File sssd.spec of Package sssd

#
# spec file for package sssd
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           sssd
Version:        2.9.5
Release:        0
Summary:        System Security Services Daemon
License:        GPL-3.0-or-later AND LGPL-3.0-or-later
Group:          System/Daemons
URL:            https://github.com/SSSD/sssd
#Git-Clone:	https://github.com/SSSD/sssd
Source:         https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz
Source2:        https://github.com/SSSD/sssd/releases/download/%version/%name-%version.tar.gz.asc
Source3:        baselibs.conf
Source5:        %name.keyring
Patch1:         krb-noversion.diff
Patch2:         harden_sssd-ifp.service.patch
Patch3:         harden_sssd-kcm.service.patch
Patch4:         symvers.patch
BuildRequires:  autoconf >= 2.59
BuildRequires:  automake
BuildRequires:  bind-utils
BuildRequires:  check-devel
BuildRequires:  cifs-utils-devel
BuildRequires:  cyrus-sasl-devel
BuildRequires:  docbook-xsl-stylesheets
BuildRequires:  krb5-devel >= 1.12
BuildRequires:  libcmocka-devel
%if 0%{?suse_version} >= 1600
BuildRequires:  libsubid-devel
%endif
BuildRequires:  libtool
BuildRequires:  libunistring-devel
BuildRequires:  libxml2-tools
BuildRequires:  libxslt-tools
BuildRequires:  nscd
BuildRequires:  nss_wrapper
BuildRequires:  openldap2-devel
BuildRequires:  pam-devel
BuildRequires:  pkg-config >= 0.21
BuildRequires:  systemd-rpm-macros
BuildRequires:  uid_wrapper
BuildRequires:  pkgconfig(augeas) >= 1.0.0
BuildRequires:  pkgconfig(collection) >= 0.5.1
BuildRequires:  pkgconfig(dbus-1) >= 1.0.0
BuildRequires:  pkgconfig(dhash) >= 0.4.2
BuildRequires:  pkgconfig(glib-2.0)
BuildRequires:  pkgconfig(ini_config) >= 1.1.0
BuildRequires:  pkgconfig(jansson)
BuildRequires:  pkgconfig(ldb) >= 0.9.2
BuildRequires:  pkgconfig(libcares)
BuildRequires:  pkgconfig(libcrypto)
%if 0%{?suse_version} >= 1600
BuildRequires:  pkgconfig(libcurl)
%endif
BuildRequires:  pkgconfig(libnfsidmap)
BuildRequires:  pkgconfig(libnl-3.0) >= 3.0
BuildRequires:  pkgconfig(libnl-route-3.0) >= 3.0
BuildRequires:  pkgconfig(libpcre2-8)
%if 0%{?suse_version} >= 1600
BuildRequires:  pkgconfig(libsemanage)
%endif
BuildRequires:  pkgconfig(libsystemd)
BuildRequires:  pkgconfig(ndr_krb5pac)
BuildRequires:  pkgconfig(ndr_nbt)
BuildRequires:  pkgconfig(p11-kit-1) >= 0.23.3
BuildRequires:  pkgconfig(popt)
BuildRequires:  pkgconfig(python3)
BuildRequires:  pkgconfig(smbclient)
BuildRequires:  pkgconfig(talloc)
BuildRequires:  pkgconfig(tdb) >= 1.1.3
BuildRequires:  pkgconfig(tevent)
BuildRequires:  pkgconfig(uuid)
%if 0%{?suse_version} && 0%{?suse_version} < 1600
# samba-client-devel pulls samba-client-libs pulls libldap-2_4-2 wants libldap-data(-2.4);
# this conflicts with
# openldap2-devel pulls libldap2 wants libldap-data(-2.6)
# Package contains just config files, not needed for build.
#!BuildIgnore: libldap-data
%endif
%{?systemd_ordering}
Requires:       sssd-ldap = %version-%release
Requires(postun): pam-config
Provides:       libsss_sudo = %version-%release
Provides:       sssd-client = %version-%release
Obsoletes:      libsss_sudo < %version-%release
Provides:       sssd-common = %version-%release
Obsoletes:      sssd-common < %version-%release

