Re: [SSSD] Behaviour of getgrnam/getgrgid
On Thu, 16 Sep 2010 17:50:28 +0200 Ralf Haferkamp wrote: > Hi, > > On Thursday 09 September 2010 15:14:10 Ralf Haferkamp wrote: > [..] > > > > I have started working on a patch to let sssd look up the non-cached > > users via LDAP (and save them into the cache). Find it attached. > > Note: That patch is not really complete (e.g. it doesn't handle > > rfc2307 groups correctly). But before putting more effort into this > > I like to make sure that I am not trying to fix a "feature" here. > > Find a newer version of my patch attached. Actually it's 3 patches > now. Please review. > > Patch1: This just adds a new flag to save_groups() to indicate that > the group's member attribute is already populated with the members' > sysdb DN (instead on LDAP DNs). As I need to lookup the group members > in sysdb anyway, when processing the group, this saves some redundant >sysdb lookups when storing the group. This looks like a good idea. > Patch2: This is a somewhat improved version of my last patch. >- better error handling >- limit the number of LDAP requests that are issued before > starting to process the results. This is especially needed when > dealing with large groups, otherwise the server might choke on us > (e.g. OpenLDAP has a (configurable) limit of 100 pending > operations per anonymous connection and 1000 per authenticated > connection). OTOH sending multiple LDAP request at once will speed up > things a bit compared to just sending the next request after > processing the result of the previous. >- populate the "member" attribute with the correct sysdb DNs to > utilize Patch1. >- limit the group unrolling to rfc2307bis for now. rfc2307 and IPA > need to be treated differently as discussed previously in this > thread. This patch makes the main function very complex, I suggest that you at least create separate functions for each new tevent request you want to create, that is sort of a rule for sssd. (And it makes code digestible more often than not). As for group unrolling I have also started working on it (ticket #625), although I am doing that in the 1.2.x branch as we need the functionality there too. I will try to post a patch soon so that we can compare relative approaches and merge the effort, ok ? > Patch3: This adds a new config option to "ldap_unroll_group_members" > to enable/disable group unrolling Can we use the followin patch instead ? http://fedorapeople.org/gitweb?p=simo/public_git/sssd.git;a=commitdiff;h=fedf324be284de71e5dbf22f0135e9f681a15bde This patch assumes the code will consider a nesting level of 0 as "no nesting". therefore it will embed in a single option both a way to enable disable unrolling and a limit on the level of nesting we will allow on the client (to avoid loops or very long delay on pathological cases). Simo. -- Simo Sorce * Red Hat, Inc * New York ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
Re: [SSSD] [PATCH] Define objectclass with a constant
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2010 06:41 AM, Stephen Gallagher wrote: > On 09/15/2010 05:47 AM, Jakub Hrozek wrote: >> just a small cleanup patch > > > > Ack. > Pushed to master. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkyQ6qUACgkQeiVVYja6o6M1QwCeJqng/MmCbm4IfCCly1LbH43L MEkAn2W0jtVsQdIPuPqwVayds9BMmssB =HgsE -END PGP SIGNATURE- ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
