diff --git a/0001-krb-recreate-ccache-if-it-was-deleted.patch b/0001-krb-recreate-ccache-if-it-was-deleted.patch deleted file mode 100644 index 51f8634..0000000 --- a/0001-krb-recreate-ccache-if-it-was-deleted.patch +++ /dev/null @@ -1,39 +0,0 @@ -From cae3bf6af22855adc8dd7b270e11207f0a33c385 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 30 Jan 2013 13:45:27 +0100 -Subject: [PATCH] krb: recreate ccache if it was deleted - -https://fedorahosted.org/sssd/ticket/1512 - -If directory where a ccache file was stored was missing and user -was still logged in, we erroneously considered the ccache file -still active. Thus the ccache file was not recreated and user was -unable to login. ---- - src/providers/krb5/krb5_utils.c | 9 ++++++++- - 1 file changed, 8 insertions(+), 1 deletion(-) - -diff --git a/src/providers/krb5/krb5_utils.c b/src/providers/krb5/krb5_utils.c -index b770714be030076203b6578f90ef726226cb72f8..7b56be52497ae66fa536b76ca0561ec3cc3208ce 100644 ---- a/src/providers/krb5/krb5_utils.c -+++ b/src/providers/krb5/krb5_utils.c -@@ -770,8 +770,15 @@ cc_residual_is_used(uid_t uid, const char *ccname, - - ret = lstat(ccname, &stat_buf); - -- if (ret == -1 && errno != ENOENT) { -+ if (ret == -1) { - ret = errno; -+ if (ret == ENOENT) { -+ DEBUG(SSSDBG_FUNC_DATA, ("Cache file [%s] does not exists, " -+ "it will be recreated\n", ccname)); -+ *result = false; -+ return EOK; -+ } -+ - DEBUG(SSSDBG_OP_FAILURE, - ("stat failed [%d][%s].\n", ret, strerror(ret))); - return ret; --- -1.7.11.7 - diff --git a/0002-Don-t-use-srcdir-with-tests.patch b/0002-Don-t-use-srcdir-with-tests.patch deleted file mode 100644 index 968fa2c..0000000 --- a/0002-Don-t-use-srcdir-with-tests.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 2cdcd10751f2e3f152124f698ae35d7947ca4771 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Thu, 31 Jan 2013 18:52:08 +0100 -Subject: [PATCH] Don't use srcdir with tests - -Fixes build with automake 1.13 or newer. ---- - Makefile.am | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 8a47af8ddb4eb274d390ec0bf3010736cb23b992..64708216103e48facf780f246de5668c8e0b26a7 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -146,9 +146,9 @@ check_PROGRAMS = \ - PYTHON_TESTS = - - if BUILD_PYTHON_BINDINGS --PYTHON_TESTS += $(srcdir)/src/config/SSSDConfigTest.py \ -- $(srcdir)/src/tests/pyhbac-test.py \ -- $(srcdir)/src/tests/pysss_murmur-test.py -+PYTHON_TESTS += src/config/SSSDConfigTest.py \ -+ src/tests/pyhbac-test.py \ -+ src/tests/pysss_murmur-test.py - endif - - TESTS = \ --- -1.8.1 - diff --git a/0003-krb5-include-backwards-compatible-declaration-of-krb.patch b/0003-krb5-include-backwards-compatible-declaration-of-krb.patch deleted file mode 100644 index b6cf4db..0000000 --- a/0003-krb5-include-backwards-compatible-declaration-of-krb.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 4e78fab6a1b2e9653a7959cbdb7d54bb750041d0 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 4 Feb 2013 11:30:48 -0500 -Subject: [PATCH] krb5: include backwards compatible declaration of - krb5_trace_info - -krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11 -includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info". - -Do the same in the SSSD to allow compiling with both 1.10 and 1.11. ---- - src/external/krb5.m4 | 2 +- - src/util/sss_krb5.c | 8 +++++++- - 2 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/src/external/krb5.m4 b/src/external/krb5.m4 -index 5bc871128193e19038c7325b7dbab40e94128171..f1679a151b613b3f685953453a314f734419fa41 100644 ---- a/src/external/krb5.m4 -+++ b/src/external/krb5.m4 -@@ -37,7 +37,7 @@ SAVE_LIBS=$LIBS - CFLAGS="$CFLAGS $KRB5_CFLAGS" - LIBS="$LIBS $KRB5_LIBS" - AC_CHECK_HEADERS([krb5.h krb5/krb5.h]) --AC_CHECK_TYPES([krb5_ticket_times, krb5_times], [], [], -+AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], - [ #ifdef HAVE_KRB5_KRB5_H - #include - #else -diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c -index bb61d10938a74d768c31869cae79fa1e348d3693..ab0344c8048523e08dbe29a05aefbc45e2f7668e 100644 ---- a/src/util/sss_krb5.c -+++ b/src/util/sss_krb5.c -@@ -1001,9 +1001,15 @@ sss_krb5_residual_check_type(const char *full_location, - } - - #ifdef HAVE_KRB5_SET_TRACE_CALLBACK -+ -+#ifndef HAVE_KRB5_TRACE_INFO -+/* krb5-1.10 had struct krb5_trace_info, 1.11 has type named krb5_trace_info */ -+typedef struct krb5_trace_info krb5_trace_info; -+#endif /* HAVE_KRB5_TRACE_INFO */ -+ - static void - sss_child_krb5_trace_cb(krb5_context context, -- const struct krb5_trace_info *info, void *data) -+ const krb5_trace_info *info, void *data) - { - if (info == NULL) { - /* Null info means destroy the callback data. */ --- -1.8.1.2 - diff --git a/0004-subdomains-replace-invalid-characters-with-underscor.patch b/0004-subdomains-replace-invalid-characters-with-underscor.patch deleted file mode 100644 index c2564cc..0000000 --- a/0004-subdomains-replace-invalid-characters-with-underscor.patch +++ /dev/null @@ -1,69 +0,0 @@ -From a0388dc52f5461f72f8221c9bb7c92008e1fe2c5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 1 Feb 2013 12:17:47 +0100 -Subject: [PATCH] subdomains: replace invalid characters with underscore in - krb5 mapping file name - -https://fedorahosted.org/sssd/ticket/1795 - -Only alpha-numeric chars, dashes and underscores are allowed in -krb5 include directory. ---- - src/providers/ipa/ipa_subdomains.c | 26 +++++++++++++++++++++++++- - 1 file changed, 25 insertions(+), 1 deletion(-) - -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index ef6195d19de72be7fd2b12a309b33fcf20e0e3a1..f959c4e6eb1d830e3990f552c9f4cf962298ef48 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -287,22 +287,46 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain, - errno_t err; - TALLOC_CTX *tmp_ctx; - const char *mapping_file; -+ char *sanitized_domain; - char *tmp_file = NULL; - int fd = -1; - mode_t old_mode; - FILE *fstream = NULL; - size_t i; - -+ if (domain == NULL || domain->name == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n")); -+ return EINVAL; -+ } -+ - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) return ENOMEM; - -+ sanitized_domain = talloc_strdup(tmp_ctx, domain->name); -+ if (sanitized_domain == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n")); -+ return ENOMEM; -+ } -+ -+ /* only alpha-numeric chars, dashes and underscores are allowed in -+ * krb5 include directory */ -+ for (i = 0; sanitized_domain[i] != '\0'; i++) { -+ if (!isalnum(sanitized_domain[i]) -+ && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') { -+ sanitized_domain[i] = '_'; -+ } -+ } -+ - mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s", -- IPA_SUBDOMAIN_MAPPING_DIR, domain->name); -+ IPA_SUBDOMAIN_MAPPING_DIR, sanitized_domain); - if (!mapping_file) { - ret = ENOMEM; - goto done; - } - -+ DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n", -+ domain->name, mapping_file)); -+ - tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file); - if (tmp_file == NULL) { - ret = ENOMEM; --- -1.7.11.7 - diff --git a/0005-Fix-the-krb5-password-expiration-warning.patch b/0005-Fix-the-krb5-password-expiration-warning.patch deleted file mode 100644 index 3996494..0000000 --- a/0005-Fix-the-krb5-password-expiration-warning.patch +++ /dev/null @@ -1,39 +0,0 @@ -From e354a96bbca5da8525ee51f91907e75af897b856 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Thu, 14 Feb 2013 10:13:59 +0100 -Subject: [PATCH] Fix the krb5 password expiration warning - -https://fedorahosted.org/sssd/ticket/1808 ---- - src/confdb/confdb.