From 9b52793f52ec87a73dd0e64b6e29ce4131d25605 Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Tue, 27 Oct 2009 19:29:01 +0000 Subject: [PATCH] New upstream release Fix segfaults and upgrade issues. Provide newer default configuration. --- .cvsignore | 2 +- ...ion-script-for-pre-0.5-local-domains.patch | 50 ---------------- sources | 2 +- sssd.conf.default | 57 ------------------- sssd.spec | 18 +++--- 5 files changed, 11 insertions(+), 118 deletions(-) delete mode 100644 0001-Fix-migration-script-for-pre-0.5-local-domains.patch delete mode 100644 sssd.conf.default diff --git a/.cvsignore b/.cvsignore index a1b5b4a..fe56c86 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -sssd-0.7.0.tar.gz +sssd-0.7.1.tar.gz diff --git a/0001-Fix-migration-script-for-pre-0.5-local-domains.patch b/0001-Fix-migration-script-for-pre-0.5-local-domains.patch deleted file mode 100644 index 3ed44b4..0000000 --- a/0001-Fix-migration-script-for-pre-0.5-local-domains.patch +++ /dev/null @@ -1,50 +0,0 @@ ->From ff5fd17a20037377889b60a73b2b1f470c67c674 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Mon, 26 Oct 2009 12:54:38 +0100 -Subject: [PATCH] Fix migration script for pre-0.5 local domains - -Configuration files before 0.5.0 did not enforce provider= in local -domains it did special-case by domain name (LOCAL). Our script was -relying on provider= value, this patch adds the special-casing in case -the domain was called LOCAL. ---- - server/upgrade/upgrade_config.py | 13 +++++++++++-- - 1 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/server/upgrade/upgrade_config.py b/server/upgrade/upgrade_config.py -index 87e3990..fe20811 100644 ---- a/server/upgrade/upgrade_config.py -+++ b/server/upgrade/upgrade_config.py -@@ -25,6 +25,7 @@ import sys - import shutil - import traceback - from ConfigParser import RawConfigParser -+from ConfigParser import NoOptionError - from optparse import OptionParser - - class SSSDConfigParser(RawConfigParser): -@@ -211,11 +212,19 @@ class SSSDConfigFile(object): - self._migrate_kw(new_domsec, old_domsec, ldap_kw) - self._migrate_kw(new_domsec, old_domsec, krb5_kw) - -+ # configuration files before 0.5.0 did not enforce provider= in local domains -+ # it did special-case by domain name (LOCAL) -+ try: -+ prv = self._new_config.get(new_domsec, 'id_provider') -+ except NoOptionError: -+ if old_domsec == 'domains/LOCAL': -+ prv = 'local' -+ self._new_config.set(new_domsec, 'id_provider', prv) -+ - # if domain was local, update with parameters from [user_defaults] -- if self._new_config.get(new_domsec, 'id_provider') == 'local': -+ if prv == 'local': - self._migrate_kw(new_domsec, 'user_defaults', user_defaults_kw) - -- - def _migrate_domains(self): - for domain in [ s.replace('domains/','') for s in self._config.sections() if s.startswith("domains/") ]: - domain = domain.strip() --- -1.6.2.5 - diff --git a/sources b/sources index c51859b..22022a6 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -403945c70c902302e5d8babecb24b096 sssd-0.7.0.tar.gz +827ef46d27c54ce790d329a6b1b82586 sssd-0.7.1.tar.gz diff --git a/sssd.conf.default b/sssd.conf.default deleted file mode 100644 index 522948e..0000000 --- a/sssd.conf.default +++ /dev/null @@ -1,57 +0,0 @@ -[sssd] -config_file_version = 2 -# Number of times services should attempt to reconnect in the -# event of a crash or restart before they give up -reconnection_retries = 3 -# if a backend is particularly slow you can raise this timeout here -sbus_timeout = 30 -services = nss, dp, pam -; domains = LOCAL,LDAP -# SSSD will not start if you don't configure any domain. -# Add new domains condifgurations as [domain/] sections. -# Then add the list of domains (in the order you want them to be -# queried in the 'domains" attribute above and uncomment it - - -[nss] -# the following prevents sssd for searching for the root user/group in -# all domains (you can add here a comma separated list of system accounts are -# always going to be /etc/passwd users, or that you want to filter out) -filter_groups = root -filter_users = root -reconnection_retries = 3 - -# The EntryCacheTimeout indicates the number of seconds to retain before -# an entry in cache is considered stale and must block to refresh. -# The EntryCacheNoWaitRefreshTimeout indicates the number of seconds to -# wait before updating the cache out-of-band. (NSS requests will still -# be returned from cache until the full EntryCacheTimeout). Setting this -# value to 0 turns this feature off (default) -; entry_cache_timeout = 600 -; entry_cache_nowait_timeout = 300 - -[pam] -reconnection_retries = 3 - -[dp] -reconnection_retries = 3 - -# Example LOCAL domain that stores all users natively in the SSSD internal -# directory. These local users and groups are not visibile in /etc/passwd, it -# now contains only root and system accounts. -; [domain/LOCAL] -; description = LOCAL Users domain -; id_provider = local -; enumerate = true -; min_id = 500 -; max_id = 999 - -# Example native LDAP domain -; [domain/LDAP] -; id_provider = ldap -; auth_provider = ldap -; ldap_uri = ldap://ldap.mydomain.org -; ldap_user_search_base = dc=mydomain,dc=org -; ldap_tls_reqcert = demand -; cache_credentials = true -; enumerate = true diff --git a/sssd.spec b/sssd.spec index a6afafb..8497773 100644 --- a/sssd.spec +++ b/sssd.spec @@ -2,26 +2,23 @@ %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")} Name: sssd -Version: 0.7.0 -Release: 2%{?dist} +Version: 0.7.1 +Release: 1%{?dist} Group: Applications/System Summary: System Security Services Daemon # The entire source code is GPLv3+ except replace/ which is LGPLv3+ License: GPLv3+ and LGPLv3+ URL: http://fedorahosted.org/sssd Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz -Source1: sssd.conf.default BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch1: 0001-Fix-migration-script-for-pre-0.5-local-domains.patch - ### Dependencies ### Requires: libldb >= 0.9.3 Requires: libtdb >= 1.1.3 -Requires: sssd-client = 0.7.0 +Requires: sssd-client = 0.7.1 Requires(post): python Requires(preun): initscripts chkconfig Requires(postun): /sbin/service @@ -75,8 +72,6 @@ service. %prep %setup -q -%patch1 -p1 -b .upgrade_fixes - %build %configure \ --without-tests \ @@ -97,7 +92,7 @@ make install DESTDIR=$RPM_BUILD_ROOT /usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd -install -m600 %{SOURCE1} $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf +install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ @@ -194,6 +189,11 @@ fi %postun client -p /sbin/ldconfig %changelog +* Tue Oct 27 2009 Stephen Gallagher - 0.7.1-1 +- Fix segfault in sssd_pam when cache_credentials was enabled +- Update the sample configuration +- Fix upgrade issues caused by data provider service removal + * Mon Oct 26 2009 Stephen Gallagher - 0.7.0-2 - Fix upgrade issues from old (pre-0.5.0) releases of SSSD