Re: [SSSD] [PATCH] Request all group attributes during initgroups processing (sssd-1-2)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/2010 05:11 PM, Stephen Gallagher wrote: > We tried to be too clever and only requested the name of the group, > but we require the objectClass to validate the results. > > https://fedorahosted.org/sssd/ticket/622 > > > This is rebased from the patches in the thread "Fix two serious issues > with initgroups". The other two patches are unnecessary in sssd-1-2 (bug > 620 does not exist there) > Ack -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkySShUACgkQHsardTLnvCWMpgCg0NHUtg+4y4e/hXUS1DX4d+pq HG0AnRsvfKOQTw1uaD6Nm4rmFXj8UkIS =HHM0 -END PGP SIGNATURE- ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
Re: [SSSD] [PATCH] Fix assorted specfile issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/16/2010 06:01 PM, Stephen Gallagher wrote: > On 09/16/2010 11:56 AM, Jakub Hrozek wrote: >> On 09/16/2010 02:21 PM, Stephen Gallagher wrote: >>> 1) Pam modules should be explicitly built for /lib64/security >>> 2) The krb5 locator plugin is always built; remove the conditional >>> 3) The krb5 locator plugin belongs in the sssd-client package >>> 4) The sss_obfuscate manpage was not packaged > >> Sorry, but I can't get this patch to apply cleanly: > >> --- >> Applying: Fix assorted specfile issues >> error: patch failed: contrib/sssd.spec.in:100 >> error: contrib/sssd.spec.in: patch does not apply >> Patch failed at 0001 Fix assorted specfile issues >> When you have resolved this problem run "git am --resolved". >> If you would prefer to skip this patch, instead run "git am --skip". >> To restore the original branch and stop patching run "git am --abort". >> --- > > Sorry, rebased patch attached (that one depended on some other changes I > had in my tree) > ACK -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkySQhEACgkQHsardTLnvCVpLQCgyMHs7v2W5LkkCtOAXNocvPrV oKoAoNx6AkCYMqL8d7MmdCVYI6NCql85 =FVhj -END PGP SIGNATURE- ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
Re: [SSSD] [PATCH] Fix assorted specfile issues
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/16/2010 11:56 AM, Jakub Hrozek wrote:
> On 09/16/2010 02:21 PM, Stephen Gallagher wrote:
>> 1) Pam modules should be explicitly built for /lib64/security
>> 2) The krb5 locator plugin is always built; remove the conditional
>> 3) The krb5 locator plugin belongs in the sssd-client package
>> 4) The sss_obfuscate manpage was not packaged
>
> Sorry, but I can't get this patch to apply cleanly:
>
> ---
> Applying: Fix assorted specfile issues
> error: patch failed: contrib/sssd.spec.in:100
> error: contrib/sssd.spec.in: patch does not apply
> Patch failed at 0001 Fix assorted specfile issues
> When you have resolved this problem run "git am --resolved".
> If you would prefer to skip this patch, instead run "git am --skip".
> To restore the original branch and stop patching run "git am --abort".
> ---
Sorry, rebased patch attached (that one depended on some other changes I
had in my tree)
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkySP2QACgkQeiVVYja6o6N2XgCfWnSZKFsk83LRZA3E9dla3rRi
oAoAn3BowoKIdMU4nH996stJ9smqhce8
=Zkij
-END PGP SIGNATURE-
From af0ad6f467a96a9f20e909a569c6af036b0709a3 Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Thu, 16 Sep 2010 08:09:44 -0400
Subject: [PATCH] Fix assorted specfile issues
1) Pam modules should be explicitly built for /lib64/security
2) The krb5 locator plugin is always built; remove the conditional
3) The krb5 locator plugin belongs in the sssd-client package
4) The sss_obfuscate manpage was not packaged
---
contrib/sssd.spec.in | 14 ++
1 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index a26cf9daa3d8ca3e487d8447f23919213614f738..3f6a0f1b067381b1bcf4c044cddb61c96df3eae9 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -100,6 +100,7 @@ service.
