diff --git a/.authselect.metadata b/.authselect.metadata
index ef2fd75..3ed04cd 100644
--- a/.authselect.metadata
+++ b/.authselect.metadata
@@ -1,2 +1,2 @@
-816e7213fea7653c5b4a7dde804287b310e9df9a SOURCES/authselect-1.0.tar.gz
-c858c61f42ad793d0fe8f619429866c6df23511b SOURCES/translations-1.0-12.tar.gz
+4f773883b0af96872dec0843bae2a7f00f938c51 SOURCES/authselect-1.1.tar.gz
+62553d67bc13280730ee434e75d9eaa73ba7f5e6 SOURCES/translations-1.1-2.tar.gz
diff --git a/.gitignore b/.gitignore
index 88b93d2..ab01d57 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-SOURCES/authselect-1.0.tar.gz
-SOURCES/translations-1.0-12.tar.gz
+SOURCES/authselect-1.1.tar.gz
+SOURCES/translations-1.1-2.tar.gz
diff --git a/SOURCES/0001-lib-fix-profile-origin-debug-message.patch b/SOURCES/0001-lib-fix-profile-origin-debug-message.patch
deleted file mode 100644
index 2278323..0000000
--- a/SOURCES/0001-lib-fix-profile-origin-debug-message.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 607235797f0503178f81b5a2074803fdddd84071 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 4 Sep 2018 12:33:21 +0200
-Subject: [PATCH 01/16] lib: fix profile origin debug message
-
-Previously, we failed to match the location and always print that
-the selected profile is a default profile.
----
- src/lib/profiles/read.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/lib/profiles/read.c b/src/lib/profiles/read.c
-index 002329090cec29eee7969a5f04634ba1bb214a4c..a3a3e62788a3b3ae493a22a8b8e10170d572fc6f 100644
---- a/src/lib/profiles/read.c
-+++ b/src/lib/profiles/read.c
-@@ -125,9 +125,9 @@ authselect_profile_open(const char *id,
- return ret;
- }
-
-- if (strcmp(location, DIR_CUSTOM_PROFILES) == 0) {
-+ if (strcmp(locations[i], DIR_CUSTOM_PROFILES) == 0) {
- INFO("Profile [%s] is a custom profile", id);
-- } else if (strcmp(location, DIR_VENDOR_PROFILES) == 0) {
-+ } else if (strcmp(locations[i], DIR_VENDOR_PROFILES) == 0) {
- INFO("Profile [%s] is a vendor profile", id);
- } else {
- INFO("Profile [%s] is a default profile", id);
---
-2.17.1
-
diff --git a/SOURCES/0002-man-remove-duplicate-of-with-pamaccess.patch b/SOURCES/0002-man-remove-duplicate-of-with-pamaccess.patch
deleted file mode 100644
index 895394d..0000000
--- a/SOURCES/0002-man-remove-duplicate-of-with-pamaccess.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 3b6ba3c895dfc7a3c6b3fa43d2c76070e45b0d94 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 4 Sep 2018 12:39:16 +0200
-Subject: [PATCH 02/16] man: remove duplicate of with-pamaccess
-
----
- src/man/authselect-migration.7.adoc | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
-index 47544a53efd70b55a75d68d5bcbf3c89f875d7e7..35ba484d576ab8a3d923a124f6b1577085deedd4 100644
---- a/src/man/authselect-migration.7.adoc
-+++ b/src/man/authselect-migration.7.adoc
-@@ -85,7 +85,6 @@ configuration file for required services.
- |--enablefaillock |with-faillock
- |--enablepamaccess |with-pamaccess
- |--enablewinbindkrb5 |with-krb5
--|--enablepamaccess |with-pamaccess
- |==================================================
-
- .Examples
---
-2.17.1
-
diff --git a/SOURCES/0003-Don-t-write-options-without-value-to-pwquality-conf-.patch b/SOURCES/0003-Don-t-write-options-without-value-to-pwquality-conf-.patch
deleted file mode 100644
index 6778ddb..0000000
--- a/SOURCES/0003-Don-t-write-options-without-value-to-pwquality-conf-.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From bf05c4a72237eacf649b09888bdf536e0b7721a5 Mon Sep 17 00:00:00 2001
-From: Adam Williamson <awilliam@redhat.com>
-Date: Tue, 28 Aug 2018 11:49:35 -0700
-Subject: [PATCH 03/16] Don't write options without value to pwquality conf
- (#1618865)
-
-Per https://bugzilla.redhat.com/show_bug.cgi?id=1618865 , it is
-incorrect to write lines like this in a pwquality config file:
-
-minlen=
-minclass=
-maxrepeat=
-maxclassrepeat=
-
-There should either be an actual integer value, or the line
-should be omitted entirely. Including the option with no value
-is wrong and breaks pwquality. This should fix the problem by
-only writing the lines if the option is actually set.
-
-Signed-off-by: Adam Williamson <awilliam@redhat.com>
----
- src/compat/authcompat.py.in.in | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index abe1e585954ccd5ac555339f23c175e941c76ea3..1b4f531b021c1e2e8fd99bd081094da365c0c64e 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -319,10 +319,13 @@ class Configuration:
- def write(self):
- config = EnvironmentFile(Path.System('pwquality.conf'))
-
-- config.set("minlen", self.get("passminlen"))
-- config.set("minclass", self.get("passminclass"))
-- config.set("maxrepeat", self.get("passmaxrepeat"))
-- config.set("maxclassrepeat", self.get("passmaxclassrepeat"))
-+ # for each if these options, we want to write a line to the config
-+ # *only if* it is set to an actual value, see
-+ # https://bugzilla.redhat.com/show_bug.cgi?id=1618865
-+ for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]:
-+ if self.isset("pass{0}".format(pwval)):
-+ config.set(pwval, self.get("pass{0}".format(pwval)))
-+
- config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
- config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
- config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
---
-2.17.1
-
diff --git a/SOURCES/0004-compat-write-only-options-set-on-command-line-to-pwq.patch b/SOURCES/0004-compat-write-only-options-set-on-command-line-to-pwq.patch
deleted file mode 100644
index eeeadfa..0000000
--- a/SOURCES/0004-compat-write-only-options-set-on-command-line-to-pwq.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-From 474404051fe461a1be5d175b3f13da54ddbe0a37 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 4 Sep 2018 11:36:43 +0200
-Subject: [PATCH 04/16] compat: write only options set on command line to
- pwquality.conf
-
-This will not overwrite pwquality.conf if for exapmle "authconfig --update"
-is called. Without this patch the values would get overriden with empty
-values.
----
- src/compat/authcompat.py.in.in | 36 ++++++++++++++++++++++------------
- 1 file changed, 24 insertions(+), 12 deletions(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 1b4f531b021c1e2e8fd99bd081094da365c0c64e..4fa9a6afc1d62aa9dde41b525d473168e6dc2901 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -166,7 +166,10 @@ class Configuration:
- def getBool(self, name):
- return self.options.getBool(name)
-
-- def getBoolAsValue(self, name, if_true, if_false):
-+ def getBoolAsValue(self, name, if_true, if_false, AllowNone=False):
-+ if AllowNone and not self.isset(name):
-+ return None
-+
- value = self.getBool(name)
- if value:
- return if_true
-@@ -318,19 +321,28 @@ class Configuration:
-
- def write(self):
- config = EnvironmentFile(Path.System('pwquality.conf'))
-+ value_set = False
-
-- # for each if these options, we want to write a line to the config
-- # *only if* it is set to an actual value, see
-- # https://bugzilla.redhat.com/show_bug.cgi?id=1618865
-- for pwval in ["minlen", "minclass", "maxrepeat", "maxclassrepeat"]:
-- if self.isset("pass{0}".format(pwval)):
-- config.set(pwval, self.get("pass{0}".format(pwval)))
-+ pwopts = {
-+ "minlen" : self.get("passminlen"),
-+ "minclass" : self.get("passminclass"),
-+ "maxrepeat" : self.get("passmaxrepeat"),
-+ "maxclassrepeat" : self.get("passmaxclassrepeat"),
-+ "lcredit" : self.getBoolAsValue("reqlower", -1, 0, AllowNone=True),
-+ "ucredit" : self.getBoolAsValue("requpper", -1, 0, AllowNone=True),
-+ "dcredit" : self.getBoolAsValue("reqdigit", -1, 0, AllowNone=True),
-+ "ocredit" : self.getBoolAsValue("reqother", -1, 0, AllowNone=True)
-+ }
-
-- config.set("lcredit", self.getBoolAsValue("reqlower", -1, 0))
-- config.set("ucredit", self.getBoolAsValue("requpper", -1, 0))
-- config.set("dcredit", self.getBoolAsValue("reqdigit", -1, 0))
-- config.set("ocredit", self.getBoolAsValue("reqother", -1, 0))
-- config.write()
-+ # Write options only if their are actually set
-+ for opt, value in pwopts.items():
-+ if value is not None:
-+ print(opt + "=" + str(value))
-+ config.set(opt, value)
-+ value_set = True
-+
-+ if value_set:
-+ config.write()
-
- class MakeHomedir(Base):
- def __init__(self, options):
---
-2.17.1
-
diff --git a/SOURCES/0005-compat-fix-regular-expression-for-environment-files.patch b/SOURCES/0005-compat-fix-regular-expression-for-environment-files.patch
deleted file mode 100644
index 08ad514..0000000
--- a/SOURCES/0005-compat-fix-regular-expression-for-environment-files.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-From 8e735cff141bb080409f71b15f31f2aea2ef182e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 4 Sep 2018 11:38:38 +0200
-Subject: [PATCH 05/16] compat: fix regular expression for environment files
-
-Any word character (\w) was not enough as it does not accept e.g. '-'.
-Therefore line like 'ocredit=-1' was incorrectly parse returning only
-'1' as value instead of '-1'.
----
- src/compat/authcompat_EnvironmentFile.py | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/compat/authcompat_EnvironmentFile.py b/src/compat/authcompat_EnvironmentFile.py
-index 529497e61903b3fb89f560b8e0ac0bb38111b46a..5738c6cafaf75109a5c1dbb9d3f040686a4945e1 100644
---- a/src/compat/authcompat_EnvironmentFile.py
-+++ b/src/compat/authcompat_EnvironmentFile.py
-@@ -34,9 +34,9 @@ class EnvironmentFile:
- self.environment = []
-
- delimiter_re = delimiter_re if delimiter_re is not None else delimiter
-- self.pattern = re.compile('^(\s*)(\S*)([^\n\w]*)(' +
-+ self.pattern = re.compile('^(\s*)(\S*)([^\n\S]*)(' +
- delimiter_re +
-- ')([^\n\w]*)(.*)$',
-+ ')([^\n\S]*)(.*)$',
- re.MULTILINE)
-
- self.read()
---
-2.17.1
-
diff --git a/SOURCES/0006-compat-fix-typo-in-compat-tool-that-produces-TypeErr.patch b/SOURCES/0006-compat-fix-typo-in-compat-tool-that-produces-TypeErr.patch
deleted file mode 100644
index 2958adc..0000000
--- a/SOURCES/0006-compat-fix-typo-in-compat-tool-that-produces-TypeErr.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From b2c1f2874b08a0002bbdfac71b7631da1c3f3322 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 24 Sep 2018 12:10:42 +0200
-Subject: [PATCH 06/16] compat: fix typo in compat tool that produces
- "TypeError: 'int' object is not callable"
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/92
----
- src/compat/authcompat_EnvironmentFile.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/compat/authcompat_EnvironmentFile.py b/src/compat/authcompat_EnvironmentFile.py
-index 5738c6cafaf75109a5c1dbb9d3f040686a4945e1..9c12f7c675fe29a76161f83e7fcaa06b3a3fab35 100644
---- a/src/compat/authcompat_EnvironmentFile.py
-+++ b/src/compat/authcompat_EnvironmentFile.py
-@@ -204,7 +204,7 @@ class EnvironmentFile:
- i = value.find("\\", i)
- if i < 0:
- break
-- if i + 1 >= length(value):
-+ if i + 1 >= len(value):
- value = value[0:i]
- break
-
---
-2.17.1
-
diff --git a/SOURCES/0007-compat-use-current-configuration-unless-other-profil.patch b/SOURCES/0007-compat-use-current-configuration-unless-other-profil.patch
deleted file mode 100644
index 10797ff..0000000
--- a/SOURCES/0007-compat-use-current-configuration-unless-other-profil.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 313ccd75397ae3a1801e1532f460519c657adae6 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 11 Sep 2018 11:03:36 +0200
-Subject: [PATCH 07/16] compat: use current configuration unless other profile
- is selected
-
-This makes sure that 'authconfig --updateall' or 'authconfig --enablexyz --updateall'
-will not override current authselect profile if /etc/authconfig/sysconfig does not
-exist.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/82
----
- src/compat/authcompat.py.in.in | 61 ++++++++++++++++++++++++++++------
- 1 file changed, 50 insertions(+), 11 deletions(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 4fa9a6afc1d62aa9dde41b525d473168e6dc2901..96b2c69ce2c10afe6b689a8c4b64aa1e83245b34 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -39,9 +39,11 @@ def eprint(*args, **kwargs):
- class Command:
- TEST = False
-
-- def __init__(self, command, args, input=None):
-+ def __init__(self, command, args, input=None, check=True):
- self.args = [command] + args
- self.input = input.encode() if input is not None else None
-+ self.check = check
-+ self.result = None
-
- def run(self):
- print(_("Executing: %s") % ' '.join(self.args))
-@@ -49,10 +51,10 @@ class Command:
- if self.TEST:
- return
-
-- subprocess.run(self.args, check=True,
-- input=self.input,
-- stdout=subprocess.PIPE,
-- stderr=subprocess.PIPE)
-+ self.result = subprocess.run(self.args, check=self.check,
-+ input=self.input,
-+ stdout=subprocess.PIPE,
-+ stderr=subprocess.PIPE)
-
- class Service:
- def __init__(self, name):
-@@ -506,24 +508,61 @@ class AuthCompat:
- 'winbindkrb5' : 'with-krb5'
- }
-
-- profile = "sssd"
-- if self.options.getBool("nis"):
-+ # Read current configuration first.
-+ (profile, features) = self.getCurrentAuthselectConfig()
-+
-+ # Change profile if requested.
-+ if (self.options.getBool("ldap") or self.options.getBool("ldapauth") or
-+ self.options.getBool("sssd") or self.options.getBool("sssdauth")):
-+ profile = "sssd"
-+ elif self.options.getBool("nis"):
- profile = "nis"
- elif self.options.getBool("winbind"):
- profile = "winbind"
-
-+ # Default to sssd
-+ if profile is None:
-+ profile = "sssd"
-+
-+ # Add enabled and remove disabled features.
-+ for option, feature in map.items():
-+ if not self.options.isset(option):
-+ continue
-+
-+ enabled = self.options.getBool(option)
-+ if enabled:
-+ features.append(feature)
-+ else:
-+ while feature in features:
-+ features.remove(feature)
-+
-+ # Remove duplicates. The order is not kept but that does not matter.
-+ features = list(set(features))
-+
- # Always run with --force. This is either first call of authconfig
- # in installation script or it is run on already configured system.
- # We want to use authselect in both cases anyway, since authconfig
- # would change the configuration either way.
-- args = ["select", profile, "--force"]
-- for option, feature in map.items():
-- if self.options.getBool(option):
-- args.append(feature)
-+ args = ["select", profile]
-+ args.extend(features)
-+ args.append("--force")
-
- cmd = Command(Path.System('cmd-authselect'), args)
- cmd.run()
-
-+ def getCurrentAuthselectConfig(self):
-+ cmd = Command(Path.System('cmd-authselect'), ['check'], check=False)
-+ cmd.run()
-+
-+ if cmd.result.returncode != 0:
-+ return (None, [])
-+
-+ cmd = Command(Path.System('cmd-authselect'), ['current', '--raw'])
-+ cmd.run()
-+
-+ current = cmd.result.stdout.decode("utf-8").split()
-+ return (current[0], current[1:])
-+
- def writeConfiguration(self):
- configs = [
- Configuration.LDAP(self.options),
---
-2.17.1
-
diff --git a/SOURCES/0008-compat-do-not-disable-service-if-its-option-is-not-s.patch b/SOURCES/0008-compat-do-not-disable-service-if-its-option-is-not-s.patch
deleted file mode 100644
index ca32ae8..0000000
--- a/SOURCES/0008-compat-do-not-disable-service-if-its-option-is-not-s.patch
+++ /dev/null
@@ -1,115 +0,0 @@
-From 0f4fec2cf1f4a2430e97a44209de27dd18332c1a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 13 Sep 2018 11:15:05 +0200
-Subject: [PATCH 08/16] compat: do not disable service if its option is not set
-
-If we run 'authconfig --updateall' with empty /etc/sysconfig/authconfig
-file we may actually end up disabling services that were started by user.
