From 7168e7f91c60e3430c598cc534e5bb12c3d6c35d Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Tue, 13 Jan 2015 20:39:57 +0100 Subject: [PATCH] - up to 1.12.3 - updated heimdal patch - added link patch --- sssd-heimdal.patch | 152 ++++++++++++++++++++++++--------------------- sssd-link.patch | 11 ++++ sssd.spec | 65 ++++++++++++++++--- 3 files changed, 147 insertions(+), 81 deletions(-) create mode 100644 sssd-link.patch diff --git a/sssd-heimdal.patch b/sssd-heimdal.patch index 08c7091..7be6c42 100644 --- a/sssd-heimdal.patch +++ b/sssd-heimdal.patch @@ -13,7 +13,7 @@ index 1a50bf1..54c5883 100644 [ #ifdef HAVE_KRB5_KRB5_H #include #else -@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [], +@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_ #endif ]) AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ @@ -21,20 +21,14 @@ index 1a50bf1..54c5883 100644 krb5_free_unparsed_name \ krb5_get_init_creds_opt_set_expire_callback \ krb5_get_init_creds_opt_set_fast_ccache_name \ -@@ -59,12 +60,33 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \ - krb5_kt_free_entry \ - krb5_princ_realm \ - krb5_get_time_offsets \ -+ krb5_get_kdc_sec_offset \ - krb5_principal_get_realm \ - krb5_cc_cache_match \ - krb5_timestamp_to_sfstring \ +@@ -65,7 +66,28 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_ krb5_set_trace_callback \ krb5_find_authdata \ -- krb5_cc_get_full_name]) -+ krb5_cc_get_full_name \ + krb5_kt_have_content \ ++ krb5_get_kdc_sec_offset \ + krb5_free_string \ -+ krb5_xfree]) ++ krb5_xfree \ + krb5_cc_get_full_name]) + +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H + #include @@ -55,7 +49,7 @@ index 1a50bf1..54c5883 100644 + CFLAGS=$SAVE_CFLAGS LIBS=$SAVE_LIBS - + CFLAGS="$CFLAGS $KRB5_CFLAGS" diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c index 725687d..586c7dd 100644 --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c @@ -173,9 +167,9 @@ index 725687d..586c7dd 100644 /* Set flag that controls whether we want to write the * kdcinfo files at all ---- sssd-1.12.0/src/providers/krb5/krb5_child.c.orig 2014-07-09 19:44:02.000000000 +0200 -+++ sssd-1.12.0/src/providers/krb5/krb5_child.c 2014-07-15 22:14:25.585419861 +0200 -@@ -117,7 +117,7 @@ static krb5_error_code set_lifetime_opti +--- sssd-1.12.3/src/providers/krb5/krb5_child.c.orig 2015-01-08 18:19:45.000000000 +0100 ++++ sssd-1.12.3/src/providers/krb5/krb5_child.c 2015-01-12 16:19:43.242398934 +0100 +@@ -133,7 +133,7 @@ static krb5_error_code set_lifetime_opti return 0; } @@ -184,7 +178,7 @@ index 725687d..586c7dd 100644 { int canonicalize = 0; char *tmp_str; -@@ -128,23 +128,23 @@ static void set_canonicalize_option(krb5 +@@ -144,23 +144,23 @@ static void set_canonicalize_option(krb5 } DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n", SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set"); @@ -213,7 +207,7 @@ index 725687d..586c7dd 100644 /* Currently we do not set forwardable and proxiable explicitly, the flags * must be removed so that libkrb5 can take the defaults from krb5.conf */ -@@ -158,6 +158,7 @@ static void revert_changepw_options(krb5 +@@ -174,6 +174,7 @@ static void revert_changepw_options(krb5 } @@ -221,7 +215,7 @@ index 