[packages/sssd] - up to 1.12.3 - updated heimdal patch - added link patch

qboosh qboosh at pld-linux.org
Tue Jan 13 20:38:27 CET 2015


commit 7168e7f91c60e3430c598cc534e5bb12c3d6c35d
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Tue Jan 13 20:39:57 2015 +0100

    - up to 1.12.3
    - updated heimdal patch
    - added link patch

 sssd-heimdal.patch | 152 ++++++++++++++++++++++++++++-------------------------
 sssd-link.patch    |  11 ++++
 sssd.spec          |  65 +++++++++++++++++++----
 3 files changed, 147 insertions(+), 81 deletions(-)
---
diff --git a/sssd.spec b/sssd.spec
index 52795d2..3941b7f 100644
--- a/sssd.spec
+++ b/sssd.spec
@@ -6,16 +6,17 @@
 Summary:	System Security Services Daemon
 Summary(pl.UTF-8):	System Security Services Daemon - demon usług bezpieczeństwa systemu
 Name:		sssd
-Version:	1.12.0
+Version:	1.12.3
 Release:	0.1
 License:	GPL v3+
 Group:		Applications/System
 Source0:	https://fedorahosted.org/released/sssd/%{name}-%{version}.tar.gz
-# Source0-md5:	f313613db186d478e9b40e10506c8838
+# Source0-md5:	b891c263819a1dde062d7065448a4d58
 Source1:	%{name}.init
 Patch0:		%{name}-python-config.patch
 Patch1:		%{name}-heimdal.patch
 Patch2:		%{name}-systemd.patch
+Patch3:		%{name}-link.patch
 URL:		https://fedorahosted.org/sssd/
 BuildRequires:	augeas-devel >= 1.0.0
 BuildRequires:	autoconf >= 2.59
@@ -39,10 +40,11 @@ BuildRequires:	libcollection-devel >= 0.5.1
 BuildRequires:	libdhash-devel >= 0.4.2
 BuildRequires:	libini_config-devel >= 1.0.0
 BuildRequires:	ldb-devel >= %{ldb_version}
+BuildRequires:	libnfsidmap-devel
 BuildRequires:	libnl-devel >= 3.2
 BuildRequires:	libselinux-devel
 BuildRequires:	libsemanage-devel
-BuildRequires:	libtool
+BuildRequires:	libtool >= 2:2
 BuildRequires:	libxml2-progs
 BuildRequires:	libxslt-progs
 BuildRequires:	m4
@@ -133,6 +135,34 @@ Pakiet zawiera także kilka innych narzędzi administracyjnych:
  - sss_seed tworzący wpis użytkownika do szybkiego rozruchu,
  - sss_obfuscate do generowania utajnionego hasła LDAP.
 
+%package libwbclient
+Summary:	The SSSD libwbclient implementation
+Summary(pl.UTF-8):	Implementacja libwbclient oparta na SSSD
+Group:		Libraries
+License:	LGPL v3+
+Requires:	libsss_nss_idmap = %{version}-%{release}
+
+%description libwbclient
+The SSSD implementation of Samba wbclient library.
+
+%description libwbclient -l pl.UTF-8
+Implementacja biblioteki Samba wbclient oparta na SSSD.
+
+%package libwbclient-devel
+Summary:	Development files of the SSSD libwbclient implementation
+Summary(pl.UTF-8):	Pliki programistyczne implementacja libwbclient oparta na SSSD
+Group:		Development/Libraries
+License:	LGPL v3+
+Requires:	%{name}-libwbclient = %{version}-%{release}
+
+%description libwbclient-devel
+Development files for the SSSD implementation of Samba wbclient
+library.
+
+%description libwbclient-devel -l pl.UTF-8
+Pliki programistyczne implementacji biblioteki Samba wbclient opartej
+na SSSD.
+
 %package -n libipa_hbac
 Summary:	FreeIPA HBAC Evaluator library
 Summary(pl.UTF-8):	Biblioteka oceniająca FreeIPA HBAC
@@ -271,8 +301,9 @@ Pliki nagłówkowe biblioteki libsss_simpleifp.
 %prep
 %setup -q
 %patch0 -p1
-%patch1 -p1 -b .orig
+%patch1 -p1
 %patch2 -p1
+%patch3 -p1
 
