[Pkg-sssd-devel] sssd: Changes to 'ubuntu'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Tue Aug 21 17:50:25 UTC 2012
BUILD.txt | 4
Makefile.am | 454 +
configure.ac | 19
contrib/sssd.spec.in | 111
debian/changelog | 90
debian/control | 30
debian/libsss-idmap-dev.install | 3
debian/libsss-idmap0.install | 1
debian/libsss-sudo0.install | 1
debian/libsss-sudo1.install | 1
debian/patches/fix-CVE-2012-3462.diff | 16
debian/patches/series | 2
debian/python-sss.install | 2
debian/rules | 11
debian/sssd-tools.install | 2
debian/sssd.dirs | 1
debian/sssd.install | 2
debian/sssd.preinst | 26
debian/sssd.prerm | 7
po/LINGUAS | 2
po/POTFILES.in | 2
po/ca.po | 1625 +++++
po/de.po | 821 +-
po/es.po | 837 +-
po/eu.po | 1649 +++++
po/fr.po | 899 +-
po/hu.po | 825 +-
po/id.po | 826 +-
po/it.po | 830 +-
po/ja.po | 869 +-
po/nb.po | 817 +-
po/nl.po | 842 +-
po/pl.po | 967 +-
po/pt.po | 830 +-
po/ru.po | 830 +-
po/sssd.pot | 811 +-
po/sv.po | 828 +-
po/tg.po | 821 +-
po/tr.po | 1650 +++++
po/uk.po | 984 +--
po/zh_TW.po | 829 +-
src/conf_macros.m4 | 65
src/confdb/confdb.c | 197
src/confdb/confdb.h | 56
src/config/SSSDConfig.py | 1980 ------
src/config/SSSDConfig/__init__.py.in | 2025 ++++++
src/config/SSSDConfig/ipachangeconf.py | 588 +
src/config/SSSDConfig/sssd_upgrade_config.py | 436 +
src/config/SSSDConfigTest.py | 52
src/config/etc/sssd.api.conf | 20
src/config/etc/sssd.api.d/sssd-ad.conf | 125
src/config/etc/sssd.api.d/sssd-ipa.conf | 53
src/config/etc/sssd.api.d/sssd-krb5.conf | 2
src/config/etc/sssd.api.d/sssd-ldap.conf | 23
src/config/ipachangeconf.py | 588 -
src/config/setup.py | 36
src/config/setup.py.in | 32
src/config/sssd_upgrade_config.py | 436 -
src/db/sysdb.c | 368 -
src/db/sysdb.h | 188
src/db/sysdb_autofs.c | 28
src/db/sysdb_autofs.h | 6
src/db/sysdb_idmap.c | 315
src/db/sysdb_ops.c | 264
src/db/sysdb_private.h | 4
src/db/sysdb_ranges.c | 345 +
src/db/sysdb_selinux.c | 57
src/db/sysdb_selinux.h | 2
src/db/sysdb_services.c | 28
src/db/sysdb_services.h | 6
src/db/sysdb_subdomains.c | 668 ++
src/db/sysdb_sudo.c | 386 -
src/db/sysdb_sudo.h | 15
src/db/sysdb_upgrade.c | 164
src/doxy.config.in | 7
src/external/krb5.m4 | 5
src/external/pac_responder.m4 | 37
src/krb5_plugin/sssd_krb5_locator_plugin.c | 25
src/ldb_modules/memberof.c | 47
src/lib/idmap/sss_idmap.c | 474 +
src/lib/idmap/sss_idmap.doxy.in | 1539 ++++
src/lib/idmap/sss_idmap.h | 488 +
src/lib/idmap/sss_idmap.pc.in | 11
src/lib/idmap/sss_idmap_conv.c | 568 +
src/lib/idmap/sss_idmap_private.h | 60
src/man/Makefile.am | 20
src/man/include/failover.xml | 12
src/man/include/ldap_id_mapping.xml | 192
src/man/include/seealso.xml | 84
src/man/pam_sss.8.xml | 10
src/man/po/ca.po | 8091 +++++++++++++++++++++++++
src/man/po/cs.po | 3536 +++++++---
src/man/po/es.po | 3948 +++++++-----
src/man/po/eu.po | 8022 ++++++++++++++++++++++++
src/man/po/fr.po | 4027 ++++++++----
src/man/po/ja.po | 4348 ++++++++-----
src/man/po/nl.po | 3572 +++++++----
src/man/po/po4a.cfg | 7
src/man/po/pt.po | 3596 +++++++----
src/man/po/ru.po | 3496 +++++++---
src/man/po/sssd-docs.pot | 3461 +++++++---
src/man/po/tg.po | 3498 +++++++---
src/man/po/uk.po | 5058 +++++++++------
src/man/sss_cache.8.xml | 47
src/man/sss_debuglevel.8.xml | 3
src/man/sss_groupadd.8.xml | 25
src/man/sss_groupdel.8.xml | 25
src/man/sss_groupmod.8.xml | 25
src/man/sss_groupshow.8.xml | 22
src/man/sss_obfuscate.8.xml | 11
src/man/sss_seed.8.xml | 165
src/man/sss_ssh_authorizedkeys.1.xml | 16
src/man/sss_ssh_knownhostsproxy.1.xml | 18
src/man/sss_useradd.8.xml | 25
src/man/sss_userdel.8.xml | 25
src/man/sss_usermod.8.xml | 25
src/man/sssd-ad.5.xml | 253
src/man/sssd-ipa.5.xml | 59
src/man/sssd-krb5.5.xml | 30
