Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 8 Sep 2012 14:58:24 GMT
From:      Ryan Steinmetz <zi@FreeBSD.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/171452: [update] security/sssd to 1.8.4
Message-ID:  <201209081458.q88EwOUq017081@red.freebsd.org>
Resent-Message-ID: <201209081500.q88F0B1W057486@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         171452
>Category:       ports
>Synopsis:       [update] security/sssd to 1.8.4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sat Sep 08 15:00:11 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Ryan Steinmetz
>Release:        9.0-RELEASE
>Organization:
Sourcefire, Inc.
>Environment:
>Description:
- Update to 1.8.4
- Address issue reported in ports/170502 (sssd failed to connect Ldap server without SASL)
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

Index: distinfo
===================================================================
--- distinfo	(revision 303829)
+++ distinfo	(working copy)
@@ -1,2 +1,2 @@
-SHA256 (sssd-1.6.1.tar.gz) = ba30d8cf7eae1fd66053b4f11e8e5b98bc6db113cf6d2f33e429f2e21d90ade9
-SIZE (sssd-1.6.1.tar.gz) = 1406047
+SHA256 (sssd-1.8.4.tar.gz) = d20845928c91fd66fadc404967089b21b6b64801b1288c789812be51521476a2
+SIZE (sssd-1.8.4.tar.gz) = 2161696
Index: files/patch-src__providers__proxy__proxy_init.c
===================================================================
--- files/patch-src__providers__proxy__proxy_init.c	(revision 303829)
+++ files/patch-src__providers__proxy__proxy_init.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/providers/proxy/proxy_init.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/proxy/proxy_init.c	2011-10-13 12:15:03.000000000 -0400
-@@ -124,7 +124,7 @@
+--- ./src/providers/proxy/proxy_init.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/proxy/proxy_init.c	2012-09-07 17:48:42.000000000 -0400
+@@ -123,7 +123,7 @@
      if (!ctx->handle) {
          DEBUG(0, ("Unable to load %s module with path, error: %s\n",
                    libpath, dlerror()));
@@ -9,7 +9,7 @@
          goto done;
      }
  
-@@ -132,7 +132,7 @@
+@@ -131,7 +131,7 @@
                                        libname);
      if (!ctx->ops.getpwnam_r) {
          DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
@@ -18,7 +18,7 @@
          goto done;
      }
  
-@@ -140,14 +140,14 @@
+@@ -139,14 +139,14 @@
                                        libname);
      if (!ctx->ops.getpwuid_r) {
          DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
@@ -35,7 +35,7 @@
          goto done;
      }
  
-@@ -155,14 +155,14 @@
+@@ -154,14 +154,14 @@
                                        libname);
      if (!ctx->ops.getpwent_r) {
          DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
@@ -52,7 +52,7 @@
          goto done;
      }
  
-@@ -170,7 +170,7 @@
+@@ -169,7 +169,7 @@
                                        libname);
      if (!ctx->ops.getgrnam_r) {
          DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
@@ -61,7 +61,7 @@
          goto done;
      }
  
-@@ -178,14 +178,14 @@
+@@ -177,14 +177,14 @@
                                        libname);
      if (!ctx->ops.getgrgid_r) {
          DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
@@ -78,7 +78,7 @@
          goto done;
      }
  
-@@ -193,14 +193,14 @@
+@@ -192,14 +192,14 @@
                                        libname);
      if (!ctx->ops.getgrent_r) {
          DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
Index: files/patch-src__util__server.c
===================================================================
--- files/patch-src__util__server.c	(revision 303829)
+++ files/patch-src__util__server.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/util/server.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/util/server.c	2011-10-13 12:15:03.000000000 -0400
-@@ -296,14 +296,15 @@
+--- ./src/util/server.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/util/server.c	2012-09-07 17:48:42.000000000 -0400
+@@ -298,14 +298,15 @@
  	BlockSignals(false, SIGTERM);
  
  	CatchSignal(SIGHUP, sig_hup);
Index: files/patch-src__confdb__confdb.c
===================================================================
--- files/patch-src__confdb__confdb.c	(revision 303829)
+++ files/patch-src__confdb__confdb.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/confdb/confdb.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/confdb/confdb.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/confdb/confdb.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/confdb/confdb.c	2012-09-07 17:48:42.000000000 -0400
 @@ -28,6 +28,11 @@
  #include "util/strtonum.h"
  #include "db/sysdb.h"
Index: files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c
===================================================================
--- files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c	(revision 303829)
+++ files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c	(working copy)
@@ -1,20 +1,38 @@
---- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c	2011-10-13 12:15:03.000000000 -0400
-@@ -265,7 +265,7 @@
-         goto done;
-     }
+--- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig	2012-09-08 09:33:08.000000000 -0400
++++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c	2012-09-08 10:19:47.000000000 -0400
+@@ -10,7 +10,7 @@
+ /* SHA512-based Unix crypt implementation.
+    Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>.  */
  
--    cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
-+    cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
-     buflen -= SALT_PREF_SIZE;
+-#include <endian.h>
++#include <sys/endian.h>
+ #include <errno.h>
+ #include <limits.h>
+ #include <stdbool.h>
+@@ -39,6 +39,8 @@
+ #define ROUNDS_MIN 1000
+ #define ROUNDS_MAX 999999999
  
-     if (rounds_custom) {
-@@ -283,7 +283,7 @@
-         ret = ERANGE;
-         goto done;
++#define __stpncpy(x, y, z) stpncpy(x, y, z)
++
+ /* Table with characters for base64 transformation.  */
+ const char b64t[64] =
+     "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+@@ -197,7 +199,7 @@
+     /* Create byte sequence P. */
+     cp = p_bytes = alloca(key_len);
+     for (cnt = key_len; cnt >= 64; cnt -= 64) {
+-        cp = mempcpy(cp, temp_result, 64);
++	cp = (char *) memcpy(cp, temp_result, 64) + 64;
      }
--    cp = __stpncpy(cp, salt, salt_len);
-+    cp = stpncpy(cp, salt, salt_len);
-     *cp++ = '$';
-     buflen -= salt_len + 1;
+     memcpy(cp, temp_result, cnt);
  
+@@ -218,7 +220,7 @@
+     /* Create byte sequence S.  */
+     cp = s_bytes = alloca(salt_len);
+     for (cnt = salt_len; cnt >= 64; cnt -= 64) {
+-        cp = mempcpy(cp, temp_result, 64);
++	cp = (char *) memcpy(cp, temp_result, 64) + 64;
+     }
+     memcpy(cp, temp_result, cnt);
+ 
Index: files/patch-configure.ac
===================================================================
--- files/patch-configure.ac	(revision 0)
+++ files/patch-configure.ac	(working copy)
@@ -0,0 +1,11 @@
+--- ./configure.ac.orig	2012-09-08 09:57:34.000000000 -0400
++++ ./configure.ac	2012-09-08 09:57:52.000000000 -0400
+@@ -23,6 +23,8 @@
+ AM_GNU_GETTEXT([external])
+ AM_GNU_GETTEXT_VERSION([0.14])
+ 
++AM_PROG_AR
++
+ AC_SUBST([PRERELEASE_VERSION],
+          PRERELEASE_VERSION_NUMBER)
+ 

Property changes on: files/patch-configure.ac
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: files/patch-src__sss_client__common.c
===================================================================
--- files/patch-src__sss_client__common.c	(revision 303829)
+++ files/patch-src__sss_client__common.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/sss_client/common.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/sss_client/common.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/sss_client/common.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/sss_client/common.c	2012-09-07 17:48:42.000000000 -0400
 @@ -26,6 +26,7 @@
  #include "config.h"
  
