pool/himmelblau
SHA256
3
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Update to version 0.5.0+git.0.22f84f0:

Browse Source 
* Update workflows for 0.5.x
  * Update Debian dependencies in README.md
  * Compilation fails on Ubuntu, missing ldb header
  * Fix base32 with kandim updates
  * deps(rust): update base32 requirement from ^0.4.0 to ^0.5.0
  * deps(rust): update scim_proto requirement from ^0.2.1 to ^1.3.2
  * deps(rust): update bindgen requirement from 0.69.4 to 0.70.1
  * Fix CI failures caused by cargo 1.80.1
  * Update to libhimmelblau version 0.2.9
  * deps(rust): update rusqlite requirement from ^0.31.0 to ^0.32.0
  * deps(rust): update tonic requirement from 0.11.0 to 0.12.0
  * update libnss requirement from 0.7.0 to 0.8.0
  * Switch to using libhimmelblau
  * himmelblaud stops working after suspend
  * Update required packages for tumbleweed
  * Disable the SFA fallback by default
  * Fix ConsolidatedTelephony MFA method
  * Use the group ID for the name if no display name
  * Use latest msal with MFA fixes
  * PhoneAppNotification is not a cred request algorithm
  * The polling_interval is in milliseconds, not seconds
  * OneWaySMS is additionally a valid OTP
  * Relicensing as GPL3, as SSSD source inclusion requires
  * Utilize the graph code in msal
  * config: Remove comments about experimental policy enforement
  * Remove the experimental policy code from the id provider
  * Fix a refresh token leak in debug from msal
  * Correct README details
  * Always normalize idmap upn inputs
  * Add video links to the README
  * Minor updates to the Contributing section
  * Add a Installation section to the README
  * Add the new SSSD idmap build deps to the README
  * Add a section about donations
  * Include the Samba Technical matrix channel
  * Add github workflows for the 0.4.x branch
  * Version 0.5.0 bump for main

OBS-URL: https://build.opensuse.org/package/show/network:idm/himmelblau?expand=0&rev=31
This commit is contained in:
David Mulder 2024-09-04 14:42:45 +00:00 committed by Git OBS Bridge
commit 74dce81175
11 changed files with 689 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

31
_service Normal file
View File

@ -0,0 +1,31 @@
<services>
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/himmelblau-idm/himmelblau.git</param>
<param name="scm">git</param>
<param name="revision">stable-0.5.x</param>
<param name="versionformat">@PARENT_TAG@+git.@TAG_OFFSET@.%h</param>
<param name="versionrewrite-pattern">himmelblau-(.*)</param>
<param name="versionrewrite-replacement">\1</param>
<param name="filename">himmelblau</param>
<param name="exclude">.git</param>
<param name="exclude">src/kanidm/Cargo.*</param>
<param name="changesgenerate">enable</param>
</service>
<service name="set_version" mode="disabled">
<param name="basename">himmelblau</param>
<param name="regex">^himmelblau-([^/]+)</param>
<param name="file">himmelblau.spec</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">*.tar</param>
<param name="compression">bz2</param>
</service>
<service name="cargo_vendor" mode="disabled">
<param name="srcdir">himmelblau</param>
<param name="update">true</param>
</service>
<service name="cargo_audit" mode="disabled">
<param name="srcdir">himmelblau</param>
<param name="lockfile">Cargo.lock</param>
</service>
</services>

6
_servicedata Normal file
View File

@ -0,0 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/openSUSE/himmelblau.git</param>
<param name="changesrevision">6d2f6450ff3c0c945a884d4b35307e03a035a581</param></service><service name="tar_scm">
<param name="url">https://github.com/himmelblau-idm/himmelblau.git</param>
<param name="changesrevision">22f84f0879609ef9406e2c25c6028d5e9b1073c9</param></service></servicedata>

5
cargo_config Normal file
View File

@ -0,0 +1,5 @@
[source.crates-io]
replace-with = "vendored-sources"
[source.vendored-sources]
directory = "vendor"

3
himmelblau-0.4.1+git.0.41dd0dc.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:dcde73d510f65d5dc329d52d1e2aad3236a30b8831f1043d96aca04686159d5e
size 17684282