 %build
 %{__libtoolize}
@@ -283,14 +314,15 @@ Pliki nagłówkowe biblioteki libsss_simpleifp.
 #CFLAGS="-Wno-deprecated-declarations"
 %configure \
 	NSCD=/usr/sbin/nscd \
+	--enable-nfsidmaplibdir=/%{_lib}/libnfsidmap \
+	--enable-nsslibdir=/%{_lib} \
+	--enable-pammoddir=/%{_lib}/security \
+	--disable-rpath \
 	--with-db-path=%{dbpath} \
+	--with-init-dir=/etc/rc.d/init.d \
 	--with-initscript=sysv,systemd \
 	--with-pipe-path=%{pipepath} \
 	--with-pubconf-path=%{pubconfpath} \
-	--with-init-dir=/etc/rc.d/init.d \
-	--enable-nsslibdir=/%{_lib} \
-	--enable-pammoddir=/%{_lib}/security \
-	--disable-rpath \
 	--with-systemdunitdir=%{systemdunitdir} \
 	--with-test-dir=/dev/shm
 
@@ -331,12 +363,13 @@ cp -p src/examples/rwtab $RPM_BUILD_ROOT%{_sysconfdir}/rwtab.d/sssd
 # Remove .la files created by libtool
 %{__rm} \
 	$RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \
+	$RPM_BUILD_ROOT/%{_lib}/libnfsidmap/sss.la \
 	$RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \
 	$RPM_BUILD_ROOT%{ldb_modulesdir}/memberof.la \
 	$RPM_BUILD_ROOT%{_libdir}/cifs-utils/*.la \
 	$RPM_BUILD_ROOT%{_libdir}/krb5/plugins/libkrb5/sss*.la \
 	$RPM_BUILD_ROOT%{_libdir}/sssd/libsss_*.la \
-	$RPM_BUILD_ROOT%{_libdir}/sssd/modules/libsss_*.la \
+	$RPM_BUILD_ROOT%{_libdir}/sssd/modules/lib*.la \
 	$RPM_BUILD_ROOT%{_libdir}/lib*.la \
 	$RPM_BUILD_ROOT%{py_sitedir}/*.la
 
