Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • mika/sssd
  • guillem/debian-pkg-sssd
  • john.veitch/sssd
  • jgullberg/sssd
  • gioele/sssd
  • oktay454/sssd
  • sergiodj/sssd
  • 3v1n0/sssd
  • jfalk-guest/sssd
  • sathieu/sssd
  • dpward/sssd
  • sssd-team/sssd
  • ahasenack/sssd
  • jbicha/sssd
  • yrro-guest/sssd
15 results
Show changes
Commits on Source (123)
Showing
with 2511 additions and 3841 deletions
......@@ -22,7 +22,7 @@ SUBDIRS += src/man
endif
SUBDIRS += . src/tests/cwrap src/tests/intg src/tests/test_CA \
src/tests/test_ECC_CA
src/tests/test_ECC_CA src/tools/analyzer
# Some old versions of automake don't define builddir
builddir ?= .
......@@ -65,6 +65,7 @@ localedir = @localedir@
nsslibdir = @nsslibdir@
pamlibdir = @pammoddir@
autofslibdir = @appmodpath@
subidlibdir = @subidlibpath@
nfslibdir = @nfsidmaplibdir@
dbpath = @dbpath@
......@@ -158,18 +159,6 @@ sbin_PROGRAMS = \
sssctl \
$(NULL)
if BUILD_LOCAL_PROVIDER
sbin_PROGRAMS += \
sss_useradd \
sss_userdel \
sss_usermod \
sss_groupadd \
sss_groupdel \
sss_groupmod \
sss_groupshow \
$(NULL)
endif
sssdlibexec_PROGRAMS = \
sssd_nss \
sssd_pam \
......@@ -204,9 +193,6 @@ polkit_rulesdir = $(polkitdir)
dist_polkit_rules_DATA = contrib/sssd-pcsc.rules
endif
endif
if BUILD_SECRETS
sssdlibexec_PROGRAMS += sssd_secrets
endif
if BUILD_KCM
sssdlibexec_PROGRAMS += sssd_kcm
dist_sssdkcmdata_DATA = contrib/kcm_default_ccache
......@@ -548,7 +534,6 @@ AM_CPPFLAGS = \
-DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \
-DSSS_PAC_SOCKET_NAME=\"$(pipepath)/pac\" \
-DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\" \
-DSSS_SEC_SOCKET_NAME=\"$(runstatedir)/secrets.socket\" \
-DSSS_SUDO_SOCKET_NAME=\"$(pipepath)/sudo\" \
-DSSS_AUTOFS_SOCKET_NAME=\"$(pipepath)/autofs\" \
-DSSS_SSH_SOCKET_NAME=\"$(pipepath)/ssh\" \
......@@ -596,6 +581,9 @@ SSSD_CACHE_REQ_OBJ = \
src/responder/common/cache_req/plugins/cache_req_ip_network_by_name.c \
src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c \
$(NULL)
if BUILD_SUBID
SSSD_CACHE_REQ_OBJ += src/responder/common/cache_req/plugins/cache_req_subid_ranges_by_name.c
endif
SSSD_RESPONDER_IFACE_OBJ = \
src/responder/common/responder_iface.c \
......@@ -618,7 +606,6 @@ SSSD_RESPONDER_OBJ = \
$(NULL)
SSSD_TOOLS_OBJ = \
src/tools/sss_sync_ops.c \
src/tools/tools_util.c \
src/tools/common/sss_tools.c \
src/tools/common/sss_process.c \
......@@ -725,9 +712,8 @@ dist_noinst_HEADERS = \
src/util/util_creds.h \
src/util/inotify.h \
src/util/sss_iobuf.h \
src/util/tev_curl.h \
src/util/secrets/secrets.h \
src/util/secrets/sec_pvt.h \
src/responder/kcm/secrets/secrets.h \
src/responder/kcm/secrets/sec_pvt.h \
src/util/nss_dl_load.h \
src/monitor/monitor.h \
src/responder/common/responder.h \
......@@ -768,10 +754,6 @@ dist_noinst_HEADERS = \
src/responder/ifp/ifp_iface/ifp_iface_types.h \
src/responder/ifp/ifp_iface/ifp_iface_async.h \
src/responder/ifp/ifp_iface/ifp_iface_sync.h \
src/responder/secrets/secsrv.h \
src/responder/secrets/secsrv_private.h \
src/responder/secrets/secsrv_local.h \
src/responder/secrets/secsrv_proxy.h \
src/responder/kcm/kcm_renew.h \
src/responder/kcm/kcmsrv_pvt.h \
src/responder/kcm/kcmsrv_ccache.h \
......@@ -810,6 +792,7 @@ dist_noinst_HEADERS = \
src/db/sysdb_private.h \
src/db/sysdb_services.h \
src/db/sysdb_ssh.h \
src/db/sysdb_subid.h \
src/db/sysdb_domain_resolution_order.h \
src/db/sysdb_computer.h \
src/db/sysdb_iphosts.h \
......@@ -889,7 +872,6 @@ dist_noinst_HEADERS = \
src/providers/proxy/proxy.h \
src/providers/files/files_private.h \
src/tools/tools_util.h \
src/tools/sss_sync_ops.h \
src/resolv/async_resolv.h \
src/tests/common.h \
src/tests/common_check.h \
......@@ -969,7 +951,6 @@ SSS_CRYPT_SOURCES = src/util/crypto/libcrypto/crypto_base64.c \
src/util/crypto/libcrypto/crypto_hmac_sha1.c \
src/util/crypto/libcrypto/crypto_sha512crypt.c \
src/util/crypto/libcrypto/crypto_obfuscate.c \
src/util/crypto/libcrypto/crypto_nite.c \
src/util/crypto/libcrypto/crypto_prng.c \
src/util/atomic_io.c \
src/util/memory.c \
......@@ -1247,6 +1228,7 @@ libsss_util_la_SOURCES = \
src/db/sysdb_ipnetworks.c \
src/util/sss_pam_data.c \
src/db/sysdb_computer.c \
src/db/sysdb_subid.c \
src/util/util.c \
src/util/util_ext.c \
src/util/util_preauth.c \
......@@ -1313,27 +1295,6 @@ libsss_util_la_LIBADD += stap_generated_probes.lo
