--- sssd-1.9.1.orig/scripts/release.sh +++ sssd-1.9.1/scripts/release.sh @@ -0,0 +1,29 @@ +#!/bin/bash + +function config() +{ + autoreconf -i -f || return $? + ./configure +} + +SAVED_PWD=$PWD +version=`grep '\[VERSION_NUMBER], \[.*\]' version.m4 |grep '[0-9]\+\.[0-9]\+\.[0-9]\+' -o` +tag=$(echo ${version} | tr "." "_") + +trap "cd $SAVED_PWD; rm -rf sssd-${version} sssd-${version}.tar" EXIT + +git archive --format=tar --prefix=sssd-${version}/ sssd-${tag} > sssd-${version}.tar +if [ $? -ne 0 ]; then + echo "Cannot perform git-archive, check if tag $tag is present in git tree" + exit 1 +fi +tar xf sssd-${version}.tar + +pushd sssd-${version} +config || exit 1 +make dist-gzip || exit 1 # also builds docs +popd + +mv sssd-${version}/sssd-${version}.tar.gz . +gpg --detach-sign --armor sssd-${version}.tar.gz + --- sssd-1.9.1.orig/src/resolv/ares/ares_dns.h +++ sssd-1.9.1/src/resolv/ares/ares_dns.h @@ -0,0 +1,91 @@ +/* $Id: ares_dns.h,v 1.8 2007-02-16 14:22:08 yangtse Exp $ */ + +/* Copyright 1998 by the Massachusetts Institute of Technology. + * + * Permission to use, copy, modify, and distribute this + * software and its documentation for any purpose and without + * fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright + * notice and this permission notice appear in supporting + * documentation, and that the name of M.I.T. not be used in + * advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" + * without express or implied warranty. + */ + +#ifndef ARES__DNS_H +#define ARES__DNS_H + +#define DNS__16BIT(p) (((p)[0] << 8) | (p)[1]) +#define DNS__32BIT(p) (((p)[0] << 24) | ((p)[1] << 16) | \ + ((p)[2] << 8) | (p)[3]) + +#define DNS__SET16BIT(p, v) (((p)[0] = (unsigned char)(((v) >> 8) & 0xff)), \ + ((p)[1] = (unsigned char)((v) & 0xff))) +#define DNS__SET32BIT(p, v) (((p)[0] = (unsigned char)(((v) >> 24) & 0xff)), \ + ((p)[1] = (unsigned char)(((v) >> 16) & 0xff)), \ + ((p)[2] = (unsigned char)(((v) >> 8) & 0xff)), \ + ((p)[3] = (unsigned char)((v) & 0xff))) + +#if 0 +/* we cannot use this approach on systems where we can't access 16/32 bit + data on un-aligned addresses */ +#define DNS__16BIT(p) ntohs(*(unsigned short*)(p)) +#define DNS__32BIT(p) ntohl(*(unsigned long*)(p)) +#define DNS__SET16BIT(p, v) *(unsigned short*)(p) = htons(v) +#define DNS__SET32BIT(p, v) *(unsigned long*)(p) = htonl(v) +#endif + +/* Macros for parsing a DNS header */ +#define DNS_HEADER_QID(h) DNS__16BIT(h) +#define DNS_HEADER_QR(h) (((h)[2] >> 7) & 0x1) +#define DNS_HEADER_OPCODE(h) (((h)[2] >> 3) & 0xf) +#define DNS_HEADER_AA(h) (((h)[2] >> 2) & 0x1) +#define DNS_HEADER_TC(h) (((h)[2] >> 1) & 0x1) +#define DNS_HEADER_RD(h) ((h)[2] & 0x1) +#define DNS_HEADER_RA(h) (((h)[3] >> 7) & 0x1) +#define DNS_HEADER_Z(h) (((h)[3] >> 4) & 0x7) +#define DNS_HEADER_RCODE(h) ((h)[3] & 0xf) +#define DNS_HEADER_QDCOUNT(h) DNS__16BIT((h) + 4) +#define DNS_HEADER_ANCOUNT(h) DNS__16BIT((h) + 6) +#define DNS_HEADER_NSCOUNT(h) DNS__16BIT((h) + 8) +#define DNS_HEADER_ARCOUNT(h) DNS__16BIT((h) + 10) + +/* Macros for constructing a DNS header */ +#define DNS_HEADER_SET_QID(h, v) DNS__SET16BIT(h, v) +#define DNS_HEADER_SET_QR(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 7)) +#define DNS_HEADER_SET_OPCODE(h, v) ((h)[2] |= (unsigned char)(((v) & 0xf) << 3)) +#define DNS_HEADER_SET_AA(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 2)) +#define DNS_HEADER_SET_TC(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 1)) +#define DNS_HEADER_SET_RD(h, v) ((h)[2] |= (unsigned char)((v) & 0x1)) +#define DNS_HEADER_SET_RA(h, v) ((h)[3] |= (unsigned char)(((v) & 0x1) << 7)) +#define DNS_HEADER_SET_Z(h, v) ((h)[3] |= (unsigned char)(((v) & 0x7) << 4)) +#define DNS_HEADER_SET_RCODE(h, v) ((h)[3] |= (unsigned char)((v) & 0xf)) +#define DNS_HEADER_SET_QDCOUNT(h, v) DNS__SET16BIT((h) + 4, v) +#define DNS_HEADER_SET_ANCOUNT(h, v) DNS__SET16BIT((h) + 6, v) +#define DNS_HEADER_SET_NSCOUNT(h, v) DNS__SET16BIT((h) + 8, v) +#define DNS_HEADER_SET_ARCOUNT(h, v) DNS__SET16BIT((h) + 10, v) + +/* Macros for parsing the fixed part of a DNS question */ +#define DNS_QUESTION_TYPE(q) DNS__16BIT(q) +#define DNS_QUESTION_CLASS(q) DNS__16BIT((q) + 2) + +/* Macros for constructing the fixed part of a DNS question */ +#define DNS_QUESTION_SET_TYPE(q, v) DNS__SET16BIT(q, v) +#define DNS_QUESTION_SET_CLASS(q, v) DNS__SET16BIT((q) + 2, v) + +/* Macros for parsing the fixed part of a DNS resource record */ +#define DNS_RR_TYPE(r) DNS__16BIT(r) +#define DNS_RR_CLASS(r) DNS__16BIT((r) + 2) +#define DNS_RR_TTL(r) DNS__32BIT((r) + 4) +#define DNS_RR_LEN(r) DNS__16BIT((r) + 8) + +/* Macros for constructing the fixed part of a DNS resource record */ +#define DNS_RR_SET_TYPE(r) DNS__SET16BIT(r, v) +#define DNS_RR_SET_CLASS(r) DNS__SET16BIT((r) + 2, v) +#define DNS_RR_SET_TTL(r) DNS__SET32BIT((r) + 4, v) +#define DNS_RR_SET_LEN(r) DNS__SET16BIT((r) + 8, v) + +#endif /* ARES__DNS_H */ --- sssd-1.9.1.orig/src/sss_client/protos.h +++ sssd-1.9.1/src/sss_client/protos.h @@ -0,0 +1,151 @@ +/* + SSSD + + Client Interface for NSS and PAM. + + Authors: + Simo Sorce + + Copyright (C) Red Hat, Inc 2007 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +#if 0 +/* SHADOW database NSS interface */ +enum nss_status _nss_sss_getspnam_r(const char *name, struct spwd *result, + char *buffer, size_t buflen, int *errnop); +enum nss_status _nss_sss_setspent(void); +enum nss_status _nss_sss_getspent_r(struct spwd *result, + char *buffer, size_t buflen, int *errnop); +enum nss_status _nss_sss_endspent(void); + + +/* HOSTS database NSS interface */ +enum nss_status _nss_sss_gethostbyname_r(const char *name, + struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, + struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_gethostbyaddr_r(const void *addr, socklen_t len, + int af, struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_sethostent(void); +enum nss_status _nss_sss_gethostent_r(struct hostent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_endhostent(void); + +/* NETGROUP database NSS interface */ +enum nss_status _nss_sss_setnetgrent(const char *netgroup, + struct __netgrent *result); +enum nss_status _nss_sss_getnetgrent_r(struct __netgrent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_ldap_endnetgrent(void); +/* too bad innetgr is currently implemented as an iteration over + * {set|get|end}netgroup ... */ + +/* NETWORKS database NSS interface */ +enum nss_status _nss_sss_getnetbyname_r(const char *name, + struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_getnetbyaddr_r(uint32_t addr, int af, + struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_setnetent(void); +enum nss_status _nss_sss_getnetent_r(struct netent *result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); +enum nss_status _nss_sss_endnetent(void); + + +/* PROTOCOLS database NSS interface */ +enum nss_status _nss_sss_getprotobyname_r(const char *name, + struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getprotobynumber_r(int number, + struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setprotoent(void); +enum nss_status _nss_sss_getprotoent_r(struct protoent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endprotoent(void); + +/* SERVICES database NSS interface */ +enum nss_status _nss_sss_getservbyname_r(const char *name, + const char *protocol, + struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getservbyport_r(int port, const char *protocol, + struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setservent(void); +enum nss_status _nss_sss_getservent_r(struct servent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endservent(void); + +/* ALIASES database NSS interface */ +enum nss_status _nss_sss_getaliasbyname_r(const char *name, + struct aliasent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setaliasent(void); +enum nss_status _nss_sss_getaliasent_r(struct aliasent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endaliasent(void); + +/* ETHERS database NSS interface */ +enum nss_status _nss_sss_gethostton_r(const char *name, + struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getntohost_r(const struct ether_addr *addr, + struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setetherent(void); +enum nss_status _nss_sss_getetherent_r(struct etherent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endetherent(void); + +/* RPC database NSS interface */ +enum nss_status _nss_sss_getrpcbyname_r(const char *name, + struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_getrpcbynumber_r(int number, struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_setrpcent(void); +enum nss_status _nss_sss_getrpcent_r(struct rpcent *result, + char *buffer, size_t buflen, + int *errnop); +enum nss_status _nss_sss_endrpcent(void); + +#endif --- sssd-1.9.1.orig/src/man/po/LINGUAS +++ sssd-1.9.1/src/man/po/LINGUAS @@ -0,0 +1 @@ +cs --- sssd-1.9.1.orig/src/tests/python-test.py +++ sssd-1.9.1/src/tests/python-test.py @@ -0,0 +1,445 @@ +#!/usr/bin/python +#coding=utf-8 + +# Authors: +# Jakub Hrozek +# +# Copyright (C) 2009 Red Hat +# see file 'COPYING' for use and warranty information +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation; version 2 only +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +import os +import tempfile +import shutil +import unittest +import commands +import errno + +# module under test +import pysss + +class LocalTest(unittest.TestCase): + local_path = "/var/lib/sss/db/sssd.ldb" + + def setUp(self): + self.local = pysss.local() + + def _run_and_check(self, runme): + (status, output) = commands.getstatusoutput(runme) + self.failUnlessEqual(status, 0, output) + + def _get_object_info(self, name, subtree, domain): + search_dn = "dn=name=%s,cn=%s,cn=%s,cn=sysdb" % (name, subtree, domain) + (status, output) = commands.getstatusoutput("ldbsearch -H %s %s" % (self.local_path,search_dn)) + + if status: return {} + + kw = {} + for key, value in [ l.split(':') for l in output.split('\n') if ":" in l ]: + kw[key] = value.strip() + + del kw['asq'] + return kw + + def get_user_info(self, name, domain="LOCAL"): + return self._get_object_info(name, "users", domain) + + def get_group_info(self, name, domain="LOCAL"): + return self._get_object_info(name, "groups", domain) + + def _validate_object(self, kw, name, **kwargs): + if kw == {}: self.fail("Could not get %s info" % name) + for key in kwargs.keys(): + self.assert_(str(kwargs[key]) == str(kw[key]), "%s %s != %s %s" % (key, kwargs[key], key, kw[key])) + + def validate_user(self, username, **kwargs): + return self._validate_object(self.get_user_info(username), "user", **kwargs) + + def validate_group(self, groupname, **kwargs): + return self._validate_object(self.get_group_info(groupname), "group", **kwargs) + + def _validate_no_object(self, kw, name): + if kw != {}: + self.fail("Got %s info" % name) + + def validate_no_user(self, username): + return self._validate_no_object(self.get_user_info(username), "user") + + def validate_no_group(self, groupname): + return self._validate_no_object(self.get_group_info(groupname), "group") + + def _get_object_membership(self, name, subtree, domain): + search_dn = "dn=name=%s,cn=%s,cn=%s,cn=sysdb" % (name, subtree, domain) + (status, output) = commands.getstatusoutput("ldbsearch -H %s %s" % (self.local_path,search_dn)) + + if status: + return [] + + members = [ value.strip() for key, value in [ l.split(':') for l in output.split('\n') if ":" in l ] if key == "memberof" ] + return members + + def _assertMembership(self, name, group_list, subtree, domain): + members = self._get_object_membership(name, subtree, domain) + for group in group_list: + group_dn = "name=%s,cn=groups,cn=%s,cn=sysdb" % (group, domain) + if group_dn in members: + members.remove(group_dn) + else: + self.fail("Cannot find required group %s" % group_dn) + + if len(members) > 0: + self.fail("More groups than selected") + + def assertUserMembership(self, name, group_list, domain="LOCAL"): + return self._assertMembership(name, group_list, "users", domain) + + def assertGroupMembership(self, name, group_list, domain="LOCAL"): + return self._assertMembership(name, group_list, "groups", domain) + + def get_user_membership(self, name, domain="LOCAL"): + return self._get_object_membership(name, "users", domain) + + def get_group_membership(self, name, domain="LOCAL"): + return self._get_object_membership(name, "groups", domain) + + def add_group(self, groupname): + self._run_and_check("sss_groupadd %s" % (groupname)) + + def remove_group(self, groupname): + self._run_and_check("sss_groupdel %s" % (groupname)) + + def add_user(self, username): + self._run_and_check("sss_useradd %s" % (username)) + + def add_user_not_home(self, username): + self._run_and_check("sss_useradd -M %s" % (username)) + + def remove_user(self, username): + self._run_and_check("sss_userdel %s" % (username)) + + def remove_user_not_home(self, username): + self._run_and_check("sss_userdel -R %s" % (username)) + +class SanityTest(unittest.TestCase): + def testInstantiate(self): + "Test that the local backed binding can be instantiated" + local = pysss.local() + self.assert_(local.__class__, "") + +class UseraddTest(LocalTest): + def tearDown(self): + if self.username: + self.remove_user(self.username) + + def testUseradd(self): + "Test adding a local user" + self.username = "testUseradd" + self.local.useradd(self.username) + self.validate_user(self.username) + # check home directory was created with default name + self.assertEquals(os.access("/home/%s" % self.username, os.F_OK), True) + + def testUseraddWithParams(self): + "Test adding a local user with modified parameters" + self.username = "testUseraddWithParams" + self.local.useradd(self.username, + gecos="foo bar", + homedir="/home/foobar", + shell="/bin/zsh") + self.validate_user(self.username, + gecos="foo bar", + homeDirectory="/home/foobar", + loginShell="/bin/zsh") + # check home directory was created with nondefault name + self.assertEquals(os.access("/home/foobar", os.F_OK), True) + + def testUseraddNoHomedir(self): + "Test adding a local user without creating his home dir" + self.username = "testUseraddNoHomedir" + self.local.useradd(self.username, create_home = False) + self.validate_user(self.username) + # check home directory was not created + self.assertEquals(os.access("/home/%s" % self.username, os.F_OK), False) + self.local.userdel(self.username, remove = False) + self.username = None # fool tearDown into not removing the user + + def testUseraddAlternateSkeldir(self): + "Test adding a local user and init his homedir from a custom location" + self.username = "testUseraddAlternateSkeldir" + + skeldir = tempfile.mkdtemp() + fd, path = tempfile.mkstemp(dir=skeldir) + fdo = os.fdopen(fd) + fdo.flush() + fdo.close + self.assertEquals(os.access(path, os.F_OK), True) + filename = os.path.basename(path) + + try: + self.local.useradd(self.username, skel = skeldir) + self.validate_user(self.username) + self.assertEquals(os.access("/home/%s/%s"%(self.username,filename), os.F_OK), True) + finally: + shutil.rmtree(skeldir) + + def testUseraddToGroups(self): + "Test adding a local user with group membership" + self.username = "testUseraddToGroups" + self.add_group("gr1") + self.add_group("gr2") + try: + self.local.useradd(self.username, + groups=["gr1","gr2"]) + self.assertUserMembership(self.username, + ["gr1","gr2"]) + finally: + self.remove_group("gr1") + self.remove_group("gr2") + + def testUseraddWithUID(self): + "Test adding a local user with a custom UID" + self.username = "testUseraddWithUID" + self.local.useradd(self.username, + uid=1024) + self.validate_user(self.username, + uidNumber=1024) + +class UseraddTestNegative(LocalTest): + def testUseraddNoParams(self): + "Test that local.useradd() requires the username parameter" + self.assertRaises(TypeError, self.local.useradd) + + def testUseraddUserAlreadyExists(self): + "Test adding a local with a duplicite name" + self.username = "testUseraddUserAlreadyExists" + self.local.useradd(self.username) + try: + self.local.useradd(self.username) + except IOError, e: + self.assertEquals(e.errno, errno.EEXIST) + else: + self.fail("Was expecting exception") + finally: + self.remove_user(self.username) + + def testUseraddUIDAlreadyExists(self): + "Test adding a local with a duplicite user ID" + self.username = "testUseraddUIDAlreadyExists1" + self.local.useradd(self.username, uid=1025) + try: + self.local.useradd("testUseraddUIDAlreadyExists2", uid=1025) + except IOError, e: + self.assertEquals(e.errno, errno.EEXIST) + else: + self.fail("Was expecting exception") + finally: + self.remove_user(self.username) + +class UserdelTest(LocalTest): + def testUserdel(self): + self.add_user("testUserdel") + self.assertEquals(os.access("/home/testUserdel", os.F_OK), True) + self.validate_user("testUserdel") + self.local.userdel("testUserdel") + self.validate_no_user("testUserdel") + self.assertEquals(os.access("/home/testUserdel", os.F_OK), False) + + def testUserdelNotHomedir(self): + self.add_user("testUserdel") + self.assertEquals(os.access("/home/testUserdel", os.F_OK), True) + self.validate_user("testUserdel") + self.local.userdel("testUserdel", remove=False) + self.validate_no_user("testUserdel") + self.assertEquals(os.access("/home/testUserdel", os.F_OK), True) + shutil.rmtree("/home/testUserdel") + os.remove("/var/mail/testUserdel") + + def testUserdelNegative(self): + self.validate_no_user("testUserdelNegative") + try: + self.local.userdel("testUserdelNegative") + except IOError, e: + self.assertEquals(e.errno, errno.ENOENT) + else: + fail("Was expecting exception") + +class UsermodTest(LocalTest): + def setUp(self): + self.local = pysss.local() + self.username = "UsermodTest" + self.add_user_not_home(self.username) + + def tearDown(self): + self.remove_user_not_home(self.username) + + def testUsermod(self): + "Test modifying user attributes" + self.local.usermod(self.username, + gecos="foo bar", + homedir="/home/foobar", + shell="/bin/zsh") + self.validate_user(self.username, + gecos="foo bar", + homeDirectory="/home/foobar", + loginShell="/bin/zsh") + + def testUsermodUID(self): + "Test modifying UID" + self.local.usermod(self.username, + uid=1024) + self.validate_user(self.username, + uidNumber=1024) + + def testUsermodGroupMembership(self): + "Test adding to and removing from groups" + self.add_group("gr1") + self.add_group("gr2") + + try: + self.local.usermod(self.username, + addgroups=["gr1","gr2"]) + self.assertUserMembership(self.username, + ["gr1","gr2"]) + self.local.usermod(self.username, + rmgroups=["gr2"]) + self.assertUserMembership(self.username, + ["gr1"]) + self.local.usermod(self.username, + rmgroups=["gr1"]) + self.assertUserMembership(self.username, + []) + finally: + self.remove_group("gr1") + self.remove_group("gr2") + + def testUsermodLockUnlock(self): + "Test locking and unlocking user" + self.local.usermod(self.username, + lock=self.local.lock) + self.validate_user(self.username, + disabled="true") + self.local.usermod(self.username, + lock=self.local.unlock) + self.validate_user(self.username, + disabled="false") + +class GroupaddTest(LocalTest): + def tearDown(self): + if self.groupname: + self.remove_group(self.groupname) + + def testGroupadd(self): + "Test adding a local group" + self.groupname = "testGroupadd" + self.local.groupadd(self.groupname) + self.validate_group(self.groupname) + + def testGroupaddWithGID(self): + "Test adding a local group with a custom GID" + self.groupname = "testUseraddWithGID" + self.local.groupadd(self.groupname, + gid=1024) + self.validate_group(self.groupname, + gidNumber=1024) + +class GroupaddTestNegative(LocalTest): + def testGroupaddNoParams(self): + "Test that local.groupadd() requires the groupname parameter" + self.assertRaises(TypeError, self.local.groupadd) + + def testGroupaddUserAlreadyExists(self): + "Test adding a local with a duplicite name" + self.groupname = "testGroupaddUserAlreadyExists" + self.local.groupadd(self.groupname) + try: + self.local.groupadd(self.groupname) + except IOError, e: + self.assertEquals(e.errno, errno.EEXIST) + else: + self.fail("Was expecting exception") + finally: + self.remove_group(self.groupname) + + def testGroupaddGIDAlreadyExists(self): + "Test adding a local with a duplicite group ID" + self.groupname = "testGroupaddGIDAlreadyExists1" + self.local.groupadd(self.groupname, gid=1025) + try: + self.local.groupadd("testGroupaddGIDAlreadyExists2", gid=1025) + except IOError, e: + self.assertEquals(e.errno, errno.EEXIST) + else: + self.fail("Was expecting exception") + finally: + self.remove_group(self.groupname) + +class GroupdelTest(LocalTest): + def testGroupdel(self): + self.add_group("testGroupdel") + self.validate_group("testGroupdel") + self.local.groupdel("testGroupdel") + self.validate_no_group("testGroupdel") + + def testGroupdelNegative(self): + self.validate_no_group("testGroupdelNegative") + try: + self.local.groupdel("testGroupdelNegative") + except IOError, e: + self.assertEquals(e.errno, errno.ENOENT) + else: + fail("Was expecting exception") + + +class GroupmodTest(LocalTest): + def setUp(self): + self.local = pysss.local() + self.groupname = "GroupmodTest" + self.add_group(self.groupname) + + def tearDown(self): + self.remove_group(self.groupname) + + def testGroupmodGID(self): + "Test modifying UID" + self.local.groupmod(self.groupname, + gid=1024) + self.validate_group(self.groupname, + gidNumber=1024) + + def testGroupmodGroupMembership(self): + "Test adding to groups" + self.add_group("gr1") + self.add_group("gr2") + try: + self.local.groupmod(self.groupname, + addgroups=["gr1","gr2"]) + self.assertGroupMembership(self.groupname, + ["gr1","gr2"]) + self.local.groupmod(self.groupname, + rmgroups=["gr2"]) + self.assertGroupMembership(self.groupname, + ["gr1"]) + self.local.groupmod(self.groupname, + rmgroups=["gr1"]) + self.assertGroupMembership(self.groupname, + []) + finally: + self.remove_group("gr1") + self.remove_group("gr2") + +# -------------- run the test suite -------------- # +if __name__ == "__main__": + unittest.main() + --- sssd-1.9.1.orig/contrib/suse/sssd.spec.in +++ sssd-1.9.1/contrib/suse/sssd.spec.in @@ -0,0 +1,301 @@ +%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib(1))")} +%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import *; import sys; sys.stdout.write(get_python_lib())")} + +Name: @PACKAGE_NAME@ +Version: @PACKAGE_VERSION@ +Release: 0@PRERELEASE_VERSION@%{?dist} +Group: Applications/System +Summary: System Security Services Daemon +# The entire source code is GPLv3+ except replace/ which is LGPLv3+ +License: GPLv3+ and LGPLv3+ +URL: http://fedorahosted.org/sssd/ +Source0: %{name}-%{version}.tar.gz +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) + +%global dhash_version 0.4.0 + +### Patches ### + +### Dependencies ### + +Requires: libldb0 >= 0.9.3 +Requires: libtdb1 >= 1.1.3 +Requires: sssd-client = %{version}-%{release} +Requires: libdhash = %{dhash_version}-%{release} +Requires: cyrus-sasl-gssapi +Requires(post): python +Requires(preun): aaa_base procps filesystem +Requires(postun): /sbin/service + +%global servicename sssd +%global sssdstatedir %{_localstatedir}/lib/sss +%global dbpath %{sssdstatedir}/db +%global pipepath %{sssdstatedir}/pipes +%global pubconfpath %{sssdstatedir}/pubconf + +### Build Dependencies ### + +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: libtool +BuildRequires: m4 +BuildRequires: popt-devel +BuildRequires: libtalloc-devel +BuildRequires: libtevent0-devel +BuildRequires: libtdb1-devel +BuildRequires: libldb0-devel +BuildRequires: libcares-devel +BuildRequires: dbus-1-devel +BuildRequires: dbus-1 +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: mozilla-nss-devel +BuildRequires: mozilla-nspr-devel +BuildRequires: pcre-devel +BuildRequires: libxslt +BuildRequires: libxml2 +BuildRequires: docbook-xsl-stylesheets +BuildRequires: krb5-devel +BuildRequires: python-devel + + +%description +Provides a set of daemons to manage access to remote directories and +authentication mechanisms. It provides an NSS and PAM interface toward +the system and a pluggable backend system to connect to multiple different +account sources. It is also the basis to provide client auditing and policy +services for projects like FreeIPA. + +%package client +Summary: SSSD Client libraries for NSS and PAM +Group: Applications/System + +%description client +Provides the libraries needed by the PAM and NSS stacks to connect to the SSSD +service. + +%package -n libdhash +Summary: Dynamic hash table +Group: Development/Libraries +Version: %{dhash_version} +License: LGPLv3+ + +%description -n libdhash +A hash table which will dynamically resize to achieve optimal storage & access +time properties + +%package -n libdhash-devel +Summary: Development files for libdhash +Group: Development/Libraries +Version: %{dhash_version} +Requires: libdhash = %{dhash_version}-%{release} +License: LGPLv3+ + +%description -n libdhash-devel +A hash table which will dynamically resize to achieve optimal storage & access +time properties + + +%prep +%setup -q + +%build +%configure \ + --without-tests \ + --with-db-path=%{dbpath} \ + --with-pipe-path=%{pipepath} \ + --with-pubconf-path=%{pubconfpath} \ + --with-init-dir=%{_initrddir} \ + --enable-nsslibdir=/%{_lib} \ + --without-selinux \ + --without-semanage \ + --with-os=suse \ + --disable-static + +make %{?