725687d..586c7dd 100644 static errno_t sss_send_pac(krb5_authdata **pac_authdata) { struct sss_cli_req_data sss_data; -@@ -177,6 +178,7 @@ static errno_t sss_send_pac(krb5_authdat +@@ -193,6 +194,7 @@ static errno_t sss_send_pac(krb5_authdat return EOK; } @@ -229,7 +223,7 @@ index 725687d..586c7dd 100644 static void sss_krb5_expire_callback_func(krb5_context context, void *data, krb5_timestamp password_expiration, -@@ -468,7 +470,8 @@ static krb5_error_code create_empty_cred +@@ -484,7 +486,8 @@ static krb5_error_code create_empty_cred { krb5_error_code kerr; krb5_creds *cred = NULL; @@ -239,7 +233,7 @@ index 725687d..586c7dd 100644 cred = calloc(sizeof(krb5_creds), 1); if (cred == NULL) { -@@ -482,12 +485,12 @@ static krb5_error_code create_empty_cred +@@ -498,12 +501,12 @@ static krb5_error_code create_empty_cred goto done; } @@ -255,7 +249,7 @@ index 725687d..586c7dd 100644 if (kerr != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n"); goto done; -@@ -746,7 +749,8 @@ static errno_t add_ticket_times_and_upn_ +@@ -762,7 +765,8 @@ static errno_t add_ticket_times_and_upn_ goto done; } @@ -265,7 +259,7 @@ index 725687d..586c7dd 100644 if (kerr != 0) { DEBUG(SSSDBG_OP_FAILURE, "krb5_unparse_name failed.\n"); goto done; -@@ -754,7 +758,7 @@ static errno_t add_ticket_times_and_upn_ +@@ -770,7 +774,7 @@ static errno_t add_ticket_times_and_upn_ ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len, (uint8_t *) upn); @@ -274,7 +268,7 @@ index 725687d..586c7dd 100644 if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n"); goto done; -@@ -776,7 +780,9 @@ static krb5_error_code validate_tgt(stru +@@ -792,7 +796,9 @@ static krb5_error_code validate_tgt(stru krb5_principal validation_princ = NULL; bool realm_entry_found = false; krb5_ccache validation_ccache = NULL; @@ -284,7 +278,7 @@ index 725687d..586c7dd 100644 memset(&keytab, 0, sizeof(keytab)); kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab); -@@ -870,6 +876,7 @@ static krb5_error_code validate_tgt(stru +@@ -886,6 +892,7 @@ static krb5_error_code validate_tgt(stru goto done; } @@ -292,7 +286,7 @@ index 725687d..586c7dd 100644 /* Try to find and send the PAC to the PAC responder. * Failures are not critical. */ if (kr->send_pac) { -@@ -892,6 +899,7 @@ static krb5_error_code validate_tgt(stru +@@ -908,6 +915,7 @@ static krb5_error_code validate_tgt(stru kerr = 0; } } @@ -300,7 +294,7 @@ index 725687d..586c7dd 100644 done: if (validation_ccache != NULL) { -@@ -927,7 +935,7 @@ static krb5_error_code get_and_save_tgt_ +@@ -943,7 +951,7 @@ static krb5_error_code get_and_save_tgt_ krb5_get_init_creds_opt_set_address_list(&options, NULL); krb5_get_init_creds_opt_set_forwardable(&options, 0); krb5_get_init_creds_opt_set_proxiable(&options, 0); @@ -309,16 +303,16 @@ index 725687d..586c7dd 100644 kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, &options); -@@ -1110,7 +1118,7 @@ static errno_t changepw_child(struct krb +@@ -1149,7 +1157,7 @@ static errno_t changepw_child(struct krb prompter = sss_krb5_prompter; } - set_changepw_options(kr->options); + set_changepw_options(kr->ctx, kr->options); sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length); - - DEBUG(SSSDBG_TRACE_FUNC, -@@ -1158,9 +1166,9 @@ static errno_t changepw_child(struct krb + if (realm_length == 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n"); +@@ -1201,9 +1209,9 @@ static errno_t changepw_child(struct krb memset(&result_code_string, 0, sizeof(krb5_data)); memset(&result_string, 0, sizeof(krb5_data)); @@ -331,7 +325,7 @@ index 725687d..586c7dd 100644 if (kerr == KRB5_KDC_UNREACH) { return ERR_NETWORK_IO; -@@ -1174,7 +1182,7 @@ static errno_t changepw_child(struct krb +@@ -1217,7 +1225,7 @@ static errno_t changepw_child(struct krb if (result_code_string.length > 0) { DEBUG(SSSDBG_CRIT_FAILURE, "krb5_change_password failed [%d][%.*s].\n", result_code, @@ -340,7 +334,7 @@ index 725687d..586c7dd 100644 user_error_message = talloc_strndup(kr->pd, result_code_string.data, result_code_string.length); if (user_error_message == NULL) { -@@ -1182,10 +1190,10 @@ static errno_t changepw_child(struct krb +@@ -1225,10 +1233,10 @@ static errno_t changepw_child(struct krb } } @@ -353,7 +347,7 @@ index 725687d..586c7dd 100644 talloc_free(user_error_message); user_error_message = talloc_strndup(kr->pd, result_string.data, result_string.length); -@@ -1228,7 +1236,7 @@ static errno_t changepw_child(struct krb +@@ -1279,7 +1287,7 @@ static errno_t changepw_child(struct krb /* We changed some of the gic options for the password change, now we have * to change them back to get a fresh TGT. */ @@ -362,7 +356,7 @@ index 725687d..586c7dd 100644 kerr = get_and_save_tgt(kr, newpassword); -@@ -1288,7 +1296,7 @@ static errno_t tgt_req_child(struct krb5 +@@ -1339,7 +1347,7 @@ static errno_t tgt_req_child(struct krb5 "Failed to unset expire callback, continue ...\n"); } @@ -371,7 +365,7 @@ index 725687d..586c7dd 100644 kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, discard_const(password), sss_krb5_prompter, kr, 0, -@@ -1766,7 +1774,8 @@ static errno_t k5c_recv_data(struct krb5 +@@ -1919,7 +1927,8 @@ static errno_t k5c_recv_data(struct krb5 static int k5c_setup_fast(struct krb5_req *kr, bool demand) { krb5_principal fast_princ_struct; @@ -381,7 +375,7 @@ index 725687d..586c7dd 100644 char *fast_principal_realm; char *fast_principal; krb5_error_code kerr; -@@ -1794,8 +1803,11 @@ static int k5c_setup_fast(struct krb5_re +@@ -1948,8 +1957,11 @@ static int k5c_setup_fast(struct krb5_re return KRB5KRB_ERR_GENERIC; } free(tmp_str); @@ -395,15 +389,15 @@ index 725687d..586c7dd 100644 if (!fast_principal_realm) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n"); return ENOMEM; -@@ -1929,7 +1941,7 @@ static int k5c_setup(struct krb5_req *kr +@@ -2235,7 +2247,7 @@ static int k5c_setup(struct krb5_req *kr } if (!offline) { - set_canonicalize_option(kr->options); + set_canonicalize_option(kr->ctx, kr->options); + } - use_fast_str = getenv(SSSD_KRB5_USE_FAST); - if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) { + /* TODO: set options, e.g. --- sssd-1.11.6/src/providers/krb5/krb5_common.c.orig 2014-06-03 16:31:33.000000000 +0200 +++ sssd-1.11.6/src/providers/krb5/krb5_common.c 2014-06-18 22:23:18.480672769 +0200 @@ -33,7 +33,7 @@ @@ -514,18 +508,18 @@ index 725687d..586c7dd 100644 dp_opt_get_bool(krb5_options->opts, KRB5_USE_KDCINFO), &ctx->kpasswd_service); ---- sssd-1.11.6/src/providers/ldap/ldap_child.c.orig 