@@ -8,7 +8,7 @@
  #include <security/pam_modules.h>
  #include <errno.h>
  #include <sys/types.h>
-@@ -111,7 +112,6 @@
+@@ -112,7 +113,6 @@
              *errnop = error;
              break;
          case 0:
@@ -16,7 +16,7 @@
              break;
          case 1:
              if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
-@@ -216,7 +216,6 @@
+@@ -217,7 +217,6 @@
              *errnop = error;
              break;
          case 0:
@@ -24,7 +24,7 @@
              break;
          case 1:
              if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
-@@ -638,7 +637,6 @@
+@@ -645,7 +644,6 @@
              *errnop = error;
              break;
          case 0:
@@ -32,7 +32,7 @@
              break;
          case 1:
              if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
-@@ -688,23 +686,23 @@
+@@ -695,23 +693,23 @@
      /* avoid looping in the nss daemon */
      envval = getenv("_SSS_LOOPS");
      if (envval && strcmp(envval, "NO") == 0) {
Index: files/patch-src__providers__ldap__ldap_child.c
===================================================================
--- files/patch-src__providers__ldap__ldap_child.c	(revision 303829)
+++ files/patch-src__providers__ldap__ldap_child.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/providers/ldap/ldap_child.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/ldap/ldap_child.c	2011-10-13 12:15:03.000000000 -0400
-@@ -165,7 +165,7 @@
+--- ./src/providers/ldap/ldap_child.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/ldap/ldap_child.c	2012-09-07 17:48:42.000000000 -0400
+@@ -176,7 +176,7 @@
          }
  
          realm_name = talloc_strdup(memctx, default_realm);
@@ -9,35 +9,3 @@
          if (!realm_name) {
              krberr = KRB5KRB_ERR_GENERIC;
              goto done;
-@@ -279,20 +279,20 @@
-         goto done;
-     }
- 
--    krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec);
--    if (krberr) {
--        DEBUG(2, ("Failed to get KDC time offset: %s\n",
--                  sss_krb5_get_error_message(context, krberr)));
--        kdc_time_offset = 0;
--    } else {
--        if (kdc_time_offset_usec > 0) {
--            kdc_time_offset++;
--        }
--    }
-+    //    krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec);
-+    //    if (krberr) {
-+    //        DEBUG(2, ("Failed to get KDC time offset: %s\n",
-+    //                  sss_krb5_get_error_message(context, krberr)));
-+    //        kdc_time_offset = 0;
-+    //    } else {
-+    //        if (kdc_time_offset_usec > 0) {
-+    //            kdc_time_offset++;
-+    //        }
-+    //    }
- 
-     krberr = 0;
-     *ccname_out = ccname;
--    *expire_time_out = my_creds.times.endtime - kdc_time_offset;
-+    *expire_time_out = my_creds.times.endtime;
- 
- done:
-     if (keytab) krb5_kt_close(context, keytab);
Index: files/patch-src__responder__common__responder_packet.c
===================================================================
--- files/patch-src__responder__common__responder_packet.c	(revision 303829)
+++ files/patch-src__responder__common__responder_packet.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/responder/common/responder_packet.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/responder/common/responder_packet.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/responder/common/responder_packet.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/responder/common/responder_packet.c	2012-09-07 17:48:42.000000000 -0400
 @@ -192,7 +192,7 @@
      }
  
Index: files/patch-src__providers__fail_over.c
===================================================================
--- files/patch-src__providers__fail_over.c	(revision 303829)
+++ files/patch-src__providers__fail_over.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/providers/fail_over.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/fail_over.c	2011-10-13 12:15:03.000000000 -0400
-@@ -1191,7 +1191,7 @@
+--- ./src/providers/fail_over.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/fail_over.c	2012-09-07 17:48:42.000000000 -0400
+@@ -1231,7 +1231,7 @@
   *******************************************************************/
  struct resolve_get_domain_state {
      char *fqdn;
@@ -9,7 +9,7 @@
  };
  
  static void resolve_get_domain_done(struct tevent_req *subreq);
-@@ -1211,13 +1211,13 @@
+@@ -1251,13 +1251,13 @@
          return NULL;
      }
  
Index: files/patch-src__sss_client__sss_nss.exports
===================================================================
--- files/patch-src__sss_client__sss_nss.exports	(revision 303829)
+++ files/patch-src__sss_client__sss_nss.exports	(working copy)
@@ -1,5 +1,5 @@
---- ./src/sss_client/sss_nss.exports.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/sss_client/sss_nss.exports	2011-10-13 12:13:42.000000000 -0400
+--- ./src/sss_client/sss_nss.exports.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/sss_client/sss_nss.exports	2012-09-07 17:48:42.000000000 -0400
 @@ -3,6 +3,7 @@
  	# public functions
  	global:
Index: files/patch-src__sss_client__nss_group.c
===================================================================
--- files/patch-src__sss_client__nss_group.c	(revision 303829)
+++ files/patch-src__sss_client__nss_group.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/sss_client/nss_group.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/sss_client/nss_group.c	2011-10-13 12:15:03.000000000 -0400
-@@ -248,6 +248,77 @@
+--- ./src/sss_client/nss_group.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/sss_client/nss_group.c	2012-09-07 17:48:42.000000000 -0400
+@@ -343,6 +343,77 @@
  }
  
  
Index: files/patch-src__util__find_uid.c
===================================================================
--- files/patch-src__util__find_uid.c	(revision 303829)
+++ files/patch-src__util__find_uid.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/util/find_uid.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/util/find_uid.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/util/find_uid.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/util/find_uid.c	2012-09-07 17:48:42.000000000 -0400
 @@ -67,7 +67,7 @@
      uint32_t num=0;
      errno_t error;
@@ -9,7 +9,7 @@
      if (ret < 0) {
          DEBUG(1, ("snprintf failed"));
          return EINVAL;
-@@ -204,7 +204,7 @@
+@@ -208,7 +208,7 @@
      hash_key_t key;
      hash_value_t value;
  
@@ -18,7 +18,7 @@
      if (proc_dir == NULL) {
          ret = errno;
          DEBUG(1, ("Cannot open proc dir.\n"));
-@@ -278,9 +278,8 @@
+@@ -282,9 +282,8 @@
  
  errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
  {
Index: files/patch-src__providers__ldap__ldap_common.c
===================================================================
--- files/patch-src__providers__ldap__ldap_common.c	(revision 303829)
+++ files/patch-src__providers__ldap__ldap_common.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/providers/ldap/ldap_common.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/ldap/ldap_common.c	2011-10-13 12:15:03.000000000 -0400
-@@ -749,7 +749,7 @@
+--- ./src/providers/ldap/ldap_common.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/ldap/ldap_common.c	2012-09-07 17:48:42.000000000 -0400
+@@ -1242,7 +1242,7 @@
      }
  
      realm = talloc_strdup(mem_ctx, krb5_realm);
Index: files/patch-src__monitor__monitor.c
===================================================================
--- files/patch-src__monitor__monitor.c	(revision 303829)
+++ files/patch-src__monitor__monitor.c	(working copy)
@@ -1,17 +1,17 @@
---- ./src/monitor/monitor.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/monitor/monitor.c	2011-10-13 12:15:03.000000000 -0400
-@@ -57,6 +57,10 @@
+--- ./src/monitor/monitor.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/monitor/monitor.c	2012-09-07 17:48:42.000000000 -0400
+@@ -69,6 +69,10 @@
+ int cmdline_debug_timestamps;
+ int cmdline_debug_microseconds;
  
- int cmdline_debug_level;
- 
 +errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx,
 +                                     struct mt_ctx *ctx,
 +                                     const char *file,
 +                                     monitor_reconf_fn fn);
  struct svc_spy;
  
- struct mt_svc {
-@@ -1606,10 +1610,6 @@
+ enum mt_svc_type {
+@@ -1582,10 +1586,6 @@
      talloc_free(tmp_ctx);
  }
  
Index: files/patch-src__sss_client__pam_test_client.c
===================================================================
--- files/patch-src__sss_client__pam_test_client.c	(revision 303829)
+++ files/patch-src__sss_client__pam_test_client.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/sss_client/pam_test_client.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/sss_client/pam_test_client.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/sss_client/pam_test_client.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/sss_client/pam_test_client.c	2012-09-07 17:48:42.000000000 -0400
 @@ -24,12 +24,13 @@
  