_smp_mflags} + +%install +rm -rf $RPM_BUILD_ROOT + +make install DESTDIR=$RPM_BUILD_ROOT + +# Remove the example files from the output directory +# We will copy them directly from the source directory +# for packaging +rm -f \ + $RPM_BUILD_ROOT/usr/share/doc/dhash/README \ + $RPM_BUILD_ROOT/usr/share/doc/dhash/examples/dhash_example.c \ + $RPM_BUILD_ROOT/usr/share/doc/dhash/examples/dhash_test.c + +# Prepare language files +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_daemon +/usr/lib/rpm/find-lang.sh $RPM_BUILD_ROOT sss_client + +# Copy default sssd.conf file +mkdir -p $RPM_BUILD_ROOT/%{_sysconfdir}/sssd +install -m600 server/examples/sssd.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.conf +install -m400 server/config/etc/sssd.api.conf $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.conf +install -m400 server/config/etc/sssd.api.d/* $RPM_BUILD_ROOT%{_sysconfdir}/sssd/sssd.api.d/ + +# Remove .la files created by libtool +rm -f \ + $RPM_BUILD_ROOT/%{_lib}/libnss_sss.la \ + $RPM_BUILD_ROOT/%{_lib}/security/pam_sss.la \ + $RPM_BUILD_ROOT/%{_libdir}/libdhash.la \ + $RPM_BUILD_ROOT/%{_libdir}/ldb/memberof.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ldap.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_proxy.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_krb5.la \ + $RPM_BUILD_ROOT/%{_libdir}/sssd/libsss_ipa.la \ + $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la \ + $RPM_BUILD_ROOT/%{python_sitearch}/pysss.la + +if test -e $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +then + # Apppend this file to the sss_daemon.lang + # Older versions of rpmbuild can only handle one -f option + echo %{_libdir}/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so >> sss_daemon.lang +fi +for file in `ls $RPM_BUILD_ROOT/%{python_sitelib}/*.egg-info 2> /dev/null` +do + echo %{python_sitelib}/`basename $file` >> sss_daemon.lang +done + +%clean +rm -rf $RPM_BUILD_ROOT + +%files -f sss_daemon.lang +%defattr(-,root,root,-) +%doc COPYING +%{_initrddir}/%{name} +%{_sbindir}/sssd +%{_sbindir}/sss_useradd +%{_sbindir}/sss_userdel +%{_sbindir}/sss_usermod +%{_sbindir}/sss_groupadd +%{_sbindir}/sss_groupdel +%{_sbindir}/sss_groupmod +%{_sbindir}/sss_groupshow +%{_sbindir}/sss_debuglevel +%{_libexecdir}/%{servicename}/ +%{_libdir}/%{name}/ +%{_libdir}/ldb/memberof.so +%dir %{sssdstatedir} +%attr(700,root,root) %dir %{dbpath} +%attr(755,root,root) %dir %{pipepath} +%attr(755,root,root) %dir %{pubconfpath} +%attr(700,root,root) %dir %{pipepath}/private +%attr(750,root,root) %dir %{_var}/log/%{name} +%attr(700,root,root) %dir %{_sysconfdir}/sssd +%config(noreplace) %{_sysconfdir}/sssd/sssd.conf +%config %{_sysconfdir}/sssd/sssd.api.conf +%attr(700,root,root) %dir %{_sysconfdir}/sssd/sssd.api.d +%config %{_sysconfdir}/sssd/sssd.api.d/ +%{_mandir}/man5/sssd.conf.5* +%{_mandir}/man5/sssd-ipa.5* +%{_mandir}/man5/sssd-krb5.5* +%{_mandir}/man5/sssd-ldap.5* +%{_mandir}/man8/sssd.8* +%{_mandir}/man8/sss_groupadd.8* +%{_mandir}/man8/sss_groupdel.8* +%{_mandir}/man8/sss_groupmod.8* +%{_mandir}/man8/sss_groupshow.8* +%{_mandir}/man8/sss_useradd.8* +%{_mandir}/man8/sss_userdel.8* +%{_mandir}/man8/sss_usermod.8* +%{_mandir}/man8/sss_debuglevel.8* +%{_mandir}/man8/sssd_krb5_locator_plugin.8* +%{python_sitearch}/pysss.so +%{python_sitelib}/*.py* + + +%files client -f sss_client.lang +%defattr(-,root,root,-) +/%{_lib}/libnss_sss.so.2 +/%{_lib}/security/pam_sss.so +%{_mandir}/man8/pam_sss.8* + +%files -n libdhash +%defattr(-,root,root,-) +%doc common/dhash/COPYING +%doc common/dhash/COPYING.LESSER +%{_libdir}/libdhash.so.1 +%{_libdir}/libdhash.so.1.0.0 + +%files -n libdhash-devel +%defattr(-,root,root,-) +%{_includedir}/dhash.h +%{_libdir}/libdhash.so +%{_libdir}/pkgconfig/dhash.pc +%doc common/dhash/README +%doc common/dhash/examples + +%post +/sbin/ldconfig +/sbin/chkconfig --add %{servicename} +if [ $1 -ge 2 ] ; then +# a one-time upgrade from confdb v1 to v2, only if upgrading + python %{_libexecdir}/%{servicename}/upgrade_config.py +fi + +%preun +if [ $1 = 0 ]; then + /sbin/service %{servicename} stop 2>&1 > /dev/null + /sbin/chkconfig --del %{servicename} +fi + +%postun +/sbin/ldconfig +if [ $1 -ge 1 ] ; then + /sbin/service %{servicename} condrestart 2>&1 > /dev/null +fi + +%post client -p /sbin/ldconfig + +%postun client -p /sbin/ldconfig + +%post -n libdhash -p /sbin/ldconfig + +%postun -n libdhash -p /sbin/ldconfig + +%changelog +* Mon Sep 28 2009 Sumit Bose - 0.6.0-0 +- New upstream release 0.6.0 + +* Fri Sep 25 2009 Simo Sorce - 0.5.0-1 +- Split package into server and clients components +- Convert to new config file format + +* Wed Sep 02 2009 Stephen Gallagher - 0.5.0-0 +- New upstream release 0.5.0 + +* Mon May 18 2009 Stephen Gallagher - 0.4.0-1 +- Convert build system to automake + +* Mon Apr 20 2009 Jakub Hrozek - 0.3.2-1 +- bugfix release 0.3.2 + +* Mon Apr 13 2009 Simo Sorce - 0.3.1-1 +- bugfix release + +* Sun Apr 12 2009 Stephen Gallagher - 0.3.0-2 +- Remove InfoPipe from RPM build + +* Sun Apr 12 2009 Stephen Gallagher - 0.3.0-1 +- Convert to using /etc/sssd/sssd.conf for configuration + +* Tue Mar 10 2009 Simo Sorce - 0.2.1-1 +- Bump up to version 0.2.1 + +* Fri Mar 06 2009 Jakub Hrozek - 0.1.0-4 +- fixed items found during review +- added initscript + +* Thu Mar 05 2009 Sumit Bose - 0.1.0-3 +- added sss_client + +* Mon Feb 23 2009 Jakub Hrozek - 0.1.0-2 +- Small cleanup and fixes in the spec file + +* Thu Feb 12 2009 Stephen Gallagher - 0.1.0-1 +- Initial release (based on version 0.1.0 upstream code) --- sssd-1.9.1.orig/debian/libpam-sss.prerm +++ sssd-1.9.1/debian/libpam-sss.prerm @@ -0,0 +1,5 @@ +#! /bin/sh -e + +pam-auth-update --package --remove sss + +#DEBHELPER# --- sssd-1.9.1.orig/debian/changelog +++ sssd-1.9.1/debian/changelog @@ -0,0 +1,562 @@ +sssd (1.9.1-0ubuntu1.3) quantal-proposed; urgency=low + + * rules: Really install the new pam-auth-update file for password + changes. (LP: #1086272) + * rules: Pass --datadir, so the path in autogenerated python files is + correctly substituted. (LP: #1079938) + + -- Timo Aaltonen Wed, 06 Feb 2013 01:13:23 +0200 + +sssd (1.9.1-0ubuntu1.2) quantal-proposed; urgency=low + + * fix-linking.diff: Link sss_ssh_autorizedkeys and + sss_ssh_knownhostsproxy with -lpthread (FTBFS). + + -- Timo Aaltonen Sat, 26 Jan 2013 23:42:16 +0200 + +sssd (1.9.1-0ubuntu1.1) quantal-proposed; urgency=low + + * libpam-sss.pam-auth-update*: Add a separate file for the password stack, + and drop it from the main file. It needs to have a higher priority + from the rest so that password changes work with both the default install + and when pam_cracklib is installed. + (LP: #1086272) + * rules: Drop remnants of cdbs, use proper paths for configure. + (LP: #1079938) + * fix-cve-2013-0219-1.diff, fix-cve-2013-0219-2.diff: + Fix race conditions when creating or removing home directories for + users in local domain. (LP: #1105893) + * fix-cve-2013-0220.diff: + Fix out-of-bounds reads in autofs and ssh responder. (LP: #1105898) + + -- Timo Aaltonen Fri, 04 Jan 2013 12:41:35 +0200 + +sssd (1.9.1-0ubuntu1) quantal; urgency=low + + * Merge from unreleased debian git + - bugfix release 1.9.1 + * Revert the PAC responder changes to packaging for now, since samba4 is + in universe. + + -- Timo Aaltonen Mon, 08 Oct 2012 12:21:50 +0300 + +sssd (1.9.0-0ubuntu1) quantal; urgency=low + + * Merge from unreleased debian git. + - final 1.9.0 release + + -- Timo Aaltonen Mon, 01 Oct 2012 10:25:23 +0300 + +sssd (1.9.1-1) UNRELEASED; urgency=low + + * New upstream release 1.9.1. Highlights: + - Add native support for autofs to the IPA provider + - Support for ID-mapping when connecting to Active Directory + - Support for handling very large (> 1500 users) groups in Active + Directory + - Support for sub-domains (will be used for dealing with trust + relationships) + - Add a new fast in-memory cache to speed up lookups of cached data + on repeated requests + - Add support for the Kerberos DIR cache for storing multiple TGTs + automatically + - Major performance enhancement when storing large groups in the cache + - Major performance enhancement when performing initgroups() against + Active Directory + - SSSDConfig data file default locations can now be set during + configure for easier packaging + - Add a new PAC responder for dealing with cross-realm Kerberos trusts + - Terminate idle connections to the NSS and PAM responders + - Switch from libunistring to glib2 for unicode support + - Add a new AD provider to improve integration with Active Directory + 2008 R2 or later servers + - SUDO integration was completely rewritten. The new implementation + works with multiple domains and uses an improved refresh mechanism to + download only the necessary rules + - The IPA authentication provider now supports subdomains + - Fixed regression for setups that were setting default_tkt_enctypes + manually by reverting a previous workaround. + - Many fixes for the support for setting default SELinux user context + from FreeIPA, most notably fixed the specificity evaluation + - Fixed an incorrect default in the krb5_canonicalize option of the AD + provider which was preventing password change operation + - The shadowLastChange attribute value is now correctly updated with the + number of days since the Epoch, not seconds + - A new option, override_shell was added. If this option is set, all + users managed by SSSD will have their shell set to its value. + - Many fixes for the support for setting default SELinux user context + from FreeIPA. Most notably, the SELinux mappings can now link to HBAC + rules as the source of users and hosts they apply to. + - Fixed a regression introduced in beta 5 that prevented LDAP SASL binds + from working unless the value of ldap_sasl_minssf was explicitly + specified. + - The SSSD supports the concept of a Primary Server and a Back Up + Server. Certain servers in the fail over list can be marked as back up + only. If the SSSD switches to a back up server because a primary server + is not available, it would later try to re-establish a connection to the + primary server. This feature would mainly benefit users who configure + fail over servers from different data centers or geographies. + - A new command-line tool sss_seed is available. This tool is able to + prime the internal cache with a user record and a cached password to + support the scenario when a user needs to log in to the client before + the network connection to the centralized identity source is established, + such as the first log in to a new machine. + - In scenarios, where the SSSD is acting as an IPA client, it is able to + discover and save the DNS domain-Kerberos realm mappings between an IPA + server and a trusted Active Directory server. + - When the SSSD is unable to resolve a host name, it tries the next + configured server now instead of going offline + * Update the packaging for the new version, thanks Esko Järnfors! + - Add libsss-idmap0, libsss-idmap-dev packages + - Add sssd Depends on libsss-idmap0 + - Add /var/lib/sss/mc directory for the new mmap cache + * control: Drop libunistring-dev from build-depends and add libglib2.0-dev + for unicode support. + * sssd.install, sssd-tools.install: Add sssd-ad.5*, sssd-sudo.5* to + sssd.install, and sss_seed{,.8*) to sssd-tools. + * python-sss.install: py-files got moved under SSSDConfig. + * control, rules: Use default build flags, bump dpkg-dev build-dep to + 1.16.1~. + * Bump libsss-sudo soname. + * rules: Install the apparmor profile with -m644. + * python-sss: Add pysss_murmur.so. + * rules, control, sssd.install: PAC responder support. + - Add libndr-dev, libndr-standard-dev, libsamba-util-dev, samba4-dev, + libdcerpc-dev to build-depends + - Add -I/usr/include/samba-4.0 to CFLAGS + * control: Mark sssd as Multi-Arch: foreign. + + -- Timo Aaltonen Thu, 24 May 2012 14:46:39 +0300 + +sssd (1.8.4-2) UNRELEASED; urgency=low + + * rules: Fix the current date format, and move the date mangling to + happen before dh_install is run. (Closes: #670019) + * sssd.{preinst,postrm}: Install the apparmor profile in force-complain + mode on install, and remove the profile directory on purge (if empty). Also + migrate from previous setup which installed it as disabled. + + -- Timo Aaltonen Tue, 05 Jun 2012 11:39:33 +0300 + +sssd (1.8.4-1ubuntu1) quantal; urgency=low + + * Merge from Debian unstable, remaining changes: + - control, rules: Drop libsemanage-dev from build-depends, it's not + in main. Configure --with-semanage=no. + + -- Timo Aaltonen Mon, 04 Jun 2012 09:51:20 +0300 + +sssd (1.8.4-1) unstable; urgency=low + + * New upstream bugfix release 1.8.2. + - Several fixes to case-insensitive domain functions + - Fix for GSSAPI binds when the keytab contains unrelated + principals + - Fixed several segfaults + - Workarounds added for LDAP servers with unreadable RootDSE + - SSH knownhostproxy will no longer enter an infinite loop + preventing login + - The provided SYSV init script now starts SSSD earlier at startup + and stops it later during shutdown + - Assorted minor fixes for issues discovered by static analysis + tools + * New upstream bugfix release 1.8.3. + - Numerous manpage and translation updates + - LDAP: Handle situations where the RootDSE isn't available anonymously + - LDAP: Fix regression for users using non-standard LDAP attributes for + user information + * New upstream bugfix release 1.8.4. (LP: #981125, #985031) + - Fix a bug causing AD servers not to fail over properly when the KDC + on the primary server is down + - Fix an endianness bug on big-endian systems when looking up services + - Fix a segfault dealing with nested groups (LP: #981125) + - Make the nowait cache updates work for netgroups + - Fix a regression that broke domains with use_fully_qualified_names = True + (LP: #985031) + * control: Move the dependency of libsasl2-modules-gssapi-mit to + Recommends. + * control: sssd works with Heimdal gssapi modules too, add + libsasl2-modules-gssapi-mit as an option for the Recommends. + (LP: #966146) + * libpam-sss.pam-auth-update: + - Drop the dependency to 128, since pam_sss should always be below + pam_unix. (LP: #957486) + - Drop 'use_authtok' from the password stack, since it only works when + pam_cracklib is installed. This will allow password changes on the + default install. + * sssd.postrm: Try to remove /etc/sssd only if it exists. + (Closes: #666226) + * Add disabled by default Apparmor profile (LP: #933342) + - debian/sssd.upstart.in: load the profile during pre-start + - add debian/apparmor-profile, install to /etc/apparmor.d + - debian/rules: use dh_apparmor to install profile before sssd is + restarted + - debian/control: sssd Suggests apparmor (>= 2.3) + - debian/control: Add dh-apparmor to build-depends + - debian/sssd.preinst: disable profile on clean install or upgrades + from earlier than when we shipped the profile + * rules: Mangle the date stamp on pam_sss.8 so that the compressed file is + identical across all archs. (Closes: #670019) + * control: Add build-depends on libnl-dev to enable Netlink support. + * control: Add build-depends on libkeyutil-dev to enable support for + kernel keyring manipulation. + * sssd.logrotate: Rotate logs weekly, keep four previous rotations. + (Closes: #672984) + * sssd.upstart.in: Delete an invisible control character from the pre-start + script. (LP: #1003845) + + -- Timo Aaltonen Fri, 01 Jun 2012 11:43:42 +0300 + +sssd (1.8.3-0ubuntu1) quantal; urgency=low + + * Merge from Debian git, remaining changes: + - control, rules: Drop libsemanage-dev from build-depends, it's not + in main. Configure --with-semanage=no. + + -- Timo Aaltonen Thu, 24 May 2012 14:02:36 +0300 + +sssd (1.8.1-0ubuntu1) precise; urgency=low + + * Merge from debian git. + * New upstream bugfix release + - Resolve issue where we could enter an infinite loop trying to + connect to an auth server. + - Fix serious issue with complex (3+ levels) nested groups. + - Fix netgroup support for case-insensitivity and aliases. + - Fix serious issue with lookup bundling resulting in requests never + completing. + - IPA provider will now check the value of nsAccountLock during. + pam_acct_mgmt in addition to pam_authenticate. + - Fix several regressions in the proxy provider. + + -- Timo Aaltonen Tue, 13 Mar 2012 14:08:02 +0200 + +sssd (1.8.0-0ubuntu1) precise; urgency=low + + * Merge from debian git. + - update to 1.8.0 LTM release (Long Term Maintenance). + + -- Timo Aaltonen Thu, 01 Mar 2012 10:38:52 +0200 + +sssd (1.8.0~beta3-0ubuntu1) precise; urgency=low + + * Merge from debian git. + * control: lower the Breaks/Replaces to match this upload. + * control,rules : Drop libsemanage-dev from build-depends, it's not in main + and will not be for precise. Configure --with-semanage=no. + + -- Timo Aaltonen Thu, 16 Feb 2012 17:57:51 +0200 + +sssd (1.8.1-1) unstable; urgency=low + + * New maintainer, Debian SSSD Team. (Closes: #660985) + + [ Timo Aaltonen ] + * New upstream release (1.8.1) (Closes: #647980, #624194, #639965) + - Support for the service map in NSS + - Support for setting default SELinux user context from FreeIPA + - Support for retrieving SSH user and host keys from LDAP (Experimental) + - Support for caching autofs LDAP requests (Experimental) + - Support for caching SUDO rules (Experimental) + * Update build-deps: + - Add libunistring-dev, libdhash-dev, libcollection-dev and + libini-config-dev. + - Add check for unit tests. + - Drop cvs and python-central. + - Migrate to dh, drop cdbs build-dep, add quilt, dh-autoreconf and + autopoint to build-deps. + * Add new packages: + - libipa-hbac0, libipa-hbac-dev, libsss-sudo0, libsss-sudo-dev, + and python-libipa-hbac. + - Split sssd-tools: add Breaks/Replaces sssd (<< 1.8.0~beta3-1) and + add to sssd Suggests + * Drop patch to ensure LDAP authentication never accept a zero + length password, which is now included upstream. + * sssd.upstart.ubuntu: + - Don't start before net-device-up. (LP: 812943) + - Source /etc/default/sssd. (LP: 812943) + * sssd.default: Added a file to include the sssd daemon defaults, + currently has '-D -f'. + * sssd.init: Drop separate OPTIONS, '-D' comes from /etc/default/sssd + now.. + * rules: Install the Python API files to /usr/share/sssd, as discussed + with upstream. (LP: 859611) + * fix-python-api-path.dpatch: Use the new location for the API files. + (LP: 859611) + * libpam-sss.pam-auth-update: + - Add 'forward_pass' to auth stack to fix ecryptfs mounts. (LP: 826643) + - Add pam_localuser.so to account stack to allow local users to log in. + (LP: 860488) + * control: sssd now Recommends libpam-sss and libnss-sss, since sssd is + mostly useless without them. (LP: 767337) + * control, compat: Bump debhelper build-dep and compat level to 8. + * Switch patch-system to quilt. + * Do not install a working config file by default. The local domain + definition was broken (upstream #1014). The daemon will need to be + configured by other means before it's usable. + * Add support for Multi-Arch (Closes: #634123). + * Remove unnecessary libnss-sss.links. + * libnss-sss.overrides: Add an override for + "package-name-doesnt-match-sonames". + * Determine the used init system during build, add lsb-release to + build-deps. Default to sysvinit, use upstart if Ubuntu. + * sssd.upstart.in: Test if the config file exists, and exit if not. + * Fail gracefully if invoke-rc.d returns an error on postinst/prerm, like + when the daemon fails to start when there is no config file. + * sssd.init.in: Check that /etc/default/sssd is a real file before sourcing + it (Closes: #587895). + * control: Add libsasl2-modules-gssapi-mit and libsasl2-modules-ldap to + Recommends for sssd. + * rules: Move the rule for purging .la files before dh_install + (Closes: #633206). + * sssd.install: Fix the wildcard for plugins to include .so symlinks. + * rules: Add configure flags + - Disable RPATH + - Disable building static libs + - Enable ssh user and host key retrieval, autofs request + and sudo rules caching. The respective