Accepting request 109517 from network:ldap

- Update to new upstream release 1.8.0 * Support for the service map in NSS * Support for setting default SELinux user context from FreeIPA * Support for retrieving SSH user and host keys from LDAP * Support for caching autofs LDAP requests * Support for caching SUDO rules * Include the IPA AutoFS provider * Fixed several memory-corruption bugs * Fixed a regression in the proxy provider (forwarded request 108828 from rhafer) OBS-URL: https://build.opensuse.org/request/show/109517 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/sssd?expand=0&rev=34
2012-03-20 10:35:54 +00:00 · 2012-03-20 10:35:54 +00:00 · e23ec169d9
commit e23ec169d9
parent 1a7586ec6b d193a7e341
8 changed files with 214 additions and 175 deletions
--- a/0001-sss_client-avoid-leaking-file-descriptors.patch
+++ b/0001-sss_client-avoid-leaking-file-descriptors.patch
@ -1,53 +0,0 @@
 From 151681511c4519463c2fe10c656db29a12c01821 Mon Sep 17 00:00:00 2001
 From: Simo Sorce <ssorce@redhat.com>
 Date: Thu, 28 Jul 2011 15:15:26 -0400
 Subject: sss_client: avoid leaking file descriptors
 If a pam or nss module is dlcolse()d and unloaded we were leaking
 the file descriptor used to communicate to sssd in the process.
 Make sure the fucntion used to close the socket file descriptor is
 called on dlclose()
 Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
 diff --git a/configure.ac b/configure.ac
 index 84b83eb..c0b7f8f 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -170,6 +170,18 @@ AC_CHECK_HEADERS([sys/inotify.h])
 AC_CHECK_HEADERS([sasl/sasl.h],,AC_MSG_ERROR([Could not find SASL headers]))
 +AC_CACHE_CHECK([whether compiler supports __attribute__((destructor))],
 +               sss_client_cv_attribute_destructor,
 +               [AC_COMPILE_IFELSE(
 +                    [AC_LANG_SOURCE([__attribute__((destructor)) static void cleanup(void) { }])],
 +                    sss_client_cv_attribute_destructor=yes)
 +               ])
 +
 +if test x"$sss_client_cv_attribute_destructor" = xyes ; then
 +   AC_DEFINE(HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR, 1,
 +             [whether compiler supports __attribute__((destructor))])
 +fi
 +
 PKG_CHECK_MODULES([CHECK], [check >= 0.9.5], [have_check=1], [have_check=])
 if test x$have_check = x; then
     AC_MSG_WARN([Without the 'CHECK' libraries, you will be unable to run all tests in the 'make check' suite])
 diff --git a/src/sss_client/common.c b/src/sss_client/common.c
 index c17629a..5f6af41 100644
 --- a/src/sss_client/common.c
 +++ b/src/sss_client/common.c
@@ -55,6 +55,9 @@
 int sss_cli_sd = -1; /* the sss client socket descriptor */
 struct stat sss_cli_sb; /* the sss client stat buffer */
 +#if HAVE_FUNCTION_ATTRIBUTE_DESTRUCTOR
 +__attribute__((destructor))
 +#endif
 static void sss_cli_close_socket(void)
 {
     if (sss_cli_sd != -1) {
 -- 
 1.7.3.4
--- a/0002-Request-password-control-unconditionally-during-bind.patch
+++ b/0002-Request-password-control-unconditionally-during-bind.patch
@ -1,42 +0,0 @@
 From 587b013d0b6f8a9411617b5faac2750d2e4b7a5d Mon Sep 17 00:00:00 2001
 From: Jakub Hrozek <jhrozek@redhat.com>
 Date: Mon, 1 Aug 2011 15:22:53 +0200
 Subject: Request password control unconditionally during bind
 https://fedorahosted.org/sssd/ticket/940
 diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
 index cab3657..9d543ec 100644
 --- a/src/providers/ldap/sdap_async_connection.c
 +++ b/src/providers/ldap/sdap_async_connection.c
@@ -437,10 +437,10 @@ static struct tevent_req *simple_bind_send(TALLOC_CTX *memctx,
     state->user_dn = user_dn;
     state->pw = pw;
 -    ret = sdap_control_create(state->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