  #include <stdio.h>
Index: files/patch-src__resolv__async_resolv.c
===================================================================
--- files/patch-src__resolv__async_resolv.c	(revision 303829)
+++ files/patch-src__resolv__async_resolv.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/resolv/async_resolv.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/resolv/async_resolv.c	2011-10-13 12:15:03.000000000 -0400
-@@ -1073,7 +1073,6 @@
+--- ./src/resolv/async_resolv.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/resolv/async_resolv.c	2012-09-07 17:48:42.000000000 -0400
+@@ -1187,7 +1187,6 @@
      hints.ai_flags = AI_NUMERICHOST; /* No network lookups */
  
      ret = getaddrinfo(name, NULL, &hints, &res);
@@ -8,7 +8,7 @@
      if (ret != 0) {
          if (ret == -2) {
              DEBUG(9, ("[%s] does not look like an IP address\n", name));
-@@ -1081,6 +1080,8 @@
+@@ -1195,6 +1194,8 @@
              DEBUG(2, ("getaddrinfo failed [%d]: %s\n",
                        ret, gai_strerror(ret)));
          }
Index: files/patch-src__responder__common__responder_common.c
===================================================================
--- files/patch-src__responder__common__responder_common.c	(revision 303829)
+++ files/patch-src__responder__common__responder_common.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/responder/common/responder_common.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/responder/common/responder_common.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/responder/common/responder_common.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/responder/common/responder_common.c	2012-09-07 17:48:42.000000000 -0400
 @@ -195,7 +195,7 @@
          talloc_free(cctx);
          break;
Index: files/patch-Makefile.am
===================================================================
--- files/patch-Makefile.am	(revision 303829)
+++ files/patch-Makefile.am	(working copy)
@@ -1,22 +1,23 @@
---- ./Makefile.am.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./Makefile.am	2011-10-13 12:13:42.000000000 -0400
-@@ -33,7 +33,7 @@
- systemdunitdir = @systemdunitdir@
- logpath = @logpath@
- pubconfpath = @pubconfpath@
--pkgconfigdir = $(libdir)/pkgconfig
-+pkgconfigdir = $(prefix)/libdata/pkgconfig
+--- ./Makefile.am.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./Makefile.am	2012-09-07 19:30:46.000000000 -0400
+@@ -547,7 +547,6 @@
+     src/providers/data_provider_callbacks.c \
+     $(SSSD_FAILOVER_OBJ)
+ sssd_be_LDADD = \
+-    -ldl \
+     $(SSSD_LIBS) \
+     $(CARES_LIBS) \
+     libsss_util.la
+@@ -928,7 +927,7 @@
+ endif
  
- AM_CFLAGS =
- if WANT_AUX_INFO
-@@ -753,21 +753,22 @@
- 
- noinst_PROGRAMS = pam_test_client
  pam_test_client_SOURCES = src/sss_client/pam_test_client.c
 -pam_test_client_LDFLAGS = -lpam -lpam_misc
 +pam_test_client_LDFLAGS = -lpam
  
- ####################
+ if BUILD_AUTOFS
+ autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \
+@@ -942,16 +941,17 @@
  # Client Libraries #
  ####################
  
@@ -29,6 +30,7 @@
      src/sss_client/nss_passwd.c \
      src/sss_client/nss_group.c \
      src/sss_client/nss_netgroup.c \
+     src/sss_client/nss_services.c \
      src/sss_client/sss_cli.h \
      src/sss_client/nss_compat.h
 -libnss_sss_la_LDFLAGS = \
@@ -36,26 +38,20 @@
      -module \
      -version-info 2:0:0 \
      -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
-@@ -780,6 +781,7 @@
+@@ -964,6 +964,7 @@
      src/sss_client/sss_pam_macros.h
  
  pam_sss_la_LDFLAGS = \
 +    -lintl \
      -lpam \
+     $(SELINUX_LIBS) \
      -module \
-     -avoid-version \
-@@ -1122,10 +1124,10 @@
+@@ -1402,7 +1403,7 @@
  	mkdir -p $(DESTDIR)$(initdir)
  endif
  
 -install-data-hook:
--	rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
--       $(DESTDIR)/$(nsslibdir)/libnss_sss.so
--	mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
-+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook:
-+	rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \
-+       $(DESTDIR)/$(nsslibdir)/nss_sss.so
-+	mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2
- 
- uninstall-hook:
- 	if [ -f $(abs_builddir)/src/config/.files ]; then \
++nopenopeinstall-data-hook:
+ 	rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
+        $(DESTDIR)/$(nsslibdir)/libnss_sss.so
+ 	mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
Index: files/pkg-message.in
===================================================================
--- files/pkg-message.in	(revision 0)
+++ files/pkg-message.in	(working copy)
@@ -0,0 +1,21 @@
+================================================================================
+Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf
+and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details)
+
+To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf
+
+To enable pam integration, add a line similar to the following to
+/etc/pam.d/system:
+
+login   auth    sufficient      %%PREFIX%%/lib/pam_sss.so
+
+To enable NSS integration, update /etc/nsswitch.conf as follows:
+
+group: sss files
+passwd: sss files
+
+For additional details, please see the man pages for pam.conf and nsswitch.conf
+
+An sssd HOWTO is also available:
+https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2
+================================================================================

Property changes on: files/pkg-message.in
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: files/patch-src__providers__data_provider_be.c
===================================================================
--- files/patch-src__providers__data_provider_be.c	(revision 303829)
+++ files/patch-src__providers__data_provider_be.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/providers/data_provider_be.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/data_provider_be.c	2011-10-13 12:15:03.000000000 -0400
-@@ -512,7 +512,7 @@
+--- ./src/providers/data_provider_be.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/data_provider_be.c	2012-09-07 17:48:42.000000000 -0400
+@@ -653,7 +653,7 @@
          return EIO;
      }
  
@@ -9,7 +9,7 @@
      pd->domain = talloc_strdup(pd, becli->bectx->domain->name);
      if (pd->domain == NULL) {
          talloc_free(be_req);
-@@ -1013,7 +1013,7 @@
+@@ -1772,7 +1772,7 @@
          if (!handle) {
              DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n",
                        mod_name, path, dlerror()));
@@ -18,7 +18,7 @@
              goto done;
          }
  
-@@ -1033,7 +1033,7 @@
+@@ -1792,7 +1792,7 @@
          } else {
              DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n",
                        mod_init_fn_name, mod_name, dlerror()));
Index: files/patch-src__util__crypto__nss__nss_sha512crypt.c
===================================================================
--- files/patch-src__util__crypto__nss__nss_sha512crypt.c	(revision 303829)
+++ files/patch-src__util__crypto__nss__nss_sha512crypt.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/util/crypto/nss/nss_sha512crypt.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/util/crypto/nss/nss_sha512crypt.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/util/crypto/nss/nss_sha512crypt.c.orig	2012-09-08 09:32:28.000000000 -0400
++++ ./src/util/crypto/nss/nss_sha512crypt.c	2012-09-08 10:19:36.000000000 -0400
 @@ -10,7 +10,7 @@
  
  #include "config.h"
@@ -9,21 +9,30 @@
  #include <errno.h>
  #include <limits.h>
  #include <stdbool.h>
-@@ -267,7 +267,7 @@
-         goto done;
+@@ -42,6 +42,8 @@
+ #define ROUNDS_MIN 1000
+ #define ROUNDS_MAX 999999999
+ 
++#define __stpncpy(x, y, z) stpncpy(x, y, z)
++
+ /* Table with characters for base64 transformation.  */
+ const char b64t[64] =
+     "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+@@ -205,7 +207,7 @@
+     /* Create byte sequence P. */
+     cp = p_bytes = alloca(key_len);
+     for (cnt = key_len; cnt >= 64; cnt -= 64) {
+-        cp = mempcpy(cp, temp_result, 64);
++	cp = (char *) memcpy(cp, temp_result, 64) + 64;
      }
+     memcpy(cp, temp_result, cnt);
  
--    cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
-+    cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
-     buflen -= SALT_PREF_SIZE;
- 
-     if (rounds_custom) {
-@@ -285,7 +285,7 @@
-         ret = ERANGE;
-         goto done;
+@@ -223,7 +225,7 @@
+     /* Create byte sequence S.  */
+     cp = s_bytes = alloca(salt_len);
+     for (cnt = salt_len; cnt >= 64; cnt -= 64) {
+-        cp = mempcpy(cp, temp_result, 64);
++	cp = (char *) memcpy(cp, temp_result, 64) + 64;
      }
--    cp = __stpncpy(cp, salt, salt_len);
-+    cp = stpncpy(cp, salt, salt_len);
-     *cp++ = '$';
-     buflen -= salt_len + 1;
+     memcpy(cp, temp_result, cnt);
  
Index: files/patch-src__providers__ldap__ldap_auth.c
===================================================================
--- files/patch-src__providers__ldap__ldap_auth.c	(revision 303829)
+++ files/patch-src__providers__ldap__ldap_auth.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/providers/ldap/ldap_auth.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/ldap/ldap_auth.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/providers/ldap/ldap_auth.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/ldap/ldap_auth.c	2012-09-07 17:48:42.000000000 -0400
 @@ -37,7 +37,6 @@
  #include <sys/time.h>
  #include <strings.h>
@@ -8,15 +8,15 @@
  #include <security/pam_modules.h>
  
  #include "util/util.h"
-@@ -46,6 +45,7 @@
- #include "providers/ldap/ldap_common.h"
+@@ -47,6 +46,7 @@
  #include "providers/ldap/sdap_async.h"
+ #include "providers/ldap/sdap_async_private.h"
  