packages need to add support + for these to be useful. + * Drop fix-python-api-path.patch, included upstream. + * sssd.examples: Install the renamed example config. + * rules: Drop special handling of the sssd.api.d, upstream uses + the proper path now. + * rules: Add --fail-missing to dh_install. + * sssd.install: Add new files. + * libpam-sss.install, control: Move pam_sss.8 to the correct package, + add Breaks/Replaces. + * rules: Remove some files we don't want to install, to make dh_install + happy. + * rules: Clean po/*.gmo, po/stamp-po and *.pyc. + * Install lintian overrides using dh_lintian. + * {sssd,libnss-sss}.lintian-overrides: Update. + * Move libsasl2-modules-gssapi to sssd Depends to make sure it gets + installed, as it's needed in most cases. + * control: Update maintainer address and repo location. + * control: Bump the Standards-Version to 3.9.3, no changes. + * control: Bump the debhelper build-dep to 9. + * control: Add ${misc:Depends} to libipa-hbac*, libsss-sudo*. + * control, rules: Migrate to dh_python2 (Closes: #617071). + * control: Add myself to uploaders. + + [ Petter Reinholdtsen ] + * New upstream version 1.2.4: + - Resolves long-standing issues related to group processing with + RFC2307bis LDAP servers. + - Fixed bugs in RFC2307bis group memberships related to initgroups + (Closes: #595564). + - Fix tight-loop bug on systems with older OpenLDAP client + libraries (such as Red Hat Enterprise Linux 5) + * New Upstream Version 1.2.3: + - Resolves CVE-2010-2940. + * New Upstream Version 1.2.2: + - The LDAP provider no longer requires access to the LDAP + RootDSE. If it is unavailable, we will continue on with our best + guess. + - The LDAP provider will now log issues with TLS and GSSAPI to the + syslog. + - Significant performance improvement when performing initgroups + on users who are members of large groups in LDAP. + - The sss_client will now reconnect properly to the SSSD if the + daemon is restarted. + * This resolves an issue causing GDM to crash when logging out + of a user after the SSSD had been restarted. + * Correct package description for python-sss (Closes: #596215). + * Update Standards-Version from 3.8.4 to 3.9.1. No changes needed. + + [ Stéphane Graber ] + * Fix prerm invoke_failure hook to simply return as empty functions + are invalid shell syntax. + + -- Timo Aaltonen Thu, 22 Mar 2012 13:28:27 +0200 + +sssd (1.2.1-4.4) unstable; urgency=low + + * Non-maintainer upload. + * Fix FTBFS with -Werror=format-security. Thanks Philippe De Swert for patch. + (Closes: #643806). + + -- Hector Oron Sun, 19 Feb 2012 19:33:04 +0000 + +sssd (1.2.1-4.3) unstable; urgency=medium + + * Non-maintainer upload. + * Adjust install path to consider GNU triplet (Closes: #640626). + + -- Luca Falavigna Tue, 20 Sep 2011 20:02:34 +0200 + +sssd (1.2.1-4.2) unstable; urgency=low + + * Non-maintainer upload. + * debian/sssd.install + - updated location for ldb modules; Closes: #618159 + + -- Sandro Tosi Fri, 03 Jun 2011 23:53:59 +0200 + +sssd (1.2.1-4.1) unstable; urgency=medium + + * Non-maintainer upload by the Security Team + * Fix CVE-2010-4341 (Closes: #610032) + + -- Moritz Muehlenhoff Tue, 25 Jan 2011 22:09:21 +0100 + +sssd (1.2.1-4) unstable; urgency=low + + * Add patch from Stephen Gallagher to ensure LDAP authentication + never accept a zero length password (Closes: #594413). Solves + CVE-2010-2940. + + -- Petter Reinholdtsen Wed, 25 Aug 2010 22:33:40 +0200 + +sssd (1.2.1-3) unstable; urgency=low + + [ Petter Reinholdtsen ] + * Look for /etc/default/sssd, not /etc/defaults/sssd in init.d + script (Closes: #588252). + * Make sssd.conf generation more robust, and make sure missing SRV + records are ignored and not handled as host names. + * Add code in generate-config to look up Kerberos realm using + _kerberos TXT record in DNS if it exist. + * Recommend bind9-host used by generate-config for SRV and TXT + lookups. + + [ Morten Werner Forsbring ] + * Check if /etc/default/sssd is a file and executable, not a directory, + before sourcing in init-script. Thanks to lintian. + + -- Morten Werner Forsbring Thu, 12 Aug 2010 16:31:14 +0200 + +sssd (1.2.1-2) unstable; urgency=low + + * Make sure init.d script sources /etc/default/sssd (Closes: #588252). + * Drop /etc/default/sssd from package, to avoid conffile question + from dpkg during upgrades. + * Make sure to only remove obsolete sssd conffiles on upgrades, not + on first time installation. + * Add new script generate-config and call it from the sssd postinst + during first time installation to try to generate the sssd.conf + file dynamically for LDAP and Kerberos using DNS entries, and fall + back to the static example configuration if this fail. + * Let sssd suggest libnss-sss and libpam-sss, to make those + installing sssd aware of the other packages. + * Add netgroup to nsswitch.conf entries added at first time + installation, to make sure those installing now get working + netgroups when sssd get netgroup support + * Let sssd recommend ldap-utils as ldapsearch is used for generating + the configuration. + + -- Petter Reinholdtsen Fri, 06 Aug 2010 23:44:26 +0200 + +sssd (1.2.1-1) unstable; urgency=low + + [ Petter Reinholdtsen ] + * Move calls to pam-auth-update from the package scripts in sssd to + libpam-sss, and correct prerm call to remove the correct pam config. + Add versioned dependency on libpam-runtime to make sure + pam-auth-update is available. + * Add code to the postinst and postrm of libnss-sss to update + passwd, group and shadow entries in /etc/nsswitch.conf. + * Make sure init.d/sssd start after $named, to ensure it can look up + in DNS also when the DNS server is on the local machine. + + [ Morten Werner Forsbring ] + * New upstream release. + + -- Morten Werner Forsbring Thu, 24 Jun 2010 14:16:30 +0200 + +sssd (1.2.0-1) unstable; urgency=low + + [ Petter Reinholdtsen ] + * New upstream release. + - Add libsemanage1-dev as build dependency, as it is now required. + - Drop python-build-with-deb-layout.dpatch, now handled upstream. + - Adjust provide-default-working-sssd-config-file.dpatch to + work with new package source layout and config file content. + - Adjust build rules to cope with server/ changing to src/ in the + source tarball. + - Add --enable-krb5-locator-plugin to keep building the plugin. + * Change the pam-auth-update configuration to make the session + script optional instead of sufficient, to make sure the other + session modules are executed too. + * Change initial pam password entry from requisite to sufficient, + to make sure local users can have their password set even if + sssd is enabled. + * Rename pam-configs/sssd to pam-configs/sss, to have a name that + is consistent with the package name libpam-sss. + * Add VCS links to the GIT repository. + * Move configuration API documentation from /etc/sssd/ to + /usr/share/doc/sssd/. It is not configuration and do not belong + in /etc/. + * Drop autoconf, automake, libtool, m4 and autotools-dev from + build-depends. There is no need to regenerate the build files any + more. + + [ Morten Werner Forsbring ] + * Add dnsutils as build-dependency. + + -- Morten Werner Forsbring Tue, 01 Jun 2010 20:41:59 +0200 + +sssd (1.0.5-1) unstable; urgency=low + + * Initial upload based on package from Ubuntu (Closes: #579593). + * Update standards-version from 3.8.3 to 3.8.4. No changes needed. + * Add init.d script and rename sssd.upstart to sssd.upstart.ubuntu + to make sure init.d script is installed instead of upstart job. + * Add draft pam-auth-update configuration based on proposals in + Launcepad bug #557398. + * Update address to FSF in copyright file. Thanks lintian. + * Set section for python-sss to python after advice from lintian. + * Rewrite python-build-with-deb-layout.dpatch to patch Makefile.in + instead of Makefile.am, to avoid having to run autoreconf. + * Make sssd depend on python for its upgrade script. + * Extend clean rule to remove generated file server/config/.files. + * Make sure sssd.api.conf is installed into the sssd package, and + put it in /etc/sssd/sssd.api.conf. Fixes typo in Ubuntu package. + + -- Petter Reinholdtsen Wed, 05 May 2010 21:53:29 +0200 + +sssd (1.0.5-0ubuntu1) lucid; urgency=low + + * New upstream bugfix release. (LP: #510290) + * sssd.dirs: Add /var/lib/sss/pubconf (LP: #557394) + + -- Timo Aaltonen Fri, 16 Apr 2010 11:37:16 +0300 + +sssd (1.0.2-0ubuntu2) lucid; urgency=low + + * No change rebuild due to libldb downgrade + + -- Scott Kitterman Fri, 02 Apr 2010 17:48:19 -0400 + +sssd (1.0.2-0ubuntu1) lucid; urgency=low + + * New upstream release (LP: #473262): + - python API for managing sssd daemon configuration and + native SSSD users. + - support for asynchronous cache refreshes. + - support password changing in LDAP and Kerberos providers. + - support for server failover. + * debian/control: + - update tdb build dependency to use libtdb-dev. + - add libselinux1-dev and libsasl2-dev build dependencies. + * debian/sssd.upstart: replace init script with an upstart job. + * Turn sssd.conf into a configuration file. + * Create sssd log directory. + + -- Mathias Gug Tue, 19 Jan 2010 15:17:13 -0500 + +sssd (0.5.0-0ubuntu2) karmic; urgency=low + + * debian/libnss-sss.overrides, debian/sssd.overrides: + + Fix linitian errors and warnings (LP: #425697): + sssd ships an nss library - these are false-positives. + * debian/fix-dbus-watch.dpatch: Update dbus-patch to final + upstream version. + * debian/fix-proxy-segfault.dpatch: Fix proxy enumeration. + + -- Mathias Gug Wed, 09 Sep 2009 20:21:04 -0400 + +sssd (0.5.0-0ubuntu1) karmic; urgency=low + + * Initial release. + + -- Mathias Gug Mon, 24 Aug 2009 16:35:11 -0400 --- sssd-1.9.1.orig/debian/sssd.postinst +++ sssd-1.9.1/debian/sssd.postinst @@ -0,0 +1,59 @@ +#!/bin/sh +# postinst script for sssd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +case "$1" in + configure) + # Try to autogenerate a configuration file on package install + if [ -z "$2" ] && [ ! -e /etc/sssd/sssd.conf ]; then + /usr/lib/sssd/generate-config > /etc/sssd/sssd.conf.new + if [ ! -s /etc/sssd/sssd.conf.new ] ; then + rm /etc/sssd/sssd.conf.new + else + mv /etc/sssd/sssd.conf.new /etc/sssd/sssd.conf + chmod 0600 /etc/sssd/sssd.conf + fi + fi + # Fix configuration file on package upgrade + if dpkg --compare-versions "$2" lt-nl 1.0.2-0ubuntu1; then + /usr/lib/sssd/sssd/upgrade_config.py + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +invoke_failure() { + # invoke-rc.d failed, likely because of a missing sssd.conf + if [ ! -s /etc/sssd/sssd.conf ]; then + echo "... because /etc/sssd/sssd.conf is not available yet" + fi +} + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- sssd-1.9.1.orig/debian/compat +++ sssd-1.9.1/debian/compat @@ -0,0 +1 @@ +8 --- sssd-1.9.1.orig/debian/sssd.preinst +++ sssd-1.9.1/debian/sssd.preinst @@ -0,0 +1,61 @@ +#!/bin/sh + +set -e + +# Remove a no-longer used conffile +# Copied from http://wiki.debian.org/DpkgConffileHandling +rm_conffile() { + local PKGNAME="$1" + local CONFFILE="$2" + + [ -e "$CONFFILE" ] || return 0 + + local md5sum="$(md5sum $CONFFILE | sed -e 's/ .*//')" + local old_md5sum="$(dpkg-query -W -f='${Conffiles}' $PKGNAME | \ + sed -n -e "\' $CONFFILE ' { s/ obsolete$//; s/.* //; p }")" + if [ "$md5sum" != "$old_md5sum" ]; then + echo "Obsolete conffile $CONFFILE has been modified by you." + echo "Saving as $CONFFILE.dpkg-bak ..." + mv -f "$CONFFILE" "$CONFFILE".dpkg-bak + else + echo "Removing obsolete conffile $CONFFILE ..." + mv -f "$CONFFILE" "$CONFFILE".dpkg-del + fi +} + +APP_PROFILE="usr.sbin.sssd" +APP_CONFFILE="/etc/apparmor.d/$APP_PROFILE" +APP_COMPLAIN="/etc/apparmor.d/force-complain/$APP_PROFILE" +APP_DISABLE="/etc/apparmor.d/disable/$APP_PROFILE" + +inst_complain_profile() { + # Create a symlink to the yet-to-be-unpacked profile + mkdir -p `dirname $APP_COMPLAIN` 2>/dev/null || true + ln -sf $APP_CONFFILE $APP_COMPLAIN +} + +case "$1" in +install) + # Force the AppArmor profile to complain mode on install + inst_complain_profile + ;; +upgrade) + if dpkg --compare-versions "$2" le "1.0.5-1"; then + rm_conffile sssd "/etc/sssd/sssd.api.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-proxy.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-simple.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ipa.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-local.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-krb5.conf" + rm_conffile sssd "/etc/sssd/sssd.api.d/sssd-ldap.conf" + fi + if dpkg --compare-versions "$2" lt "1.8.4-2"; then + inst_complain_profile + if [ -e "$APP_DISABLE" ]; then + rm -f "$APP_DISABLE" + fi + fi + ;; +esac + +#DEBHELPER# --- sssd-1.9.1.orig/debian/sssd.prerm +++ sssd-1.9.1/debian/sssd.prerm @@ -0,0 +1,16 @@ +#! /bin/sh -e + +invoke_failure() { + # invoke-rc.d failed + return +} + +if [ "$1" = "purge" ]; then + APP_PROFILE="usr.sbin.sssd" + rm -f /etc/apparmor.d/force-complain/$APP_PROFILE >/dev/null 2>&1 || true + rm -f /etc/apparmor.d/disable/$APP_PROFILE >/dev/null 2>&1 || true + rmdir /etc/apparmor.d/disable >/dev/null 2>&1 || true +fi + +#DEBHELPER# + --- sssd-1.9.1.orig/debian/libpam-sss.pam-auth-update-password +++ sssd-1.9.1/debian/libpam-sss.pam-auth-update-password @@ -0,0 +1,9 @@ +Name: SSS password change +Default: yes +Priority: 512 + +Password-Type: Primary +Password: + sufficient pam_sss.so use_authtok +Password-Initial: + sufficient pam_sss.so --- sssd-1.9.1.orig/debian/libnss-sss.lintian-overrides +++ sssd-1.9.1/debian/libnss-sss.lintian-overrides @@ -0,0 +1 @@ +package-name-doesnt-match-sonames libnss-sss2 --- sssd-1.9.1.orig/debian/sssd.dirs +++ sssd-1.9.1/debian/sssd.dirs @@ -0,0 +1,8 @@ +etc/sssd +var/lib/sss +var/lib/sss/db +var/lib/sss/mc +var/lib/sss/pipes +var/lib/sss/pipes/private +var/lib/sss/pubconf +var/log/sssd --- sssd-1.9.1.orig/debian/rules +++ sssd-1.9.1/debian/rules @@ -0,0 +1,74 @@ +#!/usr/bin/make -f +%: + dh $@ --with quilt,autoreconf,python2 --builddirectory=build + +DPKG_EXPORT_BUILDFLAGS = 1 +include /usr/share/dpkg/buildflags.mk + +#CFLAGS = $(shell dpkg-buildflags --get CFLAGS) +#CFLAGS += -I/usr/include/samba-4.0 + +APIDOCDIR = /usr/share/sssd +DISTRIBUTION = $(shell lsb_release -i | sed 's/.*:\t//') +INIT = init +PKGDATE = $(shell dpkg-parsechangelog | \ + awk -F" " '/^Date/ { print $$4 "/" $$3 "/" $$5 }' | \ + sed 's/Jan/01/;s/Feb/02/;s/Mar/03/;s/Apr/04/;s/May/05/;s/Jun/06/;s/Jul/07/;s/Aug/08/;s/Sep/09/;s/Oct/10/;s/Nov/11/;s/Dec/12/;s/\//\\\//g') +CURDATE = $(shell date +%m/%d/%Y | sed 's/\//\\\//g') + +ifeq ($(DISTRIBUTION), Ubuntu) + INIT = upstart +endif + +override_dh_auto_configure: + dh_auto_configure -- --enable-krb5-locator-plugin \ + --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ + --datadir=/usr/share/ \ + --with-ldb-lib-dir=/usr/lib/$(DEB_HOST_MULTIARCH)/ldb/modules/ldb \ + --with-krb5-plugin-path=/usr/lib/$(DEB_HOST_MULTIARCH)/krb5/plugins/libkrb5 \ + --enable-nsslibdir=/lib/$(DEB_HOST_MULTIARCH) \ + --enable-pammoddir=/lib/$(DEB_HOST_MULTIARCH)/security \ + --disable-static \ + --disable-rpath \ + --with-semanage=no \ + --with-autofs \ + --with-ssh \ + --with-sudo + +override_dh_install: + install -D -m755 $(CURDIR)/debian/generate-config \ + $(CURDIR)/debian/tmp/usr/lib/sssd/generate-config + + mkdir -p $(CURDIR)/debian/libpam-sss/usr/share/pam-configs + install -m644 debian/libpam-sss.pam-auth-update \ + $(CURDIR)/debian/libpam-sss/usr/share/pam-configs/sss + install -m644 debian/libpam-sss.pam-auth-update-password \ + $(CURDIR)/debian/libpam-sss/usr/share/pam-configs/sss-password + install -m644 -D $(CURDIR)/debian/apparmor-profile \ + $(CURDIR)/debian/sssd/etc/apparmor.d/usr.sbin.sssd + + cat $(CURDIR)/debian/sssd.$(INIT).in > $(CURDIR)/debian/sssd.$(INIT) + + # remove files we don't want to install + find $(CURDIR)/debian/tmp/ -name '*.la' -exec rm '{}' ';' + find $(CURDIR)/debian/tmp/ -name '*.pyc' -exec rm '{}' ';' + find $(CURDIR)/debian/tmp/ -name '*.egg-info' -exec rm '{}' ';' + rm -f $(CURDIR)/debian/tmp/etc/rc.d/init.d/sssd + + sed -i 's/${CURDATE}/${PKGDATE}/g' $(CURDIR)/debian/tmp/usr/share/man/man8/pam_sss.8 + + dh_install --fail-missing + +override_dh_python2: + dh_python2 --no-guessing-versions + +override_dh_installinit: + dh_apparmor -psssd --profile-name=usr.sbin.sssd + dh_installinit --error-handler=invoke_failure + +override_dh_auto_clean: + dh_auto_clean + rm -f $(CURDIR)/debian/sssd.$(INIT) + rm -f $(CURDIR)/po/*.gmo + rm -f $(CURDIR)/src/config/*.pyc + rm -f $(CURDIR)/po/stamp-po --- sssd-1.9.1.orig/debian/watch +++ sssd-1.9.1/debian/watch @@ -0,0 +1,7 @@ +# sssd watch control file for uscan +# See uscan(1) for format + +# Compulsory line, this is a version 3 file +version=3 + +https://fedorahosted.org/released/sssd/sssd-(.*)\.tar\.gz --- sssd-1.9.1.orig/debian/sssd.logrotate +++ sssd-1.9.1/debian/sssd.logrotate @@ -0,0 +1,11 @@ +/var/log/sssd/*.log { + rotate 4 + weekly + missingok + notifempty + compress + delaycompress + postrotate + kill -HUP `cat /var/run/sssd.pid` > /dev/null 2>&1 || true + endscript +} --- sssd-1.9.1.orig/debian/sssd.upstart.in +++ sssd-1.9.1/debian/sssd.upstart.in @@ -0,0 +1,28 @@ +# sssd - System Security Services Daemon +# +# Provides a set of daemons to manage access to remote directories and +# authentication mechanisms. It provides an NSS and PAM interface toward +# the system and a pluggable backend system to connect to multiple different +# account sources. + +description "System Security Services Daemon" + +start on (filesystem and net-device-up) +stop on runlevel [06] + +expect fork +respawn + +env DEFAULTFILE=/etc/default/sssd + +pre-start script + test -f /etc/sssd/sssd.conf || { stop; exit 0; } + /lib/init/apparmor-profile-load usr.sbin.sssd +end script + +script + if [ -f "$DEFAULTFILE" ]; then + . "$DEFAULTFILE" + fi + exec sssd $DAEMON_OPTS +end script --- sssd-1.9.1.orig/debian/libpam-sss.postinst +++ sssd-1.9.1/debian/libpam-sss.postinst @@ -0,0 +1,40 @@ +#!/bin/sh +# postinst script for sssd +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + pam-auth-update --package + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- sssd-1.9.1.orig/debian/libsss-idmap-dev.install +++ sssd-1.9.1/debian/libsss-idmap-dev.install @@ -0,0 +1,3 @@ +usr/include/sss_idmap.h +usr/lib/*/libsss_idmap.so +usr/lib/*/pkgconfig/sss_idmap.pc --- sssd-1.9.1.orig/debian/libipa-hbac-dev.install +++ sssd-1.9.1/debian/libipa-hbac-dev.install @@ -0,0 +1,3 @@ +usr/include/ipa_hbac.h +usr/lib/*/libipa_hbac.so +usr/lib/*/pkgconfig/ipa_hbac.pc --- sssd-1.9.1.orig/debian/libnss-sss.postinst +++ sssd-1.9.1/debian/libnss-sss.postinst @@ -0,0 +1,54 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +# This code was taken from libnss-myhostname, which got it from nss-mdns: + +log() { + echo "$*" +} + +# try to insert sss entries to the passwd, group, shadow and netgroup +# lines in /etc/nsswitch.conf to automatically enable libnss-sss +# support; do not change the configuration if the lines already +# references some sss lookups +insert_nss_entry() { + log "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + log "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + sub insert { + # this also splits on tab + my @bits=split(" ", shift); + # do not break configuration if the line already + # references sss + if (grep { $_ eq "sss"} @bits) { + return join " ", @bits; + } + # append sss at the end + push @bits, "sss"; + return join " ",@bits; + } + s/^(passwd:\s+|group:\s+|shadow:\s+|netgroup:\s+)(.*)/$1.insert($2)/e; + ' /etc/nsswitch.conf +} + +action="$1" + +if [ configure = "$action" ]; then + if [ -z "$2" ]; then + log "First installation detected..." + # first install: setup the recommended configuration (unless + # nsswitch.conf already contains sss entries) + insert_nss_entry + else + # upgrade + version="$2" + + # Nothing to do here yet + fi +fi --- sssd-1.9.1.orig/debian/libnss-sss.postrm +++ sssd-1.9.1/debian/libnss-sss.postrm @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +#DEBHELPER# + +# This code was taken from libnss-myhostname, which got it from nss-mdns: + +log() { + echo "$*" +} + +remove_nss_entry() { + log "Checking NSS setup..." + # abort if /etc/nsswitch.conf does not exist + if ! [ -e /etc/nsswitch.conf ]; then + log "Could not find /etc/nsswitch.conf." + return + fi + perl -i -pe ' + my @remove=( + "sss", + ); + sub remove { + my $s=shift; + foreach my $bit (@remove) { + $s=~s/\s+\Q$bit\E//g; + } + return $s; + } + s/^(passwd:|group:|shadow:|netgroup:)(.