 -                              0, NULL, 0, &ctrls[0]);
 +    ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
 +                                  0, NULL, 0, &ctrls[0]);
     if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
 -        DEBUG(1, ("sdap_control_create failed to create "
 +        DEBUG(1, ("sss_ldap_control_create failed to create "
                   "Password Policy control.\n"));
         goto fail;
     }
@@ -1634,10 +1634,10 @@ static int sdap_rebind_proc(LDAP *ldap, LDAP_CONST char *url, ber_tag_t request,
     sasl_mech = dp_opt_get_string(p->opts->basic, SDAP_SASL_MECH);
     if (sasl_mech == NULL) {
 -        ret = sdap_control_create(p->sh, LDAP_CONTROL_PASSWORDPOLICYREQUEST,
 -                                  0, NULL, 0, &ctrls[0]);
 +        ret = sss_ldap_control_create(LDAP_CONTROL_PASSWORDPOLICYREQUEST,
 +                                      0, NULL, 0, &ctrls[0]);
         if (ret != LDAP_SUCCESS && ret != LDAP_NOT_SUPPORTED) {
 -            DEBUG(1, ("sdap_control_create failed to create "
 +            DEBUG(1, ("sss_ldap_control_create failed to create "
                       "Password Policy control.\n"));
             goto done;
         }
 -- 
 1.7.3.4
--- a/0004-avoid-hard-crypto-dep.diff
+++ b/0004-avoid-hard-crypto-dep.diff
@ -0,0 +1,40 @@
 From: Jan Engelhardt <jengelh@medozas.de>
 Date: 2012-03-11 21:45:34.708782973 +0100
 build: restore libcrypto support in the autotools files.
 References: https://bugzilla.redhat.com/show_bug.cgi?id=802169
 ---
 configure.ac           |    1 +
 src/external/crypto.m4 |    4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)
 Index: sssd-1.8.0/configure.ac
 ===================================================================
 --- sssd-1.8.0.orig/configure.ac
 +++ sssd-1.8.0/configure.ac
@@ -210,6 +210,7 @@ if test x$HAVE_SYSTEMD_UNIT != x; then
 fi
 AM_CHECK_NSS
 +AM_CHECK_LIBCRYPTO
 AM_CONDITIONAL([HAVE_NSS], [test x"$NSS_CFLAGS" != x])
 AC_CHECK_HEADERS([sys/inotify.h])
 Index: sssd-1.8.0/src/external/crypto.m4
 ===================================================================
 --- sssd-1.8.0.orig/src/external/crypto.m4
 +++ sssd-1.8.0/src/external/crypto.m4
@@ -1,9 +1,9 @@
 AC_DEFUN([AM_CHECK_NSS],
 -         [PKG_CHECK_MODULES([NSS],[nss])
 +         [PKG_CHECK_MODULES([NSS],[nss],[:],[:])
           AC_DEFINE_UNQUOTED(HAVE_NSS, 1, [Build with NSS crypto back end])
 ])
 AC_DEFUN([AM_CHECK_LIBCRYPTO],
 -         [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
 +         [PKG_CHECK_MODULES([CRYPTO],[libcrypto],[:],[:])
           AC_DEFINE_UNQUOTED(HAVE_LIBCRYPTO, 1, [Build with libcrypt crypto back end])
 ])
--- a/0005-implicit-decl.diff
+++ b/0005-implicit-decl.diff
@ -0,0 +1,28 @@
 From: Jan Engelhardt <jengelh@medozas.de>
 Date: 2012-03-11 23:31:50.889566758 +0100
 build: resolve compiler warnings about implicitly-defined functions
 crypto_sha512crypt.c: In function 'sha512_crypt_r':
 crypto_sha512crypt.c:200:9: warning: implicit declaration of
 	function 'mempcpy' [-Wimplicit-function-declaration]
 crypto_sha512crypt.c:200:14: warning: incompatible implicit
 	declaration of built-in function 'mempcpy' [enabled by default]
 crypto_sha512crypt.c:221:14: warning: incompatible implicit
 	declaration of built-in function 'mempcpy' [enabled by default]
 ---
 src/util/crypto/libcrypto/crypto_sha512crypt.c |    1 +
 1 file changed, 1 insertion(+)
 Index: sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c
 ===================================================================
 --- sssd-1.8.0.orig/src/util/crypto/libcrypto/crypto_sha512crypt.c
 +++ sssd-1.8.0/src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -10,6 +10,7 @@
 /* SHA512-based Unix crypt implementation.
    Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.  */
 +#define _GNU_SOURCE 1 /* mempcpy */
 #include <endian.h>
 #include <errno.h>
 #include <limits.h>
--- a/sssd-1.5.11.tar.bz2
+++ b/sssd-1.5.11.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:08291561197651ebe3ebee9ca993ebdcebdfe4fb10a0bab3f72ea75f21363e34
 size 1353669
--- a/sssd-1.8.0.tar.bz2
+++ b/sssd-1.8.0.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:09f5e6d9f4ab7f7ad8d2cbe818f22de416963d62b995d030ecfdd34c55e56059
 size 1733496
--- a/sssd.changes
+++ b/sssd.changes
@ -1,3 +1,16 @@
 -------------------------------------------------------------------
 Sun Mar 11 18:36:44 UTC 2012 - jengelh@medozas.de
 - Update to new upstream release 1.8.0
 * Support for the service map in NSS
 * Support for setting default SELinux user context from FreeIPA
 * Support for retrieving SSH user and host keys from LDAP
 * Support for caching autofs LDAP requests
 * Support for caching SUDO rules
 * Include the IPA AutoFS provider
 * Fixed several memory-corruption bugs
 * Fixed a regression in the proxy provider
 -------------------------------------------------------------------
 Wed Oct 19 13:56:57 UTC 2011 - rhafer@suse.de
--- a/sssd.spec
+++ b/sssd.spec
@ -1,7 +1,7 @@
 #
 # spec file for package sssd
 #
-# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -14,23 +14,20 @@
 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
 Name:           sssd
-Version:        1.5.11
+Version:        1.8.0
-Release:        2
+Release:        0
 Group:          System/Daemons
 Summary:        System Security Services Daemon
 License:        GPL-3.0+ and LGPL-3.0+
 Group:          System/Daemons
 Url:            https://fedorahosted.org/sssd/
 Source0:        %{name}-%{version}.tar.bz2
 Source1:        baselibs.conf
 Patch1:         0001-sss_client-avoid-leaking-file-descriptors.patch
 Patch2:         0002-Request-password-control-unconditionally-during-bind.patch
 Patch3:         0003-Allow-LDAP-to-decide-when-an-expiration-warning-is-w.patch
 Patch4:         0004-avoid-hard-crypto-dep.diff
 Patch5:         0005-implicit-decl.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-%if %suse_version > 1140
+%if %suse_version >= 1210
 %{?systemd_requires}
 %endif
@ -47,38 +44,53 @@ BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %endif
 ### Build Dependencies ###
 %if 0%{?suse_version} >= 1210
 BuildRequires:  pkgconfig(collection) >= 0.5.1
 BuildRequires:  pkgconfig(dbus-1)
 BuildRequires:  pkgconfig(dhash) >= 0.4.2
 BuildRequires:  pkgconfig(ini_config) >= 0.6.1
 BuildRequires:  pkgconfig(ldb) >= 0.9.2
 BuildRequires:  pkgconfig(libcares)
 BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:  pkgconfig(libnl-1) >= 1.1
 BuildRequires:  pkgconfig(libpcre) >= 7
 BuildRequires:  pkgconfig(popt)
 BuildRequires:  pkgconfig(python)
 BuildRequires:  pkgconfig(talloc)
 BuildRequires:  pkgconfig(tdb) >= 1.1.3