src/man/sssd-ldap.5.xml | 266
src/man/sssd-simple.5.xml | 13
src/man/sssd-sudo.5.xml | 210
src/man/sssd.8.xml | 28
src/man/sssd.conf.5.xml | 606 +
src/man/sssd_krb5_locator_plugin.8.xml | 16
src/monitor/monitor.c | 81
src/monitor/monitor_netlink.c | 20
src/monitor/monitor_sbus.c | 2
src/providers/ad/ad_access.c | 96
src/providers/ad/ad_access.h | 35
src/providers/ad/ad_common.c | 730 ++
src/providers/ad/ad_common.h | 93
src/providers/ad/ad_id.c | 37
src/providers/ad/ad_id.h | 29
src/providers/ad/ad_init.c | 327 +
src/providers/ad/ad_opts.h | 238
src/providers/data_provider.h | 10
src/providers/data_provider_be.c | 406 -
src/providers/data_provider_callbacks.c | 35
src/providers/data_provider_fo.c | 222
src/providers/data_provider_opts.c | 80
src/providers/dp_auth_util.c | 2
src/providers/dp_backend.h | 43
src/providers/dp_pam_data_util.c | 14
src/providers/fail_over.c | 87
src/providers/fail_over.h | 7
src/providers/ipa/hbac_evaluator.c | 6
src/providers/ipa/ipa_access.c | 68
src/providers/ipa/ipa_access.h | 12
src/providers/ipa/ipa_auth.c | 6
src/providers/ipa/ipa_autofs.c | 4
src/providers/ipa/ipa_common.c | 429 -
src/providers/ipa/ipa_common.h | 42
src/providers/ipa/ipa_config.c | 1
src/providers/ipa/ipa_dyndns.c | 68
src/providers/ipa/ipa_hbac.doxy.in | 7
src/providers/ipa/ipa_hbac_hosts.c | 6
src/providers/ipa/ipa_hbac_private.h | 6
src/providers/ipa/ipa_hbac_rules.c | 2
src/providers/ipa/ipa_hbac_services.c | 4
src/providers/ipa/ipa_hostid.c | 27
src/providers/ipa/ipa_hostid.h | 2
src/providers/ipa/ipa_hosts.c | 109
src/providers/ipa/ipa_hosts.h | 6
src/providers/ipa/ipa_id.c | 33
src/providers/ipa/ipa_id.h | 16
src/providers/ipa/ipa_init.c | 122
src/providers/ipa/ipa_netgroups.c | 9
src/providers/ipa/ipa_opts.h | 287
src/providers/ipa/ipa_s2n_exop.c | 657 ++
src/providers/ipa/ipa_selinux.c | 702 ++
src/providers/ipa/ipa_selinux.h | 40
src/providers/ipa/ipa_selinux_common.c | 41
src/providers/ipa/ipa_selinux_common.h | 4
src/providers/ipa/ipa_selinux_maps.c | 16
src/providers/ipa/ipa_selinux_maps.h | 1
src/providers/ipa/ipa_session.c | 619 -
src/providers/ipa/ipa_session.h | 40
src/providers/ipa/ipa_subdomains.c | 1002 +++
src/providers/ipa/ipa_subdomains.h | 36
src/providers/ipa/ipa_subdomains_id.c | 242
src/providers/krb5/krb5_auth.c | 332 -
src/providers/krb5/krb5_auth.h | 12
src/providers/krb5/krb5_become_user.c | 2
src/providers/krb5/krb5_child.c | 497 +
src/providers/krb5/krb5_child_handler.c | 146
src/providers/krb5/krb5_common.c | 249
src/providers/krb5/krb5_common.h | 18
src/providers/krb5/krb5_init.c | 78
src/providers/krb5/krb5_init_shared.c | 94
src/providers/krb5/krb5_init_shared.h | 29
src/providers/krb5/krb5_opts.h | 49
src/providers/krb5/krb5_utils.c | 635 +
src/providers/krb5/krb5_utils.h | 47
src/providers/ldap/ldap_auth.c | 42
src/providers/ldap/ldap_child.c | 84
src/providers/ldap/ldap_common.c | 413 -
src/providers/ldap/ldap_common.h | 15
src/providers/ldap/ldap_id.c | 137
src/providers/ldap/ldap_id_cleanup.c | 2
src/providers/ldap/ldap_id_enum.c | 141
src/providers/ldap/ldap_id_netgroup.c | 4
src/providers/ldap/ldap_id_services.c | 3
src/providers/ldap/ldap_init.c | 17
src/providers/ldap/ldap_opts.h | 356 +
src/providers/ldap/sdap.c | 154
src/providers/ldap/sdap.h | 39
src/providers/ldap/sdap_access.c | 27
src/providers/ldap/sdap_access.h | 2
src/providers/ldap/sdap_async.c | 240
src/providers/ldap/sdap_async.h | 38
src/providers/ldap/sdap_async_autofs.c | 6
src/providers/ldap/sdap_async_connection.c | 151
src/providers/ldap/sdap_async_groups.c | 828 +-
src/providers/ldap/sdap_async_groups_ad.c | 250
src/providers/ldap/sdap_async_initgroups.c | 357 -
src/providers/ldap/sdap_async_initgroups_ad.c | 292