--with-pubconf-path=%{pubconfpath} \
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib} \
+--enable-pammoddir=/%{_lib}/security \
--disable-static \
--disable-rpath
@@ -143,12 +144,8 @@ rm -f \
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
-if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
-then
-# Apppend this file to the sss_daemon.lang
-# Older versions of rpmbuild can only handle one -f option
-echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sssd.lang
-fi
+# Older versions of rpmbuild can only handle one -f option
+# So we need to append to the sssd.lang file
for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
do
echo %{python_sitelib}/`basename $file` >> sssd.lang
@@ -199,17 +196,18 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
-%{_mandir}/man8/sssd_krb5_locator_plugin.8*
+%{_mandir}/man8/sss_obfuscate.8*
%{python_sitearch}/pysss.so
%{python_sitelib}/*.py*
-
%files client
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
+%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
%{_mandir}/man8/pam_sss.8*
+%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%post
/sbin/ldconfig
--
1.7.2.3
0001-Fix-assorted-specfile-issues.patch.sig
Description: PGP signature
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
Re: [SSSD] [PATCH] Fix assorted specfile issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/16/2010 02:21 PM, Stephen Gallagher wrote: > 1) Pam modules should be explicitly built for /lib64/security > 2) The krb5 locator plugin is always built; remove the conditional > 3) The krb5 locator plugin belongs in the sssd-client package > 4) The sss_obfuscate manpage was not packaged Sorry, but I can't get this patch to apply cleanly: - --- Applying: Fix assorted specfile issues error: patch failed: contrib/sssd.spec.in:100 error: contrib/sssd.spec.in: patch does not apply Patch failed at 0001 Fix assorted specfile issues When you have resolved this problem run "git am --resolved". If you would prefer to skip this patch, instead run "git am --skip". To restore the original branch and stop patching run "git am --abort". - --- -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkySPj4ACgkQHsardTLnvCUVEgCdEsXjA6DuBns1ttGljwdTbq+3 AWEAoLmPFOhmiaBlhGvIXQBqrYccNCNO =gG2a -END PGP SIGNATURE- ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
Re: [SSSD] Behaviour of getgrnam/getgrgid
Hi,
On Thursday 09 September 2010 15:14:10 Ralf Haferkamp wrote:
[..]
>
> I have started working on a patch to let sssd look up the non-cached
> users via LDAP (and save them into the cache). Find it attached. Note:
> That patch is not really complete (e.g. it doesn't handle rfc2307
> groups correctly). But before putting more effort into this I like to
> make sure that I am not trying to fix a "feature" here.
Find a newer version of my patch attached. Actually it's 3 patches now.
Please review.
Patch1: This just adds a new flag to save_groups() to indicate that the
group's member attribute is already populated with the members' sysdb
DN (instead on LDAP DNs). As I need to lookup the group members in
sysdb anyway, when processing the group, this saves some redundant
sysdb lookups when storing the group.
Patch2: This is a somewhat improved version of my last patch.
- better error handling
- limit the number of LDAP requests that are issued before
starting to process the results. This is especially needed when
dealing with large groups, otherwise the server might choke on us
(e.g. OpenLDAP has a (configurable) limit of 100 pending operations
per anonymous connection and 1000 per authenticated connection).
OTOH sending multiple LDAP request at once will speed up things a
bit compared to just sending the next request after processing the
result of the previous.
- populate the "member" attribute with the correct sysdb DNs to
utilize Patch1.
- limit the group unrolling to rfc2307bis for now. rfc2307 and IPA
need to be treated differently as discussed previously in this
thread.
Patch3: This adds a new config option to "ldap_unroll_group_members" to
enable/disable group unrolling
regards,
Ralf
--
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
From 910f5c16ba1dda5f29a43af134683108d3d10ae3 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp
Date: Thu, 16 Sep 2010 17:24:17 +0200
Subject: [PATCH 1/3] Shortcut for save_group() to accept sysdb DNs as member attributes
Addtional parameter "sysdb_member_dns" for save_group() and save_groups()
to indicate that the "member" attribute of the groups is populated with
sysdb DNs of the members (instead of LDAP DNs).
