File sssd.spec of Package sssd.5306
#
# spec file for package sssd
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: sssd
Version: 1.11.5.1
Release: 0
Summary: System Security Services Daemon
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Daemons
Url: https://fedorahosted.org/sssd/
#Git-Clone: git://git.fedorahosted.org/sssd
Source: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz
Source2: https://fedorahosted.org/released/sssd/sssd-%version.tar.gz.asc
Source3: baselibs.conf
Source4: sssd.service
Source5: sssd.keyring
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Patch1: 0001-build-detect-endianness-at-configure-time.patch
Patch2: 0002-Signals-Remove-unused-functions.patch
Patch3: 0003-SSH-Allow-newline-at-the-end-of-public-key-values-in.patch
Patch4: 0004-SDAP-Continue_resolving_SID_even_if_some_fail.patch
Patch5: 0005-LDAP-tokengroups_do_not_work_with_id_provider=ldap.patch
Patch6: 0006-MAN-Detailed-ldap_group_nesting_level-option.patch
Patch7: 0007-SDAP-Add-option-to-disable-use-of-Token-Groups.patch
Patch8: 0008-SDAP-Make-nesting_level-0-to-ignore-nested-groups.patch
Patch9: 0009-LDAP-Disable-token-groups-by-default.patch
Patch10: 0010-Fix-segfault-in-sss_cache.patch
Patch11: 0011-sudo-use-dbus-array-for-rules-refresh.patch
Patch12: 0012-sudo-work-with-correct-D-Bus-iterator.patch
Patch13: 0013-remove-robust-mutex.patch
Patch14: 0014-CVE-2014-0249-incorrect-expansion-of-group-membership.patch
Patch15: 0015-sudo-use-higher-value-wins-when-ordering.patch
Patch16: 0016-sudo-fetch-sudoRunAs-attribute.patch
Patch17: 131202-monitor-memory-leak-bug.patch
Patch18: 140417-NSS-fix-memory-leak-in-sysdb_getnetgr.patch
Patch19: 140417-NSS-sysdb_getnetgr-refactor.patch
Patch20: 140513-AD-Do-not-remove-non-root-domains-when-looking-up-ro.patch
Patch21: 140619-SYSDB-sysdb_search_custom-fix-memory-leak.patch
Patch22: 140619-SYSDB-sysdb_search_entry-fix-memory-leak.patch
Patch23: 140624-NSS-lookup_netgr_step-don-t-access-result-on-ENOENT.patch
Patch24: 140719-sss_client-Fix-memory-leak-in-nss_mc_-group-passwd.patch
Patch25: 141030-CONFDB-Detect-fix-misconf-opt-refresh_expired_interv.patch
Patch26: 141030-2-NSS-disable-midpoint-refresh-for-netgroups.patch
Patch27: 150923-Fix-memory-leak-in-sssdpac_verify.patch
Patch28: 151022-LDAP-Fix-leak-of-file-descriptors.patch
Patch29: 151127-NSS-Fix-memory-leak-netgroup.patch
Patch30: 160118-NSS-do-not-skip-cache-check-for-netgoups.patch
Patch31: 1072694-initgr-only-search-for-primary-group-if-it-is-not-al.patch
Patch32: 1072694-ldap-skip-sdap_save_grpmem-if-ignore_group_members-i.patch
Patch33: 1101536-SDAP-Set-initgroups-expire-attribute-at-the-end.patch
Patch34: 1101536-negcache-Soften-condition-for-expired-entries.patch
%define servicename sssd
%define sssdstatedir %_localstatedir/lib/sss
%define dbpath %sssdstatedir/db
%define pipepath %sssdstatedir/pipes
%define pubconfpath %sssdstatedir/pubconf
%define mcpath %sssdstatedir/mc
%if %suse_version <= 1110
# SLES11 doesn't know the python_* macros
%define python_sitelib %py_sitedir
%define python_sitearch %py_sitedir
%endif
BuildRequires: autoconf >= 2.59
BuildRequires: automake
BuildRequires: bind-utils
BuildRequires: cyrus-sasl-devel
BuildRequires: docbook-xsl-stylesheets
BuildRequires: krb5-devel
BuildRequires: libtool
BuildRequires: pkgconfig >= 0.21
%if 0%{?suse_version} >= 1210
BuildRequires: pkgconfig(collection) >= 0.5.1
BuildRequires: pkgconfig(dbus-1) >= 1.0.0
BuildRequires: pkgconfig(dhash) >= 0.4.2
BuildRequires: pkgconfig(glib-2.0)
BuildRequires: pkgconfig(ini_config) >= 0.6.1
BuildRequires: pkgconfig(ldb) >= 0.9.2
BuildRequires: pkgconfig(libcares)
BuildRequires: pkgconfig(libnl-1) >= 1.1
BuildRequires: pkgconfig(libpcre) >= 7