-
-This patch makes sure that if a service was not explicitly disabled on
-command line or in sysconfig file we do not touch its state.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/82
----
- src/compat/authcompat.py.in.in | 33 +++++++++++++++++++++++++++++----
- 1 file changed, 29 insertions(+), 4 deletions(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 96b2c69ce2c10afe6b689a8c4b64aa1e83245b34..532227b69f3bb3d124078915bd846009bee7df7a 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -208,9 +208,16 @@ class Configuration:
- super(Configuration.Kerberos, self).__init__(options)
-
- def isEnabled(self):
-- return self.isset("krb5realm") or self.isset("krb5realmdns")
-+ if not self.isset("krb5realm") and not self.isset("krb5realmdns"):
-+ return None
-+
-+ return self.get("krb5realm") != "" or self.getBool("krb5realmdns")
-
- def cleanup(self):
-+ # Do not remove the file if these options are not set
-+ if not self.isset("krb5realm") and not self.isset("krb5realmdns"):
-+ return
-+
- self.removeFile(Path.System('krb5.conf'))
-
- def write(self):
-@@ -240,7 +247,7 @@ class Configuration:
- nisdomain = self.get("nisdomain")
- config = EnvironmentFile(Path.System('network'))
-
-- if nisdomain is None and config.get("NISDOMAIN") is None:
-+ if nisdomain is None:
- return
-
- config.set("NISDOMAIN", nisdomain)
-@@ -251,6 +258,9 @@ class Configuration:
- super(Configuration.SSSD, self).__init__(options, ServiceName="sssd")
-
- def isEnabled(self):
-+ if not self.isset("ldap") and not self.isset("sssd"):
-+ return None
-+
- return self.getBool("ldap") or self.getBool("sssd")
-
- def cleanup(self):
-@@ -288,6 +298,9 @@ class Configuration:
- super(Configuration.Winbind, self).__init__(options, ServiceName="winbind")
-
- def isEnabled(self):
-+ if not self.isset("winbind") and not self.isset("winbindauth"):
-+ return None
-+
- return self.getBool("winbind") or self.getBool("winbindauth")
-
- def write(self):
-@@ -351,6 +364,9 @@ class Configuration:
- super(Configuration.MakeHomedir, self).__init__(options, ServiceName="oddjobd")
-
- def isEnabled(self):
-+ if not self.isset("mkhomedir"):
-+ return None
-+
- return self.getBool("mkhomedir")
-
- def disableService(self, nostop):
-@@ -365,6 +381,9 @@ class Configuration:
- self.ypbind = Service("ypbind")
-
- def isEnabled(self):
-+ if not self.isset("nis"):
-+ return None
-+
- return self.getBool("nis")
-
- def enableService(self, nostart):
-@@ -554,7 +573,7 @@ class AuthCompat:
- cmd = Command(Path.System('cmd-authselect'), ['check'], check=False)
- cmd.run()
-
-- if cmd.result.returncode != 0:
-+ if cmd.result is None or cmd.result.returncode != 0:
- return (None, [])
-
- cmd = Command(Path.System('cmd-authselect'), ['current', '--raw'])
-@@ -582,7 +601,13 @@ class AuthCompat:
- # Enable or disable service if needed
- nostart = self.options.getBool("nostart")
- try:
-- if config.isEnabled():
-+ enabled = config.isEnabled()
-+
-+ # Skip service management if it can not be decided
-+ if enabled is None:
-+ continue
-+
-+ if enabled:
- config.enableService(nostart)
- else:
- config.disableService(nostart)
---
-2.17.1
-
diff --git a/SOURCES/0009-nis-add-all-maps-supported-by-nss_nis.patch b/SOURCES/0009-nis-add-all-maps-supported-by-nss_nis.patch
deleted file mode 100644
index ebf9510..0000000
--- a/SOURCES/0009-nis-add-all-maps-supported-by-nss_nis.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 65fb0c895d2e3f19c8a080407813cf67231340e9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 13 Sep 2018 12:25:05 +0200
-Subject: [PATCH 09/16] nis: add all maps supported by nss_nis
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/86
----
- profiles/nis/nsswitch.conf | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
-index decf6204090c0cc60679d8760de8fbe6fb3ba3b7..20bcea11342b23b2eef7f2c93a912046dc00ec3d 100644
---- a/profiles/nis/nsswitch.conf
-+++ b/profiles/nis/nsswitch.conf
-@@ -1,6 +1,14 @@
--passwd: files nis
--group: files nis
--shadow: files nis
--netgroup: files nis
-+aliases: files nis
- automount: files nis
-+ethers: files nis
-+group: files nis
- hosts: files nis dns myhostname
-+initgroups: files nis
-+netgroup: files nis
-+networks: files nis
-+passwd: files nis
-+protocols: files nis
-+publickey: files nis
-+rpc: files nis
-+services: files nis
-+shadow: files nis
---
-2.17.1
-
diff --git a/SOURCES/0010-nis-add-systemd-module-to-nsswitch.conf.patch b/SOURCES/0010-nis-add-systemd-module-to-nsswitch.conf.patch
deleted file mode 100644
index 3aab068..0000000
--- a/SOURCES/0010-nis-add-systemd-module-to-nsswitch.conf.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 03635249198389f51417dfc89de37487b25a4171 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 13 Sep 2018 12:25:46 +0200
-Subject: [PATCH 10/16] nis: add systemd module to nsswitch.conf
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/89
----
- profiles/nis/nsswitch.conf | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
-index 20bcea11342b23b2eef7f2c93a912046dc00ec3d..4397deb1ef347d5cb8798926f553c373f8c15649 100644
---- a/profiles/nis/nsswitch.conf
-+++ b/profiles/nis/nsswitch.conf
-@@ -1,12 +1,12 @@
- aliases: files nis
- automount: files nis
- ethers: files nis
--group: files nis
-+group: files nis systemd
- hosts: files nis dns myhostname
- initgroups: files nis
- netgroup: files nis
- networks: files nis
--passwd: files nis
-+passwd: files nis systemd
- protocols: files nis
- publickey: files nis
- rpc: files nis
---
-2.17.1
-
diff --git a/SOURCES/0011-nis-add-nis-option-to-pam_unix-in-password-phase.patch b/SOURCES/0011-nis-add-nis-option-to-pam_unix-in-password-phase.patch
deleted file mode 100644
index 286229b..0000000
--- a/SOURCES/0011-nis-add-nis-option-to-pam_unix-in-password-phase.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 9764ce2873a05ec9e81c6979177122f9846a9ee2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 13 Sep 2018 14:30:55 +0200
-Subject: [PATCH 11/16] nis: add nis option to pam_unix in password phase
-
-This option will allow nis users to change their passwords with 'passwd'.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/87
----
- profiles/nis/password-auth | 2 +-
- profiles/nis/system-auth | 2 +-
- 2 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 8f18616eb2d2c228880989ea4cce86b6588b2190..78028e19bbad3965f5232c6b6177d8780d7e1c04 100644
---- a/profiles/nis/password-auth
-+++ b/profiles/nis/password-auth
-@@ -14,7 +14,7 @@ account sufficient pam_succeed_if.so uid <
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass local_users_only
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-+password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
- password required pam_deny.so
-
- session optional pam_keyinit.so revoke
-diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index e0bc4ef2fb4efc825927d13c0ff4b0083e5134ea..2909a546a49f991128c48285fa90a1937fa03513 100644
---- a/profiles/nis/system-auth
-+++ b/profiles/nis/system-auth
-@@ -15,7 +15,7 @@ account sufficient pam_succeed_if.so uid <
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass local_users_only
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-+password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
- password required pam_deny.so
-
- session optional pam_keyinit.so revoke
---
-2.17.1
-
diff --git a/SOURCES/0012-nis-with-nispwquality-will-enable-pwquality-for-nis-.patch b/SOURCES/0012-nis-with-nispwquality-will-enable-pwquality-for-nis-.patch
deleted file mode 100644
index 526ea57..0000000
--- a/SOURCES/0012-nis-with-nispwquality-will-enable-pwquality-for-nis-.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-From 9f3ec1c3a6aa0670479668355c11fd9e7cb4bb7d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 13 Sep 2018 14:37:57 +0200
-Subject: [PATCH 12/16] nis: with-nispwquality will enable pwquality for nis
- users
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/88
----
- profiles/nis/README | 5 +++++
- profiles/nis/password-auth | 2 +-
- profiles/nis/system-auth | 2 +-
- 3 files changed, 7 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/nis/README b/profiles/nis/README
-index 6335fcfb051f01b7acdd4fde689de0d77c0d43a1..b4ffb8b56d8f9930ee5b70f34d0ba7a2dc35dae0 100644
---- a/profiles/nis/README
-+++ b/profiles/nis/README
-@@ -33,6 +33,11 @@ with-silent-lastlog::
- with-pamaccess::
- Check access.conf during account authorization.
-
-+with-nispwquality::
-+ If this option is set pam_pwquality module will check password quality
-+ for NIS users as well as local users during password change. Without this
-+ option only local users passwords are checked.
-+
- EXAMPLES
- --------
- * Enable NIS with no additional modules
-diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 78028e19bbad3965f5232c6b6177d8780d7e1c04..159da35740cfdf1396a8bc8a97c397919f056797 100644
---- a/profiles/nis/password-auth
-+++ b/profiles/nis/password-auth
-@@ -13,7 +13,7 @@ account sufficient pam_localuser.so
- account sufficient pam_succeed_if.so uid < 1000 quiet
- account required pam_permit.so
-
--password requisite pam_pwquality.so try_first_pass local_users_only
-+password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
- password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
- password required pam_deny.so
-
-diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index 2909a546a49f991128c48285fa90a1937fa03513..5f941f264b6adf2ca5cdc67685ed227ecc180ac7 100644
---- a/profiles/nis/system-auth
-+++ b/profiles/nis/system-auth
-@@ -14,7 +14,7 @@ account sufficient pam_localuser.so
- account sufficient pam_succeed_if.so uid < 1000 quiet
- account required pam_permit.so
-
--password requisite pam_pwquality.so try_first_pass local_users_only
-+password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
- password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
- password required pam_deny.so
-
---
-2.17.1
-
diff --git a/SOURCES/0013-profiles-add-without-nullok.patch b/SOURCES/0013-profiles-add-without-nullok.patch
deleted file mode 100644
index 2b842b2..0000000
--- a/SOURCES/0013-profiles-add-without-nullok.patch
+++ /dev/null
@@ -1,196 +0,0 @@
-From 325b2f075e57c8495aa040542265fbcbf0f6ff64 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 18 Sep 2018 14:04:46 +0200
-Subject: [PATCH 13/16] profiles: add without-nullok
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/94
----
- profiles/nis/README | 3 +++
- profiles/nis/password-auth | 4 ++--
- profiles/nis/system-auth | 4 ++--
- profiles/sssd/README | 3 +++
- profiles/sssd/password-auth | 4 ++--
- profiles/sssd/system-auth | 4 ++--
- profiles/winbind/README | 3 +++
- profiles/winbind/password-auth | 4 ++--
- profiles/winbind/system-auth | 4 ++--
- 9 files changed, 21 insertions(+), 12 deletions(-)
-
-diff --git a/profiles/nis/README b/profiles/nis/README
-index b4ffb8b56d8f9930ee5b70f34d0ba7a2dc35dae0..34789b1e7643f0df082d40e0e87cb3d0823bba56 100644
---- a/profiles/nis/README
-+++ b/profiles/nis/README
-@@ -38,6 +38,9 @@ with-nispwquality::
- for NIS users as well as local users during password change. Without this
- option only local users passwords are checked.
-
-+without-nullok::
-+ Do not add nullok parameter to pam_unix.
-+
- EXAMPLES
- --------
- * Enable NIS with no additional modules
-diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 159da35740cfdf1396a8bc8a97c397919f056797..615544d16f7fc8551cb06a221825526f12cbfc64 100644
---- a/profiles/nis/password-auth
-+++ b/profiles/nis/password-auth
-@@ -1,7 +1,7 @@
- auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
--auth sufficient pam_unix.so nullok try_first_pass
-+auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
- auth required pam_deny.so
-@@ -14,7 +14,7 @@ account sufficient pam_succeed_if.so uid <
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
-+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok nis
- password required pam_deny.so
-
- session optional pam_keyinit.so revoke
-diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index 5f941f264b6adf2ca5cdc67685ed227ecc180ac7..a41828d8972537b1b24d0ff21cd52976fba6646d 100644
---- a/profiles/nis/system-auth
-+++ b/profiles/nis/system-auth
-@@ -2,7 +2,7 @@ auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
- auth sufficient pam_fprintd.so {include if "with-fingerprint"}
--auth sufficient pam_unix.so nullok try_first_pass
-+auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
- auth required pam_deny.so
-@@ -15,7 +15,7 @@ account sufficient pam_succeed_if.so uid <
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass {if not "with-nispwquality":local_users_only}
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok nis
-+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok nis
- password required pam_deny.so
-
- session optional pam_keyinit.so revoke
-diff --git a/profiles/sssd/README b/profiles/sssd/README
-index 34693ba3c02b1005c5cca889316ccc0958c94eef..a2fbf66323f4893391474de49f323c06123a2ebf 100644
---- a/profiles/sssd/README
-+++ b/profiles/sssd/README
-@@ -56,6 +56,9 @@ with-sudo::
- with-pamaccess::
- Check access.conf during account authorization.
-
-+without-nullok::
-+ Do not add nullok parameter to pam_unix.
-+
- EXAMPLES
- --------
-
-diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
-index 82082b03e3223010b5d3f3eff348b2e3882fcfc4..e35c8d6943b8289d8b65d7a47b2dad8143b6132b 100644
---- a/profiles/sssd/password-auth
-+++ b/profiles/sssd/password-auth
-@@ -3,7 +3,7 @@ auth required pam_faildelay.so delay=
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
- auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
- auth [default=1 ignore=ignore success=ok] pam_localuser.so
--auth sufficient pam_unix.so nullok try_first_pass
-+auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth sufficient pam_sss.so forward_pass
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
-@@ -18,7 +18,7 @@ account [default=bad success=ok user_unknown=ignore] pam_sss.so
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass local_users_only
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
- password sufficient pam_sss.so use_authtok
- password required pam_deny.so
-
-diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 00a360d034a363f9d29f1281a502e11939f00836..02922b16903372598052e36f3713ca5c3f4c8418 100644
---- a/profiles/sssd/system-auth
-+++ b/profiles/sssd/system-auth
-@@ -4,7 +4,7 @@ auth required pam_faillock.so preauth
- auth sufficient pam_fprintd.so {include if "with-fingerprint"}
- auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
- auth [default=1 ignore=ignore success=ok] pam_localuser.so
--auth sufficient pam_unix.so nullok try_first_pass
-+auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth sufficient pam_sss.so forward_pass
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
-@@ -19,7 +19,7 @@ account [default=bad success=ok user_unknown=ignore] pam_sss.so
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass local_users_only
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
- password sufficient pam_sss.so use_authtok
- password required pam_deny.so
-
-diff --git a/profiles/winbind/README b/profiles/winbind/README
-index fe3f879f4e76ecc877053c63ed9b0da93a12afa8..a824c7e78954bafffa6500e45a6e826835fd2b58 100644
---- a/profiles/winbind/README
-+++ b/profiles/winbind/README
-@@ -48,6 +48,9 @@ with-silent-lastlog::
- with-pamaccess::
- Check access.conf during account authorization.
-
-+without-nullok::
-+ Do not add nullok parameter to pam_unix.
-+
- EXAMPLES
- --------
- * Enable winbind with no additional modules
-diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
-index c7498f06f0ddaab4804444a213454b0ef56886e4..c984d817c537c48a358c644083a4f8979181dd1d 100644
---- a/profiles/winbind/password-auth
-+++ b/profiles/winbind/password-auth
-@@ -1,7 +1,7 @@
- auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
--auth sufficient pam_unix.so nullok try_first_pass
-+auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
-@@ -16,7 +16,7 @@ account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "wit
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass local_users_only
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
- password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok
- password required pam_deny.so
-
-diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
-index 4d433ae6ec7782203f240ce66c6e6a7551bb42d6..33dc491c2125c7fe06d6475369f1654a900c7050 100644
---- a/profiles/winbind/system-auth
-+++ b/profiles/winbind/system-auth
-@@ -2,7 +2,7 @@ auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
- auth sufficient pam_fprintd.so {include if "with-fingerprint"}
--auth sufficient pam_unix.so nullok try_first_pass
-+auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_first_pass
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
-@@ -17,7 +17,7 @@ account [default=bad success=ok user_unknown=ignore] pam_winbind.so {if "wit
- account required pam_permit.so
-
- password requisite pam_pwquality.so try_first_pass local_users_only
--password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
-+password sufficient pam_unix.so sha512 shadow {if not "without-nullok":nullok} try_first_pass use_authtok
- password sufficient pam_winbind.so {if "with-krb5":krb5_auth} use_authtok
- password required pam_deny.so
-
---
-2.17.1
-
diff --git a/SOURCES/0014-profiles-add-options-to-exclude-lines-from-nsswitch..patch b/SOURCES/0014-profiles-add-options-to-exclude-lines-from-nsswitch..patch
deleted file mode 100644
index 8b545a7..0000000
--- a/SOURCES/0014-profiles-add-options-to-exclude-lines-from-nsswitch..patch
+++ /dev/null
@@ -1,210 +0,0 @@
-From be3cea05e06cbfcfbd684b46c49fcdc8f8f5b880 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 18 Sep 2018 14:28:18 +0200
-Subject: [PATCH 14/16] profiles: add options to exclude lines from
- nsswitch.conf
-
-There is a common use case that users want to change lines in nsswitch.conf
-but do not want to create a whole custom profile. This applies especially
-to nis profile as it sets all nsswitch databases and thus renders recently
-added user-nsswitch.conf useless.
-
-For distributing company wide configuration, custom profiles should be used though.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/95
----
- profiles/nis/README | 50 ++++++++++++++++++++++++++++++++++
- profiles/nis/nsswitch.conf | 28 +++++++++----------
- profiles/sssd/README | 26 ++++++++++++++++++
- profiles/sssd/nsswitch.conf | 12 ++++----
- profiles/winbind/README | 14 ++++++++++
- profiles/winbind/nsswitch.conf | 4 +--
- 6 files changed, 112 insertions(+), 22 deletions(-)
-
-diff --git a/profiles/nis/README b/profiles/nis/README
-index 34789b1e7643f0df082d40e0e87cb3d0823bba56..3911959c59287d2d5425ef304f744ff4cd5b408d 100644
---- a/profiles/nis/README
-+++ b/profiles/nis/README
-@@ -41,6 +41,56 @@ with-nispwquality::
- without-nullok::
- Do not add nullok parameter to pam_unix.
-
-+DISABLE SPECIFIC NSSWITCH DATABASES
-+-----------------------------------
-+
-+Normally, nsswitch databases set by the profile overwrites values set in
-+user-nsswitch.conf. The following options can force authselect to
-+ignore value set by the profile and use the one set in user-nsswitch.conf
-+instead.
-+
-+with-custom-aliases::
-+Ignore "aliases" map set by the profile.
-+
-+with-custom-automount::
-+Ignore "automount" map set by the profile.
-+
-+with-custom-ethers::
-+Ignore "ethers" map set by the profile.
-+
-+with-custom-group::
-+Ignore "group" map set by the profile.
-+
-+with-custom-hosts::
-+Ignore "hosts" map set by the profile.
-+
-+with-custom-initgroups::
-+Ignore "initgroups" map set by the profile.
-+
-+with-custom-netgroup::
-+Ignore "netgroup" map set by the profile.
-+
-+with-custom-networks::
-+Ignore "networks" map set by the profile.
-+
-+with-custom-passwd::
-+Ignore "passwd" map set by the profile.
-+
-+with-custom-protocols::
-+Ignore "protocols" map set by the profile.
-+
-+with-custom-publickey::
-+Ignore "publickey" map set by the profile.
-+
-+with-custom-rpc::
-+Ignore "rpc" map set by the profile.
-+
-+with-custom-services::
-+Ignore "services" map set by the profile.
-+
-+with-custom-shadow::
-+Ignore "shadow" map set by the profile.
-+
- EXAMPLES
- --------
- * Enable NIS with no additional modules
-diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
-index 4397deb1ef347d5cb8798926f553c373f8c15649..f5451657f3d8b988b633304d549a3242257715d3 100644
---- a/profiles/nis/nsswitch.conf
-+++ b/profiles/nis/nsswitch.conf
-@@ -1,14 +1,14 @@
--aliases: files nis
--automount: files nis
--ethers: files nis
--group: files nis systemd
--hosts: files nis dns myhostname
--initgroups: files nis
--netgroup: files nis
--networks: files nis
--passwd: files nis systemd
--protocols: files nis
--publickey: files nis
--rpc: files nis
--services: files nis
--shadow: files nis
-+aliases: files nis {exclude if "with-custom-aliases"}
-+automount: files nis {exclude if "with-custom-automount"}
-+ethers: files nis {exclude if "with-custom-ethers"}
-+group: files nis systemd {exclude if "with-custom-group"}
-+hosts: files nis dns myhostname {exclude if "with-custom-hosts"}
-+initgroups: files nis {exclude if "with-custom-initgroups"}
-+netgroup: files nis {exclude if "with-custom-netgroup"}
-+networks: files nis {exclude if "with-custom-networks"}
-+passwd: files nis systemd {exclude if "with-custom-passwd"}
-+protocols: files nis {exclude if "with-custom-protocols"}
-+publickey: files nis {exclude if "with-custom-publickey"}
-+rpc: files nis {exclude if "with-custom-rpc"}
-+services: files nis {exclude if "with-custom-services"}
-+shadow: files nis {exclude if "with-custom-shadow"}
-\ No newline at end of file
-diff --git a/profiles/sssd/README b/profiles/sssd/README
-index a2fbf66323f4893391474de49f323c06123a2ebf..42293ab39c628c285921b8b47c4a763fd0215472 100644
---- a/profiles/sssd/README
-+++ b/profiles/sssd/README
-@@ -59,6 +59,32 @@ with-pamaccess::
- without-nullok::
- Do not add nullok parameter to pam_unix.
-
-+DISABLE SPECIFIC NSSWITCH DATABASES
-+-----------------------------------
-+
-+Normally, nsswitch databases set by the profile overwrites values set in
-+user-nsswitch.conf. The following options can force authselect to
-+ignore value set by the profile and use the one set in user-nsswitch.conf
-+instead.
-+
-+with-custom-passwd::
-+Ignore "passwd" database set by the profile.
-+
-+with-custom-group::
-+Ignore "group" database set by the profile.
-+
-+with-custom-netgroup::
-+Ignore "netgroup" database set by the profile.
-+
-+with-custom-automount::
-+Ignore "automount" database set by the profile.
-+
-+with-custom-services::
-+Ignore "services" database set by the profile.
-+
-+with-custom-sudoers::
-+Ignore "sudoers" database set by the profile.