 BuildRequires:  pkgconfig(tevent)
 %else
 BuildRequires:  dbus-1-devel
 BuildRequires:  libcares-devel
 BuildRequires:  libcollection-devel >= 0.5.1
 BuildRequires:  libdhash-devel >= 0.4.2
 BuildRequires:  libini_config-devel >= 0.6.1
 BuildRequires:  libldb-devel >= 0.9.2
 BuildRequires:  libnl-devel >= 1.1
 BuildRequires:  libopenssl-devel
 BuildRequires:  libtalloc-devel
 BuildRequires:  libtdb-devel >= 1.1.3
 BuildRequires:  libtevent-devel
 BuildRequires:  pcre-devel >= 7
 BuildRequires:  popt-devel
 BuildRequires:  python-devel
 %endif
 BuildRequires:  autoconf
 BuildRequires:  automake
 BuildRequires:  bind-utils
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  krb5-devel
 BuildRequires:  libtool
-BuildRequires:  m4
+BuildRequires:  libunistring-devel
-BuildRequires:  popt-devel
+# wants: xmllint, xsltproc
 BuildRequires:  libtalloc-devel
 BuildRequires:  libtevent-devel
 BuildRequires:  libtdb-devel
 BuildRequires:  libldb-devel
 BuildRequires:  libxslt
 BuildRequires:  libxml2
-BuildRequires:  libcares-devel
+BuildRequires:  libxslt
-BuildRequires:  dbus-1-devel
+BuildRequires:  nscd
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
 BuildRequires:  pkg-config
-BuildRequires:  pcre-devel
+%if %suse_version >= 1210
 BuildRequires:  docbook-xsl-stylesheets
 BuildRequires:  krb5-devel
 BuildRequires:  python-devel
 BuildRequires:  bind-utils
 BuildRequires:  nscd
 BuildRequires:  libpath_utils-devel
 BuildRequires:  libdhash-devel
 BuildRequires:  libini_config-devel
 BuildRequires:  libcollection-devel
 BuildRequires:  libref_array-devel
 %if %suse_version > 1140
 BuildRequires:  systemd
 BuildRequires:  libnl-1_1-devel
 %else
 BuildRequires:  libnl-devel
 %endif
 %description
@ -89,8 +101,8 @@ account sources. It is also the basis to provide client auditing and policy
 services for projects like FreeIPA.
 %package ipa-provider
 License:        GPL-3.0+ and LGPL-3.0+
 Summary:        FreeIPA provider plugin for sssd
 License:        GPL-3.0+ and LGPL-3.0+
 Group:          System/Daemons
 Requires:       sssd = %{version}
@ -99,8 +111,8 @@ This package provide the FreeIPA provider plugin for the System Security
 Services Daemon (sssd).
 %package tools
 License:        GPL-3.0+ and LGPL-3.0+
 Summary:        Commandline tools for sssd
 License:        GPL-3.0+ and LGPL-3.0+
 Group:          System/Management
 Requires:       sssd = %{version}
@ -108,9 +120,38 @@ Requires:       sssd = %{version}
 The packages contains commandline tools for managing users and groups using
 the "local" id provider of the System Security Services Daemon (sssd).
-%package -n python-sssd-config
+%package -n libipa_hbac0
 Summary:        FreeIPA HBAC Evaluator library
 License:        LGPL-3.0+
 Group:          System/Libraries
 %description -n libipa_hbac0
 Utility library to validate FreeIPA HBAC rules for authorization
 requests.