%define servicename	sssd
%define sssdstatedir	%_localstatedir/lib/sss
%define dbpath		%sssdstatedir/db
%define pipepath	%sssdstatedir/pipes
%define pubconfpath	%sssdstatedir/pubconf
%define gpocachepath	%sssdstatedir/gpo_cache
%define ldbdir %(pkg-config ldb --variable=modulesdir)

# Both SSSD and cifs-utils provide an idmap plugin for cifs.ko
# %%_sysconfdir/cifs-utils/idmap-plugin should be a symlink to one of the 2 idmap plugins
# * cifs-utils one is the default (priority 20)
# * installing SSSD should NOT switch to SSSD plugin (priority 10)
%define cifs_idmap_plugin       %_sysconfdir/cifs-utils/idmap-plugin
%define cifs_idmap_lib          %_libdir/cifs-utils/cifs_idmap_sss.so
%define cifs_idmap_name         cifs-idmap-plugin
%define cifs_idmap_priority     10
Requires(post): update-alternatives
Requires(postun): update-alternatives

%description
Provides a set of daemons to manage access to remote directories and
authentication mechanisms. It provides an NSS and PAM interface toward
the system and a pluggable backend system to connect to multiple different
account sources. It is also the basis to provide client auditing and policy
services for projects like FreeIPA.

%package ad
Summary:        The ActiveDirectory backend plugin for sssd
License:        GPL-3.0-or-later
Group:          System/Daemons
Requires:       %name-krb5-common = %version-%release
Requires:       adcli

%description ad
Provides the Active Directory back end that the SSSD can utilize to
fetch identity data from and authenticate against an Active Directory
server.

%package dbus
Summary:        The D-Bus responder of sssd
License:        GPL-3.0-or-later
Group:          System/Base
Requires:       %name = %version

%description dbus
Provides the D-Bus responder of sssd, called InfoPipe, which allows
information from sssd to be transmitted over the system bus.

%package ipa
Summary:        FreeIPA backend plugin for sssd
License:        GPL-3.0-or-later
Group:          System/Daemons
Requires:       %name = %version
Requires:       %name-ad = %version-%release
Requires:       %name-krb5-common = %version-%release
Obsoletes:      %name-ipa-provider < %version-%release
Provides:       %name-ipa-provider = %version-%release

%description ipa
Provides the IPA back end that the SSSD can utilize to fetch identity
data from and authenticate against an IPA server.

%package kcm
Summary:        SSSD's Kerberos cache manager
License:        GPL-3.0-or-later
Group:          System/Daemons
Requires:       sssd = %version-%release

%description kcm
KCM is a process that stores, tracks and manages Kerberos credential
caches.

%package krb5
Summary:        The Kerberos authentication backend plugin for sssd
License:        GPL-3.0-or-later
Group:          System/Daemons
Requires:       %name-krb5-common = %version-%release

%description krb5
Provides the Kerberos back end that the SSSD can utilize authenticate
against a Kerberos server.

%package krb5-common
Summary:        SSSD helpers needed for Kerberos and GSSAPI authentication
License:        GPL-3.0-or-later
Group:          System/Daemons
Requires:       cyrus-sasl-gssapi

%description krb5-common
Provides helper processes that the LDAP and Kerberos back ends can
use for Kerberos user or host authentication.

%package ldap
Summary:        The LDAP backend plugin for sssd
License:        GPL-3.0-or-later
Group:          System/Daemons
Requires:       %name-krb5-common = %version-%release

%description ldap
Provides the LDAP back end that the SSSD can utilize to fetch
identity data from and authenticate against an LDAP server.

%package proxy
Summary:        The proxy backend plugin for sssd
License:        GPL-3.0-or-later
Group:          System/Daemons

%description proxy
Provides the proxy back end which can be used to wrap an existing NSS
and/or PAM modules to leverage SSSD caching.