-+
- EXAMPLES
- --------
-
-diff --git a/profiles/sssd/nsswitch.conf b/profiles/sssd/nsswitch.conf
-index 5d05102ee8836f5bbce5f0527b87b1559fbe664e..9734bbbe68e7cf73a4a560e3573162d353e551e8 100644
---- a/profiles/sssd/nsswitch.conf
-+++ b/profiles/sssd/nsswitch.conf
-@@ -1,6 +1,6 @@
--passwd: sss files systemd
--group: sss files systemd
--netgroup: sss files
--automount: sss files
--services: sss files
--sudoers: files sss {include if "with-sudo"}
-+passwd: sss files systemd {exclude if "with-custom-passwd"}
-+group: sss files systemd {exclude if "with-custom-group"}
-+netgroup: sss files {exclude if "with-custom-netgroup"}
-+automount: sss files {exclude if "with-custom-automount"}
-+services: sss files {exclude if "with-custom-services"}
-+sudoers: files sss {include if "with-sudo"}
-diff --git a/profiles/winbind/README b/profiles/winbind/README
-index a824c7e78954bafffa6500e45a6e826835fd2b58..cd1606800d77eeb93be918f17fe47c2586b2519d 100644
---- a/profiles/winbind/README
-+++ b/profiles/winbind/README
-@@ -51,6 +51,20 @@ with-pamaccess::
- without-nullok::
- Do not add nullok parameter to pam_unix.
-
-+DISABLE SPECIFIC NSSWITCH DATABASES
-+-----------------------------------
-+
-+Normally, nsswitch databases set by the profile overwrites values set in
-+user-nsswitch.conf. The following options can force authselect to
-+ignore value set by the profile and use the one set in user-nsswitch.conf
-+instead.
-+
-+with-custom-passwd::
-+Ignore "passwd" database set by the profile.
-+
-+with-custom-group::
-+Ignore "group" database set by the profile.
-+
- EXAMPLES
- --------
- * Enable winbind with no additional modules
-diff --git a/profiles/winbind/nsswitch.conf b/profiles/winbind/nsswitch.conf
-index 3018a7526ece30236969ce69dce729998c9a57de..8a23bd71935eb26c5093e4b2080b1d91b6de5582 100644
---- a/profiles/winbind/nsswitch.conf
-+++ b/profiles/winbind/nsswitch.conf
-@@ -1,2 +1,2 @@
--passwd: files winbind systemd
--group: files winbind systemd
-+passwd: files winbind systemd {exclude if "with-custom-passwd"}
-+group: files winbind systemd {exclude if "with-custom-group"}
---
-2.17.1
-
diff --git a/SOURCES/0015-compat-do-not-stop-rpcbind-only-start-it.patch b/SOURCES/0015-compat-do-not-stop-rpcbind-only-start-it.patch
deleted file mode 100644
index 11d49ef..0000000
--- a/SOURCES/0015-compat-do-not-stop-rpcbind-only-start-it.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From c8456ad275ce96648927e9146de23ee73e334f09 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 25 Sep 2018 10:58:50 +0200
-Subject: [PATCH 15/16] compat: do not stop rpcbind, only start it
-
-Stopping rpcbind on a nis server will also stop ypserv as it depends
-on rpcbind. There is no need to actually restart this service so we
-only make sure that it is up and running.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/100
----
- src/compat/authcompat.py.in.in | 7 ++++---
- 1 file changed, 4 insertions(+), 3 deletions(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 532227b69f3bb3d124078915bd846009bee7df7a..0be644222a44185cb08ff696afad5adf05995093 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -80,8 +80,9 @@ class Service:
- cmd = Command(Path.System("cmd-systemctl"), ["disable", self.name])
- self.runsystemd(cmd, False, 1)
-
-- def start(self):
-- self.stop()
-+ def start(self, Restart=True):
-+ if Restart:
-+ self.stop()
- cmd = Command(Path.System("cmd-systemctl"), ["start", self.name])
- self.runsystemd(cmd, True, 5)
-
-@@ -404,7 +405,7 @@ class Configuration:
- self.ypbind.enable()
-
- if not nostart:
-- self.rpcbind.start()
-+ self.rpcbind.start(Restart=False)
- self.ypbind.start()
-
- def disableService(self, nostop):
---
-2.17.1
-
diff --git a/SOURCES/0016-sssd-document-that-this-profile-can-be-used-also-wit.patch b/SOURCES/0016-sssd-document-that-this-profile-can-be-used-also-wit.patch
deleted file mode 100644
index cc4c75a..0000000
--- a/SOURCES/0016-sssd-document-that-this-profile-can-be-used-also-wit.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From 766fb1c67f0b0cef0734756704d603df7d322a4c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 26 Sep 2018 13:32:31 +0200
-Subject: [PATCH 16/16] sssd: document that this profile can be used also with
- sssd disabled
-
-https://github.com/pbrezina/authselect/issues/99
----
- profiles/sssd/README | 14 ++++++++++++--
- 1 file changed, 12 insertions(+), 2 deletions(-)
-
-diff --git a/profiles/sssd/README b/profiles/sssd/README
-index 42293ab39c628c285921b8b47c4a763fd0215472..c597afecff112e8af7905de9b6a8db77d5c3227c 100644
---- a/profiles/sssd/README
-+++ b/profiles/sssd/README
-@@ -1,5 +1,5 @@
--Enable SSSD for system authentication
--=====================================
-+Enable SSSD for system authentication (also for local users only)
-+=================================================================
-
- Selecting this profile will enable SSSD as the source of identity
- and authentication providers.
-@@ -12,6 +12,16 @@ to connect to multiple different account sources.
- More information about SSSD can be found on its project page:
- https://pagure.io/SSSD/sssd
-
-+By default, local users are served from SSSD rather then local files if SSSD
-+is enabled (however they authenticate via pam_unix). This have a performance
-+benefit since SSSD caches the files content in fast in-memory cache and thus
-+reduces number of disk operations.
-+
-+However, if you do not want to keep SSSD running on your machine, you can
-+keep this profile selected and just disable SSSD service. The resulting
-+configuration will still work correctly even with SSSD disabled and local users
-+and groups will be read from local files directly.
-+
- SSSD CONFIGURATION
- ------------------
-
---
-2.17.1
-
diff --git a/SOURCES/0017-sssd-add-support-for-local-users-authentication-via-.patch b/SOURCES/0017-sssd-add-support-for-local-users-authentication-via-.patch
deleted file mode 100644
index 9563104..0000000
--- a/SOURCES/0017-sssd-add-support-for-local-users-authentication-via-.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From 088a2b92742cab5e1d8f71452c2ae0c0f183a6fd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 8 Oct 2018 12:34:09 +0200
-Subject: [PATCH 1/2] sssd: add support for local users authentication via
- smart card
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/23
----
- profiles/sssd/system-auth | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 02922b16903372598052e36f3713ca5c3f4c8418..a3d351cd5c37fb065892a0b71ec5323fd13a957d 100644
---- a/profiles/sssd/system-auth
-+++ b/profiles/sssd/system-auth
-@@ -3,7 +3,9 @@ auth required pam_faildelay.so delay=
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
- auth sufficient pam_fprintd.so {include if "with-fingerprint"}
- auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
--auth [default=1 ignore=ignore success=ok] pam_localuser.so
-+auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
-+auth [default=2 ignore=ignore success=ok] pam_localuser.so {include if "with-smartcard"}
-+auth [success=done authinfo_unavail=ignore ignore=ignore default=die] pam_sss.so try_cert_auth {include if "with-smartcard"}
- auth sufficient pam_unix.so {if not "without-nullok":nullok} try_first_pass
- auth requisite pam_succeed_if.so uid >= 1000 quiet_success
- auth sufficient pam_sss.so forward_pass
---
-2.17.1
-
diff --git a/SOURCES/0018-sssd-add-with-smartcard-required-feature.patch b/SOURCES/0018-sssd-add-with-smartcard-required-feature.patch
deleted file mode 100644
index 4d8dc72..0000000
--- a/SOURCES/0018-sssd-add-with-smartcard-required-feature.patch
+++ /dev/null
@@ -1,81 +0,0 @@
-From 396089c2acc76bef59040d22c4170673ac4009bf Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 8 Oct 2018 12:58:41 +0200
-Subject: [PATCH 2/2] sssd: add with-smartcard-required feature
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/104
----
- profiles/sssd/README | 6 ++++++
- profiles/sssd/dconf-db | 1 +
- profiles/sssd/fingerprint-auth | 1 +
- profiles/sssd/password-auth | 1 +
- profiles/sssd/system-auth | 1 +
- 5 files changed, 10 insertions(+)
-
-diff --git a/profiles/sssd/README b/profiles/sssd/README
-index c597afecff112e8af7905de9b6a8db77d5c3227c..acbb635729c2b4a69a91cafe4bec76b030967967 100644
---- a/profiles/sssd/README
-+++ b/profiles/sssd/README
-@@ -53,6 +53,12 @@ with-smartcard::
-
- with-smartcard-lock-on-removal::
- Lock screen when a smartcard is removed.
-+ Note: "with-smartcard" must be set as well.
-+
-+with-smartcard-required::
-+ Smartcard authentication is required. No other means of authentication
-+ (including password) will be enabled.
-+ Note: "with-smartcard" must be set as well.
-
- with-fingerprint::
- Enable authentication with fingerprint reader through *pam_fprintd*.
-diff --git a/profiles/sssd/dconf-db b/profiles/sssd/dconf-db
-index cf22698fcc8a292c1bf68466f943595ca54c7b27..b24f783eb700713386d66857de2532482d15ce7c 100644
---- a/profiles/sssd/dconf-db
-+++ b/profiles/sssd/dconf-db
-@@ -1,6 +1,7 @@
- [org/gnome/login-screen]
- enable-smartcard-authentication={if "with-smartcard":true|false}
- enable-fingerprint-authentication={if "with-fingerprint":true|false}
-+enable-password-authentication={if "with-smartcard-required":false|true}
-
- [org/gnome/settings-daemon/peripherals/smartcard] {include if "with-smartcard-lock-on-removal"}
- removal-action='lock-screen' {include if "with-smartcard-lock-on-removal"}
-diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index 01a5d21748f8e84acde23a0926782cf817fefc79..01b70f3533149d00700859f3e0a1c3f2abb33a8a 100644
---- a/profiles/sssd/fingerprint-auth
-+++ b/profiles/sssd/fingerprint-auth
-@@ -1,5 +1,6 @@
- {continue if "with-fingerprint"}
- auth required pam_env.so
-+auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"}
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
- auth sufficient pam_fprintd.so
- auth required pam_faillock.so authfail deny=4 unlock_time=1200 {include if "with-faillock"}
-diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
-index e35c8d6943b8289d8b65d7a47b2dad8143b6132b..3205f261dd8c898baf292c252ebdb346fcb779bb 100644
---- a/profiles/sssd/password-auth
-+++ b/profiles/sssd/password-auth
-@@ -1,5 +1,6 @@
- auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
-+auth required pam_deny.so # Smartcard authentication is required {include if "with-smartcard-required"}
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
- auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
- auth [default=1 ignore=ignore success=ok] pam_localuser.so
-diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index a3d351cd5c37fb065892a0b71ec5323fd13a957d..982cada1f774e6d53dd75c9f5dbc0603337cd70b 100644
---- a/profiles/sssd/system-auth
-+++ b/profiles/sssd/system-auth
-@@ -1,6 +1,7 @@
- auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
-+auth [success=done ignore=ignore default=die] pam_sss.so require_cert_auth ignore_authinfo_unavail {include if "with-smartcard-required"}
- auth sufficient pam_fprintd.so {include if "with-fingerprint"}
- auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
- auth [default=1 ignore=ignore success=ok] pam_localuser.so {exclude if "with-smartcard"}
---
-2.17.1
-
diff --git a/SOURCES/0019-sssd-remove-with-sudo-duplicate-from-readme.patch b/SOURCES/0019-sssd-remove-with-sudo-duplicate-from-readme.patch
deleted file mode 100644
index 9884540..0000000
--- a/SOURCES/0019-sssd-remove-with-sudo-duplicate-from-readme.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From ea730381abb2bd5e7a33ed5e3a71e19ce939b32f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 12 Nov 2018 12:10:21 +0100
-Subject: [PATCH 01/15] sssd: remove with-sudo duplicate from readme
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/108
----
- profiles/sssd/README | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/profiles/sssd/README b/profiles/sssd/README
-index acbb635729c2b4a69a91cafe4bec76b030967967..016f2019cd60aef1194a1cfa740955b51cfe0b24 100644
---- a/profiles/sssd/README
-+++ b/profiles/sssd/README
-@@ -43,9 +43,6 @@ with-mkhomedir::
- with-ecryptfs::
- Enable automatic per-user ecryptfs.
-
--with-sudo::
-- Use SSSD as a source of sudo rules.
--
- with-smartcard::
- Enable authentication with smartcards through SSSD. Please note that
- smartcard support must be also explicitly enabled within
---
-2.17.2
-
diff --git a/SOURCES/0020-profiles-end-all-files-with-new-line.patch b/SOURCES/0020-profiles-end-all-files-with-new-line.patch
deleted file mode 100644
index 828137e..0000000
--- a/SOURCES/0020-profiles-end-all-files-with-new-line.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From 9cb658e150fc3fc55187ad0487d16963473547ac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 12 Nov 2018 12:17:39 +0100
-Subject: [PATCH 02/15] profiles: end all files with new line
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/103
----
- profiles/nis/dconf-locks | 2 +-
- profiles/nis/nsswitch.conf | 2 +-
- profiles/winbind/dconf-locks | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/profiles/nis/dconf-locks b/profiles/nis/dconf-locks
-index 7a03033ec33e99ce86e7520103c3da9db570edd6..8a36fa9568344338272786394aece872185d0ab3 100644
---- a/profiles/nis/dconf-locks
-+++ b/profiles/nis/dconf-locks
-@@ -1,2 +1,2 @@
- /org/gnome/login-screen/enable-smartcard-authentication
--/org/gnome/login-screen/enable-fingerprint-authentication
-\ No newline at end of file
-+/org/gnome/login-screen/enable-fingerprint-authentication
-diff --git a/profiles/nis/nsswitch.conf b/profiles/nis/nsswitch.conf
-index f5451657f3d8b988b633304d549a3242257715d3..9bee7d839f84ff39d54cb6ead9dea38e51736b4d 100644
---- a/profiles/nis/nsswitch.conf
-+++ b/profiles/nis/nsswitch.conf
-@@ -11,4 +11,4 @@ protocols: files nis {exclude if "with-custom-protocols"}
- publickey: files nis {exclude if "with-custom-publickey"}
- rpc: files nis {exclude if "with-custom-rpc"}
- services: files nis {exclude if "with-custom-services"}
--shadow: files nis {exclude if "with-custom-shadow"}
-\ No newline at end of file
-+shadow: files nis {exclude if "with-custom-shadow"}
-diff --git a/profiles/winbind/dconf-locks b/profiles/winbind/dconf-locks
-index 7a03033ec33e99ce86e7520103c3da9db570edd6..8a36fa9568344338272786394aece872185d0ab3 100644
---- a/profiles/winbind/dconf-locks
-+++ b/profiles/winbind/dconf-locks
-@@ -1,2 +1,2 @@
- /org/gnome/login-screen/enable-smartcard-authentication
--/org/gnome/login-screen/enable-fingerprint-authentication
-\ No newline at end of file
-+/org/gnome/login-screen/enable-fingerprint-authentication
---
-2.17.2
-
diff --git a/SOURCES/0021-compat-add-support-for-with-smartcard-required-enabl.patch b/SOURCES/0021-compat-add-support-for-with-smartcard-required-enabl.patch
deleted file mode 100644
index 0bbf488..0000000
--- a/SOURCES/0021-compat-add-support-for-with-smartcard-required-enabl.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-From c939585dc440e2b2ccaeea82ce3cf42c990dbe23 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 12 Nov 2018 12:49:39 +0100
-Subject: [PATCH 03/15] compat: add support for with-smartcard-required
- (--enablerequiresmartcard)
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/109
----
- src/compat/authcompat.py.in.in | 15 ++++++++-------
- src/compat/authcompat_Options.py | 4 ++--
- 2 files changed, 10 insertions(+), 9 deletions(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 42cc6f3c0e38d8e14d62bd5acdc171176a6cb51f..accb3385ade908c07451ee4824d6b62b012ea317 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -518,13 +518,14 @@ class AuthCompat:
-
- def runAuthselect(self):
- map = {
-- 'smartcard' : 'with-smartcard',
-- 'fingerprint' : 'with-fingerprint',
-- 'ecryptfs' : 'with-ecryptfs',
-- 'mkhomedir' : 'with-mkhomedir',
-- 'faillock' : 'with-faillock',
-- 'pamaccess' : 'with-pamaccess',
-- 'winbindkrb5' : 'with-krb5'
-+ 'smartcard' : 'with-smartcard',
-+ 'requiresmartcard' : 'with-smartcard-required',
-+ 'fingerprint' : 'with-fingerprint',
-+ 'ecryptfs' : 'with-ecryptfs',
-+ 'mkhomedir' : 'with-mkhomedir',
-+ 'faillock' : 'with-faillock',
-+ 'pamaccess' : 'with-pamaccess',
-+ 'winbindkrb5' : 'with-krb5'
- }
-
- # Read current configuration first.
-diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
-index e77b4407c7cd385b66a8a97795cece7f33571ff6..c8f52ab6773c4cd5371f32121dba8053f3443261 100644
---- a/src/compat/authcompat_Options.py
-+++ b/src/compat/authcompat_Options.py
-@@ -13,7 +13,7 @@
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
--# GNU General Public License for more details.
-+# GNU General Public License for morerequi details.
- #
- # You should have received a copy of the GNU General Public License
- # along with this program. If not, see <http://www.gnu.org/licenses/>.
-@@ -91,6 +91,7 @@ class Options:
- Option.Feature("rfc2307bis", _("use of RFC-2307bis schema for LDAP user information lookups")),
- Option.Feature("smartcard", _("authentication with smart card by default")),
- Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
-+ Option.Feature("requiresmartcard",_("require smart card for authentication by default")),
- Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
- Option.Feature("krb5", _("Kerberos authentication by default")),
-@@ -146,7 +147,6 @@ class Options:
- Option.UnsupportedSwitch ("usemd5"),
- Option.UnsupportedValued ("passalgo", _("<descrypt|bigcrypt|md5|sha256|sha512>")),
- Option.UnsupportedValued ("ldaploadcacert", _("<URL>")),
-- Option.UnsupportedFeature("requiresmartcard"),
- Option.UnsupportedValued ("smartcardmodule", _("<module>")),
- Option.UnsupportedValued ("smbsecurity", _("<user|server|domain|ads>")),
- Option.UnsupportedValued ("smbrealm", _("<realm>")),
---
-2.17.2
-
diff --git a/SOURCES/0022-compat-support-with-smartcard-lock-on-removal-smartc.patch b/SOURCES/0022-compat-support-with-smartcard-lock-on-removal-smartc.patch
deleted file mode 100644
index 88f1e54..0000000
--- a/SOURCES/0022-compat-support-with-smartcard-lock-on-removal-smartc.patch
+++ /dev/null
@@ -1,33 +0,0 @@
-From 0556b44eabdc9be59eb4fb4a72fc4e644b657ea1 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 12 Nov 2018 12:51:55 +0100
-Subject: [PATCH 04/15] compat: support with-smartcard-lock-on-removal
- (--smartcardaction=0)
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/110
----
- src/compat/authcompat.py.in.in | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index accb3385ade908c07451ee4824d6b62b012ea317..666dcd0df57962a789a8882c26535d95d3e75cf2 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -556,6 +556,13 @@ class AuthCompat:
- while feature in features:
- features.remove(feature)
-
-+ # Add lock-on-smartcard-removal if requested
-+ if self.options.isset("smartcardaction"):
-+ if int(self.options.get("smartcardaction")) == 0:
-+ features.append("with-smartcard-lock-on-removal")
-+ else:
-+ features.remove("with-smartcard-lock-on-removal")
-+
- # Remove duplicates. The order is not kept but that does not matter.