src/providers/ldap/sdap_async_private.h | 13
src/providers/ldap/sdap_async_services.c | 3
src/providers/ldap/sdap_async_sudo.c | 609 +
src/providers/ldap/sdap_async_sudo_hostinfo.c | 563 +
src/providers/ldap/sdap_async_sudo_timer.c | 178
src/providers/ldap/sdap_async_users.c | 127
src/providers/ldap/sdap_child_helpers.c | 8
src/providers/ldap/sdap_id_op.c | 42
src/providers/ldap/sdap_idmap.c | 430 +
src/providers/ldap/sdap_idmap.h | 63
src/providers/ldap/sdap_range.c | 131
src/providers/ldap/sdap_range.h | 33
src/providers/ldap/sdap_sudo.c | 1383 ++--
src/providers/ldap/sdap_sudo.h | 49
src/providers/ldap/sdap_sudo_cache.c | 95
src/providers/ldap/sdap_sudo_cache.h | 8
src/providers/ldap/sdap_sudo_timer.c | 236
src/providers/ldap/sdap_sudo_timer.h | 41
src/providers/proxy/proxy_id.c | 30
src/providers/proxy/proxy_init.c | 2
src/providers/simple/simple_access.c | 4
src/python/pyhbac.c | 1
src/python/pysss.c | 11
src/resolv/async_resolv.c | 17
src/responder/autofs/autofssrv.c | 4
src/responder/autofs/autofssrv_cmd.c | 23
src/responder/common/negcache.c | 22
src/responder/common/negcache.h | 3
src/responder/common/responder.h | 36
src/responder/common/responder_common.c | 316
src/responder/common/responder_dp.c | 15
src/responder/common/responder_get_domains.c | 346 +
src/responder/nss/nsssrv.c | 72
src/responder/nss/nsssrv.h | 7
src/responder/nss/nsssrv_cmd.c | 769 +-
src/responder/nss/nsssrv_mmap_cache.c | 727 ++
src/responder/nss/nsssrv_mmap_cache.h | 51
src/responder/nss/nsssrv_netgroup.c | 98
src/responder/nss/nsssrv_private.h | 3
src/responder/nss/nsssrv_services.c | 39
src/responder/pac/pacsrv.c | 261
src/responder/pac/pacsrv.h | 108
src/responder/pac/pacsrv_cmd.c | 532 +
src/responder/pac/pacsrv_utils.c | 586 +
src/responder/pam/pam_LOCAL_domain.c | 7
src/responder/pam/pamsrv.c | 22
src/responder/pam/pamsrv_cmd.c | 319
src/responder/pam/pamsrv_dp.c | 2
src/responder/ssh/sshsrv.c | 15
src/responder/ssh/sshsrv_cmd.c | 229
src/responder/ssh/sshsrv_dp.c | 163
src/responder/ssh/sshsrv_private.h | 18
src/responder/sudo/sudosrv.c | 23
src/responder/sudo/sudosrv_cache.c | 328 -
src/responder/sudo/sudosrv_cmd.c | 219
src/responder/sudo/sudosrv_dp.c | 97
src/responder/sudo/sudosrv_get_sudorules.c | 431 -
src/responder/sudo/sudosrv_private.h | 117
src/responder/sudo/sudosrv_query.c | 243
src/sbus/sssd_dbus_server.c | 2
src/sss_client/autofs/sss_autofs.c | 1
src/sss_client/common.c | 66
src/sss_client/krb5_authdata_int.h | 185
src/sss_client/nss_group.c | 43
src/sss_client/nss_mc.h | 79
src/sss_client/nss_mc_common.c | 287
src/sss_client/nss_mc_group.c | 216
src/sss_client/nss_mc_passwd.c | 217
src/sss_client/nss_passwd.c | 37
src/sss_client/pam_sss.c | 93
src/sss_client/ssh/sss_ssh_authorizedkeys.c | 2
src/sss_client/ssh/sss_ssh_client.c | 8
src/sss_client/ssh/sss_ssh_knownhostsproxy.c | 98
src/sss_client/sss_cli.h | 15
src/sss_client/sssd_pac.c | 280
src/sss_client/sudo/sss_sudo.c | 107
src/sss_client/sudo/sss_sudo.doxy.in | 7
src/sss_client/sudo/sss_sudo.h | 62
src/sss_client/sudo/sss_sudo_private.h | 1
src/sss_client/sudo/sss_sudo_response.c | 13
src/sss_client/sudo_testcli/sudo_testcli.c | 65
src/tests/ad_ldap_opt-tests.c | 109
src/tests/auth-tests.c | 12
src/tests/common.c | 60
src/tests/common.h | 11
src/tests/crypto-tests.c | 79
src/tests/debug-tests.c | 3
src/tests/fail_over-tests.c | 16
src/tests/ipa_ldap_opt-tests.c | 87
src/tests/krb5_child-test.c | 568 +
src/tests/krb5_utils-tests.c | 93
src/tests/pac_responder-tests.c | 106
src/tests/resolv-tests.c | 3
src/tests/responder_socket_access-tests.c | 178
src/tests/simple_access-tests.c | 3
src/tests/sss_idmap-tests.c | 574 +
