amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

gnu: sssd: Update to 2.7.0.

Browse source 
Add support for renewing AD membership with adcli. Wrap binaries with
LDB_MODULES_PATH. Fix the sss_analyze utility to run without systemd
libraries. Add native inputs to generate man pages and run additional tests
during build.

* gnu/packages/sssd.scm (sssd): Update to 2.7.0.
[patches]: Drop patches applied upstream. Add a patch for sss_analyze.
[inputs]: Add adcli, bash-minimal, jose, keyutils, libnl, pcre2, python.
Drop augeas, pcre.
[native-inputs]: Add cmocka, doxygen, gettext-minimal, libfaketime,
libtool, openssh, po4a, softhsm.
[arguments]: Rewrite in gexp style. Fix configure checks. Remove static
library from install. Wrap binaries to set correct paths.
* gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch,
gnu/packages/patches/sssd-fix-samba-4.15.3.patch,
gnu/packages/patches/sssd-fix-samba.patch: Delete files.
* gnu/packages/patches/sssd-optional-systemd.patch: New file.
* gnu/local.mk (dist_patch_DATA): Update accordingly.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Timotej Lazar 2022-05-23 20:54:18 +02:00 committed by Ludovic Courtès
parent ba708a52fd
commit 3e59d41df0
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
7 changed files with 204 additions and 740 deletions
Download patch file Download diff file Expand all files Collapse all files

4
gnu/local.mk
View file

@ -1614,8 +1614,6 @@ dist_patch_DATA = \
%D%/packages/patches/sdl-pango-sans-serif.patch \ %D%/packages/patches/sdl-pango-sans-serif.patch \
%D%/packages/patches/smalltalk-multiplication-overflow.patch \ %D%/packages/patches/smalltalk-multiplication-overflow.patch \
%D%/packages/patches/sqlite-hurd.patch \ %D%/packages/patches/sqlite-hurd.patch \
%D%/packages/patches/sssd-collision-with-external-nss-symbol.patch \
%D%/packages/patches/sssd-fix-samba-4.15.3.patch \
%D%/packages/patches/strace-readlink-tests.patch \ %D%/packages/patches/strace-readlink-tests.patch \
%D%/packages/patches/sunxi-tools-remove-sys-io.patch \ %D%/packages/patches/sunxi-tools-remove-sys-io.patch \
%D%/packages/patches/p11-kit-hurd.patch \ %D%/packages/patches/p11-kit-hurd.patch \
@ -1829,7 +1827,7 @@ dist_patch_DATA = \
%D%/packages/patches/snappy-add-inline-for-GCC.patch \ %D%/packages/patches/snappy-add-inline-for-GCC.patch \
%D%/packages/patches/sphinxbase-fix-doxygen.patch \ %D%/packages/patches/sphinxbase-fix-doxygen.patch \
%D%/packages/patches/spice-vdagent-glib-2.68.patch \ %D%/packages/patches/spice-vdagent-glib-2.68.patch \
%D%/packages/patches/sssd-fix-samba.patch \ %D%/packages/patches/sssd-optional-systemd.patch \
%D%/packages/patches/sssd-system-directories.patch \ %D%/packages/patches/sssd-system-directories.patch \
%D%/packages/patches/steghide-fixes.patch \ %D%/packages/patches/steghide-fixes.patch \
%D%/packages/patches/suitesparse-mongoose-cmake.patch \ %D%/packages/patches/suitesparse-mongoose-cmake.patch \

71
gnu/packages/patches/sssd-collision-with-external-nss-symbol.patch
View file

@ -1,71 +0,0 @@
From fe9eeb51be06059721e873f77092b1e9ba08e6c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
Date: Thu, 27 Feb 2020 06:50:40 +0100
Subject: [PATCH] nss: Collision with external nss symbol
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
One of our internal static function names started
to collide with external nss symbol. Additional
sss_ suffix was added to avoid the collision.
This is needed to unblock Fedora Rawhide's
SSSD build.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/responder/nss/nss_cmd.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/src/responder/nss/nss_cmd.c b/src/responder/nss/nss_cmd.c
index 356aea1564..02706c4b94 100644
--- a/src/responder/nss/nss_cmd.c
+++ b/src/responder/nss/nss_cmd.c
@@ -731,11 +731,13 @@ static void nss_getent_done(struct tevent_req *subreq)
talloc_free(cmd_ctx);
}
-static void nss_setnetgrent_done(struct tevent_req *subreq);
+static void sss_nss_setnetgrent_done(struct tevent_req *subreq);
-static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
- enum cache_req_type type,
- nss_protocol_fill_packet_fn fill_fn)
+/* This function's name started to collide with external nss symbol,
+ * so it has additional sss_* prefix unlike other functions here. */
+static errno_t sss_nss_setnetgrent(struct cli_ctx *cli_ctx,
+ enum cache_req_type type,
+ nss_protocol_fill_packet_fn fill_fn)
{
struct nss_ctx *nss_ctx;
struct nss_state_ctx *state_ctx;
@@ -777,7 +779,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
goto done;
}
- tevent_req_set_callback(subreq, nss_setnetgrent_done, cmd_ctx);
+ tevent_req_set_callback(subreq, sss_nss_setnetgrent_done, cmd_ctx);
ret = EOK;
@@ -790,7 +792,7 @@ static errno_t nss_setnetgrent(struct cli_ctx *cli_ctx,
return EOK;
}
-static void nss_setnetgrent_done(struct tevent_req *subreq)
+static void sss_nss_setnetgrent_done(struct tevent_req *subreq)
{
struct nss_cmd_ctx *cmd_ctx;
errno_t ret;
@@ -1040,8 +1042,8 @@ static errno_t nss_cmd_initgroups_ex(struct cli_ctx *cli_ctx)
static errno_t nss_cmd_setnetgrent(struct cli_ctx *cli_ctx)
{
- return nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
- nss_protocol_fill_setnetgrent);
+ return sss_nss_setnetgrent(cli_ctx, CACHE_REQ_NETGROUP_BY_NAME,
+ nss_protocol_fill_setnetgrent);
}
static errno_t nss_cmd_getnetgrent(struct cli_ctx *cli_ctx)