endif
libsss_util_la_LDFLAGS = -avoid-version
if BUILD_WITH_LIBSECRET
pkglib_LTLIBRARIES += libsss_secrets.la
libsss_secrets_la_SOURCES = \
src/util/secrets/secrets.c \
src/util/secrets/config.c \
$(NULL)
libsss_secrets_la_CFLAGS = \
$(AM_CFLAGS) \
$(NULL)
libsss_secrets_la_LIBADD = \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
libsss_crypt.la \
libsss_debug.la \
libsss_util.la \
$(NULL)
libsss_secrets_la_LDFLAGS = \
-avoid-version \
$(NULL)
endif
pkglib_LTLIBRARIES += libsss_semanage.la
libsss_semanage_la_CFLAGS = \
$(AM_CFLAGS) \
......@@ -1558,9 +1519,11 @@ sssd_nss_LDADD = \
libsss_iface.la \
libsss_sbus.la \
$(NULL)
if BUILD_SUBID
sssd_nss_SOURCES += src/responder/nss/nss_protocol_subid.c
endif
sssd_pam_SOURCES = \
src/responder/pam/pam_LOCAL_domain.c \
src/responder/pam/pamsrv.c \
src/responder/pam/pamsrv_cmd.c \
src/responder/pam/pamsrv_p11.c \
......@@ -1768,33 +1731,6 @@ src/responder/ifp/org.freedesktop.sssd.infopipe.service: src/responder/ifp/org.f
endif
if BUILD_SECRETS
sssd_secrets_SOURCES = \
src/responder/secrets/secsrv.c \
src/responder/secrets/secsrv_cmd.c \
src/responder/secrets/providers.c \
src/responder/secrets/local.c \
src/responder/secrets/proxy.c \
src/util/sss_sockets.c \
src/util/sss_iobuf.c \
src/util/tev_curl.c \
$(SSSD_RESPONDER_OBJ) \
$(NULL)
sssd_secrets_LDADD = \
$(LIBADD_DL) \
$(HTTP_PARSER_LIBS) \
$(JANSSON_LIBS) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(CURL_LIBS) \
libsss_iface.la \
libsss_sbus.la \
libsss_secrets.la \
$(NULL)
endif
if BUILD_KCM
sssd_kcm_SOURCES = \
src/responder/kcm/kcm.c \
......@@ -1802,11 +1738,12 @@ sssd_kcm_SOURCES = \
src/responder/kcm/kcmsrv_ccache.c \
src/responder/kcm/kcmsrv_ccache_binary.c \
src/responder/kcm/kcmsrv_ccache_mem.c \
src/responder/kcm/kcmsrv_ccache_json.c \
src/responder/kcm/kcmsrv_ccache_key.c \
src/responder/kcm/kcmsrv_ccache_secdb.c \
src/responder/kcm/kcmsrv_ops.c \
src/responder/kcm/kcmsrv_op_queue.c \
src/responder/kcm/secrets/secrets.c \
src/responder/kcm/secrets/config.c \
src/util/sss_sockets.c \
src/util/sss_krb5.c \
src/util/sss_iobuf.c \
......@@ -1829,18 +1766,7 @@ sssd_kcm_LDADD = \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
libsss_sbus.la \
libsss_secrets.la \
$(NULL)
if BUILD_SECRETS
sssd_kcm_SOURCES += \
src/responder/kcm/kcmsrv_ccache_secrets.c \
src/util/tev_curl.c \
$(NULL)
sssd_kcm_LDADD += \
$(CURL_LIBS) \
$(NULL)
endif
if BUILD_KCM_RENEWAL
sssd_kcm_SOURCES += \
......@@ -1925,70 +1851,6 @@ dist_pamconf_DATA = \
######################
# Command-line Tools #
######################
sss_useradd_SOURCES = \
src/tools/sss_useradd.c \
$(SSSD_TOOLS_OBJ)
sss_useradd_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_semanage.la \
$(NULL)
sss_userdel_SOURCES = \
src/tools/sss_userdel.c \
$(SSSD_LCL_TOOLS_OBJ)
sss_userdel_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(CLIENT_LIBS) \
libsss_semanage.la \
$(NULL)
sss_userdel_CFLAGS = \
$(AM_CFLAGS)
sss_groupadd_SOURCES = \
src/tools/sss_groupadd.c \
$(SSSD_TOOLS_OBJ)
sss_groupadd_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS)
sss_groupdel_SOURCES = \
src/tools/sss_groupdel.c \
$(SSSD_LCL_TOOLS_OBJ)
sss_groupdel_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(CLIENT_LIBS)
sss_groupdel_CFLAGS = $(AM_CFLAGS)
sss_usermod_SOURCES = \
src/tools/sss_usermod.c \
$(SSSD_LCL_TOOLS_OBJ)
sss_usermod_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(CLIENT_LIBS) \
libsss_semanage.la \
$(NULL)
sss_usermod_CFLAGS = $(AM_CFLAGS)
sss_groupmod_SOURCES = \
src/tools/sss_groupmod.c \
$(SSSD_LCL_TOOLS_OBJ)
sss_groupmod_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(CLIENT_LIBS)
sss_groupmod_CFLAGS = $(AM_CFLAGS)
sss_groupshow_SOURCES = \
src/tools/sss_groupshow.c \
$(SSSD_TOOLS_OBJ)
sss_groupshow_LDADD = \
$(TOOLS_LIBS) \
$(SSSD_INTERNAL_LTLIBS)
sss_cache_SOURCES = \
src/tools/sss_cache.c \
$(SSSD_LCL_TOOLS_OBJ)
......@@ -2053,6 +1915,7 @@ sssctl_LDADD = \
$(NULL)
sssctl_CFLAGS = \
$(AM_CFLAGS) \
-DPYTHONDIR_PATH=\"$(python3dir)/sssd\" \
$(NULL)
if BUILD_SUDO
......@@ -2691,6 +2554,9 @@ nss_srv_tests_LDADD = \
libsss_iface.la \
libsss_sbus.la \
$(NULL)
if BUILD_SUBID
nss_srv_tests_SOURCES += src/responder/nss/nss_protocol_subid.c
endif
EXTRA_pam_srv_tests_DEPENDENCIES = \
$(ldblib_LTLIBRARIES) \
......@@ -2705,7 +2571,6 @@ pam_srv_tests_SOURCES = \
src/responder/pam/pamsrv_gssapi.c \