src/tests/sysdb-tests.c | 252
src/tests/sysdb_ssh-tests.c | 447 +
src/tests/util-tests.c | 206
src/tools/files.c | 51
src/tools/sss_cache.c | 256
src/tools/sss_debuglevel.c | 5
src/tools/sss_groupdel.c | 2
src/tools/sss_groupmod.c | 4
src/tools/sss_groupshow.c | 54
src/tools/sss_seed.c | 829 ++
src/tools/sss_sync_ops.c | 6
src/tools/sss_useradd.c | 6
src/tools/sss_userdel.c | 8
src/tools/sss_usermod.c | 4
src/tools/tools_util.c | 12
src/tools/tools_util.h | 2
src/util/atomic_io.c | 60
src/util/atomic_io.h | 40
src/util/backup_file.c | 44
src/util/check_and_open.c | 4
src/util/child_common.c | 65
src/util/child_common.h | 1
src/util/crypto/libcrypto/crypto_base64.c | 103
src/util/crypto/libcrypto/crypto_hmac_sha1.c | 87
src/util/crypto/libcrypto/crypto_obfuscate.c | 285
src/util/crypto/libcrypto/crypto_sha512crypt.c | 3
src/util/crypto/nss/nss_hmac_sha1.c | 88
src/util/crypto/sss_crypto.h | 8
src/util/debug.c | 5
src/util/domain_info_utils.c | 114
src/util/find_uid.c | 16
src/util/mmap_cache.h | 127
src/util/murmurhash3.c | 3
src/util/server.c | 110
src/util/sss_krb5.c | 221
src/util/sss_krb5.h | 46
src/util/sss_ldap.h | 8
src/util/sss_nss.c | 136
src/util/sss_nss.h | 31
src/util/sss_selinux.c | 94
src/util/sss_selinux.h | 11
src/util/sss_ssh.c | 9
src/util/sss_ssh.h | 3
src/util/usertools.c | 155
src/util/util.c | 37
src/util/util.h | 36
version.m4 | 2
360 files changed, 91636 insertions(+), 29513 deletions(-)
New commits:
commit 5e0a2ab7d99c2e8e4d42050faa86c20c987fbfe3
Author: Timo Aaltonen <Timo Aaltonen tjaalton at cc.hut.fi>
Date: Tue Aug 21 20:50:29 2012 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 198dc1c..5aa70cb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+sssd (1.9.0~beta6-0ubuntu1) UNRELEASED; urgency=low
+
+ * Merge from unreleased debian git.
+
+ -- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 21 Aug 2012 20:22:06 +0300
+
sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
* New upstream prerelease 1.9.0beta6. Highlights:
commit f5c3f377735e8ae1be3529be8d682425641a2b8d
Author: Timo Aaltonen <Timo Aaltonen tjaalton at cc.hut.fi>
Date: Tue Aug 21 16:52:48 2012 +0300
rules: Install the apparmor profile with -m644.
diff --git a/debian/changelog b/debian/changelog
index 852d820..09d6309 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -66,6 +66,7 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
sssd.install, and sss_seed{,.8*) to sssd-tools.
* python-sss.install: py-files got moved under SSSDConfig.
* Bump libsss-sudo soname.
+ * rules: Install the apparmor profile with -m644.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/rules b/debian/rules
index f888610..fcdd84d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -34,7 +34,7 @@ override_dh_install:
mkdir -p $(CURDIR)/debian/libpam-sss/usr/share/pam-configs
install -m644 debian/libpam-sss.pam-auth-update \
$(CURDIR)/debian/libpam-sss/usr/share/pam-configs/sss
- install -D $(CURDIR)/debian/apparmor-profile \
+ install -m644 -D $(CURDIR)/debian/apparmor-profile \
$(CURDIR)/debian/sssd/etc/apparmor.d/usr.sbin.sssd
cat $(CURDIR)/debian/sssd.$(INIT).in > $(CURDIR)/debian/sssd.$(INIT)
commit 94e69acb1044cb2842a363caed35165e905ee8ee
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 16:30:58 2012 +0300
fix the dpkg-dev build-dep
diff --git a/debian/changelog b/debian/changelog
index 0fcf2dd..678f43d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -66,7 +66,7 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
sssd.install, and sss_seed{,.8*) to sssd-tools.
* python-sss.install: py-files got moved under SSSDConfig.
* control, rules: Use default build flags, bump dpkg-dev build-dep to
- 1.6.1~.
+ 1.16.1~.