- features = list(set(features))
-
---
-2.17.2
-
diff --git a/SOURCES/0023-profiles-mention-pam_oddjob_mkhomedir-in-requirement.patch b/SOURCES/0023-profiles-mention-pam_oddjob_mkhomedir-in-requirement.patch
deleted file mode 100644
index a78db77..0000000
--- a/SOURCES/0023-profiles-mention-pam_oddjob_mkhomedir-in-requirement.patch
+++ /dev/null
@@ -1,58 +0,0 @@
-From 5f1615d85c038b98b631d808c70e3557264b8a56 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 12 Nov 2018 13:05:50 +0100
-Subject: [PATCH 05/15] profiles: mention pam_oddjob_mkhomedir in requirements
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/111
----
- profiles/nis/REQUIREMENTS | 3 ++-
- profiles/sssd/REQUIREMENTS | 3 ++-
- profiles/winbind/REQUIREMENTS | 3 ++-
- 3 files changed, 6 insertions(+), 3 deletions(-)
-
-diff --git a/profiles/nis/REQUIREMENTS b/profiles/nis/REQUIREMENTS
-index 920d57eb1374633776c379eea75d8a9632abe4b3..12b5879e8530a8c0bc3dfb4dc3c29dc38c4dcc07 100644
---- a/profiles/nis/REQUIREMENTS
-+++ b/profiles/nis/REQUIREMENTS
-@@ -2,6 +2,7 @@ Make sure that NIS service is configured and enabled. See NIS documentation for
- {include if "with-fingerprint"}
- - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"}
- {include if "with-mkhomedir"}
--- with-mkhomedir is selected, make sure oddjobd service is enabled {include if "with-mkhomedir"}
-+- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"}
-+ is present and oddjobd service is enabled {include if "with-mkhomedir"}
- - systemctl enable oddjobd.service {include if "with-mkhomedir"}
- - systemctl start oddjobd.service {include if "with-mkhomedir"}
-\ No newline at end of file
-diff --git a/profiles/sssd/REQUIREMENTS b/profiles/sssd/REQUIREMENTS
-index 2516ac35796cd4b38842b2269938b37aea7a845c..7fcfed9cccae346faa0f4dace1873a772453ddc0 100644
---- a/profiles/sssd/REQUIREMENTS
-+++ b/profiles/sssd/REQUIREMENTS
-@@ -5,6 +5,7 @@ Make sure that SSSD service is configured and enabled. See SSSD documentation fo
- {include if "with-fingerprint"}
- - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"}
- {include if "with-mkhomedir"}
--- with-mkhomedir is selected, make sure oddjobd service is enabled {include if "with-mkhomedir"}
-+- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"}
-+ is present and oddjobd service is enabled {include if "with-mkhomedir"}
- - systemctl enable oddjobd.service {include if "with-mkhomedir"}
- - systemctl start oddjobd.service {include if "with-mkhomedir"}
-\ No newline at end of file
-diff --git a/profiles/winbind/REQUIREMENTS b/profiles/winbind/REQUIREMENTS
-index f3bad76114c6ae996e62d4088dc7d70113d12fe6..786538caf83104d114820f56516bf3e68dce86fe 100644
---- a/profiles/winbind/REQUIREMENTS
-+++ b/profiles/winbind/REQUIREMENTS
-@@ -2,6 +2,7 @@ Make sure that winbind service is configured and enabled. See winbind documentat
- {include if "with-fingerprint"}
- - with-fingerprint is selected, make sure fprintd service is configured and enabled {include if "with-fingerprint"}
- {include if "with-mkhomedir"}
--- with-mkhomedir is selected, make sure oddjobd service is enabled {include if "with-mkhomedir"}
-+- with-mkhomedir is selected, make sure pam_oddjob_mkhomedir module {include if "with-mkhomedir"}
-+ is present and oddjobd service is enabled {include if "with-mkhomedir"}
- - systemctl enable oddjobd.service {include if "with-mkhomedir"}
- - systemctl start oddjobd.service {include if "with-mkhomedir"}
-\ No newline at end of file
---
-2.17.2
-
diff --git a/SOURCES/0024-lib-fix-memory-leak-in-authselect_profile_free.patch b/SOURCES/0024-lib-fix-memory-leak-in-authselect_profile_free.patch
deleted file mode 100644
index 291bbcb..0000000
--- a/SOURCES/0024-lib-fix-memory-leak-in-authselect_profile_free.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From 6445037ae9ba55abd1bd7ca2f0028081c26c0b16 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 20 Nov 2018 12:18:49 +0100
-Subject: [PATCH 06/15] lib: fix memory leak in authselect_profile_free
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/116
----
- src/lib/authselect_profile.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/lib/authselect_profile.c b/src/lib/authselect_profile.c
-index 6f949a4ef6fb4159f89038a9cd705de475b5cf22..8a12a082802fbc4f3c8cb3af7379ad26372dcc0c 100644
---- a/src/lib/authselect_profile.c
-+++ b/src/lib/authselect_profile.c
-@@ -130,6 +130,10 @@ authselect_profile_free(struct authselect_profile *profile)
- free(profile->path);
- }
-
-+ if (profile->name != NULL) {
-+ free(profile->name);
-+ }
-+
- if (profile->description != NULL) {
- free(profile->description);
- }
---
-2.17.2
-
diff --git a/SOURCES/0025-lib-fix-memory-leak-in-authselect_config_validate_ex.patch b/SOURCES/0025-lib-fix-memory-leak-in-authselect_config_validate_ex.patch
deleted file mode 100644
index 6523748..0000000
--- a/SOURCES/0025-lib-fix-memory-leak-in-authselect_config_validate_ex.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 91f35e84a9051b709fb7cf1b0ec02a8434258dd9 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 20 Nov 2018 12:25:01 +0100
-Subject: [PATCH 07/15] lib: fix memory leak in
- authselect_config_validate_existing
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/115
----
- src/lib/files/config.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/lib/files/config.c b/src/lib/files/config.c
-index 14434a819acc0bf3246c51be7090133d868a9571..e2859b04d3aeb40d510c0e87dc251adb1ff38b47 100644
---- a/src/lib/files/config.c
-+++ b/src/lib/files/config.c
-@@ -201,6 +201,8 @@ authselect_config_validate_existing(const char *profile_id,
- /* Check that symlinks exist and point to generated files. */
- result &= authselect_symlinks_validate();
-
-+ authselect_files_free(files);
-+
- return result;
- }
-
---
-2.17.2
-
diff --git a/SOURCES/0026-profiles-make-session-pam_systemd-required.patch b/SOURCES/0026-profiles-make-session-pam_systemd-required.patch
deleted file mode 100644
index 4c3d538..0000000
--- a/SOURCES/0026-profiles-make-session-pam_systemd-required.patch
+++ /dev/null
@@ -1,157 +0,0 @@
-From de0168f1ebb871b80c2552f1ef8dd8f145dacf29 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 20 Nov 2018 13:07:19 +0100
-Subject: [PATCH 08/15] profiles: make session pam_systemd required
-
-There was a time when pam_systemd was optional but today
-if pam_systemd fails to register a session it's catastrophic
-and we should just fail the whole pam conversation.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/118
----
- profiles/nis/fingerprint-auth | 2 +-
- profiles/nis/password-auth | 2 +-
- profiles/nis/system-auth | 2 +-
- profiles/sssd/fingerprint-auth | 2 +-
- profiles/sssd/password-auth | 2 +-
- profiles/sssd/smartcard-auth | 2 +-
- profiles/sssd/system-auth | 2 +-
- profiles/winbind/fingerprint-auth | 2 +-
- profiles/winbind/password-auth | 2 +-
- profiles/winbind/system-auth | 2 +-
- 10 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
-index 278487b2a0f9ce103afebb0809ffffa2cfbbba7e..dc9e53ba28974eb75828220d9b80d626106b9652 100644
---- a/profiles/nis/fingerprint-auth
-+++ b/profiles/nis/fingerprint-auth
-@@ -17,7 +17,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 615544d16f7fc8551cb06a221825526f12cbfc64..d22dcef9529ca51a1812ae0733b543d13f6ae235 100644
---- a/profiles/nis/password-auth
-+++ b/profiles/nis/password-auth
-@@ -20,7 +20,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index a41828d8972537b1b24d0ff21cd52976fba6646d..d394d3e1200755d2233d4f86e3866620539fc18d 100644
---- a/profiles/nis/system-auth
-+++ b/profiles/nis/system-auth
-@@ -21,7 +21,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index 01b70f3533149d00700859f3e0a1c3f2abb33a8a..3bdaf3e71ba7afc66864f9c2acbf584c0b77a82d 100644
---- a/profiles/sssd/fingerprint-auth
-+++ b/profiles/sssd/fingerprint-auth
-@@ -19,7 +19,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
-index 3205f261dd8c898baf292c252ebdb346fcb779bb..1e529184cdc04a94fb4f2b52f733cf6df73b7fda 100644
---- a/profiles/sssd/password-auth
-+++ b/profiles/sssd/password-auth
-@@ -26,7 +26,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
-index b16ba0f44ca4c896c1980a292cf78f12d7f2f06d..b89a23a111560877785c9d17fd65c0bfd3f3ae22 100644
---- a/profiles/sssd/smartcard-auth
-+++ b/profiles/sssd/smartcard-auth
-@@ -16,7 +16,7 @@ account required pam_permit.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 982cada1f774e6d53dd75c9f5dbc0603337cd70b..22dba5b2d3db23855724ddb05528e5013c63c5af 100644
---- a/profiles/sssd/system-auth
-+++ b/profiles/sssd/system-auth
-@@ -29,7 +29,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
-index 0beff74eba83f12c4ad5a6147a6194608cd047e3..92649461564dd4e6f78f467dc1be455f29edfe08 100644
---- a/profiles/winbind/fingerprint-auth
-+++ b/profiles/winbind/fingerprint-auth
-@@ -18,7 +18,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
-index c984d817c537c48a358c644083a4f8979181dd1d..fb59e295c3a220acfdf633f69a0204328150a5c3 100644
---- a/profiles/winbind/password-auth
-+++ b/profiles/winbind/password-auth
-@@ -23,7 +23,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
-index 33dc491c2125c7fe06d6475369f1654a900c7050..bb75c327db3315c22a22f375a5cc633e33c30c19 100644
---- a/profiles/winbind/system-auth
-+++ b/profiles/winbind/system-auth
-@@ -24,7 +24,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
---session optional pam_systemd.so
-+session required pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
---
-2.17.2
-
diff --git a/SOURCES/0027-lib-add-authselect_profile_features-to-list-supporte.patch b/SOURCES/0027-lib-add-authselect_profile_features-to-list-supporte.patch
deleted file mode 100644
index 55446ad..0000000
--- a/SOURCES/0027-lib-add-authselect_profile_features-to-list-supporte.patch
+++ /dev/null
@@ -1,305 +0,0 @@
-From 3935dd9f2ac3aab9027783e45f499401476f52cd Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 19 Nov 2018 15:04:42 +0100
-Subject: [PATCH 09/15] lib: add authselect_profile_features to list supported
- features
-
-The feature list is automatically obtained from profile's template files.
-
-Related to:
-https://github.com/pbrezina/authselect/issues/107
----
- include/authselect.h | 12 +++++
- src/lib/authselect_profile.c | 51 ++++++++++++++++++++++
- src/lib/util/string_array.c | 36 +++++++++++++++
- src/lib/util/string_array.h | 20 +++++++++
- src/lib/util/template.c | 85 ++++++++++++++++++++++++++++++++++--
- src/lib/util/template.h | 11 +++++
- 6 files changed, 211 insertions(+), 4 deletions(-)
-
-diff --git a/include/authselect.h b/include/authselect.h
-index d52d460e38132cf81e8a03b88a530c634a2c8937..462f54291e8283d5778005ac1747dd03258584be 100644
---- a/include/authselect.h
-+++ b/include/authselect.h
-@@ -273,6 +273,18 @@ char **
- authselect_profile_nsswitch_maps(const struct authselect_profile *profile,
- const char **features);
-
-+/**
-+ * List features supported by the profile.
-+ *
-+ * It is necessary to free the returned pointer with @authselect_array_free.
-+ *
-+ * @param profile Pointer to structure obtained by @authselect_profile.
-+ *
-+ * @return NULL-terminated array of supported features, NULL on error.
-+ */
-+char **
-+authselect_profile_features(const struct authselect_profile *profile);
-+
- /**
- * Free authconfig_profile structure obtained by @authselect_profile.
- *
-diff --git a/src/lib/authselect_profile.c b/src/lib/authselect_profile.c
-index 8a12a082802fbc4f3c8cb3af7379ad26372dcc0c..d0cf17b8b7a414a41427c88039687725dcf1a560 100644
---- a/src/lib/authselect_profile.c
-+++ b/src/lib/authselect_profile.c
-@@ -115,6 +115,57 @@ authselect_profile_nsswitch_maps(const struct authselect_profile *profile,
- return maps;
- }
-
-+_PUBLIC_ char **
-+authselect_profile_features(const struct authselect_profile *profile)
-+{
-+ char **features;
-+ char **array;
-+ errno_t ret;
-+ int i;
-+
-+ if (profile == NULL) {
-+ return NULL;
-+ }
-+
-+ features = string_array_create(10);
-+ if (features == NULL) {
-+ ERROR("Unable to create array (out of memory)");
-+ return NULL;
-+ }
-+
-+ struct authselect_generated files[] = PROFILE_FILES(profile->files);
-+
-+ for (i = 0; files[i].path != NULL; i++) {
-+ array = template_list_features(files[i].content);
-+ if (array == NULL) {
-+ ERROR("Unable to obtain feature list (out of memory)");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ features = string_array_concat(features, array, true);
-+ string_array_free(array);
-+
-+ if (features == NULL) {
-+ ERROR("Unable to obtain feature list (out of memory)");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ }
-+
-+ string_array_sort(features);
-+
-+ ret = EOK;
-+
-+done:
-+ if (ret != EOK) {
-+ string_array_free(features);
-+ return NULL;
-+ }
-+
-+ return features;
-+}
-+
- _PUBLIC_ void
- authselect_profile_free(struct authselect_profile *profile)
- {
-diff --git a/src/lib/util/string_array.c b/src/lib/util/string_array.c
-index a074e23ee504792da7f1a9262e15c549de5747d3..43e30d0008b5709f97da9c43f8f2c28ef2475df5 100644
---- a/src/lib/util/string_array.c
-+++ b/src/lib/util/string_array.c
-@@ -159,3 +159,39 @@ string_array_del_value(char **array, const char *value)
-
- return array;
- }
-+
-+char **
-+string_array_concat(char **to, char **items, bool unique)
-+{
-+ int i;
-+
-+ if (items == NULL) {
-+ return to;
-+ }
-+
-+ for (i = 0; items[i] != NULL; i++) {
-+ to = string_array_add_value(to, items[i], unique);
-+ if (to == NULL) {
-+ return NULL;
-+ }
-+ }
-+
-+ return to;
-+}
-+
-+static int
-+string_array_sort_callback(const void *a, const void *b)
-+{
-+ return strcmp(*(char* const*)a, *(char* const*)b);
-+}
-+
-+void
-+string_array_sort(char **array)
-+{
-+ if (array == NULL) {
-+ return;
-+ }
-+
-+ qsort(array, string_array_count(array), sizeof(char *),
-+ string_array_sort_callback);
-+}
-diff --git a/src/lib/util/string_array.h b/src/lib/util/string_array.h
-index 9545685b2553228a109ab51e7c6a0fd16698fa3e..06aa46c008058163e5557d51e18258fa4e9a1523 100644
---- a/src/lib/util/string_array.h
-+++ b/src/lib/util/string_array.h
-@@ -118,4 +118,24 @@ string_array_add_value(char **array, const char *value, bool unique);
- char **
- string_array_del_value(char **array, const char *value);
-
-+/**
-+ * Concatenate two array. Array @items values will be appended to arra @to.
-+ *
-+ * @param to NULL-terminated destination array.
-+ * @param items NULL-terminated array to be appended into @to.
-+ * @param unique If true, value will not be added if it is already present.
-+ *
-+ * @return Array or NULL if reallocation fails.
-+ */
-+char **
-+string_array_concat(char **to, char **items, bool unique);
-+
-+/**
-+ * Alphabetically sort a NULL-terminated string array.
-+ *
-+ * @param array NULL-terminated string array.
-+ */
-+void
-+string_array_sort(char **array);
-+
- #endif /* _STRING_ARRAY_H_ */
-diff --git a/src/lib/util/template.c b/src/lib/util/template.c
-index e38d1d7f1db2c90f1281e97f3ebbdd9d9d1a935d..fb373c0fd83e04c6c78d5f57d3d8e50e54c0377b 100644
---- a/src/lib/util/template.c
-+++ b/src/lib/util/template.c
-@@ -325,10 +325,27 @@ template_process_matches(const char *match_string,
- return ret;
- }
-
-- *_op = op;
-- *_feature = feature;
-- *_if_true = if_true;
-- *_if_false = if_false;
-+ if (_op != NULL) {
-+ *_op = op;
-+ }
-+
-+ if (_feature != NULL) {
-+ *_feature = feature;
-+ } else {
-+ free(feature);
-+ }
-+
-+ if (_if_true != NULL) {
-+ *_if_true = if_true;
-+ } else {
-+ free(if_true);
-+ }
-+
-+ if (_if_false != NULL) {
-+ *_if_false = if_false;
-+ } else {
-+ free(if_false);
-+ }
-
- return EOK;
- }
-@@ -478,6 +495,66 @@ template_generate_preamble()
- return preamble;
- }
-
-+char **
-+template_list_features(const char *template)
-+{
-+ regmatch_t m[RE_MATCHES];
-+ const char *match_string;
-+ char **features;
-+ char *feature;
-+ regex_t regex;
-+ errno_t ret;
-+ int reret;
-+
-+ features = string_array_create(10);
-+ if (features == NULL) {
-+ return NULL;
-+ }
-+
-+ if (template == NULL) {
-+ return features;
-+ }
-+
-+ reret = regcomp(®ex, OP_RE, REG_EXTENDED | REG_NEWLINE);
-+ if (reret != REG_NOERROR) {
-+ ERROR("Unable to compile regular expression: regex error %d", reret);
-+ ret = EFAULT;
-+ goto done;
-+ }
-+
-+ match_string = template;
-+ while ((reret = regexec(®ex, match_string, RE_MATCHES, m, 0)) == REG_NOERROR) {
-+ ret = template_process_matches(match_string, m, NULL, &feature,
-+ NULL, NULL);
-+ if (ret != EOK) {
-+ ERROR("Unable to process match [%d]: %s", ret, strerror(ret));
-+ goto done;
-+ }
-+
-+ features = string_array_add_value(features, feature, true);
-+ free(feature);
-+
-+ match_string += m[0].rm_eo;
-+ }
-+
-+ if (reret != REG_NOMATCH) {
-+ ERROR("Unable to search string: regex error %d", reret);
-+ ret = EFAULT;
-+ goto done;
-+ }
-+
-+ ret = EOK;
-+
-+done:
-+ if (ret != EOK) {
-+ string_array_free(features);
-+ return NULL;
-+ }
-+
-+ regfree(®ex);
-+ return features;
-+}
-+
- errno_t
- template_write(const char *filepath,
- const char *content,
-diff --git a/src/lib/util/template.h b/src/lib/util/template.h
-index 57e076c257a8cdcbc9c2c8f4f5266b4c21f27941..1c412dcf15a7f0d5a5897b78b8b52ff67b7c3f95 100644
---- a/src/lib/util/template.h
-+++ b/src/lib/util/template.h
-@@ -37,6 +37,17 @@ char *
- template_generate(const char *template,
- const char **features);
-
-+/**
-+ * Find all features available withint the @template and return them in
-+ * NULL-terminated array.
-+ *
-+ * @param template Template.
-+ *
-+ * @return List of features in NULL-terminated array or NULL on error.