3
himmelblau-0.4.3+git.2.6379abc.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:fb29e33def9c3d5a83f5cb6484d5d886b79c0e8f0ea827586a101c28521001c1
size 17684265

3
himmelblau-0.5.0+git.0.22f84f0.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:16915f657ac0c69070d9ee24076ed03464b74c16a12c786eec8fb8f3b4e0dcfb
size 19316045

475
himmelblau.changes Normal file
View File

@ -0,0 +1,475 @@
-------------------------------------------------------------------
Wed Sep 04 14:16:35 UTC 2024 - david.mulder@suse.com
- Update to version 0.5.0+git.0.22f84f0:
* Update workflows for 0.5.x
* Update Debian dependencies in README.md
* Compilation fails on Ubuntu, missing ldb header
* Fix base32 with kandim updates
* deps(rust): update base32 requirement from ^0.4.0 to ^0.5.0
* deps(rust): update scim_proto requirement from ^0.2.1 to ^1.3.2
* deps(rust): update bindgen requirement from 0.69.4 to 0.70.1
* Fix CI failures caused by cargo 1.80.1
* Update to libhimmelblau version 0.2.9
* deps(rust): update rusqlite requirement from ^0.31.0 to ^0.32.0
* deps(rust): update tonic requirement from 0.11.0 to 0.12.0
* update libnss requirement from 0.7.0 to 0.8.0
* Switch to using libhimmelblau
* himmelblaud stops working after suspend
* Update required packages for tumbleweed
* Disable the SFA fallback by default
* Fix ConsolidatedTelephony MFA method
* Use the group ID for the name if no display name
* Use latest msal with MFA fixes
* PhoneAppNotification is not a cred request algorithm
* The polling_interval is in milliseconds, not seconds
* OneWaySMS is additionally a valid OTP
* Relicensing as GPL3, as SSSD source inclusion requires
* Utilize the graph code in msal
* config: Remove comments about experimental policy enforement
* Remove the experimental policy code from the id provider
* Fix a refresh token leak in debug from msal
* Correct README details
* Always normalize idmap upn inputs
* Add video links to the README
* Minor updates to the Contributing section
* Add a Installation section to the README
* Add the new SSSD idmap build deps to the README
* Add a section about donations
* Include the Samba Technical matrix channel
* Add github workflows for the 0.4.x branch
* Version 0.5.0 bump for main
-------------------------------------------------------------------
Mon Jul 15 15:07:32 UTC 2024 - david.mulder@suse.com
- Update to version 0.4.3+git.2.6379abc:
* Specifically use msal 0.2.6
* Version 0.4.3
* update libnss requirement from 0.7.0 to 0.8.0
* himmelblaud stops working after suspend
* Version 0.4.2
* Fix ConsolidatedTelephony MFA method
-------------------------------------------------------------------
Wed May 29 19:35:33 UTC 2024 - david.mulder@suse.com
- Update to version 0.4.1+git.0.41dd0dc:
* Version 0.4.1
* Use latest msal with MFA fixes
* PhoneAppNotification is not a cred request algorithm
* The polling_interval is in milliseconds, not seconds
* OneWaySMS is additionally a valid OTP
* Relicensing as GPL3, as SSSD source inclusion requires
-------------------------------------------------------------------
Wed May 22 22:10:10 UTC 2024 - david.mulder@suse.com
- Update to version 0.4.0+git.4.63e3704:
* Fix a refresh token leak in debug from msal
-------------------------------------------------------------------
Wed May 22 14:28:10 UTC 2024 - david.mulder@suse.com
- Update to version 0.4.0+git.2.7b57f5e:
* Always normalize idmap upn inputs
-------------------------------------------------------------------
Mon May 20 19:23:30 UTC 2024 - david.mulder@suse.com
- Update to version 0.4.0+git.0.69b64fe:
* Add github workflows for the 0.4.x branch
* Do not append to pam_allow_groups automatically
* Pam Allow Groups must be specified by Object ID
* Request the correct resource and permissions
* Improve error output on group lookup failure
* When faking a uuid for NSS, use a random uuid