@@ -405,6 +438,7 @@ fi
 %attr(755,root,root) %{_libdir}/sssd/libsss_crypt.so
 %attr(755,root,root) %{_libdir}/sssd/libsss_debug.so
 %attr(755,root,root) %{_libdir}/sssd/libsss_ldap_common.so
+%attr(755,root,root) %{_libdir}/sssd/libsss_semanage.so
 %attr(755,root,root) %{_libdir}/sssd/libsss_util.so
 # modules
 %attr(755,root,root) %{_libdir}/sssd/libsss_simple.so
@@ -423,6 +457,7 @@ fi
 %attr(755,root,root) %{_libexecdir}/sssd/krb5_child
 %attr(755,root,root) %{_libexecdir}/sssd/ldap_child
 %attr(755,root,root) %{_libexecdir}/sssd/proxy_child
+%attr(755,root,root) %{_libexecdir}/sssd/selinux_child
 %attr(755,root,root) %{_libexecdir}/sssd/sss_signal
 %attr(755,root,root) %{_libexecdir}/sssd/sssd_autofs
 %attr(755,root,root) %{_libexecdir}/sssd/sssd_be
@@ -441,6 +476,7 @@ fi
 %{_datadir}/sssd/sssd.api.d/sssd-local.conf
 %{_datadir}/sssd/sssd.api.d/sssd-proxy.conf
 %{_datadir}/sssd/sssd.api.d/sssd-simple.conf
+%attr(755,root,root) /%{_lib}/libnfsidmap/sss.so
 %attr(755,root,root) %{ldb_modulesdir}/memberof.so
 %dir %{sssdstatedir}
 %attr(700,root,root) %dir %{dbpath}
@@ -458,6 +494,7 @@ fi
 %{_datadir}/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
 %{_mandir}/man1/sss_ssh_authorizedkeys.1*
 %{_mandir}/man1/sss_ssh_knownhostsproxy.1*
+%{_mandir}/man5/sss_rpcidmapd.5*
 %{_mandir}/man5/sssd.conf.5*
 %{_mandir}/man5/sssd-ad.5*
 %{_mandir}/man5/sssd-ifp.5*
@@ -559,3 +596,13 @@ fi
 %{_includedir}/sss_sifp.h
 %{_includedir}/sss_sifp_dbus.h
 %{_pkgconfigdir}/sss_simpleifp.pc
+
+%files libwbclient
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/sssd/modules/libwbclient.so.*
+
+%files libwbclient-devel
+%defattr(644,root,root,755)
+%attr(755,root,root) %{_libdir}/sssd/modules/libwbclient.so
+%{_includedir}/wbclient_sssd.h
+%{_pkgconfigdir}/wbclient_sssd.pc
diff --git a/sssd-heimdal.patch b/sssd-heimdal.patch
index 08c7091..7be6c42 100644
--- a/sssd-heimdal.patch
+++ b/sssd-heimdal.patch
@@ -13,7 +13,7 @@ index 1a50bf1..54c5883 100644
                 [ #ifdef HAVE_KRB5_KRB5_H
                   #include <krb5/krb5.h>
                   #else
-@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_times, krb5_trace_info], [], [],
+@@ -46,6 +46,7 @@ AC_CHECK_TYPES([krb5_ticket_times, krb5_
                   #endif
                 ])
  AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
@@ -21,20 +21,14 @@ index 1a50bf1..54c5883 100644
                  krb5_free_unparsed_name \
                  krb5_get_init_creds_opt_set_expire_callback \
                  krb5_get_init_creds_opt_set_fast_ccache_name \
-@@ -59,12 +60,33 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_alloc krb5_get_error_message \
-                 krb5_kt_free_entry \
-                 krb5_princ_realm \
-                 krb5_get_time_offsets \
-+                krb5_get_kdc_sec_offset \
-                 krb5_principal_get_realm \
-                 krb5_cc_cache_match \
-                 krb5_timestamp_to_sfstring \
+@@ -65,7 +66,28 @@ AC_CHECK_FUNCS([krb5_get_init_creds_opt_
                  krb5_set_trace_callback \
                  krb5_find_authdata \
--                krb5_cc_get_full_name])
-+                krb5_cc_get_full_name \
+                 krb5_kt_have_content \
++                krb5_get_kdc_sec_offset \
 +                krb5_free_string \
-+                krb5_xfree])
++                krb5_xfree \
+                 krb5_cc_get_full_name])
 +
 +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #ifdef HAVE_KRB5_KRB5_H
 +                                      #include <krb5/krb5.h>
@@ -55,7 +49,7 @@ index 1a50bf1..54c5883 100644
 +
  CFLAGS=$SAVE_CFLAGS
  LIBS=$SAVE_LIBS
- 
+ CFLAGS="$CFLAGS $KRB5_CFLAGS"
 diff --git a/src/krb5_plugin/sssd_krb5_locator_plugin.c b/src/krb5_plugin/sssd_krb5_locator_plugin.c
 index 725687d..586c7dd 100644
 --- a/src/krb5_plugin/sssd_krb5_locator_plugin.c
@@ -173,9 +167,9 @@ index 725687d..586c7dd 100644
  
      /* Set flag that controls whether we want to write the
       * kdcinfo files at all
---- sssd-1.12.0/src/providers/krb5/krb5_child.c.orig	2014-07-09 19:44:02.000000000 +0200
-+++ sssd-1.12.0/src/providers/krb5/krb5_child.c	2014-07-15 22:14:25.585419861 +0200
-@@ -117,7 +117,7 @@ static krb5_error_code set_lifetime_opti
+--- sssd-1.12.3/src/providers/krb5/krb5_child.c.orig	2015-01-08 18:19:45.000000000 +0100
++++ sssd-1.12.3/src/providers/krb5/krb5_child.c	2015-01-12 16:19:43.242398934 +0100
+@@ -133,7 +133,7 @@ static krb5_error_code set_lifetime_opti
      return 0;
  }
  