%package tools
Summary:        Commandline tools for sssd
License:        GPL-3.0-or-later AND LGPL-3.0-or-later
Group:          System/Management
Requires:       python3-sssd-config = %version-%release
Requires:       sssd = %version

%description tools
The packages contains commandline tools for managing users and groups using
the "local" id provider of the System Security Services Daemon (sssd).

%package winbind-idmap
Summary:        The sss idmap backend for Winbind
Group:          System/Libraries

%description winbind-idmap
The idmap_sss module provides a way for Winbind to call SSSD to map
UIDs/GIDs and SIDs.

%package -n libsss_certmap0
Summary:        FreeIPA ID mapping library
License:        LGPL-3.0-or-later
Group:          System/Libraries

%description -n libsss_certmap0
A utility library for FreeIPA to map certs.

%package -n libsss_certmap-devel
Summary:        Development files for the FreeIPA certmap library
License:        LGPL-3.0-or-later
Group:          Development/Libraries/C and C++
Requires:       libsss_certmap0 = %version

%description -n libsss_certmap-devel
A utility library for FreeIPA to map certs.

%package -n libipa_hbac0
Summary:        FreeIPA HBAC Evaluator library
License:        LGPL-3.0-or-later
Group:          System/Libraries

%description -n libipa_hbac0
Utility library to validate FreeIPA HBAC rules for authorization
requests.

%package -n libipa_hbac-devel
Summary:        Development files for the FreeIPA HBAC Evaluator library
License:        LGPL-3.0-or-later
Group:          Development/Libraries/C and C++
Requires:       libipa_hbac0 = %version

%description -n libipa_hbac-devel
Utility library to validate FreeIPA HBAC rules for authorization
requests.

%package -n libnfsidmap-sss
Summary:        Library to allow communication between libnfsidmap and SSSD
License:        GPL-3.0-or-later
Group:          System/Libraries
Supplements:    (nfsidmap and sssd-client)

%description -n libnfsidmap-sss
A utility library to allow communication between libnfsidmap and SSSD.

%package -n libsss_idmap0
Summary:        FreeIPA ID mapping library
License:        LGPL-3.0-or-later
Group:          System/Libraries

%description -n libsss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_idmap-devel
Summary:        Development files for the FreeIPA idmap library
License:        LGPL-3.0-or-later
Group:          Development/Libraries/C and C++
Requires:       libsss_idmap0 = %version

%description -n libsss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_nss_idmap0
Summary:        FreeIPA ID mapping library
License:        LGPL-3.0-or-later
Group:          System/Libraries

%description -n libsss_nss_idmap0
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%package -n libsss_nss_idmap-devel
Summary:        Development files for the FreeIPA idmap library
License:        LGPL-3.0-or-later
Group:          Development/Libraries/C and C++
Requires:       libsss_nss_idmap0 = %version

%description -n libsss_nss_idmap-devel
A utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.

%if 0%{?suse_version} < 1600
%package -n libsss_simpleifp0
Summary:        The SSSD D-Bus responder helper library
License:        GPL-3.0-or-later
Group:          System/Libraries
# Even though sssd has obsoleted simpleifp, the plan here is to retain ABI
# compatibility with the existing SUSE 15.x product line. ...at least, until
# sssd completely removes SIFP from source.

%description -n libsss_simpleifp0
This subpackage provides a library that simplifies the D-Bus API for
the SSSD InfoPipe responder.

%package -n libsss_simpleifp-devel
Summary:        Development files for the SSSD D-Bus responder helper library
License:        GPL-3.0-or-later
Group:          Development/Libraries/C and C++
Requires:       libsss_simpleifp0 = %version

%description -n libsss_simpleifp-devel
This subpackage provides the development files for sssd's simpleifp,
a library that simplifies the D-Bus API for the SSSD InfoPipe
responder.
%endif

%package -n libsss_sudo
Summary:        A library to allow communication between sudo and SSSD
License:        LGPL-3.0-or-later
Group:          System/Libraries
Supplements:    (sudo and sssd-client)

%description -n libsss_sudo
A utility library to allow communication between sudo and SSSD.