src/responder/pam/pam_helpers.c \
src/responder/pam/pamsrv_dp.c \
src/responder/pam/pam_LOCAL_domain.c \
src/responder/pam/pam_prompting_config.c \
src/sss_client/pam_sss_prompt_config.c \
$(NULL)
......@@ -3905,7 +3770,6 @@ if BUILD_KCM
test_kcm_marshalling_SOURCES = \
src/tests/cmocka/test_kcm_marshalling.c \
src/responder/kcm/kcmsrv_ccache_binary.c \
src/responder/kcm/kcmsrv_ccache_json.c \
src/responder/kcm/kcmsrv_ccache_key.c \
src/responder/kcm/kcmsrv_ccache.c \
src/util/sss_krb5.c \
......@@ -3951,11 +3815,10 @@ test_kcm_renewals_SOURCES = \
src/responder/kcm/kcmsrv_ccache.c \
src/responder/kcm/kcmsrv_ccache_key.c \
src/responder/kcm/kcmsrv_ccache_binary.c \
src/responder/kcm/kcmsrv_ccache_json.c \
src/util/sss_krb5.c \
src/util/sss_iobuf.c \
src/util/secrets/secrets.c \
src/util/secrets/config.c \
src/responder/kcm/secrets/secrets.c \
src/responder/kcm/secrets/config.c \
src/providers/krb5/krb5_child_handler.c \
src/providers/krb5/krb5_opts.c \
src/providers/data_provider_opts.c \
......@@ -3991,9 +3854,6 @@ endif
if BUILD_AUTOFS
noinst_PROGRAMS += autofs_test_client
endif
if BUILD_WITH_LIBCURL
noinst_PROGRAMS += tcurl-test-tool
endif
if BUILD_PAC_RESPONDER
noinst_PROGRAMS += sssd_pac_test_client
endif
......@@ -4007,23 +3867,6 @@ autofs_test_client_CFLAGS = $(AM_CFLAGS)
autofs_test_client_LDADD = -lpopt $(CLIENT_LIBS)
endif
if BUILD_WITH_LIBCURL
tcurl_test_tool_SOURCES = \
src/tests/tcurl_test_tool.c \
src/util/tev_curl.c \
src/util/sss_iobuf.c \
$(NULL)
tcurl_test_tool_CFLAGS = \
$(AM_CFLAGS) \
$(CURL_CFLAGS) \
$(NULL)
tcurl_test_tool_LDADD = \
$(CURL_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(NULL)
endif
if BUILD_KRB5_LOCALAUTH_PLUGIN
test_sssd_krb5_localauth_plugin_SOURCES = \
src/tests/cmocka/test_sssd_krb5_localauth_plugin.c \
......@@ -4055,9 +3898,7 @@ intgcheck-prepare:
--with-ldb-lib-dir="$$prefix"/lib/ldb \
--enable-intgcheck-reqs \
--without-semanage \
--with-secrets \
--with-session-recording-shell=/bin/false \
--enable-local-provider \
--enable-files-domain \
$(INTGCHECK_CONFIGURE_FLAGS) \
CFLAGS="-O2 -g $$CFLAGS"; \
......@@ -4217,6 +4058,21 @@ libsss_autofs_la_LDFLAGS = \
-Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports
endif
if BUILD_SUBID
subidlib_LTLIBRARIES = libsubid_sss.la
libsubid_sss_la_SOURCES = \
src/sss_client/common.c \
src/sss_client/sss_cli.h \
src/sss_client/subid/sss_subid.c
libsubid_sss_la_LIBADD = \
$(CLIENT_LIBS)
libsubid_sss_la_LDFLAGS = \
-module \
-avoid-version \
-Wl,--version-script,$(srcdir)/src/sss_client/subid/sss_subid.exports
endif
dist_noinst_DATA += \
src/sss_client/sss_nss.exports \
src/sss_client/sss_pam.exports \
......@@ -4231,6 +4087,10 @@ if BUILD_AUTOFS
dist_noinst_DATA += src/sss_client/autofs/sss_autofs.exports
endif
if BUILD_SUBID
dist_noinst_DATA += src/sss_client/subid/sss_subid.exports
endif
####################
# Plugin Libraries #
####################
......@@ -4315,6 +4175,9 @@ libsss_ldap_common_la_LDFLAGS = \
if BUILD_SYSTEMTAP
libsss_ldap_common_la_LIBADD += stap_generated_probes.lo
endif
if BUILD_SUBID
libsss_ldap_common_la_SOURCES += src/providers/ldap/ldap_id_subid.c
endif
if BUILD_SSH
libsss_ldap_common_la_SOURCES += src/providers/ldap/sdap_hostid.c
......@@ -5052,12 +4915,6 @@ if BUILD_PAC_RESPONDER
src/sysv/systemd/sssd-pac.service \
$(NULL)
endif
if BUILD_SECRETS
systemdunit_DATA += \
src/sysv/systemd/sssd-secrets.socket \
src/sysv/systemd/sssd-secrets.service \
$(NULL)
endif
if BUILD_SSH
systemdunit_DATA += \
src/sysv/systemd/sssd-ssh.socket \
......@@ -5097,7 +4954,6 @@ dist_sssdapiplugin_DATA = \
src/config/etc/sssd.api.d/sssd-ad.conf \
src/config/etc/sssd.api.d/sssd-krb5.conf \
src/config/etc/sssd.api.d/sssd-ldap.conf \
src/config/etc/sssd.api.d/sssd-local.conf \
src/config/etc/sssd.api.d/sssd-proxy.conf \
src/config/etc/sssd.api.d/sssd-simple.conf \
src/config/etc/sssd.api.d/sssd-files.conf
......@@ -5130,8 +4986,6 @@ EXTRA_DIST += \
src/sysv/systemd/sssd-pam.socket.in \
src/sysv/systemd/sssd-pam-priv.socket.in \
src/sysv/systemd/sssd-pam.service.in \
src/sysv/systemd/sssd-secrets.socket.in \
src/sysv/systemd/sssd-secrets.service.in \
src/sysv/systemd/sssd-autofs.socket.in \
src/sysv/systemd/sssd-autofs.service.in \
src/sysv/systemd/sssd-ifp.service.in \
......@@ -5169,16 +5023,6 @@ src/sysv/systemd/sssd-pam.service: src/sysv/systemd/sssd-pam.service.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)