@@ -184,7 +178,7 @@ index 725687d..586c7dd 100644
  {
      int canonicalize = 0;
      char *tmp_str;
-@@ -128,23 +128,23 @@ static void set_canonicalize_option(krb5
+@@ -144,23 +144,23 @@ static void set_canonicalize_option(krb5
      }
      DEBUG(SSSDBG_CONF_SETTINGS, "%s is set to [%s]\n",
            SSSD_KRB5_CANONICALIZE, tmp_str ? tmp_str : "not set");
@@ -213,7 +207,7 @@ index 725687d..586c7dd 100644
  
      /* Currently we do not set forwardable and proxiable explicitly, the flags
       * must be removed so that libkrb5 can take the defaults from krb5.conf */
-@@ -158,6 +158,7 @@ static void revert_changepw_options(krb5
+@@ -174,6 +174,7 @@ static void revert_changepw_options(krb5
  }
  
  
@@ -221,7 +215,7 @@ index 725687d..586c7dd 100644
  static errno_t sss_send_pac(krb5_authdata **pac_authdata)
  {
      struct sss_cli_req_data sss_data;
-@@ -177,6 +178,7 @@ static errno_t sss_send_pac(krb5_authdat
+@@ -193,6 +194,7 @@ static errno_t sss_send_pac(krb5_authdat
  
      return EOK;
  }
@@ -229,7 +223,7 @@ index 725687d..586c7dd 100644
  
  static void sss_krb5_expire_callback_func(krb5_context context, void *data,
                                            krb5_timestamp password_expiration,
-@@ -468,7 +470,8 @@ static krb5_error_code create_empty_cred
+@@ -484,7 +486,8 @@ static krb5_error_code create_empty_cred
  {
      krb5_error_code kerr;
      krb5_creds *cred = NULL;
@@ -239,7 +233,7 @@ index 725687d..586c7dd 100644
  
      cred = calloc(sizeof(krb5_creds), 1);
      if (cred == NULL) {
-@@ -482,12 +485,12 @@ static krb5_error_code create_empty_cred
+@@ -498,12 +501,12 @@ static krb5_error_code create_empty_cred
          goto done;
      }
  
@@ -255,7 +249,7 @@ index 725687d..586c7dd 100644
      if (kerr != 0) {
          DEBUG(SSSDBG_CRIT_FAILURE, "krb5_build_principal_ext failed.\n");
          goto done;
-@@ -746,7 +749,8 @@ static errno_t add_ticket_times_and_upn_
+@@ -762,7 +765,8 @@ static errno_t add_ticket_times_and_upn_
          goto done;
      }
  
@@ -265,7 +259,7 @@ index 725687d..586c7dd 100644
      if (kerr != 0) {
          DEBUG(SSSDBG_OP_FAILURE, "krb5_unparse_name failed.\n");
          goto done;
-@@ -754,7 +758,7 @@ static errno_t add_ticket_times_and_upn_
+@@ -770,7 +774,7 @@ static errno_t add_ticket_times_and_upn_
  
      ret = pam_add_response(kr->pd, SSS_KRB5_INFO_UPN, upn_len,
                             (uint8_t *) upn);
@@ -274,7 +268,7 @@ index 725687d..586c7dd 100644
      if (ret != EOK) {
          DEBUG(SSSDBG_CRIT_FAILURE, "pack_response_packet failed.\n");
          goto done;
-@@ -776,7 +780,9 @@ static krb5_error_code validate_tgt(stru
+@@ -792,7 +796,9 @@ static krb5_error_code validate_tgt(stru
      krb5_principal validation_princ = NULL;
      bool realm_entry_found = false;
      krb5_ccache validation_ccache = NULL;
@@ -284,7 +278,7 @@ index 725687d..586c7dd 100644
  
      memset(&keytab, 0, sizeof(keytab));
      kerr = krb5_kt_resolve(kr->ctx, kr->keytab, &keytab);
-@@ -870,6 +876,7 @@ static krb5_error_code validate_tgt(stru
+@@ -886,6 +892,7 @@ static krb5_error_code validate_tgt(stru
          goto done;
      }
  