%package -n python3-ipa_hbac
Summary:        Python bindings for the FreeIPA HBAC Evaluator library
License:        LGPL-3.0-or-later
Group:          Development/Libraries/Python
Requires:       python3

%description -n python3-ipa_hbac
The python-ipa_hbac package contains the bindings so that libipa_hbac
can be used by Python applications.

%package -n python3-sss-murmur
Summary:        Python3 bindings for SSSD Murmur hash function
License:        LGPL-3.0-or-later
Group:          Development/Libraries/Python
Requires:       python3

%description -n python3-sss-murmur
This subpackage provides the python3 module for calculating the
Murmur hash version 3.

%package -n python3-sss_nss_idmap
Summary:        Python bindings for libsss_nss_idmap
License:        LGPL-3.0-or-later
Group:          Development/Libraries/Python
Requires:       python3

%description -n python3-sss_nss_idmap
The libsss_nss_idmap-python contains the bindings so that
libsss_nss_idmap can be used by Python applications.

%package -n python3-sssd-config
Summary:        Python API for configuring sssd
License:        GPL-3.0-or-later AND LGPL-3.0-or-later
Group:          Development/Libraries/Python
Requires:       python3

%description -n python3-sssd-config
Provide python module to access and manage configuration of the System
Security Services Daemon (sssd).

%prep
%autosetup -p1

%build
# help configure find nscd
export PATH="$PATH:/usr/sbin"

autoreconf -fiv
%configure \
	--with-db-path="%dbpath" \
	--with-pipe-path="%pipepath" \
	--with-pubconf-path="%pubconfpath" \
	--with-gpo-cache-path="%gpocachepath" \
	--with-environment-file="%_sysconfdir/sysconfig/sssd" \
	--with-initscript=systemd \
	--with-syslog=journald \
	--with-pid-path="%_rundir" \
	--enable-nsslibdir="/%_lib" \
	--enable-pammoddir="%_pam_moduledir" \
	--with-ldb-lib-dir="%ldbdir" \
	--with-os=suse \
	--disable-ldb-version-check \
	--without-python2-bindings \
	--without-oidc-child \
%if 0%{?suse_version} >= 1600
	--with-selinux=yes \
	--with-subid
%else
	--with-selinux=no \
	--with-semanage=no \
	--with-libsifp \
	--with-files-provider
%endif
%make_build all

%install
# sss_obfuscate is compatible with both python 2 and 3
perl -i -lpe 's{%_bindir/python\b}{%_bindir/python3}' src/tools/sss_obfuscate
%make_install dbuspolicydir=%_datadir/dbus-1/system.d
b="%buildroot"

# Copy some defaults
%if "%{?_distconfdir}" != ""
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_distconfdir/sssd/sssd.conf"
install -d -m 0755 "$b/%_distconfdir/sssd/conf.d"
%else
install -D -p -m 0600 src/examples/sssd-example.conf "$b/%_sysconfdir/sssd/sssd.conf"
install -d -m 0755 "$b/%_sysconfdir/sssd/conf.d"
%endif
install -d "$b/%_unitdir"
%if 0%{?suse_version} > 1500
install -d "$b/%_distconfdir/logrotate.d"
install -m644 src/examples/logrotate "$b/%_distconfdir/logrotate.d/sssd"
install -d "$b/%_pam_vendordir"
mv "$b/%_pam_confdir/sssd-shadowutils" "$b/%_pam_vendordir"
%else
install -d "$b/%_sysconfdir/logrotate.d"
install -m644 src/examples/logrotate "$b/%_sysconfdir/logrotate.d/sssd"
%endif

rm -Rfv "$b/%_initddir"
%if 0%{?suse_version} < 1600
ln -s service "$b/%_sbindir/rcsssd"
%endif

mkdir -pv "$b/%sssdstatedir/mc"
find "$b" -type f -name "*.la" -print -delete
%find_lang %name --all-name