BuildRequires: pkgconfig(ndr_nbt)
BuildRequires: pkgconfig(openssl)
BuildRequires: pkgconfig(popt)
BuildRequires: pkgconfig(python)
BuildRequires: pkgconfig(talloc)
BuildRequires: pkgconfig(tdb) >= 1.1.3
BuildRequires: pkgconfig(tevent)
%else
BuildRequires: dbus-1-devel >= 1.0.0
BuildRequires: glib2-devel
BuildRequires: libcares-devel
BuildRequires: libcollection-devel >= 0.5.1
BuildRequires: libdhash-devel >= 0.4.2
BuildRequires: libini_config-devel >= 0.6.1
BuildRequires: libldb-devel >= 0.9.2
BuildRequires: libnl-devel >= 1.1
BuildRequires: libopenssl-devel
BuildRequires: libtalloc-devel
BuildRequires: libtdb-devel >= 1.1.3
BuildRequires: libtevent-devel
BuildRequires: pcre-devel >= 7
BuildRequires: popt-devel
BuildRequires: python-devel
BuildRequires: samba-devel >= 4
%endif
BuildRequires: samba-libs >= 4
%if 0%{?suse_version} >= 1220
BuildRequires: libxml2-tools
BuildRequires: libxslt-tools
%else
BuildRequires: libxml2
BuildRequires: libxslt
%endif
BuildRequires: nscd
BuildRequires: openldap2-devel
BuildRequires: pam-devel
BuildRequires: pkg-config
%if %suse_version >= 1210
BuildRequires: systemd
%{?systemd_requires}
%endif
%if %suse_version >= 1230
BuildRequires: gpg-offline
%endif
Requires: libsss_sudo = %version-%release
Requires: sssd-ldap = %version-%release
Requires(postun): pam-config
Recommends: logrotate
%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.
%package ad
Summary: The ActiveDirectory backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name-krb5-common = %version
%description ad
Provides the Active Directory back end that the SSSD can utilize to
fetch identity data from and authenticate against an Active Directory
server.
%package ipa
Summary: FreeIPA backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name = %version
Requires: %name-krb5-common = %version-%release
Obsoletes: %name-ipa-provider < %version-%release
Provides: %name-ipa-provider = %version-%release
%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity
data from and authenticate against an IPA server.
%package krb5
Summary: The Kerberos authentication backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name-krb5-common = %version-%release
%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.
%package krb5-common
Summary: SSSD helpers needed for Kerberos and GSSAPI authentication
License: GPL-3.0-or-later
Group: System/Daemons
Requires: cyrus-sasl-gssapi
%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can
use for Kerberos user or host authentication.
%package ldap
Summary: The LDAP backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
Requires: %name-krb5-common = %version-%release
%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch
identity data from and authenticate against an LDAP server.
%package proxy
Summary: The proxy backend plugin for sssd
License: GPL-3.0-or-later
Group: System/Daemons
%description proxy
Provides the proxy back end which can be used to wrap an existing NSS
and/or PAM modules to leverage SSSD caching.
%package tools
Summary: Commandline tools for sssd
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: System/Management
Requires: python-sssd-config = %version
Requires: sssd = %version
%description tools
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).
%package -n libipa_hbac0
Summary: FreeIPA HBAC Evaluator library
License: LGPL-3.0-or-later
Group: System/Libraries
%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libipa_hbac-devel
Summary: Development files for the FreeIPA HBAC Evaluator library
License: LGPL-3.0-or-later
Group: Development/Libraries/C and C++
Requires: libipa_hbac0 = %version
%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.
