rpms/sssd
5
0
Fork 0
Code Issues Pull Requests Releases Activity
ad368b8c32
sssd/sssd.spec
Stephen Gallagher ad368b8c32 == Highlights == 
Enhanced IPA provider with host-based access control support
Added server failover feature
Vast performance enhancements to enumerations
Performance enhancements to offline user lookups
Improvements to the SSSDConfig API and configuration upgrade scripts. They
    will now retain comments and ordering.
Several new translations
== Known Bugs ==
Nested groups are known to be broken in 0.99. A fix is basically ready, but
    was too late for inclusion in this release. This will be fixed before
    the 1.0 release.
== Detailed changes since 0.7.1 == Bouska (1):
Add French translation to sss_client
Jakub Hrozek (17):
Fix migration script for pre-0.5 local domains
Do not migrate Data Provider
Free the PCRE regexp with destructor
Do not delete users, groups outside domain range
Add missing include
IPA time rules parsing routines
Fix regression in error message when deleting groups
Assorted manpage fixes
Make the password field configurable in NSS
Add Simo's ipachangeconf
SSSDChangeConf - a wrapper around ipachangeconf
Change the upgrade script to use ipachangeconf
Convert SSSDConfig API to ipachangeconf
SSSDConfigAPI fixes
upgrade_config fixes for SSSD 0.6 and later
Split helpers for child processes
Get TGT in a child process.
Martin Nagy (5):
Add missing include file to files-tests.c
Fix a bad free in async_resolv.c
Add DLIST_FOR_EACH() macro
Add simple reference counting wrappers for talloc
Add fail over utility functions
Piotr Drąg (1):
Updating polish translation for 0.7.0
Simo Sorce (48):
Copy option overrides.
Read the right buffer, avoids potential segfaults
Add IPA conf template
Zero pointers on free
Use standard coding practice to set last login
Fix segfault
Add proper support for IPA/AD schemas
Move responsibility for entry expiration timeout
Kill the ldap connection when we go offline
Tidy up ipa options
Add support to get rootDSE from the LDAP server.
Fix segfault when SASL is not used at all
Rename sdap_id_map to sdap_attr_map
Make available method to quickly retrive string
Make useful function more broadly available.
Store the original memberof attributes if any
Unify parse routines, use maps in generic searches
Fix and enhance initgroups call
Unify code to use the generic search interface
Reorganize ldap id provider files
Split async helpers in multiple files
Always set last update and expire time
Fix build
Fix ldap driver
Check return, zero free hostent, adhere to style
Fix enumerations
Fix tevent_req error checking.
Refactor delete functions and add a few
Add cleanup task
Try to fix offline logins
Fix double free case.
Fix check_cache bug in dealing with the callback
Change var name to make its use more clear.
Fix crash due to uninitialized timeout variable
Change initgroups code to use and check the cache
Change the pam code to perform an initgroups call
Store initgr expire time on initgr call
Failover fixes and additions
Better behavior on cleanup
Correctly escape DN value.
Add reference to sssd-krb5 man page.
Optimize sysdb_enumgrent
Filter by id range before actually storing entries.
Raise some timeouts
Add initial failover support for ldap and ipa
Fix ticket #289
Fix internal options numbers test
In IPA, the realm is always the domain uppercased.
Stephen Gallagher (32):
Remove DP from example configuration
Remove [dp] section from example config
Fix sssd.api.conf with correct entry_cache_timeout
Clean up warnings in dhash tests
Make config_file_version a hidden setting in SSSDConfig API
Remove magic_private_groups from SSSDConfig API schema
Add support for option descriptions to SSSDConfig API
Localize SSSDConfig strings
Add complete pydoc for SSSDConfig API
cyrus-sasl-gssapi
Simplify debug_fn()
Add configure check for sasl.h
Update midpoint refresh logic to be relative to cache timeout
Increase the sbus dispatch DEBUG level to 9
Build files.c only for tools
Clean up unused dependencies
Update sssd.spec to use only the required KRB5_LIBS and NSS_LIBS
Fix segfault on unknown user/domain
sssd-client line in specfile
Make the sysdb user and group names case-sensitive
Upgrade cache and local databases to case-sensitive names
Update translatable strings
Fix sysdb upgrade bug
Add empty NL translation
Only display errors in unit tests
Update PL translation
Update NL translation
Make backend request type a bitfield
Speed up user requests while offline
Update translation strings for string freeze
Fix bug with bad ldb pkg-config files
Update version to 0.99.0
Sumit Bose (32):
store original DN with cached group objects if available
added a ASQ search API for sysdb
Allow sysdb_search_entry request to return more than one result
Add AM_CFLAGS to unit tests
Fix compiler warnings in krb5_utils-tests.
remove old sysdb file before starting tests
set ipa_hostname if not given in config file
Make debug message less irritating.
add sysdb_delete_recursive request to sysdb API
Add sysdb_attrs_replace_name to sysdb API.