 +
  /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the
   * fact that using the expiration time of a Kerberos password with LDAP
   * authentication is presumably a rare case a separate config option is not
-@@ -59,6 +59,22 @@
+@@ -60,6 +60,22 @@
      PWEXPIRE_SHADOW
  };
  
@@ -39,7 +39,7 @@
  static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
  {
      int ret;
-@@ -111,17 +127,16 @@
+@@ -112,17 +128,16 @@
          return EINVAL;
      }
  
@@ -61,7 +61,7 @@
  
      if (difftime(now, expire_time) > 0.0) {
          DEBUG(4, ("Kerberos password expired.\n"));
-@@ -742,7 +757,7 @@
+@@ -746,7 +761,7 @@
  
      DEBUG(2, ("starting password change request for user [%s].\n", pd->user));
  
@@ -70,7 +70,7 @@
  
      if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
          DEBUG(2, ("chpass target was called by wrong pam command.\n"));
-@@ -799,7 +814,7 @@
+@@ -805,7 +820,7 @@
                      &pw_expire_type, &pw_expire_data);
      talloc_zfree(req);
      if (ret) {
@@ -79,7 +79,7 @@
          goto done;
      }
  
-@@ -819,7 +834,7 @@
+@@ -825,7 +840,7 @@
                                              &result);
                  if (ret != EOK) {
                      DEBUG(1, ("check_pwexpire_shadow failed.\n"));
@@ -88,7 +88,7 @@
                      goto done;
                  }
                  break;
-@@ -828,14 +843,14 @@
+@@ -834,14 +849,14 @@
                                                &result);
                  if (ret != EOK) {
                      DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
@@ -105,7 +105,7 @@
                      goto done;
                  }
                  break;
-@@ -844,7 +859,7 @@
+@@ -850,7 +865,7 @@
                  break;
              default:
                  DEBUG(1, ("Unknow pasword expiration type.\n"));
@@ -114,7 +114,7 @@
                      goto done;
          }
      }
-@@ -884,7 +899,7 @@
+@@ -890,7 +905,7 @@
          dp_err = DP_ERR_OFFLINE;
          break;
      default:
@@ -123,25 +123,43 @@
      }
  
  done:
-@@ -905,7 +920,7 @@
+@@ -913,7 +928,7 @@
      ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);
      talloc_zfree(req);
-     if (ret) {
+     if (ret && ret != EIO) {
 -        state->pd->pam_status = PAM_SYSTEM_ERR;
 +        state->pd->pam_status = PAM_SERVICE_ERR;
          goto done;
      }
  
-@@ -964,7 +979,7 @@
+@@ -954,7 +969,7 @@
+                                               state->dn,
+                                               lastchanged_name);
+         if (subreq == NULL) {
+-            state->pd->pam_status = PAM_SYSTEM_ERR;
++            state->pd->pam_status = PAM_SERVICE_ERR;
+             goto done;
+         }
+ 
+@@ -975,7 +990,7 @@
+ 
+     ret = sdap_modify_shadow_lastchange_recv(req);
+     if (ret != EOK) {
+-        state->pd->pam_status = PAM_SYSTEM_ERR;
++        state->pd->pam_status = PAM_SERVICE_ERR;
          goto done;
      }
  
+@@ -1016,7 +1031,7 @@
+         goto done;
+     }
+ 
 -    pd->pam_status = PAM_SYSTEM_ERR;
 +    pd->pam_status = PAM_SERVICE_ERR;
  
      switch (pd->cmd) {
      case SSS_PAM_AUTHENTICATE:
-@@ -1021,7 +1036,7 @@
+@@ -1073,7 +1088,7 @@
                      &pw_expire_type, &pw_expire_data);
      talloc_zfree(req);
      if (ret != EOK) {
@@ -150,7 +168,7 @@
          dp_err = DP_ERR_FATAL;
          goto done;
      }
-@@ -1033,7 +1048,7 @@
+@@ -1085,7 +1100,7 @@
                                              state->pd, &result);
                  if (ret != EOK) {
                      DEBUG(1, ("check_pwexpire_shadow failed.\n"));
@@ -159,7 +177,7 @@
                      goto done;
                  }
                  break;
-@@ -1042,7 +1057,7 @@
+@@ -1094,7 +1109,7 @@
                                                state->pd, &result);
                  if (ret != EOK) {
                      DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
@@ -168,7 +186,7 @@
                      goto done;
                  }
                  break;
-@@ -1050,7 +1065,7 @@
+@@ -1102,7 +1117,7 @@
                  ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result);
                  if (ret != EOK) {
                      DEBUG(1, ("check_pwexpire_ldap failed.\n"));
@@ -177,7 +195,7 @@
                      goto done;
                  }
                  break;
-@@ -1058,7 +1073,7 @@
+@@ -1110,7 +1125,7 @@
                  break;
              default:
                  DEBUG(1, ("Unknow pasword expiration type.\n"));
@@ -186,7 +204,7 @@
                      goto done;
          }
      }
-@@ -1080,7 +1095,7 @@
+@@ -1132,7 +1147,7 @@
          state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
          break;
      default:
Index: files/patch-src__providers__krb5__krb5_utils.c
===================================================================
--- files/patch-src__providers__krb5__krb5_utils.c	(revision 303829)
+++ files/patch-src__providers__krb5__krb5_utils.c	(working copy)
@@ -1,17 +0,0 @@
---- ./src/providers/krb5/krb5_utils.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/krb5/krb5_utils.c	2011-10-13 12:15:03.000000000 -0400
-@@ -435,10 +435,10 @@
-     }
- 
-     server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s",
--                                  krb5_princ_realm(ctx, client_princ)->length,
--                                  krb5_princ_realm(ctx, client_princ)->data,
--                                  krb5_princ_realm(ctx, client_princ)->length,
--                                  krb5_princ_realm(ctx, client_princ)->data);
-+                                  krb5_realm_length(krb5_princ_realm(ctx, client_princ)),
-+                                  krb5_princ_realm(ctx, client_princ),
-+                                  krb5_realm_length(krb5_princ_realm(ctx, client_princ)),
-+                                  krb5_princ_realm(ctx, client_princ));
-     if (server_name == NULL) {
-         kerr = KRB5_CC_NOMEM;
-         DEBUG(1, ("talloc_asprintf failed.\n"));
Index: files/patch-src__providers__ldap__sdap_access.c
===================================================================
--- files/patch-src__providers__ldap__sdap_access.c	(revision 303829)
+++ files/patch-src__providers__ldap__sdap_access.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/providers/ldap/sdap_access.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/ldap/sdap_access.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/providers/ldap/sdap_access.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/ldap/sdap_access.c	2012-09-07 17:48:42.000000000 -0400
 @@ -22,9 +22,7 @@
      along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
@@ -10,7 +10,7 @@
  #include <sys/param.h>
  #include <security/pam_modules.h>
  #include <talloc.h>
-@@ -119,7 +117,7 @@
+@@ -109,7 +107,7 @@
                             pd);
      if (req == NULL) {
          DEBUG(1, ("Unable to start sdap_access request\n"));
@@ -19,7 +19,7 @@
          return;
      }
  
-@@ -157,7 +155,7 @@
+@@ -148,7 +146,7 @@
  
      state->be_ctx = be_ctx;
      state->pd = pd;
@@ -28,7 +28,7 @@
      state->ev = ev;
      state->access_ctx = access_ctx;
      state->current_rule = 0;
-@@ -502,18 +500,17 @@
+@@ -488,18 +486,17 @@
          return true;
      }
  
@@ -51,7 +51,7 @@
  
      if (difftime(now, expire_time) > 0.0) {
          DEBUG(4, ("NDS account expired.\n"));
-@@ -663,7 +660,7 @@
+@@ -648,7 +645,7 @@
          return NULL;
      }
  
