This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via cd6f1960d84a3b1f34828abf966f96496d8f04c7 (commit) via ceaa40bfcc2a6ab30ab75b158b7f3eb76c050836 (commit) via 76325a2122d8afd3432f5cb14c99b2430d8dd787 (commit) via 8fed81c8f4a54c2233d5037601414d814d9fc840 (commit) via 61867160fc7add5ffc8e282d5812258b3ca28a00 (commit) via 1f5d577a008bc1a85810cf83f6ce5c108844d7c4 (commit) via 68d1d93dd11bad10673b92e30c3c507fff5912fe (commit) via b184c2a2a8a20b32e2b5b02ace11f03bb9796019 (commit) via 01eadb71275b439b42a38a783c8b538d2a3012e8 (commit) via db0d87a7baf10af0a439f68434d19bd87d20a4c8 (commit) via 54bc83102d2c7fcc08204d2bfb5e4b2aa3e2912d (commit) via 6d3acccbb8d45ebdd84c374f60258b00f3396832 (commit) via 9094b0d4235ecbb52a84959d599ac805955bd5fe (commit) via 657b66a1e53faaa095b92e0d01535ebb19ecb4a0 (commit) via 9f8dcadd8163694b5a732cfd7ca47db36972530a (commit) from 63db8acd9edd6e76357515c983666e3a995ad2b5 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit cd6f1960d84a3b1f34828abf966f96496d8f04c7 Merge: ceaa40b 1f5d577 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 23 22:19:31 2013 +0100
Merge remote-tracking branch 'stevee/sssd'
commit ceaa40bfcc2a6ab30ab75b158b7f3eb76c050836 Merge: 76325a2 6186716 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 23 22:19:26 2013 +0100
Merge remote-tracking branch 'stevee/pam-update'
commit 76325a2122d8afd3432f5cb14c99b2430d8dd787 Merge: b184c2a 8fed81c Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 23 22:19:21 2013 +0100
Merge remote-tracking branch 'stevee/openldap'
commit 8fed81c8f4a54c2233d5037601414d814d9fc840 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 23 21:48:00 2013 +0100
openldap: Switch to ldif based configuration.
* Remove old slapd.conf file and add a ldif based template. * Compile in backends for hdb and monitor. * Put ldapi socket to /run/ldapi.
commit 61867160fc7add5ffc8e282d5812258b3ca28a00 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 23 15:35:41 2013 +0100
pam: Update to 1.1.6.
* Update to the latest version of pam. * Add patches to fix build with glibc 2.16 and newer versions.
commit 1f5d577a008bc1a85810cf83f6ce5c108844d7c4 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 23 15:30:30 2013 +0100
sssd: Add basic configuration and scriptlets.
* Add a default configuration to use sssd on the local running LDAP server. * Add systemd scriptlet. * Add scriplet for authconfig to update the system after installation.
commit 68d1d93dd11bad10673b92e30c3c507fff5912fe Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:20:59 2013 +0100
authconfig: Update to 6.2.5.
This is a major update to the latest stable version.
* Remove nss_ldap as runtime dependency.
commit b184c2a2a8a20b32e2b5b02ace11f03bb9796019 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Mar 23 12:25:00 2013 +0100
pkg-config: Update to 0.28.
Fixes bug #10290.
commit 01eadb71275b439b42a38a783c8b538d2a3012e8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:20:43 2013 +0100
sssd: New package.
commit db0d87a7baf10af0a439f68434d19bd87d20a4c8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:20:24 2013 +0100
ding-libs: New package.
This is a build dependency of sssd.
commit 54bc83102d2c7fcc08204d2bfb5e4b2aa3e2912d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:20:09 2013 +0100
libtalloc: New package.
This is a build dependency of sssd.
commit 6d3acccbb8d45ebdd84c374f60258b00f3396832 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:19:51 2013 +0100
libtevent: New package.
This is a build dependency of sssd.
commit 9094b0d4235ecbb52a84959d599ac805955bd5fe Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:19:32 2013 +0100
libtdb: New package.
This is a build dependency of sssd.
commit 657b66a1e53faaa095b92e0d01535ebb19ecb4a0 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:17:27 2013 +0100
libldb: New package.
This is a build dependency of sssd.
commit 9f8dcadd8163694b5a732cfd7ca47db36972530a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Feb 19 22:16:59 2013 +0100
c-ares: New package.
This is a build dependency of sssd.