* Fix clippy warning about inefficient use of clone()
* Remove the initial uid hack, use name mapping
* Don't stop an MR based on a clippy warning
* Update Kanidm tracking
* Modify CI workflows to handle idmap build
* Add CI job for cargo test
* Test the new and legacy idmapping
* Ensure duplicate providers are not started
* Use the SSSD Idmap code in Himmelblau
* Specify in conf that pam_allow_groups is required
* Remove code duplication in Hello PIN auth
* Fix Device authentication failed after enrollment
* Update the base64urlsafedata version
* Update README.md with Matrix contact info
* Version 0.4.0
-------------------------------------------------------------------
Wed May 15 15:19:43 UTC 2024 - david.mulder@suse.com
- Update to version 0.3.4+git.0.01d099f:
* Version 0.3.4
* Only remove cached user if it doesn't exist
* Use existing user token at refresh
* Always use the spn of the user for nss requests
* Generate a fake user token to please SSH
* Fix aad-tool to handle MFA
* Fix lib_crypto version
* Fix user dropping from NSS
-------------------------------------------------------------------
Fri May 10 18:59:23 UTC 2024 - david.mulder@suse.com
- Himmelblau requires libopenssl-3 for PRT messages.
-------------------------------------------------------------------
Thu May 09 19:34:59 UTC 2024 - david.mulder@suse.com
- Update to version 0.3.3+git.0.c2197d7:
* Correct the debug messages for Hello skip
* Version 0.3.3
* Allow disabling Hello PIN auth for enrolled users
* Add an option for disabling Windows Hello
* Remove the TODO doc from stable branch
* config: Remove comments about experimental policy enforement
-------------------------------------------------------------------
Tue May 07 18:19:29 UTC 2024 - david.mulder@suse.com
- Update to version 0.3.2+git.0.de9f5b5:
* Version 0.3.2
* Fix Hello PIN Authentication error, no nonce
-------------------------------------------------------------------
Mon Apr 29 19:43:17 UTC 2024 - david.mulder@suse.com
- Update to version 0.3.1+git.0.359a8d0:
* Add github workflows for the 0.3.x branch
* Fallback to SFA first if MFA fails Browse files
* deps(rust): update libnss requirement from 0.6.0 to 0.7.0
* deps(rust): update webauthn-rs-proto requirement from 0.4.8 to 0.5.0
* Fix deadlock caused by client write lock
* Add rid idmapping (replacing existing idmap)
* Additional debug for Hello auth
* Make proto Cargo.toml a physical file
* Push the clippy arg count limit a little higher
* Version 0.3.0
* Windows Hello PIN implementation
* deps(rust): update hostname requirement from ^0.3.1 to ^0.4.0
* Enable actions on stable branches
* Prevent dependabot from updating opentelemetry
* Revert "deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 (#93)"
* deps(rust): update reqwest requirement from ^0.11.18 to ^0.12.2 (#95)
* deps(rust): update lru requirement from ^0.8.0 to ^0.12.3 (#94)
* deps(rust): update opentelemetry requirement from 0.20.0 to 0.22.0 (#93)
* deps(rust): update num_enum requirement from ^0.5.11 to ^0.7.2 (#92)
* deps(rust): update tonic requirement from 0.10.2 to 0.11.0 (#91)
* Use the Kanidm MFA patches
* deps(rust): update libnss requirement from 0.5.0 to 0.6.0 (#90)
* deps(rust): update tracing-opentelemetry requirement (#89)
* deps(rust): update rusqlite requirement from ^0.28.0 to ^0.31.0 (#88)
* deps(rust): update clap requirement from ^3.2 to ^4.5 (#87)
* deps(rust): update kanidm-hsm-crypto requirement from ^0.1.6 to ^0.2.0 (#86)
* Update dependabot.yml
* Add missing db dependency on sketching
* Set the workspace resolver version to 2
* Init the kanidm submodule during workflows
* Ignore clippy blocks_in_conditions warning in daemon
* Add build/clippy/dependabot_automerge workflows
* deps(rust): update opentelemetry-otlp requirement from 0.13.0 to 0.15.0