if BUILD_SECRETS
src/sysv/systemd/sssd-secrets.socket: src/sysv/systemd/sssd-secrets.socket.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)
src/sysv/systemd/sssd-secrets.service: src/sysv/systemd/sssd-secrets.service.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(replace_script)
endif
if BUILD_AUTOFS
src/sysv/systemd/sssd-autofs.socket: src/sysv/systemd/sssd-autofs.socket.in Makefile
@$(MKDIR_P) src/sysv/systemd/
......@@ -5226,25 +5070,9 @@ src/sysv/systemd/sssd-sudo.service: src/sysv/systemd/sssd-sudo.service.in Makefi
endif
if BUILD_KCM
if BUILD_SECRETS
kcm_socket_requires = Requires=sssd-secrets.socket
else
kcm_socket_requires =
endif
kcm_edit_cmd = $(edit_cmd) \
-e 's|@kcm_socket_requires[@]|$(kcm_socket_requires)|g'
kcm_replace_script = \
@rm -f $@ $@.tmp; \
srcdir=''; \
test -f ./$@.in || srcdir=$(srcdir)/; \
$(kcm_edit_cmd) $${srcdir}$@.in >$@.tmp; \
mv $@.tmp $@
src/sysv/systemd/sssd-kcm.socket: src/sysv/systemd/sssd-kcm.socket.in Makefile
@$(MKDIR_P) src/sysv/systemd/
$(kcm_replace_script)
$(replace_script)
src/sysv/systemd/sssd-kcm.service: src/sysv/systemd/sssd-kcm.service.in Makefile
@$(MKDIR_P) src/sysv/systemd/
......@@ -5309,9 +5137,6 @@ endif
$(INSTALL) -d -m 0711 $(DESTDIR)$(sssdconfdir) \
$(DESTDIR)$(sssdconfdir)/conf.d \
$(DESTDIR)$(sssdconfdir)/pki
if BUILD_WITH_LIBSECRET
$(MKDIR_P) $(DESTDIR)$(secdbpath)
endif
if HAVE_DOXYGEN
docs:
......@@ -5427,6 +5252,7 @@ if BUILD_SAMBA
endif
if BUILD_KCM
$(MKDIR_P) $(DESTDIR)/$(sssdkcmdatadir)
$(MKDIR_P) $(DESTDIR)$(secdbpath)
endif
uninstall-hook:
......@@ -5500,8 +5326,6 @@ endif
rm -f $(builddir)/src/sysv/systemd/sssd-ssh.service
rm -f $(builddir)/src/sysv/systemd/sssd-sudo.socket
rm -f $(builddir)/src/sysv/systemd/sssd-sudo.service
rm -f $(builddir)/src/sysv/systemd/sssd-secrets.socket
rm -f $(builddir)/src/sysv/systemd/sssd-secrets.service
rm -f $(builddir)/src/sysv/systemd/sssd-kcm.socket
rm -f $(builddir)/src/sysv/systemd/sssd-kcm.service
rm -f $(builddir)/src/tools/wrappers/sss_debuglevel
......
......@@ -150,7 +150,6 @@ WITH_PYTHON3_BINDINGS
WITH_CIFS_PLUGIN_PATH
WITH_WINBIND_PLUGIN_PATH
WITH_SELINUX
WITH_NSCD
WITH_IPA_GETKEYTAB
WITH_SEMANAGE
WITH_AD_GPO_DEFAULT
......@@ -161,6 +160,8 @@ WITH_APP_LIBS
WITH_SUDO
WITH_SUDO_LIB_PATH
WITH_AUTOFS
WITH_SUBID
WITH_SUBID_LIB_PATH
WITH_SSH
WITH_IFP
WITH_SYSLOG
......@@ -169,7 +170,6 @@ WITH_NFS
WITH_NFS_LIB_PATH
WITH_SSSD_USER
SSSD_RUNSTATEDIR
WITH_SECRETS
WITH_SECRETS_DB_PATH
WITH_KCM
......@@ -193,7 +193,6 @@ m4_include([src/external/sizes.m4])
m4_include([src/external/python.m4])
m4_include([src/external/selinux.m4])
m4_include([src/external/crypto.m4])
m4_include([src/external/nscd.m4])
m4_include([src/external/nsupdate.m4])
m4_include([src/external/libkeyutils.m4])
m4_include([src/external/libnl.m4])
......@@ -213,39 +212,12 @@ m4_include([src/external/service.m4])
m4_include([src/external/test_ca.m4])
m4_include([src/external/ax_valgrind_check.m4])
AS_IF([test x$with_secrets = xyes], [
m4_include([src/external/libhttp_parser.m4])
m4_include([src/external/libcurl.m4])
])
AS_IF([test x$with_kcm = xyes], [
m4_include([src/external/libuuid.m4])
])
AS_IF([test x$with_kcm = xyes -o x$with_secrets = xyes], [
BUILD_WITH_LIBSECRET=1
AC_DEFINE_UNQUOTED(BUILD_WITH_LIBSECRET, 1, [libsecret will be built])
m4_include([src/external/libjansson.m4])
])
AM_CONDITIONAL([BUILD_WITH_LIBSECRET],
[test x"$BUILD_WITH_LIBSECRET" != "x"])
# This variable is defined by external/libcurl.m4, but conditionals
# must be always evaluated
AM_CONDITIONAL([BUILD_WITH_LIBCURL],
[test x"$have_curlopt_unix_sockpath" = xyes])
WITH_UNICODE_LIB
AS_IF([test x$unicode_lib = xlibunistring], [
m4_include([src/external/libunistring.m4])
AC_DEFINE_UNQUOTED(HAVE_LIBUNISTRING, 1, [Using libunistring for unicode])
UNICODE_LIBS=$UNISTRING_LIBS
], [
m4_include([src/external/glib.m4])
AC_DEFINE_UNQUOTED(HAVE_GLIB2, 1, [Using glib2 for unicode])
UNICODE_LIBS=$GLIB2_LIBS
])
m4_include([src/external/libunistring.m4])
UNICODE_LIBS=$UNISTRING_LIBS
AC_SUBST(UNICODE_LIBS)
WITH_LIBNL
......@@ -538,6 +510,7 @@ AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config
src/lib/sifp/sss_simpleifp.doxy
src/config/setup.py
src/systemtap/sssd.stp
src/tools/analyzer/Makefile
src/config/SSSDConfig/__init__.py])