@@ -60,7 +60,7 @@
  
      expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
                                  SDAP_ACCOUNT_EXPIRE_POLICY);
-@@ -747,7 +744,7 @@
+@@ -732,7 +729,7 @@
      talloc_zfree(subreq);
      if (ret != EOK) {
          DEBUG(1, ("Error retrieving access check result.\n"));
@@ -69,7 +69,7 @@
          tevent_req_error(req, ret);
          return;
      }
-@@ -807,7 +804,7 @@
+@@ -792,7 +789,7 @@
      state->filter = NULL;
      state->be_ctx = be_ctx;
      state->username = username;
@@ -78,8 +78,8 @@
      state->sdap_ctx = access_ctx->id_ctx;
      state->ev = ev;
      state->access_ctx = access_ctx;
-@@ -953,7 +950,7 @@
-                                                   SDAP_SEARCH_TIMEOUT));
+@@ -939,7 +936,7 @@
+                                    false);
      if (subreq == NULL) {
          DEBUG(1, ("Could not start LDAP communication\n"));
 -        state->pam_status = PAM_SYSTEM_ERR;
@@ -87,7 +87,7 @@
          tevent_req_error(req, EIO);
          return;
      }
-@@ -984,13 +981,13 @@
+@@ -970,13 +967,13 @@
              if (ret == EOK) {
                  return;
              }
@@ -103,7 +103,7 @@
          }
  
          goto done;
-@@ -1009,7 +1006,7 @@
+@@ -995,7 +992,7 @@
      else if (results == NULL) {
          DEBUG(1, ("num_results > 0, but results is NULL\n"));
          ret = EIO;
@@ -112,7 +112,7 @@
          goto done;
      }
      else if (num_results > 1) {
-@@ -1018,7 +1015,7 @@
+@@ -1004,7 +1001,7 @@
           */
          DEBUG(1, ("Received multiple replies\n"));
          ret = EIO;
@@ -121,7 +121,7 @@
          goto done;
      }
      else { /* Ok, we got a single reply */
-@@ -1106,7 +1103,7 @@
+@@ -1090,7 +1087,7 @@
      talloc_zfree(subreq);
      if (ret != EOK) {
          DEBUG(1, ("Error retrieving access check result.\n"));
@@ -130,7 +130,7 @@
          tevent_req_error(req, ret);
          return;
      }
-@@ -1247,7 +1244,7 @@
+@@ -1230,7 +1227,7 @@
      talloc_zfree(subreq);
      if (ret != EOK) {
          DEBUG(1, ("Error retrieving access check result.\n"));
@@ -139,7 +139,7 @@
          tevent_req_error(req, ret);
          return;
      }
-@@ -1274,7 +1271,7 @@
+@@ -1255,7 +1252,7 @@
      struct ldb_message_element *el;
      unsigned int i;
      char *host;
@@ -148,7 +148,7 @@
  
      req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx);
      if (!req) {
-@@ -1370,7 +1367,7 @@
+@@ -1351,7 +1348,7 @@
      talloc_zfree(subreq);
      if (ret != EOK) {
          DEBUG(1, ("Error retrieving access check result.\n"));
@@ -157,7 +157,7 @@
          tevent_req_error(req, ret);
          return;
      }
-@@ -1395,7 +1392,7 @@
+@@ -1377,7 +1374,7 @@
  static void sdap_access_done(struct tevent_req *req)
  {
      errno_t ret;
@@ -166,7 +166,7 @@
      struct be_req *breq =
              tevent_req_callback_data(req, struct be_req);
  
-@@ -1403,7 +1400,7 @@
+@@ -1385,7 +1382,7 @@
      talloc_zfree(req);
      if (ret != EOK) {
          DEBUG(1, ("Error retrieving access check result.\n"));
Index: files/patch-src__providers__ipa__ipa_common.c
===================================================================
--- files/patch-src__providers__ipa__ipa_common.c	(revision 303829)
+++ files/patch-src__providers__ipa__ipa_common.c	(working copy)
@@ -1,6 +1,6 @@
---- ./src/providers/ipa/ipa_common.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/ipa/ipa_common.c	2011-10-13 12:15:03.000000000 -0400
-@@ -191,7 +191,7 @@
+--- ./src/providers/ipa/ipa_common.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/ipa/ipa_common.c	2012-09-07 17:48:42.000000000 -0400
+@@ -251,7 +251,7 @@
      char *ipa_hostname;
      int ret;
      int i;
@@ -9,7 +9,7 @@
  
      opts = talloc_zero(memctx, struct ipa_options);
      if (!opts) return ENOMEM;
-@@ -220,14 +220,14 @@
+@@ -280,14 +280,14 @@
  
      ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
      if (ipa_hostname == NULL) {
Index: files/patch-src__util__murmurhash3.c
===================================================================
--- files/patch-src__util__murmurhash3.c	(revision 0)
+++ files/patch-src__util__murmurhash3.c	(working copy)
@@ -0,0 +1,11 @@
+--- ./src/util/murmurhash3.c.orig	2012-09-07 18:32:20.000000000 -0400
++++ ./src/util/murmurhash3.c	2012-09-07 18:32:26.000000000 -0400
+@@ -8,7 +8,7 @@
+ 
+ #include <stdlib.h>
+ #include <stdint.h>
+-#include <endian.h>
++#include <sys/endian.h>
+ #include <string.h>
+ 
+ /* support RHEL5 lack of definitions */

Property changes on: files/patch-src__util__murmurhash3.c
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: files/patch-src__responder__common__responder_dp.c
===================================================================
--- files/patch-src__responder__common__responder_dp.c	(revision 303829)
+++ files/patch-src__responder__common__responder_dp.c	(working copy)
@@ -1,15 +1,6 @@
---- ./src/responder/common/responder_dp.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/responder/common/responder_dp.c	2011-10-13 12:15:03.000000000 -0400
-@@ -210,7 +210,7 @@
-                            &sdp_req->err_min,
-                            &sdp_req->err_msg);
-     if (ret != EOK) {
--        if (ret == ETIME) {
-+        if (ret == ETIMEDOUT) {
-             sdp_req->err_maj = DP_ERR_TIMEOUT;
-             sdp_req->err_min = ret;
-             sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out");
-@@ -569,7 +569,7 @@
+--- ./src/responder/common/responder_dp.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/responder/common/responder_dp.c	2012-09-07 17:48:42.000000000 -0400
+@@ -197,7 +197,7 @@
      case DBUS_MESSAGE_TYPE_ERROR:
          if (strcmp(dbus_message_get_error_name(reply),
                     DBUS_ERROR_NO_REPLY) == 0) {
@@ -18,3 +9,12 @@
              goto done;
          }
          DEBUG(0,("The Data Provider returned an error [%s]\n",
+@@ -711,7 +711,7 @@
+                            &sdp_req->dp_ret,
+                            &sdp_req->err_msg);
+     if (ret != EOK) {
+-        if (ret == ETIME) {
++        if (ret == ETIMEDOUT) {
+             sdp_req->dp_err = DP_ERR_TIMEOUT;
+             sdp_req->dp_ret = ret;
+             sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out");
Index: files/patch-src__providers__ipa__ipa_hbac.h
===================================================================
--- files/patch-src__providers__ipa__ipa_hbac.h	(revision 0)
+++ files/patch-src__providers__ipa__ipa_hbac.h	(working copy)
@@ -0,0 +1,10 @@
+--- ./src/providers/ipa/ipa_hbac.h.orig	2012-09-07 18:27:41.000000000 -0400
++++ ./src/providers/ipa/ipa_hbac.h	2012-09-07 18:28:52.000000000 -0400
+@@ -39,6 +39,7 @@
+ 
+ #include <stdint.h>
+ #include <stdbool.h>
++#include <time.h>
+ 
+ /** Result of HBAC evaluation */
+ enum hbac_eval_result {

Property changes on: files/patch-src__providers__ipa__ipa_hbac.h
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Index: files/patch-src__providers__krb5__krb5_child.c
===================================================================
--- files/patch-src__providers__krb5__krb5_child.c	(revision 303829)
+++ files/patch-src__providers__krb5__krb5_child.c	(working copy)
@@ -1,5 +1,5 @@
---- ./src/providers/krb5/krb5_child.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/providers/krb5/krb5_child.c	2011-10-13 12:15:03.000000000 -0400
+--- ./src/providers/krb5/krb5_child.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/providers/krb5/krb5_child.c	2012-09-07 19:51:51.000000000 -0400
 @@ -39,6 +39,15 @@
  