@@ -292,7 +286,7 @@ index 725687d..586c7dd 100644
      /* Try to find and send the PAC to the PAC responder.
       * Failures are not critical. */
      if (kr->send_pac) {
-@@ -892,6 +899,7 @@ static krb5_error_code validate_tgt(stru
+@@ -908,6 +915,7 @@ static krb5_error_code validate_tgt(stru
              kerr = 0;
          }
      }
@@ -300,7 +294,7 @@ index 725687d..586c7dd 100644
  
  done:
      if (validation_ccache != NULL) {
-@@ -927,7 +935,7 @@ static krb5_error_code get_and_save_tgt_
+@@ -943,7 +951,7 @@ static krb5_error_code get_and_save_tgt_
      krb5_get_init_creds_opt_set_address_list(&options, NULL);
      krb5_get_init_creds_opt_set_forwardable(&options, 0);
      krb5_get_init_creds_opt_set_proxiable(&options, 0);
@@ -309,16 +303,16 @@ index 725687d..586c7dd 100644
  
      kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
                                        &options);
-@@ -1110,7 +1118,7 @@ static errno_t changepw_child(struct krb
+@@ -1149,7 +1157,7 @@ static errno_t changepw_child(struct krb
          prompter = sss_krb5_prompter;
      }
  
 -    set_changepw_options(kr->options);
 +    set_changepw_options(kr->ctx, kr->options);
      sss_krb5_princ_realm(kr->ctx, kr->princ, &realm_name, &realm_length);
- 
-     DEBUG(SSSDBG_TRACE_FUNC,
-@@ -1158,9 +1166,9 @@ static errno_t changepw_child(struct krb
+     if (realm_length == 0) {
+         DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_princ_realm failed.\n");
+@@ -1201,9 +1209,9 @@ static errno_t changepw_child(struct krb
  
      memset(&result_code_string, 0, sizeof(krb5_data));
      memset(&result_string, 0, sizeof(krb5_data));
@@ -331,7 +325,7 @@ index 725687d..586c7dd 100644
  
      if (kerr == KRB5_KDC_UNREACH) {
          return ERR_NETWORK_IO;
-@@ -1174,7 +1182,7 @@ static errno_t changepw_child(struct krb
+@@ -1217,7 +1225,7 @@ static errno_t changepw_child(struct krb
          if (result_code_string.length > 0) {
              DEBUG(SSSDBG_CRIT_FAILURE,
                    "krb5_change_password failed [%d][%.*s].\n", result_code,
@@ -340,7 +334,7 @@ index 725687d..586c7dd 100644
              user_error_message = talloc_strndup(kr->pd, result_code_string.data,
                                                  result_code_string.length);
              if (user_error_message == NULL) {
-@@ -1182,10 +1190,10 @@ static errno_t changepw_child(struct krb
+@@ -1225,10 +1233,10 @@ static errno_t changepw_child(struct krb
              }
          }
  
@@ -353,7 +347,7 @@ index 725687d..586c7dd 100644
              talloc_free(user_error_message);
              user_error_message = talloc_strndup(kr->pd, result_string.data,
                                                  result_string.length);
-@@ -1228,7 +1236,7 @@ static errno_t changepw_child(struct krb
+@@ -1279,7 +1287,7 @@ static errno_t changepw_child(struct krb
  
      /* We changed some of the gic options for the password change, now we have
       * to change them back to get a fresh TGT. */
@@ -362,7 +356,7 @@ index 725687d..586c7dd 100644
  
      kerr = get_and_save_tgt(kr, newpassword);
  
-@@ -1288,7 +1296,7 @@ static errno_t tgt_req_child(struct krb5
+@@ -1339,7 +1347,7 @@ static errno_t tgt_req_child(struct krb5
                "Failed to unset expire callback, continue ...\n");
      }
  