* deps(rust): update opentelemetry_sdk requirement from 0.20.0 to 0.22.1
* deps(rust): update base64 requirement from ^0.21.5 to ^0.22.0
* deps(rust): update notify-debouncer-full requirement from 0.1 to 0.3
* deps(rust): update systemd-journal-logger requirement
* Create dependabot.yml
* Add MFA capabilities
* Update to the latest Kanidm reqs
* Always force MFA when enrolling the device
* Update to latest msal
-------------------------------------------------------------------
Thu Feb 29 20:14:08 UTC 2024 - dmulder@suse.com
- Himmelblau provides the features found in aad-auth packages from
other distros.
-------------------------------------------------------------------
Tue Feb 20 21:07:56 UTC 2024 - dmulder@suse.com
- Update to version 0.2.0+git.4.904b915:
* Update to latest msal
* Version 0.2.0
* Himmelblau now authenticates only to configured domains
* Remove reference to python-msal dep in README
* Use the external MSAL crate for auth
* Rename msal in prep for external msal crate
* msal: Remove python msal bindings
* msal: Rust msal
* Point Cargo.toml to new project home
* config: Write domain join to server specific config
* idprovider: Invalidate cached user if PRT req fails
* idprovider: Pass the keystore to the auth function
* Update daemon from kanidm
* test: Add a pause to ensure tasks daemon sees himmelblau
* Update kanidm submodule
* config: Include domain sections in configured domains
* msal: Add acquire_token_by_refresh_token
* enrollment: Authentication fixes
* tests: Create the hsm-pin directory
* idprovider: Add domain join debug
* cargo: Use relative paths and remove most symlinks
* idprovider: Allow group search when device is authenticated
* msal: Move the application reqs from misc to msal::application
* msal: Move user reqs from misc to msal::user
* Remove duplicates from allow_groups during enrollment
* Remove device enrollment from TODO
* Implement Device enrollment
* enrollment: Add the nonce service request
* enrollment: Add enrollment service discovery
* Implement ConfidentialClientApplication for enrollment
* daemon: Fix inverted logic on cache dir check
* nss: Use upstream nss package
* idprovider: Provider auth needs to point to just the host
* config: Consistently use the config file provided to the daemon
* cargo: Use relative paths and remove most symlinks
* clippy: Add kanidm's clippy config
* config: Only check for tenant_id, authority, graph if necessary
* Update README.md
* Update version to 0.1.2
* config: Fix typos in the config file
* Make most params to acquire_token_interactive optional
* Config can take defaults
* cli: Add missing cli opt file
* cli: Improve aad-tool options and interface
* Update README.md
* tests: Fix tasks daemon name typo
* Remove MFA from TODO
-------------------------------------------------------------------
Fri Dec 22 18:07:18 UTC 2023 - dmulder@suse.com
- Update to version 0.1.1+git.10.4aa76b7:
* daemon: Fix inverted logic on cache dir check
* nss: Use upstream nss package
* idprovider: Provider auth needs to point to just the host
* config: Consistently use the config file provided to the daemon
* cargo: Use relative paths and remove most symlinks
* clippy: Add kanidm's clippy config
* config: Only check for tenant_id, authority, graph if necessary
* Correct the cargo version
-------------------------------------------------------------------
Mon Nov 13 19:12:05 UTC 2023 - dmulder@suse.com
- Update to version 0.1.1+git.0.6d2f645:
* config: Remove comments about experimental policy enforement
* config: Fix typos in the config file
-------------------------------------------------------------------
Tue Sep 26 13:22:40 UTC 2023 - Jan Engelhardt <jengelh@inai.de>
- Reduce size of expanded scriptlets by reducing %service_* calls
- Wrap descriptions
-------------------------------------------------------------------