---
src/providers/ldap/sdap_async_accounts.c | 23 +++
1 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c
index 8999ba0..d1c6378 100644
--- a/src/providers/ldap/sdap_async_accounts.c
+++ b/src/providers/ldap/sdap_async_accounts.c
@@ -609,6 +609,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
struct sss_domain_info *dom,
struct sysdb_attrs *attrs,
bool store_members,
+ bool sysdb_member_dns,
char **_timestamp)
{
struct ldb_message_element *el;
@@ -697,7 +698,19 @@ static int sdap_save_group(TALLOC_CTX *memctx,
}
}
-if (store_members) {
+if (sysdb_member_dns) {
+struct ldb_message_element *el1;
+ret = sysdb_attrs_get_el(attrs, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el1);
+if (ret != EOK) {
+goto fail;
+}
+ret = sysdb_attrs_get_el(group_attrs, SYSDB_MEMBER, &el);
+if (ret != EOK) {
+goto fail;
+}
+el->values = el1->values;
+el->num_values = el1->num_values;
+} else if (store_members) {
ret = sysdb_attrs_get_el(attrs,
opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el);
if (ret != EOK) {
@@ -808,6 +821,7 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
struct sdap_options *opts,
struct sysdb_attrs **groups,
int num_groups,
+bool sysdb_member_dns,
char **_timestamp)
{
TALLOC_CTX *tmpctx;
@@ -848,7 +862,7 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
/* if 2 pass savemembers = false */
ret = sdap_save_group(tmpctx, sysdb,
opts, dom, groups[i],
- (!twopass), ×tamp);
+ (!twopass), sysdb_member_dns, ×tamp);
/* Do not fail completely on errors.
* Just report the failure to save and go on */
@@ -872,7 +886,7 @@ static int sdap_save_groups(TALLOC_CTX *memctx,
}
}
-if (twopass) {
+if (twopass && !sysdb_member_dns) {
for (i = 0; i < num_groups; i++) {
@@ -988,6 +1002,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq)
ret = sdap_save_groups(state, state->sysdb,
state->dom, state->opts,
state->groups, state->count,
+
[SSSD] [PATCH] Assorted patches for initgroups processing
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
I found these issues while testing Stephen's initgroup patches:
[PATCH 1/3] Fix sysdb_group_dn_name
We copied the RDN attribute name, not its value. Also includes a unit test.
[PATCH 2/3] Fix sysdb_attrs_to_list
We didn't cycle through all the attributes.
[PATCH 3/3] Request the correct attribute name
The attributes we got from sdap_get_generic_recv() are already mapped to
sysdb attributes, so when we asked for "cn", it was not found as the
attributes already included "name".
They apply to master only, I can resend the 1.2 version when/if these
are deemed OK.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkySO9YACgkQHsardTLnvCUjWwCeJvPq/UU09wmPY80o6vbrSxAH
61QAoNrAaIh/ZixsVcImODbdegLKjPMW
=xQ4R
-END PGP SIGNATURE-
From 039a7f1536da9107b01b1c5cf34fa402a3becf4f Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Thu, 16 Sep 2010 14:05:35 -0400
Subject: [PATCH 1/3] Fix sysdb_group_dn_name
---
src/db/sysdb.c |9 -
src/tests/sysdb-tests.c | 35 +++
2 files changed, 43 insertions(+), 1 deletions(-)
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 4e1243c..5f002d8 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -56,6 +56,7 @@ errno_t sysdb_group_dn_name(struct sysdb_ctx *ctx, void *memctx,
const char *_dn, char **_name)
{
struct ldb_dn *dn;
+const struct ldb_val *val;
*_name = NULL;
dn = ldb_dn_new_fmt(memctx, ctx->ldb, "%s", _dn);
@@ -63,7 +64,13 @@ errno_t sysdb_group_dn_name(struct sysdb_ctx *ctx, void *memctx,
return ENOMEM;
}
-*_name = talloc_strdup(memctx, ldb_dn_get_rdn_name(dn));
+val = ldb_dn_get_rdn_val(dn);
+if (val == NULL) {
+talloc_zfree(dn);
+return EINVAL;
+}
+
+*_name = talloc_strndup(memctx, (char *) val->data, val->length);
if (!*_name) {
talloc_zfree(dn);
return ENOMEM;
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index b320afd..98d9a20 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -2158,6 +2158,38 @@ START_TEST (test_sysdb_update_members)
}
END_TEST
+START_TEST (test_sysdb_group_dn_name)
+{
+struct sysdb_test_ctx *test_ctx;
+int ret;