Fix for a seg fault during recursive delete
add replacements for missing Kerberos calls
Check is ccache structure is initialized before calling krb5_cc_destroy
added access module of IPA provider
Simplify krb5 child handler
Add check for access-time rules to ipa_access.
Add support for host, source host and user category
Fix inconsistent use of krb5_ccname_template
Fixes for proxy provider
Make 'permit' the default for the access target
Fix option name krb5_changepw_principal
Validate Kerberos credentials with local keytab
Improve handling of ccache files
Add ipa_auth
Enhance check for remote hosts
Add ldap_pwd_policy option
Read KDC info from file instead from environment
Really check return value from pam_set_item
Use ldb modules from build root for tests
Make ldb lib dir configurable
Fix an internal error when cache_credentials=FALSE
Remove unneeded debugging code
deneb (1):
Add Italian translation for sss_client
noriko (1):
Adding Japanese translation
raven (1):
Update PL translation
2009-11-30 15:39:15 +00:00

296 lines
9.3 KiB
RPMSpec
Raw Blame History

%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib(1))")}
%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")}
Name: sssd
Version: 0.99.0
Release: 1%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
# The entire source code is GPLv3+ except replace/ which is LGPLv3+
License: GPLv3+ and LGPLv3+
URL: http://fedorahosted.org/sssd
Source: https://fedorahosted.org/released/sssd/sssd-%{version}.tar.gz
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
### Patches ###
### Dependencies ###
Requires: libldb >= 0.9.3
Requires: libtdb >= 1.1.3
Requires: sssd-client = %{version}-%{release}
Requires: cyrus-sasl-gssapi
Requires(post): python
Requires(preun): initscripts chkconfig
Requires(postun): /sbin/service
%define servicename sssd
%define sssdstatedir %{_localstatedir}/lib/sss
%define dbpath %{sssdstatedir}/db
%define pipepath %{sssdstatedir}/pipes
%define pubconfpath %{sssdstatedir}/pubconf
### Build Dependencies ###
BuildRequires: autoconf
BuildRequires: automake
BuildRequires: libtool
BuildRequires: m4
%{?fedora:BuildRequires: popt-devel}
%{?rhel:BuildRequires: popt}
BuildRequires: libtalloc-devel
BuildRequires: libtevent-devel
BuildRequires: libtdb-devel
BuildRequires: libldb-devel
BuildRequires: dbus-devel
BuildRequires: dbus-libs
BuildRequires: openldap-devel
BuildRequires: pam-devel
BuildRequires: nss-devel
BuildRequires: nspr-devel
BuildRequires: pcre-devel
BuildRequires: libxslt
BuildRequires: libxml2
BuildRequires: docbook-style-xsl
BuildRequires: krb5-devel
BuildRequires: c-ares-devel
BuildRequires: python-devel
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package client
Summary: SSSD Client libraries for NSS and PAM
Group: Applications/System
%description client
Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD
service.
%prep
%setup -q
%build
NSS_LIBS=-lnss3 \
KRB5_LIBS=-lkrb5 \
%configure \
--without-tests \
--with-db-path=%{dbpath} \
--with-pipe-path=%{pipepath} \
--with-pubconf-path=%{pubconfpath} \
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib}
make %{?_smp_mflags}
%install
rm -rf $RPM_BUILD_ROOT
make install DESTDIR=$RPM_BUILD_ROOT
# Prepare language files
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_daemon
/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client
# Copy default sssd.conf file
mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd
install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf
install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf
install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/
# Remove .la files created by libtool
rm -f \
$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
$RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \
$RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
then
# Apppend this file to the sss_daemon.lang
# Older versions of rpmbuild can only handle one -f option
echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sss_daemon.lang
fi
%clean
rm -rf $RPM_BUILD_ROOT
%files -f sss_daemon.lang
%defattr(-,root,root,-)
%doc COPYING
%{_initrddir}/%{name}
%{_sbindir}/sssd
%{_sbindir}/sss_useradd
%{_sbindir}/sss_userdel
%{_sbindir}/sss_usermod
%{_sbindir}/sss_groupadd
%{_sbindir}/sss_groupdel
%{_sbindir}/sss_groupmod
%{_libexecdir}/%{servicename}/
%{_libdir}/%{name}/
%{_libdir}/ldb/memberof.so
%dir %{sssdstatedir}
%attr(700,root,root) %dir %{dbpath}
%attr(755,root,root) %dir %{pipepath}
%attr(755,root,root) %dir %{pubconfpath}
%attr(700,root,root) %dir %{pipepath}/private
%attr(750,root,root) %dir %{_var}/log/%{name}
%attr(700,root,root) %dir %{_sysconfdir}/sssd
%config(noreplace) %{_sysconfdir}/sssd/sssd.conf
%config %{_sysconfdir}/sssd/sssd.api.conf