523
gnu/packages/patches/sssd-fix-samba-4.15.3.patch
View file

@ -1,523 +0,0 @@
From 3ba88c317fd64b69b000adbdf881c88383f325d1 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Tue, 24 Mar 2020 13:37:07 +0000
Subject: [PATCH] Use ndr_pull_steal_switch_value for modern samba versions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
commit bc56b10aea999284458dcc293b54cf65288e325d attempted to
fix the build error resulting from removal of 'ndr_pull_get_switch'
This change uses the new replacement method
'ndr_pull_steal_switch_value' however depending on the samba version
the ndr_pull_steal_switch_value abi is different.
Note: ndr_pull_steal_switch_value is used since samba 4.10 for
the affected methods
Note: the following methods have been refreshed from samba-4.12 generated
code;
o ndr_pull_security_ace_object_type
o ndr_pull_security_ace_object_inherited_type
o ndr_pull_security_ace_object_ctr
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/external/samba.m4 | 9 ++++++-
src/providers/ad/ad_gpo_ndr.c | 45 ++++++++++++++++++++---------------
2 files changed, 34 insertions(+), 20 deletions(-)
diff --git a/src/external/samba.m4 b/src/external/samba.m4
index 089f602a60..8e06174ead 100644
--- a/src/external/samba.m4
+++ b/src/external/samba.m4
@@ -132,8 +132,15 @@ int main(void)
AC_DEFINE_UNQUOTED(SMB_IDMAP_DOMAIN_HAS_DOM_SID, 1,
[Samba's struct idmap_domain has dom_sid member])
AC_MSG_NOTICE([Samba's struct idmap_domain has dom_sid member])
+ if test $samba_minor_version -ge 12 ; then
+ AC_DEFINE_UNQUOTED(SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH, 1,
+ [Samba's new push/pull switch functions])
+ AC_MSG_NOTICE([Samba has support for new ndr_push_steal_switch_value and ndr_pull_steal_switch_value functions])
+ else
+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
+ fi
else
AC_MSG_NOTICE([Samba's struct idmap_domain does not have dom_sid member])
+ AC_MSG_NOTICE([Samba supports old ndr_pull_steal_switch_value and ndr_pull_steal_switch_value functions])
fi
-
fi
SAVE_CFLAGS=$CFLAGS
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index 49c49d71b2..3d389e513d 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -105,9 +105,14 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
union security_ace_object_type *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_OBJECT_TYPE_PRESENT: {
@@ -117,14 +122,6 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
break; }
}
}
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case SEC_ACE_OBJECT_TYPE_PRESENT:
- break;
- default:
- break;
- }
- }
return NDR_ERR_SUCCESS;
}
@@ -135,9 +132,14 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
union security_ace_object_inherited_type *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT: {
@@ -149,14 +151,6 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
break; }
}
}
- if (ndr_flags & NDR_BUFFERS) {
- switch (level) {
- case SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT:
- break;
- default:
- break;
- }
- }
return NDR_ERR_SUCCESS;
}
@@ -198,9 +192,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
union security_ace_object_ctr *r)
{
uint32_t level;
- level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
+ /* This token is not used again (except perhaps below in the NDR_BUFFERS case) */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
NDR_CHECK(ndr_pull_union_align(ndr, 4));
switch (level) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: {
@@ -224,6 +223,14 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
}
}
if (ndr_flags & NDR_BUFFERS) {
+ if (!(ndr_flags & NDR_SCALARS)) {
+ /* We didn't get it above, and the token is not needed after this. */
+#ifdef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
+ NDR_CHECK(ndr_pull_steal_switch_value(ndr, r, &level));
+#else
+ level = ndr_pull_steal_switch_value(ndr, r);
+#endif
+ }
switch (level) {
case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT:
NDR_CHECK(ndr_pull_security_ace_object
From 5285a1896ee19bb8f1ff752380547bc6d7a43334 Mon Sep 17 00:00:00 2001
From: Noel Power <noel.power@suse.com>
Date: Tue, 24 Mar 2020 18:14:34 +0000
Subject: [PATCH] ad_gpo_ndr.c: refresh ndr_ methods from samba-4.12
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit c031adde4f532f39845a0efd78693600f1f8b2f4)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/providers/ad/ad_gpo_ndr.c | 201 ++++++++++++++++++----------------
1 file changed, 106 insertions(+), 95 deletions(-)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index 3d389e513d..a64b1a0f84 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -177,8 +177,16 @@ ndr_pull_security_ace_object(struct ndr_pull *ndr,
NDR_CHECK(ndr_pull_trailer_align(ndr, 4));
}
if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_pull_set_switch_value
+ (ndr,
+ &r->type,
+ r->flags & SEC_ACE_OBJECT_TYPE_PRESENT));
NDR_CHECK(ndr_pull_security_ace_object_type