-+ */
-+char **
-+template_list_features(const char *template);
-+
- /**
- * Write generated file preamble together with its content to a file.
- * If the file does not exist, it is created, otherwise its content
---
-2.17.2
-
diff --git a/SOURCES/0028-lib-refuse-to-activate-profile-if-unsupported-featur.patch b/SOURCES/0028-lib-refuse-to-activate-profile-if-unsupported-featur.patch
deleted file mode 100644
index deae9a0..0000000
--- a/SOURCES/0028-lib-refuse-to-activate-profile-if-unsupported-featur.patch
+++ /dev/null
@@ -1,239 +0,0 @@
-From 85bbc387c3f7bcfd094b78e2fc2779e27aca348f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 20 Nov 2018 11:56:09 +0100
-Subject: [PATCH 10/15] lib: refuse to activate profile if unsupported feature
- was selected
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/107
----
- include/authselect.h | 1 +
- src/lib/authselect.c | 44 +++++++++++++++++++++++++++++++++++++
- src/lib/util/string.c | 40 +++++++++++++++++++++++++++++++++
- src/lib/util/string.h | 6 +++++
- src/lib/util/string_array.c | 30 +++++++++++++++++++++++++
- src/lib/util/string_array.h | 15 +++++++++++++
- src/tests/Makefile.am | 1 +
- 7 files changed, 137 insertions(+)
-
-diff --git a/include/authselect.h b/include/authselect.h
-index 462f54291e8283d5778005ac1747dd03258584be..110f22a864157f898541be573e800ed7d6c38e0a 100644
---- a/include/authselect.h
-+++ b/include/authselect.h
-@@ -70,6 +70,7 @@ enum authselect_profile_type {
- * authselect and @force_overwrite must be set to true to force
- * overwrite the existing files.
- * - ENOENT if the profile was not found.
-+ * - EINVAL if unsupported feature was provided.
- * - Other errno code on generic error.
- */
- int
-diff --git a/src/lib/authselect.c b/src/lib/authselect.c
-index 3148f63b60534480b05b1ddb5587e4ed09aaa84a..1b4337e2e0eae4f298e59f90cc9c8659891e23f3 100644
---- a/src/lib/authselect.c
-+++ b/src/lib/authselect.c
-@@ -29,6 +29,45 @@
- #include "lib/files/files.h"
- #include "lib/profiles/profiles.h"
-
-+static bool
-+authselect_check_features(const struct authselect_profile *profile,
-+ const char **features)
-+{
-+ const char *similar;
-+ bool result = true;
-+ char **supported;
-+ int i;
-+
-+ if (features == NULL) {
-+ return true;
-+ }
-+
-+ supported = authselect_profile_features(profile);
-+ if (supported == NULL) {
-+ ERROR("Unable to obtain supported features");
-+ return false;
-+ }
-+
-+ for (i = 0; features[i] != NULL; i++) {
-+ if (string_array_has_value(supported, features[i])) {
-+ continue;
-+ }
-+
-+ result = false;
-+ similar = string_array_find_similar(features[i], supported, 5);
-+ if (similar != NULL) {
-+ ERROR("Unknown profile feature [%s], did you mean [%s]?",
-+ features[i], similar);
-+ } else {
-+ ERROR("Unknown profile feature [%s]", features[i]);
-+ }
-+ }
-+
-+ string_array_free(supported);
-+
-+ return result;
-+}
-+
- _PUBLIC_ void
- authselect_set_debug_fn(authselect_debug_fn fn, void *pvt)
- {
-@@ -53,6 +92,11 @@ authselect_activate(const char *profile_id,
- return ret;
- }
-
-+ if (!authselect_check_features(profile, features)) {
-+ ret = EINVAL;
-+ goto done;
-+ }
-+
- if (force_overwrite) {
- INFO("Enforcing activation!");
- ret = authselect_profile_activate(profile, features);
-diff --git a/src/lib/util/string.c b/src/lib/util/string.c
-index 73ae778663bd8db024620a58987833ede60307d1..e6803bcd4e41adc05eaa623089009b17ccd4f49b 100644
---- a/src/lib/util/string.c
-+++ b/src/lib/util/string.c
-@@ -329,3 +329,43 @@ string_replace_shake(char *str, size_t original_length)
- str[pos] = '\0';
- }
- }
-+
-+static int
-+min3(unsigned int a, unsigned int b, unsigned int c)
-+{
-+ if (a < b && a < c) {
-+ return a;
-+ } else if (b < a && b < c) {
-+ return b;
-+ }
-+
-+ return c;
-+}
-+
-+int
-+string_levenshtein(const char *a, const char *b)
-+{
-+ unsigned int len_a = strlen(a);
-+ unsigned int len_b = strlen(b);
-+ unsigned int x;
-+ unsigned int y;
-+ unsigned int last_diag;
-+ unsigned int old_diag;
-+ unsigned int column[len_a + 1];
-+
-+ for (y = 1; y <= len_a; y++) {
-+ column[y] = y;
-+ }
-+
-+ for (x = 1; x <= len_b; x++) {
-+ column[0] = x;
-+ for (y = 1, last_diag = x - 1; y <= len_a; y++) {
-+ old_diag = column[y];
-+ column[y] = min3(column[y] + 1, column[y - 1] + 1,
-+ last_diag + (a[y - 1] == b[x - 1] ? 0 : 1));
-+ last_diag = old_diag;
-+ }
-+ }
-+
-+ return column[len_a];
-+}
-diff --git a/src/lib/util/string.h b/src/lib/util/string.h
-index d7ca04491e5ceff20bd1d6e136ea151166156546..e550d853d3fa0699909b84cc9febdae9d5884b9f 100644
---- a/src/lib/util/string.h
-+++ b/src/lib/util/string.h
-@@ -179,4 +179,10 @@ string_remove_remainder(char *str, size_t from);
- void
- string_replace_shake(char *str, size_t original_length);
-
-+/**
-+ * Compute Levenshtein distance of two strings.
-+ */
-+int
-+string_levenshtein(const char *a, const char *b);
-+
- #endif /* _STRING_H_ */
-diff --git a/src/lib/util/string_array.c b/src/lib/util/string_array.c
-index 43e30d0008b5709f97da9c43f8f2c28ef2475df5..e56d66bdcce7c8a1cf99f9b91068614c4b8d3d81 100644
---- a/src/lib/util/string_array.c
-+++ b/src/lib/util/string_array.c
-@@ -25,6 +25,7 @@
-
- #include "common/common.h"
- #include "lib/util/string_array.h"
-+#include "lib/util/string.h"
-
- char **
- string_array_create(size_t num_items)
-@@ -195,3 +196,32 @@ string_array_sort(char **array)
- qsort(array, string_array_count(array), sizeof(char *),
- string_array_sort_callback);
- }
-+
-+const char *
-+string_array_find_similar(const char *value, char **array, int max_distance)
-+{
-+ const char *word = NULL;
-+ int current;
-+ int best;
-+ int i;
-+
-+ for (i = 0; array[i] != NULL; i++) {
-+ current = string_levenshtein(value, array[i]);
-+ if (word == NULL) {
-+ best = current;
-+ word = array[i];
-+ continue;
-+ }
-+
-+ if (current < best) {
-+ best = current;
-+ word = array[i];
-+ }
-+ }
-+
-+ if (best > max_distance) {
-+ return NULL;
-+ }
-+
-+ return word;
-+}
-diff --git a/src/lib/util/string_array.h b/src/lib/util/string_array.h
-index 06aa46c008058163e5557d51e18258fa4e9a1523..ba9760b5d66a9619ca8edea5e3418c5cfbbec929 100644
---- a/src/lib/util/string_array.h
-+++ b/src/lib/util/string_array.h
-@@ -138,4 +138,19 @@ string_array_concat(char **to, char **items, bool unique);
- void
- string_array_sort(char **array);
-
-+/**
-+ * Find similar word inside a NULL-terminated array, based on Levenshtein
-+ * distance algorithm.
-+ *
-+ * @param value Value to search in @array.
-+ * @param array NULL-terminated string array.
-+ * @param max_distance Maximum distance between two strings. If the real
-+ * distance is greater then this value, those string
-+ * are not considered as similar.
-+ *
-+ * @return Most similar word that was found or NULL if non was found.
-+ */
-+const char *
-+string_array_find_similar(const char *value, char **array, int max_distance);
-+
- #endif /* _STRING_ARRAY_H_ */
-diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
-index 1cfebeab6bf3b36e760372b05482fd9f322feab1..e1505e6b5787a669065e5ea3c7acf55ea110c4da 100644
---- a/src/tests/Makefile.am
-+++ b/src/tests/Makefile.am
-@@ -23,6 +23,7 @@ check_PROGRAMS = $(TESTS)
- test_util_string_array_SOURCES = \
- test_util_string_array.c \
- ../lib/util/string_array.c \
-+ ../lib/util/string.c \
- $(NULL)
- test_util_string_array_CFLAGS = \
- $(AM_CFLAGS)
---
-2.17.2
-
diff --git a/SOURCES/0029-lib-remove-no-longer-supported-features-in-apply-cha.patch b/SOURCES/0029-lib-remove-no-longer-supported-features-in-apply-cha.patch
deleted file mode 100644
index 13e2133..0000000
--- a/SOURCES/0029-lib-remove-no-longer-supported-features-in-apply-cha.patch
+++ /dev/null
@@ -1,69 +0,0 @@
-From 62746460cce0620a8f2150971019f0c535caa360 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 20 Nov 2018 12:07:22 +0100
-Subject: [PATCH 11/15] lib: remove no longer supported features in
- apply-changes
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/107
----
- src/lib/authselect.c | 32 ++++++++++++++++++++++++++++++++
- 1 file changed, 32 insertions(+)
-
-diff --git a/src/lib/authselect.c b/src/lib/authselect.c
-index 1b4337e2e0eae4f298e59f90cc9c8659891e23f3..e0b8b1246b0e7139494d90cca4e0ebed3eb66376 100644
---- a/src/lib/authselect.c
-+++ b/src/lib/authselect.c
-@@ -145,17 +145,49 @@ done:
- _PUBLIC_ int
- authselect_apply_changes(void)
- {
-+ struct authselect_profile *profile;
- char *profile_id;
- char **features;
-+ char **supported;
- errno_t ret;
-+ int i;
-
- ret = authselect_current_configuration(&profile_id, &features);
- if (ret != EOK) {
- return ret;
- }
-
-+ ret = authselect_profile(profile_id, &profile);
-+ if (ret != EOK) {
-+ ERROR("Unable to find profile [%s] [%d]: %s",
-+ profile_id, ret, strerror(ret));
-+ goto done;
-+ }
-+
-+ supported = authselect_profile_features(profile);
-+ if (supported == NULL) {
-+ ERROR("Unable to obtain supported features");
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ for (i = 0; features[i] != NULL; i++) {
-+ if (string_array_has_value(supported, features[i])) {
-+ continue;
-+ }
-+
-+ WARN("Profile feature [%s] is no longer supported, removing it...",
-+ features[i]);
-+
-+ features = string_array_del_value(features, features[i]);
-+ i--;
-+ }
-+
- ret = authselect_activate(profile_id, (const char **)features, false);
-
-+done:
-+ authselect_profile_free(profile);
-+ string_array_free(supported);
- string_array_free(features);
- free(profile_id);
-
---
-2.17.2
-
diff --git a/SOURCES/0030-compat-write-to-sysconfig-after-all-changes-are-done.patch b/SOURCES/0030-compat-write-to-sysconfig-after-all-changes-are-done.patch
deleted file mode 100644
index 9fee909..0000000
--- a/SOURCES/0030-compat-write-to-sysconfig-after-all-changes-are-done.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 644b46d3f301ac1b237818b8dc59f178c8fe14fe Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Sat, 24 Nov 2018 13:01:28 +0100
-Subject: [PATCH 12/15] compat: write to sysconfig after all changes are done
-
-Before this patch we were writing to sysconfig before we check that
-authconfig is run as root. This produce following traceback:
-
-Truncated backtrace:
-authcompat_EnvironmentFile.py:77:write:PermissionError: [Errno 13] Permission denied: '/etc/sysconfig/authconfig'
-
-Traceback (most recent call last):
- File "/usr/sbin/authconfig", line 650, in <module>
- main()
- File "/usr/sbin/authconfig", line 629, in main
- authcompat = AuthCompat()
- File "/usr/sbin/authconfig", line 463, in __init__
- self.sysconfig.write()
- File "/usr/lib/python3.7/site-packages/authselect/authcompat_EnvironmentFile.py", line 77, in write
- with open(self.filename, "w") as f:
-PermissionError: [Errno 13] Permission denied: '/etc/sysconfig/authconfig'
-
-Now we write to sysconfig after writing all changes.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/119
----
- src/compat/authcompat.py.in.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
-index 666dcd0df57962a789a8882c26535d95d3e75cf2..e4b8c05c6a11a215529ba66f8b36b72a6ac18448 100755
---- a/src/compat/authcompat.py.in.in
-+++ b/src/compat/authcompat.py.in.in
-@@ -460,7 +460,6 @@ class AuthCompat:
- self.options.parse()
- self.options.applysysconfig(self.sysconfig)
- self.options.updatesysconfig(self.sysconfig)
-- self.sysconfig.write()
-
- def printWarning(self):
- print(_("Running authconfig compatibility tool."))
-@@ -646,6 +645,7 @@ def main():
- try:
- authcompat.runAuthselect()
- authcompat.writeConfiguration()
-+ authcompat.sysconfig.write()
- except subprocess.CalledProcessError as result:
- eprint(_("Command [%s] failed with %d, stderr:")
- % (' '.join(result.cmd), result.returncode))
---
-2.17.2
-
diff --git a/SOURCES/0031-util-remove-duplicate-values-correctly-in-string_arr.patch b/SOURCES/0031-util-remove-duplicate-values-correctly-in-string_arr.patch
deleted file mode 100644
index a501665..0000000
--- a/SOURCES/0031-util-remove-duplicate-values-correctly-in-string_arr.patch
+++ /dev/null
@@ -1,222 +0,0 @@
-From 85933ccfa7a1068f16fde557fe825c750899659a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 28 Nov 2018 13:45:33 +0100
-Subject: [PATCH 13/15] util: remove duplicate values correctly in
- string_array_del_value
-
----
- src/lib/util/string_array.c | 27 ++++--
- src/tests/test_util_string_array.c | 146 ++++++++++++++++++++++++++++-
- 2 files changed, 163 insertions(+), 10 deletions(-)
-
-diff --git a/src/lib/util/string_array.c b/src/lib/util/string_array.c
-index e56d66bdcce7c8a1cf99f9b91068614c4b8d3d81..a8afa5ab8edbb26d6f946619f9ce0b83c511bb8c 100644
---- a/src/lib/util/string_array.c
-+++ b/src/lib/util/string_array.c
-@@ -140,24 +140,33 @@ string_array_add_value(char **array, const char *value, bool unique)
- char **
- string_array_del_value(char **array, const char *value)
- {
-- bool found = false;
-- int i;
-+ size_t count;
-+ size_t pos;
-+ size_t i;
-
-- if (!string_array_has_value(array, value)) {
-- return array;
-+ if (array == NULL) {
-+ return NULL;
- }
-
-- for (i = 0; array[i] != NULL; i++) {
-- if (strcmp(value, array[i]) == 0) {
-+ count = string_array_count(array);
-+ for (i = 0; i < count; i++) {
-+ if (strcmp(array[i], value) == 0) {
- free(array[i]);
-- found = true;
-+ array[i] = NULL;
- }
-+ }
-
-- if (found) {
-- array[i] = array[i + 1];
-+ for (i = 0, pos = 0; i < count; i++) {
-+ if (array[i] != NULL) {
-+ array[pos] = array[i];
-+ pos++;
- }
- }
-
-+ for (; pos < count; pos++) {
-+ array[pos] = NULL;
-+ }
-+
- return array;
- }
-
-diff --git a/src/tests/test_util_string_array.c b/src/tests/test_util_string_array.c
-index 4f6812e9396f04bbbfb72bda8a9022501f074faf..249cb96acea3c4feac910702572cafb1025d9496 100644
---- a/src/tests/test_util_string_array.c
-+++ b/src/tests/test_util_string_array.c
-@@ -32,11 +32,155 @@ void test_string_array_create(void **state)
- string_array_free(array);
- }
-
-+void test_string_array_del_value__single(void **state)
-+{
-+ char **array;
-+ const char *values[] = {"1", "2", "3", "4", "5", NULL};
-+ const char *expected[] = {"1", "3", "4", "5", NULL};
-+ int i;
-+
-+ array = string_array_create(10);
-+ assert_non_null(array);
-+
-+ /* Fill array. */
-+ for (i = 0; values[i] != NULL; i++) {
-+ array = string_array_add_value(array, values[i], false);
-+ assert_non_null(array);
-+ assert_non_null(array[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ /* Delete value. */
-+ array = string_array_del_value(array, "2");
-+ assert_non_null(array);
-+
-+ /* Test values. */
-+ for (i = 0; expected[i] != NULL; i++) {
-+ assert_non_null(array[i]);
-+ assert_string_equal(array[i], expected[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ string_array_free(array);
-+}
-+
-+void test_string_array_del_value__single_repeated(void **state)
-+{
-+ char **array;
-+ const char *values[] = {"1", "2", "2", "3", "2", "4", "2", "5", NULL};
-+ const char *expected[] = {"1", "3", "4", "5", NULL};
-+ int i;
-+
-+ array = string_array_create(10);
-+ assert_non_null(array);
-+
-+ /* Fill array. */
-+ for (i = 0; values[i] != NULL; i++) {
-+ array = string_array_add_value(array, values[i], false);
-+ assert_non_null(array);
-+ assert_non_null(array[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ /* Delete value. */
-+ array = string_array_del_value(array, "2");
-+ assert_non_null(array);
-+
-+ /* Test values. */
-+ for (i = 0; expected[i] != NULL; i++) {
-+ assert_non_null(array[i]);
-+ assert_string_equal(array[i], expected[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ string_array_free(array);
-+}
-+
-+void test_string_array_del_value__multiple(void **state)
-+{
-+ char **array;
-+ const char *values[] = {"1", "2", "3", "4", "5", NULL};
-+ const char *expected[] = {"1", "4", NULL};
-+ int i;
-+
-+ array = string_array_create(10);
-+ assert_non_null(array);
-+
-+ /* Fill array. */
-+ for (i = 0; values[i] != NULL; i++) {
-+ array = string_array_add_value(array, values[i], false);
-+ assert_non_null(array);
-+ assert_non_null(array[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ /* Delete value. */
-+ array = string_array_del_value(array, "2");
-+ assert_non_null(array);
-+
-+ array = string_array_del_value(array, "3");
-+ assert_non_null(array);
-+
-+ array = string_array_del_value(array, "5");
-+ assert_non_null(array);
-+
-+ /* Test values. */
-+ for (i = 0; expected[i] != NULL; i++) {
-+ assert_non_null(array[i]);
-+ assert_string_equal(array[i], expected[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ string_array_free(array);
-+}
-+
-+void test_string_array_del_value__multiple_repeated(void **state)
-+{
-+ char **array;
-+ const char *values[] = {"1", "2", "2", "3", "3", "2", "4", "2", "5", "5", NULL};
-+ const char *expected[] = {"1", "4", NULL};
-+ int i;
-+
-+ array = string_array_create(10);
-+ assert_non_null(array);
-+
-+ /* Fill array. */
-+ for (i = 0; values[i] != NULL; i++) {
-+ array = string_array_add_value(array, values[i], false);
-+ assert_non_null(array);
-+ assert_non_null(array[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ /* Delete value. */
-+ array = string_array_del_value(array, "2");
-+ assert_non_null(array);
-+
-+ array = string_array_del_value(array, "3");
-+ assert_non_null(array);
-+
-+ array = string_array_del_value(array, "5");
-+ assert_non_null(array);
-+
-+ /* Test values. */
-+ for (i = 0; expected[i] != NULL; i++) {
-+ assert_non_null(array[i]);
-+ assert_string_equal(array[i], expected[i]);
-+ }
-+ assert_null(array[i]);
-+
-+ string_array_free(array);
-+}
-+
- int main(int argc, const char *argv[])
- {
-
- const struct CMUnitTest tests[] = {
-- cmocka_unit_test(test_string_array_create)
-+ cmocka_unit_test(test_string_array_create),
-+ cmocka_unit_test(test_string_array_del_value__single),
-+ cmocka_unit_test(test_string_array_del_value__single_repeated),
-+ cmocka_unit_test(test_string_array_del_value__multiple),
-+ cmocka_unit_test(test_string_array_del_value__multiple_repeated)
- };
-
- return cmocka_run_group_tests(tests, NULL, NULL);
---
-2.17.2
-
diff --git a/SOURCES/0032-util-do-not-return-value-from-string_array_del_value.patch b/SOURCES/0032-util-do-not-return-value-from-string_array_del_value.patch
deleted file mode 100644
index 7112b92..0000000
--- a/SOURCES/0032-util-do-not-return-value-from-string_array_del_value.patch
+++ /dev/null
@@ -1,150 +0,0 @@
-From 67b5d7778cad682bf8046973900caf2fa3353d0e Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 28 Nov 2018 13:59:51 +0100
-Subject: [PATCH 14/15] util: do not return value from string_array_del_value
-
-It is not needed.