%package -n libsss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0-or-later
Group: System/Libraries
%description -n libsss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0-or-later
Group: Development/Libraries/C and C++
Requires: libsss_idmap0 = %version
%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_nss_idmap0
Summary: FreeIPA ID mapping library
License: LGPL-3.0-or-later
Group: System/Libraries
%description -n libsss_nss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_nss_idmap-devel
Summary: Development files for the FreeIPA idmap library
License: LGPL-3.0-or-later
Group: Development/Libraries/C and C++
Requires: libsss_nss_idmap0 = %version
%description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.
%package -n libsss_sudo
Summary: A library to allow communication between sudo and SSSD
License: LGPL-3.0-or-later
Group: System/Libraries
Provides: libsss_sudo-devel = %version-%release
Obsoletes: libsss_sudo-devel < %version-%release
# No provides: true obsolete.
Obsoletes: libsss_sudo1
%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.
%package -n python-ipa_hbac
Summary: Python bindings for the FreeIPA HBAC Evaluator library
License: LGPL-3.0-or-later
Group: Development/Libraries/Python
%py_requires
%description -n python-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.
%package -n python-sss_nss_idmap
Summary: Python bindings for libsss_nss_idmap
License: LGPL-3.0-or-later
Group: Development/Libraries/Python
%py_requires
%description -n python-sss_nss_idmap
The libsss_nss_idmap-python contains the bindings so that
libsss_nss_idmap can be used by Python applications.
%package -n python-sssd-config
Summary: Python API for configuring sssd
License: GPL-3.0-or-later AND LGPL-3.0-or-later
Group: Development/Libraries/Python
%py_requires
%description -n python-sssd-config
Provide python module to access and manage configuration of the System
Security Services Daemon (sssd).
%prep
%{?gpg_verify: %gpg_verify %{S:2}}
%setup -q
%patch1 -p0
%patch2 -p0
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
%patch27 -p1
%patch28 -p1
%patch29 -p1
%patch30 -p1
%patch31 -p1
%patch32 -p1
%patch33 -p1
%patch34 -p1
%build
%if 0%{?suse_version} < 1210
# pkgconfig file not present
export LDB_LIBS="-lldb"
export LDB_CFLAGS=" "
export LDB_DIR="%_libdir/ldb"
%else
export LDB_DIR="$(pkg-config ldb --variable=modulesdir)"
%endif
# help configure find nscd
export PATH="$PATH:/usr/sbin"
autoreconf -fi;
%configure \
--with-crypto=libcrypto \
--with-db-path="%dbpath" \
--with-mcache-path="%mcpath" \
--with-pipe-path="%pipepath" \
--with-pubconf-path="%pubconfpath" \
--with-init-dir="%_initrddir" \
--enable-nsslibdir="/%_lib" \
--enable-pammoddir="/%_lib/security" \
--with-ldb-lib-dir="$LDB_DIR" \
--with-selinux=no \
--with-os=suse \
--with-semanage=no \
--disable-ldb-version-check \
--disable-pac-responder
make %{?_smp_mflags} all
%install
b="%buildroot";
make install DESTDIR="$b"
# Copy default sssd.conf file
install -d "$b/%_mandir"/{cs,cs/man8,nl,nl/man8,pt,pt/man8,uk,uk/man1} \
"$b/%_mandir"/{uk/man5,uk/man8};
install -d "$b/%_sysconfdir/sssd";
mkdir -p "$b/%_sysconfdir/logrotate.d"
install -m600 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd";
install -m600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf";
%if 0%{?_unitdir:1}
install -d "$b/%_unitdir";
# Missing service file in 1.11.5.1
#install src/sysv/systemd/sssd.service "$b/%_unitdir/sssd.service";
install -m644 %{S:4} "$b/%_unitdir/sssd.service";
rm -Rf "$b/%_initddir"
%else
install src/sysv/SUSE/sssd "$b/%_sysconfdir/init.d/sssd";
ln -sf ../../etc/init.d/sssd "$b/usr/sbin/rcsssd"
%endif
find "$b" -type f -name "*.la" -delete;
%if %suse_version <= 1110
# remove some unsupported languages, sssd does not contain
# translations for these anyway
rm -Rf "$b/usr/share/locale"/{fa_IR,ja_JP,lt_LT,ta_IN,vi_VN}
%endif
%find_lang %name --all-name
%if 0%{?_unitdir:1}
%pre
%service_add_pre sssd.service
%endif
%post
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' %_sysconfdir/sssd/sssd.conf
/sbin/ldconfig
%if 0%{?_unitdir:1}
%service_add_post sssd.service
%endif
%if 0%{?_unitdir:1}
