rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity
547 Commits 10 Branches 82 Tags 4.7 MiB
ac043fc3b6
Commit Graph

523 Commits

Author SHA1 Message Date
Michal Židek
4e478641d1 Fix linking issues 2018-08-29 16:58:06 +02:00
Michal Židek
2ef66b266c New upstream release 2.0.0 2018-08-14 11:43:55 +02:00
Fedora Release Engineering
0a06c01711 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2018-07-14 06:42:21 +00:00
Jason Tibbitts
8a13e36b6a Remove needless use of %defattr 2018-07-10 01:27:54 -05:00
Miro Hrončok
633afe1b94 Rebuilt for Python 3.7 2018-07-02 18:24:19 +02:00
Fabiano Fidêncio
68ef824a5f Resolves: upstream#3766 - CVE-2018-10852: information leak from the sssd-sudo responder 
And also ...

- Related: upstream#941 - return multiple server addresses to the Kerberos
                          locator plugin
- Related: upstream#3652 - kdcinfo doesn't get populated for other domains
- Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD
                            closes its end of the pipe before reading all the
                            SSH keys
- Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully
- Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes
                            stored in AD GC also for regular AD DC queries
- Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being
                           able to consume an @-sign in the user/group name.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-06-25 09:38:16 +02:00
Fabiano Fidêncio
192e845618 Resolves: rhbz#1591804 - something keeps /lib/libnss_systemd.so.2 open on minimal appliance image, breaking composes 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-06-21 21:38:33 +02:00
Miro Hrončok
d8abd616d9 Rebuilt for Python 3.7 2018-06-19 11:27:58 +02:00
Fabiano Fidêncio
a36f5fea4b New upstream release 1.16.2 
- https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_2.html

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-06-11 13:32:07 +02:00
Fabiano Fidêncio
29d69716ad Related: upstream#3742 - Change of: User may not run sudo --> a password is required 
Patch 0017-sudo-ldap-do-not-store-rules-without-sudoHost-attrib.patch
has been commented out as it caused some regressions on IPA tests.

In order to unblock IPA folks, let's revert this patch from Fedora till
we have a proper fix.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-28 10:01:23 +02:00
Fabiano Fidêncio
4979898a6e Revert "Add: "ExcludeArch: armv7hl"" 
This reverts commit bc3790f5a0.
 2018-05-17 17:53:56 +02:00
Fabiano Fidêncio
bc3790f5a0 Add: "ExcludeArch: armv7hl" 
For some reason still unclear we're *not* able to build SSSD on koji's
buildroot for armv7hl. Some tests have been done and SSSD was built
successfully using real armv7hl hardware, which indicates that we're
facing https://bugzilla.redhat.com/show_bug.cgi?id=1576593

As soon as the bug is resolved, this patch could be safely reverted.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-16 21:54:59 +02:00
Fabiano Fidêncio
0a2c83fbd0 Related: upstream#3436 - Certificates used in unit tests have limited lifetime 
Fix a non harmful warning shown by recent versions of OpenSSL.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-16 21:53:46 +02:00
Fabiano Fidêncio
c4f0508af1 Related: upstream#3436 - Add openssl, openssh and nss-tools as BuildRequires 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 11:36:56 +02:00
Fabiano Fidêncio
5f75f7e4f2 Resolves: upstream#3595 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:59:20 +02:00
Fabiano Fidêncio
1511bcd8b2 Resolves: upstream#3731 - nss_clear_netgroup_hash_table(): only remove entries from the hash table, do not free them 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:58:02 +02:00
Fabiano Fidêncio
3ad9e211eb Resolves: upstream#3728 - Request by ID outside the min_id/max_id limit of a first domain does not reach the second domain 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:57:11 +02:00
Fabiano Fidêncio
ed238e28ff Resolves: upstream#3719 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:56:23 +02:00
Fabiano Fidêncio
97a62b83f1 Related: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:55:43 +02:00
Fabiano Fidêncio
163543f40b Resolves: upstream#3726 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'. 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:55:01 +02:00
Fabiano Fidêncio
510134aa02 Resolves: upstream#3725 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:54:10 +02:00
Fabiano Fidêncio
5e1db8fc3e Related: upstream#3436 - Certificates used in unit tests have limited lifetime 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-14 09:53:04 +02:00
Fabiano Fidêncio
5254cdcca5 Resolves: rhbz#1574778 - sssd fails to download known_hosts from freeipa 
Patch 0018-sysdb-custom-completely-replace-old-object-instead-o.patch
caused a regression, caught by lslebodn and reported by a few users.

