From c9a7a9b259c1cb9068897275b5afcd718a3d48b4 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Fri, 30 May 2014 22:16:22 +0200 Subject: [PATCH] New upstream release 1.12 beta1 https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1 --- .gitignore | 1 + 0602-FEDORA-Add-CIFS-idmap-plugin.patch | 493 ------------------------ sources | 2 +- sssd.spec | 74 +++- 4 files changed, 71 insertions(+), 499 deletions(-) delete mode 100644 0602-FEDORA-Add-CIFS-idmap-plugin.patch diff --git a/.gitignore b/.gitignore index ab3111e..4d7d32d 100644 --- a/.gitignore +++ b/.gitignore @@ -54,3 +54,4 @@ sssd-1.2.91.tar.gz /sssd-1.11.4.tar.gz /sssd-1.11.5.tar.gz /sssd-1.11.5.1.tar.gz +/sssd-1.12.0beta1.tar.gz diff --git a/0602-FEDORA-Add-CIFS-idmap-plugin.patch b/0602-FEDORA-Add-CIFS-idmap-plugin.patch deleted file mode 100644 index af090fa..0000000 --- a/0602-FEDORA-Add-CIFS-idmap-plugin.patch +++ /dev/null @@ -1,493 +0,0 @@ -From 15b3f9012309ca1c10528139946523bc295a4a9b Mon Sep 17 00:00:00 2001 -From: Benjamin Franzke -Date: Thu, 26 Sep 2013 10:27:33 +0200 -Subject: [PATCH] Add CIFS idmap plugin - -https://fedorahosted.org/sssd/ticket/1534 ---- - Makefile.am | 21 ++ - configure.ac | 2 + - src/conf_macros.m4 | 14 ++ - src/external/cifsidmap.m4 | 16 ++ - src/lib/cifs_idmap_sss/cifs_idmap_sss.c | 340 ++++++++++++++++++++++++++++++++ - src/tests/dlopen-tests.c | 3 + - 6 files changed, 396 insertions(+) - create mode 100644 src/external/cifsidmap.m4 - create mode 100644 src/lib/cifs_idmap_sss/cifs_idmap_sss.c - -diff --git a/Makefile.am b/Makefile.am -index 15c92d9..cb24df8 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -32,6 +32,9 @@ endif - if BUILD_PAC_RESPONDER - krb5authdata_plugindir = @krb5authdatapluginpath@ - endif -+if BUILD_CIFS_IDMAP_PLUGIN -+cifsplugindir = @cifspluginpath@ -+endif - sssdconfdir = $(sysconfdir)/sssd - sssddatadir = $(datadir)/sssd - sssdapiplugindir = $(sssddatadir)/sssd.api.d -@@ -193,6 +196,11 @@ krb5authdata_plugin_LTLIBRARIES = \ - sssd_pac_plugin.la - endif - -+if BUILD_CIFS_IDMAP_PLUGIN -+cifsplugin_LTLIBRARIES = \ -+ cifs_idmap_sss.la -+endif -+ - noinst_LTLIBRARIES = - - pkglib_LTLIBRARIES = \ -@@ -1896,6 +1904,19 @@ pysss_nss_idmap_la_LDFLAGS = \ - -module - endif - -+if BUILD_CIFS_IDMAP_PLUGIN -+cifs_idmap_sss_la_SOURCES = \ -+ src/lib/cifs_idmap_sss/cifs_idmap_sss.c -+cifs_idmap_sss_la_LIBADD = \ -+ libsss_idmap.la \ -+ libsss_nss_idmap.la -+cifs_idmap_sss_la_CFLAGS = \ -+ $(AM_CFLAGS) -+cifs_idmap_sss_la_LDFLAGS = \ -+ -avoid-version \ -+ -module -+endif -+ - ################ - # TRANSLATIONS # - ################ -diff --git a/configure.ac b/configure.ac -index d28d55f..9934b50 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -115,6 +115,7 @@ WITH_KRB5_RCACHE_DIR - WITH_KRB5AUTHDATA_PLUGIN_PATH - WITH_KRB5_CONF - WITH_PYTHON_BINDINGS -+WITH_CIFS_PLUGIN_PATH - WITH_SELINUX - WITH_NSCD - WITH_SEMANAGE -@@ -153,6 +154,7 @@ m4_include([src/external/libkeyutils.m4]) - m4_include([src/external/libnl.m4]) - m4_include([src/external/systemd.m4]) - m4_include([src/external/pac_responder.m4]) -+m4_include([src/external/cifsidmap.m4]) - m4_include([src/external/signal.m4]) - m4_include([src/external/inotify.m4]) - m4_include([src/external/libndr_nbt.m4]) -diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 -index 1aecaea..4be819d 100644 ---- a/src/conf_macros.m4 -+++ b/src/conf_macros.m4 -@@ -265,6 +265,20 @@ AC_DEFUN([WITH_KRB5_PLUGIN_PATH], - AC_SUBST(krb5pluginpath) - ]) - -+AC_DEFUN([WITH_CIFS_PLUGIN_PATH], -+ [ AC_ARG_WITH([cifs-plugin-path], -+ [AC_HELP_STRING([--with-cifs-plugin-path=PATH], -+ [Path to cifs-utils plugin store [/usr/lib/cifs-utils]] -+ ) -+ ] -+ ) -+ cifspluginpath="${libdir}/cifs-utils" -+ if test x"$with_cifs_plugin_path" != x; then -+ cifspluginpath=$with_cifs_plugin_path -+ fi -+ AC_SUBST(cifspluginpath) -+ ]) -+ - AC_DEFUN([WITH_KRB5_RCACHE_DIR], - [ AC_ARG_WITH([krb5-rcache-dir], - [AC_HELP_STRING([--with-krb5-rcache-dir=PATH], -diff --git a/src/external/cifsidmap.m4 b/src/external/cifsidmap.m4 -new file mode 100644 -index 0000000..53cb8b7 ---- /dev/null -+++ b/src/external/cifsidmap.m4 -@@ -0,0 +1,16 @@ -+AC_ARG_ENABLE([cifs-idmap-plugin], -+ [AS_HELP_STRING([--disable-cifs-idmap-plugin], -+ [do not build CIFS idmap plugin])], -+ [build_cifs_idmap_plugin=$enableval], -+ [build_cifs_idmap_plugin=yes]) -+ -+AS_IF([test x$build_cifs_idmap_plugin = xyes], -+ [AC_CHECK_HEADER([cifsidmap.h], [], -+ [AC_MSG_ERROR([you must have the cifsidmap header installed to build the idmap plugin])]) -+ ]) -+ -+AM_CONDITIONAL([BUILD_CIFS_IDMAP_PLUGIN], -+ [test x$build_cifs_idmap_plugin = xyes]) -+ -+AM_COND_IF([BUILD_CIFS_IDMAP_PLUGIN], -+ [AC_DEFINE_UNQUOTED(HAVE_CIFS_IDMAP_PLUGIN, 1, [Build with cifs idmap plugin])]) -diff --git a/src/lib/cifs_idmap_sss/cifs_idmap_sss.c b/src/lib/cifs_idmap_sss/cifs_idmap_sss.c -new file mode 100644 -index 0000000..f914917 ---- /dev/null -+++ b/src/lib/cifs_idmap_sss/cifs_idmap_sss.c -@@ -0,0 +1,340 @@ -+/* -+ Authors: -+ Benjamin Franzke -+ -+ Copyright (C) 2013 Benjamin Franzke -+ -+ This program is free software; you can redistribute it and/or modify -+ it under the terms of the GNU General Public License as published by -+ the Free Software Foundation; either version 3 of the License, or -+ (at your option) any later version. -+ -+ This program is distributed in the hope that it will be useful, -+ but WITHOUT ANY WARRANTY; without even the implied warranty of -+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ GNU General Public License for more details. -+ -+ You should have received a copy of the GNU General Public License -+ along with this program. If not, see . -+*/ -+ -+/* TODO: Support well known SIDs as in samba's -+ * - librpc/idl/security.idl or -+ * - source4/rpc_server/lsa/lsa_lookup.c? -+ */ -+ -+/* TODO: Support of [all] samba's Unix SIDs: -+ * Users: S-1-22-1-%UID -+ * Groups: S-1-22-2-%GID -+ */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+ -+#include "lib/idmap/sss_idmap.h" -+#include "sss_client/idmap/sss_nss_idmap.h" -+ -+#define WORLD_SID "S-1-1-0" -+ -+#ifdef DEBUG -+#include -+#define debug(str, ...) \ -+ syslog(0, "%s: " str "\n", \ -+ __FUNCTION__, ##__VA_ARGS__) -+#else -+#define debug(...) do { } while(0) -+#endif -+ -+struct sssd_ctx { -+ struct sss_idmap_ctx *idmap; -+ const char **errmsg; -+}; -+ -+#define ctx_set_error(ctx, error) \ -+ do { \ -+ *ctx->errmsg = error; \ -+ debug("%s", error ? error : ""); \ -+ } while (0); -+ -+int cifs_idmap_init_plugin(void **handle, const char **errmsg) -+{ -+ struct sssd_ctx *ctx; -+ enum idmap_error_code err; -+ -+ if (handle == NULL || errmsg == NULL) -+ return EINVAL; -+ -+ ctx = malloc(sizeof *ctx); -+ if (!ctx) { -+ *errmsg = "Failed to allocate context"; -+ return -1; -+ } -+ ctx->errmsg = errmsg; -+ ctx_set_error(ctx, NULL); -+ -+ err = sss_idmap_init(NULL, NULL, NULL, &ctx->idmap); -+ if (err != IDMAP_SUCCESS) { -+ ctx_set_error(ctx, idmap_error_string(err)); -+ free(ctx); -+ return -1; -+ } -+ -+ *handle = ctx; -+ return 0; -+} -+ -+void cifs_idmap_exit_plugin(void *handle) -+{ -+ struct sssd_ctx *ctx = handle; -+ -+ debug("exit"); -+ -+ if (ctx == NULL) -+ return; -+ -+ sss_idmap_free(ctx->idmap); -+ -+ free(ctx); -+} -+ -+ -+/* Test with `getcifsacl file` on client. */ -+int cifs_idmap_sid_to_str(void *handle, const struct cifs_sid *csid, -+ char **name) -+{ -+ struct sssd_ctx *ctx = handle; -+ enum idmap_error_code iderr; -+ char *sid; -+ enum sss_id_type id_type; -+ int err; -+ -+ iderr = sss_idmap_bin_sid_to_sid(ctx->idmap, (const uint8_t *) csid, -+ sizeof(*csid), &sid); -+ if (iderr != IDMAP_SUCCESS) { -+ ctx_set_error(ctx, idmap_error_string(iderr)); -+ *name = NULL; -+ return -1; -+ } -+ -+ debug("sid: %s", sid); -+ -+ if (strcmp(sid, WORLD_SID) == 0) { -+ *name = strdup("\\Everyone"); -+ if (!*name) { -+ ctx_set_error(ctx, strerror(ENOMEM)); -+ return ENOMEM; -+ } -+ return 0; -+ } -+ -+ err = sss_nss_getnamebysid(sid, name, &id_type); -+ if (err != 0) { -+ ctx_set_error(ctx, strerror(err)); -+ *name = NULL; -+ return -err; -+ } -+ -+ /* FIXME: Map Samba Unix SIDs? (sid->id and use getpwuid)? */ -+ -+ debug("name: %s", *name); -+ -+ return 0; -+} -+ -+static int sid_to_cifs_sid(struct sssd_ctx *ctx, const char *sid, -+ struct cifs_sid *csid) -+{ -+ uint8_t *bsid = NULL; -+ enum idmap_error_code err; -+ size_t length; -+ -+ err = sss_idmap_sid_to_bin_sid(ctx->idmap, -+ sid, &bsid, &length); -+ if (err != IDMAP_SUCCESS) { -+ ctx_set_error(ctx, idmap_error_string(err)); -+ return -1; -+ } -+ if (length > sizeof(struct cifs_sid)) { -+ ctx_set_error(ctx, "too large sid length"); -+ free(bsid); -+ return -1; -+ } -+ -+ memcpy(csid, bsid, length); -+ free(bsid); -+ -+ return 0; -+} -+ -+/* Test with setcifsacl -a */ -+int cifs_idmap_str_to_sid(void *handle, const char *name, -+ struct cifs_sid *csid) -+{ -+ struct sssd_ctx *ctx = handle; -+ int err; -+ enum sss_id_type id_type; -+ char *sid = NULL; -+ int success = 0; -+ -+ debug("%s", name); -+ -+ err = sss_nss_getsidbyname(name, &sid, &id_type); -+ if (err != 0) { -+ /* Might be a raw string representation of SID, -+ * try converting that before returning an error. */ -+ if (sid_to_cifs_sid(ctx, name, csid) == 0) -+ return 0; -+ -+ ctx_set_error(ctx, strerror(err)); -+ return -err; -+ } -+ -+ if (sid_to_cifs_sid(ctx, sid, csid) != 0) -+ success = -1; -+ -+ free(sid); -+ -+ return success; -+} -+ -+static int samba_unix_sid_to_id(const char *sid, struct cifs_uxid *cuxid) -+{ -+ id_t id; -+ uint8_t type; -+ -+ if (sscanf(sid, "S-1-22-%hhu-%u", &type, &id) != 2) -+ return -1; -+ -+ switch (type) { -+ case 1: -+ cuxid->type = CIFS_UXID_TYPE_UID; -+ cuxid->id.uid = id; -+ break; -+ case 2: -+ cuxid->type = CIFS_UXID_TYPE_GID; -+ cuxid->id.gid = id; -+ break; -+ default: -+ cuxid->type = CIFS_UXID_TYPE_UNKNOWN; -+ return -1; -+ } -+ -+ return 0; -+} -+ -+static int sss_sid_to_id(struct sssd_ctx *ctx, const char *sid, -+ struct cifs_uxid *cuxid) -+{ -+ int err; -+ enum sss_id_type id_type; -+ -+ err = sss_nss_getidbysid(sid, (uint32_t *)&cuxid->id.uid, &id_type); -+ if (err != 0) { -+ ctx_set_error(ctx, strerror(err)); -+ return -1; -+ } -+ -+ switch (id_type) { -+ case SSS_ID_TYPE_UID: -+ cuxid->type = CIFS_UXID_TYPE_UID; -+ break; -+ case SSS_ID_TYPE_GID: -+ cuxid->type = CIFS_UXID_TYPE_GID; -+ break; -+ case SSS_ID_TYPE_BOTH: -+ cuxid->type = CIFS_UXID_TYPE_BOTH; -+ break; -+ case SSS_ID_TYPE_NOT_SPECIFIED: -+ default: -+ return -1; -+ } -+ -+ return 0; -+} -+ -+/** -+ * cifs_idmap_sids_to_ids - convert struct cifs_sids to struct cifs_uxids -+ * usecase: mount.cifs -o sec=krb5,multiuser,cifsacl,nounix -+ * test: ls -n on mounted share -+ */ -+int cifs_idmap_sids_to_ids(void *handle, const struct cifs_sid *csid, -+ const size_t num, struct cifs_uxid *cuxid) -+{ -+ struct sssd_ctx *ctx = handle; -+ enum idmap_error_code err; -+ int success = -1; -+ size_t i; -+ char *sid; -+ -+ debug("num: %zd", num); -+ -+ if (num > UINT_MAX) { -+ ctx_set_error(ctx, "num is too large."); -+ return EINVAL; -+ } -+ -+ for (i = 0; i < num; ++i) { -+ err = sss_idmap_bin_sid_to_sid(ctx->idmap, (const uint8_t *) &csid[i], -+ sizeof(csid[i]), &sid); -+ if (err != IDMAP_SUCCESS) { -+ ctx_set_error(ctx, idmap_error_string(err)); -+ continue; -+ } -+ -+ cuxid[i].type = CIFS_UXID_TYPE_UNKNOWN; -+ -+ if (sss_sid_to_id(ctx, sid, &cuxid[i]) == 0 || -+ samba_unix_sid_to_id(sid, &cuxid[i]) == 0) { -+ -+ debug("setting uid of %s to %d", sid, cuxid[i].id.uid); -+ success = 0; -+ } -+ -+ free(sid); -+ } -+ -+ return success; -+} -+ -+ -+int cifs_idmap_ids_to_sids(void *handle, const struct cifs_uxid *cuxid, -+ const size_t num, struct cifs_sid *csid) -+{ -+ struct sssd_ctx *ctx = handle; -+ int err, success = -1; -+ char *sid; -+ enum sss_id_type id_type; -+ size_t i; -+ -+ debug("num ids: %zd", num); -+ -+ if (num > UINT_MAX) { -+ ctx_set_error(ctx, "num is too large."); -+ return EINVAL; -+ } -+ -+ for (i = 0; i < num; ++i) { -+ err = sss_nss_getsidbyid((uint32_t)cuxid[i].id.uid, &sid, &id_type); -+ if (err != 0) { -+ ctx_set_error(ctx, strerror(err)); -+ csid[i].revision = 0; -+ /* FIXME: would it be safe to map *any* uid/gids unknown by sssd to -+ * SAMBA's UNIX SIDs? */ -+ continue; -+ } -+ -+ if (sid_to_cifs_sid(ctx, sid, csid) == 0) -+ success = 0; -+ else -+ csid[i].revision = 0; -+ free(sid); -+ } -+ -+ return success; -+} -diff --git a/src/tests/dlopen-tests.c b/src/tests/dlopen-tests.c -index 67fc41c..40e02da 100644 ---- a/src/tests/dlopen-tests.c -+++ b/src/tests/dlopen-tests.c -@@ -56,6 +56,9 @@ struct so { - #ifdef HAVE_PAC_RESPONDER - { "sssd_pac_plugin.so", { LIBPFX"sssd_pac_plugin.so", NULL } }, - #endif -+#ifdef HAVE_CIFS_IDMAP_PLUGIN -+ { "cifs_idmap_sss.so", { LIBPFX"cifs_idmap_sss.so", NULL } }, -+#endif - { "memberof.so", { LIBPFX"memberof.so", NULL } }, - { "libsss_child.so", { "libtevent.so", - LIBPFX"libsss_debug.so", --- -1.8.3.1 - diff --git a/sources b/sources index 4106d9d..3ab392b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -1aa92011bf08adaf66199c28a2973c9a sssd-1.11.5.1.tar.gz +d3a23b2192c7ea9454efc09592fa462a sssd-1.12.0beta1.tar.gz diff --git a/sssd.spec b/sssd.spec index 39e5f19..b5a4a8e 100644 --- a/sssd.spec +++ b/sssd.spec @@ -13,17 +13,16 @@ %global ldb_version 1.1.17 Name: sssd -Version: 1.11.5.1 -Release: 4%{?dist} +Version: 1.12.0 +Release: 1%{?dist}.beta1 Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ URL: http://fedorahosted.org/sssd/ -Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz +Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}beta1.