AC_CONFIG_FILES([sbus_generate.sh], [chmod +x sbus_generate.sh])
AC_OUTPUT
......@@ -40,7 +40,6 @@ if [[ "$DISTRO_BRANCH" == -redhat-redhatenterprise*-6.*- ||
"--disable-cifs-idmap-plugin"
"--with-syslog=syslog"
"--without-python3-bindings"
"--without-secrets"
"--without-kcm"
)
fi
......@@ -72,6 +71,13 @@ if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[2-9]* ]]; then
)
fi
if [[ "$DISTRO_BRANCH" == -redhat-fedora-3[5-9]* ||
"$DISTRO_BRANCH" == -redhat-redhatenterprise*-9.*- ]]; then
CONFIGURE_ARG_LIST+=(
"--with-subid"
)
fi
declare -r -a CONFIGURE_ARG_LIST
fi # _CONFIGURE_SH
......@@ -48,6 +48,7 @@ if [[ "$DISTRO_BRANCH" == -redhat-* ]]; then
curl-devel
krb5-server
krb5-workstation
libunistring-devel
)
if [[ "$DISTRO_BRANCH" == -redhat-fedora-31* ||
......@@ -127,7 +128,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
libnl-3-dev
libnl-route-3-dev
libpam0g-dev
libpcre3-dev
libpcre2-dev
libpopt-dev
libsasl2-dev
libselinux1-dev
......@@ -162,7 +163,6 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
slapd
systemtap-sdt-dev
libhttp-parser-dev
libjansson-dev
libcurl4-openssl-dev
krb5-kdc
krb5-admin-server
......@@ -175,6 +175,7 @@ if [[ "$DISTRO_BRANCH" == -debian-* ]]; then
gnutls-bin
softhsm2
libp11-kit-dev
libunistring-dev
)
DEPS_INTGCHECK_SATISFIED=true
fi
......
......@@ -184,6 +184,7 @@ function build_debug()
status=0
CK_FORK=no \
DEBUGINFOD_URLS="" \
stage make-check-valgrind \
make -j $CPU_NUM check \
LOG_COMPILER=libtool \
......
......@@ -59,18 +59,6 @@
}
# False positive - pcre_free is called in sss_names_ctx_destructor
{
sssd-leak-sss_names
Memcheck:Leak
fun:malloc
fun:pcre_compile2
fun:sss_regexp_pcre1_compile
fun:sss_regexp_new
fun:sss_names_init_from_args
...
}
# And the same, as above, for pcre2
{
sssd-leak-sss_names_pcre2
Memcheck:Leak
......
......@@ -14,6 +14,22 @@
%global child_attrs 4750
%endif
%if 0%{?fedora} >= 35 || 0%{?rhel} >= 9
%global build_subid 1
%else
%global build_subid 0
%endif
%if 0%{?fedora} >= 34
%global build_kcm_renewals 1
%global krb5_version 1.19.1
%elif 0%{?rhel} >= 8
%global build_kcm_renewals 1
%global krb5_version 1.18.2
%else
%global build_kcm_renewals 0
%endif
# we don't want to provide private python extension libs
%define __provides_exclude_from %{python3_sitearch}/.*\.so$
......@@ -79,10 +95,8 @@ BuildRequires: findutils
BuildRequires: gcc
BuildRequires: gdm-pam-extensions-devel
BuildRequires: gettext-devel
BuildRequires: glib2-devel
# required for p11_child smartcard tests
BuildRequires: gnutls-utils
BuildRequires: jansson-devel
BuildRequires: keyutils-libs-devel
BuildRequires: krb5-devel
BuildRequires: libcmocka-devel >= 1.0.0
......@@ -98,6 +112,8 @@ BuildRequires: libtalloc-devel
BuildRequires: libtdb-devel
BuildRequires: libtevent-devel
BuildRequires: libtool
BuildRequires: libunistring
BuildRequires: libunistring-devel
BuildRequires: libuuid-devel
BuildRequires: libxml2
BuildRequires: libxslt
......@@ -126,6 +142,12 @@ BuildRequires: systemd-devel
BuildRequires: systemtap-sdt-devel
BuildRequires: uid_wrapper
BuildRequires: po4a
%if %{build_subid}
BuildRequires: shadow-utils-subid-devel
%endif
%if %{build_kcm_renewals}
BuildRequires: krb5-libs >= %{krb5_version}
%endif
%description
Provides a set of daemons to manage access to remote directories and
......@@ -199,13 +221,13 @@ Requires: sssd-common = %{version}-%{release}
Requires: python3-sss = %{version}-%{release}
Requires: python3-sssdconfig = %{version}-%{release}
Requires: libsss_certmap = %{version}-%{release}
# required by sss_analyze
Requires: python3-systemd
Requires: python3-click
Recommends: sssd-dbus
%description tools
Provides userspace tools for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other administrative tools:
Provides several administrative tools:
* sss_debuglevel to change the debug level on the fly
* sss_seed which pre-creates a user entry for use in kickstarts
* sss_obfuscate for generating an obfuscated LDAP password
......@@ -227,11 +249,8 @@ Requires: sssd-common = %{version}-%{release}
%{?python_provide:%python_provide python3-sss}
%description -n python3-sss
Provides python3 module for manipulating users, groups, and nested groups in
SSSD when using id_provider = local in /etc/sssd/sssd.conf.
Also provides several other useful python3 bindings:
* function for retrieving list of groups user belongs to.
