}.tar.bz2
Source1: baselibs.conf
Patch1: 0001-sss_client-avoid-leaking-file-descriptors.patch
Patch2: 0002-Request-password-control-unconditionally-during-bind.patch
Patch3: 0003-Allow-LDAP-to-decide-when-an-expiration-warning-is-w.patch
Patch4: 0004-avoid-hard-crypto-dep.diff
Patch5: 0005-implicit-decl.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %suse_version > 1140
%if %suse_version >= 1210
%{?systemd_requires}
%endif
@ -47,38 +44,53 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build
%endif
### Build Dependencies ###
%if 0%{?suse_version} >= 1210
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1)
BuildRequires: pkgconfig(dhash) >= 0.4.2
BuildRequires: pkgconfig(ini_config) >= 0.6.1
BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libcrypto)
BuildRequires: pkgconfig(libnl-1) >= 1.1
BuildRequires: pkgconfig(libpcre) >= 7
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
%else
BuildRequires: dbus-1-devel
BuildRequires: libcares-devel
BuildRequires: libcollection-devel >= 0.5.1
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libini_config-devel >= 0.6.1
BuildRequires: libldb-devel >= 0.9.2
BuildRequires: libnl-devel >= 1.1
BuildRequires: libopenssl-devel
BuildRequires: libtalloc-devel
BuildRequires: libtdb-devel >= 1.1.3
BuildRequires: libtevent-devel
BuildRequires: pcre-devel >= 7
BuildRequires: popt-devel
BuildRequires: python-devel
%endif
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel
BuildRequires: libtool
BuildRequires: m4
BuildRequires: popt-devel
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtdb-devel
BuildRequires: libldb-devel
BuildRequires: libxslt
BuildRequires: libunistring-devel
# wants: xmllint, xsltproc
BuildRequires: libxml2
BuildRequires: libcares-devel
BuildRequires: dbus-1-devel
BuildRequires: libxslt
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
BuildRequires: pcre-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel
BuildRequires: python-devel
BuildRequires: bind-utils
BuildRequires: nscd
BuildRequires: libpath_utils-devel
BuildRequires: libdhash-devel
BuildRequires: libini_config-devel
BuildRequires: libcollection-devel
BuildRequires: libref_array-devel
%if %suse_version > 1140
%if %suse_version >= 1210
BuildRequires: systemd
BuildRequires: libnl-1_1-devel
%else
BuildRequires: libnl-devel
%endif
%description
@ -89,8 +101,8 @@ account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package ipa-provider
License: GPL-3.0+ and LGPL-3.0+
Summary: FreeIPA provider plugin for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Daemons
Requires: sssd = %{version}
@ -99,8 +111,8 @@ This package provide the FreeIPA provider plugin for the System Security
Services Daemon (sssd).
%package tools
License: GPL-3.0+ and LGPL-3.0+
Summary: Commandline tools for sssd
License: GPL-3.0+ and LGPL-3.0+
Group: System/Management
Requires: sssd = %{version}
@ -108,9 +120,38 @@ Requires: sssd = %{version}
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).
%package -n python-sssd-config
%package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: System/Libraries
%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libipa_hbac-devel
Summary: Development files for the FreeIPA HBAC Evaluator library
License: LGPL-3.0+
Group: Development/Libraries/C and C++
Requires: libipa_hbac0 = %version
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n python-ipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
License: GPL-3.0+ and LGPL-3.0+
Group: Development/Libraries/Python
%py_requires
%description -n python-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.
%package -n python-sssd-config
Summary: Python API for configuring sssd
License: GPL-3.0+ and LGPL-3.0+
Group: Development/Libraries/Python
%{py_requires}
@ -120,15 +161,21 @@ Security Services Daemon (sssd).