Thu Sep 14 17:16:34 UTC 2023 - david.mulder@suse.com
- Update to version 0.1.0+git.2.2391ac0:
* Update version to 0.1.0
* Update the README
* idprovider: Fix mixed case auth failure
* daemon: Port daemon changes from kanidm
* provider: Skip provider init on silent auth and offline
* daemon: Run himmelblaud as non-root dynamic user
-------------------------------------------------------------------
Tue Sep 12 21:12:46 UTC 2023 - david.mulder@suse.com
- Update to version 0.0.4+git.50.112df77:
* Always match DAG where present
* Prohibit authentication with changing IDs
-------------------------------------------------------------------
Fri Sep 08 14:16:20 UTC 2023 - david.mulder@suse.com
- Update to version 0.0.4+git.42.d641c8b:
* Run cargo fmt and cargo clippy
* Implement DeviceAuthorizationGrant for MFA
* test: Initialize the pam_allow_groups with users
* Use new pam state machine in himmelblau
* Remove the non-functional device enrollment
* TODO: New details regarding MS auth cache
* daemon: Implement pam allow groups
* Code rearrangement
-------------------------------------------------------------------
Thu Aug 10 14:55:54 UTC 2023 - dmulder@suse.com
- Update to version 0.0.4+git.30.26c26e7:
* aad-tool: Disable enrollment by default
* provider: Fetch GECOS from old token on silent acquire
* msal: Add bindings for device auth flow
* Add debug for local user ignore
* provider: Only retry auth if we're sure group read was requested
* provider: Provide user token refresh
* provider: Cause unix_group_get to respond with BadRequest
* provider: Implement provider_authenticate
-------------------------------------------------------------------
Tue Aug 08 19:29:40 UTC 2023 - dmulder@suse.com
- Update to version 0.0.4+git.9.a7c5ac2:
* osc breaks with workspace errors using symlinks
* gp: Disable MDM policies by default
-------------------------------------------------------------------
Mon Aug 07 20:31:52 UTC 2023 - dmulder@suse.com
- Update to version 0.0.4+git.3.b500f1f:
* Update serde version
* Update version to 0.0.4
* Only build necessary bits of kanidm proto
* Add cache operations to daemon and aad-tool
* tests: Include local cache of rust deps
* cache: Use the kanidm cache backend
-------------------------------------------------------------------
Mon Jul 31 21:16:59 UTC 2023 - dmulder@suse.com
- Update to version 0.0.3+git.10.761b4d2:
* gp: Apply chromium policies
* gp: Implement Group Policy object listing
* test: Fix build test failure
* tests: Return the correct error code from tests
* test: Separate project build from docker build
* tests: Deploy config when testing
-------------------------------------------------------------------
Tue Jul 18 18:54:07 UTC 2023 - dmulder@suse.com
- Update to version 0.0.3+git.3.f0883b1:
* nss: Fix misaligned pointer dereference errors
* Fix code links
-------------------------------------------------------------------
Mon Jul 17 19:43:26 UTC 2023 - dmulder@suse.com
- Update to version 0.0.3+git.1.e6847eb:
* Revert "nss: Use kanidm nss code"
* Update lib versions to match package version
* Shallow clone kanidm for pam/nss
* tests: Fix tar recursion
-------------------------------------------------------------------
Fri Jul 14 17:23:46 UTC 2023 - dmulder@suse.com
- Update to version 0.0.2+git.22.1c3ce4b:
* Remove symlinks and just point to kanidm sources
* nss: Use kanidm nss code
* Add submodule commands to main Makefile
* pam: Use kanidm pam code, glue into himmelblau
* TODO: Only auth to configured domains
-------------------------------------------------------------------
Mon Jul 10 21:19:19 UTC 2023 - dmulder@suse.com
- Update to version 0.0.2+git.15.d42b114:
* aad-tool: Enroll via the daemon
* config: Add func for requesting configured socket path
* aad-tool: Improve enroll options
-------------------------------------------------------------------