(ndr, NDR_BUFFERS, &r->type));
+ NDR_CHECK(ndr_pull_set_switch_value
+ (ndr,
+ &r->inherited_type,
+ r->flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT));
NDR_CHECK(ndr_pull_security_ace_object_inherited_type
(ndr, NDR_BUFFERS, &r->inherited_type));
}
@@ -342,7 +350,7 @@ ndr_pull_security_acl(struct ndr_pull *ndr,
(ndr, NDR_SCALARS, &r->revision));
NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->num_aces));
- if (r->num_aces > 1000) {
+ if (r->num_aces > 2000) {
return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
}
size_aces_0 = r->num_aces;
@@ -408,107 +416,110 @@ ad_gpo_ndr_pull_security_descriptor(struct ndr_pull *ndr,
TALLOC_CTX *_mem_save_sacl_0;
uint32_t _ptr_dacl;
TALLOC_CTX *_mem_save_dacl_0;
- uint32_t _flags_save_STRUCT = ndr->flags;
- uint32_t _relative_save_offset;
-
- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
- NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
- if (ndr_flags & NDR_SCALARS) {
- NDR_CHECK(ndr_pull_align(ndr, 5));
- NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
+ {
+ uint32_t _flags_save_STRUCT = ndr->flags;
+ ndr_set_flags(&ndr->flags, LIBNDR_FLAG_LITTLE_ENDIAN);
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_pull_align(ndr, 5));
+ NDR_CHECK(ndr_pull_security_descriptor_revision(ndr,
+ NDR_SCALARS,
+ &r->revision));
+ NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
NDR_SCALARS,
- &r->revision));
- NDR_CHECK(ndr_pull_security_descriptor_type(ndr,
- NDR_SCALARS,
- &r->type));
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
- if (_ptr_owner_sid) {
- NDR_PULL_ALLOC(ndr, r->owner_sid);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
- r->owner_sid,
- _ptr_owner_sid));
- } else {
- r->owner_sid = NULL;
- }
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
- if (_ptr_group_sid) {
- NDR_PULL_ALLOC(ndr, r->group_sid);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr,
- r->group_sid,
- _ptr_group_sid));
- } else {
- r->group_sid = NULL;
- }
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
- if (_ptr_sacl) {
- NDR_PULL_ALLOC(ndr, r->sacl);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
- } else {
- r->sacl = NULL;
- }
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
- if (_ptr_dacl) {
- NDR_PULL_ALLOC(ndr, r->dacl);
- NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
- } else {
- r->dacl = NULL;
- }
- NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
- }
- if (ndr_flags & NDR_BUFFERS) {
- if (r->owner_sid) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
- _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ &r->type));
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_owner_sid));
+ if (_ptr_owner_sid) {
+ NDR_PULL_ALLOC(ndr, r->owner_sid);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+ r->owner_sid,
+ _ptr_owner_sid));
+ } else {
+ r->owner_sid = NULL;
}
- ndr->offset = _relative_save_offset;
- }
- if (r->group_sid) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
- _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
- NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_sid));
+ if (_ptr_group_sid) {
+ NDR_PULL_ALLOC(ndr, r->group_sid);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr,
+ r->group_sid,
+ _ptr_group_sid));
+ } else {
+ r->group_sid = NULL;
}
- ndr->offset = _relative_save_offset;
- }
- if (r->sacl) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
- _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
- NDR_CHECK(ndr_pull_security_acl(ndr,
- NDR_SCALARS|NDR_BUFFERS,
- r->sacl));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sacl));
+ if (_ptr_sacl) {
+ NDR_PULL_ALLOC(ndr, r->sacl);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->sacl, _ptr_sacl));
+ } else {
+ r->sacl = NULL;
}
- ndr->offset = _relative_save_offset;
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dacl));
+ if (_ptr_dacl) {
+ NDR_PULL_ALLOC(ndr, r->dacl);
+ NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->dacl, _ptr_dacl));
+ } else {
+ r->dacl = NULL;
+ }
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
}
- if (r->dacl) {
- _relative_save_offset = ndr->offset;
- NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
- _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
- NDR_CHECK(ndr_pull_security_acl(ndr,
- NDR_SCALARS|NDR_BUFFERS,
- r->dacl));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
- if (ndr->offset > ndr->relative_highest_offset) {
- ndr->relative_highest_offset = ndr->offset;
+ if (ndr_flags & NDR_BUFFERS) {
+ if (r->owner_sid) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->owner_sid));
+ _mem_save_owner_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->owner_sid, 0);
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->owner_sid));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_owner_sid_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
+ }