 %package -n libipa_hbac-devel
 Summary:        Development files for the FreeIPA HBAC Evaluator library
 License:        LGPL-3.0+
 Group:          Development/Libraries/C and C++
 Requires:       libipa_hbac0 = %version
 %description -n libipa_hbac-devel
 Utility library to validate FreeIPA HBAC rules for authorization
 requests.
 %package -n python-ipa_hbac
 Summary:        Python bindings for the FreeIPA HBAC Evaluator library
 License:        GPL-3.0+ and LGPL-3.0+
 Group:          Development/Libraries/Python
 %py_requires
 %description -n python-ipa_hbac
 The python-ipa_hbac package contains the bindings so that libipa_hbac
 can be used by Python applications.
 %package -n python-sssd-config
 Summary:        Python API for configuring sssd
 License:        GPL-3.0+ and LGPL-3.0+
 Group:          Development/Libraries/Python
 %{py_requires}
@ -120,15 +161,21 @@ Security Services Daemon (sssd).
 %prep
 %setup -q
-%patch -P 1 -P 2 -P 3 -p1
+%patch -P 3 -P 4 -P 5 -p1
 %build
 autoreconf
 %if 0%{?suse_version} < 1210
 # pkgconfig file not present
 export LDB_LIBS="-lldb"
-export LDB_CFLAGS="-I/usr/include"
+export LDB_CFLAGS=" "
 export LDB_DIR="%_libdir/ldb"
 %else
 export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
 %endif
 # help configure find nscd
-export PATH=$PATH:/usr/sbin/
+export PATH="$PATH:/usr/sbin"
 %configure \
    --with-db-path=%{dbpath} \
@ -137,8 +184,7 @@ export PATH=$PATH:/usr/sbin/
    --with-init-dir=%{_initrddir} \
    --enable-nsslibdir=/%{_lib} \
    --enable-pammoddir=/%{_lib}/security \
-    --enable-crypto=yes \
+    --with-ldb-lib-dir="$LDB_DIR" \
    --with-ldb-lib-dir=%{_libdir}/ldb \
    --with-selinux=no \
    --with-os=suse \
    --with-semanage=no
@ -149,9 +195,9 @@ make install DESTDIR=$RPM_BUILD_ROOT
 # Copy default sssd.conf file
 install -d $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
-install -m600 src/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
+install -m600 src/examples/sssd-example.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
 install src/sysv/SUSE/sssd $RPM_BUILD_ROOT%{_sysconfdir}/init.d/sssd
-%if %suse_version > 1140
+%if %suse_version >= 1210
 install -d $RPM_BUILD_ROOT/%{_unitdir}
 install src/sysv/systemd/sssd.service $RPM_BUILD_ROOT/%{_unitdir}/sssd.service
 %endif
@ -173,10 +219,7 @@ rm -rf \
 %find_lang %{name} --all-name
-%clean
+%if %suse_version >= 1210
 rm -rf $RPM_BUILD_ROOT
 %if %suse_version > 1140
 %pre
 %service_add_pre sssd.service
@ -184,13 +227,13 @@ rm -rf $RPM_BUILD_ROOT
 %post
 /sbin/ldconfig
-%if %suse_version > 1140
+%if %suse_version >= 1210
 %service_add_post sssd.service
 %endif
 %preun
 %stop_on_removal sssd
-%if %suse_version > 1140
+%if %suse_version >= 1210
 %service_del_preun sssd.service