@@ -371,7 +365,7 @@ index 725687d..586c7dd 100644
      kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
                                          discard_const(password),
                                          sss_krb5_prompter, kr, 0,
-@@ -1766,7 +1774,8 @@ static errno_t k5c_recv_data(struct krb5
+@@ -1919,7 +1927,8 @@ static errno_t k5c_recv_data(struct krb5
  static int k5c_setup_fast(struct krb5_req *kr, bool demand)
  {
      krb5_principal fast_princ_struct;
@@ -381,7 +375,7 @@ index 725687d..586c7dd 100644
      char *fast_principal_realm;
      char *fast_principal;
      krb5_error_code kerr;
-@@ -1794,8 +1803,11 @@ static int k5c_setup_fast(struct krb5_re
+@@ -1948,8 +1957,11 @@ static int k5c_setup_fast(struct krb5_re
              return KRB5KRB_ERR_GENERIC;
          }
          free(tmp_str);
@@ -395,15 +389,15 @@ index 725687d..586c7dd 100644
          if (!fast_principal_realm) {
              DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf failed.\n");
              return ENOMEM;
-@@ -1929,7 +1941,7 @@ static int k5c_setup(struct krb5_req *kr
+@@ -2235,7 +2247,7 @@ static int k5c_setup(struct krb5_req *kr
      }
  
      if (!offline) {
 -        set_canonicalize_option(kr->options);
 +        set_canonicalize_option(kr->ctx, kr->options);
+     }
  
-         use_fast_str = getenv(SSSD_KRB5_USE_FAST);
-         if (use_fast_str == NULL || strcasecmp(use_fast_str, "never") == 0) {
+ /* TODO: set options, e.g.
 --- sssd-1.11.6/src/providers/krb5/krb5_common.c.orig	2014-06-03 16:31:33.000000000 +0200
 +++ sssd-1.11.6/src/providers/krb5/krb5_common.c	2014-06-18 22:23:18.480672769 +0200
 @@ -33,7 +33,7 @@
@@ -514,18 +508,18 @@ index 725687d..586c7dd 100644
                                  dp_opt_get_bool(krb5_options->opts,
                                                  KRB5_USE_KDCINFO),
                                  &ctx->kpasswd_service);
---- sssd-1.11.6/src/providers/ldap/ldap_child.c.orig	2014-06-03 16:31:33.000000000 +0200
-+++ sssd-1.11.6/src/providers/ldap/ldap_child.c	2014-06-19 07:25:44.383327744 +0200
-@@ -97,7 +97,7 @@ static errno_t unpack_buffer(uint8_t *bu
+--- sssd-1.12.3/src/providers/ldap/ldap_child.c.orig	2015-01-08 18:19:45.000000000 +0100
++++ sssd-1.12.3/src/providers/ldap/ldap_child.c	2015-01-12 16:27:54.035711695 +0100
+@@ -99,7 +99,7 @@ static errno_t unpack_buffer(uint8_t *bu
  
      /* ticket lifetime */
-     SAFEALIGN_COPY_INT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
--    DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", ibuf->lifetime);
-+    DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %d\n", (int)ibuf->lifetime);
+     SAFEALIGN_COPY_UINT32_CHECK(&ibuf->lifetime, buf + p, size, &p);
+-    DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %u\n", ibuf->lifetime);
++    DEBUG(SSSDBG_TRACE_LIBS, "lifetime: %ld\n", (long)(ibuf->lifetime));
  
-     return EOK;
- }
-@@ -310,7 +310,8 @@ static krb5_error_code ldap_child_get_tg
+     /* UID and GID to run as */
+     SAFEALIGN_COPY_UINT32_CHECK(&ibuf->uid, buf + p, size, &p);
+@@ -386,7 +386,8 @@ static krb5_error_code ldap_child_get_tg
          DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n");
          canonicalize = 1;
      }
@@ -533,9 +527,9 @@ index 725687d..586c7dd 100644
 +    sss_krb5_get_init_creds_opt_set_canonicalize(context,
 +                                                 &options, canonicalize);
  
-     krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc,
-                                         keytab, 0, NULL, &options);
-@@ -343,8 +344,7 @@ static krb5_error_code ldap_child_get_tg
+     ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s",
+                                   DB_PATH, realm_name);
+@@ -462,8 +463,7 @@ static krb5_error_code ldap_child_get_tg
      }
      DEBUG(SSSDBG_TRACE_INTERNAL, "credentials stored\n");
  