+struct ldb_dn *group_dn;
+const char *groupname;
+char *parsed;
+
+/* Setup */
+ret = setup_sysdb_tests(&test_ctx);
+if (ret != EOK) {
+fail("Could not set up the test");
+return;
+}
+
+groupname = talloc_asprintf(test_ctx, "testgroup%d", _i);
+group_dn = sysdb_group_dn(test_ctx->sysdb, test_ctx, "LOCAL", groupname);
+if (!group_dn || !groupname) {
+fail("Out of memory");
+return;
+}
+
+ret = sysdb_group_dn_name(test_ctx->sysdb, test_ctx,
+ ldb_dn_get_linearized(group_dn), &parsed);
+fail_if(ret != EOK, "Cannot get the group name from DN");
+
+fail_if(strcmp(groupname, parsed) != 0,
+"Names don't match (got %s)", parsed);
+talloc_free(test_ctx);
+}
+END_TEST
+
Suite *create_sysdb_suite(void)
{
Suite *s = suite_create("sysdb");
@@ -2176,6 +2208,9 @@ Suite *create_sysdb_suite(void)
/* Verify the groups were added */
tcase_add_loop_test(tc_sysdb, test_sysdb_getgrnam, 28000, 28010);
+/* sysdb_group_dn_name returns the name of the group in question */
+tcase_add_loop_test(tc_sysdb, test_sysdb_group_dn_name, 28000, 28010);
+
/* sysdb_store_user allows setting attributes for existing users */
tcase_add_loop_test(tc_sysdb, test_sysdb_store_user_existing, 27000, 27010);
--
1.7.2.2
From c75f2b3598fe3c51a919eb13c78d92538255c68d Mon Sep 17 00:00:00 2001
From: Jakub Hrozek
Date: Thu, 16 Sep 2010 17:09:16 +0200
Subject: [PATCH 2/3] Fix sysdb_attrs_to_list
---
src/db/sysdb.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index 5f002d8..a2a94a5 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -1686,13 +1686,13 @@ errno_t sysdb_attrs_to_list(TALLOC_CTX *memctx,
for (attr_idx = 0; attr_idx < attr_count; attr_idx++) {
/* Examine each attribute within the entry */
for (i = 0; i < attrs[attr_idx]->num; i++) {
-if (strcasecmp(attrs[attr_idx]->a->name, attr_name) == 0) {
+if (strcasecmp(attrs[attr_idx]->a[i].name, attr_name) == 0) {
/* Attribute name matches the requested name
* Copy it to the output list
*/
list[list_idx] = talloc_strdup(
list,
-(const char *)attrs[attr_idx]->a->values[0].data);
+(const char *)attrs[attr_idx]->a[i].values[0].data);
if (!list[list_idx]) {
talloc_free(list);
return ENOMEM;
--
1
Re: [SSSD] [PATCHES] Sysdb interface for netgroups
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/15/2010 01:54 PM, Stephen Gallagher wrote: > On 09/15/2010 11:22 AM, Stephen Gallagher wrote: >> This is a first pass at the cache storage and retrieval for netgroups >> information. Part of these patches were written by Jakub, part by me. >> I'd prefer it if Jan, Simo or Sumit did the review for this. > >> I'm going to try to submit patches for review on a rolling basis for the >> netgroups code, in order to avoid a too-large review when the work is >> complete. > >> Patch 0001: New sysdb interfaces for netgroups. Add and delete support >> for netgroups entries, tuples and nested netgroups. > >> Patch 0002: Unit tests for the above interfaces. > > > > Revising patch 0001. Nothing functionally has changed, but I moved > sysdb_getnetgr() into sysdb_search.c where it belongs. I had originally > put it into sysdb_ops.c > I'm withdrawing these two patches. I'm going to redesign this approach a bit to take advantage of the memberOf plugin to avoid loops. - -- Stephen Gallagher RHCE 804006346421761 Delivering value year after year. Red Hat ranks #1 in value among software vendors. http://www.redhat.com/promo/vendor/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkySKMIACgkQeiVVYja6o6OwwACglIHTpIIGA+RdbkrC68qYfkrp cfkAn3cWlGCs/GcnLjYjpHdelZowAerq =GhwI -END PGP SIGNATURE- ___ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
[SSSD] [PATCH] Fix assorted specfile issues
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
1) Pam modules should be explicitly built for /lib64/security
2) The krb5 locator plugin is always built; remove the conditional
3) The krb5 locator plugin belongs in the sssd-client package
4) The sss_obfuscate manpage was not packaged
- --
Stephen Gallagher
RHCE 804006346421761
Delivering value year after year.