Provides python3 bindings:
* function for retrieving list of groups user belongs to
* class for obfuscation of passwords
%package -n python3-sss-murmur
......@@ -472,6 +491,9 @@ Library to map certificates to users based on rules
Summary: An implementation of a Kerberos KCM server
License: GPLv3+
Requires: sssd-common = %{version}-%{release}
%if %{build_kcm_renewals}
Requires: krb5-libs >= %{krb5_version}
%endif
%{?systemd_requires}
%description kcm
......@@ -506,14 +528,17 @@ autoreconf -ivf
--with-sssd-user=%{sssd_user} \
--with-syslog=journald \
--with-test-dir=/dev/shm \
%if %{build_subid}
--with-subid \
%endif
%if 0%{?fedora}
--enable-files-domain \
--disable-polkit-rules-path \
%endif
%{nil}
%make_build all docs runstatedir=%{_rundir}
%py3_shebang_fix src/tools/analyzer/sss_analyze.py
sed -i -e 's:/usr/bin/python:/usr/bin/python3:' src/tools/sss_obfuscate
%check
......@@ -812,6 +837,9 @@ done
%files client -f sssd_client.lang
%license src/sss_client/COPYING src/sss_client/COPYING.LESSER
%{_libdir}/libnss_sss.so.2
%if %{build_subid}
%{_libdir}/libsubid_sss.so
%endif
%{_libdir}/security/pam_sss.so
%{_libdir}/security/pam_sss_gss.so
%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
......@@ -843,6 +871,7 @@ done
%{_sbindir}/sss_debuglevel
%{_sbindir}/sss_seed
%{_sbindir}/sssctl
%{python3_sitelib}/sssd/
%{_mandir}/man8/sss_obfuscate.8*
%{_mandir}/man8/sss_override.8*
%{_mandir}/man8/sss_debuglevel.8*
......@@ -928,7 +957,6 @@ done
%{_unitdir}/sssd-kcm.socket
%{_unitdir}/sssd-kcm.service
%{_mandir}/man8/sssd-kcm.8*
%{_libdir}/%{name}/libsss_secrets.so
%if 0%{?rhel}
%pre common
......
sssd (2.6.1-1) UNRELEASED; urgency=medium
* New upstream release.
* patches: Dropped upstream patches.
* control: Add libunistring-dev to build-depends.
* sssd-common.install: Drop libsss_secrets, removed upstream.
-- Timo Aaltonen <tjaalton@debian.org> Fri, 12 Nov 2021 13:31:39 +0200
sssd (2.5.2-5) unstable; urgency=medium
* control: Fix libsemanage-dev build-dep. (Closes: #998634)
......
......@@ -53,6 +53,7 @@ Build-Depends:
libtdb-dev,
libtevent-dev,
libuid-wrapper <!nocheck>,
libunistring-dev,
libxml2-utils,
lsb-release,
openssh-client <!nocheck>,
......
From 7ab83f97e1cbefb78ece17232185bdd2985f0bbe Mon Sep 17 00:00:00 2001
From: Alexey Tikhonov <atikhono@redhat.com>
Date: Fri, 18 Jun 2021 13:17:19 +0200
Subject: [PATCH] TOOLS: replace system() with execvp() to avoid execution of
user supplied command
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
:relnote: A flaw was found in SSSD, where the sssctl command was
vulnerable to shell command injection via the logs-fetch and
cache-expire subcommands. This flaw allows an attacker to trick
the root user into running a specially crafted sssctl command,
such as via sudo, to gain root access. The highest threat from this
vulnerability is to confidentiality, integrity, as well as system
availability.
This patch fixes a flaw by replacing system() with execvp().
:fixes: CVE-2021-3621
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/tools/sssctl/sssctl.c | 39 ++++++++++++++++-------
src/tools/sssctl/sssctl.h | 2 +-
src/tools/sssctl/sssctl_data.c | 57 +++++++++++-----------------------
src/tools/sssctl/sssctl_logs.c | 32 +++++++++++++++----
4 files changed, 73 insertions(+), 57 deletions(-)
diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
index 2997dbf96..8adaf3091 100644
--- a/src/tools/sssctl/sssctl.c
+++ b/src/tools/sssctl/sssctl.c
@@ -97,22 +97,36 @@ sssctl_prompt(const char *message,
return SSSCTL_PROMPT_ERROR;
}
-errno_t sssctl_run_command(const char *command)
+errno_t sssctl_run_command(const char *const argv[])
{
int ret;
+ int wstatus;
- DEBUG(SSSDBG_TRACE_FUNC, "Running %s\n", command);
+ DEBUG(SSSDBG_TRACE_FUNC, "Running '%s'\n", argv[0]);
- ret = system(command);
+ ret = fork();
if (ret == -1) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to execute %s\n", command);
ERROR("Error while executing external command\n");
return EFAULT;
- } else if (WEXITSTATUS(ret) != 0) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Command %s failed with [%d]\n",
- command, WEXITSTATUS(ret));
+ }
+
+ if (ret == 0) {
+ /* cast is safe - see
+ https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
+ "The statement about argv[] and envp[] being constants ... "
+ */
+ execvp(argv[0], discard_const_p(char * const, argv));
ERROR("Error while executing external command\n");
- return EIO;
+ _exit(1);
+ } else {
+ if (waitpid(ret, &wstatus, 0) == -1) {
+ ERROR("Error while executing external command '%s'\n", argv[0]);
+ return EFAULT;
+ } else if (WEXITSTATUS(wstatus) != 0) {
+ ERROR("Command '%s' failed with [%d]\n",
+ argv[0], WEXITSTATUS(wstatus));
+ return EIO;
+ }
}
return EOK;
@@ -132,11 +146,14 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
#elif defined(HAVE_SERVICE)
switch (action) {
case SSSCTL_SVC_START:
- return sssctl_run_command(SERVICE_PATH" sssd start");
+ return sssctl_run_command(
+ (const char *[]){SERVICE_PATH, "sssd", "start", NULL});
case SSSCTL_SVC_STOP:
- return sssctl_run_command(SERVICE_PATH" sssd stop");
+ return sssctl_run_command(
+ (const char *[]){SERVICE_PATH, "sssd", "stop", NULL});
case SSSCTL_SVC_RESTART:
- return sssctl_run_command(SERVICE_PATH" sssd restart");
+ return sssctl_run_command(
+ (const char *[]){SERVICE_PATH, "sssd", "restart", NULL});
}
#endif
diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h
index 0115b2457..599ef6519 100644
--- a/src/tools/sssctl/sssctl.h
+++ b/src/tools/sssctl/sssctl.h
@@ -47,7 +47,7 @@ enum sssctl_prompt_result