 %endif
@ -198,15 +241,19 @@ rm -rf $RPM_BUILD_ROOT
 /sbin/ldconfig
 %restart_on_update sssd
 %insserv_cleanup
-%if %suse_version > 1140
+%if %suse_version >= 1210
 %service_del_postun sssd.service
 %endif
 %post -n libipa_hbac0 -p /sbin/ldconfig
 %postun -n libipa_hbac0 -p /sbin/ldconfig
 %files -f sssd.lang
 %defattr(-,root,root,-)
 %doc COPYING
 %{_initrddir}/%{name}
-%if %suse_version > 1140
+%if %suse_version >= 1210
 %{_unitdir}/sssd.service
 %endif
 %{_sbindir}/sssd
@ -229,35 +276,23 @@ rm -rf $RPM_BUILD_ROOT
 %attr(750,root,root) %dir %{_var}/log/%{name}
 %dir %{_sysconfdir}/sssd
 %config(noreplace) %{_sysconfdir}/sssd/sssd.conf
 %config %{_sysconfdir}/sssd/sssd.api.conf
 %attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
 %config %{_sysconfdir}/sssd/sssd.api.d/sssd-krb5.conf
 %config %{_sysconfdir}/sssd/sssd.api.d/sssd-ldap.conf
 %config %{_sysconfdir}/sssd/sssd.api.d/sssd-local.conf
 %config %{_sysconfdir}/sssd/sssd.api.d/sssd-proxy.conf
 %config %{_sysconfdir}/sssd/sssd.api.d/sssd-simple.conf
 /%{_lib}/libnss_sss.so.2
 /%{_lib}/security/pam_sss.so
 %{_mandir}/man5/sssd-krb5.*
 %{_mandir}/man5/sssd-ldap.*
 %{_mandir}/man5/sssd-simple.*
 %{_mandir}/man5/sssd.conf.*
 %_datadir/sssd
 %exclude %_datadir/sssd/sssd.api.d/sssd-ipa.conf
 %files tools
 %defattr(-,root,root,-)
-%dir %{_mandir}/cs
+%_mandir/man8/*
-%dir %{_mandir}/cs/man8
+%dir %_mandir/??
-%dir %{_mandir}/uk
+%dir %_mandir/??/man*
-%dir %{_mandir}/uk/man8
+%_mandir/??/man8/*
-%dir %{_mandir}/es
+%{_sbindir}/sss_cache
-%dir %{_mandir}/es/man8
+%{_sbindir}/sss_debuglevel
 %dir %{_mandir}/nl
 %dir %{_mandir}/nl/man8
 %{_mandir}/man8/*
 %{_mandir}/cs/man8/*
 %{_mandir}/uk/man8/*
 %{_mandir}/es/man8/*
 %{_mandir}/nl/man8/*
 %{_sbindir}/sss_useradd
 %{_sbindir}/sss_userdel
 %{_sbindir}/sss_usermod
@ -269,14 +304,32 @@ rm -rf $RPM_BUILD_ROOT
 %files ipa-provider
 %defattr(-,root,root,-)
-%config %{_sysconfdir}/sssd/sssd.api.d/sssd-ipa.conf
+%dir %_datadir/sssd
 %dir %_datadir/sssd/sssd.api.d
 %_datadir/sssd/sssd.api.d/sssd-ipa.conf
 %{_libdir}/sssd/libsss_ipa*
 %{_mandir}/man5/sssd-ipa.*
 %files -n libipa_hbac0
 %defattr(-,root,root)
 %_libdir/libipa_hbac.so.0*
 %files -n libipa_hbac-devel
 %defattr(-,root,root)
 %_includedir/ipa_hbac.h
 %_libdir/libipa_hbac.so
 %_libdir/pkgconfig/ipa_hbac.pc
 %files -n python-ipa_hbac
 %defattr(-,root,root)
 %python_sitearch/pyhbac.so
 %files -n python-sssd-config
-%defattr(-,root,root,-)
+%defattr(-,root,root)
-%{python_sitearch}/pysss.so
+%python_sitearch/pysss.so
-%{python_sitelib}/*.py*
+%python_sitelib/SSSDConfig*.py*
-%{python_sitelib}/*.egg-info
+%python_sitelib/SSSDConfig*.egg-info
 %python_sitelib/ipachangeconf.py*
 %python_sitelib/sssd_upgrade_config.py*
 %changelog