diff --git a/.gitignore b/.gitignore index e6a01ca..b0a99f3 100644 --- a/.gitignore +++ b/.gitignore @@ -44,3 +44,4 @@ sssd-1.2.91.tar.gz /sssd-1.10.0alpha1.tar.gz /sssd-1.10.0beta1.tar.gz /sssd-1.10.0beta2.tar.gz +/sssd-1.10.0.tar.gz diff --git a/0001-Bumping-the-version-for-the-1.10-final-release.patch b/0001-Bumping-the-version-for-the-1.10-final-release.patch deleted file mode 100644 index d08f64c..0000000 --- a/0001-Bumping-the-version-for-the-1.10-final-release.patch +++ /dev/null @@ -1,23 +0,0 @@ -From 376e39bc7a7f49f08fd51b1a00aa5d2a456b2314 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 11 Jun 2013 17:44:04 +0200 -Subject: [PATCH 01/12] Bumping the version for the 1.10 final release - ---- - version.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/version.m4 b/version.m4 -index 1435f6999f6d4ffb06ad0dfd4261b03357fd0cfa..4066d317aae67fee317d13a67abec0dae3ce14aa 100644 ---- a/version.m4 -+++ b/version.m4 -@@ -1,5 +1,5 @@ - # Primary version number --m4_define([VERSION_NUMBER], [1.9.94]) -+m4_define([VERSION_NUMBER], [1.9.95]) - - # If the PRERELEASE_VERSION_NUMBER is set, we'll append - # it to the release tag when creating an RPM or SRPM --- -1.8.2.1 - diff --git a/0002-Change-order-of-libraries-in-linking-process.patch b/0002-Change-order-of-libraries-in-linking-process.patch deleted file mode 100644 index b5af64f..0000000 --- a/0002-Change-order-of-libraries-in-linking-process.patch +++ /dev/null @@ -1,31 +0,0 @@ -From fd98a28d6e94080e52bbedc789b06606a6019b10 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 12 Jun 2013 13:24:12 +0200 -Subject: [PATCH 02/12] Change order of libraries in linking process. - -It seems that some linkers have problem with wrong order of libraries. -This commit only change order. ---- - Makefile.am | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 93e3a6fc0ce063cb3c874bd90e0b1773fe053386..88e29fff4f6f1f3686c02ca23b5a6f4725f22797 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -577,10 +577,10 @@ endif - libsss_util_la_LDFLAGS = -avoid-version - - SSSD_INTERNAL_LTLIBS = \ -+ libsss_util.la \ - libsss_crypt.la \ - libsss_debug.la \ -- libsss_child.la \ -- libsss_util.la -+ libsss_child.la - - lib_LTLIBRARIES = libipa_hbac.la libsss_idmap.la libsss_nss_idmap.la - dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc --- -1.8.2.1 - diff --git a/0003-be_ptask-send-and-recv-shadow-a-global-declaration.patch b/0003-be_ptask-send-and-recv-shadow-a-global-declaration.patch deleted file mode 100644 index 5c0ab38..0000000 --- a/0003-be_ptask-send-and-recv-shadow-a-global-declaration.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 460e43ee4dcc7a5860bcdc3c76ae51ed79921d79 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 12 Jun 2013 09:50:54 +0200 -Subject: [PATCH 03/12] be_ptask: send and recv shadow a global declaration - ---- - src/providers/dp_ptask.c | 18 +++++++++--------- - src/providers/dp_ptask.h | 4 ++-- - 2 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/src/providers/dp_ptask.c b/src/providers/dp_ptask.c -index d3580981b4abea8471c280a647eb558341d738ef..d0f7c6d9700dd9d5cf588c9f72954590f65f82b5 100644 ---- a/src/providers/dp_ptask.c -+++ b/src/providers/dp_ptask.c -@@ -39,8 +39,8 @@ struct be_ptask { - time_t enabled_delay; - time_t timeout; - enum be_ptask_offline offline; -- be_ptask_send_t send; -- be_ptask_recv_t recv; -+ be_ptask_send_t send_fn; -+ be_ptask_recv_t recv_fn; - void *pvt; - const char *name; - -@@ -139,7 +139,7 @@ static void be_ptask_execute(struct tevent_context *ev, - - task->last_execution = time(NULL); - -- task->req = task->send(task, task->ev, task->be_ctx, task, task->pvt); -+ task->req = task->send_fn(task, task->ev, task->be_ctx, task, task->pvt); - if (task->req == NULL) { - /* skip this iteration and try again later */ - DEBUG(SSSDBG_OP_FAILURE, ("Task [%s]: failed to execute task, " -@@ -178,7 +178,7 @@ static void be_ptask_done(struct tevent_req *req) - - task = tevent_req_callback_data(req, struct be_ptask); - -- ret = task->recv(req); -+ ret = task->recv_fn(req); - talloc_zfree(req); - task->req = NULL; - switch (ret) { -@@ -246,8 +246,8 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - time_t enabled_delay, - time_t timeout, - enum be_ptask_offline offline, -- be_ptask_send_t send, -- be_ptask_recv_t recv, -+ be_ptask_send_t send_fn, -+ be_ptask_recv_t recv_fn, - void *pvt, - const char *name, - struct be_ptask **_task) -@@ -255,7 +255,7 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - struct be_ptask *task = NULL; - errno_t ret; - -- if (be_ctx == NULL || period == 0 || send == NULL || recv == NULL -+ if (be_ctx == NULL || period == 0 || send_fn == NULL || recv_fn == NULL - || name == NULL) { - return EINVAL; - } -@@ -272,8 +272,8 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - task->enabled_delay = enabled_delay; - task->timeout = timeout; - task->offline = offline; -- task->send = send; -- task->recv = recv; -+ task->send_fn = send_fn; -+ task->recv_fn = recv_fn; - task->pvt = pvt; - task->name = talloc_strdup(task, name); - if (task->name == NULL) { -diff --git a/src/providers/dp_ptask.h b/src/providers/dp_ptask.h -index ae5f78d586df69bdcfa34bb35f032ad1dbd1b983..7e45862e46c5d9da4eaedca5312e25dcc0eb8abe 100644 ---- a/src/providers/dp_ptask.h -+++ b/src/providers/dp_ptask.h -@@ -81,8 +81,8 @@ errno_t be_ptask_create(TALLOC_CTX *mem_ctx, - time_t enabled_delay, - time_t timeout, - enum be_ptask_offline offline, -- be_ptask_send_t send, -- be_ptask_recv_t recv, -+ be_ptask_send_t send_fn, -+ be_ptask_recv_t recv_fn, - void *pvt, - const char *name, - struct be_ptask **_task); --- -1.8.2.1 - diff --git a/0004-be_refresh-send-and-recv-shadow-a-global-declaration.patch b/0004-be_refresh-send-and-recv-shadow-a-global-declaration.patch deleted file mode 100644 index 2cf0e4b..0000000 --- a/0004-be_refresh-send-and-recv-shadow-a-global-declaration.patch +++ /dev/null @@ -1,98 +0,0 @@ -From d24f0493002037a5809c9fc5ae27fa2ceb81036e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 12 Jun 2013 09:51:10 +0200 -Subject: [PATCH 04/12] be_refresh: send and recv shadow a global declaration - ---- - src/providers/dp_refresh.c | 22 +++++++++++----------- - src/providers/dp_refresh.h | 4 ++-- - 2 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/src/providers/dp_refresh.c b/src/providers/dp_refresh.c -index 59d858549d94660e4abd4f5610eda13dabb9b495..c368668e1def76a7a63cee87d6720239830e7c6b 100644 ---- a/src/providers/dp_refresh.c -+++ b/src/providers/dp_refresh.c -@@ -119,8 +119,8 @@ typedef errno_t - struct be_refresh_cb { - bool enabled; - be_refresh_get_values_t get_values; -- be_refresh_send_t send; -- be_refresh_recv_t recv; -+ be_refresh_send_t send_fn; -+ be_refresh_recv_t recv_fn; - void *pvt; - }; - -@@ -145,11 +145,11 @@ struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx) - - errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - enum be_refresh_type type, -- be_refresh_send_t send, -- be_refresh_recv_t recv, -+ be_refresh_send_t send_fn, -+ be_refresh_recv_t recv_fn, - void *pvt) - { -- if (ctx == NULL || send == NULL || recv == NULL -+ if (ctx == NULL || send_fn == NULL || recv_fn == NULL - || type >= BE_REFRESH_TYPE_SENTINEL) { - return EINVAL; - } -@@ -159,8 +159,8 @@ errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - } - - ctx->callbacks[type].enabled = true; -- ctx->callbacks[type].send = send; -- ctx->callbacks[type].recv = recv; -+ ctx->callbacks[type].send_fn = send_fn; -+ ctx->callbacks[type].recv_fn = recv_fn; - ctx->callbacks[type].pvt = pvt; - - return EOK; -@@ -246,8 +246,8 @@ static errno_t be_refresh_step(struct tevent_req *req) - goto done; - } - -- if (state->cb->get_values == NULL || state->cb->send == NULL -- || state->cb->recv == NULL) { -+ if (state->cb->get_values == NULL || state->cb->send_fn == NULL -+ || state->cb->recv_fn == NULL) { - ret = EINVAL; - goto done; - } -@@ -260,7 +260,7 @@ static errno_t be_refresh_step(struct tevent_req *req) - goto done; - } - -- subreq = state->cb->send(state, state->ev, state->be_ctx, -+ subreq = state->cb->send_fn(state, state->ev, state->be_ctx, - values, state->cb->pvt); - if (subreq == NULL) { - ret = ENOMEM; -@@ -288,7 +288,7 @@ static void be_refresh_done(struct tevent_req *subreq) - req = tevent_req_callback_data(subreq, struct tevent_req); - state = tevent_req_data(req, struct be_refresh_state); - -- ret = state->cb->recv(subreq); -+ ret = state->cb->recv_fn(subreq); - talloc_zfree(subreq); - if (ret != EOK) { - goto done; -diff --git a/src/providers/dp_refresh.h b/src/providers/dp_refresh.h -index a7b324702b0546d8156e8fa395b39fa58b52812d..0dedbc3c14bfb661ebf296a9021fa397769dee66 100644 ---- a/src/providers/dp_refresh.h -+++ b/src/providers/dp_refresh.h -@@ -54,8 +54,8 @@ struct be_refresh_ctx *be_refresh_ctx_init(TALLOC_CTX *mem_ctx); - - errno_t be_refresh_add_cb(struct be_refresh_ctx *ctx, - enum be_refresh_type type, -- be_refresh_send_t send, -- be_refresh_recv_t recv, -+ be_refresh_send_t send_fn, -+ be_refresh_recv_t recv_fn, - void *pvt); - - struct tevent_req *be_refresh_send(TALLOC_CTX *mem_ctx, --- -1.8.2.1 - diff --git a/0005-Use-the-correct-talloc-context-when-creating-AD-subd.patch b/0005-Use-the-correct-talloc-context-when-creating-AD-subd.patch deleted file mode 100644 index ae6f3dd..0000000 --- a/0005-Use-the-correct-talloc-context-when-creating-AD-subd.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 49f3aebcc8614d483c5753109a9d65aa33d301ea Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Tue, 11 Jun 2013 12:48:06 +0200 -Subject: [PATCH 05/12] Use the correct talloc context when creating AD - subdomains - -sdom was only ever guaranteed to be set when a new domain was being -created. sditer is a valid pointer in both cases, so just use that. ---- - src/providers/ad/ad_subdomains.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c -index f4eec6a48019d55436631487a6108be405254766..07b523df5466319739e1f44164b7f08156ea214b 100644 ---- a/src/providers/ad/ad_subdomains.c -+++ b/src/providers/ad/ad_subdomains.c -@@ -120,7 +120,7 @@ ads_store_sdap_subdom(struct ad_subdomains_ctx *ctx, - } - - /* Convert the domain name into search base */ -- ret = domain_to_basedn(sdom, sditer->dom->name, &basedn); -+ ret = domain_to_basedn(sditer, sditer->dom->name, &basedn); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - ("Cannot convert domain name [%s] to base DN [%d]: %s\n", --- -1.8.2.1 - diff --git a/0006-Fix-minor-typos.patch b/0006-Fix-minor-typos.patch deleted file mode 100644 index 6c5aa09..0000000 --- a/0006-Fix-minor-typos.