%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d
%config %{_sysconfdir}/sssd/sssd.api.d/
%{_mandir}/man5/sssd.conf.5*
%{_mandir}/man5/sssd-ipa.5*
%{_mandir}/man5/sssd-krb5.5*
%{_mandir}/man5/sssd-ldap.5*
%{_mandir}/man8/sssd.8*
%{_mandir}/man8/sss_groupadd.8*
%{_mandir}/man8/sss_groupdel.8*
%{_mandir}/man8/sss_groupmod.8*
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%{python_sitearch}/pysss.so
%{python_sitelib}/*.py*
%{?fedora:%{python_sitelib}/*.egg-info}
%files client -f sss_client.lang
%defattr(-,root,root,-)
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
%{_mandir}/man8/pam_sss.8*
%post
/sbin/ldconfig
/sbin/chkconfig --add %{servicename}
if [ $1 -ge 2 ] ; then
# a one-time upgrade from confdb v1 to v2, only if upgrading
python %{_libexecdir}/%{servicename}/upgrade_config.py
fi
%preun
if [ $1 = 0 ]; then
/sbin/service %{servicename} stop 2>&1 > /dev/null
/sbin/chkconfig --del %{servicename}
fi
%postun
/sbin/ldconfig
if [ $1 -ge 1 ] ; then
/sbin/service %{servicename} condrestart 2>&1 > /dev/null
fi
%post client -p /sbin/ldconfig
%postun client -p /sbin/ldconfig
%changelog
* Mon Nov 30 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.99.0-1
- New upstream release 0.99.0
* Tue Oct 27 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.1-1
- Fix segfault in sssd_pam when cache_credentials was enabled
- Update the sample configuration
- Fix upgrade issues caused by data provider service removal
* Mon Oct 26 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-2
- Fix upgrade issues from old (pre-0.5.0) releases of SSSD
* Fri Oct 23 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.7.0-1
- New upstream release 0.7.0
* Thu Oct 15 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-2
- Fix missing file permissions for sssd-clients
* Tue Oct 13 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.1-1
- Add SSSDConfig API
- Update polish translation for 0.6.0
- Fix long timeout on ldap operation
- Make dp requests more robust
* Tue Sep 29 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.6.0-1
- Ensure that the configuration upgrade script always writes the config
file with 0600 permissions
- Eliminate an infinite loop in group enumerations
* Mon Sep 28 2009 Sumit Bose <sbose@redhat.com> - 0.6.0-0
- New upstream release 0.6.0
* Mon Aug 24 2009 Simo Sorce <ssorce@redhat.com> - 0.5.0-0
- New upstream release 0.5.0
* Wed Jul 29 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.4.1-4
- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in
without a password. (Patch by Stephen Gallagher)
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.4.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Mon Jun 22 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-2
- Fix a couple of segfaults that may happen on reload
* Thu Jun 11 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-1
- add missing configure check that broke stopping the daemon
- also fix default config to add a missing required option
* Mon Jun 8 2009 Simo Sorce <ssorce@redhat.com> - 0.4.1-0
- latest upstream release.
- also add a patch that fixes debugging output (potential segfault)
* Mon Apr 20 2009 Simo Sorce <ssorce@redhat.com> - 0.3.2-2
- release out of the official 0.3.2 tarball
* Mon Apr 20 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.3.2-1
- bugfix release 0.3.2
- includes previous release patches
- change permissions of the /etc/sssd/sssd.conf to 0600
* Tue Apr 14 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-2
- Add last minute bug fixes, found in testing the package
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.1-1
- Version 0.3.1
- includes previous release patches
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-2
- Try to fix build adding automake as an explicit BuildRequire
- Add also a couple of last minute patches from upstream
* Mon Apr 13 2009 Simo Sorce <ssorce@redhat.com> - 0.3.0-1
- Version 0.3.0
- Provides file based configuration and lots of improvements
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.1-1
- Version 0.2.1
* Tue Mar 10 2009 Simo Sorce <ssorce@redhat.com> - 0.2.0-1
- Version 0.2.0
* Sun Mar 08 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-5.20090309git691c9b3
- package git snapshot
* Fri Mar 06 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-4
- fixed items found during review
- added initscript
* Thu Mar 05 2009 Sumit Bose <sbose@redhat.com> - 0.1.0-3
- added sss_client
* Mon Feb 23 2009 Jakub Hrozek <jhrozek@redhat.com> - 0.1.0-2
- Small cleanup and fixes in the spec file
* Thu Feb 12 2009 Stephen Gallagher <sgallagh@redhat.com> - 0.1.0-1
- Initial release (based on version 0.1.0 upstream code)
Reference in New Issue View Git Blame Copy Permalink