  #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw"
@@ -16,21 +16,22 @@
  struct krb5_child_ctx {
      /* opts taken from kinit */
      /* in seconds */
-@@ -100,10 +109,10 @@
+@@ -100,11 +109,11 @@
  
  static krb5_context krb5_error_ctx;
  static const char *__krb5_error_msg;
 -#define KRB5_DEBUG(level, krb5_error) do { \
 -    __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \
-+#define KRB5_DEBUG(level, krb5_error, ctx) do {				\
++#define KRB5_DEBUG(level, krb5_error, ctx) do { \
 +    __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \
      DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \
+     sss_log(SSS_LOG_ERR, "%s", __krb5_error_msg); \
 -    sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
-+    sss_krb5_free_error_message(ctx, __krb5_error_msg);			\
- } while(0);
++    sss_krb5_free_error_message(ctx, __krb5_error_msg); \
+ } while(0)
  
  static void sss_krb5_expire_callback_func(krb5_context context, void *data,
-@@ -267,13 +276,13 @@
+@@ -271,13 +280,13 @@
  
      kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc);
      if (kerr != 0) {
@@ -46,7 +47,7 @@
          goto done;
      }
      if (fd != -1) {
-@@ -284,7 +293,7 @@
+@@ -288,7 +297,7 @@
      if (creds == NULL) {
          kerr = create_empty_cred(ctx, princ, &l_cred);
          if (kerr != 0) {
@@ -55,7 +56,7 @@
              goto done;
          }
      } else {
-@@ -293,13 +302,13 @@
+@@ -297,13 +306,13 @@
  
      kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred);
      if (kerr != 0) {
@@ -71,7 +72,7 @@
          goto done;
      }
      tmp_cc = NULL;
-@@ -420,7 +429,7 @@
+@@ -424,7 +433,7 @@
              talloc_zfree(msg);
          }
      } else {
@@ -80,7 +81,7 @@
          if (krb5_msg == NULL) {
              DEBUG(1, ("sss_krb5_get_error_message failed.\n"));
              return NULL;
-@@ -429,7 +438,7 @@
+@@ -433,7 +442,7 @@
          ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO,
                                 strlen(krb5_msg) + 1,
                                 (const uint8_t *) krb5_msg);
@@ -89,41 +90,33 @@
      }
      if (ret != EOK) {
          DEBUG(1, ("pam_add_response failed.\n"));
-@@ -527,7 +536,7 @@
+@@ -531,7 +540,7 @@
              break;
          }
  
--        kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry);
-+        kerr = krb5_kt_free_entry(kr->ctx, &entry);
+-        kerr = sss_krb5_free_keytab_entry_contents(kr->ctx, &entry);
++	kerr = krb5_kt_free_entry(kr->ctx, &entry);
          if (kerr != 0) {
              DEBUG(1, ("Failed to free keytab entry.\n"));
          }
-@@ -575,7 +584,7 @@
-     if (krb5_kt_close(kr->ctx, keytab) != 0) {
-         DEBUG(1, ("krb5_kt_close failed"));
-     }
--    if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) {
-+    if (krb5_kt_free_entry(kr->ctx, &entry) != 0) {
-         DEBUG(1, ("Failed to free keytab entry.\n"));
-     }
-     if (principal != NULL) {
-@@ -605,13 +614,13 @@
+@@ -642,14 +651,14 @@
      kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
                                        &options);
      if (kerr != 0) {
 -        KRB5_DEBUG(1, kerr);
-+      KRB5_DEBUG(1, kerr, ctx);
++	KRB5_DEBUG(1, kerr, ctx);
          return kerr;
      }
  
-     kerr = create_ccache_file(ctx, princ, ccname, &creds);
+     /* Use the updated principal in the creds in case canonicalized */
+     kerr = create_ccache_file(ctx, creds.client, ccname, &creds);
      if (kerr != 0) {
 -        KRB5_DEBUG(1, kerr);
-+      KRB5_DEBUG(1, kerr, ctx);
++	KRB5_DEBUG(1, kerr, ctx);
          goto done;
      }
      kerr = 0;
-@@ -633,21 +642,21 @@
+@@ -672,21 +681,21 @@
                                                    sss_krb5_expire_callback_func,
                                                    kr);
      if (kerr != 0) {
@@ -148,16 +141,16 @@
              return kerr;
          }
  
-@@ -668,7 +677,7 @@
- 
-     kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds);
+@@ -710,7 +719,7 @@
+                               kr->creds ? kr->creds->client : kr->princ,
+                               kr->ccname, kr->creds);
      if (kerr != 0) {
 -        KRB5_DEBUG(1, kerr);
 +      KRB5_DEBUG(1, kerr, kr->ctx);
          goto done;
      }
  
-@@ -692,7 +701,7 @@
+@@ -734,7 +743,7 @@
      krb5_error_code kerr = 0;
      char *pass_str = NULL;
      char *newpass_str = NULL;
@@ -166,7 +159,7 @@
      int result_code = -1;
      krb5_data result_code_string;
      krb5_data result_string;
-@@ -734,7 +743,7 @@
+@@ -776,7 +785,7 @@
                                          changepw_princ,
                                          kr->options);
      if (kerr != 0) {
@@ -175,7 +168,7 @@
          if (kerr == KRB5_KDC_UNREACH) {
              pam_status = PAM_AUTHINFO_UNAVAIL;
          }
-@@ -773,7 +782,7 @@
+@@ -815,7 +824,7 @@
  
      if (kerr != 0 || result_code != 0) {
          if (kerr != 0) {
@@ -184,7 +177,7 @@
          } else {
              kerr = KRB5KRB_ERR_GENERIC;
          }
-@@ -825,7 +834,7 @@
+@@ -867,7 +876,7 @@
      memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size);
  
      if (kerr != 0) {
@@ -193,7 +186,7 @@
          if (kerr == KRB5_KDC_UNREACH) {
              pam_status = PAM_AUTHINFO_UNAVAIL;
          }
-@@ -846,7 +855,7 @@
+@@ -888,7 +897,7 @@
      krb5_error_code kerr = 0;
      char *pass_str = NULL;
      char *changepw_princ = NULL;
@@ -202,7 +195,7 @@
  
      if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
          pam_status = PAM_CRED_INSUFFICIENT;
-@@ -881,7 +890,7 @@
+@@ -923,7 +932,7 @@
                                                                 kr->options,
                                                                 NULL, NULL);
          if (kerr != 0) {
@@ -211,7 +204,7 @@
              DEBUG(1, ("Failed to unset expire callback, continue ...\n"));
          }
          kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
-@@ -899,7 +908,7 @@
+@@ -941,7 +950,7 @@
      memset(kr->pd->authtok, 0, kr->pd->authtok_size);
  
      if (kerr != 0) {
@@ -220,7 +213,7 @@
          switch (kerr) {
              case KRB5_KDC_UNREACH:
                      pam_status = PAM_AUTHINFO_UNAVAIL;
-@@ -911,7 +920,7 @@
+@@ -953,7 +962,7 @@
                      pam_status = PAM_CRED_ERR;
                      break;
              default:
@@ -229,7 +222,7 @@
          }
      }
  
-@@ -981,13 +990,13 @@
+@@ -1023,13 +1032,13 @@
  
      kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache);
      if (kerr != 0) {
@@ -245,7 +238,7 @@
          if (kerr == KRB5_KDC_UNREACH) {
              status = PAM_AUTHINFO_UNAVAIL;
          }
-@@ -997,7 +1006,7 @@
+@@ -1039,7 +1048,7 @@
      if (kr->validate) {
          kerr = validate_tgt(kr);
          if (kerr != 0) {
@@ -254,7 +247,7 @@
              goto done;
          }
  
-@@ -1019,13 +1028,13 @@
+@@ -1061,13 +1070,13 @@
  
      kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ);
      if (kerr != 0) {
@@ -270,7 +263,7 @@
          goto done;
      }
  
-@@ -1059,8 +1068,8 @@
+@@ -1101,8 +1110,8 @@
  
      ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL);
      if (ret != 0) {
@@ -281,7 +274,7 @@
      }
  
      ret = sendresponse(fd, ret, pam_status, kr);
-@@ -1375,19 +1384,20 @@
+@@ -1421,19 +1430,20 @@
  
      kerr = krb5_init_context(&kr->ctx);
      if (kerr != 0) {
@@ -305,32 +298,25 @@
          goto failed;
      }
  
-@@ -1400,18 +1410,18 @@
+@@ -1446,7 +1456,7 @@
  
      kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
      if (kerr != 0) {
 -        KRB5_DEBUG(1, kerr);
-+      KRB5_DEBUG(1, kerr, kr->ctx);
++	KRB5_DEBUG(1, kerr, kr->ctx);
          goto failed;
      }
  