*)/$1.remove($2)/e; + ' /etc/nsswitch.conf +} + +action="$1" + +if [ "$action" = remove ]; then + remove_nss_entry +fi --- sssd-1.9.1.orig/debian/sssd.docs +++ sssd-1.9.1/debian/sssd.docs @@ -0,0 +1 @@ +BUILD.txt --- sssd-1.9.1.orig/debian/sssd-tools.install +++ sssd-1.9.1/debian/sssd-tools.install @@ -0,0 +1,22 @@ +usr/sbin/sss_cache +usr/sbin/sss_debuglevel +usr/sbin/sss_groupadd +usr/sbin/sss_groupdel +usr/sbin/sss_groupmod +usr/sbin/sss_groupshow +usr/sbin/sss_obfuscate +usr/sbin/sss_seed +usr/sbin/sss_useradd +usr/sbin/sss_userdel +usr/sbin/sss_usermod +usr/share/man/man8/sss_cache.8* +usr/share/man/man8/sss_debuglevel.8* +usr/share/man/man8/sss_groupadd.8* +usr/share/man/man8/sss_groupdel.8* +usr/share/man/man8/sss_groupmod.8* +usr/share/man/man8/sss_groupshow.8* +usr/share/man/man8/sss_obfuscate.8* +usr/share/man/man8/sss_seed.8* +usr/share/man/man8/sss_useradd.8* +usr/share/man/man8/sss_userdel.8* +usr/share/man/man8/sss_usermod.8* --- sssd-1.9.1.orig/debian/python-libipa-hbac.install +++ sssd-1.9.1/debian/python-libipa-hbac.install @@ -0,0 +1 @@ +usr/lib/python*/dist-packages/pyhbac.so --- sssd-1.9.1.orig/debian/copyright +++ sssd-1.9.1/debian/copyright @@ -0,0 +1,223 @@ +This package was debianized by Mathias Gug on +Wed, 05 Aug 2009 08:58:56 +0100. + +It was downloaded from https://fedorahosted.org/sssd/ + +Upstream Authors: + Dmitri Pal + Jakub Hrozek + Simo Sorce + Stephen Gallagher + Sumit Bose + +Copyright: + + Copyright (C) Red Hat 2008, 2009 + + Copyright (C) Dmitri Pal 2009 + Copyright (C) Jakub Hrozek 2009 + Copyright (C) Simo Sorce 2007, 2008, 2009 + Copyright (C) Stephen Gallagher 2008,2009 + Copyright (C) Sumit Bose 2009 + + Copyright (C) Andrew Bartlett 2002 + Copyright (C) Andrew Tridgell 1992-2006 + Copyright (C) James J Myers 2003 + Copyright (C) Jelmer Vernooij 2002, 2006, 2007 + Copyright (C) Jeremy Allison 1998-2002, 2007 + Copyright (C) Martin Pool 2002 + Copyright (C) Michael Adam 2008 + Copyright (C) Tim Potter 2000 + Copyright (c) 1997 Kungliga Tekniska Högskolan + + Copyright (c) 1996-2005, The PostgreSQL Global Development Group + Copyright (c) 1994, The Regents of the University of California + Copyright (c) 1996-2007, PostgreSQL Global Development Group + Copyright (C) 1996-2001 Internet Software Consortium. + + +License: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +The Debian packaging is Copyright (C) Canonical Ltd 2009 and is licensed under +the GPL-3 or later, see `/usr/share/common-licenses/GPL-3'. + +======================== +replace/repdir_getdents.c +replace/test/testsuite.c +replace/test/main.c +replace/getpass.c +replace/replace.c +replace/socketpair.c +replace/inet_ntoa.c +replace/strptime.c +replace/inet_aton.c +replace/dlfcn.c +replace/repdir_getdirentries.c +common/collection/* +common/ini/* +======================== +License: LGPL3 or later - see `/usr/share/common-licenses/LGPL-3'. + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, see . + + +=================== +sss_client/group.c +sss_client/common.c +sss_client/passwd.c +=================== +License: LGPL (v2.1 or later) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Lesser General Public License as + published by the Free Software Foundation; either version 2.1 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, + USA. + + +===================== +replace/getaddrinfo.c +replace/getaddrinfo.h +===================== + + Permission to use, copy, modify, and distribute this software and its + documentation for any purpose, without fee, and without a written agreement + is hereby granted, provided that the above copyright notice and this paragraph + and the following two paragraphs appear in all copies. + + IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR + DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING + LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, + EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + + THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS + ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS + TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. + +=================== +replace/inet_pton.c +replace/inet_ntop.c +=================== +License: ISC + + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + + THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM + DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL + INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING + FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, + NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION + WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +================ +replace/timegm.c +================ +License: BSD (3 clause) + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + 3. Neither the name of the Institute nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +================== +replace/snprintf.c +================== + + This code is based on code written by Patrick Powell (papowell@astart.com) + It may be used for any purpose as long as this notice remains intact + on all source code distributions + +=========================== +sss_client/sss_cli.h +sss_client/protos.h +sss_client/sss_pam_macros.h +sss_client/sss_errno.h +=========================== + + You can used this header file in any way you see fit provided copyright + notices are preserved. + +============================= +server/resolv/ares/ares_dns.h +============================= + + * Permission to use, copy, modify, and distribute this + * software and its documentation for any purpose and without + * fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright + * notice and this permission notice appear in supporting + * documentation, and that the name of M.I.T. not be used in + * advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" + * without express or implied warranty. + +============================= +server/util/nss_sha512crypt.c +============================= + + Released into the Public Domain by Ulrich Drepper . + --- sssd-1.9.1.orig/debian/sssd.install +++ sssd-1.9.1/debian/sssd.install @@ -0,0 +1,22 @@ +usr/bin/sss_ssh_authorizedkeys +usr/bin/sss_ssh_knownhostsproxy +usr/lib/sssd/* +usr/lib/*/ldb/modules/ldb/memberof.so +usr/lib/*/krb5/plugins/libkrb5/* +#usr/lib/*/krb5/plugins/authdata/* +usr/lib/*/sssd/lib*.so* +usr/lib/*/sssd/modules/libsss_autofs.so +usr/share/locale/*/LC_MESSAGES/* +usr/share/sssd/* +usr/sbin/sssd +usr/share/man/man1/sss_ssh_authorizedkeys.1* +usr/share/man/man1/sss_ssh_knownhostsproxy.1* +usr/share/man/man5/sssd.conf.5* +usr/share/man/man5/sssd-ad.5* +usr/share/man/man5/sssd-ipa.5* +usr/share/man/man5/sssd-krb5.5* +usr/share/man/man5/sssd-ldap.5* +usr/share/man/man5/sssd-simple.5* +usr/share/man/man5/sssd-sudo.5* +usr/share/man/man8/sssd.8* +usr/share/man/man8/sssd_krb5_locator_plugin.8* --- sssd-1.9.1.orig/debian/sssd.lintian-overrides +++ sssd-1.9.1/debian/sssd.lintian-overrides @@ -0,0 +1 @@ +manpage-has-errors-from-man usr/share/man/man5/sssd-ldap.5.* --- sssd-1.9.1.orig/debian/apparmor-profile +++ sssd-1.9.1/debian/apparmor-profile @@ -0,0 +1,42 @@ +#include + +/usr/sbin/sssd { + #include + #include + #include + #include + + capability dac_override, + capability dac_read_search, + capability setgid, + capability setuid, + capability sys_nice, + + @{PROC} r, + @{PROC}/[0-9]*/status r, + + /etc/krb5.keytab k, + /etc/ldap/ldap.conf r, + /etc/localtime r, + /etc/shells r, + /etc/sssd/sssd.conf r, + + /usr/sbin/sssd rmix, + /usr/lib/@{multiarch}/ldb/modules/ldb/* m, + /usr/lib/sssd/sssd/* rix, + + /tmp/{,.}krb5cc_* rwk, + + /var/lib/sss/* rw, + /var/lib/sss/db/* rwk, + /var/lib/sss/pipes/* rw, + /var/lib/sss/pipes/private/* rw, + /var/lib/sss/pubconf/* rw, + /var/log/sssd/* rw, + /var/tmp/host_* rw, + + /{,var/}run/sssd.pid rw, + + # Site-specific additions and overrides. See local/README for details. + #include +} --- sssd-1.9.1.orig/debian/sssd.default +++ sssd-1.9.1/debian/sssd.default @@ -0,0 +1,10 @@ +# Defaults for sssd initscript +# sourced by /etc/init.d/sssd +# installed at /etc/default/sssd by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# Additional options that are passed to the Daemon. +DAEMON_OPTS="-D -f" --- sssd-1.9.1.orig/debian/sssd.examples +++ sssd-1.9.1/debian/sssd.examples @@ -0,0 +1 @@ +src/examples/sssd-example.conf --- sssd-1.9.1.orig/debian/sssd.init.in +++ sssd-1.9.1/debian/sssd.init.in @@ -0,0 +1,86 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: sssd +# Required-Start: $remote_fs $syslog +# Required-Stop: $remote_fs $syslog +# Should-Start: $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: System Security Services Daemon +# Description: Provides a set of daemons to manage access to +# remote directories and authentication +# mechanisms. It provides an NSS and PAM interface +# toward the system and a pluggable backend system +# to connect to multiple different account sources. +### END INIT INFO +# start on filesystem +# stop on runlevel [06] + +DESCRIPTION="System Security Services Daemon" +PATH=/bin:/usr/bin:/sbin:/usr/sbin +NAME=sssd +DAEMON_OPTS="" +DAEMON=/usr/sbin/$NAME +PIDFILE=/var/run/$NAME.pid + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +if [ -f /etc/default/sssd ] ; then + . /etc/default/sssd +fi + +initdmain() { + case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESCRIPTION" "$NAME" + start_daemon -p $PIDFILE $DAEMON $DAEMON_OPTS + RC=$? + case "$RC" in + 0) + [ "$VERBOSE" != no ] && log_end_msg $RC + ;; + *) + # Report error also when VERBOSE=no + log_daemon_msg "Starting $DESCRIPTION" "$NAME" + log_end_msg $RC + ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESCRIPTION" "$NAME" + killproc -p $PIDFILE $DAEMON + RC=$? + case "$RC" in + 0) + [ "$VERBOSE" != no ] && log_end_msg $RC + ;; + *) + # Report error also when VERBOSE=no + log_daemon_msg "Stopping $DESCRIPTION" "$NAME" + log_end_msg $RC + ;; + esac + ;; + force-reload|restart) + $0 stop + $0 start + ;; + status) + status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? + ;; + *) + echo "Usage: /etc/init.d/$NAME {start|stop|restart|force-reload|status}" + exit 1 + ;; + esac +} + +initdmain $@ + +exit 0 --- sssd-1.9.1.orig/debian/libipa-hbac0.install +++ sssd-1.9.1/debian/libipa-hbac0.install @@ -0,0 +1 @@ +usr/lib/*/libipa_hbac.so.* --- sssd-1.9.1.orig/debian/README.source +++ sssd-1.9.1/debian/README.source @@ -0,0 +1,58 @@ +This package uses quilt to manage all modifications to the upstream +source. Changes are stored in the source package as diffs in +debian/patches and applied during the build. + +To configure quilt to use debian/patches instead of patches, you want +either to export QUILT_PATCHES=debian/patches in your environment +or use this snippet in your ~/.quiltrc: + + for where in ./ ../ ../../ ../../../ ../../../../ ../../../../../; do + if [ -e ${where}debian/rules -a -d ${where}debian/patches ]; then + export QUILT_PATCHES=debian/patches + break + fi + done + +To get the fully patched source after unpacking the source package, cd to +the root level of the source package and run: + + quilt push -a + +The last patch listed in debian/patches/series will become the current +patch. + +To add a new set of changes, first run quilt push -a, and then run: + + quilt new + +where is a descriptive name for the patch, used as the filename in +debian/patches. Then, for every file that will be modified by this patch, +run: + + quilt add + +before editing those files. You must tell quilt with quilt add what files +will be part of the patch before making changes or quilt will not work +properly. After editing the files, run: + + quilt refresh + +to save the results as a patch. + +Alternately, if you already have an external patch and you just want to +add it to the build system, run quilt push -a and then: + + quilt import -P /path/to/patch + quilt push -a + +(add -p 0 to quilt import if needed). as above is the filename to +use in debian/patches. The last quilt push -a will apply the patch to +make sure it works properly. + +To remove an existing patch from the list of patches that will be applied, +run: + + quilt delete + +You may need to run quilt pop -a to unapply patches first before running +this command. --- sssd-1.9.1.orig/debian/python-sss.install +++ sssd-1.9.1/debian/python-sss.install @@ -0,0 +1,3 @@ +usr/lib/python*/dist-packages/pysss.so +usr/lib/python*/dist-packages/pysss_murmur.so +usr/lib/python*/dist-packages/SSSDConfig/*.py --- sssd-1.9.1.orig/debian/libpam-sss.pam-auth-update +++ sssd-1.9.1/debian/libpam-sss.pam-auth-update @@ -0,0 +1,17 @@ +Name: SSS authentication +Default: yes +Priority: 128 + +Auth-Type: Primary +Auth: + [success=end default=ignore] pam_sss.so use_first_pass +Auth-Initial: + [success=end default=ignore] pam_sss.so forward_pass +Account-Type: Additional +Account: + sufficient pam_localuser.so + [default=bad success=ok user_unknown=ignore] pam_sss.so +Session-Type: Additional +Session-Interactive-Only: yes +Session: + optional pam_sss.so --- sssd-1.9.1.orig/debian/generate-config +++ sssd-1.9.1/debian/generate-config @@ -0,0 +1,136 @@ +#!/bin/sh + +# Generate sssd.conf setup dynamically based on autodetectet LDAP +# and Kerberos server. + +set -e + +# See if we can find an LDAP server. Prefer ldap.domain, but also +# accept SRV records if no ldap.domain server is found. +lookup_ldap_uri() { + domain="$1" + if ping -c2 ldap.$domain > /dev/null 2>&1; then + echo ldap://ldap.$domain + else + host=$(host -N 2 -t SRV _ldap._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}' | head -1) + if [ "$host" ] ; then + echo ldap://$host | sed 's/\.$//' + fi + fi +} + +lookup_ldap_base() { + ldapuri="$1" + defaultcontext="$(ldapsearch -LLL -H "$ldapuri" -x -b '' -s base defaultNamingContext 2>/dev/null | awk '/^defaultNamingContext: / { print $2}')" + if [ -z "$defaultcontext" ] ; then + # If there are several contexts, pick the first one with + # posixAccount or posixGroup objects in it. + for context in $(ldapsearch -LLL -H "$ldapuri" -x -b '' \ + -s base namingContexts 2>/dev/null | \ + awk '/^namingContexts: / { print $2}') ; do + if ldapsearch -LLL -H $ldapuri -x -b "$context" -s sub -z 1 \ + '(|(objectClass=posixAccount)(objectclass=posixGroup))' 2>&1 | \ + egrep -q '^dn:|^Administrative limit exceeded' ; then + echo $context + return + fi + done + fi + echo $defaultcontext +} + +lookup_kerberos_server() { + domain="$1" + if ping -c2 kerberos.$domain > /dev/null 2>&1; then + echo kerberos.$domain + else + host=$(host -t SRV _kerberos._tcp.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1) + if [ "$host" ] ; then + echo $host | sed 's/\.$//' + fi + fi +} + +lookup_kerberos_realm() { + domain="$1" + realm=$(host -t txt _kerberos.$domain | grep -v NXDOMAIN | awk '{print $NF}'|head -1|tr -d '"') + if [ -z "$realm" ] ; then + realm=$(echo $domain | tr a-z A-Z) + fi + echo $realm +} + + +generate_config() { + if [ "$1" ] ; then + domain=$1 + else + domain="$(hostname -d)" + fi + kerberosrealm=$(lookup_kerberos_realm $domain) + ldapuri=$(lookup_ldap_uri "$domain") + if [ -z "$ldapuri" ]; then + # autodetection failed + return + fi + + ldapbase="$(lookup_ldap_base "$ldapuri")" + if [ -z "$ldapbase" ]; then + # autodetection failed + return + fi + kerberosserver=$(lookup_kerberos_server "$domain") + +cat < `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge) + rm -f /etc/sssd/sssd.conf + if [ -d /etc/sssd ]; then + rmdir --ignore-fail-on-non-empty /etc/sssd/ + fi + rm -rf /var/log/sssd/ + ;; + remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 --- sssd-1.9.1.orig/debian/sssd.manpages +++ sssd-1.9.1/debian/sssd.manpages @@ -0,0 +1 @@ +usr/share/man/man*/* --- sssd-1.9.1.orig/debian/control +++ sssd-1.9.1/debian/control @@ -0,0 +1,211 @@ +Source: sssd +Section: utils +Priority: extra +Maintainer: Ubuntu Developers +XSBC-Original-Maintainer: Debian SSSD Team +Uploaders: Timo Aaltonen +Build-Depends: debhelper (>= 9), quilt, dh-autoreconf, autopoint, lsb-release, + dpkg-dev (>= 1.16.1~), + dnsutils, + libpopt-dev, + libdbus-1-dev, + libkeyutils-dev, + libldap2-dev, + libpam-dev, + libnl-dev, + libnss3-dev, + libnspr4-dev, + libpcre3-dev, + libselinux1-dev, + libsasl2-dev, + libtevent-dev, + libldb-dev, + libtalloc-dev, + libtdb-dev, + xml-core, + docbook-xsl, + docbook-xml, + libxml2-utils, + xsltproc, + krb5-config, + libkrb5-dev, + libc-ares-dev, + python-dev (>= 2.6.6-3~), + libdhash-dev, + libcollection-dev, + libini-config-dev, + check, + dh-apparmor, + libglib2.0-dev, +# libndr-dev, +# libndr-standard-dev, +# libsamba-util-dev, +# samba4-dev, +# libdcerpc-dev, +Standards-Version: 3.9.3 +Vcs-Git: git://git.debian.org/git/pkg-sssd/sssd +Vcs-Browser: http://git.debian.org/?p=pkg-sssd/sssd.git +Homepage: https://fedorahosted.org/sssd/ + +Package: sssd +Architecture: any +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${misc:Depends}, python, + python-sss, + libipa-hbac0 (= ${binary:Version}), + libsss-idmap0 (= ${binary:Version}), +Pre-Depends: ${misc:Pre-Depends} +Recommends: ldap-utils, + bind9-host, + libnss-sss, + libpam-sss, + libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal, + libsasl2-modules-ldap, +Suggests: + apparmor, + sssd-tools, +Description: System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provides the daemon. + +Package: sssd-tools +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, + sssd (= ${binary:Version}), + python, +Breaks: sssd (<< 1.8.0~beta3-1) +Replaces: sssd (<< 1.8.0~beta3-1) +Description: System Security Services Daemon -- tools + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provides tools to manage users, groups and nested groups when + using the local id provider. + +Package: libnss-sss +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, perl +Pre-Depends: multiarch-support +Recommends: sssd +Multi-Arch: same +Description: Nss library for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide the nss library to connect to the sssd daemon. + +Package: libpam-sss +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, libpam-runtime (>= 1.0.1-6) +Recommends: sssd +Multi-Arch: same +Breaks: sssd (<< 1.8.0~beta3-1) +Replaces: sssd (<< 1.8.0~beta3-1) +Description: Pam module for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide the pam module to connect to the sssd daemon. + +Package: libipa-hbac0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, +Pre-Depends: multiarch-support +Conflicts: sssd (<< 1.5.15) +Replaces: sssd (<< 1.5.15) +Multi-Arch: same +Description: FreeIPA HBAC Evaluator library + Utility library to validate FreeIPA HBAC rules for authorization requests. + +Package: libipa-hbac-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, libipa-hbac0 (= ${binary:Version}) +Conflicts: sssd (<< 1.5.15) +Replaces: sssd (<< 1.5.15) +Description: FreeIPA HBAC Evaluator library + Utility library to validate FreeIPA HBAC rules for authorization requests. + . + This package contains header files and symlinks to develop programs which will + use the libipa-hbac library. + +Package: libsss-idmap0 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, +Pre-Depends: multiarch-support +Multi-Arch: same +Description: ID mapping library for SSSD + Utility library to convert SIDs to Unix uids and gids. + +Package: libsss-idmap-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, libsss-idmap0 (= ${binary:Version}) +Description: ID mapping library for SSSD -- development files + Utility library to convert SIDs to Unix uids and gids. + . + This package contains header files and symlinks to develop programs which will + use the libsss-idmap library. + +Package: libsss-sudo1 +Section: libs +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, +Pre-Depends: multiarch-support +Multi-Arch: same +Description: Communicator library for sudo + Utility library to allow communication between sudo and SSSD for caching + sudo rules by SSSD. + +Package: libsss-sudo-dev +Section: libdevel +Architecture: any +Depends: ${misc:Depends}, libsss-sudo1 (= ${binary:Version}) +Description: Communicator library for sudo -- development files + Utility library to allow communication between sudo and SSSD for caching + sudo rules by SSSD. + . + This package contains header files and symlinks to develop programs which will + use the libsss-sudo library. + +Package: python-libipa-hbac +Section: python +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends}, + libipa-hbac0 (= ${binary:Version}) +Conflicts: python-sss (<< 1.5.15) +Replaces: python-sss (<< 1.5.15) +Description: Python bindings for the FreeIPA HBAC Evaluator library + The libipa_hbac-python contains the bindings so that libipa_hbac can be + used by Python applications. + +Package: python-sss +Section: python +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, ${python:Depends} +Provides: ${python:Provides} +Recommends: sssd +Description: Python module for the System Security Services Daemon + Provides a set of daemons to manage access to remote directories and + authentication mechanisms. It provides an NSS and PAM interface toward + the system and a pluggable backend system to connect to multiple different + account sources. It is also the basis to provide client auditing and policy + services for projects like FreeIPA. + . + This package provide a module to access the configuration of the sssd daemon. --- sssd-1.9.1.orig/debian/source/format +++ sssd-1.9.1/debian/source/format @@ -0,0 +1 @@ +1.0 --- sssd-1.9.1.orig/debian/patches/fix-linking.diff +++ sssd-1.9.1/debian/patches/fix-linking.diff @@ -0,0 +1,30 @@ +commit 50dba57000f11a1e4bcd4e81633fd57878d17eaa +Author: Timo Aaltonen +Date: Sat Dec 1 11:45:10 2012 +0200 + + link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthread + + There used to be an overlinked dependency that's gone now, so + to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS. + + v2: + Fix sss_ssh_authorizedkeys linking as well. + +--- a/Makefile.am ++++ b/Makefile.am +@@ -759,6 +759,7 @@ sss_ssh_authorizedkeys_SOURCES = \ + sss_ssh_authorizedkeys_CFLAGS = $(AM_CFLAGS) + sss_ssh_authorizedkeys_LDADD = \ + libsss_util.la ++sss_ssh_authorizedkeys_LDFLAGS = $(CLIENT_LIBS) + + sss_ssh_knownhostsproxy_SOURCES = \ + src/sss_client/common.c \ +@@ -767,6 +768,7 @@ sss_ssh_knownhostsproxy_SOURCES = \ + sss_ssh_knownhostsproxy_CFLAGS = $(AM_CFLAGS) + sss_ssh_knownhostsproxy_LDADD = \ + libsss_util.la ++sss_ssh_knownhostsproxy_LDFLAGS = $(CLIENT_LIBS) + endif + + ################# --- sssd-1.9.1.orig/debian/patches/fix-cve-2013-0219-2.diff +++ sssd-1.9.1/debian/patches/fix-cve-2013-0219-2.diff @@ -0,0 +1,967 @@ +commit 94cbf1cfb0f88c967f1fb0a4cf23723148868e4a +Author: Jakub Hrozek +Date: Sun Jan 20 20:27:05 2013 +0100 + + TOOLS: Use file descriptor to avoid races when creating a home directory + + When creating a home directory, the destination tree can be modified in + various ways while it is being constructed because directory permissions + are set before populating the directory. This can lead to file creation + and permission changes outside the target directory tree, using hard links. + + This security problem was assigned CVE-2013-0219 + + https://fedorahosted.org/sssd/ticket/1782 + +--- a/src/tests/files-tests.c ++++ b/src/tests/files-tests.c +@@ -183,7 +183,7 @@ START_TEST(test_simple_copy) + + /* and finally copy.. */ + DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); +- ret = copy_tree(dir_path, dst_path, uid, gid); ++ ret = copy_tree(dir_path, dst_path, 0700, uid, gid); + fail_unless(ret == EOK, "copy_tree failed\n"); + + /* check if really copied */ +@@ -225,7 +225,7 @@ START_TEST(test_copy_symlink) + + /* and finally copy.. */ + DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); +- ret = copy_tree(dir_path, dst_path, uid, gid); ++ ret = copy_tree(dir_path, dst_path, 0700, uid, gid); + fail_unless(ret == EOK, "copy_tree failed\n"); + + /* check if really copied */ +@@ -264,7 +264,7 @@ START_TEST(test_copy_node) + + /* and finally copy.. */ + DEBUG(5, ("Will copy from '%s' to '%s'\n", dir_path, dst_path)); +- ret = copy_tree(dir_path, dst_path, uid, gid); ++ ret = copy_tree(dir_path, dst_path, 0700, uid, gid); + fail_unless(ret == EOK, "copy_tree failed\n"); + + /* check if really copied */ +--- a/src/tools/files.c ++++ b/src/tools/files.c +@@ -66,13 +66,12 @@ + #include "util/util.h" + #include "tools/tools_util.h" + +-int copy_tree(const char *src_root, const char *dst_root, +- uid_t uid, gid_t gid); +- + struct copy_ctx { + const char *src_orig; + const char *dst_orig; + dev_t src_dev; ++ uid_t uid; ++ gid_t gid; + }; + + /* wrapper in order not to create a temporary context in +@@ -197,66 +196,13 @@ fail: + return ret; + } + +-static int copy_dir(const char *src, const char *dst, +- const struct stat *statp, const struct timeval mt[2], +- uid_t uid, gid_t gid) +-{ +- int ret = 0; +- +- /* +- * Create a new target directory, make it owned by +- * the user and then recursively copy that directory. +- */ +- selinux_file_context(dst); +- +- ret = mkdir(dst, statp->st_mode); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot mkdir directory '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- return ret; +- } +- +- ret = chown(dst, uid, gid); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot chown directory '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- return ret; +- } +- +- ret = chmod(dst, statp->st_mode); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot chmod directory '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- return ret; +- } +- +- ret = copy_tree(src, dst, uid, gid); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot copy directory from '%s' to '%s': [%d][%s].