+ if (r->group_sid) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->group_sid));
+ _mem_save_group_sid_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->group_sid, 0);
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, r->group_sid));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_sid_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
+ }
+ if (r->sacl) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->sacl));
+ _mem_save_sacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->sacl, 0);
+ NDR_CHECK(ndr_pull_security_acl(ndr,
+ NDR_SCALARS|NDR_BUFFERS,
+ r->sacl));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sacl_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
+ }
+ if (r->dacl) {
+ uint32_t _relative_save_offset;
+ _relative_save_offset = ndr->offset;
+ NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->dacl));
+ _mem_save_dacl_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->dacl, 0);
+ NDR_CHECK(ndr_pull_security_acl(ndr,
+ NDR_SCALARS|NDR_BUFFERS,
+ r->dacl));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dacl_0, 0);
+ if (ndr->offset > ndr->relative_highest_offset) {
+ ndr->relative_highest_offset = ndr->offset;
+ }
+ ndr->offset = _relative_save_offset;
}
- ndr->offset = _relative_save_offset;
}
-
ndr->flags = _flags_save_STRUCT;
}
return NDR_ERR_SUCCESS;
From d5809f6f41ec0dc3fd38f9e4ae917a38bf7dfa43 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 28 May 2020 15:02:43 +0200
Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This patch add another update to the ndr code which was previously
updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
As missing update in ndr_pull_security_ace() cased
a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
added to prevent similar issues in future.
Resolves: https://github.com/SSSD/sssd/issues/5183
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit a7c755672cd277497da3df4714f6d9457b6ac5ae)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/providers/ad/ad_gpo_ndr.c | 1 +
src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
2 files changed, 58 insertions(+)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index a64b1a0f84..9f040dfb03 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
ndr->offset += pad;
}
if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
NDR_CHECK(ndr_pull_security_ace_object_ctr
(ndr, NDR_BUFFERS, &r->object));
}
diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
index 0589adcc3d..97dbe01794 100644
--- a/src/tests/cmocka/test_ad_gpo.c
+++ b/src/tests/cmocka/test_ad_gpo.c
@@ -329,6 +329,60 @@ void test_ad_gpo_ace_includes_client_sid_false(void **state)
ace_dom_sid, false);
}
+uint8_t test_sid_data[] = {
+0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
+0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
+0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
+0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
+0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
+0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
+0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
+0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
+0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
+0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
+0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
+0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
+0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
+0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
+0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
+};
+
+void test_ad_gpo_parse_sd(void **state)
+{
+ int ret;
+ struct security_descriptor *sd = NULL;
+
+ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
+ assert_int_equal(ret, EINVAL);
+
+ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
+ assert_int_equal(ret, EOK);
+ assert_non_null(sd);
+ assert_int_equal(sd->revision, 1);
+ assert_int_equal(sd->type, 39940);
+ assert_null(sd->owner_sid);
+ assert_null(sd->group_sid);
+ assert_null(sd->sacl);
+ assert_non_null(sd->dacl);
+ assert_int_equal(sd->dacl->revision, 4);
+ assert_int_equal(sd->dacl->size, 308);
+ assert_int_equal(sd->dacl->num_aces, 10);
+ assert_int_equal(sd->dacl->aces[0].type, 0);
+ assert_int_equal(sd->dacl->aces[0].flags, 0);
+ assert_int_equal(sd->dacl->aces[0].size, 36);
+ assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
+ /* There are more components and ACEs in the security_descriptor struct
+ * which are not checked here. */
+
+ talloc_free(sd);
+}
+
int main(int argc, const char *argv[])
{
poptContext pc;
@@ -364,6 +418,9 @@ int main(int argc, const char *argv[])
cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_client_sid_false,
ad_gpo_test_setup,
ad_gpo_test_teardown),
+ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
+ ad_gpo_test_setup,
+ ad_gpo_test_teardown),
};
/* Set debug level to invalid value so we can decide if -d 0 was used. */

