From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Sep 8 15:00:12 2012 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 04AC51065678 for ; Sat, 8 Sep 2012 15:00:11 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B37548FC19 for ; Sat, 8 Sep 2012 15:00:11 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q88F0B21057506 for ; Sat, 8 Sep 2012 15:00:11 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q88F0B1W057486; Sat, 8 Sep 2012 15:00:11 GMT (envelope-from gnats) Resent-Date: Sat, 8 Sep 2012 15:00:11 GMT Resent-Message-Id: <201209081500.q88F0B1W057486@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ryan Steinmetz Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1D10106566C for ; Sat, 8 Sep 2012 14:58:24 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id 8B2958FC08 for ; Sat, 8 Sep 2012 14:58:24 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q88EwOQG017082 for ; Sat, 8 Sep 2012 14:58:24 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.5/8.14.5/Submit) id q88EwOUq017081; Sat, 8 Sep 2012 14:58:24 GMT (envelope-from nobody) Message-Id: <201209081458.q88EwOUq017081@red.freebsd.org> Date: Sat, 8 Sep 2012 14:58:24 GMT From: Ryan Steinmetz To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: ports/171452: [update] security/sssd to 1.8.4 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 08 Sep 2012 15:00:12 -0000 >Number: 171452 >Category: ports >Synopsis: [update] security/sssd to 1.8.4 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Sat Sep 08 15:00:11 UTC 2012 >Closed-Date: >Last-Modified: >Originator: Ryan Steinmetz >Release: 9.0-RELEASE >Organization: Sourcefire, Inc. >Environment: >Description: - Update to 1.8.4 - Address issue reported in ports/170502 (sssd failed to connect Ldap server without SASL) >How-To-Repeat: >Fix: Patch attached with submission follows: Index: distinfo =================================================================== --- distinfo (revision 303829) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (sssd-1.6.1.tar.gz) = ba30d8cf7eae1fd66053b4f11e8e5b98bc6db113cf6d2f33e429f2e21d90ade9 -SIZE (sssd-1.6.1.tar.gz) = 1406047 +SHA256 (sssd-1.8.4.tar.gz) = d20845928c91fd66fadc404967089b21b6b64801b1288c789812be51521476a2 +SIZE (sssd-1.8.4.tar.gz) = 2161696 Index: files/patch-src__providers__proxy__proxy_init.c =================================================================== --- files/patch-src__providers__proxy__proxy_init.c (revision 303829) +++ files/patch-src__providers__proxy__proxy_init.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/providers/proxy/proxy_init.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/proxy/proxy_init.c 2011-10-13 12:15:03.000000000 -0400 -@@ -124,7 +124,7 @@ +--- ./src/providers/proxy/proxy_init.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/proxy/proxy_init.c 2012-09-07 17:48:42.000000000 -0400 +@@ -123,7 +123,7 @@ if (!ctx->handle) { DEBUG(0, ("Unable to load %s module with path, error: %s\n", libpath, dlerror())); @@ -9,7 +9,7 @@ goto done; } -@@ -132,7 +132,7 @@ +@@ -131,7 +131,7 @@ libname); if (!ctx->ops.getpwnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -18,7 +18,7 @@ goto done; } -@@ -140,14 +140,14 @@ +@@ -139,14 +139,14 @@ libname); if (!ctx->ops.getpwuid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -35,7 +35,7 @@ goto done; } -@@ -155,14 +155,14 @@ +@@ -154,14 +154,14 @@ libname); if (!ctx->ops.getpwent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -52,7 +52,7 @@ goto done; } -@@ -170,7 +170,7 @@ +@@ -169,7 +169,7 @@ libname); if (!ctx->ops.getgrnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -61,7 +61,7 @@ goto done; } -@@ -178,14 +178,14 @@ +@@ -177,14 +177,14 @@ libname); if (!ctx->ops.getgrgid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -78,7 +78,7 @@ goto done; } -@@ -193,14 +193,14 @@ +@@ -192,14 +192,14 @@ libname); if (!ctx->ops.getgrent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); Index: files/patch-src__util__server.c =================================================================== --- files/patch-src__util__server.c (revision 303829) +++ files/patch-src__util__server.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/util/server.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/server.c 2011-10-13 12:15:03.000000000 -0400 -@@ -296,14 +296,15 @@ +--- ./src/util/server.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/util/server.c 2012-09-07 17:48:42.000000000 -0400 +@@ -298,14 +298,15 @@ BlockSignals(false, SIGTERM); CatchSignal(SIGHUP, sig_hup); Index: files/patch-src__confdb__confdb.c =================================================================== --- files/patch-src__confdb__confdb.c (revision 303829) +++ files/patch-src__confdb__confdb.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/confdb/confdb.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/confdb/confdb.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/confdb/confdb.