From c7db1552cbfa76fe069bd84e1c86fbfe88bedc01a4d11554ca7151e39c1307ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Str=C3=B6der?= Date: Wed, 25 Oct 2017 11:56:22 +0000 Subject: [PATCH] Accepting request 536206 from home:stroeder:branches:network:ldap Update to new upstream release 1.16.0. Successfully tested with Howard's test scripts on openSUSE Tumbleweed x86_64. Build of man pages seems broken. But this is not caused by this sssd update because the man pages are already broken in sssd-tools-1.15.2-1.4 package in Tumbleweed. OBS-URL: https://build.opensuse.org/request/show/536206 OBS-URL: https://build.opensuse.org/package/show/network:ldap/sssd?expand=0&rev=188 --- sssd-1.15.2.tar.gz | 3 - sssd-1.15.2.tar.gz.asc | 6 - sssd-1.16.0.tar.gz | 3 + sssd-1.16.0.tar.gz.asc | 6 + sssd.changes | 71 ++++++ sssd.spec | 492 ++++++++++++++++++++++------------------- 6 files changed, 345 insertions(+), 236 deletions(-) delete mode 100644 sssd-1.15.2.tar.gz delete mode 100644 sssd-1.15.2.tar.gz.asc create mode 100644 sssd-1.16.0.tar.gz create mode 100644 sssd-1.16.0.tar.gz.asc diff --git a/sssd-1.15.2.tar.gz b/sssd-1.15.2.tar.gz deleted file mode 100644 index a63a517..0000000 --- a/sssd-1.15.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:4cd5fcb314d77a58029a216b7e6001c6cb41c5b784cf570c5761c97d1c12d264 -size 5248134 diff --git a/sssd-1.15.2.tar.gz.asc b/sssd-1.15.2.tar.gz.asc deleted file mode 100644 index e5f29b8..0000000 --- a/sssd-1.15.2.tar.gz.asc +++ /dev/null @@ -1,6 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iEYEABECAAYFAljJcscACgkQHsardTLnvCVCdwCgj0g3CSbz/gIS37W553d0QI7i -waoAnRN8+lQjwHQS+76q5nz2eSdRLnIG -=4tQo ------END PGP SIGNATURE----- diff --git a/sssd-1.16.0.tar.gz b/sssd-1.16.0.tar.gz new file mode 100644 index 0000000..c469694 --- /dev/null +++ b/sssd-1.16.0.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c581a6e5365cef87fca419c0c9563cf15eadbb682863d648d85ffcded7a3940f +size 5899127 diff --git a/sssd-1.16.0.tar.gz.asc b/sssd-1.16.0.tar.gz.asc new file mode 100644 index 0000000..d789a3d --- /dev/null +++ b/sssd-1.16.0.tar.gz.asc @@ -0,0 +1,6 @@ +-----BEGIN PGP SIGNATURE----- + +iEYEABECAAYFAlnqDFQACgkQHsardTLnvCU79wCg3b6eA8KEVLV8WECtUpTuFOb4 +WtAAoIQpjJYhg/z0wNqa2wh5v7CLpZdP +=MMlI +-----END PGP SIGNATURE----- diff --git a/sssd.changes b/sssd.changes index bb9a6ee..042038a 100644 --- a/sssd.changes +++ b/sssd.changes @@ -1,3 +1,74 @@ +------------------------------------------------------------------- +Mon Oct 23 16:31:54 UTC 2017 - michael@stroeder.com + +- consequently use curly brackets when referencing variables +- Update to new upstream release 1.16.0 + +Security fixes + * This release fixes CVE-2017-12173: Unsanitized input when searching in + local cache database. SSSD stores its cached data in an LDAP like local + database file using libldb. To lookup cached data LDAP search filters + like (objectClass=user)(name=user_name) are used. However, in + sysdb_search_user_by_upn_res(), the input was not sanitized and + allowed to manipulate the search filter for cache lookups. This would + allow a logged in user to discover the password hash of a different user. + +New Features + * SSSD now supports session recording configuration through tlog. This + feature enables recording of everything specific users see or type + during their sessions on a text terminal. For more information, see + the sssd-session-recording(5) manual page. + * SSSD can act as a client agent to deliver + Fleet Commander + policies defined on an IPA