# dummy target for cifs-idmap-plugin
mkdir -pv %buildroot/%_sysconfdir/alternatives %buildroot/%_sysconfdir/cifs-utils
ln -sfv %_sysconfdir/alternatives/%cifs_idmap_name %buildroot/%cifs_idmap_plugin
%python3_fix_shebang
%if 0%{?suse_version} > 1600
%python3_fix_shebang_path %buildroot/%_libexecdir/%name/
%elif 0%{?suse_version} == 1600
# python3_fix_shebang_path macro does not exist in < 1600, was added in python-rom-macros 20231204
sed -i '1s@#!.*python.*@#!%{_bindir}/python3.11@' %{buildroot}/%{_libexecdir}/%{name}/sss_analyze
%endif

%check
# sss_config-tests fails
%make_build check || :

%pre
%service_add_pre sssd.service
%if "%{?_distconfdir}" != ""
# Prepare for migration to /usr/etc; save any old .rpmsave
for i in sssd/sssd.conf pam.d/sssd-shadowutils logrotate.d/sssd ; do
	test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i.rpmsave.old" || :
done
%endif

%post
/sbin/ldconfig
# migrate config variable krb5_kdcip to krb5_server (bnc#851048)
if [ -f "%_sysconfdir/sssd/sssd.conf" ]; then
	/bin/sed -i -e 's,^krb5_kdcip =,krb5_server =,g' "%_sysconfdir/sssd/sssd.conf"
fi
%service_add_post sssd.service

# install SSSD cifs-idmap plugin as an alternative
update-alternatives --install %cifs_idmap_plugin %cifs_idmap_name %cifs_idmap_lib %cifs_idmap_priority

%preun
%service_del_preun sssd.service

%postun
/sbin/ldconfig
if [ "$1" = "0" -a -x "%_sbindir/pam-config" ]; then
	"%_sbindir/pam-config" -d --sss || :
fi
# del_postun includes a try-restart
%service_del_postun sssd.service

if [ ! -f "%cifs_idmap_lib" ]; then
	update-alternatives --remove %cifs_idmap_name %cifs_idmap_lib
fi

%post   -n libsss_certmap0 -p /sbin/ldconfig
%postun -n libsss_certmap0 -p /sbin/ldconfig
%post   -n libipa_hbac0 -p /sbin/ldconfig
%postun -n libipa_hbac0 -p /sbin/ldconfig
%post   -n libsss_idmap0 -p /sbin/ldconfig
%postun -n libsss_idmap0 -p /sbin/ldconfig
%post   -n libsss_nss_idmap0 -p /sbin/ldconfig
%postun -n libsss_nss_idmap0 -p /sbin/ldconfig
%if 0%{?suse_version} < 1600
%post   -n libsss_simpleifp0 -p /sbin/ldconfig
%postun -n libsss_simpleifp0 -p /sbin/ldconfig
%endif

%triggerun -- %name < %version-%release
# sssd takes care of upgrading the database but it doesn't handle downgrades.
# Clear caches when downgrading the package, which may have an
# incompatible format afterwards preventing the daemon from startup.
if [ "$1" = "1" ] && [ "$2" = "2" ]; then
	echo "Package downgrade detected, removing cache files which may have an incompatible format."
	rm -f /var/lib/sss/db/*.ldb
fi

%pre dbus
%service_add_pre sssd-ifp.service

%post dbus
%service_add_post sssd-ifp.service

%preun dbus
%service_del_preun sssd-ifp.service

%postun dbus
%service_del_postun sssd-ifp.service

%pre kcm
%service_add_pre sssd-kcm.service sssd-kcm.socket

%post kcm
%service_add_post sssd-kcm.service sssd-kcm.socket

%preun kcm
%service_del_preun sssd-kcm.service sssd-kcm.socket

%postun kcm
%service_del_postun sssd-kcm.service sssd-kcm.socket

%pretrans
# Migrate sssd.service from sssd-common to sssd
systemctl is-enabled sssd.service > /dev/null
if [ $? -eq 0 ]; then
mkdir -p /run/systemd/rpm/
touch /run/systemd/rpm/sssd-was-enabled
fi
systemctl is-active sssd.service > /dev/null
if [ $? -eq 0 ]; then
mkdir -p /run/systemd/rpm/
touch /run/systemd/rpm/sssd-was-active
fi