50
gnu/packages/patches/sssd-fix-samba.patch
View file

@ -1,50 +0,0 @@
From bc56b10aea999284458dcc293b54cf65288e325d Mon Sep 17 00:00:00 2001
From: Stephen Gallagher <sgallagh@redhat.com>
Date: Fri, 24 Jan 2020 15:17:39 +0100
Subject: [PATCH] Fix build failure against samba 4.12.0rc1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The ndr_pull_get_switch() function was dropped, but it was just a wrapper
around the ndr_token_peek() function, so we can use this approach on both
old and new versions of libndr.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
---
src/providers/ad/ad_gpo_ndr.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
index d573033494..8f405aa62b 100644
--- a/src/providers/ad/ad_gpo_ndr.c
+++ b/src/providers/ad/ad_gpo_ndr.c
@@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr,
union security_ace_object_type *r)
{
uint32_t level;
- level = ndr_pull_get_switch_value(ndr, r);
+ level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4));
@@ -135,7 +135,7 @@ ndr_pull_security_ace_object_inherited_type(struct ndr_pull *ndr,
union security_ace_object_inherited_type *r)
{
uint32_t level;
- level = ndr_pull_get_switch_value(ndr, r);
+ level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4));
@@ -198,7 +198,7 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr,
union security_ace_object_ctr *r)
{
uint32_t level;
- level = ndr_pull_get_switch_value(ndr, r);
+ level = ndr_token_peek(&ndr->switch_list, r);
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
NDR_CHECK(ndr_pull_union_align(ndr, 4));

45
gnu/packages/patches/sssd-optional-systemd.patch Normal file
View file

@ -0,0 +1,45 @@
Allow running sss_analyze without Python modules for systemd.
Upstream PR: https://github.com/SSSD/sssd/pull/6125
diff --git a/src/tools/analyzer/modules/request.py b/src/tools/analyzer/modules/request.py
index b96a23c05..28ac2f194 100644
--- a/src/tools/analyzer/modules/request.py
+++ b/src/tools/analyzer/modules/request.py
@@ -1,8 +1,6 @@
import re
import logging
-from sssd.source_files import Files
-from sssd.source_journald import Journald
from sssd.parser import SubparsersAction
from sssd.parser import Option
@@ -77,8 +75,10 @@ class RequestAnalyzer:
Instantiated source object
"""
if args.source == "journald":
+ from sssd.source_journald import Journald
source = Journald()
else:
+ from sssd.source_files import Files
source = Files(args.logdir)
return source
@@ -143,7 +143,7 @@ class RequestAnalyzer:
self.consumed_logs.append(line.rstrip(line[-1]))
else:
# files source includes newline
- if isinstance(source, Files):
+ if type(source).__name__ == 'Files':
print(line, end='')
else:
print(line)
@@ -225,7 +225,7 @@ class RequestAnalyzer:
source.set_component(component, False)
self.done = ""
for line in self.matched_line(source, patterns):
- if isinstance(source, Journald):
+ if type(source).__name__ == 'Journald':
print(line)
else:
self.print_formatted(line, args.verbose)