server. Fleet Commander provides a + configuration management interface that is controlled centrally and + that covers desktop, applications and network configuration. + * Several new systemtap probes + were added into various locations in SSSD code to assist in + troubleshooting and analyzing performance related issues. Please see the + sssd-systemtap(5) manual page for more information. + * A new LDAP provide access control mechanism that allows to restrict + access based on PAM's rhost data field was added. For more details, + please consult the sssd-ldap(5) manual page, in particular the + options ldap_user_authorized_rhost and the rhost value of + ldap_access_filter. + +------------------------------------------------------------------- +Tue Jul 25 15:46:23 UTC 2017 - michael@stroeder.com + +- Update to new upstream release 1.15.3 (KCM disabled) + +New Features + * In a setup where an IPA domain trusts an Active Directory domain, + it is now possible to define the domain resolution order + (see http://www.freeipa.org/page/Releases/4.5.0#AD_User_Short_Names). + * Design page - Shortnames in trusted domains + * SSSD ships with a new service called KCM. This service acts as a + storage for Kerberos tickets when "libkrb5" is configured to use + "KCM:" in "krb5.conf". + * Design page - KCM server for SSSD + * NOTE: There are several known issues in the "KCM" responder that + will be handled in the next release. + * Support for user and group resolution through the D-Bus interface and + authentication and/or authorization through the PAM interface even + for setups without UIDs or Windows SIDs present on the LDAP directory + side. This enhancement allows SSSD to be used together with apache + modules to provide + identities for applications + * Design page - Support for non-POSIX users and groups + * SSSD ships a new public library called "libsss_certmap" that allows + a flexible and configurable way of mapping a certificate to a user + identity. + * Design page - Matching and Mapping Certificates + * The Kerberos locator plugin can be disabled using an environment variable + "SSSD_KRB5_LOCATOR_DISABLE". Please refer to the + "sssd_krb5_locator_plugin" manual page for mode details. + * The "sssctl" command line tool supports a new command "user-checks" + that enables the administrator to check whether a certain user should be + allowed or denied access to a certain PAM service. + * The "secrets" responder now forwards requests to a proxy Custodia + back end over a secure channel. + ------------------------------------------------------------------- Thu Mar 16 13:32:12 UTC 2017 - hguo@suse.com diff --git a/sssd.spec b/sssd.spec index 0131435..f9c07c3 100644 --- a/sssd.spec +++ b/sssd.spec @@ -17,7 +17,7 @@ Name: sssd -Version: 1.15.2 +Version: 1.16.0 Release: 0 Summary: System Security Services Daemon License: GPL-3.0+ and LGPL-3.0+ @@ -25,18 +25,18 @@ Group: System/Daemons Url: https://pagure.io/SSSD/sssd #Git-Clone: git://git.fedorahosted.org/sssd -Source: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz -Source2: http://releases.pagure.org/SSSD/sssd/%name-%version.tar.gz.asc +Source: http://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz +Source2: http://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz.asc Source3: baselibs.conf Source4: sssd.service -Source5: %name.keyring +Source5: %{name}.keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build %define servicename sssd -%define sssdstatedir %_localstatedir/lib/sss -%define dbpath %sssdstatedir/db -%define pipepath %sssdstatedir/pipes -%define pubconfpath %sssdstatedir/pubconf +%define sssdstatedir %{_localstatedir}/lib/sss +%define dbpath %{sssdstatedir}/db +%define pipepath %{sssdstatedir}/pipes +%define pubconfpath %{sssdstatedir}/pubconf BuildRequires: autoconf >= 2.59 BuildRequires: automake @@ -82,11 +82,11 @@ BuildRequires: pkgconfig(tdb) >= 1.1.3 BuildRequires: pkgconfig(tevent) BuildRequires: pkgconfig(ndr_krb5pac) %{?systemd_requires} -Requires: sssd-ldap = %version-%release +Requires: sssd-ldap = %{version}-%{release} Requires(postun): pam-config -Provides: libsss_sudo = %version-%release -Provides: sssd-client = %version-%release -Obsoletes: libsss_sudo < %version-%release +Provides: libsss_sudo = %{version}-%{release} +Provides: sssd-client = %{version}-%{release} +Obsoletes: libsss_sudo < %{version}-%{release} %description Provides a set of daemons to manage access to remote directories and @@ -99,7 +99,7 @@ services for projects like FreeIPA. Summary: The ActiveDirectory backend plugin for sssd License: GPL-3.0+ Group: System/Daemons -Requires: %name-krb5-common = %version +Requires: %{name}-krb5-common = %{version} %description ad Provides the Active Directory back end that the SSSD can utilize to @@ -110,7 +110,7 @@ server. Summary: The D-Bus responder of sssd License: GPL-3.0+ Group: System/Base -Requires: %name = %version +Requires: %{name} = %{version} %description dbus Provides the D-Bus responder of sssd, called InfoPipe, which allows @@ -120,10 +120,10 @@ information from sssd to be transmitted over the system bus. Summary: FreeIPA backend plugin for sssd License: GPL-3.0+ Group: System/Daemons -Requires: %name = %version -Requires: %name-krb5-common = %version-%release -Obsoletes: %name-ipa-provider < %version-%release -Provides: %name-ipa-provider = %version-%release +Requires: %{name} = %{version} +Requires: %{name}-krb5-common = %{version}-%{release} +Obsoletes: %{name}-ipa-provider < %{version}-%{release} +Provides: %{name}-ipa-provider = %{version}-%{release} %description ipa Provides the IPA back end that the SSSD can utilize to fetch identity @@ -133,7 +133,7 @@ data from and authenticate against an IPA server. Summary: The Kerberos authentication backend plugin for sssd License: GPL-3.0+ Group: System/Daemons -Requires: %name-krb5-common = %version-%release +Requires: %{name}-krb5-common = %{version}-%{release} %description krb5 Provides the Kerberos back end that the SSSD can utilize authenticate @@ -153,7 +153,7 @@ use for Kerberos user or host authentication. Summary: The LDAP backend plugin for sssd License: GPL-3.0+ Group: System/Daemons -Requires: %name-krb5-common = %version-%release +Requires: %{name}-krb5-common = %{version}-%{release} %description ldap Provides the LDAP back end that the SSSD can utilize to fetch @@ -172,8 +172,8 @@ and/or PAM modules to leverage SSSD caching. Summary: Commandline tools for sssd License: GPL-3.0+ and LGPL-3.0+ Group: System/Management -Requires: python-sssd-config = %version -Requires: sssd = %version +Requires: python-sssd-config = %{version} +Requires: sssd = %{version} %py_requires %description tools @@ -198,7 +198,7 @@ by their POSIX UIDs and GIDs respectively. Summary: Development files for SSSD winbind License: LGPL-3.0+ Group: Development/Libraries/C and C++ -Requires: %name-wbclient = %version +Requires: %{name}-wbclient = %{version} %description wbclient-devel sssd-wbclient implements the libwbclient API for Samba daemons and @@ -214,6 +214,23 @@ Group: System/Libraries The idmap_sss module provides a way for Winbind to call SSSD to map UIDs/GIDs and SIDs. +%package -n libsss_certmap0 +Summary: FreeIPA ID mapping library +License: LGPL-3.0+ +Group: System/Libraries + +%description -n libsss_certmap0 +A utility library for FreeIPA to map certs. + +%package -n libsss_certmap-devel +Summary: Development files for the FreeIPA certmap library +License: LGPL-3.0+ +Group: Development/Libraries/C and C++ +Requires: libsss_certmap0 = %{version} + +%description -n libsss_certmap-devel +A utility library for FreeIPA to map certs. + %package -n libipa_hbac0 Summary: FreeIPA HBAC Evaluator library License: LGPL-3.0+ @@ -227,7 +244,7 @@ requests. Summary: Development files for the FreeIPA HBAC Evaluator library License: LGPL-3.0+ Group: Development/Libraries/C and C++ -Requires: libipa_hbac0 = %version +Requires: libipa_hbac0 = %{version} %description -n libipa_hbac-devel Utility library to validate FreeIPA HBAC rules for authorization @@ -254,7 +271,7 @@ A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. Summary: Development files for the FreeIPA idmap library License: LGPL-3.0+ Group: Development/Libraries/C and C++ -Requires: libsss_idmap0 = %version +Requires: libsss_idmap0 = %{version} %description -n libsss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. @@ -271,7 +288,7 @@ A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. Summary: Development files for the FreeIPA idmap library License: LGPL-3.0+ Group: Development/Libraries/C and C++ -Requires: libsss_nss_idmap0 = %version +Requires: libsss_nss_idmap0 = %{version} %description -n libsss_nss_idmap-devel A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs. @@ -289,7 +306,7 @@ the SSSD InfoPipe responder. Summary: Development files for the SSSD D-Bus responder helper library License: GPL-3.0+ Group: Development/Libraries/C and C++ -Requires: libsss_simpleifp0 = %version +Requires: libsss_simpleifp0 = %{version} %description -n libsss_simpleifp-devel This subpackage provides the development files for sssd's simpleifp, @@ -385,7 +402,7 @@ Security Services Daemon (sssd). # pkgconfig file not present export LDB_LIBS="-lldb" export LDB_CFLAGS=" " -export LDB_DIR="%_libdir/ldb" +export LDB_DIR="%{_libdir}/ldb" %else export LDB_DIR="$(pkg-config ldb --variable=modulesdir)" %endif @@ -398,45 +415,45 @@ export CFLAGS="%optflags -fPIE" export LDFLAGS="-pie" %configure \ --with-crypto=libcrypto \ - --with-db-path="%dbpath" \ - --with-pipe-path="%pipepath" \ - --with-pubconf-path="%pubconfpath" \ - --with-init-dir="%_initrddir" \ - --enable-nsslibdir="/%_lib" \ - --enable-pammoddir="/%_lib/security" \ + --with-db-path="%{dbpath}" \ + --with-pipe-path="%{pipepath}" \ + --with-pubconf-path="%{pubconfpath}" \ + --with-init-dir="%{_initrddir}" \ + --enable-nsslibdir="/%{_lib}" \ + --enable-pammoddir="/%{_lib}/security" \ --with-ldb-lib-dir="$LDB_DIR" \ --with-selinux=no \ --with-os=suse \ --with-semanage=no \ --disable-ldb-version-check \ + --without-kcm \ --without-secrets make %{?