Let's comment out this patch for now and uncomment it when we have a fix
that do not cause a regression.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-05-05 21:42:38 +02:00
Fabiano Fidêncio
767645dca2 Add gcc to build dependencies 
gcc will be revomed from buildroot in fedora 29
http://fedoraproject.org/wiki/Changes/Remove_GCC_from_BuildRoot

Upstream patch from Lukáš Slebodnik <lslebodn@redhat.com>

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
90dd145c92 Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM 
Also ...
Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data
                         Provider returned an error
                         [org.freedesktop.sssd.Error.DataProvider.Fatal]

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
a305fc11b7 Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
b6696d97c4 Document which principal does the AD provider use 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
2dd8451396 Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:12 +02:00
Fabiano Fidêncio
209701ef7f Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
3115154117 Improve docs/debug message about GC detection 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
f47c82bc8d Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
64b69ec813 Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
8d67726a47 Resolves: upstream#3679 - Make nss netgroup requests more robust 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
8565df471c Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
9709b73a3f Resolves: upstream#3402 - Support alternative sources for the files provider 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
a7d4f0b3f4 Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
ab53ba849a IPA: Qualify the externalUser sudo attribute 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
ef1d48a0c2 Tone down shutdown messages for socket activated responders 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
fcff118bbf Resolves: upstream#3558 - sudo: report error when two rules share cn 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:11 +02:00
Fabiano Fidêncio
f3d06df50d Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-04-27 22:12:10 +02:00
Fabiano Fidêncio
32f2c81e59 A few KCM misc fixes 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:47:05 +02:00
Fabiano Fidêncio
99da72db23 Resolves: upstream#3666 - Fix usage of str.decode() in our test 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:45:42 +02:00
Fabiano Fidêncio
1c7376afc5 Resolves: upstream#3386 - KCM: Payload buffer is too small 
Related to: rhbz#1494843 - KCM Does not work

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:43:19 +02:00
Fabiano Fidêncio
73735e9522 Resolves: usptream#3687 - KCM: Don't pass a non null terminated string to json_loads() 
Related to: rhbz#1494843 - KCM Does not work

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:38:32 +02:00
Fabiano Fidêncio
563dd33f72 Resolves: upstream#3658 - Application domain is not interpreted correctly 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:35:59 +02:00
Fabiano Fidêncio
2c812f3cba Resolves: upstream#3660 - confdb_expand_app_domains() always fails 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:33:25 +02:00
Fabiano Fidêncio
40fe76feb8 Resolves: upstream#3573 - sssd won't show netgroups with blank domai 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-30 14:30:01 +02:00
Fabiano Fidêncio
62a3258629 New upstream release 1.16.1 
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-03-09 15:42:19 +01:00
Lukas Slebodnik
5eba7a8f1f Resolves: upstream#3621 - backport bug found by static analyzers 2018-02-20 15:12:59 +01:00
Fabiano Fidêncio
4b1fe8a0ab Resolves: upstream#3621: FleetCommander integration must not require capability DAC_OVERRIDE 
Together with the patches backported from upstream, we're changing
the deskprofilepath permissions from 755 to 751, reflecting the
upstream spec file changes.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-02-14 23:03:25 +01:00
Fabiano Fidêncio
199a72e62a Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set 
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
 2018-02-14 22:15:04 +01:00
Igor Gnatenko
11c6ee78b8 Remove BuildRoot definition 
None of currently supported distributions need that.
It was needed last for EL5 which is EOL now

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-02-14 00:40:17 +01:00
Lukas Slebodnik
18ae44bc79 Resolves: upstream#3618 - selinux_child segfaults in a docker container 2018-02-07 22:04:27 +01:00
Lukas Slebodnik
f55e235d75 Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl 2018-02-06 13:11:55 +01:00
Lukas Slebodnik
e242e8ef93 Fix systemd executions/requirements 
systemd was added to BuildRequires because it provides rpm macros
/usr/lib/rpm/macros.d/macros.systemd and it is unreliable to rely
on indirect dependency between systemd-devel and systemd