sssctl_prompt(const char *message,
enum sssctl_prompt_result defval);
-errno_t sssctl_run_command(const char *command);
+errno_t sssctl_run_command(const char *const argv[]); /* argv[0] - command */
bool sssctl_start_sssd(bool force);
bool sssctl_stop_sssd(bool force);
bool sssctl_restart_sssd(bool force);
diff --git a/src/tools/sssctl/sssctl_data.c b/src/tools/sssctl/sssctl_data.c
index 8d79b977f..bf2291341 100644
--- a/src/tools/sssctl/sssctl_data.c
+++ b/src/tools/sssctl/sssctl_data.c
@@ -105,15 +105,15 @@ static errno_t sssctl_backup(bool force)
}
}
- ret = sssctl_run_command("sss_override user-export "
- SSS_BACKUP_USER_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "user-export",
+ SSS_BACKUP_USER_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to export user overrides\n");
return ret;
}
- ret = sssctl_run_command("sss_override group-export "
- SSS_BACKUP_GROUP_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "group-export",
+ SSS_BACKUP_GROUP_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to export group overrides\n");
return ret;
@@ -158,8 +158,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
}
if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
- ret = sssctl_run_command("sss_override user-import "
- SSS_BACKUP_USER_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "user-import",
+ SSS_BACKUP_USER_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to import user overrides\n");
return ret;
@@ -167,8 +167,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
}
if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
- ret = sssctl_run_command("sss_override group-import "
- SSS_BACKUP_GROUP_OVERRIDES);
+ ret = sssctl_run_command((const char *[]){"sss_override", "group-import",
+ SSS_BACKUP_GROUP_OVERRIDES, NULL});
if (ret != EOK) {
ERROR("Unable to import group overrides\n");
return ret;
@@ -296,40 +296,19 @@ errno_t sssctl_cache_expire(struct sss_cmdline *cmdline,
void *pvt)
{
errno_t ret;
- char *cmd_args = NULL;
- const char *cachecmd = SSS_CACHE;
- char *cmd = NULL;
- int i;
-
- if (cmdline->argc == 0) {
- ret = sssctl_run_command(cachecmd);
- goto done;
- }
- cmd_args = talloc_strdup(tool_ctx, "");
- if (cmd_args == NULL) {
- ret = ENOMEM;
- goto done;
+ const char **args = talloc_array_size(tool_ctx,
+ sizeof(char *),
+ cmdline->argc + 2);
+ if (!args) {
+ return ENOMEM;
}
+ memcpy(&args[1], cmdline->argv, sizeof(char *) * cmdline->argc);
+ args[0] = SSS_CACHE;
+ args[cmdline->argc + 1] = NULL;
- for (i = 0; i < cmdline->argc; i++) {
- cmd_args = talloc_strdup_append(cmd_args, cmdline->argv[i]);
- if (i != cmdline->argc - 1) {
- cmd_args = talloc_strdup_append(cmd_args, " ");
- }
- }
-
- cmd = talloc_asprintf(tool_ctx, "%s %s", cachecmd, cmd_args);
- if (cmd == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = sssctl_run_command(cmd);
-
-done:
- talloc_free(cmd_args);
- talloc_free(cmd);
+ ret = sssctl_run_command(args);
+ talloc_free(args);
return ret;
}
diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
index 9ff2be05b..ebb2c4571 100644
--- a/src/tools/sssctl/sssctl_logs.c
+++ b/src/tools/sssctl/sssctl_logs.c
@@ -31,6 +31,7 @@
#include <ldb.h>
#include <popt.h>
#include <stdio.h>
+#include <glob.h>
#include "util/util.h"
#include "tools/common/sss_process.h"
@@ -230,6 +231,7 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
{
struct sssctl_logs_opts opts = {0};
errno_t ret;
+ glob_t globbuf;
/* Parse command line. */
struct poptOption options[] = {
@@ -253,8 +255,20 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
sss_signal(SIGHUP);
} else {
+ globbuf.gl_offs = 4;
+ ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
+ return ret;
+ }
+ globbuf.gl_pathv[0] = discard_const_p(char, "truncate");
+ globbuf.gl_pathv[1] = discard_const_p(char, "--no-create");
+ globbuf.gl_pathv[2] = discard_const_p(char, "--size");
+ globbuf.gl_pathv[3] = discard_const_p(char, "0");
+
PRINT("Truncating log files...\n");
- ret = sssctl_run_command("truncate --no-create --size 0 " LOG_FILES);
+ ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
+ globfree(&globbuf);
if (ret != EOK) {
ERROR("Unable to truncate log files\n");
return ret;
@@ -269,8 +283,8 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
void *pvt)
{
const char *file;
- const char *cmd;
errno_t ret;
+ glob_t globbuf;
/* Parse command line. */
ret = sss_tool_popt_ex(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL,
@@ -280,13 +294,19 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
return ret;
}
- cmd = talloc_asprintf(tool_ctx, "tar -czf %s %s", file, LOG_FILES);
- if (cmd == NULL) {
- ERROR("Out of memory!");
+ globbuf.gl_offs = 3;
+ ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
+ if (ret != 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
+ return ret;
}
+ globbuf.gl_pathv[0] = discard_const_p(char, "tar");
+ globbuf.gl_pathv[1] = discard_const_p(char, "-czf");
+ globbuf.gl_pathv[2] = discard_const_p(char, file);
PRINT("Archiving log files into %s...\n", file);
- ret = sssctl_run_command(cmd);
+ ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
+ globfree(&globbuf);
if (ret != EOK) {
ERROR("Unable to archive log files\n");
return ret;
--
2.32.0
From dfb6594e3ce98c6bd543ceebf739eef70955950d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
Date: Wed, 11 Aug 2021 12:29:42 +0200
Subject: [PATCH] ad: fallback to ldap if cldap is not available in libldap
Some distributions do not have cldap support available in libldap. Now
we fallback to ad ping over ldap conditionally during build time.