_smp_mflags} all %install -b="%buildroot" -make install DESTDIR="$b" +make install DESTDIR="%{buildroot}" # Copy default sssd.conf file -install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ - "$b/%_mandir"/{uk/man5,uk/man8} -install -d "$b/%_sysconfdir/sssd" -install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf" -install -d "$b/%_sysconfdir/sssd/conf.d" -install -d "$b/%_unitdir" -install -m644 %{S:4} "$b/%_unitdir/sssd.service" -rm -Rf "$b/%_initddir" -ln -s service "$b/%_sbindir/rcsssd" +install -d "%{buildroot}/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \ + "%{buildroot}/%_mandir"/{uk/man5,uk/man8} +install -d "%{buildroot}/%{_sysconfdir}/sssd" +install -m600 src/examples/sssd-example.conf "%{buildroot}/%{_sysconfdir}/sssd/sssd.conf" +install -d "%{buildroot}/%{_sysconfdir}/sssd/conf.d" +install -d "%{buildroot}/%{_unitdir}" +install -m644 %{S:4} "%{buildroot}/%{_unitdir}/sssd.service" +rm -Rf "%{buildroot}/%{_initddir}" +ln -s service "%{buildroot}/%{_sbindir}/rcsssd" -mkdir -p "$b/%sssdstatedir/mc" -mkdir -p "$b/%_sysconfdir/ld.so.conf.d" -cat >"$b/%_sysconfdir/ld.so.conf.d/sssd-wbclient.conf" <<-EOF - %_libdir/%name/modules +mkdir -p "%{buildroot}/%{sssdstatedir}/mc" +mkdir -p "%{buildroot}/%{_sysconfdir}/ld.so.conf.d" +cat >"%{buildroot}/%{_sysconfdir}/ld.so.conf.d/sssd-wbclient.conf" <<-EOF + %{_libdir}/%{name}/modules EOF -find "$b" -type f -name "*.la" -delete +find "%{buildroot}" -type f -name "*.la" -delete -rm -Rf "$b/%_sysconfdir/dbus-1" "$b/%_datadir/dbus-1" +rm -Rf "%{buildroot}/%{_sysconfdir}/dbus-1" "%{buildroot}/%{_datadir}/dbus-1" -%find_lang %name --all-name +%find_lang %{name} --all-name %check # sss_config-tests fails @@ -447,7 +464,7 @@ make %{?_smp_mflags} check ||: %post # migrate config variable krb5_kdcip to krb5_server (bnc#851048) -/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf +/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %{_sysconfdir}/sssd/sssd.conf /sbin/ldconfig %service_add_post sssd.service @@ -456,7 +473,7 @@ make %{?_smp_mflags} check ||: %postun if [ "$1" = "0" ]; then - "%_sbindir/pam-config" -d --sss || : + "%{_sbindir}/pam-config" -d --sss || : fi /sbin/ldconfig # Clear caches, which may have an incompatible format afterwards @@ -477,243 +494,264 @@ rm -f /var/lib/sss/db/*.ldb %files -f sssd.lang %defattr(-,root,root) %doc COPYING -%_unitdir +%{_unitdir} %_bindir/sss_ssh_* -%_sbindir/sssctl -%_sbindir/sssd -%_sbindir/rcsssd -%dir %_mandir/??/ -%dir %_mandir/??/man[158]/ -%_mandir/??/man1/sss_ssh_* -%_mandir/??/man5/sssd-simple.5* -%_mandir/??/man5/sssd-sudo.5* -%_mandir/??/man5/sssd.conf.5* -%_mandir/??/man8/sssd.8* -%_mandir/man1/sss_ssh_* -%_mandir/man8/sssctl.8* -%_mandir/man5/sssd-files.5* -%_mandir/man5/sssd-simple.5* -%_mandir/man5/sssd-sudo.5* -%_mandir/man5/sssd.conf.5* -%_mandir/man8/sssd.8* -%dir %_libdir/%name/ -%_libdir/%name/conf/ -%_libdir/%name/libsss_child* -%_libdir/%name/libsss_cert* -%_libdir/%name/libsss_crypt* -%_libdir/%name/libsss_debug* -%_libdir/%name/libsss_files* -%_libdir/%name/libsss_semanage* -%_libdir/%name/libsss_simple* -%_libdir/%name/libsss_util* -%dir %_libdir/%name/modules/ -%_libdir/%name/modules/libsss_autofs.so -%_libdir/libsss_sudo.so -%dir %_libdir/ldb/ -%_libdir/ldb/memberof.so -%dir %_libexecdir/%name/ -%_libexecdir/%name/sssd_autofs -%_libexecdir/%name/sssd_be -%_libexecdir/%name/sssd_nss -%_libexecdir/%name/sssd_pam -%_libexecdir/%name/sssd_ssh -%_libexecdir/%name/sssd_sudo -%_libexecdir/%name/sss_signal -%dir %sssdstatedir -%attr(700,root,root) %dir %dbpath/ -%attr(755,root,root) %dir %pipepath/ -%attr(700,root,root) %dir %pipepath/private/ -%attr(755,root,root) %dir %pubconfpath/ -%attr(755,root,root) %dir %sssdstatedir/mc/ -%attr(700,root,root) %dir %sssdstatedir/keytabs/ -%attr(750,root,root) %dir %_localstatedir/log/%name/ -%dir %_sysconfdir/sssd/ -%config(noreplace) %_sysconfdir/sssd/sssd.conf -%dir %_sysconfdir/sssd/conf.d -%dir %_sysconfdir/pam.d/ -%config(noreplace) %_sysconfdir/pam.d/sssd-shadowutils -%dir %_datadir/%name/ -%_datadir/%name/cfg_rules.ini -%_datadir/%name/sssd.api.conf -%dir %_datadir/%name/sssd.api.d/ -%_datadir/%name/sssd.api.d/sssd-local.conf -%_datadir/%name/sssd.api.d/sssd-simple.conf +%{_sbindir}/sssctl +%{_sbindir}/sssd +%{_sbindir}/rcsssd +%dir %{_mandir}/??