Mon Jul 10 19:23:50 UTC 2023 - dmulder@suse.com
- Update to version 0.0.2+git.11.91df240:
* daemon: Add a systemd service
* daemon: Don't request group read scope if using Intune
* TODO: Mention the work needed for the cache
* README: Include homedir creation instructions
* daemon: If auth fails, indicate the user
-------------------------------------------------------------------
Fri Jul 07 16:18:10 UTC 2023 - dmulder@suse.com
- Update to version 0.0.2+git.6.de1afd6:
* test: Ensure invalid users aren't cached
* test: Skip getent group tests failing due to nss issue
* tests: Add nss tests
* tests: Test pam auth
* msal: Allow fetching auth url
-------------------------------------------------------------------
Wed Jun 28 16:55:26 UTC 2023 - dmulder@suse.com
- Update to version 0.0.2+git.0.5bfbedd:
* cache: Make the cache persistent
* TODO: Cannot fudge an initial nss request
* Use tracing for debug instead of log
* aad-tool: Fix some build warnings
* aad-tool: Add TODO comments regarding enrollment issues
* aad-tool: Always use interactive enrollment
* fix readme
* aad-tool: Save the device_id after enrollment
* aad-tool: Cannot enroll in Intune Portal directly
* aad-tool: Parse the enrollment response
* aad-tool: Add a enroll command for Azure AD device
* memcache: Only append existing group member if missing
* himmelblaud: Fix login when Intune errors on group read
* memcache: Create a memcache for user and group caching
* TODO: Group memberships
* TODO: NSS requests via GET reqs
* config: Include default for authority_host
* config: Specify constants for defaults
* Cleanup the build depencencies
* TODO: Fix the headings
* TODO: Add major reqs section
* Cause the odc provider to supply the authority_host
* TODO: Use tracing module
* Include offline logon in todo list
* Add a TODO list
* Discover the tenant_id in the same manner as Intune
* himmelblaud: Debug for unknown user/group
* himmelblaud: Fix failure to cache user
* himmelblaud: Pam Allowed and Sessions stubs
* himmelblaud: Implement NssGroupByGid and NssAccountByUid
* himmelblaud: Implement group lookups
* Include the gecos in the mem cache
* Use config for shell, homedir, uid range, tenant
* Improve Developer Readme
* config: Config should not default app_id
* Remove invalid comment
* himmelblaud: Return with failure without tenant_id
* config: Move the config to unix_common module
* himmelblaud: Make the socket path configurable
* himmelblaud: Use Intune portal when app_id unset
-------------------------------------------------------------------
Fri Jun 02 21:16:00 UTC 2023 - dmulder@suse.com
- Update to version 0.0.1+git.15.f9a024e:
* Generate unix uid/gid
* himmelblaud: Stubs for NssGroupByName and NssGroups
* himmelblaud: Fix auth failure error message
* himmelblaud: Open socket with permissions for users to read/write
* msal: Fix nssaccountbyname lookup
* himmelblaud: Improve logging
* Include systemd journal logging
* msal: Fix failure parsing user token dict
* Implement simple NssAccountByName
* Implement basic NssAccounts request
* pam: Fix unused variable warning
* himmelblaud: Rewrite the daemon in Rust
* msal: Add a simple rust binding to python msal
* Remove the python daemon in favor of Rust
-------------------------------------------------------------------
Fri May 26 20:48:17 UTC 2023 - dmulder@suse.com
- Update to version 0.0.1+git.0.56eb9f0:
* himmelblaud: Implement nss lookups in the daemon
* himmelblaud: Allow anyone to r/w the socket
* himmelblaud: Implement simple nss getpwent name
* pam: Remove account allowed and being session impl
* unix_common: UID and GID need not match
* himmelblaud: Improve the debug output
* himmelblaud: Remove stdout debug since logging to journald
* himmelblaud: Log to the systemd journal
* nss: Add the nss module
* Improve directory structure