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 1091c0ae2f1596ceb161e5b765a91c23c413b369 Mon Sep 17 00:00:00 2001 -From: Yuri Chornoivan -Date: Tue, 11 Jun 2013 19:12:41 +0300 -Subject: [PATCH 06/12] Fix minor typos - ---- - src/man/sssd-krb5.5.xml | 2 +- - src/man/sssd-ldap.5.xml | 2 +- - src/man/sssd.conf.5.xml | 4 ++-- - src/providers/ipa/ipa_hbac.h | 2 +- - src/tools/tools_mc_util.c | 2 +- - 5 files changed, 6 insertions(+), 6 deletions(-) - -diff --git a/src/man/sssd-krb5.5.xml b/src/man/sssd-krb5.5.xml -index 906aee096d9815bcf32b992260a7f5254b93b947..df124b4d20f7f3b553d2eac554eaf5411c3c8436 100644 ---- a/src/man/sssd-krb5.5.xml -+++ b/src/man/sssd-krb5.5.xml -@@ -455,7 +455,7 @@ - krb5_use_kdcinfo (boolean) - - -- Specifies if the SSSD should be instructing the Kerberos -+ Specifies if the SSSD should instruct the Kerberos - libraries what realm and which KDCs to use. This option - is on by default, if you disable it, you need to configure - the Kerberos library using the -diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml -index 9cd594c7bdcf682b8fd355e8e566229afcb18a43..fd29650e94db917b0afb3f3a73e4082773d1340f 100644 ---- a/src/man/sssd-ldap.5.xml -+++ b/src/man/sssd-ldap.5.xml -@@ -1592,7 +1592,7 @@ - krb5_use_kdcinfo (boolean) - - -- Specifies if the SSSD should be instructing the Kerberos -+ Specifies if the SSSD should instruct the Kerberos - libraries what realm and which KDCs to use. This option - is on by default, if you disable it, you need to configure - the Kerberos library using the -diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml -index d3e393c83e3ba130bab35a4d2153560710e16ba6..8df2bd97c4edb793e74a698b9531b3e7ab7c1abe 100644 ---- a/src/man/sssd.conf.5.xml -+++ b/src/man/sssd.conf.5.xml -@@ -172,7 +172,7 @@ - - domain flat name. Mostly usable - for Active Directory domains, both -- directly configured or disovered -+ directly configured or discovered - via IPA trusts. - - -@@ -1605,7 +1605,7 @@ override_homedir = /home/%u - - domain flat name. Mostly usable - for Active Directory domains, both -- directly configured or disovered -+ directly configured or discovered - via IPA trusts. - - -diff --git a/src/providers/ipa/ipa_hbac.h b/src/providers/ipa/ipa_hbac.h -index 02077e37ebeebd99ba06a9d27311c0885c4e2b7f..8bc2c4f90f32a83d14240abb4979ae265913ae6a 100644 ---- a/src/providers/ipa/ipa_hbac.h -+++ b/src/providers/ipa/ipa_hbac.h -@@ -212,7 +212,7 @@ enum hbac_error_code { - /** Unexpected error */ - HBAC_ERROR_UNKNOWN = -1, - -- /** Succesful evaluation */ -+ /** Successful evaluation */ - HBAC_SUCCESS, - - /** Function is not yet implemented */ -diff --git a/src/tools/tools_mc_util.c b/src/tools/tools_mc_util.c -index 33d5d26dbefaa547da3a5c49947793b485896e83..5d4300fbe4c0fc8fd678d619277f1d8be18f0912 100644 ---- a/src/tools/tools_mc_util.c -+++ b/src/tools/tools_mc_util.c -@@ -111,7 +111,7 @@ done: - /* Closing the file also releases the lock */ - close(mc_fd); - -- /* Only unlink the file if invalidation was succesful */ -+ /* Only unlink the file if invalidation was successful */ - if (ret == EOK) { - pret = unlink(mc_filename); - if (pret == -1) { --- -1.8.2.1 - diff --git a/0007-failover-set-state-out-when-meta-server-remains-in-S.patch b/0007-failover-set-state-out-when-meta-server-remains-in-S.patch deleted file mode 100644 index eae1849..0000000 --- a/0007-failover-set-state-out-when-meta-server-remains-in-S.patch +++ /dev/null @@ -1,26 +0,0 @@ -From d3b39cf07164b23d47bbce3d6e6541b13fc895f5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Thu, 13 Jun 2013 10:32:31 +0200 -Subject: [PATCH 07/12] failover: set state->out when meta server remains in - SRV_RESOLVE_ERROR - -https://fedorahosted.org/sssd/ticket/1886 ---- - src/providers/fail_over.