* Bump libsss-sudo soname.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/control b/debian/control
index bb339e4..b11317b 100644
--- a/debian/control
+++ b/debian/control
@@ -4,7 +4,7 @@ Priority: extra
Maintainer: Debian SSSD Team <pkg-sssd-devel at lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton at ubuntu.com>
Build-Depends: debhelper (>= 9), quilt, dh-autoreconf, autopoint, lsb-release,
- dpkg-dev (>= 1.6.1~),
+ dpkg-dev (>= 1.16.1~),
dnsutils,
libpopt-dev,
libdbus-1-dev,
commit b7c5fbe5ea2dde497671b39939bb923c3001be5e
Author: Timo Aaltonen <Timo Aaltonen tjaalton at cc.hut.fi>
Date: Tue Aug 21 16:16:03 2012 +0300
Bump libsss-sudo soname.
diff --git a/debian/changelog b/debian/changelog
index b6a72a3..852d820 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -65,6 +65,7 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
* sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to
sssd.install, and sss_seed{,.8*) to sssd-tools.
* python-sss.install: py-files got moved under SSSDConfig.
+ * Bump libsss-sudo soname.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/control b/debian/control
index eb0a49d..6c4d5a7 100644
--- a/debian/control
+++ b/debian/control
@@ -156,7 +156,7 @@ Description: ID mapping library for SSSD -- development files
This package contains header files and symlinks to develop programs which will
use the libsss-idmap library.
-Package: libsss-sudo0
+Package: libsss-sudo1
Section: libs
Architecture: any
Depends: ${shlibs:Depends}, ${misc:Depends},
@@ -169,7 +169,7 @@ Description: Communicator library for sudo
Package: libsss-sudo-dev
Section: libdevel
Architecture: any
-Depends: ${misc:Depends}, libsss-sudo0 (= ${binary:Version})
+Depends: ${misc:Depends}, libsss-sudo1 (= ${binary:Version})
Description: Communicator library for sudo -- development files
Utility library to allow communication between sudo and SSSD for caching
sudo rules by SSSD.
diff --git a/debian/libsss-sudo0.install b/debian/libsss-sudo0.install
deleted file mode 100644
index 1feaa21..0000000
--- a/debian/libsss-sudo0.install
+++ /dev/null
@@ -1 +0,0 @@
-usr/lib/*/libsss_sudo.so.*
diff --git a/debian/libsss-sudo1.install b/debian/libsss-sudo1.install
new file mode 100644
index 0000000..1feaa21
--- /dev/null
+++ b/debian/libsss-sudo1.install
@@ -0,0 +1 @@
+usr/lib/*/libsss_sudo.so.*
commit ceef919d823edc349deacfd18422387cd80878a4
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 15:56:10 2012 +0300
control, rules: Use default build flags, bump dpkg-dev build-dep to 1.6.1~.
diff --git a/debian/changelog b/debian/changelog
index b6a72a3..2ea6cfd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -65,6 +65,8 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
* sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to
sssd.install, and sss_seed{,.8*) to sssd-tools.
* python-sss.install: py-files got moved under SSSDConfig.
+ * control, rules: Use default build flags, bump dpkg-dev build-dep to
+ 1.6.1~.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/control b/debian/control
index eb0a49d..470dd2a 100644
--- a/debian/control
+++ b/debian/control
@@ -4,6 +4,7 @@ Priority: extra
Maintainer: Debian SSSD Team <pkg-sssd-devel at lists.alioth.debian.org>
Uploaders: Timo Aaltonen <tjaalton at ubuntu.com>
Build-Depends: debhelper (>= 9), quilt, dh-autoreconf, autopoint, lsb-release,
+ dpkg-dev (>= 1.6.1~),
dnsutils,
libpopt-dev,
libdbus-1-dev,
diff --git a/debian/rules b/debian/rules
index f888610..9e3c952 100755
--- a/debian/rules
+++ b/debian/rules
@@ -2,6 +2,9 @@
%:
dh $@ --with quilt,autoreconf,python2 --builddirectory=build
+DPKG_EXPORT_BUILDFLAGS = 1
+include /usr/share/dpkg/buildflags.mk
+
APIDOCDIR = /usr/share/sssd
DISTRIBUTION = $(shell lsb_release -i | sed 's/.*:\t//')
INIT = init
commit 128a182b66b53727aeb51d711fd3c6d036e0b0ac
Author: Timo Aaltonen <Timo Aaltonen tjaalton at cc.hut.fi>
Date: Tue Aug 21 15:28:48 2012 +0300
wrap a long line
diff --git a/debian/changelog b/debian/changelog
index 665f42d..b6a72a3 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -39,7 +39,8 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
from FreeIPA. Most notably, the SELinux mappings can now link to HBAC
rules as the source of users and hosts they apply to.
- Fixed a regression introduced in beta 5 that prevented LDAP SASL binds
- from working unless the value of ldap_sasl_minssf was explicitly specified.
+ from working unless the value of ldap_sasl_minssf was explicitly
+ specified.
- The SSSD supports the concept of a Primary Server and a Back Up
Server. Certain servers in the fail over list can be marked as back up
only. If the SSSD switches to a back up server because a primary server
commit 2c77a8ff072ebc79dcccd49e451f7f4bdd9352ee
Author: Timo Aaltonen <Timo Aaltonen tjaalton at cc.hut.fi>
Date: Tue Aug 21 15:20:41 2012 +0300
python-sss.install: py-files got moved under SSSDConfig.
diff --git a/debian/changelog b/debian/changelog
index 50c3229..665f42d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -63,6 +63,7 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
for unicode support.
* sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to
sssd.install, and sss_seed{,.8*) to sssd-tools.