/ +%dir %{_mandir}/??/man[158]/ +%{_mandir}/??/man1/sss_ssh_* +%{_mandir}/??/man5/sssd-simple.5* +%{_mandir}/??/man5/sssd-sudo.5* +#%{_mandir}/??/man5/sssd.conf.5* +%{_mandir}/??/man8/sssd.8* +%{_mandir}/??/man5/sss-certmap.5.gz +%{_mandir}/??/man5/sssd-ad.5.gz +%{_mandir}/??/man5/sssd-files.5.gz +%{_mandir}/??/man5/sssd-secrets.5.gz +%{_mandir}/??/man5/sssd.conf.5.gz +%{_mandir}/??/man8/idmap_sss.8.gz +%{_mandir}/??/man8/sssctl.8.gz +%{_mandir}/??/man8/sssd-kcm.8.gz +%{_mandir}/??/man5/sssd-simple.5* +%{_mandir}/man1/sss_ssh_* +%{_mandir}/man8/sssctl.8* +%{_mandir}/man5/sssd-files.5* +%{_mandir}/man5/sssd-simple.5* +%{_mandir}/man5/sssd-sudo.5* +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sss-certmap.5.gz +%{_mandir}/man5/sssd-session-recording.5.gz +%{_mandir}/man8/sssd.8* +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/conf/ +%{_libdir}/%{name}/libsss_child* +%{_libdir}/%{name}/libsss_cert* +%{_libdir}/%{name}/libsss_crypt* +%{_libdir}/%{name}/libsss_debug* +%{_libdir}/%{name}/libsss_files* +%{_libdir}/%{name}/libsss_semanage* +%{_libdir}/%{name}/libsss_simple* +%{_libdir}/%{name}/libsss_util* +%dir %{_libdir}/%{name}/modules/ +%{_libdir}/%{name}/modules/libsss_autofs.so +%{_libdir}/libsss_sudo.so +%dir %{_libdir}/ldb/ +%{_libdir}/ldb/memberof.so +%dir %{_libexecdir}/%{name}/ +%{_libexecdir}/%{name}/sssd_autofs +%{_libexecdir}/%{name}/sssd_be +%{_libexecdir}/%{name}/sssd_nss +%{_libexecdir}/%{name}/sssd_pam +%{_libexecdir}/%{name}/sssd_ssh +%{_libexecdir}/%{name}/sssd_sudo +%{_libexecdir}/%{name}/sss_signal +%dir %{sssdstatedir} +%attr(700,root,root) %dir %{dbpath}/ +%attr(755,root,root) %dir %{pipepath}/ +%attr(700,root,root) %dir %{pipepath}/private/ +%attr(755,root,root) %dir %{pubconfpath}/ +%attr(755,root,root) %dir %{sssdstatedir}/mc/ +%attr(700,root,root) %dir %{sssdstatedir}/keytabs/ +%attr(750,root,root) %dir %{_localstatedir}/log/%{name}/ +%dir %{_sysconfdir}/sssd/ +%config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%dir %{_sysconfdir}/sssd/conf.d +%dir %{_sysconfdir}/pam.d/ +%config(noreplace) %{_sysconfdir}/pam.d/sssd-shadowutils +%dir %{_datadir}/%{name}/ +%{_datadir}/%{name}/cfg_rules.ini +%{_datadir}/%{name}/sssd.api.conf +%dir %{_datadir}/%{name}/sssd.api.d/ +%{_datadir}/%{name}/sssd.api.d/sssd-local.conf +%{_datadir}/%{name}/sssd.api.d/sssd-simple.conf # # sssd-client # -/%_lib/libnss_sss.so.2 -/%_lib/security/pam_sss.so -%_libdir/cifs-utils/ -%_libdir/krb5/ -%_libdir/%name/modules/sssd_krb5_localauth_plugin.so -%_mandir/??/man8/pam_sss.8* -%_mandir/??/man8/sssd_krb5_locator_plugin.8* -%_mandir/man8/pam_sss.8* -%_mandir/man8/sssd_krb5_locator_plugin.8* +/%{_lib}/libnss_sss.so.2 +/%{_lib}/security/pam_sss.so +%{_libdir}/cifs-utils/ +%{_libdir}/krb5/ +%{_libdir}/%{name}/modules/sssd_krb5_localauth_plugin.so +%{_mandir}/??/man8/pam_sss.8* +%{_mandir}/??/man8/sssd_krb5_locator_plugin.8* +%{_mandir}/man8/pam_sss.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* %files ad %defattr(-,root,root) -%dir %_libdir/%name/ -%_libdir/%name/libsss_ad.so -%dir %_libexecdir/%name/ -%_libexecdir/%name/sssd_pac -%_libexecdir/%name/gpo_child -%dir %_datadir/%name/ -%dir %_datadir/%name/sssd.api.d/ -%_datadir/%name/sssd.api.d/sssd-ad.conf -%_mandir/man5/sssd-ad.5* -%dir %_mandir/??