2014-06-03 16:31:33.000000000 +0200 -+++ sssd-1.11.6/src/providers/ldap/ldap_child.c 2014-06-19 07:25:44.383327744 +0200 -@@ -97,7 +97,7 @@ static errno_t unpack_buffer(uint8_t *bu +--- sssd-1.12.3/src/providers/ldap/ldap_child.c.orig 2015-01-08 18:19:45.000000000 +0100 ++++ sssd-1.12.3/src/providers/ldap/ldap_child.c 2015-01-12 16:27:54.035711695 +0100 +@@ -99,7 +99,7 @@ static errno_t unpack_buffer(uint8_t *bu /* ticket lifetime */ - SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p); -- DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", ibuf->lifetime); -+ DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", (int)ibuf->lifetime); + SAFEALIGN_COPY_UINT32_CHECK(&ibuf->lifetime, buf + p, size, &p); +- DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %u\n", ibuf->lifetime); ++ DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %ld\n", (long)(ibuf->lifetime)); - return EOK; - } -@@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tg + /* UID and GID to run as */ + SAFEALIGN_COPY_UINT32_CHECK(&ibuf->uid, buf + p, size, &p); +@@ -386,7 +386,8 @@ static krb5_error_code ldap_child_get_tg DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n"); canonicalize = 1; } @@ -533,9 +527,9 @@ index 725687d..586c7dd 100644 + sss_krb5_get_init_creds_opt_set_canonicalize(context, + &options, canonicalize); - krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc, - keytab, 0, NULL, &options); -@@ -343,8 +344,7 @@ static krb5_error_code ldap_child_get_tg + ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s", + DB_PATH, realm_name); +@@ -462,8 +463,7 @@ static krb5_error_code ldap_child_get_tg } DEBUG(SSSDBG_TRACE_INTERNAL, "credentials stored\n"); @@ -545,7 +539,7 @@ index 725687d..586c7dd 100644 &kdc_time_offset_usec); if (krberr) { DEBUG(SSSDBG_OP_FAILURE, "Failed to get KDC time offset: %s\n", -@@ -356,10 +356,6 @@ static krb5_error_code ldap_child_get_tg +@@ -475,10 +475,6 @@ static krb5_error_code ldap_child_get_tg } } DEBUG(SSSDBG_TRACE_INTERNAL, "Got KDC time offset\n"); @@ -554,8 +548,8 @@ index 725687d..586c7dd 100644 - kdc_time_offset = 0; -#endif - krberr = 0; - *ccname_out = ccname; + DEBUG(SSSDBG_TRACE_INTERNAL, + "Renaming [%s] to [%s]\n", ccname_file_dummy, ccname_file); --- sssd-1.11.6/src/providers/ldap/ldap_common.c.orig 2014-06-03 16:31:33.000000000 +0200 +++ sssd-1.11.6/src/providers/ldap/ldap_common.c 2014-06-19 07:33:38.193317867 +0200 @@ -1303,7 +1303,7 @@ done: @@ -690,7 +684,7 @@ diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index f8a7e6f..a954d10 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c -@@ -535,7 +535,9 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, +@@ -484,7 +484,9 @@ void KRB5_CALLCONV sss_krb5_get_init_cre void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) { @@ -701,7 +695,7 @@ index f8a7e6f..a954d10 100644 krb5_free_unparsed_name(context, name); #else if (name != NULL) { -@@ -545,6 +547,15 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name) +@@ -494,6 +496,15 @@ void KRB5_CALLCONV sss_krb5_free_unparse #endif } @@ -717,7 +711,7 @@ index f8a7e6f..a954d10 100644 krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback( krb5_context context, -@@ -800,15 +811,16 @@ cleanup: +@@ -752,15 +763,16 @@ cleanup: #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */ } @@ -738,9 +732,9 @@ index f8a7e6f..a954d10 100644 + KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3 + (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize); #else - DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n")); + DEBUG(SSSDBG_OP_FAILURE, "Kerberos principal canonicalization is not available!