----
- src/lib/authselect.c | 9 ++-------
- src/lib/util/string_array.c | 6 +++---
- src/lib/util/string_array.h | 2 +-
- src/tests/test_util_string_array.c | 28 ++++++++--------------------
- 4 files changed, 14 insertions(+), 31 deletions(-)
-
-diff --git a/src/lib/authselect.c b/src/lib/authselect.c
-index e0b8b1246b0e7139494d90cca4e0ebed3eb66376..0f8d4a8b6d0b0faef81daf176486108ed0ea74db 100644
---- a/src/lib/authselect.c
-+++ b/src/lib/authselect.c
-@@ -179,7 +179,7 @@ authselect_apply_changes(void)
- WARN("Profile feature [%s] is no longer supported, removing it...",
- features[i]);
-
-- features = string_array_del_value(features, features[i]);
-+ string_array_del_value(features, features[i]);
- i--;
- }
-
-@@ -247,15 +247,10 @@ authselect_feature_disable(const char *feature)
- return ret;
- }
-
-- features = string_array_del_value(features, feature);
-- if (features == NULL) {
-- ret = ENOMEM;
-- goto done;
-- }
-+ string_array_del_value(features, feature);
-
- ret = authselect_activate(profile_id, (const char **)features, false);
-
--done:
- string_array_free(features);
- free(profile_id);
-
-diff --git a/src/lib/util/string_array.c b/src/lib/util/string_array.c
-index a8afa5ab8edbb26d6f946619f9ce0b83c511bb8c..e8871dc067fbf3d461d1ee9579813ddc81eef676 100644
---- a/src/lib/util/string_array.c
-+++ b/src/lib/util/string_array.c
-@@ -137,7 +137,7 @@ string_array_add_value(char **array, const char *value, bool unique)
- return string_array_add_value_safe(array, value, strlen(value), unique);
- }
-
--char **
-+void
- string_array_del_value(char **array, const char *value)
- {
- size_t count;
-@@ -145,7 +145,7 @@ string_array_del_value(char **array, const char *value)
- size_t i;
-
- if (array == NULL) {
-- return NULL;
-+ return;
- }
-
- count = string_array_count(array);
-@@ -167,7 +167,7 @@ string_array_del_value(char **array, const char *value)
- array[pos] = NULL;
- }
-
-- return array;
-+ return;
- }
-
- char **
-diff --git a/src/lib/util/string_array.h b/src/lib/util/string_array.h
-index ba9760b5d66a9619ca8edea5e3418c5cfbbec929..5842db174563982528e20354138ef5792346fb37 100644
---- a/src/lib/util/string_array.h
-+++ b/src/lib/util/string_array.h
-@@ -115,7 +115,7 @@ string_array_add_value(char **array, const char *value, bool unique);
- *
- * @return Array without the value.
- */
--char **
-+void
- string_array_del_value(char **array, const char *value);
-
- /**
-diff --git a/src/tests/test_util_string_array.c b/src/tests/test_util_string_array.c
-index 249cb96acea3c4feac910702572cafb1025d9496..ad76f8b190b823210b5e30ae828dce6518596e3b 100644
---- a/src/tests/test_util_string_array.c
-+++ b/src/tests/test_util_string_array.c
-@@ -51,8 +51,7 @@ void test_string_array_del_value__single(void **state)
- assert_null(array[i]);
-
- /* Delete value. */
-- array = string_array_del_value(array, "2");
-- assert_non_null(array);
-+ string_array_del_value(array, "2");
-
- /* Test values. */
- for (i = 0; expected[i] != NULL; i++) {
-@@ -83,8 +82,7 @@ void test_string_array_del_value__single_repeated(void **state)
- assert_null(array[i]);
-
- /* Delete value. */
-- array = string_array_del_value(array, "2");
-- assert_non_null(array);
-+ string_array_del_value(array, "2");
-
- /* Test values. */
- for (i = 0; expected[i] != NULL; i++) {
-@@ -115,14 +113,9 @@ void test_string_array_del_value__multiple(void **state)
- assert_null(array[i]);
-
- /* Delete value. */
-- array = string_array_del_value(array, "2");
-- assert_non_null(array);
--
-- array = string_array_del_value(array, "3");
-- assert_non_null(array);
--
-- array = string_array_del_value(array, "5");
-- assert_non_null(array);
-+ string_array_del_value(array, "2");
-+ string_array_del_value(array, "3");
-+ string_array_del_value(array, "5");
-
- /* Test values. */
- for (i = 0; expected[i] != NULL; i++) {
-@@ -153,14 +146,9 @@ void test_string_array_del_value__multiple_repeated(void **state)
- assert_null(array[i]);
-
- /* Delete value. */
-- array = string_array_del_value(array, "2");
-- assert_non_null(array);
--
-- array = string_array_del_value(array, "3");
-- assert_non_null(array);
--
-- array = string_array_del_value(array, "5");
-- assert_non_null(array);
-+ string_array_del_value(array, "2");
-+ string_array_del_value(array, "3");
-+ string_array_del_value(array, "5");
-
- /* Test values. */
- for (i = 0; expected[i] != NULL; i++) {
---
-2.17.2
-
diff --git a/SOURCES/0033-util-fix-buffer-error-in-textfile_copy.patch b/SOURCES/0033-util-fix-buffer-error-in-textfile_copy.patch
deleted file mode 100644
index 55606b3..0000000
--- a/SOURCES/0033-util-fix-buffer-error-in-textfile_copy.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From b2c0ab76560757296ce387f6ff2c43c983e8961d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Fri, 30 Nov 2018 11:51:38 +0100
-Subject: [PATCH 15/15] util: fix buffer error in textfile_copy()
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/123
----
- src/lib/util/textfile.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib/util/textfile.c b/src/lib/util/textfile.c
-index 7ee5df677b519f2433d9dfa235ad72551f7ded67..3394042eaf0db9508675cbd0aedc0cc13ea6546c 100644
---- a/src/lib/util/textfile.c
-+++ b/src/lib/util/textfile.c
-@@ -249,7 +249,7 @@ textfile_copy(const char *source,
- /* eof not error */
- }
-
-- bytes_written = fwrite(buf, sizeof(char), sizeof(buf), fdest);
-+ bytes_written = fwrite(buf, sizeof(char), bytes_read, fdest);
- if (bytes_written != bytes_read) {
- if (ferror(fdest) != 0) {
- ret = EIO;
---
-2.17.2
-
diff --git a/SOURCES/0034-lib-fix-coverity-warnings.patch b/SOURCES/0034-lib-fix-coverity-warnings.patch
deleted file mode 100644
index fcba163..0000000
--- a/SOURCES/0034-lib-fix-coverity-warnings.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From d770acde179d2cb2a9318f36405433737065169a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Tue, 4 Dec 2018 11:09:04 +0100
-Subject: [PATCH] lib: fix coverity warnings
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/126
----
- src/lib/authselect.c | 2 +-
- src/lib/util/string.c | 2 ++
- src/lib/util/string_array.c | 2 +-
- src/lib/util/template.c | 4 ++--
- 4 files changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/src/lib/authselect.c b/src/lib/authselect.c
-index 0f8d4a8b6d0b0faef81daf176486108ed0ea74db..ce34d2a44d1a59cb574331733929d551c5aec075 100644
---- a/src/lib/authselect.c
-+++ b/src/lib/authselect.c
-@@ -146,9 +146,9 @@ _PUBLIC_ int
- authselect_apply_changes(void)
- {
- struct authselect_profile *profile;
-+ char **supported = NULL;
- char *profile_id;
- char **features;
-- char **supported;
- errno_t ret;
- int i;
-
-diff --git a/src/lib/util/string.c b/src/lib/util/string.c
-index e6803bcd4e41adc05eaa623089009b17ccd4f49b..0f3936681c6c8af1be940f92a21dfc15dafe4e42 100644
---- a/src/lib/util/string.c
-+++ b/src/lib/util/string.c
-@@ -353,6 +353,8 @@ string_levenshtein(const char *a, const char *b)
- unsigned int old_diag;
- unsigned int column[len_a + 1];
-
-+ memset(column, 0, (len_a + 1) * sizeof(unsigned int));
-+
- for (y = 1; y <= len_a; y++) {
- column[y] = y;
- }
-diff --git a/src/lib/util/string_array.c b/src/lib/util/string_array.c
-index e8871dc067fbf3d461d1ee9579813ddc81eef676..dcf667e2e6e0c918a0c4eacad2486fdc182d8cf6 100644
---- a/src/lib/util/string_array.c
-+++ b/src/lib/util/string_array.c
-@@ -228,7 +228,7 @@ string_array_find_similar(const char *value, char **array, int max_distance)
- }
- }
-
-- if (best > max_distance) {
-+ if (word == NULL || best > max_distance) {
- return NULL;
- }
-
-diff --git a/src/lib/util/template.c b/src/lib/util/template.c
-index fb373c0fd83e04c6c78d5f57d3d8e50e54c0377b..0eedd2b04146f201a5c37f45c1d08f01c079d61f 100644
---- a/src/lib/util/template.c
-+++ b/src/lib/util/template.c
-@@ -130,8 +130,8 @@ template_match_get_values(const char *match_string,
- char **_if_true,
- char **_if_false)
- {
-- regmatch_t *m_true;
-- regmatch_t *m_false;
-+ regmatch_t *m_true = NULL;
-+ regmatch_t *m_false = NULL;
- char *if_true;
- char *if_false;
-
---
-2.17.2
-
diff --git a/SOURCES/0035-lib-label-temporary-files-with-correct-selinux-conte.patch b/SOURCES/0035-lib-label-temporary-files-with-correct-selinux-conte.patch
deleted file mode 100644
index 8738540..0000000
--- a/SOURCES/0035-lib-label-temporary-files-with-correct-selinux-conte.patch
+++ /dev/null
@@ -1,350 +0,0 @@
-From 721aa7e45ba56530c571743de4762605560f90cb Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Thu, 10 Jan 2019 13:26:49 +0100
-Subject: [PATCH] lib: label temporary files with correct selinux context
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/128
----
- configure.ac | 1 +
- rpm/authselect.spec.in | 1 +
- src/build_macros.m4 | 13 +++
- src/lib/Makefile.am | 3 +
- src/lib/util/selinux.c | 143 +++++++++++++++++++++++++++++
- src/lib/util/{util.h => selinux.h} | 37 +++++---
- src/lib/util/template.c | 16 +---
- src/lib/util/util.h | 1 +
- 8 files changed, 192 insertions(+), 23 deletions(-)
- create mode 100644 src/lib/util/selinux.c
- copy src/lib/util/{util.h => selinux.h} (50%)
-
-diff --git a/configure.ac b/configure.ac
-index 0ddb875439133d10a9ece8b92a2df1719065d349..667d41c1f67264850fd9e175598214d751078a7e 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -37,6 +37,7 @@ m4_include(external/po4a.m4)
- dnl Required libraries
- REQUIRE_POPT
- REQUIRE_CMOCKA
-+REQUIRE_SELINUX
-
- dnl Optional build dependencies - man pages generation
- CHECK_ASCIIDOC_TOOLS
-diff --git a/rpm/authselect.spec.in b/rpm/authselect.spec.in
-index c56ad4e2e0e23c902471fbacdb8bc3742bd8fa2d..f47c77ac3768ccf9c049c9ba512209fad059e418 100644
---- a/rpm/authselect.spec.in
-+++ b/rpm/authselect.spec.in
-@@ -24,6 +24,7 @@ BuildRequires: gettext-devel
- BuildRequires: po4a
- BuildRequires: %{_bindir}/a2x
- BuildRequires: libcmocka-devel >= 1.0.0
-+BuildRequires: libselinux-devel
- Requires: authselect-libs%{?_isa} = %{version}-%{release}
- Suggests: sssd
- Suggests: samba-winbind
-diff --git a/src/build_macros.m4 b/src/build_macros.m4
-index 5da871ec8cadfa200630420b5fe932d8af0473a3..dfedd47fd84c7201cfad30621761a3c1c564bc18 100644
---- a/src/build_macros.m4
-+++ b/src/build_macros.m4
-@@ -28,3 +28,16 @@ AC_DEFUN([REQUIRE_CMOCKA],
- )
- AM_CONDITIONAL([HAVE_CMOCKA], [test x$have_cmocka = xyes])
- ])
-+
-+AC_DEFUN([REQUIRE_SELINUX],
-+[
-+ AC_CHECK_HEADERS(selinux/selinux.h,
-+ [AC_CHECK_LIB(selinux, is_selinux_enabled,
-+ [SELINUX_LIBS="-lselinux"],
-+ [AC_MSG_ERROR([SELinux library is missing])]
-+ )],
-+ [AC_MSG_ERROR([SELinux headers are missing])]
-+ )
-+ AC_SUBST(SELINUX_LIBS)
-+])
-+
-diff --git a/src/lib/Makefile.am b/src/lib/Makefile.am
-index 2726062c421f7836ebc69fbbc0f5410cf3d19803..6c1191c702efbf52d45c7204311e4e9d1e64de3b 100644
---- a/src/lib/Makefile.am
-+++ b/src/lib/Makefile.am
-@@ -15,6 +15,7 @@ noinst_HEADERS = \
- files/files.h \
- profiles/profiles.h \
- util/file.h \
-+ util/selinux.h \
- util/string_array.h \
- util/string.h \
- util/template.h \
-@@ -55,6 +56,7 @@ libauthselect_la_SOURCES = \
- profiles/list.c \
- profiles/read.c \
- util/file.c \
-+ util/selinux.c \
- util/string_array.c \
- util/string.c \
- util/template.c \
-@@ -62,6 +64,7 @@ libauthselect_la_SOURCES = \
- $(NULL)
- libauthselect_la_LIBADD = \
- $(top_builddir)/src/common/libcommon.la \
-+ $(SELINUX_LIBS) \
- $(NULL)
- libauthselect_la_CFLAGS = \
- $(AM_CFLAGS) \
-diff --git a/src/lib/util/selinux.c b/src/lib/util/selinux.c
-new file mode 100644
-index 0000000000000000000000000000000000000000..05c8d7b19b13e1eff6086faa58657c3e41a44cc0
---- /dev/null
-+++ b/src/lib/util/selinux.c
-@@ -0,0 +1,143 @@
-+/*
-+ Authors:
-+ Pavel Březina <pbrezina@redhat.com>
-+
-+ Copyright (C) 2018 Red Hat
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include <errno.h>
-+#include <string.h>
-+#include <stdlib.h>
-+#include <unistd.h>
-+#include <selinux/selinux.h>
-+#include <selinux/label.h>
-+
-+#include "common/common.h"
-+
-+errno_t
-+selinux_get_default_context(const char *path,
-+ char **_context)
-+{
-+ struct selabel_handle *handle;
-+ char *context;
-+ errno_t ret;
-+
-+ handle = selabel_open(SELABEL_CTX_FILE, NULL, 0);
-+ if (handle == NULL) {
-+ ret = errno;
-+ ERROR("Unable to create selable context [%d]: %s", ret, strerror(ret));
-+ return ret;
-+ }
-+
-+ ret = selabel_lookup(handle, &context, path, 0);
-+ if (ret != 0) {
-+ ret = errno;
-+ if (ret == ENOENT) {
-+ return ENOENT;
-+ }
-+
-+ ERROR("Unable to lookup selinux context [%d]: %s", ret, strerror(ret));
-+ } else {
-+ *_context = context;
-+ ret = EOK;
-+ }
-+
-+ selabel_close(handle);
-+
-+ return ret;
-+}
-+
-+errno_t
-+selinux_mkstemp_of(const char *filepath,
-+ char **_tmpfile)
-+{
-+ char *original_context = NULL;
-+ char *default_context = NULL;
-+ char *tmpfile = NULL;
-+ errno_t ret;
-+ int seret;
-+ int fd;
-+
-+ seret = getfscreatecon(&original_context);
-+ if (seret != 0) {
-+ ERROR("Unable to get current fscreate selinux context!");
-+ return EIO;
-+ }
-+
-+ tmpfile = format("%s.XXXXXX", filepath);
-+ if (tmpfile == NULL) {
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ ret = selinux_get_default_context(filepath, &default_context);
-+ if (ret == ENOENT) {
-+ default_context = NULL;
-+ } else if (ret != EOK) {
-+ ERROR("Unable to get default selinux context for [%s] [%d]: %s!",
-+ filepath, ret, strerror(ret));
-+ goto done;
-+ }
-+
-+ seret = setfscreatecon(default_context);
-+ if (seret != 0) {
-+ ERROR("Unable to set fscreate selinux context!");
-+ ret = EIO;
-+ goto done;
-+ }
-+
-+ fd = mkstemp(tmpfile);
-+ if (fd == -1) {
-+ ret = errno;
-+
-+ seret = setfscreatecon(original_context);
-+ if (seret != 0) {
-+ ERROR("Unable to restore fscreate selinux context!");
-+ ret = EIO;
-+ goto done;
-+ }
-+
-+ goto done;
-+ }
-+
-+ close(fd);
-+
-+ seret = setfscreatecon(original_context);
-+ if (seret != 0) {
-+ ERROR("Unable to restore fscreate selinux context!");
-+ ret = EIO;
-+ goto done;
-+ }
-+
-+ *_tmpfile = tmpfile;
-+
-+ ret = EOK;
-+
-+done:
-+ if (original_context != NULL) {
-+ freecon(original_context);
-+ }
-+
-+ if (default_context != NULL) {
-+ freecon(default_context);
-+ }
-+
-+ if (ret != EOK) {
-+ free(tmpfile);
-+ }
-+
-+ return ret;
-+}
-diff --git a/src/lib/util/util.h b/src/lib/util/selinux.h
-similarity index 50%
-copy from src/lib/util/util.h
-copy to src/lib/util/selinux.h
-index b81990722d62ccf466c0687454c82ea3ee171436..26f2374140562dd085145845ed3092a0ddcf924e 100644
---- a/src/lib/util/util.h
-+++ b/src/lib/util/selinux.h
-@@ -18,20 +18,33 @@
- along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
--#ifndef _UTIL_H_
--#define _UTIL_H_
-+#ifndef _SELINUX_H_
-+#define _SELINUX_H_
-+
-+#include "common/errno_t.h"
-
- /**
-- * Many of the utility functions are not as effective as they can be but
-- * this is OK since authselect works only with small configuration files
-- * therefore we can prefer clean and simple code over performance.
-+ * Get default security context for @path.
-+ *
-+ * @param path Path to the file.
-+ *
-+ * @return EOK on success, ENOENT if context was not found, other errno code
-+ * is returned on failure.