136
himmelblau.spec Normal file
View File

@ -0,0 +1,136 @@
#
# spec file for package himmelblau
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: himmelblau
Version: 0.5.0+git.0.22f84f0
Release: 0
Summary: Interoperability suite for Microsoft Azure AD and Intune
License: GPL-3.0-or-later
URL: https://github.com/openSUSE/himmelblau
Source: %{name}-%{version}.tar.bz2
Source1: vendor.tar.zst
Source2: cargo_config
BuildRequires: cargo-packaging
BuildRequires: clang-devel
BuildRequires: krb5-devel
BuildRequires: libcap-devel
BuildRequires: libclang13
BuildRequires: libdhash-devel
BuildRequires: libldb-devel
BuildRequires: libopenssl-3-devel
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: pam-devel
BuildRequires: pcre2-devel
BuildRequires: sqlite3-devel
BuildRequires: tpm2-0-tss-devel
ExclusiveArch: %{rust_tier1_arches}
Recommends: nss-himmelblau
Recommends: pam-himmelblau
Provides: aad-cli
Provides: aad-common
%description
Himmelblau is an interoperability suite for Microsoft Azure AD and
Intune, which allows users to sign into a Linux machine using Azure
Active Directory credentials. It relies on the Microsoft
Authentication Library to communicate with the Microsoft service.
%package -n pam-himmelblau
Summary: Azure AD authentication PAM module
Requires: %{name} = %{version}
Provides: libpam-aad
%description -n pam-himmelblau
Himmelblau is an interoperability suite for Microsoft Azure AD and
Intune, which allows users to sign into a Linux machine using Azure
Active Directory credentials. It relies on the Microsoft
Authentication Library to communicate with the Microsoft service.
%package -n nss-himmelblau
Summary: Azure AD authentication NSS module
Requires(post): /sbin/ldconfig
Requires(postun): /sbin/ldconfig
Requires: %{name} = %{version}
Provides: libnss-aad
%description -n nss-himmelblau
Himmelblau is an interoperability suite for Microsoft Azure AD and
Intune, which allows users to sign into a Linux machine using Azure
Active Directory credentials. It relies on the Microsoft
Authentication Library to communicate with the Microsoft service.
%post -n nss-himmelblau -p /sbin/ldconfig
%postun -n nss-himmelblau -p /sbin/ldconfig
%prep
%autosetup -a1
install -D -m 644 %{SOURCE2} .cargo/config
%build
%{cargo_build}
%check
%{cargo_test}
%install
install -D -d -m 0755 %{buildroot}/%{_sysconfdir}/himmelblau
cp src/config/himmelblau.conf.example %{buildroot}/%{_sysconfdir}/himmelblau/himmelblau.conf
cp target/release/libnss_%{name}.so target/release/libnss_%{name}.so.2
install -D -d -m 0755 %{buildroot}/%{_libdir}
install -m 0755 target/release/libnss_%{name}.so.2 %{buildroot}/%{_libdir}
install -D -d -m 0755 %{buildroot}/%{_pam_moduledir}
install -m 0755 target/release/libpam_%{name}.so %{buildroot}/%{_pam_moduledir}/pam_%{name}.so
install -D -d -m 0755 %{buildroot}%{_sbindir}
install -m 0755 target/release/himmelblaud %{buildroot}/%{_sbindir}
install -m 0755 target/release/himmelblaud_tasks %{buildroot}/%{_sbindir}
install -D -d -m 0755 %{buildroot}%{_bindir}
install -m 0755 target/release/aad-tool %{buildroot}/%{_bindir}
install -D -d -m 0755 %{buildroot}%{_unitdir}
install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/himmelblaud.service %{buildroot}%{_unitdir}/himmelblaud.service
install -m 0644 %{_builddir}/%{name}-%{version}/platform/opensuse/himmelblaud-tasks.service %{buildroot}%{_unitdir}/himmelblaud-tasks.service
%pre
%service_add_pre himmelblaud.service himmelblaud-tasks.service
%post
%service_add_post himmelblaud.service himmelblaud-tasks.service
%preun
%service_del_preun himmelblaud.service himmelblaud-tasks.service
%postun
%service_del_postun himmelblaud.service himmelblaud-tasks.service
%files
%dir %{_sysconfdir}/himmelblau
%config %{_sysconfdir}/himmelblau/himmelblau.conf
%{_sbindir}/himmelblaud
%{_sbindir}/himmelblaud_tasks
%{_bindir}/aad-tool
%{_unitdir}/himmelblaud.service
%{_unitdir}/himmelblaud-tasks.service
%files -n nss-himmelblau
%{_libdir}/libnss_%{name}.so.*
%files -n pam-himmelblau
%{_pam_moduledir}/pam_%{name}.so
%changelog

3
vendor.tar.zst Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e173220bc01e1453f184ecbf44a3bd17cb5eaf24a5370abf9193057c30368317
size 46449790