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/providers/fail_over.c b/src/providers/fail_over.c -index 12b6c37828b7da0e68579bbb94668c21574974f1..1d2813589495ebb2ff56e93cddaed9d5172e128e 100644 ---- a/src/providers/fail_over.c -+++ b/src/providers/fail_over.c -@@ -1207,6 +1207,7 @@ resolve_srv_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - break; - case SRV_RESOLVE_ERROR: /* query could not be resolved but don't retry yet */ - ret = EIO; -+ state->out = server; - goto done; - case SRV_RESOLVED: /* The query is resolved and valid. Return. */ - state->out = server; --- -1.8.2.1 - diff --git a/0008-KRB-Handle-preauthentication-error-correctly.patch b/0008-KRB-Handle-preauthentication-error-correctly.patch deleted file mode 100644 index 97b041f..0000000 --- a/0008-KRB-Handle-preauthentication-error-correctly.patch +++ /dev/null @@ -1,76 +0,0 @@ -From 22a21e910fd216ec1468fe769dcc29f1621a52a4 Mon Sep 17 00:00:00 2001 -From: Ondrej Kos -Date: Thu, 13 Jun 2013 15:28:23 +0200 -Subject: [PATCH 08/12] KRB: Handle preauthentication error correctly - -https://fedorahosted.org/sssd/ticket/1873 - -KRB preauthentication error was later mishandled like authentication error. ---- - src/providers/krb5/krb5_auth.c | 6 ++++++ - src/providers/krb5/krb5_child.c | 4 +++- - src/util/util_errors.c | 1 + - src/util/util_errors.h | 1 + - 4 files changed, 11 insertions(+), 1 deletion(-) - -diff --git a/src/providers/krb5/krb5_auth.c b/src/providers/krb5/krb5_auth.c -index f65e5993d54a5a265e4217e7f23d9549915c6b32..f6acfb4891cf5e99878ccfa7994ffeddf5447e2c 100644 ---- a/src/providers/krb5/krb5_auth.c -+++ b/src/providers/krb5/krb5_auth.c -@@ -1026,6 +1026,12 @@ static void krb5_auth_done(struct tevent_req *subreq) - ret = EOK; - goto done; - -+ case ERR_CREDS_INVALID: -+ state->pam_status = PAM_CRED_ERR; -+ state->dp_err = DP_ERR_OK; -+ ret = EOK; -+ goto done; -+ - case ERR_NO_CREDS: - state->pam_status = PAM_CRED_UNAVAIL; - state->dp_err = DP_ERR_OK; -diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c -index 8f746a8db561928349ffed8b7434db2a113a1f86..74d730aaa2e84af111982a450dafd524d411f472 100644 ---- a/src/providers/krb5/krb5_child.c -+++ b/src/providers/krb5/krb5_child.c -@@ -1172,9 +1172,11 @@ static errno_t map_krb5_error(krb5_error_code kerr) - return ERR_CREDS_EXPIRED; - - case KRB5KRB_AP_ERR_BAD_INTEGRITY: -+ return ERR_AUTH_FAILED; -+ - case KRB5_PREAUTH_FAILED: - case KRB5KDC_ERR_PREAUTH_FAILED: -- return ERR_AUTH_FAILED; -+ return ERR_CREDS_INVALID; - - default: - return ERR_INTERNAL; -diff --git a/src/util/util_errors.c b/src/util/util_errors.c -index b617f540691a245d1132469a1f019bcb0eb6e775..22a3045a6f9656d9ab8fe66673301a508e444771 100644 ---- a/src/util/util_errors.c -+++ b/src/util/util_errors.c -@@ -31,6 +31,7 @@ struct err_string error_to_str[] = { - { "Invalid credential type" }, /* ERR_INVALID_CRED_TYPE */ - { "No credentials available" }, /* ERR_NO_CREDS */ - { "Credentials are expired" }, /* ERR_CREDS_EXPIRED */ -+ { "Failure setting user credentials"}, /* ERR_CREDS_INVALID */ - { "No cached credentials available" }, /* ERR_NO_CACHED_CREDS */ - { "Cached credentials are expired" }, /* ERR_CACHED_CREDS_EXPIRED */ - { "Authentication Denied" }, /* ERR_AUTH_DENIED */ -diff --git a/src/util/util_errors.h b/src/util/util_errors.h -index a602a6ea92f72a51f5e21342940b2072bbe9296d..65d37aedb544bb303d7540fc59e1a802aee11898 100644 ---- a/src/util/util_errors.h -+++ b/src/util/util_errors.h -@@ -53,6 +53,7 @@ enum sssd_errors { - ERR_INVALID_CRED_TYPE, - ERR_NO_CREDS, - ERR_CREDS_EXPIRED, -+ ERR_CREDS_INVALID, - ERR_NO_CACHED_CREDS, - ERR_CACHED_CREDS_EXPIRED, - ERR_AUTH_DENIED, --- -1.8.2.1 - diff --git a/0009-AD-Fix-segfault-in-DEBUG-message.patch b/0009-AD-Fix-segfault-in-DEBUG-message.patch deleted file mode 100644 index 7d2d064..0000000 --- a/0009-AD-Fix-segfault-in-DEBUG-message.patch +++ /dev/null @@ -1,25 +0,0 @@ -From bb4172259e04925ffc3a92e4450029634d295134 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Fri, 14 Jun 2013 14:05:24 +0200 -Subject: [PATCH 09/12] AD: Fix segfault in DEBUG message - ---- - src/providers/ad/ad_common.