-----------------------------------------------------------------------
Summary of changes: authconfig/authconfig.nm | 5 +- harfbuzz/harfbuzz.nm => c-ares/c-ares.nm | 27 +-- ding-libs/ding-libs.nm | 208 ++++++++++++++++++++++ libldb/libldb.nm | 82 +++++++++ libhtp/libhtp.nm => libtalloc/libtalloc.nm | 36 ++-- eggdbus/eggdbus.nm => libtdb/libtdb.nm | 33 ++-- libhtp/libhtp.nm => libtevent/libtevent.nm | 39 +++-- openldap/openldap-conf.ldif | 149 ++++++++++++++++ openldap/openldap.nm | 12 +- openldap/slapd.conf | 59 ------- openldap/systemd/openldap.service | 2 +- openldap/systemd/openldap.socket | 2 +- pam/pam.nm | 8 +- pam/patches/pam-1.1.5-unix-build.patch | 34 ++++ pam/patches/pam-1.1.5-unix-no-fallback.patch | 69 ++++++++ pkg-config/pkg-config.nm | 2 +- pdns-recursor/recursor.conf => sssd/sssd.conf | 30 ++-- sssd/sssd.nm | 240 ++++++++++++++++++++++++++ 18 files changed, 882 insertions(+), 155 deletions(-) copy harfbuzz/harfbuzz.nm => c-ares/c-ares.nm (59%) create mode 100644 ding-libs/ding-libs.nm create mode 100644 libldb/libldb.nm copy libhtp/libhtp.nm => libtalloc/libtalloc.nm (57%) copy eggdbus/eggdbus.nm => libtdb/libtdb.nm (59%) copy libhtp/libhtp.nm => libtevent/libtevent.nm (50%) create mode 100644 openldap/openldap-conf.ldif delete mode 100644 openldap/slapd.conf create mode 100644 pam/patches/pam-1.1.5-unix-build.patch create mode 100644 pam/patches/pam-1.1.5-unix-no-fallback.patch copy pdns-recursor/recursor.conf => sssd/sssd.conf (55%) create mode 100644 sssd/sssd.nm
Difference in files: diff --git a/authconfig/authconfig.nm b/authconfig/authconfig.nm index 56f2f7b..1dd4a7e 100644 --- a/authconfig/authconfig.nm +++ b/authconfig/authconfig.nm @@ -4,8 +4,8 @@ ###############################################################################
name = authconfig -version = 6.2.2 -release = 5 +version = 6.2.5 +release = 1
groups = System/Base url = https://fedorahosted.org/authconfig @@ -75,7 +75,6 @@ packages requires libpwquality newt-python - nss_ldap end
configfiles diff --git a/c-ares/c-ares.nm b/c-ares/c-ares.nm new file mode 100644 index 0000000..dcbe850 --- /dev/null +++ b/c-ares/c-ares.nm @@ -0,0 +1,39 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = c-ares +version = 1.9.1 +release = 1 + +groups = System/Libraries +url = http://c-ares.haxx.se/ +license = MIT +summary = A library that performs asynchronous DNS operations. + +description + c-ares is a C library that performs DNS requests and name resolves + asynchronously. c-ares is a fork of the library named 'ares', written + by Greg Hudson at MIT. +end + +source_dl = http://c-ares.haxx.se/download/ + +build + configure_options += \ + --enable-shared \ + --disable-static +end + +packages + package %{name} + + package %{name}-devel + template DEVEL + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/ding-libs/ding-libs.nm b/ding-libs/ding-libs.nm new file mode 100644 index 0000000..81291ce --- /dev/null +++ b/ding-libs/ding-libs.nm @@ -0,0 +1,208 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = ding-libs +version = 0.2.91 +release = 1 + +groups = System/Libraries +url = http://fedorahosted.org/sssd/ +license = GPLv3+ +summary = "Ding is not GLib" assorted utility libraries. + +description + A set of helpful libraries used by projects such as SSSD. +end + +source_dl = http://fedorahosted.org/releases/d/i/ding-libs/ + +build + configure_options += \ + --disable-static + + test + make check + end +end + +packages + # ding-libs is a meta package, + # which requires all sub-packages. + package %{name} + requires + libbasicobjects = %{thisver} + libcollection = %{thisver} + libdhash = %{thisver} + libini_config = %{thisver} + libpath_utils = %{thisver} + libref_array = %{thisver} + end + end + + # ding-libs-devel is a meta package, + # which requires all devel sub-packages. + package %{name}-devel + template DEVEL + + requires + libbasicobjects-devel = %{thisver} + libcollection-devel = %{thisver} + libdhash-devel = %{thisver} + libini_config-devel = %{thisver} + libpath_utils-devel = %{thisver} + libref_array-devel = %{thisver} + end + end + + package libbasicobjects + template LIBS + + summary = Basic object types for C. + description = %{summary} + + files + %{libdir}/libbasicobjects.so.