%prep
%setup -q
%patch -P 1 -P 2 -P 3 -p1
%patch -P 3 -P 4 -P 5 -p1
%build
autoreconf
%if 0%{?suse_version} < 1210
# pkgconfig file not present
export LDB_LIBS="-lldb"
export LDB_CFLAGS="-I/usr/include"
export LDB_CFLAGS=" "
export LDB_DIR="%_libdir/ldb"
%else
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
%endif
# help configure find nscd
export PATH=$PATH:/usr/sbin/
export PATH="$PATH:/usr/sbin"
%configure \
--with-db-path=%{dbpath} \
@ -137,8 +184,7 @@ export PATH=$PATH:/usr/sbin/
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib} \
--enable-pammoddir=/%{_lib}/security \
--enable-crypto=yes \
--with-ldb-lib-dir=%{_libdir}/ldb \
--with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \
--with-os=suse \
--with-semanage=no
@ -149,9 +195,9 @@ make install DESTDIR=$RPM_BUILD_ROOT
# Copy default sssd.conf file
install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
install -m600 src/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
install -m600 src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
install src/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd
%if %suse_version > 1140
%if %suse_version >= 1210
install -d $RPM_BUILD_ROOT/%{_unitdir}
install src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/sssd.service
%endif
@ -173,10 +219,7 @@ rm -rf \
%find_lang %{name} --all-name
%clean
rm -rf $RPM_BUILD_ROOT
%if %suse_version > 1140
%if %suse_version >= 1210
%pre
%service_add_pre sssd.service
@ -184,13 +227,13 @@ rm -rf $RPM_BUILD_ROOT
%post
/sbin/ldconfig
%if %suse_version > 1140
%if %suse_version >= 1210
%service_add_post sssd.service
%endif
%preun
%stop_on_removal sssd
%if %suse_version > 1140
%if %suse_version >= 1210
%service_del_preun sssd.service
%endif
@ -198,15 +241,19 @@ rm -rf $RPM_BUILD_ROOT
/sbin/ldconfig
%restart_on_update sssd
%insserv_cleanup
%if %suse_version > 1140
%if %suse_version >= 1210
%service_del_postun sssd.service
%endif
%post -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%files -f sssd.lang
%defattr(-,root,root,-)
%doc COPYING
%{_initrddir}/%{name}
%if %suse_version > 1140
%if %suse_version >= 1210
%{_unitdir}/sssd.service
%endif
%{_sbindir}/sssd
@ -229,35 +276,23 @@ rm -rf $RPM_BUILD_ROOT
%attr(750,root,root) %dir %{_var}/log/%{name}
%dir %{_sysconfdir}/sssd
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%config %{_sysconfdir}/sssd/sssd.api.conf
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-krb5.conf
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ldap.conf
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-local.conf
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-proxy.conf
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-simple.conf
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
%{_mandir}/man5/sssd-krb5.*
%{_mandir}/man5/sssd-ldap.*
%{_mandir}/man5/sssd-simple.*
%{_mandir}/man5/sssd.conf.*
%_datadir/sssd
%exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf
%files tools
%defattr(-,root,root,-)
%dir %{_mandir}/cs
%dir %{_mandir}/cs/man8
%dir %{_mandir}/uk
%dir %{_mandir}/uk/man8
%dir %{_mandir}/es
%dir %{_mandir}/es/man8
%dir %{_mandir}/nl
%dir %{_mandir}/nl/man8
%{_mandir}/man8/*
%{_mandir}/cs/man8/*
%{_mandir}/uk/man8/*
%{_mandir}/es/man8/*
%{_mandir}/nl/man8/*
%_mandir/man8/*
%dir %_mandir/??
%dir %_mandir/??/man*
%_mandir/??/man8/*
%{_sbindir}/sss_cache
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
%{_sbindir}/sss_usermod
@ -269,14 +304,32 @@ rm -rf $RPM_BUILD_ROOT
%files ipa-provider
%defattr(-,root,root,-)
%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ipa.conf
%dir %_datadir/sssd
%dir %_datadir/sssd/sssd.api.d
%_datadir/sssd/sssd.api.d/sssd-ipa.conf
%{_libdir}/sssd/libsss_ipa*
%{_mandir}/man5/sssd-ipa.*
%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*
%files -n libipa_hbac-devel
%defattr(-,root,root)
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc
%files -n python-ipa_hbac
%defattr(-,root,root)
%python_sitearch/pyhbac.so
%files -n python-sssd-config
%defattr(-,root,root,-)
%{python_sitearch}/pysss.so
%{python_sitelib}/*.py*
%{python_sitelib}/*.egg-info
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitelib/SSSDConfig*.py*
%python_sitelib/SSSDConfig*.egg-info
%python_sitelib/ipachangeconf.py*
%python_sitelib/sssd_upgrade_config.py*
%changelog