\n", +- src, dst, ret, strerror(ret))); +- return ret; +- } +- +- ret = utimes(dst, mt); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot set utimes on a directory '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- return ret; +- } +- +- return EOK; +-} +- +-static char *talloc_readlink(TALLOC_CTX *mem_ctx, const char *filename) ++static char *talloc_readlinkat(TALLOC_CTX *mem_ctx, int dir_fd, ++ const char *filename) + { + size_t size = 1024; + ssize_t nchars; + char *buffer; ++ char *new_buffer; + + buffer = talloc_array(mem_ctx, char, size); + if (!buffer) { +@@ -264,8 +210,9 @@ static char *talloc_readlink(TALLOC_CTX + } + + while (1) { +- nchars = readlink(filename, buffer, size); ++ nchars = readlinkat(dir_fd, filename, buffer, size); + if (nchars < 0) { ++ talloc_free(buffer); + return NULL; + } + +@@ -276,10 +223,12 @@ static char *talloc_readlink(TALLOC_CTX + + /* Try again with a bigger buffer */ + size *= 2; +- buffer = talloc_realloc(mem_ctx, buffer, char, size); +- if (!buffer) { ++ new_buffer = talloc_realloc(mem_ctx, buffer, char, size); ++ if (!new_buffer) { ++ talloc_free(buffer); + return NULL; + } ++ buffer = new_buffer; + } + + /* readlink does not nul-terminate */ +@@ -287,188 +236,174 @@ static char *talloc_readlink(TALLOC_CTX + return buffer; + } + +-static int copy_symlink(struct copy_ctx *cctx, +- const char *src, +- const char *dst, +- const struct stat *statp, +- const struct timeval mt[], +- uid_t uid, gid_t gid) ++static int ++copy_symlink(int src_dir_fd, ++ int dst_dir_fd, ++ const char *file_name, ++ const char *full_path, ++ const struct stat *statp, ++ uid_t uid, gid_t gid) + { +- int ret; +- char *oldlink; +- char *tmp; +- TALLOC_CTX *tmp_ctx = NULL; ++ char *buf; ++ errno_t ret; ++ struct timespec timebuf[2]; + +- tmp_ctx = talloc_new(cctx); +- if (!tmp_ctx) { ++ buf = talloc_readlinkat(NULL, src_dir_fd, file_name); ++ if (!buf) { + return ENOMEM; + } + +- /* +- * Get the name of the file which the link points +- * to. If that name begins with the original +- * source directory name, that part of the link +- * name will be replaced with the original +- * destination directory name. +- */ +- oldlink = talloc_readlink(tmp_ctx, src); +- if (oldlink == NULL) { +- ret = ENOMEM; +- goto done; ++ ret = selinux_file_context(full_path); ++ if (ret != 0) { ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ ("Failed to set SELinux context for [%s]\n", full_path)); ++ /* Not fatal */ + } + +- /* If src was a link to an entry of the src_orig directory itself, +- * create a link to the corresponding entry in the dst_orig +- * directory. +- * FIXME: This may change a relative link to an absolute link +- */ +- if (strncmp(oldlink, cctx->src_orig, strlen(cctx->src_orig)) == 0) { +- tmp = talloc_asprintf(tmp_ctx, "%s%s", cctx->dst_orig, oldlink + strlen(cctx->src_orig)); +- if (tmp == NULL) { +- ret = ENOMEM; +- goto done; ++ ret = symlinkat(buf, dst_dir_fd, file_name); ++ talloc_free(buf); ++ if (ret == -1) { ++ ret = errno; ++ if (ret == EEXIST) { ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ ("symlink pointing to already exists at '%s'\n", full_path)); ++ return EOK; + } + +- talloc_free(oldlink); +- oldlink = tmp; ++ DEBUG(SSSDBG_CRIT_FAILURE, ("symlinkat failed: %s\n", strerror(ret))); ++ return ret; + } + +- selinux_file_context(dst); +- +- ret = symlink(oldlink, dst); +- if (ret != 0) { ++ ret = fchownat(dst_dir_fd, file_name, ++ uid, gid, AT_SYMLINK_NOFOLLOW); ++ if (ret == -1) { + ret = errno; +- DEBUG(1, ("symlink() failed on file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto done; ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("fchownat failed: %s\n", strerror(ret))); ++ return ret; + } + +- ret = lchown(dst, uid, gid); +- if (ret != 0) { ++ timebuf[0] = statp->st_atim; ++ timebuf[1] = statp->st_mtim; ++ ret = utimensat(dst_dir_fd, file_name, timebuf, ++ AT_SYMLINK_NOFOLLOW); ++ if (ret == -1) { + ret = errno; +- DEBUG(1, ("lchown() failed on file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto done; ++ DEBUG(SSSDBG_MINOR_FAILURE, ("utimensat failed [%d]: %s\n", ++ ret, strerror(ret))); ++ /* Do not fail */ + } + +-done: +- talloc_free(tmp_ctx); +- return ret; ++ return EOK; + } + +-static int copy_special(const char *dst, ++/* Create a special file named file_name under a directory with file ++ * descriptor dst_dir_fd. full_path is used for both setting SELinux ++ * context and logging. The node is owned by uid/gid and its mode ++ * and device number is read from statp. ++ */ ++static int copy_special(int dst_dir_fd, ++ const char *file_name, ++ const char *full_path, + const struct stat *statp, +- const struct timeval mt[], + uid_t uid, gid_t gid) + { +- int ret = 0; ++ int ret; ++ struct timespec timebuf[2]; + +- selinux_file_context(dst); ++ ret = selinux_file_context(full_path); ++ if (ret != 0) { ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ ("Failed to set SELinux context for [%s]\n", full_path)); ++ /* Not fatal */ ++ } + +- ret = mknod(dst, statp->st_mode & ~07777, statp->st_rdev); ++ ret = mknodat(dst_dir_fd, file_name, statp->st_mode & ~07777, ++ statp->st_rdev); + if (ret != 0) { + ret = errno; +- DEBUG(1, ("Cannot mknod special file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); ++ DEBUG(SSSDBG_OP_FAILURE, ++ ("Cannot mknod special file '%s': [%d][%s].\n", ++ full_path, ret, strerror(ret))); + return ret; + } + +- ret = chown(dst, uid, gid); ++ ret = fchownat(dst_dir_fd, file_name, uid, gid, 0); + if (ret != 0) { + ret = errno; +- DEBUG(1, ("Cannot chown special file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("fchownat failed for '%s': [%d][%s]\n", ++ full_path, ret, strerror(ret))); + return ret; + } + +- ret = chmod(dst, statp->st_mode & 07777); ++ ret = fchmodat(dst_dir_fd, file_name, statp->st_mode & 07777, 0); + if (ret != 0) { + ret = errno; +- DEBUG(1, ("Cannot chmod special file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("fchmodat failed for '%s': [%d][%s]\n", ++ full_path, ret, strerror(ret))); + return ret; + } + +- ret = utimes(dst, mt); +- if (ret != 0) { ++ timebuf[0] = statp->st_atim; ++ timebuf[1] = statp->st_mtim; ++ ret = utimensat(dst_dir_fd, file_name, timebuf, 0); ++ if (ret == -1) { + ret = errno; +- DEBUG(1, ("Cannot call utimes on special file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- return ret; ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ ("utimensat failed for '%s': [%d][%s]\n", ++ full_path, ret, strerror(ret))); ++ /* Do not fail, this shouldn't be fatal */ + } + + return EOK; + } + +-static int copy_file(const char *src, +- const char *dst, +- const struct stat *statp, +- const struct timeval mt[], +- uid_t uid, gid_t gid) ++/* Copy bytes from input file descriptor ifd into file named ++ * dst_named under directory with dest_dir_fd. Own the new file ++ * by uid/gid ++ */ ++static int ++copy_file(int ifd, ++ int dest_dir_fd, ++ const char *file_name, ++ const char *full_path, ++ const struct stat *statp, ++ uid_t uid, gid_t gid) + { +- int ret; +- int ifd = -1; + int ofd = -1; ++ errno_t ret; + char buf[1024]; + ssize_t cnt, written; +- struct stat fstatbuf; +- +- ifd = open(src, O_RDONLY); +- if (ifd < 0) { +- ret = errno; +- DEBUG(1, ("Cannot open() source file '%s': [%d][%s].\n", +- src, ret, strerror(ret))); +- goto fail; +- } +- +- ret = fstat(ifd, &fstatbuf); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot fstat() source file '%s': [%d][%s].\n", +- src, ret, strerror(ret))); +- goto fail; +- } +- +- if (statp->st_dev != fstatbuf.st_dev || +- statp->st_ino != fstatbuf.st_ino) { +- DEBUG(1, ("File %s was modified between lstat and open.\n", src)); +- ret = EIO; +- goto fail; +- } +- +- selinux_file_context(dst); ++ struct timespec timebuf[2]; + +- ofd = open(dst, O_WRONLY | O_CREAT | O_TRUNC, statp->st_mode & 07777); +- if (ofd < 0) { +- ret = errno; +- DEBUG(1, ("Cannot open() destination file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; +- } +- +- ret = fchown(ofd, uid, gid); ++ ret = selinux_file_context(full_path); + if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot fchown() destination file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; ++ DEBUG(SSSDBG_MINOR_FAILURE, ++ ("Failed to set SELinux context for [%s]\n", full_path)); ++ /* Not fatal */ + } + +- ret = fchmod(ofd, statp->st_mode & 07777); +- if (ret != 0) { ++ /* Start with absolutely restrictive permissions */ ++ ofd = openat(dest_dir_fd, file_name, ++ O_EXCL | O_CREAT | O_WRONLY | O_NOFOLLOW, ++ 0); ++ if (ofd < 0 && errno != EEXIST) { + ret = errno; +- DEBUG(1, ("Cannot fchmod() destination file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; ++ DEBUG(SSSDBG_OP_FAILURE, ++ ("Cannot open() destination file '%s': [%d][%s].\n", ++ full_path, ret, strerror(ret))); ++ goto done; + } + + while ((cnt = sss_atomic_read_s(ifd, buf, sizeof(buf))) != 0) { + if (cnt == -1) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, +- ("Cannot read() from source file '%s': [%d][%s].\n", +- src, ret, strerror(ret))); +- goto fail; ++ ("Cannot read() from source file: [%d][%s].\n", ++ ret, strerror(ret))); ++ goto done; + } + + errno = 0; +@@ -476,222 +411,324 @@ static int copy_file(const char *src, + if (written == -1) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, +- ("Cannot write() to destination file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; ++ ("Cannot write() to destination file: [%d][%s].\n", ++ ret, strerror(ret))); ++ goto done; + } + + if (written != cnt) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Wrote %d bytes, expected %d\n", written, cnt)); +- goto fail; ++ goto done; + } + } + +- ret = close(ifd); +- ifd = -1; +- if (ret != 0) { ++ /* Set the ownership; permissions are still ++ * restrictive. */ ++ ret = fchown(ofd, uid, gid); ++ if (ret == -1 && errno != EPERM) { + ret = errno; +- DEBUG(1, ("Cannot close() source file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; ++ DEBUG(SSSDBG_OP_FAILURE, ++ ("Error changing owner of '%s': %s\n", ++ full_path, strerror(ret))); ++ goto done; + } + +- ret = close(ofd); +- ifd = -1; +- if (ret != 0) { ++ /* Set the desired mode. */ ++ ret = fchmod(ofd, statp->st_mode); ++ if (ret == -1) { + ret = errno; +- DEBUG(1, ("Cannot close() destination file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; ++ DEBUG(SSSDBG_OP_FAILURE, ("Error changing owner of '%s': %s\n", ++ full_path, strerror(ret))); ++ goto done; + } + +- ret = utimes(dst, mt); +- if (ret != 0) { ++ timebuf[0] = statp->st_atim; ++ timebuf[1] = statp->st_mtim; ++ ret = futimens(ofd, timebuf); ++ if (ret == -1) { + ret = errno; +- DEBUG(1, ("Cannot call utimes() on destination file '%s': [%d][%s].\n", +- dst, ret, strerror(ret))); +- goto fail; ++ DEBUG(SSSDBG_MINOR_FAILURE, ("futimens failed [%d]: %s\n", ++ ret, strerror(ret))); ++ /* Do not fail */ + } + +- return EOK; ++ close(ofd); ++ ofd = -1; ++ ret = EOK; + +- /* Reachable by jump only */ +-fail: +- if (ifd != -1) close(ifd); ++done: + if (ofd != -1) close(ofd); + return ret; + } + +-/* +- * The context is not freed in case of error +- * because this is a recursive function, will be freed when we +- * reach the top level copy_tree() again +- */ +-static int copy_entry(struct copy_ctx *cctx, +- const char *src, +- const char *dst, +- uid_t uid, +- gid_t gid) ++static errno_t ++copy_dir(struct copy_ctx *cctx, ++ int src_dir_fd, const char *src_dir_path, ++ int dest_parent_fd, const char *dest_dir_name, ++ const char *dest_dir_path, ++ mode_t mode, ++ const struct stat *src_dir_stat); ++ ++static errno_t ++copy_entry(struct copy_ctx *cctx, ++ int src_dir_fd, ++ const char *src_dir_path, ++ int dest_dir_fd, ++ const char *dest_dir_path, ++ const char *ent_name) + { +- int ret = EOK; +- struct stat sb; +- struct timeval mt[2]; ++ char *src_ent_path = NULL; ++ char *dest_ent_path = NULL; ++ int ifd = -1; ++ errno_t ret; ++ struct stat st; + +- ret = lstat(src, &sb); +- if (ret == -1) { +- ret = errno; +- DEBUG(1, ("Cannot lstat() the source file '%s': [%d][%s].\n", +- src, ret, strerror(ret))); +- return ret; ++ /* Build the path of the source file or directory and its ++ * corresponding member in the new tree. */ ++ src_ent_path = talloc_asprintf(cctx, "%s/%s", src_dir_path, ent_name); ++ dest_ent_path = talloc_asprintf(cctx, "%s/%s", dest_dir_path, ent_name); ++ if (!src_ent_path || !dest_ent_path) { ++ ret = ENOMEM; ++ goto done; + } + +- mt[0].tv_sec = sb.st_atime; +- mt[0].tv_usec = 0; +- +- mt[1].tv_sec = sb.st_mtime; +- mt[1].tv_usec = 0; ++ /* Open the input entry first, then we can fstat() it and be ++ * certain that it is still the same file. O_NONBLOCK protects ++ * us against FIFOs and perhaps side-effects of the open() of a ++ * device file if there ever was one here, and doesn't matter ++ * for regular files or directories. */ ++ ifd = openat(src_dir_fd, ent_name, ++ O_RDONLY | O_CLOEXEC | O_NOFOLLOW | O_NONBLOCK); ++ if (ifd == -1 && errno != ELOOP) { ++ /* openat error */ ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ("openat failed on '%s': %s\n", ++ src_ent_path, strerror(ret))); ++ goto done; ++ } else if (ifd == -1 && errno == ELOOP) { ++ /* Should be a symlink.. */ ++ ret = fstatat(src_dir_fd, ent_name, &st, AT_SYMLINK_NOFOLLOW); ++ if (ret == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ("fstatat failed on '%s': %s\n", ++ src_ent_path, strerror(ret))); ++ goto done; ++ } + +- if (S_ISLNK (sb.st_mode)) { +- ret = copy_symlink(cctx, src, dst, &sb, mt, uid, gid); ++ /* Handle symlinks */ ++ ret = copy_symlink(src_dir_fd, dest_dir_fd, ent_name, ++ dest_ent_path, &st, cctx->uid, cctx->gid); + if (ret != EOK) { +- DEBUG(1, ("Cannot copy symlink '%s' to '%s': [%d][%s]\n", +- src, dst, ret, strerror(ret))); ++ DEBUG(SSSDBG_OP_FAILURE, ("Cannot copy '%s' to '%s'\n", ++ src_ent_path, dest_ent_path)); + } +- return ret; ++ goto done; + } + +- if (S_ISDIR(sb.st_mode)) { +- /* Check if we're still on the same FS */ +- if (sb.st_dev != cctx->src_dev) { +- DEBUG(2, ("Will not descend to other FS\n")); +- /* Skip this without error */ +- return EOK; ++ ret = fstat(ifd, &st); ++ if (ret != 0) { ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("couldn't stat '%s': %s", src_ent_path, strerror(ret))); ++ goto done; ++ } ++ ++ if (S_ISDIR(st.st_mode)) { ++ /* If it's a directory, descend into it. */ ++ ret = copy_dir(cctx, ifd, src_ent_path, ++ dest_dir_fd, ent_name, ++ dest_ent_path, st.st_mode & 07777, ++ &st); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_OP_FAILURE, ++ ("Could recursively copy '%s' to '%s': %s\n", ++ src_ent_path, dest_dir_fd, strerror(ret))); ++ goto done; ++ } ++ } else if (S_ISREG(st.st_mode)) { ++ /* Copy a regular file */ ++ ret = copy_file(ifd, dest_dir_fd, ent_name, dest_ent_path, ++ &st, cctx->uid, cctx->gid); ++ if (ret) { ++ DEBUG(SSSDBG_OP_FAILURE, ("Cannot copy '%s' to '%s'\n", ++ src_ent_path, dest_ent_path)); ++ goto done; + } +- return copy_dir(src, dst, &sb, mt, uid, gid); +- } else if (!S_ISREG(sb.st_mode)) { +- /* +- * Deal with FIFOs and special files. The user really +- * shouldn't have any of these, but it seems like it +- * would be nice to copy everything ... +- */ +- return copy_special(dst, &sb, mt, uid, gid); + } else { +- /* +- * Create the new file and copy the contents. The new +- * file will be owned by the provided UID and GID values. +- */ +- return copy_file(src, dst, &sb, mt, uid, gid); ++ /* Copy a special file */ ++ ret = copy_special(dest_dir_fd, ent_name, dest_ent_path, ++ &st, cctx->uid, cctx->gid); ++ if (ret) { ++ DEBUG(SSSDBG_OP_FAILURE, ("Cannot copy '%s' to '%s'\n", ++ src_ent_path, dest_ent_path)); ++ goto done; ++ } + } + ++ ret = EOK; ++done: ++ talloc_free(src_ent_path); ++ talloc_free(dest_ent_path); ++ if (ifd != -1) close(ifd); + return ret; + } + +-/* +- * The context is not freed in case of error +- * because this is a recursive function, will be freed when we +- * reach the top level copy_tree() again +- */ +-static int copy_tree_ctx(struct copy_ctx *cctx, +- const char *src_root, +- const char *dst_root, +- uid_t uid, +- gid_t gid) ++static errno_t ++copy_dir(struct copy_ctx *cctx, ++ int src_dir_fd, const char *src_dir_path, ++ int dest_parent_fd, const char *dest_dir_name, ++ const char *dest_dir_path, ++ mode_t mode, ++ const struct stat *src_dir_stat) + { +- DIR *src_dir = NULL; +- int ret, err; +- struct dirent *result; +- struct dirent direntp; +- char *src_name, *dst_name; +- TALLOC_CTX *tmp_ctx; ++ errno_t ret; ++ int dest_dir_fd = -1; ++ DIR *dir = NULL; ++ struct dirent *ent; ++ struct timespec timebuf[2]; + +- tmp_ctx = talloc_new(cctx); ++ if (!dest_dir_path) { ++ return EINVAL; ++ } + +- src_dir = opendir(src_root); +- if (src_dir == NULL) { ++ dir = fdopendir(src_dir_fd); ++ if (dir == NULL) { + ret = errno; +- DEBUG(1, ("Cannot open the source directory %s: [%d][%s].\n", +- src_root, ret, strerror(ret))); +- goto fail; ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Error reading '%s': %s", src_dir_path, strerror(ret))); ++ goto done; + } + +- while (readdir_r(src_dir, &direntp, &result) == 0) { +- if (result == NULL) { +- /* End of directory */ +- break; +- } ++ /* Create the directory. It starts owned by us (presumbaly root), with ++ * fairly restrictive permissions that still allow us to use the ++ * directory. ++ * */ ++ errno = 0; ++ ret = mkdirat(dest_parent_fd, dest_dir_name, S_IRWXU); ++ if (ret == -1 && errno != EEXIST) { ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Error reading '%s': %s", dest_dir_path, strerror(ret))); ++ goto done; ++ } + +- if (strcmp (direntp.d_name, ".") == 0 || +- strcmp (direntp.d_name, "..") == 0) { +- continue; +- } ++ dest_dir_fd = openat(dest_parent_fd, dest_dir_name, ++ O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW); ++ if (dest_dir_fd == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Error opening '%s': %s", dest_dir_path, strerror(ret))); ++ goto done; ++ } + +- /* build src and dst paths */ +- src_name = talloc_asprintf(tmp_ctx, "%s/%s", src_root, direntp.d_name); +- dst_name = talloc_asprintf(tmp_ctx, "%s/%s", dst_root, direntp.d_name); +- if (dst_name == NULL || src_name == NULL) { +- ret = ENOMEM; +- goto fail; ++ while ((ent = readdir(dir)) != NULL) { ++ /* Iterate through each item in the directory. */ ++ /* Skip over self and parent hard links. */ ++ if (strcmp(ent->d_name, ".") == 0 || ++ strcmp(ent->d_name, "..") == 0) { ++ continue; + } + +- /* copy */ +- ret = copy_entry(cctx, src_name, dst_name, uid, gid); ++ ret = copy_entry(cctx, ++ src_dir_fd, src_dir_path, ++ dest_dir_fd, dest_dir_path, ++ ent->d_name); + if (ret != EOK) { +- DEBUG(1, ("Cannot copy '%s' to '%s', error %d\n", +- src_name, dst_name, ret)); +- goto fail; ++ DEBUG(SSSDBG_OP_FAILURE, ("Could not copy [%s] to [%s]\n", ++ src_dir_path, dest_dir_path)); ++ goto done; + } +- talloc_free(src_name); +- talloc_free(dst_name); + } + +- ret = closedir(src_dir); +- src_dir = NULL; +- if (ret != 0) { ++ /* Set the ownership on the directory. Permissions are still ++ * fairly restrictive. */ ++ ret = fchown(dest_dir_fd, cctx->uid, cctx->gid); ++ if (ret == -1 && errno != EPERM) { ++ ret = errno; ++ DEBUG(SSSDBG_OP_FAILURE, ++ ("Error changing owner of '%s': %s", ++ dest_dir_path, strerror(ret))); ++ goto done; ++ } ++ ++ /* Set the desired mode. Do this explicitly to preserve S_ISGID and ++ * other bits. Do this after chown, because chown is permitted to ++ * reset these bits. */ ++ ret = fchmod(dest_dir_fd, mode); ++ if (ret == -1) { ++ DEBUG(SSSDBG_OP_FAILURE, ++ ("Error setting mode of '%s': %s", ++ dest_dir_path, strerror(ret))); ++ goto done; ++ } ++ ++ timebuf[0] = src_dir_stat->st_atim; ++ timebuf[1] = src_dir_stat->st_mtim; ++ futimens(dest_dir_fd, timebuf); ++ if (ret == -1) { + ret = errno; +- goto fail; ++ DEBUG(SSSDBG_MINOR_FAILURE, ("futimens failed [%d]: %s\n", ++ ret, strerror(ret))); ++ /* Do not fail */ + } + + ret = EOK; +-fail: +- if (src_dir) { /* clean up on abnormal exit but retain return code */ +- err = closedir(src_dir); +- if (err) { +- DEBUG(1, ("closedir failed, bad dirp?\n")); +- } ++done: ++ if (dir) closedir(dir); ++ ++ if (dest_dir_fd != -1) { ++ close(dest_dir_fd); + } +- talloc_free(tmp_ctx); + return ret; + } + ++/* NOTE: ++ * For several reasons, including the fact that we copy even special files ++ * (pipes, etc) from the skeleton directory, the skeldir needs to be trusted ++ */ + int copy_tree(const char *src_root, const char *dst_root, +- uid_t uid, gid_t gid) ++ mode_t mode_root, uid_t uid, gid_t gid) + { + int ret = EOK; + struct copy_ctx *cctx = NULL; ++ int fd = -1; + struct stat s_src; + +- cctx = talloc_zero(NULL, struct copy_ctx); ++ fd = open(src_root, O_RDONLY | O_CLOEXEC | O_DIRECTORY); ++ if (fd == -1) { ++ ret = errno; ++ goto fail; ++ } + +- ret = lstat(src_root, &s_src); +- if (ret != 0) { ++ ret = fstat(fd, &s_src); ++ if (ret == -1) { + ret = errno; +- DEBUG(1, ("Cannot lstat the source directory '%s': [%d][%s]\n", +- src_root, ret, strerror(ret))); ++ goto fail; ++ } ++ ++ cctx = talloc_zero(NULL, struct copy_ctx); ++ if (!cctx) { ++ ret = ENOMEM; + goto fail; + } + + cctx->src_orig = src_root; + cctx->dst_orig = dst_root; + cctx->src_dev = s_src.st_dev; ++ cctx->uid = uid; ++ cctx->gid = gid; + +- ret = copy_tree_ctx(cctx, src_root, dst_root, uid, gid); ++ ret = copy_dir(cctx, fd, src_root, AT_FDCWD, ++ dst_root, dst_root, mode_root, &s_src); + if (ret != EOK) { +- DEBUG(1, ("copy_tree_ctx failed: [%d][%s]\n", ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("copy_dir failed: [%d][%s]\n", ret, strerror(ret))); + goto fail; + } + + fail: ++ if (fd != -1) close(fd); + reset_selinux_file_context(); + talloc_free(cctx); + return ret; +--- a/src/tools/tools_util.c ++++ b/src/tools/tools_util.c +@@ -468,33 +468,7 @@ int create_homedir(const char *skeldir, + + selinux_file_context(homedir); + +- ret = mkdir(homedir, 0); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot create user's home directory: [%d][%s].