-     /* A prompter is used to catch messages about when a password will
-      * expired. The library shall not use the prompter to ask for a new password
+@@ -1456,7 +1466,7 @@
       * but shall return KRB5KDC_ERR_KEY_EXP. */
--    krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0);
--    if (kerr != 0) {
+     krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0);
+     if (kerr != 0) {
 -        KRB5_DEBUG(1, kerr);
--        goto failed;
--    }
-+    //    krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0);
-+    //    if (kerr != 0) {
-+    //        KRB5_DEBUG(1, kerr, kr->ctx);
-+    //        goto failed;
-+    //    }
- 
-     lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME);
-     if (lifetime_str == NULL) {
-@@ -1422,7 +1432,7 @@
++	KRB5_DEBUG(1, kerr, kr->ctx);
+         goto failed;
+     }
+ #endif
+@@ -1470,7 +1480,7 @@
          if (kerr != 0) {
              DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n",
                        lifetime_str));
@@ -339,7 +325,7 @@
              goto failed;
          }
          krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime);
-@@ -1437,7 +1447,7 @@
+@@ -1485,7 +1495,7 @@
          if (kerr != 0) {
              DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n",
                        lifetime_str));
@@ -348,7 +334,7 @@
              goto failed;
          }
          krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime);
-@@ -1486,7 +1496,7 @@
+@@ -1536,7 +1546,7 @@
                                       kr, &kr->fast_ccname);
              if (kerr != 0) {
                  DEBUG(1, ("check_fast_ccache failed.\n"));
@@ -357,7 +343,7 @@
                  goto failed;
              }
  
-@@ -1496,7 +1506,7 @@
+@@ -1546,7 +1556,7 @@
              if (kerr != 0) {
                  DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name "
                            "failed.\n"));
@@ -366,7 +352,7 @@
                  goto failed;
              }
  
-@@ -1507,7 +1517,7 @@
+@@ -1557,7 +1567,7 @@
                  if (kerr != 0) {
                      DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags "
                                "failed.\n"));
Index: files/patch-src__util__sss_krb5.c
===================================================================
--- files/patch-src__util__sss_krb5.c	(revision 303829)
+++ files/patch-src__util__sss_krb5.c	(working copy)
@@ -1,17 +1,6 @@
---- ./src/util/sss_krb5.c.orig	2011-08-29 11:39:05.000000000 -0400
-+++ ./src/util/sss_krb5.c	2011-10-13 12:15:03.000000000 -0400
-@@ -165,8 +165,8 @@
- 
-         if (_realm) {
-             *_realm = talloc_asprintf(mem_ctx, "%.*s",
--                                      krb5_princ_realm(ctx, client_princ)->length,
--                                      krb5_princ_realm(ctx, client_princ)->data);
-+                                      krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)),
-+                                      krb5_princ_realm(krb_ctx, client_princ));
-             if (!*_realm) {
-                 DEBUG(1, ("talloc_asprintf failed"));
-                 if (_principal) talloc_zfree(*_principal);
-@@ -243,7 +243,7 @@
+--- ./src/util/sss_krb5.c.orig	2012-05-30 12:36:51.000000000 -0400
++++ ./src/util/sss_krb5.c	2012-09-07 19:27:09.000000000 -0400
+@@ -251,7 +251,7 @@
          }
  
          realm_name = talloc_strdup(tmp_ctx, default_realm);
@@ -20,34 +9,7 @@
          if (!realm_name) {
              ret = ENOMEM;
              goto done;
-@@ -322,7 +322,7 @@
-             found = true;
-         }
-         free(kt_principal);
--        krberr = krb5_free_keytab_entry_contents(context, &entry);
-+        krberr = krb5_kt_free_entry(context, &entry);
-         if (krberr) {
-             /* This should never happen. The API docs for this function
-              * specify only success for this function
-@@ -466,7 +466,7 @@
-             break;
-         }
- 
--        kerr = krb5_free_keytab_entry_contents(ctx, &entry);
-+        kerr = krb5_kt_free_entry(ctx, &entry);
-         if (kerr != 0) {
-             DEBUG(1, ("Failed to free keytab entry.\n"));
-         }
-@@ -504,7 +504,7 @@
-     kerr = 0;
- 
- done:
--    kerr_d = krb5_free_keytab_entry_contents(ctx, &entry);
-+    kerr_d = krb5_kt_free_entry(ctx, &entry);
-     if (kerr_d != 0) {
-         DEBUG(1, ("Failed to free keytab entry.\n"));
-     }
-@@ -540,7 +540,7 @@
+@@ -554,7 +554,7 @@
  void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s)
  {
  #ifdef HAVE_KRB5_GET_ERROR_MESSAGE
@@ -56,3 +18,29 @@
  #else
      free(s);
  #endif
+@@ -1060,7 +1060,7 @@
+             break;
+         }
+ 
+-        if (!krb5_c_valid_enctype(entry.key.enctype) ||
++        if (!krb5_c_valid_enctype(entry.keyblock.keytype) ||
+             !krb5_principal_compare(context, entry.principal, princ)) {
+             continue;
+         }
+@@ -1085,13 +1085,13 @@
+                 break;
+             }
+         }
+-        etypes[count] = entry.key.enctype;
++        etypes[count] = entry.keyblock.keytype;
+         count++;
+ 
+         /* All DES key types work with des-cbc-crc, which is more likely to be
+          * accepted by the KDC (since MIT KDCs refuse des-cbc-md5). */
+-        if (entry.key.enctype == ENCTYPE_DES_CBC_MD5 ||
+-            entry.key.enctype == ENCTYPE_DES_CBC_MD4) {
++        if (entry.keyblock.keytype == ENCTYPE_DES_CBC_MD5 ||
++            entry.keyblock.keytype == ENCTYPE_DES_CBC_MD4) {
+             etypes[count] = ENCTYPE_DES_CBC_CRC;
+             count++;
+         }
Index: pkg-message
===================================================================
--- pkg-message	(revision 303829)
+++ pkg-message	(working copy)
@@ -1,21 +0,0 @@
-================================================================================
-Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf
-and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details)
-
-To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf
-
-To enable pam integration, add a line similar to the following to
-/etc/pam.d/system:
-
-login   auth    sufficient      %%PREFIX%%/lib/pam_sss.so
-
-To enable NSS integration, update /etc/nsswitch.conf as follows:
-
-group: sss files
-passwd: sss files
-
-For additional details, please see the man pages for pam.conf and nsswitch.conf
-
-An sssd HOWTO is also available:
-https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2
-================================================================================
Index: pkg-plist
===================================================================
--- pkg-plist	(revision 303829)
+++ pkg-plist	(working copy)
@@ -1,16 +1,3 @@
-share/locale/zh_TW/LC_MESSAGES/sssd.mo
-share/locale/uk/LC_MESSAGES/sssd.mo
-share/locale/sv/LC_MESSAGES/sssd.mo
-share/locale/ru/LC_MESSAGES/sssd.mo
-share/locale/pt/LC_MESSAGES/sssd.mo
-share/locale/pl/LC_MESSAGES/sssd.mo
-share/locale/nl/LC_MESSAGES/sssd.mo
-share/locale/ja/LC_MESSAGES/sssd.mo
-share/locale/it/LC_MESSAGES/sssd.mo
-share/locale/id/LC_MESSAGES/sssd.mo
-share/locale/fr/LC_MESSAGES/sssd.mo
-share/locale/es/LC_MESSAGES/sssd.mo
-share/locale/de/LC_MESSAGES/sssd.mo
 sbin/sssd
 sbin/sss_usermod
 sbin/sss_userdel
@@ -20,6 +7,7 @@
 sbin/sss_groupmod
 sbin/sss_groupdel
 sbin/sss_groupadd
+sbin/sss_debuglevel
 sbin/sss_cache
 libexec/sssd/sssd_pam
 libexec/sssd/sssd_nss
@@ -61,22 +49,15 @@
 %%PYTHON_SITELIBDIR%%/SSSDConfig.py
 %%PYTHON_SITELIBDIR%%/SSSDConfig-1-py%%PYTHON_VER%%.egg-info
 include/ipa_hbac.h
-etc/sssd/sssd.api.d/sssd-simple.conf
-etc/sssd/sssd.api.d/sssd-proxy.conf
-etc/sssd/sssd.api.d/sssd-local.conf
-etc/sssd/sssd.api.d/sssd-ldap.conf
-etc/sssd/sssd.api.d/sssd-krb5.conf
-etc/sssd/sssd.api.d/sssd-ipa.conf
-etc/sssd/sssd.api.conf
 etc/sssd/sssd.conf.sample
 @dirrmtry lib/pkgconfig
 @dirrmtry lib/ldb
+@dirrm lib/sssd/modules
+@dirrm lib/sssd
 @dirrmtry etc/sssd/sssd.api.d
 @dirrmtry etc/sssd
-@dirrm share/sssd/introspect
 @dirrm share/sssd
 @dirrm libexec/sssd
-@dirrm lib/sssd
 @unexec if cmp -s %D/etc/sssd/sssd.conf.sample %D/etc/sssd/sssd.conf; then rm -f %D/etc/sssd/sssd.conf; fi
 @exec if [ ! -f %D/etc/sssd/sssd.conf ]; then cp -p %D/%F %B/sssd.conf; fi
 @unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi
Index: Makefile
===================================================================
--- Makefile	(revision 303829)
+++ Makefile	(working copy)
@@ -6,29 +6,29 @@
 #
 