@@ -545,7 +539,7 @@ index 725687d..586c7dd 100644
              &kdc_time_offset_usec);
      if (krberr) {
          DEBUG(SSSDBG_OP_FAILURE, "Failed to get KDC time offset: %s\n",
-@@ -356,10 +356,6 @@ static krb5_error_code ldap_child_get_tg
+@@ -475,10 +475,6 @@ static krb5_error_code ldap_child_get_tg
          }
      }
      DEBUG(SSSDBG_TRACE_INTERNAL, "Got KDC time offset\n");
@@ -554,8 +548,8 @@ index 725687d..586c7dd 100644
 -    kdc_time_offset = 0;
 -#endif
  
-     krberr = 0;
-     *ccname_out = ccname;
+     DEBUG(SSSDBG_TRACE_INTERNAL,
+           "Renaming [%s] to [%s]\n", ccname_file_dummy, ccname_file);
 --- sssd-1.11.6/src/providers/ldap/ldap_common.c.orig	2014-06-03 16:31:33.000000000 +0200
 +++ sssd-1.11.6/src/providers/ldap/ldap_common.c	2014-06-19 07:33:38.193317867 +0200
 @@ -1303,7 +1303,7 @@ done:
@@ -690,7 +684,7 @@ diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c
 index f8a7e6f..a954d10 100644
 --- a/src/util/sss_krb5.c
 +++ b/src/util/sss_krb5.c
-@@ -535,7 +535,9 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
+@@ -484,7 +484,9 @@ void KRB5_CALLCONV sss_krb5_get_init_cre
  
  void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
  {
@@ -701,7 +695,7 @@ index f8a7e6f..a954d10 100644
      krb5_free_unparsed_name(context, name);
  #else
      if (name != NULL) {
-@@ -545,6 +547,15 @@ void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name)
+@@ -494,6 +496,15 @@ void KRB5_CALLCONV sss_krb5_free_unparse
  #endif
  }
  
@@ -717,7 +711,7 @@ index f8a7e6f..a954d10 100644
  
  krb5_error_code KRB5_CALLCONV sss_krb5_get_init_creds_opt_set_expire_callback(
                                                     krb5_context context,
-@@ -800,15 +811,16 @@ cleanup:
+@@ -752,15 +763,16 @@ cleanup:
  #endif /* HAVE_KRB5_UNPARSE_NAME_FLAGS */
  }
  
@@ -738,9 +732,9 @@ index f8a7e6f..a954d10 100644
 +    KRB5_GET_INIT_CREDS_OPT_SET_CANONICALIZE_ARGS == 3
 +    (void) krb5_get_init_creds_opt_set_canonicalize(ctx, opts, canonicalize);
  #else
-     DEBUG(SSSDBG_OP_FAILURE, ("Kerberos principal canonicalization is not available!\n"));
+     DEBUG(SSSDBG_OP_FAILURE, "Kerberos principal canonicalization is not available!\n");
  #endif
-@@ -1063,10 +1075,51 @@ done:
+@@ -1022,7 +1034,7 @@ done:
              KRB5_DEBUG(SSSDBG_MINOR_FAILURE, ctx, kerr);
          }
      }
@@ -749,8 +743,9 @@ index f8a7e6f..a954d10 100644
  
      return ret_ccname;
  #else
-     return NULL;
- #endif /* HAVE_KRB5_CC_COLLECTION */
+@@ -1069,3 +1081,44 @@ krb5_error_code sss_krb5_kt_have_content
+     return 0;
+ #endif
  }
 +
 +krb5_error_code KRB5_CALLCONV
@@ -797,16 +792,16 @@ diff --git a/src/util/sss_krb5.h b/src/util/sss_krb5.h
 index db47e0a..c7b9a69 100644
 --- a/src/util/sss_krb5.h
 +++ b/src/util/sss_krb5.h
-@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_creds_opt_free (krb5_context context,
+@@ -70,6 +70,8 @@ void KRB5_CALLCONV sss_krb5_get_init_cre
  
  void KRB5_CALLCONV sss_krb5_free_unparsed_name(krb5_context context, char *name);
  