44
gnu/packages/patches/sssd-system-directories.patch
View file

@ -1,29 +1,29 @@
Do not attempt to create $localstatedir and $sysconfdir (i.e., /var and /etc) Do not attempt to create $localstatedir and $sysconfdir (i.e., /var and /etc)
upon "make install". upon "make install".
diff --git a/Makefile.in b/Makefile.in diff --git a/Makefile.am b/Makefile.am
index c32cb7d..77a5c00 100644 index 0de53a2c8..51ad57bf1 100644
--- a/Makefile.in --- a/Makefile.am
+++ b/Makefile.in +++ b/Makefile.am
@@ -7991,7 +7991,7 @@ sssdconfdir = $(sysconfdir)/sssd @@ -58,7 +58,7 @@ sssddatadir = $(datadir)/sssd
sssddatadir = $(datadir)/sssd
sssdapiplugindir = $(sssddatadir)/sssd.api.d sssdapiplugindir = $(sssddatadir)/sssd.api.d
sssdtapscriptdir = $(sssddatadir)/systemtap sssdtapscriptdir = $(sssddatadir)/systemtap
krb5snippetsdir = $(sssddatadir)/krb5-snippets
-dbuspolicydir = $(sysconfdir)/dbus-1/system.d -dbuspolicydir = $(sysconfdir)/dbus-1/system.d
+dbuspolicydir = $(prefix)/etc/dbus-1/system.d +dbuspolicydir = $(prefix)/etc/dbus-1/system.d
dbusservicedir = $(datadir)/dbus-1/system-services dbusservicedir = $(datadir)/dbus-1/system-services
sss_statedir = $(localstatedir)/lib/sss sss_statedir = $(localstatedir)/lib/sss
pamlibdir = @pammoddir@ runstatedir = @runstatedir@
@@ -8000,7 +8000,7 @@ nfslibdir = @nfsidmaplibdir@ @@ -85,7 +85,7 @@ pkgconfigdir = $(libdir)/pkgconfig
keytabdir = $(sss_statedir)/keytabs krb5rcachedir = @krb5rcachedir@
pkgconfigdir = $(libdir)/pkgconfig
sudolibdir = @sudolibpath@ sudolibdir = @sudolibpath@
polkitdir = @polkitdir@
-pamconfdir = $(sysconfdir)/pam.d -pamconfdir = $(sysconfdir)/pam.d
+pamconfdir = $(prefix)/etc/pam.d +pamconfdir = $(prefix)/etc/pam.d
systemtap_tapdir = @tapset_dir@ systemtap_tapdir = @tapset_dir@
sssdkcmdatadir = $(datadir)/sssd-kcm sssdkcmdatadir = $(datadir)/sssd-kcm
deskprofilepath = $(sss_statedir)/deskprofile deskprofilepath = $(sss_statedir)/deskprofile
@@ -43733,7 +43733,6 @@ installsssddirs:: @@ -5195,7 +5195,6 @@ installsssddirs::
$(DESTDIR)$(bindir) \ $(DESTDIR)$(bindir) \
$(DESTDIR)$(sbindir) \ $(DESTDIR)$(sbindir) \
$(DESTDIR)$(mandir) \ $(DESTDIR)$(mandir) \
@ -31,15 +31,18 @@ index c32cb7d..77a5c00 100644
$(DESTDIR)$(pluginpath) \ $(DESTDIR)$(pluginpath) \
$(DESTDIR)$(libdir)/ldb \ $(DESTDIR)$(libdir)/ldb \
$(DESTDIR)$(dbuspolicydir) \ $(DESTDIR)$(dbuspolicydir) \
@@ -43743,22 +43742,9 @@ installsssddirs:: @@ -5205,24 +5204,12 @@ installsssddirs::
$(DESTDIR)$(sssddatadir) \ $(DESTDIR)$(sssddatadir) \
$(DESTDIR)$(sudolibdir) \ $(DESTDIR)$(sudolibdir) \
$(DESTDIR)$(autofslibdir) \ $(DESTDIR)$(autofslibdir) \
- $(DESTDIR)$(pipepath)/private \ - $(DESTDIR)$(pipepath)/private \
$(DESTDIR)$(krb5snippetsdir) \
- $(SSSD_USER_DIRS) \ - $(SSSD_USER_DIRS) \
$(NULL); $(NULL);
@SSSD_USER_TRUE@ -chown $(SSSD_USER):$(SSSD_USER) $(SSSD_USER_DIRS) if SSSD_USER
@SSSD_USER_TRUE@ -chown $(SSSD_USER) $(DESTDIR)$(pipepath)/private -chown $(SSSD_USER):$(SSSD_USER) $(SSSD_USER_DIRS)
-chown $(SSSD_USER) $(DESTDIR)$(pipepath)/private
endif
- $(INSTALL) -d -m 0700 $(DESTDIR)$(dbpath) $(DESTDIR)$(logpath) \ - $(INSTALL) -d -m 0700 $(DESTDIR)$(dbpath) $(DESTDIR)$(logpath) \
- $(DESTDIR)$(keytabdir) \ - $(DESTDIR)$(keytabdir) \
- $(NULL) - $(NULL)
@ -50,7 +53,14 @@ index c32cb7d..77a5c00 100644
- $(INSTALL) -d -m 0711 $(DESTDIR)$(sssdconfdir) \ - $(INSTALL) -d -m 0711 $(DESTDIR)$(sssdconfdir) \
- $(DESTDIR)$(sssdconfdir)/conf.d \ - $(DESTDIR)$(sssdconfdir)/conf.d \
- $(DESTDIR)$(sssdconfdir)/pki - $(DESTDIR)$(sssdconfdir)/pki
-@BUILD_SECRETS_TRUE@ $(MKDIR_P) $(DESTDIR)$(secdbpath)
@HAVE_DOXYGEN_TRUE@docs: if HAVE_DOXYGEN
@HAVE_DOXYGEN_TRUE@ $(DOXYGEN) src/doxy.config docs:
@@ -5338,7 +5325,6 @@ if BUILD_SAMBA
endif
if BUILD_KCM
$(MKDIR_P) $(DESTDIR)/$(sssdkcmdatadir)
- $(MKDIR_P) $(DESTDIR)$(secdbpath)
endif
uninstall-hook:

161
gnu/packages/sssd.scm
View file

@ -24,22 +24,28 @@
#:use-module ((guix licenses) #:prefix license:) #:use-module ((guix licenses) #:prefix license:)
#:use-module (guix packages) #:use-module (guix packages)
#:use-module (guix download) #:use-module (guix download)
#:use-module (guix gexp)
#:use-module (guix git-download) #:use-module (guix git-download)
#:use-module (guix utils) #:use-module (guix utils)
#:use-module (guix build utils)
#:use-module (guix build-system gnu) #:use-module (guix build-system gnu)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages) #:use-module (gnu packages)
#:use-module (gnu packages adns) #:use-module (gnu packages adns)
#:use-module (gnu packages augeas) #:use-module (gnu packages augeas)
#:use-module (gnu packages autotools) #:use-module (gnu packages autotools)
#:use-module (gnu packages bash)
#:use-module (gnu packages check) #:use-module (gnu packages check)
#:use-module (gnu packages crypto)
#:use-module (gnu packages curl) #:use-module (gnu packages curl)
#:use-module (gnu packages cyrus-sasl) #:use-module (gnu packages cyrus-sasl)
#:use-module (gnu packages databases) #:use-module (gnu packages databases)
#:use-module (gnu packages dns) #:use-module (gnu packages dns)
#:use-module (gnu packages docbook) #:use-module (gnu packages docbook)
#:use-module (gnu packages documentation) #:use-module (gnu packages documentation)
#:use-module (gnu packages gettext)
#:use-module (gnu packages glib) #:use-module (gnu packages glib)
#:use-module (gnu packages jose)
#:use-module (gnu packages kerberos) #:use-module (gnu packages kerberos)
#:use-module (gnu packages libunistring) #:use-module (gnu packages libunistring)
#:use-module (gnu packages linux) #:use-module (gnu packages linux)
@ -49,8 +55,11 @@
#:use-module (gnu packages pcre) #:use-module (gnu packages pcre)
#:use-module (gnu packages popt) #:use-module (gnu packages popt)
#:use-module (gnu packages pkg-config) #:use-module (gnu packages pkg-config)
#:use-module (gnu packages python)
#:use-module (gnu packages samba) #:use-module (gnu packages samba)
#:use-module (gnu packages security-token)
#:use-module (gnu packages selinux) #:use-module (gnu packages selinux)
#:use-module (gnu packages ssh)
#:use-module (gnu packages web) #:use-module (gnu packages web)
#:use-module (gnu packages xml)) #:use-module (gnu packages xml))
@ -136,93 +145,128 @@ dynamically-growing, reference-counted array; libbasicobjects, a set of
fundamental object types for C.") fundamental object types for C.")
(license license:lgpl3+))) (license license:lgpl3+)))
;; Note: This package installs modules for ldb and nss. For the former we
;; need to set LDB_MODULES_PATH. For the latter LD_PRELOAD or LD_LIBRARY_PATH
;; is needed.
(define-public sssd (define-public sssd
(package (package
(name "sssd") (name "sssd")
(version "1.16.5") (version "2.7.0")
(source (origin (source
(method url-fetch) (origin
(uri (string-append "https://releases.pagure.org/SSSD/sssd/" (method git-fetch)
"sssd-" version ".tar.gz")) (uri (git-reference
(url "https://github.com/SSSD/sssd")
(commit version)))
(file-name (git-file-name name version))
(sha256 (sha256
(base32 (base32 "05pw5lg410vc2yc3k4hqfsbyr9k4k18qb61gbh9xz7fcjpcysqv8"))
"1h6hwibaf3xa2w6qpzjiiywmfj6zkgbz4r2isf3gd0xm6vq7n6if")) (patches (search-patches "sssd-optional-systemd.patch"
(patches (search-patches "sssd-fix-samba.patch" "sssd-system-directories.patch"))))
"sssd-system-directories.patch"
"sssd-collision-with-external-nss-symbol.patch"
"sssd-fix-samba-4.15.3.patch"))))
(build-system gnu-build-system) (build-system gnu-build-system)
(arguments (arguments
`(#:make-flags (list
(list (string-append "DOCBOOK_XSLT=" #:make-flags
(assoc-ref %build-inputs "docbook-xsl") #~(list (string-append "CFLAGS=-DRENEWAL_PROG_PATH=\\\""
#$(this-package-input "adcli") "/sbin/adcli"
"\\\"")
(string-append "DOCBOOK_XSLT="
#$(this-package-native-input "docbook-xsl")
"/xml/xsl/docbook-xsl-" "/xml/xsl/docbook-xsl-"
,(package-version docbook-xsl) #$(package-version (this-package-native-input "docbook-xsl"))
"/manpages/docbook.xsl") "/manpages/docbook.xsl")
;; Remove "--postvalid" option, because that requires access to ;; Remove "--postvalid" option, because that requires access to
;; online DTDs. ;; online DTDs.
"XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout") "XMLLINT_FLAGS = --catalogs --nonet --noent --xinclude --noout")
#:configure-flags #:configure-flags
(list "--localstatedir=/var" ;for /var/lib/sss, /var/run/sssd.pid, etc. #~(list "--localstatedir=/var" ; for /var/lib/sss, /var/run/sssd.pid, etc.
"--sysconfdir=/etc" ; /etc/sssd "--sysconfdir=/etc" ; /etc/sssd
"--disable-cifs-idmap-plugin" "--disable-cifs-idmap-plugin"
"--without-nfsv4-idmapd-plugin" "--without-nfsv4-idmapd-plugin"
"--without-python2-bindings"
"--without-python3-bindings"