/ -%dir %_mandir/??/man5/ +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/libsss_ad.so +%dir %{_libexecdir}/%{name}/ +%{_libexecdir}/%{name}/sssd_pac +%{_libexecdir}/%{name}/gpo_child +%dir %{_datadir}/%{name}/ +%dir %{_datadir}/%{name}/sssd.api.d/ +%{_datadir}/%{name}/sssd.api.d/sssd-ad.conf +%{_mandir}/man5/sssd-ad.5* +%dir %{_mandir}/??/ +%dir %{_mandir}/??/man5/ %files dbus %defattr(-,root,root) -%dir %_libexecdir/sssd/ -%_libexecdir/sssd/sssd_ifp -%dir %_libdir/sssd/ -%_mandir/man5/sssd-ifp.5* -%dir %_mandir/??/ -%dir %_mandir/??/man5/ -%_mandir/??/man5/sssd-ifp.5* +%dir %{_libexecdir}/sssd/ +%{_libexecdir}/sssd/sssd_ifp +%dir %{_libdir}/sssd/ +%{_mandir}/man5/sssd-ifp.5* +%dir %{_mandir}/??/ +%dir %{_mandir}/??/man5/ +%{_mandir}/??/man5/sssd-ifp.5* %files ipa %defattr(-,root,root) -%dir %_libdir/%name/ -%_libdir/%name/libsss_ipa* -%dir %_datadir/%name/ -%dir %_datadir/%name/sssd.api.d -%_datadir/%name/sssd.api.d/sssd-ipa.conf -%_mandir/man5/sssd-ipa.5* -%dir %_mandir/??/ -%dir %_mandir/??/man5/ -%_mandir/??/man5/sssd-ipa.5* +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/libsss_ipa* +%dir %{_datadir}/%{name}/ +%dir %{_datadir}/%{name}/sssd.api.d +%{_datadir}/%{name}/sssd.api.d/sssd-ipa.conf +%{_mandir}/man5/sssd-ipa.5* +%dir %{_mandir}/??/ +%dir %{_mandir}/??/man5/ +%{_mandir}/??/man5/sssd-ipa.5* %files krb5 %defattr(-,root,root) -%dir %_libdir/%name/ -%_libdir/%name/libsss_krb5.so -%dir %_datadir/%name/ -%dir %_datadir/%name/sssd.api.d/ -%_datadir/%name/sssd.api.d/sssd-krb5.conf -%dir %_mandir/??/ -%dir %_mandir/??/man5/ -%_mandir/man5/sssd-krb5.5* -%_mandir/??/man5/sssd-krb5.5* +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/libsss_krb5.so +%dir %{_datadir}/%{name}/ +%dir %{_datadir}/%{name}/sssd.api.d/ +%{_datadir}/%{name}/sssd.api.d/sssd-krb5.conf +%dir %{_mandir}/??/ +%dir %{_mandir}/??/man5/ +%{_mandir}/man5/sssd-krb5.5* +%{_mandir}/??/man5/sssd-krb5.5* %files krb5-common %defattr(-,root,root) -%dir %_libdir/%name/ -%_libdir/%name/libsss_krb5_common.so -%dir %_libexecdir/%name/ -%_libexecdir/%name/krb5_child -%_libexecdir/%name/ldap_child +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/libsss_krb5_common.so +%dir %{_libexecdir}/%{name}/ +%{_libexecdir}/%{name}/krb5_child +%{_libexecdir}/%{name}/ldap_child %files ldap %defattr(-,root,root) -%dir %_libdir/%name/ -%_libdir/%name/libsss_ldap* -%dir %_datadir/%name/ -%dir %_datadir/%name/sssd.api.d/ -%_datadir/%name/sssd.api.d/sssd-ldap.conf -%_mandir/man5/sssd-ldap.5* -%dir %_mandir/??/ -%dir %_mandir/??/man5/ -%_mandir/??/man5/sssd-ldap.5* +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/libsss_ldap* +%dir %{_datadir}/%{name}/ +%dir %{_datadir}/%{name}/sssd.api.d/ +%{_datadir}/%{name}/sssd.api.d/sssd-ldap.conf +%{_mandir}/man5/sssd-ldap.5* +%dir %{_mandir}/??/ +%dir %{_mandir}/??/man5/ +%{_mandir}/??/man5/sssd-ldap.5* %files proxy %defattr(-,root,root) -%dir %_libdir/%name/ -%_libdir/%name/libsss_proxy.so -%dir %_libexecdir/%name/ -%_libexecdir/%name/proxy_child -%dir %_datadir/%name/ -%dir %_datadir/%name/sssd.api.d/ -%_datadir/%name/sssd.api.d/sssd-proxy.conf +%dir %{_libdir}/%{name}/ +%{_libdir}/%{name}/libsss_proxy.so +%dir %{_libexecdir}/%{name}/ +%{_libexecdir}/%{name}/proxy_child +%dir %{_datadir}/%{name}/ +%dir %{_datadir}/%{name}/sssd.api.d/ +%{_datadir}/%{name}/sssd.api.d/sssd-proxy.conf %files tools %defattr(-,root,root) -%_sbindir/sss_cache -%_sbindir/sss_debuglevel -%_sbindir/sss_groupadd -%_sbindir/sss_groupdel -%_sbindir/sss_groupmod -%_sbindir/sss_groupshow -%_sbindir/sss_seed -%_sbindir/sss_obfuscate -%_sbindir/sss_override -%_sbindir/sss_useradd -%_sbindir/sss_userdel -%_sbindir/sss_usermod -%_sbindir/sss_override -%dir %_mandir/??