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c -index 31efd9443be8490715961c8a45f9352bd1ade653..31c48bd28aee37008687e7e255ebf2ef2d79798a 100644 ---- a/src/confdb/confdb.c -+++ b/src/confdb/confdb.c -@@ -1020,7 +1020,11 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - goto done; - } - -- /* Set the PAM warning time, if specified */ -+ /* Set the PAM warning time, if specified. If not specified, pass on -+ * the "not set" value of "-1" which means "use provider default". The -+ * value 0 means "always display the warning if server sends one" */ -+ domain->pwd_expiration_warning = -1; -+ - val = ldb_msg_find_attr_as_int(res->msgs[0], - CONFDB_DOMAIN_PWD_EXPIRATION_WARNING, - -1); -@@ -1035,6 +1039,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, - } - - if (val > 0) { -+ DEBUG(SSSDBG_CONF_SETTINGS, -+ ("Setting domain password expiration warning to %d days\n", val)); - /* The value is in days, transform it to seconds */ - domain->pwd_expiration_warning = val * 24 * 3600; - } --- -1.8.1.2 - diff --git a/0006-BUILD-Build-shared-components-as-an-internal-shared-.patch b/0006-BUILD-Build-shared-components-as-an-internal-shared-.patch deleted file mode 100644 index 1827aa5..0000000 --- a/0006-BUILD-Build-shared-components-as-an-internal-shared-.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 96453f402831275a39d5fb89c33c9776e148d03f Mon Sep 17 00:00:00 2001 -From: Stephen Gallagher -Date: Fri, 22 Feb 2013 15:58:52 +0100 -Subject: [PATCH] BUILD: Build shared components as an internal shared library - -There is a large amount of duplicated code being linked into multiple -SSSD binaries. Instead of statically linking this code throughout the -SSSD, we should instead create private shared libraries for them and -drop this code on the system only once. ---- - Makefile.am | 25 +++++++++++++++++++------ - contrib/sssd.spec.in | 8 ++++++++ - 2 files changed, 27 insertions(+), 6 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 64708216103e48facf780f246de5668c8e0b26a7..4ff02b8e7f65876c6d42217e955053f420111132 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -176,7 +176,9 @@ krb5authdata_plugin_LTLIBRARIES = \ - sssd_pac_plugin.la - endif - --noinst_LTLIBRARIES = \ -+noinst_LTLIBRARIES = -+ -+pkglib_LTLIBRARIES = \ - libsss_crypt.la - - if HAVE_NSS -@@ -203,6 +205,8 @@ libsss_crypt_la_CFLAGS = \ - $(DHASH_CFLAGS) - libsss_crypt_la_LIBADD = \ - $(SSS_CRYPT_LIBS) -+libsss_crypt_la_LDFLAGS = \ -+ -avoid-version - - if BUILD_PYTHON_BINDINGS - pyexec_LTLIBRARIES = \ -@@ -471,15 +475,18 @@ endif - ##################### - # Utility libraries # - ##################### --noinst_LTLIBRARIES += libsss_debug.la -+pkglib_LTLIBRARIES += libsss_debug.la - libsss_debug_la_SOURCES = \ - src/util/debug.c \ - src/util/sss_log.c -+libsss_debug_la_LDFLAGS = \ -+ -avoid-version - --noinst_LTLIBRARIES += libsss_child.la -+pkglib_LTLIBRARIES += libsss_child.la - libsss_child_la_SOURCES = src/util/child_common.c -+libsss_child_la_LDFLAGS = -avoid-version - --noinst_LTLIBRARIES += libsss_util.la -+pkglib_LTLIBRARIES += libsss_util.la - libsss_util_la_SOURCES = \ - src/confdb/confdb.c \ - src/db/sysdb.c \ -@@ -532,6 +539,7 @@ libsss_util_la_SOURCES += \ - src/db/sysdb_ssh.c \ - src/util/sss_ssh.c - endif -+libsss_util_la_LDFLAGS = -avoid-version - - lib_LTLIBRARIES = libipa_hbac.la libsss_idmap.la - dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc -@@ -1251,7 +1259,7 @@ endif - # Plugin Libraries # - #################### - --noinst_LTLIBRARIES += libsss_ldap_common.la -+pkglib_LTLIBRARIES += libsss_ldap_common.la - libsss_ldap_common_la_SOURCES = \ - src/providers/ldap/ldap_id.c \ - src/providers/ldap/ldap_id_enum.c \ -@@ -1278,6 +1286,8 @@ libsss_ldap_common_la_SOURCES = \ - src/providers/ldap/sdap_range.c \ - src/providers/ldap/sdap_reinit.c \ - src/providers/ldap/sdap.c -+libsss_ldap_common_la_LDFLAGS = \ -+ -avoid-version - - if BUILD_SUDO - libsss_ldap_common_la_SOURCES += \ -@@ -1295,7 +1305,7 @@ libsss_ldap_common_la_SOURCES += \ - endif - - --noinst_LTLIBRARIES += libsss_krb5_common.la -+pkglib_LTLIBRARIES += libsss_krb5_common.la - libsss_krb5_common_la_SOURCES = \ - src/providers/krb5/krb5_utils.c \ - src/providers/krb5/krb5_become_user.c \ -@@ -1307,6 +1317,8 @@ libsss_krb5_common_la_SOURCES = \ - src/providers/krb5/krb5_access.c \ - src/providers/krb5/krb5_child_handler.c \ - src/providers/krb5/krb5_init_shared.c -+libsss_krb5_common_la_LDFLAGS = \ -+ -avoid-version - - libsss_ldap_la_SOURCES = \ - src/util/find_uid.c \ -@@ -1658,6 +1670,7 @@ installsssddirs:: - $(DESTDIR)$(dbusintrospectdir) \ - $(DESTDIR)$(pipepath)/private \ - $(DESTDIR)$(sssdlibdir) \ -+ $(DESTDIR)$(pkglibdir) \ - $(DESTDIR)$(sssdconfdir) \ - $(DESTDIR)$(sssddatadir) \ - $(DESTDIR)$(dbpath) \ -diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in -index 2a0401d1b8bb538fe596b2c762f7e0bbeb1abef9..7f124f5cd9dc602481cb5f4ae7a5a9418b6c8bf9 100644 ---- a/contrib/sssd.spec.in -+++ b/contrib/sssd.spec.in -@@ -385,6 +385,14 @@ rm -rf $RPM_BUILD_ROOT - %{_libdir}/%{name}/libsss_proxy.so - %{_libdir}/%{name}/libsss_simple.so - -+#Internal shared libraries -+%{_libdir}/%{name}/libsss_child.so -+%{_libdir}/%{name}/libsss_crypt.so -+%{_libdir}/%{name}/libsss_debug.so -+%{_libdir}/%{name}/libsss_krb5_common.so -+%{_libdir}/%{name}/libsss_ldap_common.so -+%{_libdir}/%{name}/libsss_util.so -+ - %{ldb_modulesdir}/memberof.so - %{_bindir}/sss_ssh_authorizedkeys - %{_bindir}/sss_ssh_knownhostsproxy --- -1.8.1.2 - diff --git a/0007-krb5-utils-tests-remove-invalid-condition.patch b/0007-krb5-utils-tests-remove-invalid-condition.patch deleted file mode 100644 index f50b1f6..0000000 --- a/0007-krb5-utils-tests-remove-invalid-condition.patch +++ /dev/null @@ -1,27 +0,0 @@ -From ac821fee0289abce3d3afc2878e06341c33ff6b9 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 13 Mar 2013 11:51:18 +0100 -Subject: [PATCH] krb5-utils-tests: remove invalid condition - -This condition is invalid because different_realm is not set, when -EINVAL is returned. It can make the test fail sometimes. ---- - src/tests/krb5_utils-tests.c | 2 -- - 1 file changed, 2 deletions(-) - -diff --git a/src/tests/krb5_utils-tests.c b/src/tests/krb5_utils-tests.c -index bc1890f0b5becf3f316eca31dfd20f30e25fa4f0..aa2f4ed4b8eb39c3aea8fdf53f27f12e096b9233 100644 ---- a/src/tests/krb5_utils-tests.c -+++ b/src/tests/krb5_utils-tests.c -@@ -700,8 +700,6 @@ START_TEST(test_compare_principal_realm) - ret = compare_principal_realm("userABC", "ABC", &different_realm); - fail_unless(ret == EINVAL, "Missing '@' does not cause EINVAL."); - -- fail_unless(different_realm == false, "Same realm but " \ -- "different_realm is not false."); - ret = compare_principal_realm("user@ABC", "ABC", &different_realm); - fail_unless(ret == EOK, "Failure with same realm"); - fail_unless(different_realm == false, "Same realm but " \ --- -1.8.1.4 -