\n", +- ret, strerror(ret))); +- goto done; +- } +- +- ret = chown(homedir, uid, gid); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot chown user's home directory: [%d][%s].\n", +- ret, strerror(ret))); +- goto done; +- } +- +- ret = chmod(homedir, 0777 & ~default_umask); +- if (ret != 0) { +- ret = errno; +- DEBUG(1, ("Cannot chmod user's home directory: [%d][%s].\n", +- ret, strerror(ret))); +- goto done; +- } +- +- reset_selinux_file_context(); +- +- ret = copy_tree(skeldir, homedir, uid, gid); ++ ret = copy_tree(skeldir, homedir, 0777 & ~default_umask, uid, gid); + if (ret != EOK) { + DEBUG(1, ("Cannot populate user's home directory: [%d][%s].\n", + ret, strerror(ret))); +--- a/src/tools/tools_util.h ++++ b/src/tools/tools_util.h +@@ -111,9 +111,8 @@ errno_t sss_memcache_clear_all(void); + /* from files.c */ + int remove_tree(const char *root); + +-int copy_tree(const char *src_root, +- const char *dst_root, +- uid_t uid, gid_t gid); ++int copy_tree(const char *src_root, const char *dst_root, ++ mode_t mode_root, uid_t uid, gid_t gid); + + /* from nscd.c */ + enum nscd_db { --- sssd-1.9.1.orig/debian/patches/fix-cve-2013-0220.diff +++ sssd-1.9.1/debian/patches/fix-cve-2013-0220.diff @@ -0,0 +1,63 @@ +commit 2bd514cfde1938b1e245af11c9b548d58d49b325 +Author: Jan Cholasta +Date: Wed Jan 23 12:26:17 2013 +0100 + + Check that strings do not go beyond the end of the packet body in autofs and SSH requests. + + This fixes CVE-2013-0220. + + https://fedorahosted.org/sssd/ticket/1781 + +--- a/src/responder/autofs/autofssrv_cmd.c ++++ b/src/responder/autofs/autofssrv_cmd.c +@@ -859,7 +859,7 @@ sss_autofs_cmd_getautomntent(struct cli_ + + SAFEALIGN_COPY_UINT32_CHECK(&namelen, body+c, blen, &c); + +- if (namelen == 0) { ++ if (namelen == 0 || namelen > blen - c) { + ret = EINVAL; + goto done; + } +@@ -1134,7 +1134,7 @@ sss_autofs_cmd_getautomntbyname(struct c + /* FIXME - split out a function to get string from \0 */ + SAFEALIGN_COPY_UINT32_CHECK(&namelen, body+c, blen, &c); + +- if (namelen == 0) { ++ if (namelen == 0 || namelen > blen - c) { + ret = EINVAL; + goto done; + } +@@ -1158,7 +1158,7 @@ sss_autofs_cmd_getautomntbyname(struct c + /* FIXME - split out a function to get string from \0 */ + SAFEALIGN_COPY_UINT32_CHECK(&keylen, body+c, blen, &c); + +- if (keylen == 0) { ++ if (keylen == 0 || keylen > blen - c) { + ret = EINVAL; + goto done; + } +--- a/src/responder/ssh/sshsrv_cmd.c ++++ b/src/responder/ssh/sshsrv_cmd.c +@@ -687,8 +687,8 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx + } + + SAFEALIGN_COPY_UINT32_CHECK(&name_len, body+c, body_len, &c); +- if (name_len == 0) { +- DEBUG(SSSDBG_CRIT_FAILURE, ("Zero-length name is not valid\n")); ++ if (name_len == 0 || name_len > body_len - c) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid name length\n")); + return EINVAL; + } + +@@ -710,8 +710,8 @@ ssh_cmd_parse_request(struct ssh_cmd_ctx + + if (flags & 1) { + SAFEALIGN_COPY_UINT32_CHECK(&alias_len, body+c, body_len, &c); +- if (alias_len == 0) { +- DEBUG(SSSDBG_CRIT_FAILURE, ("Zero-length alias is not valid\n")); ++ if (alias_len == 0 || alias_len > body_len - c) { ++ DEBUG(SSSDBG_CRIT_FAILURE, ("Invalid alias length\n")); + return EINVAL; + } + --- sssd-1.9.1.orig/debian/patches/series +++ sssd-1.9.1/debian/patches/series @@ -0,0 +1,4 @@ +fix-cve-2013-0219-1.diff +fix-cve-2013-0219-2.diff +fix-cve-2013-0220.diff +fix-linking.diff --- sssd-1.9.1.orig/debian/patches/fix-cve-2013-0219-1.diff +++ sssd-1.9.1/debian/patches/fix-cve-2013-0219-1.diff @@ -0,0 +1,170 @@ +commit 020bf88fd1c5bdac8fc671b37c7118f5378c7047 +Author: Jakub Hrozek +Date: Wed Dec 12 19:02:33 2012 +0100 + + TOOLS: Use openat/unlinkat when removing the homedir + + The removal of a home directory is sensitive to concurrent modification + of the directory tree being removed and can unlink files outside the + directory tree. + + This security issue was assigned CVE-2013-0219 + + https://fedorahosted.org/sssd/ticket/1782 + +--- a/src/tools/files.c ++++ b/src/tools/files.c +@@ -78,8 +78,9 @@ struct copy_ctx { + /* wrapper in order not to create a temporary context in + * every iteration */ + static int remove_tree_with_ctx(TALLOC_CTX *mem_ctx, +- dev_t parent_dev, +- const char *root); ++ int parent_fd, ++ const char *dir_name, ++ dev_t parent_dev); + + int remove_tree(const char *root) + { +@@ -91,7 +92,7 @@ int remove_tree(const char *root) + return ENOMEM; + } + +- ret = remove_tree_with_ctx(tmp_ctx, 0, root); ++ ret = remove_tree_with_ctx(tmp_ctx, AT_FDCWD, root, 0); + talloc_free(tmp_ctx); + return ret; + } +@@ -102,75 +103,75 @@ int remove_tree(const char *root) + * reach the top level remove_tree() again + */ + static int remove_tree_with_ctx(TALLOC_CTX *mem_ctx, +- dev_t parent_dev, +- const char *root) ++ int parent_fd, ++ const char *dir_name, ++ dev_t parent_dev) + { +- char *fullpath = NULL; + struct dirent *result; +- struct dirent direntp; + struct stat statres; + DIR *rootdir = NULL; + int ret, err; ++ int dir_fd; + +- rootdir = opendir(root); ++ dir_fd = openat(parent_fd, dir_name, ++ O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW); ++ if (dir_fd == -1) { ++ ret = errno; ++ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot open %s: [%d]: %s\n", ++ dir_name, ret, strerror(ret))); ++ return ret; ++ } ++ ++ rootdir = fdopendir(dir_fd); + if (rootdir == NULL) { + ret = errno; +- DEBUG(1, ("Cannot open directory %s [%d][%s]\n", +- root, ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Cannot open directory: [%d][%s]\n", ret, strerror(ret))); ++ close(dir_fd); + goto fail; + } + +- while (readdir_r(rootdir, &direntp, &result) == 0) { +- if (result == NULL) { +- /* End of directory */ +- break; +- } +- +- if (strcmp (direntp.d_name, ".") == 0 || +- strcmp (direntp.d_name, "..") == 0) { ++ while ((result = readdir(rootdir)) != NULL) { ++ if (strcmp(result->d_name, ".") == 0 || ++ strcmp(result->d_name, "..") == 0) { + continue; + } + +- fullpath = talloc_asprintf(mem_ctx, "%s/%s", root, direntp.d_name); +- if (fullpath == NULL) { +- ret = ENOMEM; +- goto fail; +- } +- +- ret = lstat(fullpath, &statres); ++ ret = fstatat(dir_fd, result->d_name, ++ &statres, AT_SYMLINK_NOFOLLOW); + if (ret != 0) { + ret = errno; +- DEBUG(1, ("Cannot stat %s: [%d][%s]\n", +- fullpath, ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("stat failed: [%d][%s]\n", ret, strerror(ret))); + goto fail; + } + + if (S_ISDIR(statres.st_mode)) { + /* if directory, recursively descend, but check if on the same FS */ + if (parent_dev && parent_dev != statres.st_dev) { +- DEBUG(1, ("Directory %s is on different filesystem, " +- "will not follow\n", fullpath)); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Directory %s is on different filesystem, " ++ "will not follow\n")); + ret = EFAULT; + goto fail; + } + +- ret = remove_tree_with_ctx(mem_ctx, statres.st_dev, fullpath); ++ ret = remove_tree_with_ctx(mem_ctx, dir_fd, result->d_name, statres.st_dev); + if (ret != EOK) { +- DEBUG(1, ("Removing subdirectory %s failed: [%d][%s]\n", +- fullpath, ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Removing subdirectory failed: [%d][%s]\n", ++ ret, strerror(ret))); + goto fail; + } + } else { +- ret = unlink(fullpath); ++ ret = unlinkat(dir_fd, result->d_name, 0); + if (ret != 0) { + ret = errno; +- DEBUG(1, ("Removing file %s failed: [%d][%s]\n", +- fullpath, ret, strerror(ret))); ++ DEBUG(SSSDBG_CRIT_FAILURE, ++ ("Removing file failed: [%d][%s]\n", ret, strerror(ret))); + goto fail; + } + } +- +- talloc_free(fullpath); + } + + ret = closedir(rootdir); +@@ -180,19 +181,17 @@ static int remove_tree_with_ctx(TALLOC_C + goto fail; + } + +- ret = rmdir(root); +- if (ret != 0) { ++ ret = unlinkat(parent_fd, dir_name, AT_REMOVEDIR); ++ if (ret == -1) { + ret = errno; +- goto fail; + } + + ret = EOK; +- + fail: + if (rootdir) { /* clean up on abnormal exit but retain return code */ + err = closedir(rootdir); + if (err) { +- DEBUG(1, ("closedir failed, bad dirp?\n")); ++ DEBUG(SSSDBG_CRIT_FAILURE, ("closedir failed, bad dirp?\n")); + } + } + return ret; --- sssd-1.9.1.orig/po/ca.po +++ sssd-1.9.1/po/ca.po @@ -0,0 +1,1650 @@ +# SOME DESCRIPTIVE TITLE. +# Copyright (C) YEAR Red Hat, Inc. +# This file is distributed under the same license as the PACKAGE package. +# +# Translators: +# , 2012. +# muzzol , 2012. +# , 2011. +msgid "" +msgstr "" +"Project-Id-Version: SSSD\n" +"Report-Msgid-Bugs-To: https://fedorahosted.org/sssd\n" +"POT-Creation-Date: 2012-08-10 22:00+0200\n" +"PO-Revision-Date: 2012-08-02 07:32+0000\n" +"Last-Translator: muzzol \n" +"Language-Team: Catalan \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Language: ca\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: src/config/SSSDConfig/__init__.py.in:39 +msgid "Set the verbosity of the debug logging" +msgstr "Estableix la verbositat del registre de depuració" + +#: src/config/SSSDConfig/__init__.py.in:40 +msgid "Include timestamps in debug logs" +msgstr "Inclou les marques horàries als registres de depuració" + +#: src/config/SSSDConfig/__init__.py.in:41 +msgid "Include microseconds in timestamps in debug logs" +msgstr "Inclou mil·lisegons a les marques horàries als registres de depuració" + +#: src/config/SSSDConfig/__init__.py.in:42 +msgid "Write debug messages to logfiles" +msgstr "Escriu els missatges de depuració als fitxers de registre" + +#: src/config/SSSDConfig/__init__.py.in:43 +msgid "Ping timeout before restarting service" +msgstr "Temps d'espera del ping abans de reiniciar el servei" + +#: src/config/SSSDConfig/__init__.py.in:44 +msgid "" +"Timeout between three failed ping checks and forcibly killing the service" +msgstr "Temps d'espera entre tres comprovacions de ping fallades i matar forçadament el servei" + +#: src/config/SSSDConfig/__init__.py.in:45 +msgid "Command to start service" +msgstr "Comanda per iniciar el servei" + +#: src/config/SSSDConfig/__init__.py.in:46 +msgid "Number of times to attempt connection to Data Providers" +msgstr "Número d'intents de connexió als Proveïdors de Dades" + +#: src/config/SSSDConfig/__init__.py.in:47 +msgid "The number of file descriptors that may be opened by this responder" +msgstr "El número de descriptors de fitxers que pot obrir aquesta resposta" + +#: src/config/SSSDConfig/__init__.py.in:48 +msgid "Idle time before automatic disconnection of a client" +msgstr "Temps d'inactivitat abans de desconnexió automàtica d'un client" + +#: src/config/SSSDConfig/__init__.py.in:51 +msgid "SSSD Services to start" +msgstr "Serveis del SSSD per iniciar" + +#: src/config/SSSDConfig/__init__.py.in:52 +msgid "SSSD Domains to start" +msgstr "Dominis del SSD per iniciar" + +#: src/config/SSSDConfig/__init__.py.in:53 +msgid "Timeout for messages sent over the SBUS" +msgstr "Temps d'espera per missatges enviats per SBUS" + +#: src/config/SSSDConfig/__init__.py.in:54 +msgid "Regex to parse username and domain" +msgstr "Expressió regular per analitzar el nom d'usuari i el domini" + +#: src/config/SSSDConfig/__init__.py.in:55 +msgid "Printf-compatible format for displaying fully-qualified names" +msgstr "Format compatible amb printf per mostrar els noms plenament qualificats" + +#: src/config/SSSDConfig/__init__.py.in:56 +msgid "" +"Directory on the filesystem where SSSD should store Kerberos replay cache " +"files." +msgstr "Directori al sistema de fitxers on el SSSD ha d'emmagatzemar els fitxers cau de Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:59 +msgid "Enumeration cache timeout length (seconds)" +msgstr "Llargària del temps d'espera de l'enumeració en el cau (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:60 +msgid "Entry cache background update timeout length (seconds)" +msgstr "Llargària del temps d'espera de l'actualització en rerefons de les entrades en cau (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:61 +#: src/config/SSSDConfig/__init__.py.in:87 +msgid "Negative cache timeout length (seconds)" +msgstr "Llargària del temps d'espera del cau negatiu (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:62 +msgid "Users that SSSD should explicitly ignore" +msgstr "Usuaris que l'SSSD hauria d'ignorar explícitament" + +#: src/config/SSSDConfig/__init__.py.in:63 +msgid "Groups that SSSD should explicitly ignore" +msgstr "Grups que l'SSSD hauria d'ignorar explícitament" + +#: src/config/SSSDConfig/__init__.py.in:64 +msgid "Should filtered users appear in groups" +msgstr "Haurien d'apareixer als grups els usuaris filtrats" + +#: src/config/SSSDConfig/__init__.py.in:65 +msgid "The value of the password field the NSS provider should return" +msgstr "El valor al camp de contrasenya que el proveïdor NSS hauria de respondre" + +#: src/config/SSSDConfig/__init__.py.in:66 +msgid "Override homedir value from the identity provider with this value" +msgstr "Substitueix el valor de directori d'usuari del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:67 +msgid "" +"Substitute empty homedir value from the identity provider with this value" +msgstr "Substitueix el valor buit de directori d'usuari del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:68 +msgid "Override shell value from the identity provider with this value" +msgstr "Substituir el valor de l'intèrpret d'ordres des del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:69 +msgid "The list of shells users are allowed to log in with" +msgstr "Llista d'intèrprets d'ordres amb que els usuaris poden iniciar sessió" + +#: src/config/SSSDConfig/__init__.py.in:70 +msgid "" +"The list of shells that will be vetoed, and replaced with the fallback shell" +msgstr "Llista d'intèrprets d'ordres que seran vetats i substituits amb l'intèrpret alternatiu" + +#: src/config/SSSDConfig/__init__.py.in:71 +msgid "" +"If a shell stored in central directory is allowed but not available, use " +"this fallback" +msgstr "Si un intèrpret d'ordres establert al directori central està permés però no es troba disponible, utilitza aquesta alternativa" + +#: src/config/SSSDConfig/__init__.py.in:72 +msgid "Shell to use if the provider does not list one" +msgstr "Intèrpret d'ordres a utilitzar si el proveïdor no en llista un" + +#: src/config/SSSDConfig/__init__.py.in:73 +msgid "How long will be in-memory cache records valid" +msgstr "Quant temps seran vàlids els registres de memòria cau" + +#: src/config/SSSDConfig/__init__.py.in:76 +msgid "How long to allow cached logins between online logins (days)" +msgstr "Quant temps s'ha de permetre els inicis de sessió en cau entre inicis de sessió en línia (en dies)" + +#: src/config/SSSDConfig/__init__.py.in:77 +msgid "How many failed logins attempts are allowed when offline" +msgstr "Quants intents fallits d'inicis de sessió es permeten en estar fora de línia" + +#: src/config/SSSDConfig/__init__.py.in:78 +msgid "" +"How long (minutes) to deny login after offline_failed_login_attempts has " +"been reached" +msgstr "Quant temps (en minuts) s'ha de denegar l'inici de sessió després d'haver assolit offline_failed_login_attempts" + +#: src/config/SSSDConfig/__init__.py.in:79 +msgid "What kind of messages are displayed to the user during authentication" +msgstr "Quins tipus de missatges es mostres a l'usuari durant l'autenticació" + +#: src/config/SSSDConfig/__init__.py.in:80 +msgid "How many seconds to keep identity information cached for PAM requests" +msgstr "Quants segons s'ha de mantenir la informació en cau per les peticions PAM" + +#: src/config/SSSDConfig/__init__.py.in:81 +msgid "How many days before password expiration a warning should be displayed" +msgstr "Quants dies abans de l'expiració de la contrasenya s'hauria de mostrar un avís" + +#: src/config/SSSDConfig/__init__.py.in:84 +msgid "Whether to evaluate the time-based attributes in sudo rules" +msgstr "Si s'han d'avaluar els atributs de temps a les regles sudo" + +#: src/config/SSSDConfig/__init__.py.in:90 +msgid "Whether to hash host names and addresses in the known_hosts file" +msgstr "Si s'han d'utilitzar els algoritmes hash als noms d'ordinadors i a les adreces dins el fitxer known_hosts" + +#: src/config/SSSDConfig/__init__.py.in:93 +msgid "List of UIDs or user names allowed to access the PAC responder" +msgstr "Llista d'UIDs o noms d'usuari que poden accedir al contestador de PAC" + +#: src/config/SSSDConfig/__init__.py.in:96 +msgid "Identity provider" +msgstr "Proveïdor d'identitat" + +#: src/config/SSSDConfig/__init__.py.in:97 +msgid "Authentication provider" +msgstr "Proveïdor d'autenticació" + +#: src/config/SSSDConfig/__init__.py.in:98 +msgid "Access control provider" +msgstr "Proveïdor de control d'accés" + +#: src/config/SSSDConfig/__init__.py.in:99 +msgid "Password change provider" +msgstr "Proveïdor de canvi de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:100 +msgid "SUDO provider" +msgstr "Proveïdor de SUDO" + +#: src/config/SSSDConfig/__init__.py.in:101 +msgid "Autofs provider" +msgstr "Proveïdor d'Autofs" + +#: src/config/SSSDConfig/__init__.py.in:102 +msgid "Session-loading provider" +msgstr "Proveïdor de càrrega de sessió" + +#: src/config/SSSDConfig/__init__.py.in:103 +msgid "Host identity provider" +msgstr "Proveïdor d'identitat d'ordinadors" + +#: src/config/SSSDConfig/__init__.py.in:106 +msgid "Minimum user ID" +msgstr "ID mínim d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:107 +msgid "Maximum user ID" +msgstr "ID màxim d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:108 +msgid "Enable enumerating all users/groups" +msgstr "Activa l'enumeració de tots els usuaris/grups" + +#: src/config/SSSDConfig/__init__.py.in:109 +msgid "Cache credentials for offline login" +msgstr "Credencials en cau per inicis de sessió fora de línia" + +#: src/config/SSSDConfig/__init__.py.in:110 +msgid "Store password hashes" +msgstr "Emmagatzema els codis hash de les contrasenyes" + +#: src/config/SSSDConfig/__init__.py.in:111 +msgid "Display users/groups in fully-qualified form" +msgstr "Mostra els usuaris/grups en format plenament qualificat" + +#: src/config/SSSDConfig/__init__.py.in:112 +#: src/config/SSSDConfig/__init__.py.in:119 +#: src/config/SSSDConfig/__init__.py.in:120 +#: src/config/SSSDConfig/__init__.py.in:121 +#: src/config/SSSDConfig/__init__.py.in:122 +#: src/config/SSSDConfig/__init__.py.in:123 +#: src/config/SSSDConfig/__init__.py.in:124 +msgid "Entry cache timeout length (seconds)" +msgstr "Llargària del temps d'espera de les entrades cau (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:113 +msgid "" +"Restrict or prefer a specific address family when performing DNS lookups" +msgstr "Restringeix o prefereix una família específica d'adreces en efectuar peticions DNS" + +#: src/config/SSSDConfig/__init__.py.in:114 +msgid "How long to keep cached entries after last successful login (days)" +msgstr "Quant temps s'ha de mantenir les entrades en cau després d'un inici de sessió amb èxit (en dies)" + +#: src/config/SSSDConfig/__init__.py.in:115 +msgid "How long to wait for replies from DNS when resolving servers (seconds)" +msgstr "Temps d'espera per les respostes DNS en resoldre servidors (en segons)" + +#: src/config/SSSDConfig/__init__.py.in:116 +msgid "The domain part of service discovery DNS query" +msgstr "La part del domini de la petició DNS de la recerca de servei" + +#: src/config/SSSDConfig/__init__.py.in:117 +msgid "Override GID value from the identity provider with this value" +msgstr "Substitueix el valor GID del proveïdor d'identitat amb aquest valor" + +#: src/config/SSSDConfig/__init__.py.in:118 +msgid "Treat usernames as case sensitive" +msgstr "Distingeix entre majúscules i minúscules als noms d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:127 +msgid "IPA domain" +msgstr "Domini IPA" + +#: src/config/SSSDConfig/__init__.py.in:128 +msgid "IPA server address" +msgstr "Adreça del servidor IPA" + +#: src/config/SSSDConfig/__init__.py.in:129 +msgid "Address of backup IPA server" +msgstr "Adreça del servidor IPA de reserva " + +#: src/config/SSSDConfig/__init__.py.in:130 +msgid "IPA client hostname" +msgstr "Nom d'ordinador del client IPA" + +#: src/config/SSSDConfig/__init__.py.in:131 +msgid "Whether to automatically update the client's DNS entry in FreeIPA" +msgstr "Si actualitzar automàticament l'entrada DNS del client a FreeIPA" + +#: src/config/SSSDConfig/__init__.py.in:132 +msgid "The interface whose IP should be used for dynamic DNS updates" +msgstr "La interfície amb la IP que s'hauria d'utilitzar per les actualitzacions dinàmiques de DNS" + +#: src/config/SSSDConfig/__init__.py.in:133 +msgid "Search base for HBAC related objects" +msgstr "Base de cerca pels objectes HBAC" + +#: src/config/SSSDConfig/__init__.py.in:134 +msgid "" +"The amount of time between lookups of the HBAC rules against the IPA server" +msgstr "Quantitat de temps entre peticions de les regles HBAC contra el servidor IPA" + +#: src/config/SSSDConfig/__init__.py.in:135 +msgid "If DENY rules are present, either DENY_ALL or IGNORE" +msgstr "Si les regles DENY són presents, o DENY_ALL o IGNORE" + +#: src/config/SSSDConfig/__init__.py.in:136 +msgid "If set to false, host argument given by PAM will be ignored" +msgstr "Si s'estableix a fals, l'argument d'ordinador facilitat per PAM serà ignorat" + +#: src/config/SSSDConfig/__init__.py.in:137 +msgid "The automounter location this IPA client is using" +msgstr "La ubicació del muntador automàtic que aquest client IPA està utilitzant" + +#: src/config/SSSDConfig/__init__.py.in:138 +msgid "Search base for object containing info about IPA domain" +msgstr "Base de cerca per a l'objecte que conté informació sobre el domini de l'IPA" + +#: src/config/SSSDConfig/__init__.py.in:139 +msgid "Search base for objects containing info about ID ranges" +msgstr "Base de cerca per a objectes que contenen informació sobre intervals d'ID" + +#: src/config/SSSDConfig/__init__.py.in:142 +msgid "Active Directory domain" +msgstr "Domini d'Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:143 +msgid "Active Directory server address" +msgstr "Adreça de servidor d'Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:144 +msgid "Active Directory backup server address" +msgstr "Adreça del servidor d'Active Directory de reserva" + +#: src/config/SSSDConfig/__init__.py.in:145 +msgid "Active Directory client hostname" +msgstr "Nom de màquina del client d'Active Directory" + +#: src/config/SSSDConfig/__init__.py.in:148 +#: src/config/SSSDConfig/__init__.py.in:149 +msgid "Kerberos server address" +msgstr "Adreça del servidor Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:150 +msgid "Kerberos backup server address" +msgstr "Adreça de servidor Kerberos de reserva" + +#: src/config/SSSDConfig/__init__.py.in:151 +msgid "Kerberos realm" +msgstr "Reialme Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:152 +msgid "Authentication timeout" +msgstr "Temps d'espera de la autenticació" + +#: src/config/SSSDConfig/__init__.py.in:155 +msgid "Directory to store credential caches" +msgstr "Directori on emmagatzemar el cau de credencials" + +#: src/config/SSSDConfig/__init__.py.in:156 +msgid "Location of the user's credential cache" +msgstr "Ubicació de la cau de credencials d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:157 +msgid "Location of the keytab to validate credentials" +msgstr "Ubicació de la clau per validar les credencials" + +#: src/config/SSSDConfig/__init__.py.in:158 +msgid "Enable credential validation" +msgstr "Activa la validació de credencials" + +#: src/config/SSSDConfig/__init__.py.in:159 +msgid "Store password if offline for later online authentication" +msgstr "Emmagatzema la contrasenya quan estigui fora de línia per autenticació en línia posterior" + +#: src/config/SSSDConfig/__init__.py.in:160 +msgid "Renewable lifetime of the TGT" +msgstr "Temps de vida renovable del TGT" + +#: src/config/SSSDConfig/__init__.py.in:161 +msgid "Lifetime of the TGT" +msgstr "Temps de vida del TGT" + +#: src/config/SSSDConfig/__init__.py.in:162 +msgid "Time between two checks for renewal" +msgstr "Temps entre les dues comprovacions per renovar" + +#: src/config/SSSDConfig/__init__.py.in:163 +msgid "Enables FAST" +msgstr "Activa FAST" + +#: src/config/SSSDConfig/__init__.py.in:164 +msgid "Selects the principal to use for FAST" +msgstr "Selecciona el principal per utilitzar amb FAST" + +#: src/config/SSSDConfig/__init__.py.in:165 +msgid "Enables principal canonicalization" +msgstr "Activa la canonització del principal" + +#: src/config/SSSDConfig/__init__.py.in:168 +#: src/config/SSSDConfig/__init__.py.in:169 +msgid "Server where the change password service is running if not on the KDC" +msgstr "Servidor on es troba el servei de canvi de contrasenya si no és al KDC" + +#: src/config/SSSDConfig/__init__.py.in:172 +msgid "ldap_uri, The URI of the LDAP server" +msgstr "ldap_uri, La URI del servidor LDAP" + +#: src/config/SSSDConfig/__init__.py.in:173 +msgid "ldap_backup_uri, The URI of the LDAP server" +msgstr "ldap_backup_uri, la URI del servidor LDAP" + +#: src/config/SSSDConfig/__init__.py.in:174 +msgid "The default base DN" +msgstr "La base DN per defecte" + +#: src/config/SSSDConfig/__init__.py.in:175 +msgid "The Schema Type in use on the LDAP server, rfc2307" +msgstr "El tipus d'esquema en us al servidor LDAP, rfc2307" + +#: src/config/SSSDConfig/__init__.py.in:176 +msgid "The default bind DN" +msgstr "La connexió DN per defecte" + +#: src/config/SSSDConfig/__init__.py.in:177 +msgid "The type of the authentication token of the default bind DN" +msgstr "El tipus del testimoni d'autenticació a la connexió DN per defecte" + +#: src/config/SSSDConfig/__init__.py.in:178 +msgid "The authentication token of the default bind DN" +msgstr "El testimoni d'autenticació de la connexió DN per defecte" + +#: src/config/SSSDConfig/__init__.py.in:179 +msgid "Length of time to attempt connection" +msgstr "Llargària del temps per intentar una connexió" + +#: src/config/SSSDConfig/__init__.py.in:180 +msgid "Length of time to attempt synchronous LDAP operations" +msgstr "Llargària del temps per intentar operacions LDAP asíncrones" + +#: src/config/SSSDConfig/__init__.py.in:181 +msgid "Length of time between attempts to reconnect while offline" +msgstr "Llargària del temps entre intents per re-connectar quan estigui fora de línia" + +#: src/config/SSSDConfig/__init__.py.in:182 +msgid "Use only the upper case for realm names" +msgstr "Utilitza només majúscules pels noms de reialme" + +#: src/config/SSSDConfig/__init__.py.in:183 +msgid "File that contains CA certificates" +msgstr "Fitxer que conté els certificats CA" + +#: src/config/SSSDConfig/__init__.py.in:184 +msgid "Path to CA certificate directory" +msgstr "Ruta al directori de certificats CA" + +#: src/config/SSSDConfig/__init__.py.in:185 +msgid "File that contains the client certificate" +msgstr "Fitxer que conté el certificat de client" + +#: src/config/SSSDConfig/__init__.py.in:186 +msgid "File that contains the client key" +msgstr "Fitxer que conté la clau de client" + +#: src/config/SSSDConfig/__init__.py.in:187 +msgid "List of possible ciphers suites" +msgstr "Llista de paquets de xifrat possibles" + +#: src/config/SSSDConfig/__init__.py.in:188 +msgid "Require TLS certificate verification" +msgstr "Requereix verificació de certificat TLS" + +#: src/config/SSSDConfig/__init__.py.in:189 +msgid "Specify the sasl mechanism to use" +msgstr "Especifica el mecanisme sasl a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:190 +msgid "Specify the sasl authorization id to use" +msgstr "Escecifica l'id d'autorització sasl a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:191 +msgid "Specify the sasl authorization realm to use" +msgstr "Especifica el reialme d'autorització sasl a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:192 +msgid "Specify the minimal SSF for LDAP sasl authorization" +msgstr "Especifica el SSF mínim per autorització sasl de LDAP" + +#: src/config/SSSDConfig/__init__.py.in:193 +msgid "Kerberos service keytab" +msgstr "Clau de servei Kerberos" + +#: src/config/SSSDConfig/__init__.py.in:194 +msgid "Use Kerberos auth for LDAP connection" +msgstr "Utilitza autenticació Kerberos per la connexió LDAP" + +#: src/config/SSSDConfig/__init__.py.in:195 +msgid "Follow LDAP referrals" +msgstr "Segueix les referències LDAP" + +#: src/config/SSSDConfig/__init__.py.in:196 +msgid "Lifetime of TGT for LDAP connection" +msgstr "Temps de vida del TGT per la connexió LDAP" + +#: src/config/SSSDConfig/__init__.py.in:197 +msgid "How to dereference aliases" +msgstr "Com desreferenciar àlies" + +#: src/config/SSSDConfig/__init__.py.in:198 +msgid "Service name for DNS service lookups" +msgstr "Nom del servei per les peticions DNS" + +#: src/config/SSSDConfig/__init__.py.in:199 +msgid "The number of records to retrieve in a single LDAP query" +msgstr "El número de registres a recuperar en una sola petició LDAP" + +#: src/config/SSSDConfig/__init__.py.in:200 +msgid "The number of members that must be missing to trigger a full deref" +msgstr "El número de membres que han de faltar per activar una de-referència completa" + +#: src/config/SSSDConfig/__init__.py.in:201 +msgid "" +"Whether the LDAP library should perform a reverse lookup to canonicalize the" +" host name during a SASL bind" +msgstr "Si la biblioteca LDAP hauria de realitzar una petició inversa per canonalitzar el nom d'ordinador durant la connexió SASL" + +#: src/config/SSSDConfig/__init__.py.in:203 +msgid "entryUSN attribute" +msgstr "atribut entryUSN" + +#: src/config/SSSDConfig/__init__.py.in:204 +msgid "lastUSN attribute" +msgstr "atribut lastUSN" + +#: src/config/SSSDConfig/__init__.py.in:206 +msgid "" +"How long to retain a connection to the LDAP server before disconnecting" +msgstr "Quant temps s'ha de retenir una connexió al servidor LDAP abans de desconnectar" + +#: src/config/SSSDConfig/__init__.py.in:208 +msgid "Disable the LDAP paging control" +msgstr "Desactiva el control de paginació LDAP" + +#: src/config/SSSDConfig/__init__.py.in:211 +msgid "Length of time to wait for a search request" +msgstr "Llargària de temps a esperar per una petició de cerca" + +#: src/config/SSSDConfig/__init__.py.in:212 +msgid "Length of time to wait for a enumeration request" +msgstr "Llargària de temps a esperar per una petició d'enumeració" + +#: src/config/SSSDConfig/__init__.py.in:213 +msgid "Length of time between enumeration updates" +msgstr "Llargària de temps entre actualitzacions d'enumeració" + +#: src/config/SSSDConfig/__init__.py.in:214 +msgid "Length of time between cache cleanups" +msgstr "Llargària de temps entre neteges del cau" + +#: src/config/SSSDConfig/__init__.py.in:215 +msgid "Require TLS for ID lookups" +msgstr "Requereix TLS per cerques d'ID" + +#: src/config/SSSDConfig/__init__.py.in:216 +msgid "Use ID-mapping of objectSID instead of pre-set IDs" +msgstr "Utilitza mapejat d'IDs enlloc de IDs pre-establerts" + +#: src/config/SSSDConfig/__init__.py.in:217 +msgid "Base DN for user lookups" +msgstr "DN base per cerques d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:218 +msgid "Scope of user lookups" +msgstr "Abast de les cerques d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:219 +msgid "Filter for user lookups" +msgstr "Filtre per les cerques d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:220 +msgid "Objectclass for users" +msgstr "Objectclass dels usuaris" + +#: src/config/SSSDConfig/__init__.py.in:221 +msgid "Username attribute" +msgstr "Atribut del nom d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:223 +msgid "UID attribute" +msgstr "Atribut de l'UID" + +#: src/config/SSSDConfig/__init__.py.in:224 +msgid "Primary GID attribute" +msgstr "Atribut del GID primari" + +#: src/config/SSSDConfig/__init__.py.in:225 +msgid "GECOS attribute" +msgstr "Atribut GECOS" + +#: src/config/SSSDConfig/__init__.py.in:226 +msgid "Home directory attribute" +msgstr "Atribut del directori d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:227 +msgid "Shell attribute" +msgstr "Atribut d'intèrpret d'ordres" + +#: src/config/SSSDConfig/__init__.py.in:228 +msgid "UUID attribute" +msgstr "Atribut de l'UUID" + +#: src/config/SSSDConfig/__init__.py.in:229 +#: src/config/SSSDConfig/__init__.py.in:265 +msgid "objectSID attribute" +msgstr "Atribut de l'objectSID" + +#: src/config/SSSDConfig/__init__.py.in:230 +msgid "Active Directory primary group attribute for ID-mapping" +msgstr "Atribut del grup primari de l'Active Directory per mapejat d'IDs" + +#: src/config/SSSDConfig/__init__.py.in:231 +msgid "User principal attribute (for Kerberos)" +msgstr "Atribut d'usuari principal (per a Kerberos)" + +#: src/config/SSSDConfig/__init__.py.in:232 +msgid "Full Name" +msgstr "Nom complet" + +#: src/config/SSSDConfig/__init__.py.in:233 +msgid "memberOf attribute" +msgstr "Atribut de memberOf" + +#: src/config/SSSDConfig/__init__.py.in:234 +msgid "Modification time attribute" +msgstr "Atribut de data de modificació" + +#: src/config/SSSDConfig/__init__.py.in:236 +msgid "shadowLastChange attribute" +msgstr "Atribut de shadowLastChange" + +#: src/config/SSSDConfig/__init__.py.in:237 +msgid "shadowMin attribute" +msgstr "Atribut de shadowMin" + +#: src/config/SSSDConfig/__init__.py.in:238 +msgid "shadowMax attribute" +msgstr "Atribut de shadowMax" + +#: src/config/SSSDConfig/__init__.py.in:239 +msgid "shadowWarning attribute" +msgstr "Atribut de shadowWarning" + +#: src/config/SSSDConfig/__init__.py.in:240 +msgid "shadowInactive attribute" +msgstr "Atribut de shadowInactive" + +#: src/config/SSSDConfig/__init__.py.in:241 +msgid "shadowExpire attribute" +msgstr "Atribut de shadowExpire" + +#: src/config/SSSDConfig/__init__.py.in:242 +msgid "shadowFlag attribute" +msgstr "Atribut de shadowFlag" + +#: src/config/SSSDConfig/__init__.py.in:243 +msgid "Attribute listing authorized PAM services" +msgstr "Atribut que llista els serveis PAM autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:244 +msgid "Attribute listing authorized server hosts" +msgstr "Atribut que llista els servidors autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:245 +msgid "krbLastPwdChange attribute" +msgstr "Atribut de krbLastPwdChange" + +#: src/config/SSSDConfig/__init__.py.in:246 +msgid "krbPasswordExpiration attribute" +msgstr "Atribut de krbPasswordExpiration" + +#: src/config/SSSDConfig/__init__.py.in:247 +msgid "Attribute indicating that server side password policies are active" +msgstr "Atribut que indica l'activació de les polítiques de contrasenya de servidor" + +#: src/config/SSSDConfig/__init__.py.in:248 +msgid "accountExpires attribute of AD" +msgstr "Atribut de l'AD de accountExpires" + +#: src/config/SSSDConfig/__init__.py.in:249 +msgid "userAccountControl attribute of AD" +msgstr "Atribut de l'AD de userAccountControl" + +#: src/config/SSSDConfig/__init__.py.in:250 +msgid "nsAccountLock attribute" +msgstr "Atribut de nsAccountLock" + +#: src/config/SSSDConfig/__init__.py.in:251 +msgid "loginDisabled attribute of NDS" +msgstr "Atribut del NDS de loginDisabled" + +#: src/config/SSSDConfig/__init__.py.in:252 +msgid "loginExpirationTime attribute of NDS" +msgstr "Atribut del NDS de loginExpirationTime" + +#: src/config/SSSDConfig/__init__.py.in:253 +msgid "loginAllowedTimeMap attribute of NDS" +msgstr "Atribut del NDS de loginAllowedTimeMap" + +#: src/config/SSSDConfig/__init__.py.in:254 +msgid "SSH public key attribute" +msgstr "Atribut de la clau pública SSH" + +#: src/config/SSSDConfig/__init__.py.in:256 +msgid "Base DN for group lookups" +msgstr "DN base per cerques de grup" + +#: src/config/SSSDConfig/__init__.py.in:259 +msgid "Objectclass for groups" +msgstr "Objectclass per grups" + +#: src/config/SSSDConfig/__init__.py.in:260 +msgid "Group name" +msgstr "Nom del grup" + +#: src/config/SSSDConfig/__init__.py.in:261 +msgid "Group password" +msgstr "Contrasenya del grup" + +#: src/config/SSSDConfig/__init__.py.in:262 +msgid "GID attribute" +msgstr "Atribut GID" + +#: src/config/SSSDConfig/__init__.py.in:263 +msgid "Group member attribute" +msgstr "Atribut del membre de grup" + +#: src/config/SSSDConfig/__init__.py.in:264 +msgid "Group UUID attribute" +msgstr "Atribut de l'UUID de grup" + +#: src/config/SSSDConfig/__init__.py.in:266 +msgid "Modification time attribute for groups" +msgstr "Atribut de data de modificació per grups" + +#: src/config/SSSDConfig/__init__.py.in:268 +msgid "Maximum nesting level SSSd will follow" +msgstr "El nivell d'imbricament màxim que seguirà l'SSSd" + +#: src/config/SSSDConfig/__init__.py.in:270 +msgid "Base DN for netgroup lookups" +msgstr "DN base per cerques de grups de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:271 +msgid "Objectclass for netgroups" +msgstr "Objectclass per grups de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:272 +msgid "Netgroup name" +msgstr "Nom de grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:273 +msgid "Netgroups members attribute" +msgstr "Atribut de membres de grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:274 +msgid "Netgroup triple attribute" +msgstr "Atribut triple de grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:275 +msgid "Netgroup UUID attribute" +msgstr "Atribut d'UUID de grup de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:276 +msgid "Modification time attribute for netgroups" +msgstr "Atribut de data de modificació de grups de xarxa" + +#: src/config/SSSDConfig/__init__.py.in:278 +msgid "Base DN for service lookups" +msgstr "DN base per cerques de serveis" + +#: src/config/SSSDConfig/__init__.py.in:279 +msgid "Objectclass for services" +msgstr "Objectclass per serveis" + +#: src/config/SSSDConfig/__init__.py.in:280 +msgid "Service name attribute" +msgstr "Atribut de nom de serveis" + +#: src/config/SSSDConfig/__init__.py.in:281 +msgid "Service port attribute" +msgstr "Atribut de port de serveis" + +#: src/config/SSSDConfig/__init__.py.in:282 +msgid "Service protocol attribute" +msgstr "Atribut de protocol de serveis" + +#: src/config/SSSDConfig/__init__.py.in:285 +msgid "Lower bound for ID-mapping" +msgstr "Límit inferior per mapejat d'IDs" + +#: src/config/SSSDConfig/__init__.py.in:286 +msgid "Upper bound for ID-mapping" +msgstr "Límit superior per mapejat d'IDs" + +#: src/config/SSSDConfig/__init__.py.in:287 +msgid "Number of IDs for each slice when ID-mapping" +msgstr "Número d'IDS per cada llesca en mapejar IDs" + +#: src/config/SSSDConfig/__init__.py.in:288 +msgid "Use autorid-compatible algorithm for ID-mapping" +msgstr "Utilitza l'algoritme compatible d'autorid per mapejat d'IDs" + +#: src/config/SSSDConfig/__init__.py.in:289 +msgid "Name of the default domain for ID-mapping" +msgstr "Nom del domini per defecte per mapejat d'IDs" + +#: src/config/SSSDConfig/__init__.py.in:290 +msgid "SID of the default domain for ID-mapping" +msgstr "SID del domini per defecte per mapejat d'IDs" + +#: src/config/SSSDConfig/__init__.py.in:292 +msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for group lookups" +msgstr "Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a cerques de grup" + +#: src/config/SSSDConfig/__init__.py.in:293 +msgid "Use LDAP_MATCHING_RULE_IN_CHAIN for initgroup lookups" +msgstr "Utilitza LDAP_MATCHING_RULE_IN_CHAIN per a cerques d'initgroup" + +#: src/config/SSSDConfig/__init__.py.in:296 +msgid "Policy to evaluate the password expiration" +msgstr "Política per avaluar l'expiració de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:299 +msgid "LDAP filter to determine access privileges" +msgstr "Filtre LDAP per determinar els privilegis d'accés" + +#: src/config/SSSDConfig/__init__.py.in:300 +msgid "Which attributes shall be used to evaluate if an account is expired" +msgstr "Quins atributs s'haurien d'utilitzar per avaluar si el compte està expirat" + +#: src/config/SSSDConfig/__init__.py.in:301 +msgid "Which rules should be used to evaluate access control" +msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés" + +#: src/config/SSSDConfig/__init__.py.in:304 +msgid "URI of an LDAP server where password changes are allowed" +msgstr "L'URI d'un servidor LDAP on es permeten els canvis de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:305 +msgid "URI of a backup LDAP server where password changes are allowed" +msgstr "URI d'un servidor LDAP reserva on es permet canvis de contrasenya" + +#: src/config/SSSDConfig/__init__.py.in:306 +msgid "DNS service name for LDAP password change server" +msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes" + +#: src/config/SSSDConfig/__init__.py.in:309 +msgid "Base DN for sudo rules lookups" +msgstr "DN base per cerques de regles sudo" + +#: src/config/SSSDConfig/__init__.py.in:310 +msgid "Automatic full refresh period" +msgstr "Període d'actualització automàtica completa" + +#: src/config/SSSDConfig/__init__.py.in:311 +msgid "Automatic smart refresh period" +msgstr "Període d'actualització automàtica intel·ligent" + +#: src/config/SSSDConfig/__init__.py.in:312 +msgid "Whether to filter rules by hostname, IP addresses and network" +msgstr "Si voleu filtrar les normes per nom de màquina, adreça IP i xarxa" + +#: src/config/SSSDConfig/__init__.py.in:313 +msgid "" +"Hostnames and/or fully qualified domain names of this machine to filter sudo" +" rules" +msgstr "Noms de màquina i/o noms de domini plenament qualificat d'aquesta màquina per filtrar regles de sudo" + +#: src/config/SSSDConfig/__init__.py.in:314 +msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules" +msgstr "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo" + +#: src/config/SSSDConfig/__init__.py.in:315 +msgid "Whether to include rules that contains netgroup in host attribute" +msgstr "Si voleu incloure regles que contenen netgroup en l'atribut de màquina" + +#: src/config/SSSDConfig/__init__.py.in:316 +msgid "" +"Whether to include rules that contains regular expression in host attribute" +msgstr "Si voleu incloure regles que contenen expressions regulars en l'atribut de màquina" + +#: src/config/SSSDConfig/__init__.py.in:317 +msgid "Object class for sudo rules" +msgstr "Objectclass de les regles sudo" + +#: src/config/SSSDConfig/__init__.py.in:318 +msgid "Sudo rule name" +msgstr "Nom de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:319 +msgid "Sudo rule command attribute" +msgstr "Attribut de la comanda de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:320 +msgid "Sudo rule host attribute" +msgstr "Atribut de l'ordinador de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:321 +msgid "Sudo rule user attribute" +msgstr "Atribut de l'usuari de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:322 +msgid "Sudo rule option attribute" +msgstr "Atribut de l'opció de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:323 +msgid "Sudo rule runasuser attribute" +msgstr "Atribut de runasuser de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:324 +msgid "Sudo rule runasgroup attribute" +msgstr "Atribut de runasgroup de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:325 +msgid "Sudo rule notbefore attribute" +msgstr "Atribut de notbefore de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:326 +msgid "Sudo rule notafter attribute" +msgstr "Atribut de notafter de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:327 +msgid "Sudo rule order attribute" +msgstr "Atribut d'ordre de la regla sudo" + +#: src/config/SSSDConfig/__init__.py.in:330 +msgid "Object class for automounter maps" +msgstr "Objectclass dels mapes automounter" + +#: src/config/SSSDConfig/__init__.py.in:331 +msgid "Automounter map name attribute" +msgstr "Atribut del nom del mapa automounter" + +#: src/config/SSSDConfig/__init__.py.in:332 +msgid "Object class for automounter map entries" +msgstr "Objectclass de les entrades del mapa automounter" + +#: src/config/SSSDConfig/__init__.py.in:333 +msgid "Automounter map entry key attribute" +msgstr "Atribut de la clau d'entrada del mapa automounter" + +#: src/config/SSSDConfig/__init__.py.in:334 +msgid "Automounter map entry value attribute" +msgstr "Atribut del valor de l'entrada del mapa automounter" + +#: src/config/SSSDConfig/__init__.py.in:335 +msgid "Base DN for automounter map lookups" +msgstr "DN base per cerques del mapa automounter" + +#: src/config/SSSDConfig/__init__.py.in:338 +msgid "Comma separated list of allowed users" +msgstr "Llista separada per comes dels usuaris autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:339 +msgid "Comma separated list of prohibited users" +msgstr "Llista separada per comes dels usuaris no autoritzats" + +#: src/config/SSSDConfig/__init__.py.in:342 +msgid "Default shell, /bin/bash" +msgstr "Intèrpret d'ordres per defecte, /bin/bash" + +#: src/config/SSSDConfig/__init__.py.in:343 +msgid "Base for home directories" +msgstr "Base pels directoris d'usuari" + +#: src/config/SSSDConfig/__init__.py.in:346 +msgid "The name of the NSS library to use" +msgstr "El nom de la biblioteca NSS a utilitzar" + +#: src/config/SSSDConfig/__init__.py.in:347 +msgid "Whether to look up canonical group name from cache if possible" +msgstr "Cercar nom de grup canònic al cau si és possible" + +#: src/config/SSSDConfig/__init__.py.in:350 +msgid "PAM stack to use" +msgstr "Pila PAM a utilitzar" + +#: src/monitor/monitor.c:2398 +msgid "Become a daemon (default)" +msgstr "Esdevé un dimoni (per defecte)" + +#: src/monitor/monitor.c:2400 +msgid "Run interactive (not a daemon)" +msgstr "Executa interactivament (no com a dimoni)" + +#: src/monitor/monitor.c:2402 src/tools/sss_debuglevel.c:77 +msgid "Specify a non-default config file" +msgstr "Especifica un fitxer de configuració diferent al per defecte" + +#: src/monitor/monitor.c:2404 +msgid "Print version