* + end + end + + package libbasicobjects-devel + summary = Development files for libbasicobjects. + description = %{summary} + + files + %{libdir}/libbasicobjects.so + %{libdir}/pkgconfig/basicobjects.pc + %{includedir}/simplebuffer.h + end + end + + package libcollection + template LIBS + + summary = Collection data-type for C. + description + A data-type to collect data in a hierarchical structure + for easy iteration and serialization. + end + + files + %{libdir}/libcollection.so.* + end + end + + package libcollection-devel + summary = Development files for libcollection. + description = %{summary} + + files + %{libdir}/libcollection.so + %{libdir}/pkgconfig/collection.pc + %{includedir}/collection*.h + end + end + + package libdhash + template LIBS + + summary = Dynamic hash table. + description + A hash table which will dynamically resize to achieve + optimal storage & access time properties. + end + + files + %{libdir}/libdhash.so.* + end + end + + package libdhash-devel + summary = Development files for libdhash. + description = %{summary} + + files + %{libdir}/libdhash.so + %{libdir}/pkgconfig/dhash.pc + %{includedir}/dhash*.h + end + end + + package libini_config + template LIBS + + summary = INI file parsr for C. + description + Library to process config files in INI format into a + libcollection data structure. + end + + files + %{libdir}/libini_config.so.* + end + end + + package libini_config-devel + summary = Development files for libini_config. + description = %{summary} + + files + %{libdir}/libini_config.so + %{libdir}/pkgconfig/ini_config.pc + %{includedir}/ini_config*.h + end + end + + package libpath_utils + template LIBS + + summary = Filesystem Path Utilities. + description + Utility functions to manipulate filesystem pathnames. + end + + files + %{libdir}/libpath_utils.so.* + end + end + + package libpath_utils-devel + summary = Development files for libpath_utils. + description = %{summary} + + files + %{libdir}/libpath_utils.so + %{libdir}/pkgconfig/path_utils.pc + %{includedir}/path_utils*.h + end + end + + package libref_array + template LIBS + + summary = A refcounted array for C. + description + A dynamically-growing, reference-counted array. + end + + files + %{libdir}/libref_array.so.* + end + end + + package libref_array-devel + summary = Development files for libref_array. + description = %{summary} + + files + %{libdir}/libref_array.so + %{libdir}/pkgconfig/ref_array.pc + %{includedir}/ref_array*.h + end + end + + package %{name}-debuginfo + template DEBUGINFO + end +end + diff --git a/libldb/libldb.nm b/libldb/libldb.nm new file mode 100644 index 0000000..21323f7 --- /dev/null +++ b/libldb/libldb.nm @@ -0,0 +1,82 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = libldb +version = 1.1.15 +release = 1 + +groups = System/Libraries +url = http://ldb.samba.org/ +license = LGPLv3+ +summary = A schema-less, ldap like, API and database. + +description + An extensible library that implements an LDAP like API to access remote LDAP + servers, or use local tdb databases. +end + +thisapp = ldb-%{version} + +source_dl = http://samba.org/ftp/ldb/ + +build + requires + chrpath + docbook-utils + docbook-xsl + libtalloc-devel + libtdb-devel + libtevent-devel + popt-devel + pytalloc + pytdb + pytevent + python-devel + end + + configure_options += \ + --disable-rpath \ + --disable-rpath-install \ + --bundled-libraries=NONE \ + --with-modulesdir=%{libdir}/ldb/modules \ + --with-privatelibdir=%{libdir}/ldb + + # Disable parallel build. + PARALLELISMFLAGS = + + install_cmds + # Remove rpath from binaries. + chrpath --delete %{BUILDROOT}%{bindir}/* + end +end + +packages + package %{name} + + package ldb-tools + summary = Tools to manage LDB files. + description + %{summary} + end + + files + %{bindir} + %{libdir}/ldb/libldb-cmdline* + %{mandir}/man1/* + end + end + + package %{name}-devel + template DEVEL + end + + package pyldb + template PYTHON + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/libtalloc/libtalloc.nm b/libtalloc/libtalloc.nm new file mode 100644 index 0000000..a1244c5 --- /dev/null +++ b/libtalloc/libtalloc.nm @@ -0,0 +1,50 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = libtalloc +version = 2.0.8 +release = 1 + +groups = System/Libraries +url = http://talloc.samba.org/ +license = LGPLv3+ +summary = The talloc library. + +description + A library that implements a hierarchical allocator with destructors. +end + +thisapp = talloc-%{version} + +source_dl = http://samba.org/ftp/talloc/ + +build + requires + docbook-utils + docbook-xsl + python-devel + end + + configure_options += \ + --disable-rpath \ + --disable-rpath-install \ + --bundled-libraries=NONE +end + +packages + package %{name} + + package %{name}-devel + template DEVEL + end + + package pytalloc + template PYTHON + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/libtdb/libtdb.nm b/libtdb/libtdb.nm new file mode 100644 index 0000000..7b676ae --- /dev/null +++ b/libtdb/libtdb.nm @@ -0,0 +1,50 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = libtdb +version = 1.2.11 +release = 1 + +groups = System/Libraries +url = http://tdb.samba.org/ +license = LGPLv3+ +summary = The tdb library. + +description + A library that implements a trivial database. +end + +thisapp = tdb-%{version} + +source_dl = http://samba.org/ftp/tdb/ + +build + requires + docbook-utils + docbook-xsl + python-devel + end + + configure_options += \ + --disable-rpath \ + --disable-rpath-install \ + --bundled-libraries=NONE +end + +packages + package %{name} + + package %{name}-devel + template DEVEL + end + + package pytdb + template PYTHON + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/libtevent/libtevent.nm b/libtevent/libtevent.nm new file mode 100644 index 0000000..a4dc690 --- /dev/null +++ b/libtevent/libtevent.nm @@ -0,0 +1,53 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = libtevent +version = 0.9.17 +release = 1 + +groups = System/Libraries +url = http://tevent.samba.org/ +license = LGPLv3+ +summary = The tevent library. + +description + Tevent is an event system based on the talloc memory management library. + Tevent has support for many event types, including timers, signals, and + the classic file descriptor events. +end + +thisapp = tevent-%{version} + +source_dl = http://samba.org/ftp/tevent/ + +build + requires + docbook-utils + docbook-xsl + libtalloc-devel + python-devel + end + + configure_options += \ + --disable-rpath \ + --disable-rpath-install \ + --bundled-libraries=NONE +end + +packages + package %{name} + + package %{name}-devel + template DEVEL + end + + package pytevent + template PYTHON + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/openldap/openldap-conf.ldif b/openldap/openldap-conf.ldif new file mode 100644 index 0000000..a34fa04 --- /dev/null +++ b/openldap/openldap-conf.ldif @@ -0,0 +1,149 @@ +# See slapd-config(5) for details on configuration options. +# This file should NOT be world readable. +# + +dn: cn=config +objectClass: olcGlobal +cn: config +olcArgsFile: /run/openldap/slapd.args +olcPidFile: /run/openldap/slapd.pid +# +# TLS settings +# +#olcTLSCACertificateFile: /etc/pki/CA/cacert.pem +#olcTLSCertificateFile: /etc/openldap/certs/server.pem +#olcTLSCertificateKeyFile: /etc/openldap/certs/server.pem +# +# Do not enable referrals until AFTER you have a working directory +# service AND an understanding of referrals. +# +#olcReferral: ldap://root.openldap.org +# +# Sample security restrictions +# Require integrity protection (prevent hijacking) +# Require 112-bit (3DES or better) encryption for updates +# Require 64-bit encryption for simple bind +# +#olcSecurity: ssf=1 update_ssf=112 simple_bind=64 + +# +# Load dynamic backend modules: +# - modulepath is architecture dependent value (32/64-bit system) +# - back_sql.la backend requires openldap-servers-sql package +# - dyngroup.la and dynlist.la cannot be used at the same time +# + +#dn: cn=module,cn=config +#objectClass: olcModuleList +#cn: module +#olcModulepath: /usr/lib/openldap +#olcModulepath: /usr/lib64/openldap +#olcModuleload: accesslog.la +#olcModuleload: auditlog.la +#olcModuleload: back_dnssrv.la +#olcModuleload: back_hdb.so +#olcModuleload: back_ldap.la +#olcModuleload: back_mdb.la +#olcModuleload: back_meta.la +#olcModuleload: back_null.la +#olcModuleload: back_passwd.la +#olcModuleload: back_relay.la +#olcModuleload: back_shell.la +#olcModuleload: back_sock.la +#olcModuleload: collect.la +#olcModuleload: constraint.la +#olcModuleload: dds.la +#olcModuleload: deref.la +#olcModuleload: dyngroup.la +#olcModuleload: dynlist.la +#olcModuleload: memberof.la +#olcModuleload: pcache.la +#olcModuleload: ppolicy.la +#olcModuleload: refint.la +#olcModuleload: retcode.la +#olcModuleload: rwm.la +#olcModuleload: seqmod.la +#olcModuleload: smbk5pwd.la +#olcModuleload: sssvlv.la +#olcModuleload: syncprov.la +#olcModuleload: translucent.la +#olcModuleload: unique.la +#olcModuleload: valsort.la + + +# +# Schema settings +# + +dn: cn=schema,cn=config +objectClass: olcSchemaConfig +cn: schema + +include: file:///etc/openldap/schema/core.ldif +include: file:///etc/openldap/schema/cosine.ldif +include: file:///etc/openldap/schema/nis.ldif +include: file:///etc/openldap/schema/inetorgperson.ldif + +# +# Frontend settings +# + +dn: olcDatabase=frontend,cn=config +objectClass: olcDatabaseConfig +olcDatabase: frontend +# +# Sample global access control policy: +# Root DSE: allow anyone to read it +# Subschema (sub)entry DSE: allow anyone to read it +# Other DSEs: +# Allow self write access +# Allow authenticated users read access +# Allow anonymous users to authenticate +# +#olcAccess: to dn.base="" by * read +#olcAccess: to dn.base="cn=Subschema" by * read +#olcAccess: to * +# by self write +# by users read +# by anonymous auth +# +# if no access controls are present, the default policy +# allows anyone and everyone to read anything but restricts +# updates to rootdn. (e.g., "access to * by * read") +# +# rootdn can always read and write EVERYTHING! +# + +# +# Configuration database +# + +dn: olcDatabase=config,cn=config +objectClass: olcDatabaseConfig +olcDatabase: config +olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c + n=auth" manage by * none + +# +# Server status monitoring +# + +#dn: olcDatabase=monitor,cn=config +#objectClass: olcDatabaseConfig +#olcDatabase: monitor +#olcAccess: to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,c + n=auth" read by dn.base="cn=Manager,dc=my-domain,dc=com" read by * none + +# +# Backend database definitions +# + +dn: olcDatabase=hdb,cn=config +objectClass: olcDatabaseConfig +objectClass: olcHdbConfig +olcDatabase: hdb +olcSuffix: @SUFFIX@ +olcRootDN: cn=admin,@SUFFIX@ +olcDbDirectory: /var/lib/ldap +olcDbIndex: objectClass eq,pres +olcDbIndex: ou,cn,mail,surname,givenname eq,pres,sub diff --git a/openldap/openldap.nm b/openldap/openldap.nm index 8d054b3..a0fdd96 100644 --- a/openldap/openldap.nm +++ b/openldap/openldap.nm @@ -5,7 +5,7 @@
name = openldap version = 2.4.32 -release = 3 +release = 4
groups = System/Daemons url = http://www.openldap.org/ @@ -50,6 +50,8 @@ build --enable-overlays=mod \ --enable-sql=no \ --enable-ndb=no \ + --enable-hdb=yes \ + --enable-monitor=yes \ --disable-static
prepare_cmds @@ -69,6 +71,7 @@ build ln -svf slapd %{BUILDROOT}/usr/sbin/slaptest
# Remove unneeded files. + rm -rvf %{BUILDROOT}%{sysconfidir}/slapd.{conf,ldif} rm -rvf %{BUILDROOT}%{localstatedir}/openldap-data rm -rvf %{BUILDROOT}%{localstatedir}/run
@@ -76,9 +79,10 @@ build chmod -v 0755 %{BUILDROOT}%{libdir}/$(readlink %{BUILDROOT}%{libdir}/lib${LINK}.so) done
- # Install configuration - mkdir -pv %{BUILDROOT}/etc/%{name} - cp -vf %{DIR_SOURCE}/slapd.conf %{BUILDROOT}%{sysconfdir}/%{name}/slapd.conf + # Install configuration file. + mkdir -pv %{BUILDROOT}%{datadir}/%{name} + cp -vf %{DIR_SOURCE}/openldap-conf.ldif \ + %{BUILDROOT}%{datadir}/%{name}/