\n"); #endif -@@ -1063,10 +1075,51 @@ done: +@@ -1022,7 +1034,7 @@ done: KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr); } } @@ -749,8 +743,9 @@ index f8a7e6f..a954d10 100644 return ret_ccname; #else - return NULL; - #endif /* HAVE_KRB5_CC_COLLECTION */ +@@ -1069,3 +1081,44 @@ krb5_error_code sss_krb5_kt_have_content + return 0; + #endif } + +krb5_error_code KRB5_CALLCONV @@ -797,16 +792,16 @@ diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h index db47e0a..c7b9a69 100644 --- a/src/util/sss_krb5.h +++ b/src/util/sss_krb5.h -@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context, +@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_cre void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name); +void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val); + - int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name, - krb5_context context, krb5_keytab keytab); - -@@ -136,7 +138,8 @@ krb5_error_code + krb5_error_code find_principal_in_keytab(krb5_context ctx, + krb5_keytab keytab, + const char *pattern_primary, +@@ -133,7 +135,8 @@ krb5_error_code sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal, int flags, char **name); @@ -816,7 +811,7 @@ index db47e0a..c7b9a69 100644 int canonicalize); enum sss_krb5_cc_type { -@@ -167,6 +170,10 @@ typedef krb5_times sss_krb5_ticket_times; +@@ -164,6 +167,10 @@ typedef krb5_times sss_krb5_ticket_times /* Redirect libkrb5 tracing towards our DEBUG statements */ errno_t sss_child_set_krb5_tracing(krb5_context ctx); @@ -827,10 +822,10 @@ index db47e0a..c7b9a69 100644 krb5_error_code sss_krb5_find_authdata(krb5_context context, krb5_authdata *const *ticket_authdata, krb5_authdata *const *ap_req_authdata, -@@ -184,4 +191,14 @@ char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx, - krb5_context ctx, - krb5_principal principal, - const char *location); +@@ -189,4 +196,14 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx + + krb5_error_code sss_krb5_kt_have_content(krb5_context context, + krb5_keytab keytab); + +krb5_error_code KRB5_CALLCONV +sss_krb5_unparse_name_ext(krb5_context ctx, @@ -842,6 +837,19 @@ index db47e0a..c7b9a69 100644 + krb5_timestamp *seconds, + int32_t *microseconds); #endif /* __SSS_KRB5_H__ */ +--- sssd-1.12.3/src/providers/krb5/krb5_keytab.c.orig 2015-01-08 18:19:45.000000000 +0100 ++++ sssd-1.12.3/src/providers/krb5/krb5_keytab.c 2015-01-12 18:14:26.452110024 +0100 +@@ -25,6 +25,10 @@ + #include "util/util.h" + #include "util/sss_krb5.h" + ++#ifndef MAX_KEYTAB_NAME_LEN ++#define MAX_KEYTAB_NAME_LEN 1100 ++#endif ++ + krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx, + char *inp_keytab_file, + char **_mem_name, #--- sssd-1.11.4/src/external/pac_responder.m4.orig 2014-02-17 19:55:32.000000000 +0100 #+++ sssd-1.11.4/src/external/pac_responder.m4 2014-03-22 17:59:50.707675270 +0100 #@@ -21,7 +21,8 @@ diff --git a/sssd-link.patch b/sssd-link.patch new file mode 100644 index 0000000..de3d6a5 --- /dev/null +++ b/sssd-link.patch @@ -0,0 +1,11 @@ +--- sssd-1.12.3/Makefile.am.orig 2015-01-12 18:49:06.135356150 +0100 ++++ sssd-1.12.3/Makefile.am 2015-01-12 19:16:19.545287606 +0100 +@@ -870,7 +870,7 @@ + src/sss_client/libwbclient/wbc_util_sssd.c + libwbclient_la_LIBADD = \ + libsss_nss_idmap.la \ +- $(CLIENT_LIBS) ++ $(CLIENT_LIBS) -ldl + libwbclient_la_LDFLAGS = \ + -Wl,--version-script,$(srcdir)/src/sss_client/libwbclient/wbclient.exports \ + -version-info 11:0:11 diff --git a/sssd.spec b/sssd.spec index 52795d2..3941b7f 100644 --- a/sssd.spec +++ b/sssd.spec @@ -6,16 +6,17 @@ Summary: System Security Services Daemon Summary(pl.UTF-8): System Security Services Daemon - demon usług bezpieczeństwa systemu Name: sssd -Version: 1.12.0 +Version: 1.12.3 Release: 0.1 License: GPL v3+ Group: Applications/System Source0: https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz -# Source0-md5: f313613db186d478e9b40e10506c8838 +# Source0-md5: b891c263819a1dde062d7065448a4d58 Source1: %{name}.init Patch0: %{name}-python-config.patch Patch1: %{name}-heimdal.patch Patch2: %{name}-systemd.patch +Patch3: %{name}-link.patch URL: https://fedorahosted.org/sssd/ BuildRequires: augeas-devel >= 1.0.0 BuildRequires: autoconf >= 2.59 @@ -39,10 +40,11 @@ BuildRequires: libcollection-devel >= 0.5.1 BuildRequires: libdhash-devel >= 0.4.2 BuildRequires: libini_config-devel >= 1.0.0 BuildRequires: ldb-devel >= %{ldb_version} +BuildRequires: libnfsidmap-devel BuildRequires: libnl-devel >= 3.2 BuildRequires: libselinux-devel BuildRequires: libsemanage-devel -BuildRequires: libtool +BuildRequires: libtool >= 2:2 BuildRequires: libxml2-progs BuildRequires: libxslt-progs BuildRequires: m4 @@ -133,6 +135,34 @@ Pakiet zawiera także kilka innych narzędzi administracyjnych: - sss_seed tworzący wpis użytkownika do szybkiego rozruchu, - sss_obfuscate do generowania utajnionego hasła LDAP. +%package libwbclient +Summary: The SSSD libwbclient implementation +Summary(pl.UTF-8): Implementacja libwbclient oparta na SSSD +Group: Libraries +License: LGPL v3+ +Requires: libsss_nss_idmap = %{version}-%{release} + +%description libwbclient +The SSSD implementation of Samba wbclient library. + +%description libwbclient -l pl.UTF-8 +Implementacja biblioteki Samba wbclient oparta na SSSD. + +%package libwbclient-devel +Summary: Development files of the SSSD libwbclient implementation +Summary(pl.UTF-8): Pliki programistyczne implementacja libwbclient oparta na SSSD +Group: Development/Libraries +License: LGPL v3+ +Requires: %{name}-libwbclient = %{version}-%{release} + +%description libwbclient-devel +Development files for the SSSD implementation of Samba wbclient +library. + +%description libwbclient-devel -l pl.UTF-8 +Pliki programistyczne implementacji biblioteki Samba wbclient opartej +na SSSD. + %package -n libipa_hbac Summary: FreeIPA HBAC Evaluator library Summary(pl.UTF-8): Biblioteka oceniająca FreeIPA HBAC @@ -271,8 +301,9 @@ Pliki nagłówkowe biblioteki libsss_simpleifp. %prep %setup -q %patch0 -p1 -%patch1 -p1 -b .orig +%patch1 -p1 %patch2 -p1 +%patch3 -p1 %build %{__libtoolize} @@ -283,14 +314,15 @@ Pliki nagłówkowe biblioteki libsss_simpleifp. #CFLAGS="-Wno-deprecated-declarations" %configure \ NSCD=/usr/sbin/nscd \ + --enable-nfsidmaplibdir=/%{_lib}/libnfsidmap \ + --enable-nsslibdir=/%{_lib} \ + --enable-pammoddir=/%{_lib}/security \ + --disable-rpath \ --with-db-path=%{dbpath} \ + --with-init-dir=/etc/rc.d/init.d \ --with-initscript=sysv,systemd \ --with-pipe-path=%{pipepath} \ --with-pubconf-path=%{pubconfpath} \ - --with-init-dir=/etc/rc.d/init.d \ - --enable-nsslibdir=/%{_lib} \ - --enable-pammoddir=/%{_lib}/security \ - --disable-rpath \ --with-systemdunitdir=%{systemdunitdir} \ --with-test-dir=/dev/shm @@ -331,12 +363,13 @@ cp -p src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd # Remove .la files created by libtool %{__rm} \ $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \ + $RPM_BUILD_ROOT/%{_lib}/libnfsidmap/sss.la \ $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \ $RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.la \ $RPM_BUILD_ROOT%{_libdir}/cifs-utils/*.la \ $RPM_BUILD_ROOT%{_libdir}/krb5/plugins/libkrb5/sss*.la \ $RPM_BUILD_ROOT%{_libdir}/sssd/libsss_*.la \ - $RPM_BUILD_ROOT%{_libdir}/sssd/modules/libsss_*.la \ + $RPM_BUILD_ROOT%{_libdir}/sssd/modules/lib*.la \ $RPM_BUILD_ROOT%{_libdir}/lib*.la \ $RPM_BUILD_ROOT%{py_sitedir}/*.la @@ -405,6 +438,7 @@ fi %attr(755,root,root) %{_libdir}/sssd/libsss_crypt.so %attr(755,root,root) %{_libdir}/sssd/libsss_debug.so %attr(755,root,root) %{_libdir}/sssd/libsss_ldap_common.so +%attr(755,root,root) %{_libdir}/sssd/libsss_semanage.so %attr(755,root,root) %{_libdir}/sssd/libsss_util.so # modules %attr(755,root,root) %{_libdir}/sssd/libsss_simple.so @@ -423,6 +457,7 @@ fi %attr(755,root,root) %{_libexecdir}/sssd/krb5_child %attr(755,root,root) %{_libexecdir}/sssd/ldap_child %attr(755,root,root) %{_libexecdir}/sssd/proxy_child +%attr(755,root,root) %{_libexecdir}/sssd/selinux_child %attr(755,root,root) %{_libexecdir}/sssd/sss_signal %attr(755,root,root) %{_libexecdir}/sssd/sssd_autofs %attr(755,root,root) %{_libexecdir}/sssd/sssd_be @@ -441,6 +476,7 @@ fi %{_datadir}/sssd/sssd.api.d/sssd-local.conf %{_datadir}/sssd/sssd.api.d/sssd-proxy.conf %{_datadir}/sssd/sssd.api.d/sssd-simple.conf +%attr(755,root,root) /%{_lib}/libnfsidmap/sss.so %attr(755,root,root) %{ldb_modulesdir}/memberof.so %dir %{sssdstatedir} %attr(700,root,root) %dir %{dbpath} @@ -458,6 +494,7 @@ fi %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service %{_mandir}/man1/sss_ssh_authorizedkeys.1* %{_mandir}/man1/sss_ssh_knownhostsproxy.1* +%{_mandir}/man5/sss_rpcidmapd.5* %{_mandir}/man5/sssd.conf.5* %{_mandir}/man5/sssd-ad.5* %{_mandir}/man5/sssd-ifp.5* @@ -559,3 +596,13 @@ fi %{_includedir}/sss_sifp.h %{_includedir}/sss_sifp_dbus.h %{_pkgconfigdir}/sss_simpleifp.pc + +%files libwbclient +%defattr(644,root,root,755) +%attr(755,root,root) %{_libdir}/sssd/modules/libwbclient.so.* + +%files libwbclient-devel +%defattr(644,root,root,755) +%attr(755,root,root) %{_libdir}/sssd/modules/libwbclient.so +%{_includedir}/wbclient_sssd.h +%{_pkgconfigdir}/wbclient_sssd.pc -- 2.43.0