(string-append "--with-plugin-path=" (string-append "--with-plugin-path="
(assoc-ref %outputs "out") #$output "/lib/sssd")
"/lib/sssd")
(string-append "--with-krb5-plugin-path=" (string-append "--with-krb5-plugin-path="
(assoc-ref %outputs "out") #$output "/lib/krb5/plugins/libkrb5")
"/lib/krb5/plugins/libkrb5")
(string-append "--with-cifs-plugin-path=" (string-append "--with-cifs-plugin-path="
(assoc-ref %outputs "out") #$output "/lib/cifs-utils")
"/lib/cifs-utils")
(string-append "--with-init-dir=" (string-append "--with-init-dir="
(assoc-ref %outputs "out") #$output "/etc/init.d")
"/etc/init.d")
(string-append "--with-ldb-lib-dir=" (string-append "--with-ldb-lib-dir="
(assoc-ref %outputs "out") #$output "/lib/ldb/modules/ldb")
"/lib/ldb/modules/ldb")
(string-append "--with-xml-catalog-path=" (string-append "--with-xml-catalog-path="
(assoc-ref %build-inputs "docbook-xml") #$(this-package-native-input "docbook-xml")
"/xml/dtd/docbook/catalog.xml")) "/xml/dtd/docbook/catalog.xml"))
#:phases #:phases
(modify-phases %standard-phases #~(modify-phases %standard-phases
(add-after 'unpack 'disable-failing-test (add-after 'patch-source-shebangs 'patch-more-shebangs
(lambda _ (lambda _
(substitute* '("src/tools/analyzer/sss_analyze"
"src/tools/sss_obfuscate")
(("#!/usr/bin/.*python")
(string-append "#!" #$(this-package-input "python") "/bin/python3")))))
(add-before 'bootstrap 'fix-configure-macros
(lambda _
;; A configure test for nsupdate realm support fails without this.
(substitute* "src/external/nsupdate.m4"
(("\\$NSUPDATE ") "$NSUPDATE -i "))
;; Let tests find softhsm lib.
(substitute* "src/external/test_ca.m4"
(("/usr/lib/softhsm")
(string-append #$(this-package-native-input "softhsm")
"/lib/softhsm")))))
(add-before 'configure 'disable-failing-tests
(lambda _
;; Disable tests that needs /etc/passwd.
(substitute* "Makefile.am"
(("pam-srv-tests") "")
(("test-negcache") ""))
;; This test fails for unknown reason.
(substitute* "src/tests/responder_socket_access-tests.c" (substitute* "src/tests/responder_socket_access-tests.c"
(("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") "")) (("tcase_add_test\\(tc_utils, resp_str_to_array_test\\);") ""))))
#t)) (add-before 'check 'set-libpython-path
(add-after 'unpack 'add-config-in
(lambda _ (lambda _
(let ((config.h (open-file "config.h.in" "a"))) (setenv "LD_LIBRARY_PATH"
(display (string-append " (string-append #$(this-package-input "python") "/lib"))))
/* Missing in commits on original repo, dunno why but won't work without. */ (add-after 'install 'remove-static-libs
#undef SMB_HAS_NEW_NDR_PULL_STEAL_SWITCH
")
config.h)
(close config.h))))
(add-before 'configure 'autoconf
(lambda _ (lambda _
(invoke "autoconf")))))) ;; Remove a static library that produces a (harmless) warning
;; when starting a program that uses sssds LDB modules.
(delete-file
(string-append #$output "/lib/ldb/modules/ldb/memberof.la"))))
(add-after 'install 'wrap-binaries
(lambda _
(with-directory-excursion #$output
;; Set path to LDB modules for sssd and utilities.
(for-each (lambda (bin)
(wrap-program (string-append "sbin/" bin)
`("LDB_MODULES_PATH" ":" prefix
(,(string-append #$output "/lib/ldb/modules/ldb")))))
'("sssd" "sssctl" "sss_cache" "sss_override" "sss_seed"))
;; Set path to sssds site-packages for scripts.
(for-each (lambda (script)
(wrap-program script
`("GUIX_PYTHONPATH" ":" prefix
(,(string-append #$output "/lib/python"
#$(version-major+minor
(package-version
(this-package-input "python")))
"/site-packages")))))
'("libexec/sssd/sss_analyze" "sbin/sss_obfuscate"))))))))
(inputs (inputs
(list augeas (list adcli
`(,isc-bind "utils") bash-minimal
c-ares c-ares
curl curl ; for OpenID Connect support
cyrus-sasl cyrus-sasl
dbus dbus
ding-libs ding-libs
glib glib
gnutls gnutls
http-parser http-parser
`(,isc-bind "utils")
jansson jansson
jose ; for OpenID Connect support
keyutils
ldb ldb
libnl
libselinux libselinux
libsemanage libsemanage
libunistring libunistring
@ -231,20 +275,31 @@ fundamental object types for C.")
nss nss
openldap openldap
openssl openssl
pcre p11-kit ; for PKCS#11 support
pcre2
popt popt
python
samba samba
talloc talloc
tdb tdb
tevent)) tevent))
(native-inputs (native-inputs
(list autoconf-2.69 (list autoconf
check-0.14 automake
docbook-xsl check ; for tests
cmocka ; for tests
docbook-xml docbook-xml
docbook-xsl
doxygen
gettext-minimal
libfaketime ; for tests
libtool
libxml2 ; for xmllint libxml2 ; for xmllint
libxslt libxslt
openssh ; for tests
pkg-config pkg-config
po4a
softhsm ; for tests
`(,util-linux "lib"))) ; for uuid.h, reqired for KCM `(,util-linux "lib"))) ; for uuid.h, reqired for KCM
(home-page "https://pagure.io/SSSD/sssd/") (home-page "https://pagure.io/SSSD/sssd/")
(synopsis "System security services daemon") (synopsis "System security services daemon")