# Create directoires. mkdir -pv %{BUILDROOT}%{sysconfdir}/%{name}/slapd.d diff --git a/openldap/slapd.conf b/openldap/slapd.conf deleted file mode 100644 index cfb95d0..0000000 --- a/openldap/slapd.conf +++ /dev/null @@ -1,59 +0,0 @@ -# _ ___ _ -# (_) / __|_) -# _ ____ | |__ _ ____ ____ -# | | _ | __) |/ ___) _ ) -# | | | | | | | | | ( (/ / -# |_| ||_/|_| |_|_| ____) -# |_| -# -# OpenLDAP configuration -# -# www.ipfire.org - Licensed under the GPLv3 -# - -include /etc/openldap/schema/core.schema -include /etc/openldap/schema/cosine.schema -include /etc/openldap/schema/inetorgperson.schema -include /etc/openldap/schema/nis.schema - -pidfile /var/run/slapd.pid -argsfile /var/run/slapd.args - -loglevel 2048 - -####################################################################### -# Load modules -####################################################################### - -moduleload back_hdb.so - -####################################################################### -# ACL -####################################################################### - -access to attrs=userPassword,userPKCS12 - by self write - by * auth -access to attrs=shadowLastChange - by self write - by * read -access to * - by * read - -####################################################################### -# BDB database definitions -####################################################################### - -database hdb -suffix "dc=my-domain,dc=com" -rootdn "cn=Manager,dc=my-domain,dc=com" -rootpw secret - -directory /var/lib/ldap - -# Indices to maintain for this database -index objectClass eq,pres -index ou,cn,mail,surname,givenname eq,pres,sub -index uidNumber,gidNumber,loginShell eq,pres -index uid,memberUid eq,pres,sub -index nisMapName,nisMapEntry eq,pres,sub diff --git a/openldap/systemd/openldap.service b/openldap/systemd/openldap.service index 9a6e53f..a6960d3 100644 --- a/openldap/systemd/openldap.service +++ b/openldap/systemd/openldap.service @@ -3,4 +3,4 @@ Description=OpenLDAP After=basic.target sockets.target
[Service] -ExecStart=/usr/sbin/slapd -u ldap -h 'ldapi://%2Frun%2Fopenldap%2Fldapi' +ExecStart=/usr/sbin/slapd -u ldap -h 'ldapi://' diff --git a/openldap/systemd/openldap.socket b/openldap/systemd/openldap.socket index 1fe23ea..b9eb387 100644 --- a/openldap/systemd/openldap.socket +++ b/openldap/systemd/openldap.socket @@ -1,5 +1,5 @@ [Socket] -ListenStream=/run/openldap/ldapi +ListenStream=/run/ldapi
[Install] WantedBy=sockets.target diff --git a/pam/pam.nm b/pam/pam.nm index be4f7a2..54be8d0 100644 --- a/pam/pam.nm +++ b/pam/pam.nm @@ -4,8 +4,8 @@ ###############################################################################
name = pam -version = 1.1.5 -release = 3 +version = 1.1.6 +release = 1 thisapp = Linux-PAM-%{version}
groups = System/Base @@ -60,10 +60,6 @@ end
packages package %{name} - requires - pam_ldap - end - configfiles /etc/pam.d end diff --git a/pam/patches/pam-1.1.5-unix-build.patch b/pam/patches/pam-1.1.5-unix-build.patch new file mode 100644 index 0000000..d1f30d0 --- /dev/null +++ b/pam/patches/pam-1.1.5-unix-build.patch @@ -0,0 +1,34 @@ +diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c +--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c.build 2012-07-23 18:46:27.709804094 +0200 ++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_acct.c 2012-07-23 18:46:27.764805293 +0200 +@@ -47,6 +47,8 @@ + #include <time.h> /* for time() */ + #include <errno.h> + #include <sys/wait.h> ++#include <sys/time.h> ++#include <sys/resource.h> + + #include <security/_pam_macros.h> + +diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c +--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c.build 2012-07-23 18:55:16.433314731 +0200 ++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix_passwd.c 2012-07-23 18:54:48.064697131 +0200 +@@ -53,6 +53,7 @@ + #include <fcntl.h> + #include <ctype.h> + #include <sys/time.h> ++#include <sys/resource.h> + #include <sys/stat.h> + + #include <signal.h> +diff -up Linux-PAM-1.1.5/modules/pam_unix/support.c.build Linux-PAM-1.1.5/modules/pam_unix/support.c +--- Linux-PAM-1.1.5/modules/pam_unix/support.c.build 2012-07-23 18:46:27.000000000 +0200 ++++ Linux-PAM-1.1.5/modules/pam_unix/support.c 2012-07-23 18:54:23.645165507 +0200 +@@ -18,6 +18,7 @@ + #include <signal.h> + #include <ctype.h> + #include <syslog.h> ++#include <sys/time.h> + #include <sys/resource.h> + #ifdef HAVE_RPCSVC_YPCLNT_H + #include <rpcsvc/ypclnt.h> diff --git a/pam/patches/pam-1.1.5-unix-no-fallback.patch b/pam/patches/pam-1.1.5-unix-no-fallback.patch new file mode 100644 index 0000000..7857196 --- /dev/null +++ b/pam/patches/pam-1.1.5-unix-no-fallback.patch @@ -0,0 +1,69 @@ +diff -up Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml +--- Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml.no-fallback 2011-06-21 11:04:56.000000000 +0200 ++++ Linux-PAM-1.1.5/modules/pam_unix/pam_unix.8.xml 2012-05-09 11:54:34.442036404 +0200 +@@ -265,11 +265,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the SHA256 algorithm. If the +- SHA256 algorithm is not known to the <citerefentry> ++ encrypt it with the SHA256 algorithm. The ++ SHA256 algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +@@ -280,11 +279,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the SHA512 algorithm. If the +- SHA512 algorithm is not known to the <citerefentry> ++ encrypt it with the SHA512 algorithm. The ++ SHA512 algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +@@ -295,11 +293,10 @@ + <listitem> + <para> + When a user changes their password next, +- encrypt it with the blowfish algorithm. If the +- blowfish algorithm is not known to the <citerefentry> ++ encrypt it with the blowfish algorithm. The ++ blowfish algorithm must be supported by the <citerefentry> + <refentrytitle>crypt</refentrytitle><manvolnum>3</manvolnum> +- </citerefentry> function, +- fall back to MD5. ++ </citerefentry> function. + </para> + </listitem> + </varlistentry> +diff -up Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback Linux-PAM-1.1.5/modules/pam_unix/passverify.c +--- Linux-PAM-1.1.5/modules/pam_unix/passverify.c.no-fallback 2012-05-09 11:48:12.409632377 +0200 ++++ Linux-PAM-1.1.5/modules/pam_unix/passverify.c 2012-05-09 11:48:36.953172291 +0200 +@@ -427,15 +427,14 @@ PAMH_ARG_DECL(char * create_password_has + if (!sp || strncmp(algoid, sp, strlen(algoid)) != 0) { + /* libxcrypt/libc doesn't know the algorithm, use MD5 */ + pam_syslog(pamh, LOG_ERR, +- "Algo %s not supported by the crypto backend, " +- "falling back to MD5\n", ++ "Algo %s not supported by the crypto backend.\n", + on(UNIX_BLOWFISH_PASS, ctrl) ? "blowfish" : + on(UNIX_SHA256_PASS, ctrl) ? "sha256" : + on(UNIX_SHA512_PASS, ctrl) ? "sha512" : algoid); + if(sp) { + memset(sp, '\0', strlen(sp)); + } +- return crypt_md5_wrapper(password); ++ return NULL; + } + + return x_strdup(sp); diff --git a/pkg-config/pkg-config.nm b/pkg-config/pkg-config.nm index cc3a3f5..53851f2 100644 --- a/pkg-config/pkg-config.nm +++ b/pkg-config/pkg-config.nm @@ -4,7 +4,7 @@ ###############################################################################
name = pkg-config -version = 0.27.1 +version = 0.28 release = 1
groups = Development/Tools diff --git a/sssd/sssd.conf b/sssd/sssd.conf new file mode 100644 index 0000000..0aef9be --- /dev/null +++ b/sssd/sssd.conf @@ -0,0 +1,25 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +[sssd] +domains = LDAP +services = nss, pam +config_file_version = 2 + +[nss] +filter_groups = root +filter_users = root + +[pam] + +[domain/LDAP] +id_provider = ldap +ldap_uri = ldapi:// +ldap_search_base = @SUFFIX@ + +cache_credentials = true + +min_id = 1000 +enumerate = False diff --git a/sssd/sssd.nm b/sssd/sssd.nm new file mode 100644 index 0000000..2f4c6ad --- /dev/null +++ b/sssd/sssd.nm @@ -0,0 +1,240 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = sssd +version = 1.9.4 +release = 2 + +groups = System/Tools +url = http://fedorahosted.org/sssd/ +license = GPLv3+ +summary = System Security Services Daemon. + +description + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. +end + +source_dl = https://fedorahosted.org/released/sssd/ + +build + requires + /usr/bin/nsupdate + c-ares-devel + cyrus-sasl-devel + dbus-devel + docbook-xsl + glib2-devel + krb5-devel >= 1.10.3 + libcollection-devel + libdhash-devel + libini_config-devel + libldb-devel + libnl-devel + libsemanage-devel + libtalloc-devel + libtdb-devel + libtevent-devel + openldap-devel + openssl-devel + pam-devel >= 1.1.6 + pcre-devel + popt-devel + python-devel + end + + configure_options += \ + --with-crypto=libcrypto \ + --with-db-path=%{localstatedir}/sss/db \ + --with-pipe-path=%{localstatedir}/sss/pipe \ + --with-pubconf-path=%{localstatedir}/sss/pubconf \ + --with-mcache-path=%{localstatedir}/sss/mc \ + --with-krb5-rcache-dir=%{localstatedir}/cache/krb5rcache \ + --with-default-ccache-dir=/run/user/%U \ + --with-default-ccname-template=DIR:%d/krb5cc \ + --with-initscript=systemd \ + --with-systemdunitdir=%{unitdir} \ + --enable-pammoddir=%{libdir}/security \ + --disable-static \ + --disable-rpath + + install_cmds + # Install default config file. + install -m 600 %{DIR_SOURCE}/sssd.conf \ + %{BUILDROOT}%{sysconfdir}/sssd/sssd.conf + + # Remove old sysVinit stuff. + rm -rvf %{BUILDROOT}%{sysconfdir}/rc.d + end +end + +packages + package %{name} + groups += Base + + configfiles + %{sysconfdir}/sssd/sssd.conf + end + + prerequires += systemd-units + + script postin + systemctl daemon-reload >/dev/null 2>&1 || : + end + + script preun + systemctl --no-reload disable sssd.service >/dev/null 2>&1 || : + systemctl stop sssd.service >/dev/null 2>&1 || : + end + + script postun + systemctl daemon-reload >/dev/null 2>&1 || : + end + + script postup + systemctl daemon-reload >/dev/null 2>&1 || : + systemctl try-restart sssd.service >/dev/null 2>&1 || : + end + end + + package %{name}-client + summary = SSSD Client libraries. + description = %{summary} + groups += Base + + requires + %{name} = %{thisver} + end + + obsoletes + nss_ldap + pam_ldap + end + + files + %{libdir}/libnss_sss.so.* + %{libdir}/security/pam_sss.so + %{libdir}/krb5/ + %{mandir}/man8/pam_sss.8* + %{mandir}/man8/sssd_krb5*.8* + end + + prerequires += \ + authconfig >= 6.2.5 + + script postin + authconfig --update --enableldap --enablesssd --enablesssdauth + end + + script postun + authconfig --update --disableldap --disablesssd --disablesssdauth + end + end + + package %{name}-tools + summary = Userspace tools for use with the SSSD. + description + Provides userspace tools for manipulating users, groups, and nested groups in + SSSD when using id_provider = local in /etc/sssd/sssd.conf. + end + + requires + %{name} = %{thisver} + end + + files + %{sbindir}/sss_* + %{mandir}/man8/sss_*.8* + end + end + + package %{name}-devel + template DEVEL + end + + package libsss_idmap + summary = FreeIPA Idmap library. + description + Utility library to convert SIDs to Unix uids and gids. + end + + files + %{libdir}/libsss_idmap.so.* + end + end + + package libsss_idmap-devel + summary = Development files for libsss_idmap. + description = %{summary} + + files + %{libdir}/libsss_idmap.so + %{libdir}/pkgconfig/sss_idmap.pc + %{includedir}/sss_idmap.h + end + end + + package libipa_hbac + summary = FreeIPA HBAC Evaluator library. + description + Utility library to validate FreeIPA HBAC rules for authorization requests. + end + + files + %{libdir}/libipa_hbac.so.* + end + end + + package libipa_hbac-devel + summary = Development files for libipa_hbac. + description = %{summary} + + files + %{libdir}/libipa_hbac.so + %{libdir}/pkgconfig/ipa_hbac.pc + %{includedir}/ipa_hbac.h + end + end + + package python-libipa_hbac + summary = Python bindings for the FreeIPA HBAC Evaluator library. + description + This package contains the bindings so that libipa_hbac can be + used by Python applications. + end + + files + %{python_sitearch}/pyhbac.so + end + end + + package libsss_sudo + summary = A library to allow communication between SUDO and SSSD. + description + A utility library to allow communication between SUDO and SSSD. + end + + files + %{libdir}/libsss_sudo.so.* + end + end + + package libsss_sudo-devel + summary = Development header for libsss_sudo. + description = %{summary} + + files + %{libdir}/libsss_sudo.so + %{libdir}/pkgconfig/sss_sudo.pc + %{includedir}/sss_sudo.h + end + end + + package %{name}-debuginfo + template DEBUGINFO + end +end
hooks/post-receive -- IPFire 3.x development tree