Related to: https://src.fedoraproject.org/rpms/sssd/pull-request/1
 2018-02-06 13:04:26 +01:00
Lukas Slebodnik
6d370601d4 Revert "Workaround for BZ1537183" 
This reverts commit 0a5a392684.

nsupdate is fixed on rawhide.i686
 2018-02-06 12:57:05 +01:00
Igor Gnatenko
a3b937064c Fix systemd executions/requirements 
Merges: https://src.fedoraproject.org/rpms/sssd/pull-request/1

Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
 2018-01-25 20:42:01 +01:00
Lukas Slebodnik
ebdebbe467 Do not try to link with -Wl,-z,defs 
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291
https://src.fedoraproject.org/rpms/redhat-rpm-config/blob/master/f/buildflags.md#strict-symbol-checks-in-the-link-editor-ld

sssd cannot be linked with -Wl,-z,defs atm.
 2018-01-25 20:23:09 +01:00
Lukas Slebodnik
27d7dcb5bb Revert "Override linker flags done in redhat-rpm-config-84-1.fc28" 
This reverts commit 7cda4fbc6f.
 2018-01-25 20:18:39 +01:00
Lukas Slebodnik
b4343b24b6 Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS 2018-01-25 11:39:00 +01:00
Lukas Slebodnik
0a5a392684 Workaround for BZ1537183 
unit test will pass but sssd will not be able to use nsupdate with realm
on i686
 2018-01-23 15:11:46 +01:00
Lukas Slebodnik
7cda4fbc6f Override linker flags done in redhat-rpm-config-84-1.fc28 
https://bugzilla.redhat.com/show_bug.cgi?id=1535422
https://fedoraproject.org/wiki/Changes/BINUTILS2291

sssd cannot be linked with -Wl,-z,defs atm.
 2018-01-23 14:37:32 +01:00
Lukas Slebodnik
b390855a98 Fix building of sssd-nfs-idmap with libnfsidmap.so.1 2018-01-11 16:53:36 +01:00
Björn Esser
f9e6094ac5
Rebuilt for libnfsidmap.so.1 2018-01-11 12:01:37 +01:00
Lukas Slebodnik
1dedfbb334 Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout 
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
                          or machine swaps
Resolves: failure in glibc tests
          https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
                          auth_provider ldap, login fails if the LDAP server
                          is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
                          corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
                          if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
                         in /etc/systemd/system
Backport few upstream features from 1.16.1
 2017-12-04 21:42:37 +01:00
Lukas Slebodnik
ce65f7d9ee Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next 2017-11-21 17:57:44 +01:00
Lukas Slebodnik
87763840cd Revert "Disable nfsplugin due to bug rhbz#1509063" 
This reverts commit b5c435b10b.