Red Hat ranks #1 in value among software vendors.
http://www.redhat.com/promo/vendor/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkySC9UACgkQeiVVYja6o6OpSgCffoDH57gP/kWyjWfZdCi+jMlw
ujIAn3LIEyse448WQqxp56IInelsBixc
=Eb1P
-END PGP SIGNATURE-
From 09277c79876c62a087665a2641bcea9172347bac Mon Sep 17 00:00:00 2001
From: Stephen Gallagher
Date: Thu, 16 Sep 2010 08:09:44 -0400
Subject: [PATCH] Fix assorted specfile issues
1) Pam modules should be explicitly built for /lib64/security
2) The krb5 locator plugin is always built; remove the conditional
3) The krb5 locator plugin belongs in the sssd-client package
4) The sss_obfuscate manpage was not packaged
---
contrib/sssd.spec.in | 14 ++
1 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in
index 45948718dc6a9749c9a28de0ba0ed7b6724d1877..d3748f42911209233adb1281f6e823e6e2b3086f 100644
--- a/contrib/sssd.spec.in
+++ b/contrib/sssd.spec.in
@@ -100,6 +100,7 @@ service.
--with-pubconf-path=%{pubconfpath} \
--with-init-dir=%{_initrddir} \
--enable-nsslibdir=/%{_lib} \
+--enable-pammoddir=/%{_lib}/security \
--disable-static \
--disable-rpath \
--cache-file=/tmp/sssd-rpm.cache \
@@ -145,12 +146,8 @@ rm -f \
$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \
$RPM_BUILD_ROOT/%{python_sitearch}/pysss.la
-if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
-then
-# Apppend this file to the sss_daemon.lang
-# Older versions of rpmbuild can only handle one -f option
-echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sssd.lang
-fi
+# Older versions of rpmbuild can only handle one -f option
+# So we need to append to the sssd.lang file
for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null`
do
echo %{python_sitelib}/`basename $file` >> sssd.lang
@@ -201,17 +198,18 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/man8/sss_useradd.8*
%{_mandir}/man8/sss_userdel.8*
%{_mandir}/man8/sss_usermod.8*
-%{_mandir}/man8/sssd_krb5_locator_plugin.8*
+%{_mandir}/man8/sss_obfuscate.8*
%{python_sitearch}/pysss.so
%{python_sitelib}/*.py*
-
%files client
%defattr(-,root,root,-)
%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER
/%{_lib}/libnss_sss.so.2
/%{_lib}/security/pam_sss.so
+%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
%{_mandir}/man8/pam_sss.8*
+%{_mandir}/man8/sssd_krb5_locator_plugin.8*
%post
/sbin/ldconfig
--
1.7.2.3
0001-Fix-assorted-specfile-issues.patch.sig
Description: PGP signature
___
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://fedorahosted.org/mailman/listinfo/sssd-devel