%posttrans
%if "%{?_distconfdir}" != ""
# Migration to /usr/etc, restore just created .rpmsave
for i in sssd/sssd.conf logrotate.d/sssd pam.d/sssd-shadowutils ; do
	test -f "%_sysconfdir/$i.rpmsave" && mv -v "%_sysconfdir/$i.rpmsave" "%_sysconfdir/$i" || :
done
%endif
# Migrate sssd.service from sssd-common to sssd
if [ -e /run/systemd/rpm/sssd-was-enabled ]; then
systemctl is-enabled sssd.service > /dev/null
if [ $? -ne 0 ]; then
    echo "Migrating sssd.service, was enabled"
    systemctl enable sssd.service
fi
rm /run/systemd/rpm/sssd-was-enabled
fi
if [ -e /run/systemd/rpm/sssd-was-active ]; then
systemctl is-active sssd.service > /dev/null
if [ $? -ne 0 ]; then
    echo "Migrating sssd.service, was active"
    systemctl start sssd.service
fi
rm /run/systemd/rpm/sssd-was-active
fi

%files -f sssd.lang
%license COPYING
%_unitdir/sssd.service
%_unitdir/sssd-autofs.socket
%_unitdir/sssd-autofs.service
%_unitdir/sssd-nss.socket
%_unitdir/sssd-nss.service
%_unitdir/sssd-pac.socket
%_unitdir/sssd-pac.service
%_unitdir/sssd-pam.socket
%_unitdir/sssd-pam-priv.socket
%_unitdir/sssd-pam.service
%_unitdir/sssd-ssh.socket
%_unitdir/sssd-ssh.service
%_unitdir/sssd-sudo.socket
%_unitdir/sssd-sudo.service
%_bindir/sss_ssh_*
%_sbindir/sssd
%if 0%{?suse_version} < 1600
%_sbindir/rcsssd
%endif
%dir %_mandir/??/
%dir %_mandir/??/man[158]/
%_mandir/??/man1/sss_ssh_*
%_mandir/??/man5/sss-certmap.5*
%_mandir/??/man5/sssd-ad.5*
%if 0%{?suse_version} < 1600
%_mandir/??/man5/sssd-files.5*
%endif
%_mandir/??/man5/sssd-ldap-attributes.5*
%_mandir/??/man5/sssd-session-recording.5*
%_mandir/??/man5/sssd-simple.5*
%_mandir/??/man5/sssd-sudo.5*
%_mandir/??/man5/sssd-systemtap.5*
%_mandir/??/man5/sssd.conf.5*
%_mandir/??/man8/idmap_sss.8*
%_mandir/??/man8/sssd.8*
%_mandir/man1/sss_ssh_*
%_mandir/man5/sss-certmap.5*
%if 0%{?suse_version} < 1600
%_mandir/man5/sssd-files.5*
%endif
%_mandir/man5/sssd-ldap-attributes.5*
%_mandir/man5/sssd-session-recording.5*
%_mandir/man5/sssd-simple.5*
%_mandir/man5/sssd-sudo.5*
%_mandir/man5/sssd.conf.5*
%_mandir/man8/sssd.8*
%dir %_libdir/%name/
%_libdir/%name/conf/
%_libdir/%name/libifp_iface*
%_libdir/%name/libsss_child*
%_libdir/%name/libsss_cert*
%_libdir/%name/libsss_crypt*
%_libdir/%name/libsss_debug*
%if 0%{?suse_version} < 1600
%_libdir/%name/libsss_files*
%endif
%_libdir/%name/libsss_iface*
%_libdir/%name/libsss_semanage*
%_libdir/%name/libsss_sbus*
%_libdir/%name/libsss_simple*
%_libdir/%name/libsss_util*
%dir %_libdir/%name/modules/
%_libdir/%name/modules/libsss_autofs.so
%_libdir/libsss_sudo.so
%ldbdir/
%dir %_libexecdir/%name/
%_libexecdir/%name/p11_child
%_libexecdir/%name/sssd_autofs
%_libexecdir/%name/sssd_be
%_libexecdir/%name/sssd_nss
%_libexecdir/%name/sssd_pam
%_libexecdir/%name/sssd_ssh
%_libexecdir/%name/sssd_sudo
%_libexecdir/%name/sss_signal