nfs-utils are fixed
 2017-11-21 17:56:54 +01:00
Jakub Hrozek
7781c9e992 Backport extended NSS API from upstream master branch 2017-11-17 18:06:26 +01:00
Lukas Slebodnik
b5c435b10b Disable nfsplugin due to bug rhbz#1509063 2017-11-03 22:58:37 +01:00
Lukas Slebodnik
7ac8b3c4b5 Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade 2017-11-03 16:20:10 +01:00
Lukas Slebodnik
7667bd7429 Fix unit tests with libldb-1.3.0 2017-10-21 16:19:39 +02:00
Lukas Slebodnik
f2e72c8931 There are not empty lang files in 1.16.0 2017-10-20 23:18:12 +02:00
Lukas Slebodnik
4f58854911 New upstream release 1.16.0 
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html
 2017-10-20 18:02:02 +02:00
Lukas Slebodnik
1aff49b48c Fix build with krb5 1.16 2017-10-11 18:06:00 +02:00
Lukas Slebodnik
7069858231 Resolves: rhbz#1499354 - CVE-2017-12173 
sssd: unsanitized input when searching in local cache database access on
the sock_file system_bus_socket
 2017-10-11 17:48:41 +02:00
Lukas Slebodnik
8eda442b2e Fix few bugs/regressions 
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
                         on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
                         fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
                          applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
                          is applied
 2017-09-12 09:22:07 +02:00
Lukas Slebodnik
fa4807ec45 Backport few upstream patches/fixes 2017-09-01 21:34:35 +02:00
Lukas Slebodnik
11cd64de1c Add krb5 conf snippet for default KCM 
http://fedoraproject.org/wiki/Releases/27/ChangeSet#Kerberos_KCM_credential_cache_by_default
https://bugzilla.redhat.com/show_bug.cgi?id=1421604
 2017-09-01 21:34:20 +02:00
Lukas Slebodnik
5ce8ae1166 Simplify spec file a little bit 
The plugin for cifs-utils can be built on all supported versions of fedora.
Conditions are required only in upstream spec file for older
distributions. Definition of constant with_cifs_utils_plugin is still
in the beginning of spec file for simpler comparison of changes
between upstream and fedora.
 2017-09-01 10:47:18 +02:00
Lukas Slebodnik
088151887a Remove unused if condition krb5 localauth plugin 
The plugin can be built on all supported versions of fedora.
And it was removed also from upstream spec file.
 2017-09-01 10:39:14 +02:00
Ville Skyttä
308a55f49d Own the %{_libdir}/%{name}/conf dir 
https://bugzilla.redhat.com/show_bug.cgi?id=1483517
 2017-08-21 12:42:13 +02:00
Fedora Release Engineering
df69f6e551 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-27 19:16:38 +00:00
Lukas Slebodnik
1f58bd8dc4 Make fedora automated tests happy 
dist.python-versions failed
dist.python-versions.requires_naming_scheme failed

These RPMs use `python-` prefix without Python version in *Requires:

sssd-1.15.3-1.fc26 BuildRequires:
 * python-devel (python2-devel is available)

This is strongly discouraged and should be avoided. Please check
the required packages, and use names with either `python2-` or
`python3-` prefix.
 2017-07-25 17:53:21 +02:00
Lukas Slebodnik
6302a22355 New upstream release 1.15.3 
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html
 2017-07-25 13:58:52 +02:00
Lukas Slebodnik
ca67484fda Rebuild with libldb-1.2.0 
sssd buill with older version of libldb will crash