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch0602: 0602-FEDORA-Add-CIFS-idmap-plugin.patch ### Dependencies ### Requires: sssd-common = %{version}-%{release} @@ -85,6 +84,8 @@ BuildRequires: diffstat BuildRequires: findutils BuildRequires: samba4-devel >= 4.0.0-59beta2 BuildRequires: selinux-policy-targeted +BuildRequires: systemd-devel +BuildRequires: libsmbclient-devel %ifarch %{ix86} x86_64 %{arm} BuildRequires: libcmocka-devel %endif @@ -347,6 +348,38 @@ Requires: libsss_nss_idmap = %{version}-%{release} The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can be used by Python applications. +%package dbus +Summary: The D-Bus responder of the SSSD +Group: Applications/System +License: GPLv3+ +BuildRequires: augeas-devel +Requires: sssd-common = %{version}-%{release} + +%description dbus +Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows +the information from the SSSD to be transmitted over the system bus. + +%package -n libsss_simpleifp +Summary: The SSSD D-Bus responder helper library +Group: Development/Libraries +License: GPLv3+ +Requires: dbus-libs +Requires(post): /sbin/ldconfig +Requires(postun): /sbin/ldconfig + +%description -n libsss_simpleifp +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + +%package -n libsss_simpleifp-devel +Summary: The SSSD D-Bus responder helper library +Group: Development/Libraries +License: GPLv3+ +Requires: dbus-devel +Requires: libsss_simpleifp = %{version}-%{release} + +%description -n libsss_simpleifp-devel +Provides library that simplifies D-Bus API for the SSSD InfoPipe responder. + %prep # Update timestamps on the files touched by a patch, to avoid non-equal # .pyc/.pyo files across the multilib peers within a build, where "Level" @@ -363,7 +396,7 @@ UpdateTimestamps() { done } -%setup -q +%setup -q -n %{name}-1.11.90 for p in %patches ; do %__patch -p1 -i $p @@ -600,6 +633,7 @@ rm -rf $RPM_BUILD_ROOT %defattr(-,root,root,-) %doc COPYING %{_libdir}/%{name}/libsss_ad.so +%{_libdir}/%{name}/libsss_ad_common.so %{_mandir}/man5/sssd-ad.5* %files proxy @@ -608,6 +642,32 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/%{servicename}/proxy_child %{_libdir}/%{name}/libsss_proxy.so +%files dbus +%defattr(-,root,root,-) +%doc COPYING +%{_libexecdir}/%{servicename}/sssd_ifp +%{_mandir}/man5/sssd-ifp.5* +# InfoPipe DBus plumbing +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%{_libdir}/%{name}/libsss_config.so + +%files -n libsss_simpleifp +%defattr(-,root,root,-) +%{_libdir}/libsss_simpleifp.so.* + +%files -n libsss_simpleifp-devel +%defattr(-,root,root,-) +%if 0%{?fedora} +%doc sss_simpleifp_doc/html +%endif +%if 0%{?rhel} >= 6 +%doc sss_simpleifp_doc/html +%endif +%{_includedir}/sss_sifp.h +%{_includedir}/sss_sifp_dbus.h +%{_libdir}/libsss_simpleifp.so +%{_libdir}/pkgconfig/sss_simpleifp.pc + %files client -f sssd_client.lang %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER @@ -738,6 +798,10 @@ fi %postun -n libsss_idmap -p /sbin/ldconfig %changelog +* Fri May 30 2014 Jakub Hrozek - 1.10.0-1.alpha1 +- New upstream release 1.12 beta1 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1 + * Thu May 29 2014 Jakub Hrozek - 1.11.5.1-4 - Rebuild against new ding-libs