+ * python-sss.install: py-files got moved under SSSDConfig.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/python-sss.install b/debian/python-sss.install
index 3987d49..06992d3 100644
--- a/debian/python-sss.install
+++ b/debian/python-sss.install
@@ -1,2 +1,2 @@
usr/lib/python*/dist-packages/pysss.so
-usr/lib/python*/dist-packages/*.py
+usr/lib/python*/dist-packages/SSSDConfig/*.py
commit b698dec01e019ea715b10bf3129505d4f1c93741
Author: Timo Aaltonen <Timo Aaltonen tjaalton at cc.hut.fi>
Date: Tue Aug 21 15:18:17 2012 +0300
sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to sssd.install, and sss_seed{,.8*) to sssd-tools.
diff --git a/debian/changelog b/debian/changelog
index 2179c2f..50c3229 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -61,6 +61,8 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
* Added fix-CVE-2012-3462.diff from upstream git.
* control: Drop libunistring-dev from build-depends and add libglib2.0-dev
for unicode support.
+ * sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to
+ sssd.install, and sss_seed{,.8*) to sssd-tools.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/sssd-tools.install b/debian/sssd-tools.install
index eebe485..2770067 100644
--- a/debian/sssd-tools.install
+++ b/debian/sssd-tools.install
@@ -5,6 +5,7 @@ usr/sbin/sss_groupdel
usr/sbin/sss_groupmod
usr/sbin/sss_groupshow
usr/sbin/sss_obfuscate
+usr/sbin/sss_seed
usr/sbin/sss_useradd
usr/sbin/sss_userdel
usr/sbin/sss_usermod
@@ -15,6 +16,7 @@ usr/share/man/man8/sss_groupdel.8*
usr/share/man/man8/sss_groupmod.8*
usr/share/man/man8/sss_groupshow.8*
usr/share/man/man8/sss_obfuscate.8*
+usr/share/man/man8/sss_seed.8*
usr/share/man/man8/sss_useradd.8*
usr/share/man/man8/sss_userdel.8*
usr/share/man/man8/sss_usermod.8*
diff --git a/debian/sssd.install b/debian/sssd.install
index 72ddf73..27a6123 100644
--- a/debian/sssd.install
+++ b/debian/sssd.install
@@ -11,9 +11,11 @@ usr/sbin/sssd
usr/share/man/man1/sss_ssh_authorizedkeys.1*
usr/share/man/man1/sss_ssh_knownhostsproxy.1*
usr/share/man/man5/sssd.conf.5*
+usr/share/man/man5/sssd-ad.5*
usr/share/man/man5/sssd-ipa.5*
usr/share/man/man5/sssd-krb5.5*
usr/share/man/man5/sssd-ldap.5*
usr/share/man/man5/sssd-simple.5*
+usr/share/man/man5/sssd-sudo.5*
usr/share/man/man8/sssd.8*
usr/share/man/man8/sssd_krb5_locator_plugin.8*
commit 82b964a85583973b05a20ace7af8b78140358e28
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 14:07:07 2012 +0300
control: Drop libunistring-dev from build-depends and add libglib2.0-dev for unicode support.
diff --git a/debian/changelog b/debian/changelog
index d4f18ab..2179c2f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -59,6 +59,8 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
* Added fix-CVE-2012-3462.diff from upstream git.
+ * control: Drop libunistring-dev from build-depends and add libglib2.0-dev
+ for unicode support.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/control b/debian/control
index 681044e..eb0a49d 100644
--- a/debian/control
+++ b/debian/control
@@ -30,12 +30,12 @@ Build-Depends: debhelper (>= 9), quilt, dh-autoreconf, autopoint, lsb-release,
libc-ares-dev,
python-dev (>= 2.6.6-3~),
libsemanage1-dev,
- libunistring-dev,
libdhash-dev,
libcollection-dev,
libini-config-dev,
check,
dh-apparmor,
+ libglib2.0-dev,
Standards-Version: 3.9.3
Vcs-Git: git://git.debian.org/git/pkg-sssd/sssd
Vcs-Browser: http://git.debian.org/?p=pkg-sssd/sssd.git
commit e3708d7d4ab5e9ed966b1b347cdc7c231fd8b9c8
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:59:42 2012 +0300
Added fix-CVE-2012-3462.diff from upstream git.
diff --git a/debian/changelog b/debian/changelog
index 90003cc..d4f18ab 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -58,6 +58,7 @@ sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
+ * Added fix-CVE-2012-3462.diff from upstream git.