number and exit" +msgstr "Imprimeix el número de versió i surt" + +#: src/providers/krb5/krb5_child.c:1838 src/providers/ldap/ldap_child.c:399 +#: src/util/util.h:91 +msgid "Debug level" +msgstr "Nivell de depuració" + +#: src/providers/krb5/krb5_child.c:1840 src/providers/ldap/ldap_child.c:401 +#: src/util/util.h:95 +msgid "Add debug timestamps" +msgstr "Afegeix marques de temps de depuració" + +#: src/providers/krb5/krb5_child.c:1842 src/providers/ldap/ldap_child.c:403 +#: src/util/util.h:97 +msgid "Show timestamps with microseconds" +msgstr "Mostra les marques de temps amb microsegons" + +#: src/providers/krb5/krb5_child.c:1844 src/providers/ldap/ldap_child.c:405 +msgid "An open file descriptor for the debug logs" +msgstr "Un descriptor de fitxer obert pels registres de depuració" + +#: src/providers/data_provider_be.c:2298 +msgid "Domain of the information provider (mandatory)" +msgstr "Domini del proveïdor d'informació (obligatori)" + +#: src/sss_client/common.c:926 +msgid "Privileged socket has wrong ownership or permissions." +msgstr "El sòcol privilegiat té els permisos o la propietat incorrectes." + +#: src/sss_client/common.c:929 +msgid "Public socket has wrong ownership or permissions." +msgstr "El sòcol públic té els permisos o la propietat incorrectes." + +#: src/sss_client/common.c:932 +msgid "Unexpected format of the server credential message." +msgstr "Format inesperat del missatge de credencials del servidor." + +#: src/sss_client/common.c:935 +msgid "SSSD is not run by root." +msgstr "L'SSSD no s'està executant com a root." + +#: src/sss_client/common.c:940 +msgid "An error occurred, but no description can be found." +msgstr "Ha ocorregut un error però no es pot trobar cap descripció." + +#: src/sss_client/common.c:946 +msgid "Unexpected error while looking for an error description" +msgstr "Error inesperat en cercar una descripció de l'error" + +#: src/sss_client/pam_sss.c:375 +msgid "Passwords do not match" +msgstr "Les contrasenyes no coincideixen" + +#: src/sss_client/pam_sss.c:563 +msgid "Password reset by root is not supported." +msgstr "La reinicialització de la contrasenya pel root no està suportada." + +#: src/sss_client/pam_sss.c:604 +msgid "Authenticated with cached credentials" +msgstr "S'ha autenticat amb credencials del cau" + +#: src/sss_client/pam_sss.c:605 +msgid ", your cached password will expire at: " +msgstr ", la seva contrasenya del cau expirarà el: " + +#: src/sss_client/pam_sss.c:635 +#, c-format +msgid "Your password has expired. You have %1$d grace login(s) remaining." +msgstr "La seva contrasenya ha expirat. Teniu %1$d inici(s) de sessió de gràcia restants." + +#: src/sss_client/pam_sss.c:681 +#, c-format +msgid "Your password will expire in %1$d %2$s." +msgstr "La vostra contrasenya expirarà en %1$d %2$s." + +#: src/sss_client/pam_sss.c:730 +msgid "Authentication is denied until: " +msgstr "S'ha denegat l'autenticació fins: " + +#: src/sss_client/pam_sss.c:751 +msgid "System is offline, password change not possible" +msgstr "El sistema es troba fora de línia, el canvi de contrasenya no és possible" + +#: src/sss_client/pam_sss.c:781 src/sss_client/pam_sss.c:794 +msgid "Password change failed. " +msgstr "Ha fallat el canvi de contrasenya." + +#: src/sss_client/pam_sss.c:784 src/sss_client/pam_sss.c:795 +msgid "Server message: " +msgstr "Missatge del servidor: " + +#: src/sss_client/pam_sss.c:1213 +msgid "New Password: " +msgstr "Nova contrasenya: " + +#: src/sss_client/pam_sss.c:1214 +msgid "Reenter new Password: " +msgstr "Re-introduïu la nova contrasenya: " + +#: src/sss_client/pam_sss.c:1300 +msgid "Password: " +msgstr "Contrasenya: " + +#: src/sss_client/pam_sss.c:1332 +msgid "Current Password: " +msgstr "Contrasenya actual: " + +#: src/sss_client/pam_sss.c:1479 +msgid "Password expired. Change your password now." +msgstr "La contrasenya ha expirat. Canviau la vostra contrasenya ara." + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:40 +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192 src/tools/sss_useradd.c:48 +#: src/tools/sss_groupadd.c:41 src/tools/sss_groupdel.c:43 +#: src/tools/sss_groupmod.c:42 src/tools/sss_groupshow.c:651 +#: src/tools/sss_userdel.c:131 src/tools/sss_usermod.c:47 +#: src/tools/sss_cache.c:321 src/tools/sss_debuglevel.c:75 +msgid "The debug level to run with" +msgstr "El nivell de depuració amb el que executar-se" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:42 +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:196 +msgid "The SSSD domain to use" +msgstr "El domini SSSD a utilitzar" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:58 src/tools/sss_useradd.c:71 +#: src/tools/sss_groupadd.c:56 src/tools/sss_groupdel.c:52 +#: src/tools/sss_groupmod.c:63 src/tools/sss_groupshow.c:662 +#: src/tools/sss_userdel.c:148 src/tools/sss_usermod.c:72 +#: src/tools/sss_cache.c:352 +msgid "Error setting the locale\n" +msgstr "S'ha produït un error en establir la localització\n" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:65 +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:91 +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:115 +msgid "Not enough memory\n" +msgstr "No hi ha memòria suficient\n" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:84 +msgid "User not specified\n" +msgstr "No s'ha especificat l'usuari\n" + +#: src/sss_client/ssh/sss_ssh_authorizedkeys.c:105 +msgid "Error looking up public keys\n" +msgstr "S'ha produït un error en cercar les claus públiques\n" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:194 +msgid "The port to use to connect to the host" +msgstr "El port a utilitzar per connectar-se a l'ordinador" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:238 +msgid "Invalid port\n" +msgstr "Port invàlid\n" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:243 +msgid "Host not specified\n" +msgstr "No s'ha especificat l'ordinador\n" + +#: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:249 +msgid "The path to the proxy command must be absolute\n" +msgstr "La ruta a la comanda proxy ha de ser absoluta\n" + +#: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48 +msgid "The UID of the user" +msgstr "El UID de l'usuari" + +#: src/tools/sss_useradd.c:50 src/tools/sss_usermod.c:50 +msgid "The comment string" +msgstr "La cadena de comentari" + +#: src/tools/sss_useradd.c:51 src/tools/sss_usermod.c:51 +msgid "Home directory" +msgstr "Directori d'usuari" + +#: src/tools/sss_useradd.c:52 src/tools/sss_usermod.c:52 +msgid "Login shell" +msgstr "Intèrpret d'ordres de l'inici de sessió" + +#: src/tools/sss_useradd.c:53 +msgid "Groups" +msgstr "Grups" + +#: src/tools/sss_useradd.c:54 +msgid "Create user's directory if it does not exist" +msgstr "Crea el directori de l'usuari si no existeix" + +#: src/tools/sss_useradd.c:55 +msgid "Never create user's directory, overrides config" +msgstr "No creis mai el directori de l'usuari, substitueix la configuració" + +#: src/tools/sss_useradd.c:56 +msgid "Specify an alternative skeleton directory" +msgstr "Especifica un directori d'esquelet alternatiu" + +#: src/tools/sss_useradd.c:57 src/tools/sss_usermod.c:57 +msgid "The SELinux user for user's login" +msgstr "L'usuari SELinux per l'inici de sessió de l'usuari" + +#: src/tools/sss_useradd.c:84 src/tools/sss_groupmod.c:76 +#: src/tools/sss_usermod.c:85 +msgid "Specify group to add to\n" +msgstr "Especifica el grup a afegir-se\n" + +#: src/tools/sss_useradd.c:108 +msgid "Specify user to add\n" +msgstr "Especifica l'usuari a afegir\n" + +#: src/tools/sss_useradd.c:117 src/tools/sss_groupadd.c:82 +#: src/tools/sss_groupdel.c:77 src/tools/sss_groupmod.c:109 +#: src/tools/sss_groupshow.c:695 src/tools/sss_userdel.c:193 +#: src/tools/sss_usermod.c:126 +msgid "Error initializing the tools - no local domain\n" +msgstr "S'ha produït un error en inicialitzar les eines - no hi ha cap domini local\n" + +#: src/tools/sss_useradd.c:119 src/tools/sss_groupadd.c:84 +#: src/tools/sss_groupdel.c:79 src/tools/sss_groupmod.c:111 +#: src/tools/sss_groupshow.c:697 src/tools/sss_userdel.c:195 +#: src/tools/sss_usermod.c:128 +msgid "Error initializing the tools\n" +msgstr "S'ha produït un error en inicialitzar les eines\n" + +#: src/tools/sss_useradd.c:128 src/tools/sss_groupadd.c:93 +#: src/tools/sss_groupdel.c:88 src/tools/sss_groupmod.c:119 +#: src/tools/sss_groupshow.c:706 src/tools/sss_userdel.c:204 +#: src/tools/sss_usermod.c:137 +msgid "Invalid domain specified in FQDN\n" +msgstr "S'ha especificat un domini invàlid al FQDN\n" + +#: src/tools/sss_useradd.c:137 src/tools/sss_groupmod.c:139 +#: src/tools/sss_groupmod.c:166 src/tools/sss_usermod.c:160 +#: src/tools/sss_usermod.c:187 +msgid "Internal error while parsing parameters\n" +msgstr "S'ha produït un error intern en analitzar els paràmetres\n" + +#: src/tools/sss_useradd.c:145 src/tools/sss_usermod.c:168 +#: src/tools/sss_usermod.c:195 +msgid "Groups must be in the same domain as user\n" +msgstr "Els grups han d'ésser al mateix domini que l'usuari\n" + +#: src/tools/sss_useradd.c:153 +#, c-format +msgid "Cannot find group %1$s in local domain\n" +msgstr "No es pot trobar el grup %1$s al domini local\n" + +#: src/tools/sss_useradd.c:168 src/tools/sss_userdel.c:214 +msgid "Cannot set default values\n" +msgstr "No es poden establir els valors per defecte\n" + +#: src/tools/sss_useradd.c:175 src/tools/sss_usermod.c:151 +msgid "The selected UID is outside the allowed range\n" +msgstr "L'UID seleccionat es troba fora del rang permès\n" + +#: src/tools/sss_useradd.c:202 src/tools/sss_usermod.c:236 +msgid "Cannot set SELinux login context\n" +msgstr "No es pot establir el context d'inici de sessió de SELinux\n" + +#: src/tools/sss_useradd.c:217 +msgid "Cannot get info about the user\n" +msgstr "No es pot obtenir la informació sobre l'usuari\n" + +#: src/tools/sss_useradd.c:229 +msgid "User's home directory already exists, not copying data from skeldir\n" +msgstr "El directori d'usuari ja existeix, no es copiaran les dades del directori esquelet\n" + +#: src/tools/sss_useradd.c:232 +#, c-format +msgid "Cannot create user's home directory: %1$s\n" +msgstr "No es pot crear el directori de l'usuari: %1$s\n" + +#: src/tools/sss_useradd.c:243 +#, c-format +msgid "Cannot create user's mail spool: %1$s\n" +msgstr "No es pot crear la gestió de cues del correu de l'usuari: %1$s\n" + +#: src/tools/sss_useradd.c:255 +msgid "Could not allocate ID for the user - domain full?\n" +msgstr "No s'ha pogut assignar un ID per l'usuari - és ple el domini?\n" + +#: src/tools/sss_useradd.c:259 +msgid "A user or group with the same name or ID already exists\n" +msgstr "Ja existeix un usuari o grup amb el mateix nom o ID\n" + +#: src/tools/sss_useradd.c:265 +msgid "Transaction error. Could not add user.\n" +msgstr "S'ha produït un error de transacció. No s'ha pogut afegir l'usuari\n" + +#: src/tools/sss_groupadd.c:43 src/tools/sss_groupmod.c:48 +msgid "The GID of the group" +msgstr "El GID del grup" + +#: src/tools/sss_groupadd.c:73 +msgid "Specify group to add\n" +msgstr "Especifica el grup a afegir\n" + +#: src/tools/sss_groupadd.c:102 src/tools/sss_groupmod.c:190 +msgid "The selected GID is outside the allowed range\n" +msgstr "El GID seleccionat és fora del rang permès\n" + +#: src/tools/sss_groupadd.c:127 +msgid "Could not allocate ID for the group - domain full?\n" +msgstr "No s'ha pogut assignar un ID pel grup - és ple el domini?\n" + +#: src/tools/sss_groupadd.c:131 +msgid "A group with the same name or GID already exists\n" +msgstr "Ja existeix un grup amb el mateix nom o GID\n" + +#: src/tools/sss_groupadd.c:136 +msgid "Transaction error. Could not add group.\n" +msgstr "S'ha produït un error en la transacció. No s'ha pogut afegir el grup.\n" + +#: src/tools/sss_groupdel.c:68 +msgid "Specify group to delete\n" +msgstr "Especificau el grup a eliminar\n" + +#: src/tools/sss_groupdel.c:101 +#, c-format +msgid "Group %1$s is outside the defined ID range for domain\n" +msgstr "El grup %1$s es troba fora del rand d'IDs definit pel domini\n" + +#: src/tools/sss_groupdel.c:115 +msgid "" +"No such group in local domain. Removing groups only allowed in local " +"domain.\n" +msgstr "No existeix el grup al domini local. L'eliminació de grups només es permet al domini local.\n" + +#: src/tools/sss_groupdel.c:120 +msgid "Internal error. Could not remove group.\n" +msgstr "S'ha produït un error intern. No s'ha pogut eliminar el grup.\n" + +#: src/tools/sss_groupmod.c:44 +msgid "Groups to add this group to" +msgstr "Grups als que afegir aquest grup" + +#: src/tools/sss_groupmod.c:46 +msgid "Groups to remove this group from" +msgstr "Grups dels que s'ha d'eliminar aquest grup" + +#: src/tools/sss_groupmod.c:84 src/tools/sss_usermod.c:93 +msgid "Specify group to remove from\n" +msgstr "Especifica el grup del que s'ha d'eliminar\n" + +#: src/tools/sss_groupmod.c:98 +msgid "Specify group to modify\n" +msgstr "Especifica el grup a modificar\n" + +#: src/tools/sss_groupmod.c:126 +msgid "" +"Cannot find group in local domain, modifying groups is allowed only in local" +" domain\n" +msgstr "No es pot trobar el grup al domini local, la modificació de grups només es permet al domini local\n" + +#: src/tools/sss_groupmod.c:147 src/tools/sss_groupmod.c:174 +msgid "Member groups must be in the same domain as parent group\n" +msgstr "Els grups membres han d'esser al mateix domini que els grups pare\n" + +#: src/tools/sss_groupmod.c:155 src/tools/sss_groupmod.c:182 +#: src/tools/sss_usermod.c:176 src/tools/sss_usermod.c:203 +#, c-format +msgid "" +"Cannot find group %1$s in local domain, only groups in local domain are " +"allowed\n" +msgstr "No s'ha pogut trobar el grup %1$s al domini local, només es permeten els grups al domini local\n" + +#: src/tools/sss_groupmod.c:216 +msgid "Could not modify group - check if member group names are correct\n" +msgstr "No s'ha pogut modificar el grup - comprovau si els noms dels membres del grup són correctes\n" + +#: src/tools/sss_groupmod.c:220 +msgid "Could not modify group - check if groupname is correct\n" +msgstr "No s'ha pogut modificar el grup - comprovau si el nom de grup és correcte\n" + +#: src/tools/sss_groupmod.c:224 +msgid "Transaction error. Could not modify group.\n" +msgstr "S'ha produït un error en la transacció. No s'ha pogut modificar el grup.\n" + +#: src/tools/sss_groupshow.c:598 +#, c-format +msgid "%1$s%2$sGroup: %3$s\n" +msgstr "%1$s%2$sGrup: %3$s\n" + +#: src/tools/sss_groupshow.c:599 +msgid "Magic Private " +msgstr "Privat màgic " + +#: src/tools/sss_groupshow.c:601 +#, c-format +msgid "%1$sGID number: %2$d\n" +msgstr "%1$sNúmero GID: %2$d\n" + +#: src/tools/sss_groupshow.c:603 +#, c-format +msgid "%1$sMember users: " +msgstr "%1$sUsuaris membre: " + +#: src/tools/sss_groupshow.c:610 +#, c-format +msgid "" +"\n" +"%1$sIs a member of: " +msgstr "\n%1$sÉs un membre de: " + +#: src/tools/sss_groupshow.c:617 +#, c-format +msgid "" +"\n" +"%1$sMember groups: " +msgstr "\n%1$sGrups membre: " + +#: src/tools/sss_groupshow.c:653 +msgid "Print indirect group members recursively" +msgstr "Imprimeix els membres de grup indirectes recursivament" + +#: src/tools/sss_groupshow.c:686 +msgid "Specify group to show\n" +msgstr "Especifica el grup a mostrar\n" + +#: src/tools/sss_groupshow.c:725 +msgid "" +"No such group in local domain. Printing groups only allowed in local " +"domain.\n" +msgstr "No s'ha trobat el grup al domini local. L'impressió de grups només es permet al domini local.\n" + +#: src/tools/sss_groupshow.c:730 +msgid "Internal error. Could not print group.\n" +msgstr "S'ha produït un error intern. No es pot imprimir el grup.\n" + +#: src/tools/sss_userdel.c:133 +msgid "Remove home directory and mail spool" +msgstr "Elimina el directori d'usuari i la gestió de cues de correu" + +#: src/tools/sss_userdel.c:135 +msgid "Do not remove home directory and mail spool" +msgstr "No eliminis el directori d'usuari i la gestió de cues de correu" + +#: src/tools/sss_userdel.c:137 +msgid "Force removal of files not owned by the user" +msgstr "Força l'eliminació de fitxers que no són propietat de l'usuari" + +#: src/tools/sss_userdel.c:139 +msgid "Kill users' processes before removing him" +msgstr "Mata els processos de l'usuari abans d'eliminar-lo" + +#: src/tools/sss_userdel.c:184 +msgid "Specify user to delete\n" +msgstr "Especifica l'usuari a eliminar\n" + +#: src/tools/sss_userdel.c:230 +#, c-format +msgid "User %1$s is outside the defined ID range for domain\n" +msgstr "L'usuari %1$s és fora del rang d'IDs del domini\n" + +#: src/tools/sss_userdel.c:255 +msgid "Cannot reset SELinux login context\n" +msgstr "No es pot reiniciar el context d'inici de sessió de SELinux\n" + +#: src/tools/sss_userdel.c:267 +#, c-format +msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n" +msgstr "ATENCIÓ: L'usuari (uid %1$lu) era encara a la sessió quan es va eliminar\n" + +#: src/tools/sss_userdel.c:272 +msgid "Cannot determine if the user was logged in on this platform" +msgstr "No es pot determinar si l'usuari tenia la sessió iniciada a aquesta plataforma" + +#: src/tools/sss_userdel.c:277 +msgid "Error while checking if the user was logged in\n" +msgstr "S'ha produït un error en comprovar si l'usuari havia iniciat la sessió\n" + +#: src/tools/sss_userdel.c:284 +#, c-format +msgid "The post-delete command failed: %1$s\n" +msgstr "La comanda post-eliminació ha fallat: %1$s\n" + +#: src/tools/sss_userdel.c:296 +msgid "Not removing home dir - not owned by user\n" +msgstr "No s'ha eliminat el directori de l'usuari - no és propietat de l'usuari\n" + +#: src/tools/sss_userdel.c:298 +#, c-format +msgid "Cannot remove homedir: %1$s\n" +msgstr "No es pot eliminar el directori d'usuari: %1$s\n" + +#: src/tools/sss_userdel.c:309 +msgid "" +"No such user in local domain. Removing users only allowed in local domain.\n" +msgstr "No s'ha trobat l'usuari al domini local. L'eliminació d'usuaris només es permet al domini local.\n" + +#: src/tools/sss_userdel.c:314 +msgid "Internal error. Could not remove user.\n" +msgstr "S'ha produït un error intern. No s'ha pogut eliminar l'usuari.\n" + +#: src/tools/sss_usermod.c:49 +msgid "The GID of the user" +msgstr "El GID de l'usuari" + +#: src/tools/sss_usermod.c:53 +msgid "Groups to add this user to" +msgstr "Grups als que afegir aquest usuari" + +#: src/tools/sss_usermod.c:54 +msgid "Groups to remove this user from" +msgstr "Grups dels que eliminar aquest usuari" + +#: src/tools/sss_usermod.c:55 +msgid "Lock the account" +msgstr "Bloqueja aquest compte" + +#: src/tools/sss_usermod.c:56 +msgid "Unlock the account" +msgstr "Desbloqueja aquest compte" + +#: src/tools/sss_usermod.c:117 +msgid "Specify user to modify\n" +msgstr "Especifica l'usuari a modificar\n" + +#: src/tools/sss_usermod.c:144 +msgid "" +"Cannot find user in local domain, modifying users is allowed only in local " +"domain\n" +msgstr "No es pot trobar l'usuari al domini local, la modificació d'usuaris només es permet al domini local\n" + +#: src/tools/sss_usermod.c:246 +msgid "Could not modify user - check if group names are correct\n" +msgstr "No s'ha pogut modificar l'usuari - comprovau si els noms dels grups són correctes\n" + +#: src/tools/sss_usermod.c:250 +msgid "Could not modify user - user already member of groups?\n" +msgstr "No s'ha pogut modificar l'usuari - l'usuari ja pertany als grups?\n" + +#: src/tools/sss_usermod.c:254 +msgid "Transaction error. Could not modify user.\n" +msgstr "S'ha produït un error en la transacció. No s'ha pogut modificar l'usuari.\n" + +#: src/tools/sss_cache.c:138 +msgid "No cache object matched the specified search\n" +msgstr "Cap objecte cau ha coincidit amb la cerca especificada\n" + +#: src/tools/sss_cache.c:172 +#, c-format +msgid "No such %1$s named %2$s, skipping\n" +msgstr "Cap %1$s anomenat %2$s, ometent\n" + +#: src/tools/sss_cache.c:175 +#, c-format +msgid "No objects of type %1$s in the cache, skipping\n" +msgstr "Cap objecte del tipus %1$s al cau, ometent\n" + +#: src/tools/sss_cache.c:187 +#, c-format +msgid "Couldn't invalidate %1$s" +msgstr "No s'ha pogut invalidar %1$s" + +#: src/tools/sss_cache.c:194 +#, c-format +msgid "Couldn't invalidate %1$s %2$s" +msgstr "No s'ha pogut invalidar %1$s %2$s" + +#: src/tools/sss_cache.c:323 +msgid "Invalidate particular user" +msgstr "Invalida l'usuari particular" + +#: src/tools/sss_cache.c:325 +msgid "Invalidate all users" +msgstr "Invalida tots els usuaris" + +#: src/tools/sss_cache.c:327 +msgid "Invalidate particular group" +msgstr "Invalida el grup particular" + +#: src/tools/sss_cache.c:329 +msgid "Invalidate all groups" +msgstr "Invalida tots els grups" + +#: src/tools/sss_cache.c:331 +msgid "Invalidate particular netgroup" +msgstr "Invalida el grup de xarxa particular" + +#: src/tools/sss_cache.c:333 +msgid "Invalidate all netgroups" +msgstr "Invalida tots els grups de xarxa" + +#: src/tools/sss_cache.c:335 +msgid "Invalidate particular service" +msgstr "Invalida el servei particular" + +#: src/tools/sss_cache.c:337 +msgid "Invalidate all services" +msgstr "Invalida tots els serveis" + +#: src/tools/sss_cache.c:340 +msgid "Invalidate particular autofs map" +msgstr "Invalida el mapa autofs particular" + +#: src/tools/sss_cache.c:342 +msgid "Invalidate all autofs maps" +msgstr "Invalida tots els mapes autofs" + +#: src/tools/sss_cache.c:345 +msgid "Only invalidate entries from a particular domain" +msgstr "Invalida les entrades només d'un domini particular" + +#: src/tools/sss_cache.c:384 +msgid "Please select at least one object to invalidate\n" +msgstr "Si us plau, seleccionau al menys un objecte per invalidar\n" + +#: src/tools/sss_cache.c:455 +#, c-format +msgid "Could not open domain %1$s\n" +msgstr "No s'ha pogut obrir el domini %1$s\n" + +#: src/tools/sss_cache.c:457 +msgid "Could not open available domains\n" +msgstr "No s'han pogut obrir els dominis disponibles\n" + +#: src/tools/sss_debuglevel.c:43 +msgid "\n" +msgstr "\n" + +#: src/tools/sss_debuglevel.c:102 +msgid "Specify debug level you want to set\n" +msgstr "Especificau el nivell de depuració que voleu establir\n" + +#: src/tools/tools_util.c:280 +msgid "Out of memory\n" +msgstr "Sense memòria\n" + +#: src/tools/tools_util.h:40 +#, c-format +msgid "%1$s must be run as root\n" +msgstr "S'ha d'executar %1$s com a root\n" + +#: src/util/util.h:93 +msgid "Send the debug output to files instead of stderr" +msgstr "Envia la sortida de depuració a fitxers enlloc d'stderr" --- sssd-1.9.1.orig/.tx/config +++ sssd-1.9.1/.tx/config @@ -0,0 +1,13 @@ +[main] +host = https://www.transifex.net + +[sssd.master-po-sssd-pot] +file_filter = po/.po +source_file = po/sssd.pot +source_lang = en + +[sssd.sssd-docspot_1] +file_filter = src/man/po/.po +source_file = src/man/po/sssd-docs.pot +source_lang = en +