  (gdb) bt
  #0  0x0000000000000001 in ?? ()
  #1  0x00007fcb39ce28dc in ldb_db_lock_destructor () from /lib64/libldb.so.1
  #2  0x00007fcb3a103f31 in _tc_free_internal (location=0x7fcb39ce9303 "../common/ldb.c:1026", tc=<optimized out>) at ../talloc.c:1078
  #3  _talloc_free_internal (location=0x7fcb39ce9303 "../common/ldb.c:1026", ptr=0x55e267aebef0) at ../talloc.c:1174
  #4  _talloc_free (ptr=0x55e267aebef0, location=0x7fcb39ce9303 "../common/ldb.c:1026") at ../talloc.c:1716
  #5  0x00007fcb39ce02f2 in ldb_lock_backend_callback () from /lib64/libldb.so.1
  #6  0x00007fcb31b172ae in ltdb_callback () from /usr/lib64/ldb/modules/ldb/tdb.so
  #7  0x00007fcb3a31e8c1 in tevent_common_loop_timer_delay () from /lib64/libtevent.so.0
 2017-07-07 12:44:33 +02:00
Lukas Slebodnik
538f424e10 Disable unit tests with expired certificates 2017-06-27 16:02:20 +02:00
Lukas Slebodnik
7be3dab725 Fix build issues: Update expided certificate in unit tests 2017-06-27 14:22:05 +02:00
Lukas Slebodnik
af87992184 Reduce diff between rhel and fedora 2017-05-03 15:41:35 +02:00
Lukas Slebodnik
c580b695b0 Do not patch README.md 
README.md is not part of tarball
 2017-05-01 09:00:54 +02:00
Lukas Slebodnik
7bddea6c90 Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication 
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with
                           file from package sssd-common-1.15.1-1.fc25.x86_64
Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
 2017-04-29 23:49:52 +02:00
Lukas Slebodnik
576a19ee5a Fix issue with IPA + SELinux in containers 
Resolves: upstream https://fedorahosted.org/sssd/ticket/3297
 2017-04-06 15:54:38 +02:00
Lukas Slebodnik
387014f928 Backport upstream patches for 1.15.3 pre-release 
required for building freeipa-4.5.x in rawhide
 2017-04-04 16:22:51 +02:00
Lukas Slebodnik
d663bd4a22 New upstream release 1.15.2 
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html
 2017-03-16 10:48:31 +01:00
Lukas Slebodnik
6a912ecf5d Add missing file 2017-03-06 11:41:21 +01:00
Lukas Slebodnik
831e9fa984 New upstream release 1.15.1 
https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html
 2017-03-06 10:48:38 +01:00
Jakub Hrozek
396c651083 Cherry-pick patches from upstream that enable the files provider 
Required for:
    https://bugzilla.redhat.com/show_bug.cgi?id=1357418 - SSSD fast cache for local users
 2017-02-28 16:54:33 +01:00
Lukas Slebodnik
3e94aee54c Add missing %license macro 2017-02-14 19:47:29 +01:00
Fedora Release Engineering
b5653d93c3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild 2017-02-11 13:57:49 +00:00
Lukas Slebodnik
850071336e New upstream release 1.15.0 
https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0
 2017-01-27 20:07:00 +01:00
Miro Hrončok
4b9dd7c77c Rebuild for Python 3.6 2016-12-19 18:20:38 +01:00
Lukas Slebodnik
eb6c560542 Resolves: rhbz#1369130 - nss_sss should not link against libpthread 
Resolves: rhbz#1392916 - sssd failes to start after update
Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses
                           on the directory /etc/sssd
 2016-12-13 20:10:27 +01:00
Lukas Slebodnik
85427c072c New upstream release 1.14.2 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2
 2016-10-20 16:20:34 +02:00
Lukas Slebodnik
856526f769 libwbclient-sssd: update interface to version 0.13 2016-10-14 19:06:17 +02:00
Lukas Slebodnik
8dd054482d Revert "Do no use python_provide conditionally" 
The macro python_provide is defined in /usr/lib/rpm/macros.d/macros.python
in the package python-rpm-macros. But this package is not part
of build root and therefore rpm cannot parse spec file.

This reverts commit 22c180263a.
 2016-09-22 23:40:41 +02:00
Lukas Slebodnik
75bb1ff2e0 Fix failing test 2016-09-22 22:55:43 +02:00
Lukas Slebodnik
640e44ca24 Fix regression with krb5_map_user 
- Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore
- Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError:
                           default if nonexistent domain is mentioned
 2016-09-22 22:28:47 +02:00
Lukas Slebodnik
0fe5246e1a Use weak dependencies 2016-09-21 12:47:08 +02:00
Lukas Slebodnik
22c180263a Do no use python_provide conditionally 2016-09-15 17:53:58 +02:00
Lukas Slebodnik
2b61bbee11 Backport important patches from upstream 1.14.2 prerelease 
- Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after
                             boot
- Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14
 2016-09-01 18:13:49 +02:00
Lukas Slebodnik
6bce0a242d New upstream release 1.14.0 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1
 2016-08-19 18:02:03 +02:00
Stephen Gallagher
0e7292f369 Add workaround patch for RHBZ #1366403 2016-08-15 14:15:18 -04:00
Fedora Release Engineering
8a68f197ec - https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages 2016-07-19 12:41:42 +00:00
Lukas Slebodnik
08625190c5 New upstream release 1.14.0 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0
 2016-07-08 08:47:25 +02:00
Lukas Slebodnik
a100349631 Fix few mistakes 
note: fedpkg lint is your best friend
 2016-07-01 10:45:16 +02:00
Lukas Slebodnik
f9539d7319 New upstream release 1.14 beta 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta
 2016-07-01 10:11:33 +02:00
Lukas Slebodnik
966fddcfba New upstream release 1.14 alpha 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha
 2016-06-21 10:58:04 +02:00
Lukas Slebodnik
e3bb60bcdb Rename python packages + using macro %python_provide 2016-05-13 11:09:38 +02:00
Lukas Slebodnik
9aeb640f15 Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): 
sssd_ifp killed by SIGSEGV
 2016-05-13 11:09:38 +02:00
Lukas Slebodnik
18bea94912 Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6 2016-04-22 20:50:56 +02:00
Lukas Slebodnik
d9dece9b71 Backport netlink patch for link-local addresses 2016-04-14 13:05:33 +02:00
Lukas Slebodnik
19237d03ed New upstream release 1.13.4 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4
 2016-04-14 12:59:47 +02:00
Lukas Slebodnik
6b01857bc5 Bump release 2016-03-22 09:07:32 +01:00
Lukas Slebodnik
e37379577b Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password 
prompts (e.g. Password + Token)
- Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed
                           by remote host" if locale not available
 2016-03-22 09:06:29 +01:00
Lukas Slebodnik
e32d50862e Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA 
groups during getgrnam and getgrgid
- Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses
                           in call to 'print'
 2016-02-25 13:58:00 +01:00
Lukas Slebodnik
00dde99057 Move libsss_autofs.so outside sssd-common 
It will reduce dependency chain in container world.
libsss_autofs.so depends only on libc and requires
sssd unix sockets. And sssd-common has many requirements.
 2016-02-19 09:27:27 +01:00
Lukas Slebodnik
584e0c3964 Remove unnecessary requirements 
We do not need to requires specific version of libldb
or libtdb because it is automatically detected from
binary/library dependencies. We also need never version
of that libraries as it was specified in spec file.