- */
-+errno_t
-+selinux_get_default_context(const char *path);
-
--#include "common/common.h"
--#include "lib/util/file.h"
--#include "lib/util/string.h"
--#include "lib/util/string_array.h"
--#include "lib/util/template.h"
--#include "lib/util/textfile.h"
-+/**
-+ * Create temporary file created on @filepath.XXXXXX with security context
-+ * set to default security context of @filepath.
-+ *
-+ * @param filepath File for which a temporary file should be created.
-+ * @param _tmpfile Create temporary file.
-+ *
-+ * @return EOK on success, other errno code on failure.
-+ */
-+errno_t
-+selinux_mkstemp_of(const char *filepath,
-+ char **_tmpfile);
-
--#endif /* _UTIL_H_ */
-+#endif /* _SELINUX_H_ */
-diff --git a/src/lib/util/template.c b/src/lib/util/template.c
-index 0eedd2b04146f201a5c37f45c1d08f01c079d61f..9773dcbf1ecbde4fe2408f1b816dce129747806f 100644
---- a/src/lib/util/template.c
-+++ b/src/lib/util/template.c
-@@ -27,6 +27,7 @@
- #include "common/common.h"
- #include "lib/util/template.h"
- #include "lib/util/textfile.h"
-+#include "lib/util/selinux.h"
- #include "lib/util/string.h"
- #include "lib/util/string_array.h"
-
-@@ -594,23 +595,16 @@ template_write_temporary(const char *filepath,
- mode_t oldmask;
- char *tmpfile;
- errno_t ret;
-- int fd;
--
-- tmpfile = format("%s.XXXXXX", filepath);
-- if (tmpfile == NULL) {
-- return ENOMEM;
-- }
-
- oldmask = umask(mode);
-
-- fd = mkstemp(tmpfile);;
-- if (fd == -1) {
-- ret = errno;
-+ ret = selinux_mkstemp_of(filepath, &tmpfile);
-+ if (ret != EOK) {
-+ ERROR("Unable to create temporary file for [%s] [%d]: %s",
-+ filepath, ret, strerror(ret));
- goto done;
- }
-
-- close(fd);
--
- ret = template_write(tmpfile, content, mode);
- if (ret != EOK) {
- goto done;
-diff --git a/src/lib/util/util.h b/src/lib/util/util.h
-index b81990722d62ccf466c0687454c82ea3ee171436..e75afaef316fc8f8fd4d2aabbab7be1aa24e9ac7 100644
---- a/src/lib/util/util.h
-+++ b/src/lib/util/util.h
-@@ -29,6 +29,7 @@
-
- #include "common/common.h"
- #include "lib/util/file.h"
-+#include "lib/util/selinux.h"
- #include "lib/util/string.h"
- #include "lib/util/string_array.h"
- #include "lib/util/template.h"
---
-2.17.2
-
diff --git a/SOURCES/0036-authselect-fix-memory-leak-of-maps.patch b/SOURCES/0036-authselect-fix-memory-leak-of-maps.patch
deleted file mode 100644
index bf653d5..0000000
--- a/SOURCES/0036-authselect-fix-memory-leak-of-maps.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 196b795ec659da30e6f59446227886062d29fe1a Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Wed, 10 Oct 2018 14:38:24 +0200
-Subject: [PATCH 01/21] authselect: fix memory leak of maps
-
----
- src/cli/main.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/cli/main.c b/src/cli/main.c
-index 6179af6af5d727328c2dd452363035130ac82dd4..9d60db3da6f483bc42233341a1a01d0013a6a809 100644
---- a/src/cli/main.c
-+++ b/src/cli/main.c
-@@ -186,6 +186,7 @@ static errno_t activate(struct cli_cmdline *cmdline)
-
- done:
- free(requirements);
-+ authselect_array_free(maps);
- authselect_profile_free(profile);
- if (features != NULL) {
- free(features);
---
-2.17.2
-
diff --git a/SOURCES/0037-lib-make-selinux-functions-work-with-selinux-disable.patch b/SOURCES/0037-lib-make-selinux-functions-work-with-selinux-disable.patch
deleted file mode 100644
index 4a50d0b..0000000
--- a/SOURCES/0037-lib-make-selinux-functions-work-with-selinux-disable.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From 29add823913b66e0637d27d962ad5c5f9c85de70 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 28 Jan 2019 12:13:54 +0100
-Subject: [PATCH] lib: make selinux functions work with selinux disabled
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/133
----
- src/lib/util/file.c | 38 +++++++++++++++++++++++++++++++++
- src/lib/util/file.h | 13 +++++++++++-
- src/lib/util/selinux.c | 47 ++++++++++++++++-------------------------
- src/lib/util/selinux.h | 8 ++++---
- src/lib/util/template.c | 23 ++++++--------------
- 5 files changed, 79 insertions(+), 50 deletions(-)
-
-diff --git a/src/lib/util/file.c b/src/lib/util/file.c
-index fa231f771a7d0cdd449b69c4bf7b00d93aefc375..2e23ce39ec04e6aaf79f16410f9ac08dc3f9d54c 100644
---- a/src/lib/util/file.c
-+++ b/src/lib/util/file.c
-@@ -329,3 +329,41 @@ file_make_path(const char *path, mode_t mode)
- return EOK;
-
- }
-+
-+errno_t
-+file_mktmp_for(const char *path, mode_t mode, char **_tmpfile)
-+{
-+ mode_t oldmask;
-+ char *tmpfile;
-+ errno_t ret;
-+ int fd;
-+
-+ oldmask = umask(mode);
-+
-+ tmpfile = format("%s.XXXXXX", path);
-+ if (tmpfile == NULL) {
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ fd = mkstemp(tmpfile);
-+ if (fd == -1) {
-+ ret = errno;
-+ goto done;
-+ }
-+
-+ close(fd);
-+
-+ *_tmpfile = tmpfile;
-+
-+ ret = EOK;
-+
-+done:
-+ if (ret != EOK) {
-+ free(tmpfile);
-+ }
-+
-+ umask(oldmask);
-+
-+ return ret;
-+}
-diff --git a/src/lib/util/file.h b/src/lib/util/file.h
-index 49ebef37443bf137439bad27fd75283c25c9c3e5..6d5823791bfcc581304200d0c2d37b41c3d7b95d 100644
---- a/src/lib/util/file.h
-+++ b/src/lib/util/file.h
-@@ -133,7 +133,7 @@ file_get_parent_directory(const char *filepath);
- /**
- * Create all directories in a path. Path must end with a directory not a file.
- *
-- * @param filename Path to the file whose directories should be created.
-+ * @param path Path to the file whose directories should be created.
- * @param mode Directory mode.
- *
- * @return EOK on success, other errno code on error.
-@@ -141,4 +141,15 @@ file_get_parent_directory(const char *filepath);
- errno_t
- file_make_path(const char *path, mode_t mode);
-
-+/**
-+ * Make temporary file for @path so it can be first written and then safelly
-+ * renamed to @path.
-+ *
-+ * @param path Path to the file whose directories should be created.
-+ * @param mode Temporary file mode.
-+ * @param _tmpfile Path to created temporary file.
-+ */
-+errno_t
-+file_mktmp_for(const char *path, mode_t mode, char **_tmpfile);
-+
- #endif /* _FILE_H_ */
-diff --git a/src/lib/util/selinux.c b/src/lib/util/selinux.c
-index 9b0e0ff26b768d88f67a42985c5d5bafb8aa58ec..01b68087b265c0ef1c1087f626df8e20de086338 100644
---- a/src/lib/util/selinux.c
-+++ b/src/lib/util/selinux.c
-@@ -26,6 +26,7 @@
- #include <selinux/label.h>
-
- #include "common/common.h"
-+#include "lib/util/file.h"
-
- errno_t
- selinux_get_default_context(const char *path,
-@@ -61,15 +62,19 @@ selinux_get_default_context(const char *path,
- }
-
- errno_t
--selinux_mkstemp_of(const char *filepath,
-- char **_tmpfile)
-+selinux_mkstemp_for(const char *filepath,
-+ mode_t mode,
-+ char **_tmpfile)
- {
- char *original_context = NULL;
- char *default_context = NULL;
-- char *tmpfile = NULL;
-+ char *tmpfile;
- errno_t ret;
- int seret;
-- int fd;
-+
-+ if (is_selinux_enabled() != 1) {
-+ return file_mktmp_for(filepath, mode, _tmpfile);
-+ }
-
- seret = getfscreatecon(&original_context);
- if (seret != 0) {
-@@ -77,12 +82,6 @@ selinux_mkstemp_of(const char *filepath,
- return EIO;
- }
-
-- tmpfile = format("%s.XXXXXX", filepath);
-- if (tmpfile == NULL) {
-- ret = ENOMEM;
-- goto done;
-- }
--
- ret = selinux_get_default_context(filepath, &default_context);
- if (ret == ENOENT) {
- default_context = NULL;
-@@ -92,6 +91,7 @@ selinux_mkstemp_of(const char *filepath,
- goto done;
- }
-
-+ /* Set desired fs create context. */
- seret = setfscreatecon(default_context);
- if (seret != 0) {
- ERROR("Unable to set fscreate selinux context!");
-@@ -99,22 +99,9 @@ selinux_mkstemp_of(const char *filepath,
- goto done;
- }
-
-- fd = mkstemp(tmpfile);
-- if (fd == -1) {
-- ret = errno;
--
-- seret = setfscreatecon(original_context);
-- if (seret != 0) {
-- ERROR("Unable to restore fscreate selinux context!");
-- ret = EIO;
-- goto done;
-- }
--
-- goto done;
-- }
--
-- close(fd);
-+ ret = file_mktmp_for(filepath, mode, &tmpfile);
-
-+ /* Restore original fs create context. */
- seret = setfscreatecon(original_context);
- if (seret != 0) {
- ERROR("Unable to restore fscreate selinux context!");
-@@ -122,6 +109,12 @@ selinux_mkstemp_of(const char *filepath,
- goto done;
- }
-
-+ /* Check result of file_mktmp_for() */
-+ if (ret != EOK) {
-+ free(tmpfile);
-+ goto done;
-+ }
-+
- *_tmpfile = tmpfile;
-
- ret = EOK;
-@@ -135,9 +128,5 @@ done:
- freecon(default_context);
- }
-
-- if (ret != EOK) {
-- free(tmpfile);
-- }
--
- return ret;
- }
-diff --git a/src/lib/util/selinux.h b/src/lib/util/selinux.h
-index 26f2374140562dd085145845ed3092a0ddcf924e..8abfb3fb5d244b32570cc9e573b2e12df14177e1 100644
---- a/src/lib/util/selinux.h
-+++ b/src/lib/util/selinux.h
-@@ -39,12 +39,14 @@ selinux_get_default_context(const char *path);
- * set to default security context of @filepath.
- *
- * @param filepath File for which a temporary file should be created.
-- * @param _tmpfile Create temporary file.
-+ * @param mode Temporary file mode.
-+ * @param _tmpfile Created temporary file.
- *
- * @return EOK on success, other errno code on failure.
- */
- errno_t
--selinux_mkstemp_of(const char *filepath,
-- char **_tmpfile);
-+selinux_mkstemp_for(const char *filepath,
-+ mode_t mode,
-+ char **_tmpfile);
-
- #endif /* _SELINUX_H_ */
-diff --git a/src/lib/util/template.c b/src/lib/util/template.c
-index 9773dcbf1ecbde4fe2408f1b816dce129747806f..1f3464912d8fe7afe8a7f0920fe31eb5c2dfaba5 100644
---- a/src/lib/util/template.c
-+++ b/src/lib/util/template.c
-@@ -592,36 +592,25 @@ template_write_temporary(const char *filepath,
- mode_t mode,
- char **_tmpfile)
- {
-- mode_t oldmask;
- char *tmpfile;
- errno_t ret;
-
-- oldmask = umask(mode);
--
-- ret = selinux_mkstemp_of(filepath, &tmpfile);
-+ ret = selinux_mkstemp_for(filepath, mode, &tmpfile);
- if (ret != EOK) {
- ERROR("Unable to create temporary file for [%s] [%d]: %s",
- filepath, ret, strerror(ret));
-- goto done;
-+ return ret;
- }
-
- ret = template_write(tmpfile, content, mode);
-- if (ret != EOK) {
-- goto done;
-- }
--
-- *_tmpfile = tmpfile;
--
-- ret = EOK;
--
--done:
-- umask(oldmask);
--
- if (ret != EOK) {
- free(tmpfile);
-+ return ret;
- }
-
-- return ret;
-+ *_tmpfile = tmpfile;
-+
-+ return EOK;
- }
-
- bool
---
-2.17.2
-
diff --git a/SOURCES/0038-sssd-require-smartcard-only-for-specific-services.patch b/SOURCES/0038-sssd-require-smartcard-only-for-specific-services.patch
deleted file mode 100644
index 535881f..0000000
--- a/SOURCES/0038-sssd-require-smartcard-only-for-specific-services.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-From c7f20a9d79ef8e9a681994b27554dcd5df1d36c7 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 4 Feb 2019 12:38:39 +0100
-Subject: [PATCH 2/3] sssd: require smartcard only for specific services
-
-Otherwise even services like su or sudo can not perform password authentication
-which is not desired.
-
-Resolves:
-https://github.com/pbrezina/authselect/issues/134
----
- profiles/sssd/system-auth | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 22dba5b2d3db23855724ddb05528e5013c63c5af..c21d18ec855978d4f10abc3f1f95ac1cfb563d58 100644
---- a/profiles/sssd/system-auth
-+++ b/profiles/sssd/system-auth
-@@ -1,6 +1,7 @@
- auth required pam_env.so
- auth required pam_faildelay.so delay=2000000
- auth required pam_faillock.so preauth silent deny=4 unlock_time=1200 {include if "with-faillock"}
-+auth [success=1 default=ignore] pam_succeed_if.so service notin login:gdm:xdm:kdm:xscreensaver:gnome-screensaver:kscreensaver quiet use_uid {include if "with-smartcard-required"}
- auth [success=done ignore=ignore default=die] pam_sss.so require_cert_auth ignore_authinfo_unavail {include if "with-smartcard-required"}
- auth sufficient pam_fprintd.so {include if "with-fingerprint"}
- auth [default=1 ignore=ignore success=ok] pam_succeed_if.so uid >= 1000 quiet
---
-2.17.2
-
diff --git a/SOURCES/0039-Revert-profiles-make-session-pam_systemd-required.patch b/SOURCES/0039-Revert-profiles-make-session-pam_systemd-required.patch
deleted file mode 100644
index 0bb7b93..0000000
--- a/SOURCES/0039-Revert-profiles-make-session-pam_systemd-required.patch
+++ /dev/null
@@ -1,152 +0,0 @@
-From a21f75d8194df780f83aff0f36d270f56af7f182 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jakub.hrozek@posteo.se>
-Date: Mon, 25 Feb 2019 21:48:18 +0100
-Subject: [PATCH] Revert "profiles: make session pam_systemd required"
-
-This reverts commit 297f48d60dd9fe4ba3fd2bdd1bdd5276ffa557d6.
----
- profiles/nis/fingerprint-auth | 2 +-
- profiles/nis/password-auth | 2 +-
- profiles/nis/system-auth | 2 +-
- profiles/sssd/fingerprint-auth | 2 +-
- profiles/sssd/password-auth | 2 +-
- profiles/sssd/smartcard-auth | 2 +-
- profiles/sssd/system-auth | 2 +-
- profiles/winbind/fingerprint-auth | 2 +-
- profiles/winbind/password-auth | 2 +-
- profiles/winbind/system-auth | 2 +-
- 10 files changed, 10 insertions(+), 10 deletions(-)
-
-diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
-index dc9e53b..278487b 100644
---- a/profiles/nis/fingerprint-auth
-+++ b/profiles/nis/fingerprint-auth
-@@ -17,7 +17,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
-index 60781bb..2ce77fd 100644
---- a/profiles/nis/password-auth
-+++ b/profiles/nis/password-auth
-@@ -22,7 +22,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
-index 3edbf34..d1f270a 100644
---- a/profiles/nis/system-auth
-+++ b/profiles/nis/system-auth
-@@ -23,7 +23,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
-index 3bdaf3e..01b70f3 100644
---- a/profiles/sssd/fingerprint-auth
-+++ b/profiles/sssd/fingerprint-auth
-@@ -19,7 +19,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
-index fbd6647..c61630d 100644
---- a/profiles/sssd/password-auth
-+++ b/profiles/sssd/password-auth
-@@ -28,7 +28,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
-index 5ec5e1d..82e82cc 100644
---- a/profiles/sssd/smartcard-auth
-+++ b/profiles/sssd/smartcard-auth
-@@ -16,7 +16,7 @@ account required pam_permit.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
-index 2879592..d70c7da 100644
---- a/profiles/sssd/system-auth
-+++ b/profiles/sssd/system-auth
-@@ -32,7 +32,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
-index 9264946..0beff74 100644
---- a/profiles/winbind/fingerprint-auth
-+++ b/profiles/winbind/fingerprint-auth
-@@ -18,7 +18,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
-index b694bed..455add4 100644
---- a/profiles/winbind/password-auth
-+++ b/profiles/winbind/password-auth
-@@ -25,7 +25,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
-diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
-index 88e1c07..5b383f7 100644
---- a/profiles/winbind/system-auth
-+++ b/profiles/winbind/system-auth
-@@ -26,7 +26,7 @@ password required pam_deny.so
- session optional pam_keyinit.so revoke
- session required pam_limits.so
- session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
--session required pam_systemd.so
-+-session optional pam_systemd.so
- session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
- session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
- session required pam_unix.so
---
-2.19.2
-
diff --git a/SOURCES/0902-rhel8-remove-ecryptfs-support.patch b/SOURCES/0902-rhel8-remove-ecryptfs-support.patch
new file mode 100644
index 0000000..a021aa9
--- /dev/null
+++ b/SOURCES/0902-rhel8-remove-ecryptfs-support.patch
@@ -0,0 +1,283 @@
+From 8f39d5ebcf18b9d987af5ad851fe1637ce1fce22 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Mon, 10 Jun 2019 10:53:15 +0200
+Subject: [PATCH] rhel8: remove ecryptfs support
+
+---
+ profiles/nis/README | 3 ---
+ profiles/nis/fingerprint-auth | 1 -
+ profiles/nis/password-auth | 1 -
+ profiles/nis/postlogin | 4 ----
+ profiles/nis/system-auth | 1 -
+ profiles/sssd/README | 3 ---
+ profiles/sssd/fingerprint-auth | 1 -
+ profiles/sssd/password-auth | 1 -
+ profiles/sssd/postlogin | 4 ----
+ profiles/sssd/smartcard-auth | 1 -
+ profiles/sssd/system-auth | 1 -
+ profiles/winbind/README | 3 ---
+ profiles/winbind/fingerprint-auth | 1 -
+ profiles/winbind/password-auth | 1 -
+ profiles/winbind/postlogin | 4 ----
+ profiles/winbind/system-auth | 1 -
+ src/compat/authcompat.py.in.in | 1 -
+ src/compat/authcompat_Options.py | 2 +-
+ src/man/authselect-migration.7.adoc | 5 ++---
+ 19 files changed, 3 insertions(+), 36 deletions(-)
+
+diff --git a/profiles/nis/README b/profiles/nis/README
+index b8453bd357a1cec0d3c1981257271170f029fe8c..8b2cc1baa8a3429039f5bbeb0778113238ef6633 100644
+--- a/profiles/nis/README
++++ b/profiles/nis/README
+@@ -21,9 +21,6 @@ with-mkhomedir::
+ Enable automatic creation of home directories for users on their
+ first login.
+
+-with-ecryptfs::
+- Enable automatic per-user ecryptfs.
+-
+ with-fingerprint::
+ Enable authentication with fingerprint reader through *pam_fprintd*.