%_libexecdir/%name/sssd_check_socket_activated_responders
%if 0%{?suse_version} >= 1600
%_libexecdir/%name/selinux_child
%endif
%dir %sssdstatedir
%attr(700,root,root) %dir %dbpath/
%attr(755,root,root) %dir %pipepath/
%attr(700,root,root) %dir %pipepath/private/
%attr(755,root,root) %dir %pubconfpath/
%attr(755,root,root) %dir %pubconfpath/krb5.include.d
%attr(755,root,root) %dir %gpocachepath/
%attr(755,root,root) %dir %sssdstatedir/mc/
%attr(700,root,root) %dir %sssdstatedir/keytabs/
%attr(750,root,root) %dir %_localstatedir/log/%name/
%if "%{?_distconfdir}" != ""
%dir %_distconfdir/sssd/
%%dir %_distconfdir/sssd/conf.d
%config(noreplace) %_distconfdir/sssd/sssd.conf
%else
%dir %_sysconfdir/sssd/
%%dir %_sysconfdir/sssd/conf.d
%config(noreplace) %_sysconfdir/sssd/sssd.conf
%endif
%if 0%{?suse_version} > 1500
%_distconfdir/logrotate.d/sssd
%_pam_vendordir/sssd-shadowutils
%else
%config(noreplace) %_sysconfdir/logrotate.d/sssd
%config(noreplace) %_pam_confdir/sssd-shadowutils
%endif
%dir %_datadir/%name/
%_datadir/%name/cfg_rules.ini
%_datadir/%name/sssd.api.conf
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-simple.conf
%if 0%{?suse_version} < 1600
%_datadir/%name/sssd.api.d/sssd-files.conf
%else
%exclude %_mandir/*/*/sssd-files.5.gz
%endif
%doc src/examples/sssd.conf
#
# sssd-client
#
/%_lib/libnss_sss.so.2
%_pam_moduledir/pam_sss.so
%_pam_moduledir/pam_sss_gss.so
%_libdir/krb5/
%_libdir/%name/modules/sssd_krb5_localauth_plugin.so
%exclude %_libdir/%name/modules/sssd_krb5_idp_plugin.so
%if 0%{?suse_version} >= 1600
%_libdir/libsubid_sss.so
%endif
%_mandir/??/man8/sssd_krb5_locator_plugin.8*
%_mandir/??/man8/pam_sss.8*
%_mandir/??/man8/pam_sss_gss.8*
%_mandir/man8/pam_sss.8*
%_mandir/man8/pam_sss_gss.8*
%_mandir/man8/sssd_krb5_localauth_plugin.8*
%_mandir/??/man8/sssd_krb5_localauth_plugin.8*
%_mandir/man8/sssd_krb5_locator_plugin.8*
# cifs idmap plugin
%dir %_sysconfdir/cifs-utils
%cifs_idmap_plugin
%dir %_libdir/cifs-utils
%cifs_idmap_lib
%ghost %_sysconfdir/alternatives/%cifs_idmap_name

%files ad
%dir %_libdir/%name/
%_libdir/%name/libsss_ad.so
%dir %_libexecdir/%name/
%_libexecdir/%name/sssd_pac
%_libexecdir/%name/gpo_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ad.conf
%_mandir/man5/sssd-ad.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/

%files dbus
%dir %_libexecdir/sssd/
%_libexecdir/sssd/sssd_ifp
%dir %_libdir/sssd/
%_mandir/man5/sssd-ifp.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ifp.5*
%_unitdir/sssd-ifp.service
%_datadir/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%_datadir/dbus-1/system-services/org.freedesktop.sssd.infopipe.service

%files ipa
%dir %_libdir/%name/
%_libdir/%name/libsss_ipa*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d
%_datadir/%name/sssd.api.d/sssd-ipa.conf
%_mandir/man5/sssd-ipa.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ipa.5*