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c -index 1aad85de337870ede08114490398dfbde32bf62f..d53acf9ee03a88c78bca58e664121142a7331ade 100644 ---- a/src/providers/ad/ad_common.c -+++ b/src/providers/ad/ad_common.c -@@ -854,7 +854,7 @@ ad_get_auth_options(TALLOC_CTX *mem_ctx, - ad_opts->service->krb5_service->write_kdcinfo = \ - dp_opt_get_bool(krb5_options, KRB5_USE_KDCINFO); - DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", -- ad_opts->auth[KRB5_USE_KDCINFO].opt_name, -+ krb5_options[KRB5_USE_KDCINFO].opt_name, - ad_opts->service->krb5_service->write_kdcinfo ? "true" : "false")); - - *_opts = talloc_steal(mem_ctx, krb5_options); --- -1.8.2.1 - diff --git a/0010-AD-Remove-ad_options-auth-options-reference.patch b/0010-AD-Remove-ad_options-auth-options-reference.patch deleted file mode 100644 index 635af3d..0000000 --- a/0010-AD-Remove-ad_options-auth-options-reference.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9f1106573a4fca41b99a468d06fa392486faf43c Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Fri, 14 Jun 2013 14:19:25 +0200 -Subject: [PATCH 10/12] AD: Remove ad_options->auth options reference - -The options are stored in ad_options->auth_ctx->opts, this member was -completely unused and confusing. ---- - src/providers/ad/ad_common.h | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h -index 801815528c30ef05956eb51dce7cc6f8b161ffa8..1503059e87d60c90d33c00cdd3ebb55b4f4530f0 100644 ---- a/src/providers/ad/ad_common.h -+++ b/src/providers/ad/ad_common.h -@@ -67,7 +67,6 @@ struct ad_options { - struct ad_id_ctx *id_ctx; - - /* Auth and chpass Provider */ -- struct dp_option *auth; - struct krb5_ctx *auth_ctx; - - /* Dynamic DNS updates */ --- -1.8.2.1 - diff --git a/0011-subdomains-touch-krb5.conf-when-creating-new-domain-.patch b/0011-subdomains-touch-krb5.conf-when-creating-new-domain-.patch deleted file mode 100644 index e403509..0000000 --- a/0011-subdomains-touch-krb5.conf-when-creating-new-domain-.patch +++ /dev/null @@ -1,122 +0,0 @@ -From 03713859dffacc7142393e53c73d8d4cf7dee8d5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Wed, 12 Jun 2013 13:44:19 +0200 -Subject: [PATCH 11/12] subdomains: touch krb5.conf when creating new - domain-realm mappings - -https://fedorahosted.org/sssd/ticket/1815 ---- - configure.ac | 1 + - src/conf_macros.m4 | 13 +++++++++++++ - src/providers/ipa/ipa_subdomains.c | 8 ++++++++ - src/util/sss_krb5.c | 22 ++++++++++++++++++++++ - src/util/sss_krb5.h | 3 +++ - 5 files changed, 47 insertions(+) - -diff --git a/configure.ac b/configure.ac -index e63e678705ee059b984612a6ffab1a10a4f7e7f8..7eeee2e2a069b2c4f7a3408798740cb7aba88513 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -110,6 +110,7 @@ WITH_XML_CATALOG - WITH_KRB5_PLUGIN_PATH - WITH_KRB5_RCACHE_DIR - WITH_KRB5AUTHDATA_PLUGIN_PATH -+WITH_KRB5_CONF - WITH_PYTHON_BINDINGS - WITH_SELINUX - WITH_NSCD -diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 -index c72b3dd73d5a3eac76c17d8ce2568088f78cfcb3..1dd296039719fb29b2dbd40710fe7428ef417e16 100644 ---- a/src/conf_macros.m4 -+++ b/src/conf_macros.m4 -@@ -291,6 +291,19 @@ AC_DEFUN([WITH_KRB5AUTHDATA_PLUGIN_PATH], - AC_SUBST(krb5authdatapluginpath) - ]) - -+AC_DEFUN([WITH_KRB5_CONF], -+ [ AC_ARG_WITH([krb5_conf], -+ [AC_HELP_STRING([--with-krb5-conf=PATH], [Path to krb5.conf file [/etc/krb5.conf]]) -+ ] -+ ) -+ -+ KRB5_CONF_PATH="${sysconfdir}/krb5.conf" -+ if test x"$with_krb5_conf" != x; then -+ KRB5_CONF_PATH=$with_krb5_conf -+ fi -+ AC_DEFINE_UNQUOTED([KRB5_CONF_PATH], ["$KRB5_CONF_PATH"], [KRB5 configuration file]) -+ ]) -+ - AC_DEFUN([WITH_PYTHON_BINDINGS], - [ AC_ARG_WITH([python-bindings], - [AC_HELP_STRING([--with-python-bindings], -diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c -index 18878ae33dc014639cfce0be54f9ca3a44c4ddbb..881f27c5d83f03a7e3bb1afb74fee765906e9148 100644 ---- a/src/providers/ipa/ipa_subdomains.c -+++ b/src/providers/ipa/ipa_subdomains.c -@@ -382,6 +382,14 @@ ipa_subdomains_write_mappings(struct sss_domain_info *domain) - goto done; - } - -+ /* touch krb5.conf to ensure that new mappings are loaded */ -+ ret = sss_krb5_touch_config(); -+ if (ret != EOK) { -+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time " -+ "of krb5.conf. Created mappings may not be loaded.\n")); -+ /* just continue */ -+ } -+ - ret = EOK; - done: - if (fstream) { -diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c -index 674e9fcdd99e3d1df26b0db9854a80a6e3870d33..74db98fe9ee4cba858de5b459f0a5540003c63f8 100644 ---- a/src/util/sss_krb5.c -+++ b/src/util/sss_krb5.c -@@ -20,6 +20,7 @@ - #include - #include - #include -+#include - - #include "config.h" - -@@ -1176,3 +1177,24 @@ done: - return ENOTSUP; - #endif - } -+ -+errno_t sss_krb5_touch_config(void) -+{ -+ const char *config = NULL; -+ errno_t ret; -+ -+ config = getenv("KRB5_CONFIG"); -+ if (config == NULL) { -+ config = KRB5_CONF_PATH; -+ } -+ -+ ret = utime(config, NULL); -+ if (ret == -1) { -+ ret = errno; -+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" " -+ "[%d]: %s\n", config, strerror(ret))); -+ return ret; -+ } -+ -+ return EOK; -+} -diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h -index 5fe7178c1aed8afaa9d85be99dd91634e0cedb36..9bae2f92b6d132ffd2631773deee4e9c56ad483d 100644 ---- a/src/util/sss_krb5.h -+++ b/src/util/sss_krb5.h -@@ -191,4 +191,7 @@ krb5_error_code sss_extract_pac(krb5_context ctx, - krb5_principal client_principal, - krb5_keytab keytab, - krb5_authdata ***_pac_authdata); -+ -+errno_t sss_krb5_touch_config(void); -+ - #endif /* __SSS_KRB5_H__ */ --- -1.8.2.1 - diff --git a/0012-rpm-couple-of-small-fixes.patch b/0012-rpm-couple-of-small-fixes.patch deleted file mode 100644 index 45006a8..0000000 --- a/0012-rpm-couple-of-small-fixes.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 47d19d62aaabb9e7f09353ecad9f48aa4054e3b1 Mon Sep 17 00:00:00 2001 -From: Jakub Hrozek -Date: Wed, 12 Jun 2013 14:14:41 +0200 -Subject: [PATCH 12/12] rpm: couple of small fixes - -* Include localized pam_sss manpages in sssd-client -* Call ldconfig after libsss_nss_idmap is installed or removed ---- - contrib/sssd.spec.in | 7 +++++++ - 1 file changed, 7 insertions(+) - -diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in -index b9f852201dd9b9d53876c4dcd1c280bb5a31c73c..bee939092a135f5d7d97f9e361c3b4b8583a630c 100644 ---- a/contrib/sssd.spec.in -+++ b/contrib/sssd.spec.in -@@ -471,6 +471,9 @@ do - sssd_krb5_*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang - ;; -+ pam_sss*) -+ echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_client.lang -+ ;; - sssd-ldap*) - echo \%lang\(${lang}\) \%{_mandir}/${man}\* >> sssd_ldap.lang - ;; -@@ -775,6 +778,10 @@ fi - - %postun -n libsss_idmap -p /sbin/ldconfig - -+%post -n libsss_nss_idmap -p /sbin/ldconfig -+ -+%postun -n libsss_nss_idmap -p /sbin/ldconfig -+ - %changelog - * Mon Mar 15 2010 Stephen Gallagher - @PACKAGE_VERSION@-0@PRERELEASE_VERSION@ - - Automated build of the SSSD --- -1.8.2.1 - diff --git a/0013-nested-groups-allocate-more-space-if-deref-returns-m.patch b/0013-nested-groups-allocate-more-space-if-deref-returns-m.patch deleted file mode 100644 index 2665bf8..0000000 --- a/0013-nested-groups-allocate-more-space-if-deref-returns-m.patch +++ /dev/null @@ -1,53 +0,0 @@ -From 354febd0c5647e16c9ce5d3985600baa4b8a86ab Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Pavel=20B=C5=99ezina?