+
+diff --git a/profiles/nis/fingerprint-auth b/profiles/nis/fingerprint-auth
+index 278487b2a0f9ce103afebb0809ffffa2cfbbba7e..8d6bc3fe8ada7305280503bfa350cd78723c988a 100644
+--- a/profiles/nis/fingerprint-auth
++++ b/profiles/nis/fingerprint-auth
+@@ -16,7 +16,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/nis/password-auth b/profiles/nis/password-auth
+index 2ce77fded674684987849b027debe2b17a7bac94..46786cc8c2c90a2be98d71684b9286c37ff5b678 100644
+--- a/profiles/nis/password-auth
++++ b/profiles/nis/password-auth
+@@ -21,7 +21,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/nis/postlogin b/profiles/nis/postlogin
+index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
+--- a/profiles/nis/postlogin
++++ b/profiles/nis/postlogin
+@@ -1,7 +1,3 @@
+-auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+-
+-password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+-
+ session optional pam_umask.so silent
+ session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+ session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
+diff --git a/profiles/nis/system-auth b/profiles/nis/system-auth
+index d1f270a9e6f0ded1ff2d9c24fcd78c31e7a6debe..25148b060ecd0b52868386abf14ca5a9fd8fdfc3 100644
+--- a/profiles/nis/system-auth
++++ b/profiles/nis/system-auth
+@@ -22,7 +22,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/sssd/README b/profiles/sssd/README
+index a2b52b7d4178bfaca260d31267dac396b514e656..b007621a4abd6423605507af5b03131c58a44f29 100644
+--- a/profiles/sssd/README
++++ b/profiles/sssd/README
+@@ -40,9 +40,6 @@ with-mkhomedir::
+ Enable automatic creation of home directories for users on their
+ first login.
+
+-with-ecryptfs::
+- Enable automatic per-user ecryptfs.
+-
+ with-smartcard::
+ Enable authentication with smartcards through SSSD. Please note that
+ smartcard support must be also explicitly enabled within
+diff --git a/profiles/sssd/fingerprint-auth b/profiles/sssd/fingerprint-auth
+index 01b70f3533149d00700859f3e0a1c3f2abb33a8a..b9bbc63d96e1d982a54b537402fed5e2201ce533 100644
+--- a/profiles/sssd/fingerprint-auth
++++ b/profiles/sssd/fingerprint-auth
+@@ -18,7 +18,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/sssd/password-auth b/profiles/sssd/password-auth
+index c61630d5a71772c61cbdcce00bb5b64a83e87d8e..fe2e3a4bf68fb53e46af56577c9d67c7eabf2fff 100644
+--- a/profiles/sssd/password-auth
++++ b/profiles/sssd/password-auth
+@@ -27,7 +27,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/sssd/postlogin b/profiles/sssd/postlogin
+index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
+--- a/profiles/sssd/postlogin
++++ b/profiles/sssd/postlogin
+@@ -1,7 +1,3 @@
+-auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+-
+-password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+-
+ session optional pam_umask.so silent
+ session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+ session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
+diff --git a/profiles/sssd/smartcard-auth b/profiles/sssd/smartcard-auth
+index a47f44389d89797b2404ce44a78c2bc8a936225d..a15a033f58b766074ccc6a271f146341ff62f2e4 100644
+--- a/profiles/sssd/smartcard-auth
++++ b/profiles/sssd/smartcard-auth
+@@ -16,7 +16,6 @@ account required pam_permit.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/sssd/system-auth b/profiles/sssd/system-auth
+index 0c53fc0c326a6ab9b9720c3c0de4f7377431f689..788c92ba27f9b0febdbe00f265bc75e754aca8df 100644
+--- a/profiles/sssd/system-auth
++++ b/profiles/sssd/system-auth
+@@ -32,7 +32,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/winbind/README b/profiles/winbind/README
+index e711b546c51fbe1ccf30b203cb854398d5e95caa..72f55e640c04bd539bef979da71d6d9ee0a2fd72 100644
+--- a/profiles/winbind/README
++++ b/profiles/winbind/README
+@@ -33,9 +33,6 @@ with-mkhomedir::
+ Enable automatic creation of home directories for users on their
+ first login.
+
+-with-ecryptfs::
+- Enable automatic per-user ecryptfs.
+-
+ with-fingerprint::
+ Enable authentication with fingerprint reader through *pam_fprintd*.
+
+diff --git a/profiles/winbind/fingerprint-auth b/profiles/winbind/fingerprint-auth
+index 0beff74eba83f12c4ad5a6147a6194608cd047e3..cdc61a1e9ff2ff8d58b58a076f001933092d0a90 100644
+--- a/profiles/winbind/fingerprint-auth
++++ b/profiles/winbind/fingerprint-auth
+@@ -17,7 +17,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/winbind/password-auth b/profiles/winbind/password-auth
+index 455add4c0c6aa2fecc850dc2b315998c6b4c4fb5..d60fb34c1c9a4f49f68b5c036a72127996bff9be 100644
+--- a/profiles/winbind/password-auth
++++ b/profiles/winbind/password-auth
+@@ -24,7 +24,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/profiles/winbind/postlogin b/profiles/winbind/postlogin
+index 137cd00dc65ee9ea83123f1d3a6f7ba04f0aea04..04a11f049bc1e220c9064fba7b46eb243ddd4996 100644
+--- a/profiles/winbind/postlogin
++++ b/profiles/winbind/postlogin
+@@ -1,7 +1,3 @@
+-auth optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+-
+-password optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+-
+ session optional pam_umask.so silent
+ session [success=1 default=ignore] pam_succeed_if.so service !~ gdm* service !~ su* quiet
+ session [default=1] pam_lastlog.so nowtmp {if "with-silent-lastlog":silent|showfailed}
+diff --git a/profiles/winbind/system-auth b/profiles/winbind/system-auth
+index 5b383f70df6f03f59c6ab3b1dd5686382745b978..c169d7f3b75893ba61d60e085ef86bb658debf5b 100644
+--- a/profiles/winbind/system-auth
++++ b/profiles/winbind/system-auth
+@@ -25,7 +25,6 @@ password required pam_deny.so
+
+ session optional pam_keyinit.so revoke
+ session required pam_limits.so
+-session optional pam_ecryptfs.so unwrap {include if "with-ecryptfs"}
+ -session optional pam_systemd.so
+ session optional pam_oddjob_mkhomedir.so umask=0077 {include if "with-mkhomedir"}
+ session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
+diff --git a/src/compat/authcompat.py.in.in b/src/compat/authcompat.py.in.in
+index e4b8c05c6a11a215529ba66f8b36b72a6ac18448..4e39b7ec66d0e2ba911c7280467ba78fd29c196c 100755
+--- a/src/compat/authcompat.py.in.in
++++ b/src/compat/authcompat.py.in.in
+@@ -520,7 +520,6 @@ class AuthCompat:
+ 'smartcard' : 'with-smartcard',
+ 'requiresmartcard' : 'with-smartcard-required',
+ 'fingerprint' : 'with-fingerprint',
+- 'ecryptfs' : 'with-ecryptfs',
+ 'mkhomedir' : 'with-mkhomedir',
+ 'faillock' : 'with-faillock',
+ 'pamaccess' : 'with-pamaccess',
+diff --git a/src/compat/authcompat_Options.py b/src/compat/authcompat_Options.py
+index c8f52ab6773c4cd5371f32121dba8053f3443261..433a3340bac29739174e78928701214c08ec6f3c 100644
+--- a/src/compat/authcompat_Options.py
++++ b/src/compat/authcompat_Options.py
+@@ -93,7 +93,6 @@ class Options:
+ Option.Valued ("smartcardaction", _("<0=Lock|1=Ignore>"), _("action to be taken on smart card removal")),
+ Option.Feature("requiresmartcard",_("require smart card for authentication by default")),
+ Option.Feature("fingerprint", _("authentication with fingerprint readers by default")),
+- Option.Feature("ecryptfs", _("automatic per-user ecryptfs")),
+ Option.Feature("krb5", _("Kerberos authentication by default")),
+ Option.Valued ("krb5kdc", _("<server>"), _("default Kerberos KDC")),
+ Option.Valued ("krb5adminserver", _("<server>"), _("default Kerberos admin server")),
+@@ -141,6 +140,7 @@ class Options:
+ # layers and will produce warning when used. They will not affect
+ # the system.
+ Option.UnsupportedFeature("cache"),
++ Option.UnsupportedFeature("ecryptfs"),
+ Option.UnsupportedFeature("shadow"),
+ Option.UnsupportedSwitch ("useshadow"),
+ Option.UnsupportedFeature("md5"),
+diff --git a/src/man/authselect-migration.7.adoc b/src/man/authselect-migration.7.adoc
+index 35ba484d576ab8a3d923a124f6b1577085deedd4..a27af036738274d8d392f7fe1f7d59c89e9c4ffb 100644
+--- a/src/man/authselect-migration.7.adoc
++++ b/src/man/authselect-migration.7.adoc
+@@ -80,7 +80,6 @@ configuration file for required services.
+ |*Authconfig options* |*Authselect profile feature*
+ |--enablesmartcard |with-smartcard
+ |--enablefingerprint |with-fingerprint
+-|--enableecryptfs |with-ecryptfs
+ |--enablemkhomedir |with-mkhomedir
+ |--enablefaillock |with-faillock
+ |--enablepamaccess |with-pamaccess
+@@ -95,8 +94,8 @@ authselect select sssd with-faillock
+ authconfig --enablesssd --enablesssdauth --enablesmartcard --smartcardmodule=sssd --updateall
+ authselect select sssd with-smartcard
+
+-authconfig --enableecryptfs --enablepamaccess --updateall
+-authselect select sssd with-ecryptfs with-pamaccess
++authconfig --enablepamaccess --updateall
++authselect select sssd with-pamaccess
+
+ authconfig --enablewinbind --enablewinbindauth --winbindjoin=Administrator --updateall
+ realm join -U Administrator --client-software=winbind WINBINDDOMAIN
+--
+2.20.1
+
diff --git a/SPECS/authselect.spec b/SPECS/authselect.spec
index 6482129..4825a4d 100644
--- a/SPECS/authselect.spec
+++ b/SPECS/authselect.spec
@@ -1,59 +1,23 @@
+# Do not terminate build if language files are empty.
+%define _empty_manifest_terminate_build 0
+
Name: authselect
-Version: 1.0
-Release: 13%{?dist}
+Version: 1.1
+Release: 2%{?dist}
Summary: Configures authentication and identity sources from supported profiles
URL: https://github.com/pbrezina/authselect
License: GPLv3+
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz
%if 0%{?rhel}
-Source1: translations-1.0-12.tar.gz
+Source1: translations-1.1-2.tar.gz
%endif
%global makedir %{_builddir}/%{name}-%{version}
-Patch0001: 0001-lib-fix-profile-origin-debug-message.patch
-Patch0002: 0002-man-remove-duplicate-of-with-pamaccess.patch
-Patch0003: 0003-Don-t-write-options-without-value-to-pwquality-conf-.patch
-Patch0004: 0004-compat-write-only-options-set-on-command-line-to-pwq.patch
-Patch0005: 0005-compat-fix-regular-expression-for-environment-files.patch
-Patch0006: 0006-compat-fix-typo-in-compat-tool-that-produces-TypeErr.patch
-Patch0007: 0007-compat-use-current-configuration-unless-other-profil.patch
-Patch0008: 0008-compat-do-not-disable-service-if-its-option-is-not-s.patch
-Patch0009: 0009-nis-add-all-maps-supported-by-nss_nis.patch
-Patch0010: 0010-nis-add-systemd-module-to-nsswitch.conf.patch
-Patch0011: 0011-nis-add-nis-option-to-pam_unix-in-password-phase.patch
-Patch0012: 0012-nis-with-nispwquality-will-enable-pwquality-for-nis-.patch
-Patch0013: 0013-profiles-add-without-nullok.patch
-Patch0014: 0014-profiles-add-options-to-exclude-lines-from-nsswitch..patch
-Patch0015: 0015-compat-do-not-stop-rpcbind-only-start-it.patch
-Patch0016: 0016-sssd-document-that-this-profile-can-be-used-also-wit.patch
-Patch0017: 0017-sssd-add-support-for-local-users-authentication-via-.patch
-Patch0018: 0018-sssd-add-with-smartcard-required-feature.patch
-Patch0019: 0019-sssd-remove-with-sudo-duplicate-from-readme.patch
-Patch0020: 0020-profiles-end-all-files-with-new-line.patch
-Patch0021: 0021-compat-add-support-for-with-smartcard-required-enabl.patch
-Patch0022: 0022-compat-support-with-smartcard-lock-on-removal-smartc.patch
-Patch0023: 0023-profiles-mention-pam_oddjob_mkhomedir-in-requirement.patch
-Patch0024: 0024-lib-fix-memory-leak-in-authselect_profile_free.patch
-Patch0025: 0025-lib-fix-memory-leak-in-authselect_config_validate_ex.patch
-Patch0026: 0026-profiles-make-session-pam_systemd-required.patch
-Patch0027: 0027-lib-add-authselect_profile_features-to-list-supporte.patch
-Patch0028: 0028-lib-refuse-to-activate-profile-if-unsupported-featur.patch
-Patch0029: 0029-lib-remove-no-longer-supported-features-in-apply-cha.patch
-Patch0030: 0030-compat-write-to-sysconfig-after-all-changes-are-done.patch
-Patch0031: 0031-util-remove-duplicate-values-correctly-in-string_arr.patch
-Patch0032: 0032-util-do-not-return-value-from-string_array_del_value.patch
-Patch0033: 0033-util-fix-buffer-error-in-textfile_copy.patch
-Patch0034: 0034-lib-fix-coverity-warnings.patch
-Patch0035: 0035-lib-label-temporary-files-with-correct-selinux-conte.patch
-Patch0036: 0036-authselect-fix-memory-leak-of-maps.patch
-Patch0037: 0037-lib-make-selinux-functions-work-with-selinux-disable.patch
-Patch0038: 0038-sssd-require-smartcard-only-for-specific-services.patch
-Patch0039: 0039-Revert-profiles-make-session-pam_systemd-required.patch
-
# Downstream only
Patch0901: 0901-rhel8-remove-mention-of-Fedora-Change-page-in-compat.patch
+Patch0902: 0902-rhel8-remove-ecryptfs-support.patch
BuildRequires: autoconf
BuildRequires: automake
@@ -85,7 +49,6 @@ supported by authselect.
%package libs
Summary: Utility library used by the authselect tool
-Requires: libselinux
# Required by scriptlets
Requires: coreutils
Requires: findutils
@@ -104,10 +67,10 @@ Obsoletes: authconfig < 7.0.1-6
Provides: authconfig
BuildRequires: python3-devel
Requires: authselect%{?_isa} = %{version}-%{release}
+Recommends: oddjob-mkhomedir
Suggests: sssd
Suggests: realmd
Suggests: samba-winbind
-Suggests: oddjob-mkhomedir
# Required by scriptlets
Requires: sed
@@ -159,11 +122,11 @@ autoreconf -if
%find_lang %{name}-profiles %{name}-profiles.5.lang --with-man
# We want this file to contain only manual page translations
-sed -i '/LC_MESSAGES/d' %{name}.8.lang
+%__sed -i '/LC_MESSAGES/d' %{name}.8.lang
# Remove .la and .a files created by libtool
-find $RPM_BUILD_ROOT -name "*.la" -exec rm -f {} \;
-find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
+find $RPM_BUILD_ROOT -name "*.la" -exec %__rm -f {} \;
+find $RPM_BUILD_ROOT -name "*.a" -exec %__rm -f {} \;
%ldconfig_scriptlets libs
@@ -171,6 +134,16 @@ find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
%dir %{_sysconfdir}/authselect
%dir %{_sysconfdir}/authselect/custom
%dir %{_localstatedir}/lib/authselect
+%ghost %attr(0755,root,root) %{_localstatedir}/lib/authselect/backups/
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-db
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/dconf-locks
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/fingerprint-auth
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/nsswitch.conf
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/password-auth
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/postlogin
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/smartcard-auth
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/system-auth
+%ghost %attr(0644,root,root) %{_localstatedir}/lib/authselect/user-nsswitch-created
%dir %{_datadir}/authselect
%dir %{_datadir}/authselect/vendor
%dir %{_datadir}/authselect/default
@@ -225,11 +198,12 @@ find $RPM_BUILD_ROOT -name "*.a" -exec rm -f {} \;
%{_bindir}/authselect
%{_mandir}/man8/authselect.8*
%{_mandir}/man7/authselect-migration.7*
+%{_sysconfdir}/bash_completion.d/authselect-completion.sh
%global validfile %{_localstatedir}/lib/rpm-state/%{name}.config-valid
%pre libs
-rm -f %{validfile}
+%__rm -f %{validfile}
if [ $1 -gt 1 ] ; then
# Remember if the current configuration is valid
%{_bindir}/authselect check &> /dev/null
@@ -243,11 +217,11 @@ exit 0
%posttrans libs
# Copy nsswitch.conf to user-nsswitch.conf if it was not yet created
if [ ! -f %{_localstatedir}/lib/authselect/user-nsswitch-created ]; then
- cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
+ %__cp -n %{_sysconfdir}/nsswitch.conf %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
touch %{_localstatedir}/lib/authselect/user-nsswitch-created &> /dev/null
# If we are upgrading from older version, we want to remove these comments.
- sed -i '/^# Generated by authselect on .*$/{$!{
+ %__sed -i '/^# Generated by authselect on .*$/{$!{
N;N # Read also next two lines
/# Generated by authselect on .*\n# Do not modify this file manually.\n/d
}}' %{_sysconfdir}/authselect/user-nsswitch.conf &> /dev/null
@@ -260,11 +234,11 @@ if [ -f %{validfile} ]; then
smartcard-auth postlogin dconf-db dconf-locks"
for FILE in $FILES ; do
- cp -n %{_sysconfdir}/authselect/$FILE \
- %{_localstatedir}/lib/authselect/$FILE &> /dev/null
+ %__cp -n %{_sysconfdir}/authselect/$FILE \
+ %{_localstatedir}/lib/authselect/$FILE &> /dev/null
done
- rm -f %{validfile}
+ %__rm -f %{validfile}
fi
# Apply any changes to profiles (validates configuration first internally)
@@ -273,10 +247,10 @@ fi
# Enable with-sudo feature if sssd-sudo responder is enabled. RHBZ#1582111
CURRENT=`%{_bindir}/authselect current --raw 2> /dev/null`
if [ $? -eq 0 ]; then
- PROFILE=`echo $CURRENT | awk '{print $1;}'`
+ PROFILE=`echo $CURRENT | %__awk '{print $1;}'`
if [ $PROFILE == "sssd" ] ; then
- if grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then
+ if %__grep -E "services[[:blank:]]*=[[:blank:]]*.*sudo" /etc/sssd/sssd.conf &> /dev/null ; then
%{_bindir}/authselect enable-feature with-sudo &> /dev/null
elif systemctl is-active sssd-sudo.service sssd-sudo.socket --quiet || systemctl is-enabled sssd-sudo.socket --quiet ; then
%{_bindir}/authselect enable-feature with-sudo &> /dev/null
@@ -291,10 +265,19 @@ exit 0
# Remove invalid lines from pwquality.conf generated by authconfig compat tool
# - previous version could write some options without value, which is invalid
# - we delete all options without value from existing file
-sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwquality.conf &> /dev/null
+%__sed -i -E '/^\w+=$/d' %{_sysconfdir}/security/pwquality.conf.d/10-authconfig-pwquality.conf &> /dev/null
exit 0
%changelog
+* Thu Jul 4 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-2
+- Update translations (RHBZ #1689973)
+
+* Mon Jun 10 2019 Pavel Březina <pbrezina@redhat.com> - 1.1-1
+- Rebase to authselect-1.1 (RHBZ #1685516)
+- Notify that oddjob-mkhomedir needs to be enabled manually (RHBZ #1694103)
+- Ask for smartcard insertion when smartcard authentication is required (RHBZ #1674397)
+- Update translations (RHBZ #1689973)
+
* Mon Feb 25 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.0-13
- Revert pam_systemd.so to be optional
- Resolves: #rhbz1643928 - pam_systemd shouldn't be optional in system-auth