%files kcm
%dir %_libexecdir/sssd/
%_libexecdir/sssd/sssd_kcm
%dir %_libdir/sssd/
%_mandir/man8/sssd-kcm.8*
%_mandir/??/man8/sssd-kcm.8*
%_datadir/sssd-kcm/
%_unitdir/sssd-kcm.*

%files krb5
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5.so
%dir %_datadir/%name/
%exclude %_datadir/%name/krb5-snippets/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-krb5.conf
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/man5/sssd-krb5.5*
%_mandir/??/man5/sssd-krb5.5*

%files krb5-common
%dir %_libdir/%name/
%_libdir/%name/libsss_krb5_common.so
%dir %_libexecdir/%name/
%_libexecdir/%name/krb5_child
%_libexecdir/%name/ldap_child

%files ldap
%dir %_libdir/%name/
%_libdir/%name/libsss_ldap*
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-ldap.conf
%_mandir/man5/sssd-ldap.5*
%dir %_mandir/??/
%dir %_mandir/??/man5/
%_mandir/??/man5/sssd-ldap.5*

%files proxy
%dir %_libdir/%name/
%_libdir/%name/libsss_proxy.so
%dir %_libexecdir/%name/
%_libexecdir/%name/proxy_child
%dir %_datadir/%name/
%dir %_datadir/%name/sssd.api.d/
%_datadir/%name/sssd.api.d/sssd-proxy.conf

%files tools
%_sbindir/sssctl
%_sbindir/sss_cache
%_sbindir/sss_debuglevel
%_sbindir/sss_seed
%_sbindir/sss_obfuscate
%_sbindir/sss_override
%_libexecdir/%name/sss_analyze
%dir %_mandir/??/man8/
%_mandir/??/man8/sssctl.8*
%_mandir/??/man8/sss_*.8*
%_mandir/man8/sssctl.8*
%_mandir/man8/sss_*.8*
%python3_sitelib/sssd/

%files winbind-idmap
%dir %_libdir/samba/
%_libdir/samba/idmap/
%_mandir/man8/idmap_sss.8*

%files -n libipa_hbac0
%_libdir/libipa_hbac.so.0*

%files -n libipa_hbac-devel
%_includedir/ipa_hbac.h
%_libdir/libipa_hbac.so
%_libdir/pkgconfig/ipa_hbac.pc

%files -n libsss_certmap0
%_libdir/libsss_certmap.so.0*

%files -n libsss_certmap-devel
%_includedir/sss_certmap.h
%_libdir/libsss_certmap.so
%_libdir/pkgconfig/sss_certmap.pc

%files -n libnfsidmap-sss
%_libdir/libnfsidmap/
%_mandir/man5/sss_rpcidmapd.5*
%dir %_mandir/??/man5/
%_mandir/??/man5/sss_rpcidmapd.5*

%files -n libsss_idmap0
%_libdir/libsss_idmap.so.0*

%files -n libsss_idmap-devel
%_includedir/sss_idmap.h
%_libdir/libsss_idmap.so
%_libdir/pkgconfig/sss_idmap.pc

%files -n libsss_nss_idmap0
%_libdir/libsss_nss_idmap.so.0*

%files -n libsss_nss_idmap-devel
%_includedir/sss_nss_idmap.h
%_libdir/libsss_nss_idmap.so
%_libdir/pkgconfig/sss_nss_idmap.pc

%if 0%{?suse_version} < 1600
%files -n libsss_simpleifp0
%_libdir/libsss_simpleifp.so.0*

%files -n libsss_simpleifp-devel
%_includedir/sss_sifp*.h
%_libdir/libsss_simpleifp.so
%_libdir/pkgconfig/sss_simpleifp.pc
%endif

%files -n python3-ipa_hbac
%dir %python3_sitearch
%python3_sitearch/pyhbac.so

%files -n python3-sss-murmur
%python3_sitearch/pysss_murmur.so

%files -n python3-sss_nss_idmap
%dir %python3_sitearch
%python3_sitearch/pysss_nss_idmap.so

%files -n python3-sssd-config
%python3_sitearch/pysss.so
%python3_sitelib/SSSDConfig*

%changelog
openSUSE Build Service is sponsored by