/man8/ -%_mandir/??/man8/sss_*.8* -%_mandir/man8/sss_*.8* +%{_sbindir}/sss_cache +%{_sbindir}/sss_debuglevel +%{_sbindir}/sss_groupadd +%{_sbindir}/sss_groupdel +%{_sbindir}/sss_groupmod +%{_sbindir}/sss_groupshow +%{_sbindir}/sss_seed +%{_sbindir}/sss_obfuscate +%{_sbindir}/sss_override +%{_sbindir}/sss_useradd +%{_sbindir}/sss_userdel +%{_sbindir}/sss_usermod +%dir %{_mandir}/??/man8/ +%{_mandir}/??/man8/sss_*.8* +%{_mandir}/man8/sss_*.8* %files wbclient %defattr(-,root,root) -%config %_sysconfdir/ld.so.conf.d/sssd-wbclient.conf -%dir %_libdir/sssd/ -%dir %_libdir/sssd/modules/ -%_libdir/sssd/modules/libwbclient.so.* +%config %{_sysconfdir}/ld.so.conf.d/sssd-wbclient.conf +%dir %{_libdir}/sssd/ +%dir %{_libdir}/sssd/modules/ +%{_libdir}/sssd/modules/libwbclient.so.* %files wbclient-devel %defattr(-,root,root) -%_includedir/wbclient_sssd.h -%dir %_libdir/sssd/ -%dir %_libdir/sssd/modules/ -%_libdir/sssd/modules/libwbclient.so -%_libdir/pkgconfig/wbclient_sssd.pc +%{_includedir}/wbclient_sssd.h +%dir %{_libdir}/sssd/ +%dir %{_libdir}/sssd/modules/ +%{_libdir}/sssd/modules/libwbclient.so +%{_libdir}/pkgconfig/wbclient_sssd.pc %files winbind-idmap %defattr(-,root,root) -%_libdir/samba/ -%_mandir/man8/idmap_sss.8* +%{_libdir}/samba/ +%{_mandir}/man8/idmap_sss.8* %files -n libipa_hbac0 %defattr(-,root,root) -%_libdir/libipa_hbac.so.0* +%{_libdir}/libipa_hbac.so.0* %files -n libipa_hbac-devel %defattr(-,root,root) -%_includedir/ipa_hbac.h -%_libdir/libipa_hbac.so -%_libdir/pkgconfig/ipa_hbac.pc +%{_includedir}/ipa_hbac.h +%{_libdir}/libipa_hbac.so +%{_libdir}/pkgconfig/ipa_hbac.pc + +%files -n libsss_certmap0 +%defattr(-,root,root) +%{_libdir}/libsss_certmap.so +%{_libdir}/libsss_certmap.so.0* + +%files -n libsss_certmap-devel +%defattr(-,root,root) +%{_includedir}/sss_certmap.h +%{_libdir}/libsss_certmap.so +%{_libdir}/pkgconfig/sss_certmap.pc %files -n libnfsidmap-sss %defattr(-,root,root) -%_libdir/libnfsidmap/ -%_mandir/man5/sss_rpcidmapd.5* -%dir %_mandir/??/man5/ -%_mandir/??/man5/sss_rpcidmapd.5* +%{_libdir}/libnfsidmap/ +%{_mandir}/man5/sss_rpcidmapd.5* +%dir %{_mandir}/??/man5/ +%{_mandir}/??/man5/sss_rpcidmapd.5* %files -n libsss_idmap0 %defattr(-,root,root) -%_libdir/libsss_idmap.so.0* +%{_libdir}/libsss_idmap.so.0* %files -n libsss_idmap-devel %defattr(-,root,root) -%_includedir/sss_idmap.h -%_libdir/libsss_idmap.so -%_libdir/pkgconfig/sss_idmap.pc +%{_includedir}/sss_idmap.h +%{_libdir}/libsss_idmap.so +%{_libdir}/pkgconfig/sss_idmap.pc %files -n libsss_nss_idmap0 %defattr(-,root,root) -%_libdir/libsss_nss_idmap.so.0* +%{_libdir}/libsss_nss_idmap.so.0* %files -n libsss_nss_idmap-devel %defattr(-,root,root) -%_includedir/sss_nss_idmap.h -%_libdir/libsss_nss_idmap.so -%_libdir/pkgconfig/sss_nss_idmap.pc +%{_includedir}/sss_nss_idmap.h +%{_libdir}/libsss_nss_idmap.so +%{_libdir}/pkgconfig/sss_nss_idmap.pc %files -n libsss_simpleifp0 %defattr(-,root,root) -%_libdir/libsss_simpleifp.so.0* +%{_libdir}/libsss_simpleifp.so.0* %files -n libsss_simpleifp-devel %defattr(-,root,root) -%_includedir/sss_sifp*.h -%_libdir/libsss_simpleifp.so -%_libdir/pkgconfig/sss_simpleifp.pc +%{_includedir}/sss_sifp*.h +%{_libdir}/libsss_simpleifp.so +%{_libdir}/pkgconfig/sss_simpleifp.pc %files -n python-ipa_hbac %defattr(-,root,root)