-- Timo Aaltonen <tjaalton at ubuntu.com> Thu, 24 May 2012 14:46:39 +0300
diff --git a/debian/patches/fix-CVE-2012-3462.diff b/debian/patches/fix-CVE-2012-3462.diff
new file mode 100644
index 0000000..4d4ce5c
--- /dev/null
+++ b/debian/patches/fix-CVE-2012-3462.diff
@@ -0,0 +1,16 @@
+commit ffcf27b0b773b580289d596f796aaf86c45ba920
+Author: Jakub Hrozek <jhrozek at redhat.com>
+Date: Wed Aug 8 19:26:35 2012 +0200
+
+ Abort PAM access phase if HBAC does not return PAM_SUCCESS
+
+--- a/src/providers/data_provider_be.c
++++ b/src/providers/data_provider_be.c
+@@ -766,6 +766,7 @@
+ pd = talloc_get_type(req->req_data, struct pam_data);
+
+ if (pd->cmd == SSS_PAM_ACCT_MGMT &&
++ pd->pam_status == PAM_SUCCESS &&
+ req->phase == REQ_PHASE_ACCESS &&
+ dp_err_type == DP_ERR_OK) {
+ if (!becli->bectx->bet_info[BET_SELINUX].bet_ops) {
diff --git a/debian/patches/series b/debian/patches/series
index a82d1b4..09cc687 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1 @@
-#placeholder
+fix-CVE-2012-3462.diff
commit b162728f34075009578089a30e2ab4ce6fd3c76f
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:57:56 2012 +0300
update the changelog
diff --git a/debian/changelog b/debian/changelog
index 6577497..90003cc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,6 @@
-sssd (1.9.0~beta1-1) UNRELEASED; urgency=low
+sssd (1.9.0~beta6-1) UNRELEASED; urgency=low
- * New upstream prerelease 1.9.0beta1. Highlights:
+ * New upstream prerelease 1.9.0beta6. Highlights:
- Add native support for autofs to the IPA provider
- Support for ID-mapping when connecting to Active Directory
- Support for handling very large (> 1500 users) groups in Active
@@ -9,6 +9,51 @@ sssd (1.9.0~beta1-1) UNRELEASED; urgency=low
relationships)
- Add a new fast in-memory cache to speed up lookups of cached data
on repeated requests
+ - Add support for the Kerberos DIR cache for storing multiple TGTs
+ automatically
+ - Major performance enhancement when storing large groups in the cache
+ - Major performance enhancement when performing initgroups() against
+ Active Directory
+ - SSSDConfig data file default locations can now be set during
+ configure for easier packaging
+ - Add a new PAC responder for dealing with cross-realm Kerberos trusts
+ - Terminate idle connections to the NSS and PAM responders
+ - Switch from libunistring to glib2 for unicode support
+ - Add a new AD provider to improve integration with Active Directory
+ 2008 R2 or later servers
+ - SUDO integration was completely rewritten. The new implementation
+ works with multiple domains and uses an improved refresh mechanism to
+ download only the necessary rules
+ - The IPA authentication provider now supports subdomains
+ - Fixed regression for setups that were setting default_tkt_enctypes
+ manually by reverting a previous workaround.
+ - Many fixes for the support for setting default SELinux user context
+ from FreeIPA, most notably fixed the specificity evaluation
+ - Fixed an incorrect default in the krb5_canonicalize option of the AD
+ provider which was preventing password change operation
+ - The shadowLastChange attribute value is now correctly updated with the
+ number of days since the Epoch, not seconds
+ - A new option, override_shell was added. If this option is set, all
+ users managed by SSSD will have their shell set to its value.
+ - Many fixes for the support for setting default SELinux user context
+ from FreeIPA. Most notably, the SELinux mappings can now link to HBAC
+ rules as the source of users and hosts they apply to.
+ - Fixed a regression introduced in beta 5 that prevented LDAP SASL binds
+ from working unless the value of ldap_sasl_minssf was explicitly specified.
+ - The SSSD supports the concept of a Primary Server and a Back Up
+ Server. Certain servers in the fail over list can be marked as back up
+ only. If the SSSD switches to a back up server because a primary server
+ is not available, it would later try to re-establish a connection to the
+ primary server. This feature would mainly benefit users who configure
+ fail over servers from different data centers or geographies.
+ - A new command-line tool sss_seed is available. This tool is able to
+ prime the internal cache with a user record and a cached password to
+ support the scenario when a user needs to log in to the client before
+ the network connection to the centralized identity source is established,
+ such as the first log in to a new machine.
+ - In scenarios, where the SSSD is acting as an IPA client, it is able to
+ discover and save the DNS domain-Kerberos realm mappings between an IPA
+ server and a trusted Active Directory server.
* Update the packaging for the new version, thanks Esko Järnfors!
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
commit 16e6509622935b05f1ec023dc9f6dbbf167f6ce2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Aug 21 13:13:14 2012 +0300
sssd.{preinst,postrm}: Install the apparmor profile in force-complain mode on install
and remove the profile directory on purge (if empty). Also migrate from previous setup which installed it as disabled.
diff --git a/debian/changelog b/debian/changelog
index 52a59ed..18b8fcb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,9 @@ sssd (1.8.4-2) UNRELEASED; urgency=low
* rules: Fix the current date format, and move the date mangling to
happen before dh_install is run. (Closes: #670019)
+ * sssd.{preinst,postrm}: Install the apparmor profile in force-complain
+ mode on install, and remove the profile directory on purge (if empty). Also
+ migrate from previous setup which installed it as disabled.
-- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 05 Jun 2012 11:39:33 +0300
diff --git a/debian/sssd.preinst b/debian/sssd.preinst
index d90db96..7ba9f2b 100755
--- a/debian/sssd.preinst
+++ b/debian/sssd.preinst
@@ -23,20 +23,21 @@ rm_conffile() {
fi
}
-disable_profile() {
- APP_CONFFILE="/etc/apparmor.d/usr.sbin.sssd"
- APP_DISABLE="/etc/apparmor.d/disable/usr.sbin.sssd"
+APP_PROFILE="usr.sbin.sssd"
+APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE"
+APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE"
+APP_DISABLE="/etc/apparmor.d/disable/$APP_PROFILE"
+
+inst_complain_profile() {
# Create a symlink to the yet-to-be-unpacked profile
- if [ ! -e "$APP_CONFFILE" ]; then
- mkdir -p `dirname $APP_DISABLE` 2>/dev/null || true
- ln -sf $APP_CONFFILE $APP_DISABLE
- fi
+ mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true
+ ln -sf $APP_CONFFILE $APP_COMPLAIN
}
case "$1" in
install)
- # Disable AppArmor profile on install
- disable_profile
+ # Force the AppArmor profile to complain mode on install
+ inst_complain_profile
;;
upgrade)
if dpkg --compare-versions "$2" le "1.0.5-1"; then
@@ -48,8 +49,11 @@ upgrade)
rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-krb5.conf"
rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ldap.conf"
fi
- if dpkg --compare-versions "$2" lt "1.8.4-1"; then
- disable_profile
+ if dpkg --compare-versions "$2" lt "1.8.4-2"; then
+ inst_complain_profile
+ if [ -e "$APP_DISABLE" ]; then
+ rm_conffile sssd "$APP_DISABLE"
+ fi
fi
;;
esac
diff --git a/debian/sssd.prerm b/debian/sssd.prerm
index 3122dd8..f277ac1 100644
--- a/debian/sssd.prerm
+++ b/debian/sssd.prerm
@@ -5,5 +5,12 @@ invoke_failure() {
return
}
+if [ "$1" = "purge" ]; then
+ APP_PROFILE="usr.sbin.sssd"
+ rm -f /etc/apparmor.d/force-complain/$APP_PROFILE >/dev/null 2>&1 || true
+ rm -f /etc/apparmor.d/disable/$APP_PROFILE >/dev/null 2>&1 || true
+ rmdir /etc/apparmor.d/disable >/dev/null 2>&1 || true
+fi
+
#DEBHELPER#
commit 65a9065538fd85e6ead925d344e6b421900eb8c2
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Aug 1 22:56:36 2012 +0200
Update translations for 1.9.0 beta 6 release
diff --git a/po/de.po b/po/de.po
index 616d594..bc3a400 100644
--- a/po/de.po
+++ b/po/de.po
@@ -9,7 +9,7 @@ msgid ""
msgstr ""
"Project-Id-Version: SSSD\n"
"Report-Msgid-Bugs-To: sssd-devel at lists.fedorahosted.org\n"
-"POT-Creation-Date: 2012-07-10 15:56+0200\n"
+"POT-Creation-Date: 2012-08-01 22:54+0200\n"
"PO-Revision-Date: 2012-07-10 14:15+0000\n"
"Last-Translator: jhrozek <jhrozek at redhat.com>\n"
"Language-Team: German <trans-de at lists.fedoraproject.org>\n"
@@ -95,7 +95,7 @@ msgid "Entry cache background update timeout length (seconds)"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:61
-#: src/config/SSSDConfig/__init__.py.in:86
+#: src/config/SSSDConfig/__init__.py.in:87
msgid "Negative cache timeout length (seconds)"
msgstr ""
@@ -125,850 +125,877 @@ msgid ""
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:68
-msgid "The list of shells users are allowed to log in with"
+msgid "Override shell value from the identity provider with this value"
msgstr ""
#: src/config/SSSDConfig/__init__.py.in:69
+msgid "The list of shells users are allowed to log in with"
+msgstr ""
+
+#: src/config/SSSDConfig/__init__.py.in:70
msgid ""
"The list of shells that will be vetoed, and replaced with the fallback shell"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:70
+#: src/config/SSSDConfig/__init__.py.in:71
msgid ""
"If a shell stored in central directory is allowed but not available, use "
"this fallback"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:71
+#: src/config/SSSDConfig/__init__.py.in:72
msgid "Shell to use if the provider does not list one"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:72
+#: src/config/SSSDConfig/__init__.py.in:73
msgid "How long will be in-memory cache records valid"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:75
+#: src/config/SSSDConfig/__init__.py.in:76
msgid "How long to allow cached logins between online logins (days)"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:76
+#: src/config/SSSDConfig/__init__.py.in:77
msgid "How many failed logins attempts are allowed when offline"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:77
+#: src/config/SSSDConfig/__init__.py.in:78
msgid ""
"How long (minutes) to deny login after offline_failed_login_attempts has "
"been reached"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:78
+#: src/config/SSSDConfig/__init__.py.in:79
msgid "What kind of messages are displayed to the user during authentication"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:79
+#: src/config/SSSDConfig/__init__.py.in:80
msgid "How many seconds to keep identity information cached for PAM requests"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:80
+#: src/config/SSSDConfig/__init__.py.in:81
msgid "How many days before password expiration a warning should be displayed"
msgstr ""
-#: src/config/SSSDConfig/__init__.py.in:83
+#: src/config/SSSDConfig/__init__.py.in:84
msgid "Whether to evaluate the time-based attributes in sudo rules"
msgstr ""
More information about the Pkg-sssd-devel
mailing list