 PORTNAME=	sssd
-DISTVERSION=	1.6.1
-PORTREVISION=	1
+DISTVERSION=	1.8.4
 CATEGORIES=	security
-MASTER_SITES=	https://fedorahosted.org/released/${PORTNAME}/
+MASTER_SITES=	https://fedorahosted.org/released/${PORTNAME}/ \
+    		http://mirrors.rit.edu/zi/
 
 MAINTAINER=	aweits@rit.edu
 COMMENT=	System Security Services Daemon
 
 LICENSE=	GPLv3
 
-LIB_DEPENDS=	popt.0:${PORTSDIR}/devel/popt \
-		talloc.2:${PORTSDIR}/devel/talloc \
-		tevent.0:${PORTSDIR}/devel/tevent \
-		xslt.2:${PORTSDIR}/textproc/libxslt \
-		tdb.1:${PORTSDIR}/databases/tdb \
+LIB_DEPENDS=	popt:${PORTSDIR}/devel/popt \
+		talloc:${PORTSDIR}/devel/talloc \
+		tevent:${PORTSDIR}/devel/tevent \
+		xslt:${PORTSDIR}/textproc/libxslt \
+		tdb:${PORTSDIR}/databases/tdb \
 		ldb:${PORTSDIR}/databases/ldb \
-		cares.2:${PORTSDIR}/dns/c-ares \
+		cares:${PORTSDIR}/dns/c-ares \
 		dbus:${PORTSDIR}/devel/dbus \
-		dhash.1:${PORTSDIR}/devel/ding-libs \
-		pcre.1:${PORTSDIR}/devel/pcre \
-		unistring.1:${PORTSDIR}/devel/libunistring \
-		nss3.1:${PORTSDIR}/security/nss \
-		sasl2.2:${PORTSDIR}/security/cyrus-sasl2 \
+		dhash:${PORTSDIR}/devel/ding-libs \
+		pcre:${PORTSDIR}/devel/pcre \
+		unistring:${PORTSDIR}/devel/libunistring \
+		nss3:${PORTSDIR}/security/nss \
+		sasl2:${PORTSDIR}/security/cyrus-sasl2 \
 		xml2:${PORTSDIR}/textproc/libxml2
 BUILD_DEPENDS=	xmlcatalog:${PORTSDIR}/textproc/libxml2 \
 		docbook-xsl>=0:${PORTSDIR}/textproc/docbook-xsl
@@ -38,16 +38,18 @@
 CONFIGURE_ARGS=	--with-selinux=no --with-semanage=no \
 		--with-ldb-lib-dir=${LOCALBASE}/lib/ldb \
 		--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
-		--with-libnl=no --with-init-dir=no \
+		--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \
 		--docdir=${WRKDIR}/docs --with-pid-path=/var/run \
 		--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \
 		--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \
 		--with-pubconf-path=/var/run/sss
 CFLAGS+=	-L${LOCALBASE}/lib -fstack-protector-all
 PLIST_SUB=	PYTHON_VER=${PYTHON_VER}
+MAKE_ENV+=	LINGUAS=""
+SUB_FILES=	pkg-message
 #DEBUG_FLAGS=	-g
 
-USE_AUTOTOOLS=	autoconf automake
+USE_AUTOTOOLS=	autoconf automake libtoolize
 USE_LDCONFIG=	yes
 USE_PYTHON=	yes
 USE_OPENLDAP=	yes
@@ -63,8 +65,10 @@
 MAN8=		pam_sss.8 sss_cache.8 sss_groupadd.8 sss_groupdel.8 \
 		sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \
 		sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \
-		sssd_krb5_locator_plugin.8
+		sssd_krb5_locator_plugin.8 sss_debuglevel.8
 
+PORTDATA=	*
+
 .include <bsd.port.pre.mk>
 
 .if ${OSVERSION} < 800107
@@ -77,37 +81,47 @@
 AUTOTOOLSFILES=	aclocal.m4
 
 post-patch:
-	@${REINPLACE_CMD} -e 's|1.11.1|%%AUTOMAKE_APIVER%%|g' ${WRKSRC}/aclocal.m4
+	@${REINPLACE_CMD} -e 's|1.11.1|%%AUTOMAKE_APIVER%%|g' \
+	    	${WRKSRC}/aclocal.m4
 	@${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c
-	@${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' ${WRKSRC}/src/util/util.h
-	@${REINPLACE_CMD} -e '/pam_misc/d' ${WRKSRC}/src/sss_client/pam_test_client.c
-	@${REINPLACE_CMD} -e '/ETIME/d' ${WRKSRC}/src/sss_client/common.c
-	@${REINPLACE_CMD} -e 's| -lpam_misc||g' ${WRKSRC}/Makefile.am ${WRKSRC}/Makefile.in
-	@${REINPLACE_CMD} -e 's|security/pam_misc.h||g' ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4
-	@${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' ${WRKSRC}/src/sss_client/common.c
-	@${REINPLACE_CMD} -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' ${WRKSRC}/src/sss_client/common.c
-	@${REINPLACE_CMD} -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' ${WRKSRC}/src/sss_client/common.c
-	@${REINPLACE_CMD} -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' ${WRKSRC}/src/sss_client/common.c
-	@${REINPLACE_CMD} -e 's|security/pam_ext.h|security/pam_appl.h|g' ${WRKSRC}/src/sss_client/pam_sss.c
-	@${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' ${WRKSRC}/src/sss_client/sss_pam_macros.h
-	@${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' ${WRKSRC}/src/sss_client/pam_sss.c
-	@${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' ${WRKSRC}/src/sss_client/pam_sss.c
-	@${REINPLACE_CMD} -e 's|pam_vsyslog(pamh,|vsyslog(|g' ${WRKSRC}/src/sss_client/pam_sss.c
-	@${REINPLACE_CMD} -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' ${WRKSRC}/src/sss_client/pam_sss.c
-	@${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' ${WRKSRC}/Makefile.in
-	@${REINPLACE_CMD} -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \
+	@${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \
+	    	${WRKSRC}/src/util/util.h
+	@${REINPLACE_CMD} -e '/pam_misc/d' \
+	    	${WRKSRC}/src/sss_client/pam_test_client.c
+	@${REINPLACE_CMD} -e 's|security/pam_misc.h||g' \
+	    	${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4
+	@${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \
+		-e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \
+		-e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \
+		-e '/ETIME/d' \
+		-e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \
+		${WRKSRC}/src/sss_client/common.c
+	@${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' \
+	    	${WRKSRC}/src/sss_client/sss_pam_macros.h
+	@${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' \
+		-e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' \
+		-e 's|security/pam_ext.h|security/pam_appl.h|g' \
+		-e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \
+		-e 's|pam_vsyslog(pamh,|vsyslog(|g' \
+		${WRKSRC}/src/sss_client/pam_sss.c
+	@${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' \
+	    	${WRKSRC}/Makefile.in
+	@${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' \
+		-e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \
+		-e 's|install-data-hook|notinstall-data-hook|g' \
+		-e 's| -lpam_misc||g' \
 		${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am
-	@${REINPLACE_CMD} -e 's|install-data-hook|notinstall-data-hook|g' ${WRKSRC}/Makefile.in \
-		${WRKSRC}/Makefile.am
-	@${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in \
-		${WRKSRC}/Makefile.am
-	@${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' ${WRKSRC}/src/man/*xml
-	@${REINPLACE_CMD} -e 's|/etc/openldap/|${PREFIX}/etc/openldap/|g' ${WRKSRC}/src/man/*xml
+	@${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \
+		-e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \
+		${WRKSRC}/src/man/*xml
 	@${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h
 	@${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
 
+pre-configure:
+	(cd ${WRKSRC} && ${AUTORECONF} -i -f)
+
 post-install:
-	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd.conf ${ETCDIR}/sssd.conf.sample
+	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf ${ETCDIR}/sssd.conf.sample
 	(cd ${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1)
 	(cd ${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5)
 	@${RM} -f ${PREFIX}/lib/ldb/memberof.la


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201209081458.q88EwOUq017081>