%preun
%service_del_preun sssd.service
%endif
%postun
if [ "$1" == "0" ]; then
"%_sbindir/pam-config" -d --sss || :;
fi;
/sbin/ldconfig
%if 0%{?_unitdir:1}
%service_del_postun sssd.service
%endif
%post -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%post -n libsss_nss_idmap0 -p /sbin/ldconfig
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
%files -f sssd.lang
%defattr(-,root,root)
%license COPYING
%if 0%{?_unitdir:1}
%_unitdir
%else
%_initrddir/%name
%_sbindir/rcsssd
%endif
%_bindir/sss_ssh_*
%_sbindir/sssd
%dir %_mandir/??/
%dir %_mandir/??/man?/
%_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd.conf.5*
%_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man5/sssd.conf.5*
%_mandir/man8/sssd.8*
%dir %_libdir/%name/
%_libdir/%name/libsss_child*
%_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
%_libdir/%name/modules/
%dir %_libdir/ldb/
%_libdir/ldb/memberof.so
%dir %_libexecdir/%name/
%_libexecdir/%name/sssd_*
%dir %sssdstatedir
%attr(755,root,root) %dir %mcpath
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %mcpath/passwd
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %mcpath/group
%ghost %attr(0644,root,root) %verify(not md5 size mtime) %mcpath/initgroups
%attr(700,root,root) %dir %dbpath/
%attr(755,root,root) %dir %pipepath/
%attr(700,root,root) %dir %pipepath/private/
%attr(755,root,root) %dir %pubconfpath/
%attr(750,root,root) %dir %_localstatedir/log/%name/
%dir %_sysconfdir/sssd/
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%config(noreplace) %_sysconfdir/logrotate.d/sssd
%dir %_datadir/%name/
%_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-local.conf
%_datadir/%name/sssd.api.d/sssd-simple.conf
#
# sssd-client
#
/%_lib/libnss_sss.so.2
/%_lib/security/pam_sss.so
%_libdir/krb5/plugins/libkrb5/*
%_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/man8/pam_sss.8*
%_mandir/man8/sssd_krb5_locator_plugin.8*
%files ad
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ad.so
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-ad.5*
%_mandir/??/man5/sssd-ad.5*
%files ipa
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ipa*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-ipa.5*
%_mandir/??/man5/sssd-ipa.5*
%files krb5
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5*
%files krb5-common
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/krb5_child
%_libexecdir/%name/ldap_child
%files ldap
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_ldap*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5*
%_mandir/man5/sssd-ldap.5*
%files proxy
%defattr(-,root,root)
%dir %_libdir/%name/
%_libdir/%name/libsss_proxy.so
%dir %_libexecdir/%name/
%_libexecdir/%name/proxy_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-proxy.conf
%files tools
%defattr(-,root,root)
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_groupadd
%_sbindir/sss_groupdel
%_sbindir/sss_groupmod
%_sbindir/sss_groupshow
%_sbindir/sss_seed
%_sbindir/sss_obfuscate
%_sbindir/sss_useradd
%_sbindir/sss_userdel
%_sbindir/sss_usermod
%dir %_mandir/??/man8/
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sss_*.8*
%files -n libipa_hbac0
%defattr(-,root,root)
%_libdir/libipa_hbac.so.0*
%files -n libipa_hbac-devel
%defattr(-,root,root)
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc
%files -n libsss_idmap0
%defattr(-,root,root)
%_libdir/libsss_idmap.so.0*
%files -n libsss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_idmap.h
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc
%files -n libsss_nss_idmap0
%defattr(-,root,root)
%_libdir/libsss_nss_idmap.so.0*
%files -n libsss_nss_idmap-devel
%defattr(-,root,root)
%_includedir/sss_nss_idmap.h
%_libdir/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc
%files -n libsss_sudo
%defattr(-,root,root)
%_libdir/libsss_sudo.so
%files -n python-ipa_hbac
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pyhbac.so
%files -n python-sss_nss_idmap
%defattr(-,root,root)
%dir %python_sitearch
%python_sitearch/pysss_nss_idmap.so
%files -n python-sssd-config
%defattr(-,root,root)
%python_sitearch/pysss.so
%python_sitearch/pysss_murmur.so
%python_sitelib/SSSDConfig*
%changelog