 +void KRB5_CALLCONV sss_krb5_free_string(krb5_context ctx, char *val);
 +
- int sss_krb5_verify_keytab_ex(const char *principal, const char *keytab_name,
-                               krb5_context context, krb5_keytab keytab);
- 
-@@ -136,7 +138,8 @@ krb5_error_code
+ krb5_error_code find_principal_in_keytab(krb5_context ctx,
+                                          krb5_keytab keytab,
+                                          const char *pattern_primary,
+@@ -133,7 +135,8 @@ krb5_error_code
  sss_krb5_unparse_name_flags(krb5_context context, krb5_const_principal principal,
                              int flags, char **name);
  
@@ -816,7 +811,7 @@ index db47e0a..c7b9a69 100644
                                                    int canonicalize);
  
  enum sss_krb5_cc_type {
-@@ -167,6 +170,10 @@ typedef krb5_times sss_krb5_ticket_times;
+@@ -164,6 +167,10 @@ typedef krb5_times sss_krb5_ticket_times
  /* Redirect libkrb5 tracing towards our DEBUG statements */
  errno_t sss_child_set_krb5_tracing(krb5_context ctx);
  
@@ -827,10 +822,10 @@ index db47e0a..c7b9a69 100644
  krb5_error_code sss_krb5_find_authdata(krb5_context context,
                                         krb5_authdata *const *ticket_authdata,
                                         krb5_authdata *const *ap_req_authdata,
-@@ -184,4 +191,14 @@ char * sss_get_ccache_name_for_principal(TALLOC_CTX *mem_ctx,
-                                          krb5_context ctx,
-                                          krb5_principal principal,
-                                          const char *location);
+@@ -189,4 +196,14 @@ sss_krb5_get_primary(TALLOC_CTX *mem_ctx
+ 
+ krb5_error_code sss_krb5_kt_have_content(krb5_context context,
+                                          krb5_keytab keytab);
 +
 +krb5_error_code KRB5_CALLCONV
 +sss_krb5_unparse_name_ext(krb5_context ctx,
@@ -842,6 +837,19 @@ index db47e0a..c7b9a69 100644
 +                          krb5_timestamp *seconds,
 +                          int32_t *microseconds);
  #endif /* __SSS_KRB5_H__ */
+--- sssd-1.12.3/src/providers/krb5/krb5_keytab.c.orig	2015-01-08 18:19:45.000000000 +0100
++++ sssd-1.12.3/src/providers/krb5/krb5_keytab.c	2015-01-12 18:14:26.452110024 +0100
+@@ -25,6 +25,10 @@
+ #include "util/util.h"
+ #include "util/sss_krb5.h"
+ 
++#ifndef MAX_KEYTAB_NAME_LEN
++#define MAX_KEYTAB_NAME_LEN 1100
++#endif
++
+ krb5_error_code copy_keytab_into_memory(TALLOC_CTX *mem_ctx, krb5_context kctx,
+                                         char *inp_keytab_file,
+                                         char **_mem_name,
 #--- sssd-1.11.4/src/external/pac_responder.m4.orig	2014-02-17 19:55:32.000000000 +0100
 #+++ sssd-1.11.4/src/external/pac_responder.m4	2014-03-22 17:59:50.707675270 +0100
 #@@ -21,7 +21,8 @@
diff --git a/sssd-link.patch b/sssd-link.patch
new file mode 100644
index 0000000..de3d6a5
--- /dev/null
+++ b/sssd-link.patch
@@ -0,0 +1,11 @@
+--- sssd-1.12.3/Makefile.am.orig	2015-01-12 18:49:06.135356150 +0100
++++ sssd-1.12.3/Makefile.am	2015-01-12 19:16:19.545287606 +0100
+@@ -870,7 +870,7 @@
+     src/sss_client/libwbclient/wbc_util_sssd.c
+ libwbclient_la_LIBADD = \
+     libsss_nss_idmap.la \
+-    $(CLIENT_LIBS)
++    $(CLIENT_LIBS) -ldl
+ libwbclient_la_LDFLAGS = \
+     -Wl,--version-script,$(srcdir)/src/sss_client/libwbclient/wbclient.exports \
+     -version-info 11:0:11
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/sssd.git/commitdiff/7168e7f91c60e3430c598cc534e5bb12c3d6c35d



More information about the pld-cvs-commit mailing list