Resolves: https://github.com/SSSD/sssd/issues/5720
:fixes: AD ping is now sent over `ldap` if `cldap` support is not available
during build. This helps to build SSSD on distributions without `cldap`
support in `libldap`.
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
---
src/external/ldap.m4 | 3 ++-
src/providers/ad/ad_cldap_ping.c | 11 +++++++++--
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/src/external/ldap.m4 b/src/external/ldap.m4
index cd13fde62..f42023cd4 100644
--- a/src/external/ldap.m4
+++ b/src/external/ldap.m4
@@ -67,7 +67,8 @@ LIBS="$LIBS $OPENLDAP_LIBS"
AC_CHECK_FUNCS([ldap_control_create ldap_init_fd \
ldap_create_deref_control_value \
ldap_parse_derefresponse_control \
- ldap_derefresponse_free])
+ ldap_derefresponse_free \
+ ldap_is_ldapc_url])
AC_CHECK_MEMBERS([struct ldap_conncb.lc_arg],
[AC_RUN_IFELSE(
[AC_LANG_PROGRAM(
diff --git a/src/providers/ad/ad_cldap_ping.c b/src/providers/ad/ad_cldap_ping.c
index 7722af98a..889ad420c 100644
--- a/src/providers/ad/ad_cldap_ping.c
+++ b/src/providers/ad/ad_cldap_ping.c
@@ -36,6 +36,12 @@
#include "providers/ldap/sdap_async.h"
#include "db/sysdb.h"
+#ifdef HAVE_LDAP_IS_LDAPC_URL
+#define AD_PING_PROTOCOL "cldap"
+#else
+#define AD_PING_PROTOCOL "ldap"
+#endif
+
struct ad_cldap_ping_dc_state {
struct tevent_context *ev;
struct sdap_options *opts;
@@ -76,8 +82,9 @@ static struct tevent_req *ad_cldap_ping_dc_send(TALLOC_CTX *mem_ctx,
state->ad_domain = ad_domain;
subreq = sdap_connect_host_send(state, ev, opts, be_res->resolv,
- be_res->family_order, host_db, "cldap",
- dc->host, dc->port, false);
+ be_res->family_order, host_db,
+ AD_PING_PROTOCOL, dc->host, dc->port,
+ false);
if (subreq == NULL) {
ret = ENOMEM;
goto done;
--
2.32.0
......@@ -8,8 +8,8 @@
[nss]
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -46,8 +46,7 @@
#define SSSD_LOCAL_MINID 1000
@@ -47,8 +47,7 @@
#define SSSD_MIN_ID 1
#define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
#define CONFDB_FALLBACK_CONFIG \
- "[sssd]\n" \
......
commit 9e47b63e4fe5c17b1fb308ce98a5f04ce5b5624b
Author: Pavel Březina <pbrezina@redhat.com>
Date: Mon Sep 6 13:48:06 2021 +0200
configure: do not unset PYTHON_PREFIX and PYTHON_EXEC_PREFIX
Recent changes in autoconf changed location of directories from:
```
checking for /usr/bin/python3 script directory... ${prefix}/lib/python3.9/site-packages
checking for /usr/bin/python3 extension module directory... ${exec_prefix}/lib64/python3.9/site-packages
```
to
```
checking for /usr/bin/python3 script directory... ${PYTHON_PREFIX}/lib/python3.10/site-packages
checking for /usr/bin/python3 extension module directory... ${PYTHON_EXEC_PREFIX}/lib64/python3.10/site-packages
```
However, we unset these variables in SSS_CLEAN_PYTHON_VARIABLES and
therefore the correct prefix is not applied anymore during installation.
Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
diff --git a/src/external/python.m4 b/src/external/python.m4
index 1738f9f8f..6a6283511 100644
--- a/src/external/python.m4
+++ b/src/external/python.m4
@@ -73,7 +73,7 @@ AC_DEFUN([SSS_CLEAN_PYTHON_VARIABLES],
[
unset pyexecdir pkgpyexecdir pythondir pgkpythondir
unset PYTHON PYTHON_CFLAGS PYTHON_LIBS PYTHON_INCLUDES
- unset PYTHON_PREFIX PYTHON_EXEC_PREFIX PYTHON_VERSION PYTHON_CONFIG
+ unset PYTHON_VERSION PYTHON_CONFIG
dnl removed cached variables, required for reusing of AM_PATH_PYTHON
unset am_cv_pathless_PYTHON ac_cv_path_PYTHON am_cv_python_version
fix-whitespace-test.diff
default-to-socket-activated-services.diff
fix_newer_autoconf.patch
0001-TOOLS-replace-system-with-execvp-to-avoid-execution-.patch
0001-ad-fallback-to-ldap-if-cldap-is-not-available-in-lib.patch
......@@ -33,7 +33,6 @@ usr/lib/*/sssd/libsss_krb5_common.so
usr/lib/*/sssd/libsss_ldap_common.so
usr/lib/*/sssd/libsss_sbus.so
usr/lib/*/sssd/libsss_sbus_sync.so
usr/lib/*/sssd/libsss_secrets.so
usr/lib/*/sssd/libsss_semanage.so
usr/lib/*/sssd/libsss_simple.so
usr/lib/*/sssd/libsss_util.so
......
......@@ -23,3 +23,4 @@ uk
zh_CN
zh_TW
ko
......@@ -12,14 +12,6 @@ src/sss_client/nss_passwd.c
src/sss_client/pam_sss.c
src/sss_client/ssh/sss_ssh_authorizedkeys.c
src/sss_client/ssh/sss_ssh_knownhostsproxy.c
src/tools/sss_useradd.c
src/tools/sss_groupadd.c
src/tools/sss_groupdel.c
src/tools/sss_groupmod.c
src/tools/sss_groupshow.c
src/tools/sss_useradd.c
src/tools/sss_userdel.c
src/tools/sss_usermod.c
src/tools/sss_cache.c
src/tools/tools_util.c
src/tools/tools_util.h
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.