e.g.
  sh$ rpm -q --requires sssd-common | grep -E "TDB|LDB"
  libldb.so.1(LDB_0.9.10)(64bit)
  libtdb.so.1(TDB_1.2.1)(64bit)

There is also redundant dependency on sssd-common-pac
sssd -> sssd-ipa -> sssd-common-pac
     -> sssd-ad -> sssd-common-pac
     -> sssd-common-pac

  sh$ rpm -q --whatrequires sssd-common-pac
  sssd-ipa-1.13.3-1.fc23.x86_64
  sssd-ad-1.13.3-1.fc23.x86_64
  sssd-1.13.3-1.fc23.x86_64
 2016-02-17 16:30:01 +01:00
Fedora Release Engineering
0a5378a924 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-05 00:37:31 +00:00
Lukas Slebodnik
c38b881d88 Package uses only $RPM_BUILD_ROOT 
Note: Using both %{buildroot} and $RPM_BUILD_ROOT
See: http://fedoraproject.org/wiki/Packaging/Guidelines#macros
 2016-02-02 21:45:47 +01:00
Lukas Slebodnik
5719fdd6f8 Fix rpmlint issue for libsss_simpleifp 
Patch removes unnecessary requires of dbus-libs
because it's already detected from library.
However we forgot to call ldconfig after (un)installation.

sh$ rpm -q -p --requires libsss_simpleifp-1.13.90-0.fc23.x86_64.rpm | grep dbus
    libdbus-1.so.3()(64bit)
    libdbus-1.so.3(LIBDBUS_1_3)(64bit)
    sssd-dbus = 1.13.90-0.fc23

sh$ rpm -q --whatprovides "libdbus-1.so.3()(64bit)"
    dbus-libs-1.10.6-1.fc23.x86_64
 2016-02-02 18:07:45 +01:00
Lukas Slebodnik
fb84da9380 Remove unnecessary clean-up of buildroot 
rhel5 required to clean buildroot in install section.
The %clean section is not required for F-13 and above, and EPEL 6 and
above. EPEL 5 MUST have a %clean section that cleans the buildroot:

https://fedoraproject.org/wiki/EPEL:Packaging#Prepping_BuildRoot_For_.25install
 2016-02-02 18:06:09 +01:00
Lukas Slebodnik
d384e14059 Fix rpmlint warnings 
fedpkg/sssd/sssd.spec:1232: W: macro-in-%changelog %preun
fedpkg/sssd/sssd.spec:1366: W: macro-in-%changelog %{_lib}
fedpkg/sssd/sssd.spec:1366: W: macro-in-comment %{_lib}
 2016-02-02 11:59:36 +01:00
Lukas Slebodnik
6d11a34b89 Additional upstream fixes 2016-01-20 18:40:57 +01:00
Lukas Slebodnik
9bfc8ef4de Resolves: rhbz#1256849 - SUDO: Support the IPA schema 2016-01-19 18:23:34 +01:00
Michal Sekletar
94f4c4dd6d Use macros and don't call systemctl directly 
- Resolves: rhbz#850328 - Introduce new systemd-rpm macros in sssd spec file
 2016-01-19 15:26:15 +01:00
Lukas Slebodnik
9f85549912 Fix unowned directories 
- https://fedoraproject.org/wiki/Packaging:UnownedDirectories
- Resolves: rhbz#1266940 - sssd-client.i686 on x86_64 has unowned directories
 2016-01-19 15:15:32 +01:00
Lukas Slebodnik
f50233afd2 Move libsss_sudo.so outside sssd-common 
The module ${libdir}/libsss_sudo.so is used only by /usr/bin/sudo.
If libsss_sudo.so was part of sssd-client then 32 bit version would
never be used on 64 bit machine and files in sssd-client can be used
by multilib applications e.g. libnss_sss.so can be indirectly "dlopened"
by 64 bit applications and 32 bit application.
(32-bit web browser; ordinary 64bit applications ...)
 2016-01-19 15:06:17 +01:00
Lukas Slebodnik
aa27da2e1f Change package ownership of %{pubconfpath}/krb5.include.d 
krb5 domain mapping files are stored to the directory
%{pubconfpath}/krb5.include.d. It can be stored by ipa or ad provider.
However this directory was owned by sub-package sssd-ipa. And ad provider
can be installed without this package. Therefore %{pubconfpath}/krb5.include.d
should be owned by common dependency.

The owner of this directory was also fixed to sssd.
It's already done by make install. It was changed only in spec file.
 2016-01-19 15:02:47 +01:00
Lukas Slebodnik
a89ed4b83f Additional patch for upstream #2829 2015-12-16 08:51:17 +01:00
Lukas Slebodnik
5df019d5aa New upstream release 1.13.3 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3
 2015-12-16 08:47:07 +01:00
Lukas Slebodnik
31ed44fa55 Backport patches from sssd master #2829 
Use after free in failover
 2015-11-20 09:47:17 +01:00
Lukas Slebodnik
bdedaaad52 New upstream release 1.13.2 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2
 2015-11-20 09:47:17 +01:00
Robert Kuska
2b3b752656 Rebuilt for Python3.5 rebuild 2015-11-06 15:40:37 +01:00
Lukas Slebodnik
9f8eeed0c9 Fix building pac responder with the krb5-1.14 2015-10-27 09:41:14 +01:00
Lukas Slebodnik
c08e64289b python-sssdconfig: Fix parssing sssd.conf without config_file_version 
- Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed
 2015-10-19 15:04:51 +02:00
Lukas Slebodnik
4bdb4e48cd Revert "Temporary disable tests due to broken krb5" 
This reverts commit 1bedb06db6.

Rawhide contain krb5-1.13.2-12.fc24 which fixed bug with missing
/usr/share/krb5.conf.d. So, unit test should pass.
 2015-10-07 13:42:42 +02:00
Lukas Slebodnik
69b9d3f518 Fix few segfaults 
- Resolves: upstream #2811 - PAM responder crashed if user was not set
- Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step
 2015-10-07 13:42:03 +02:00
Lukas Slebodnik
1bedb06db6 Temporary disable tests due to broken krb5 
Should be fixed with krb5 >= 1.14-2.fc24
 2015-10-01 08:16:23 +02:00
Lukas Slebodnik
00d900ad6f Remove unnecessary requirement 
libini-config-1.1 already provides version definition
which substitute this requirement.

sh$ objdump -p /usr/lib64/libini_config.so | grep -A4 definition
Version definitions:
1 0x01 0x05f25695 libini_config.so.5
2 0x00 0x00acdc20 INI_CONFIG_1.1.0
3 0x00 0x00acdd20 INI_CONFIG_1.2.0
        INI_CONFIG_1.1.0
 2015-10-01 08:16:23 +02:00
Lukas Slebodnik
05c3b14125 New upstream release 1.13.1 
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1
 2015-10-01 08:16:16 +02:00
Lukas Slebodnik
996f9ec8f7 Fix OTP bug 
- Resolves: upstream #2729 - Do not send SSS_OTP if both factors were
                             entered separately
 2015-09-10 14:26:47 +02:00