= -Date: Fri, 14 Jun 2013 13:49:47 +0200 -Subject: [PATCH] nested groups: allocate more space if deref returns more - members - -https://fedorahosted.org/sssd/ticket/1894 ---- - src/providers/ldap/sdap_async_nested_groups.c | 21 +++++++++++++++++++++ - 1 file changed, 21 insertions(+) - -diff --git a/src/providers/ldap/sdap_async_nested_groups.c b/src/providers/ldap/sdap_async_nested_groups.c -index e8d5295cc31319599212f96d7b58c8f5bd38245a..4f8dca9f50cdd150bacc14b1e834847e940b5e75 100644 ---- a/src/providers/ldap/sdap_async_nested_groups.c -+++ b/src/providers/ldap/sdap_async_nested_groups.c -@@ -2048,6 +2048,18 @@ sdap_nested_group_deref_direct_process(struct tevent_req *subreq) - DEBUG(SSSDBG_TRACE_INTERNAL, ("Received %d dereference results, " - "about to process them\n", num_entries)); - -+ if (num_entries != members->num_values) { -+ /* Dereference returned more values than obtained earlier. We need -+ * to adjust group array size. */ -+ state->nested_groups = talloc_realloc(state, state->nested_groups, -+ struct sysdb_attrs *, -+ num_entries); -+ if (state->nested_groups == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ } -+ - for (i = 0; i < num_entries; i++) { - ret = sysdb_attrs_get_string(entries[i]->attrs, - SYSDB_ORIG_DN, &orig_dn); -@@ -2155,6 +2167,15 @@ sdap_nested_group_deref_direct_process(struct tevent_req *subreq) - } - } - -+ /* adjust size of nested groups array */ -+ state->nested_groups = talloc_realloc(state, state->nested_groups, -+ struct sysdb_attrs *, -+ state->num_groups); -+ if (state->nested_groups == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ - ret = EOK; - - done: --- -1.7.11.7 - diff --git a/sources b/sources index 0829507..30d4c84 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -f0abc8589009fa0f265852df29beeaa7 sssd-1.10.0beta2.tar.gz +dd25a02a3dd26f2f4b30b5f45fa53567 sssd-1.10.0.tar.gz diff --git a/sssd.spec b/sssd.spec index aacf522..39c11e9 100644 --- a/sssd.spec +++ b/sssd.spec @@ -16,29 +16,15 @@ Name: sssd Version: 1.10.0 -Release: 12%{?dist}.beta2 +Release: 13%{?dist} Group: Applications/System Summary: System Security Services Daemon License: GPLv3+ URL: http://fedorahosted.org/sssd/ -Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}beta2.tar.gz +Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) ### Patches ### -Patch0001: 0001-Bumping-the-version-for-the-1.10-final-release.patch -Patch0002: 0002-Change-order-of-libraries-in-linking-process.patch -Patch0003: 0003-be_ptask-send-and-recv-shadow-a-global-declaration.patch -Patch0004: 0004-be_refresh-send-and-recv-shadow-a-global-declaration.patch -Patch0005: 0005-Use-the-correct-talloc-context-when-creating-AD-subd.patch -Patch0006: 0006-Fix-minor-typos.patch -Patch0007: 0007-failover-set-state-out-when-meta-server-remains-in-S.patch -Patch0008: 0008-KRB-Handle-preauthentication-error-correctly.patch -Patch0009: 0009-AD-Fix-segfault-in-DEBUG-message.patch -Patch0010: 0010-AD-Remove-ad_options-auth-options-reference.patch -Patch0011: 0011-subdomains-touch-krb5.conf-when-creating-new-domain-.patch -Patch0012: 0012-rpm-couple-of-small-fixes.patch -Patch0013: 0013-nested-groups-allocate-more-space-if-deref-returns-m.patch - Patch0501: 0501-FEDORA-Switch-the-default-ccache-location.patch ### Dependencies ### @@ -355,8 +341,7 @@ UpdateTimestamps() { done } -%setup -q -n %{name}-1.9.94 - +%setup -q for p in %patches ; do %__patch -p1 -i $p @@ -730,6 +715,10 @@ fi %postun -n libsss_idmap -p /sbin/ldconfig %changelog +* Thu Jun 27 2013 Jakub Hrozek - 1.10.0-13 +- New upstream release 1.10 +- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0 + * Mon Jun 17 2013 Dan HorĂ¡k - 1.10.0-12.beta2 - the cmocka toolkit exists only on selected arches