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/confdb/confdb.c 2012-09-07 17:48:42.000000000 -0400 @@ -28,6 +28,11 @@ #include "util/strtonum.h" #include "db/sysdb.h" Index: files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c =================================================================== --- files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (revision 303829) +++ files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (working copy) @@ -1,20 +1,38 @@ ---- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 -@@ -265,7 +265,7 @@ - goto done; - } +--- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2012-09-08 09:33:08.000000000 -0400 ++++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2012-09-08 10:19:47.000000000 -0400 +@@ -10,7 +10,7 @@ + /* SHA512-based Unix crypt implementation. + Released into the Public Domain by Ulrich Drepper . */ -- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); -+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); - buflen -= SALT_PREF_SIZE; +-#include ++#include + #include + #include + #include +@@ -39,6 +39,8 @@ + #define ROUNDS_MIN 1000 + #define ROUNDS_MAX 999999999 - if (rounds_custom) { -@@ -283,7 +283,7 @@ - ret = ERANGE; - goto done; ++#define __stpncpy(x, y, z) stpncpy(x, y, z) ++ + /* Table with characters for base64 transformation. */ + const char b64t[64] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +@@ -197,7 +199,7 @@ + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } -- cp = __stpncpy(cp, salt, salt_len); -+ cp = stpncpy(cp, salt, salt_len); - *cp++ = '$'; - buflen -= salt_len + 1; + memcpy(cp, temp_result, cnt); +@@ -218,7 +220,7 @@ + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; + } + memcpy(cp, temp_result, cnt); + Index: files/patch-configure.ac =================================================================== --- files/patch-configure.ac (revision 0) +++ files/patch-configure.ac (working copy) @@ -0,0 +1,11 @@ +--- ./configure.ac.orig 2012-09-08 09:57:34.000000000 -0400 ++++ ./configure.ac 2012-09-08 09:57:52.000000000 -0400 +@@ -23,6 +23,8 @@ + AM_GNU_GETTEXT([external]) + AM_GNU_GETTEXT_VERSION([0.14]) + ++AM_PROG_AR ++ + AC_SUBST([PRERELEASE_VERSION], + PRERELEASE_VERSION_NUMBER) + Property changes on: files/patch-configure.ac ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: files/patch-src__sss_client__common.c =================================================================== --- files/patch-src__sss_client__common.c (revision 303829) +++ files/patch-src__sss_client__common.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/sss_client/common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/common.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/sss_client/common.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/sss_client/common.c 2012-09-07 17:48:42.000000000 -0400 @@ -26,6 +26,7 @@ #include "config.h" @@ -8,7 +8,7 @@ #include #include #include -@@ -111,7 +112,6 @@ +@@ -112,7 +113,6 @@ *errnop = error; break; case 0: @@ -16,7 +16,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -216,7 +216,6 @@ +@@ -217,7 +217,6 @@ *errnop = error; break; case 0: @@ -24,7 +24,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -638,7 +637,6 @@ +@@ -645,7 +644,6 @@ *errnop = error; break; case 0: @@ -32,7 +32,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -688,23 +686,23 @@ +@@ -695,23 +693,23 @@ /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { Index: files/patch-src__providers__ldap__ldap_child.c =================================================================== --- files/patch-src__providers__ldap__ldap_child.c (revision 303829) +++ files/patch-src__providers__ldap__ldap_child.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/providers/ldap/ldap_child.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_child.c 2011-10-13 12:15:03.000000000 -0400 -@@ -165,7 +165,7 @@ +--- ./src/providers/ldap/ldap_child.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/ldap/ldap_child.c 2012-09-07 17:48:42.000000000 -0400 +@@ -176,7 +176,7 @@ } realm_name = talloc_strdup(memctx, default_realm); @@ -9,35 +9,3 @@ if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; -@@ -279,20 +279,20 @@ - goto done; - } - -- krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); -- if (krberr) { -- DEBUG(2, ("Failed to get KDC time offset: %s\n", -- sss_krb5_get_error_message(context, krberr))); -- kdc_time_offset = 0; -- } else { -- if (kdc_time_offset_usec > 0) { -- kdc_time_offset++; -- } -- } -+ // krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); -+ // if (krberr) { -+ // DEBUG(2, ("Failed to get KDC time offset: %s\n", -+ // sss_krb5_get_error_message(context, krberr))); -+ // kdc_time_offset = 0; -+ // } else { -+ // if (kdc_time_offset_usec > 0) { -+ // kdc_time_offset++; -+ // } -+ // } - - krberr = 0; - *ccname_out = ccname; -- *expire_time_out = my_creds.times.endtime - kdc_time_offset; -+ *expire_time_out = my_creds.times.endtime; - - done: - if (keytab) krb5_kt_close(context, keytab); Index: files/patch-src__responder__common__responder_packet.c =================================================================== --- files/patch-src__responder__common__responder_packet.c (revision 303829) +++ files/patch-src__responder__common__responder_packet.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/responder/common/responder_packet.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_packet.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/responder/common/responder_packet.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/responder/common/responder_packet.c 2012-09-07 17:48:42.000000000 -0400 @@ -192,7 +192,7 @@ } Index: files/patch-src__providers__fail_over.c =================================================================== --- files/patch-src__providers__fail_over.c (revision 303829) +++ files/patch-src__providers__fail_over.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/providers/fail_over.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/fail_over.c 2011-10-13 12:15:03.000000000 -0400 -@@ -1191,7 +1191,7 @@ +--- ./src/providers/fail_over.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/fail_over.c 2012-09-07 17:48:42.000000000 -0400 +@@ -1231,7 +1231,7 @@ *******************************************************************/ struct resolve_get_domain_state { char *fqdn; @@ -9,7 +9,7 @@ }; static void resolve_get_domain_done(struct tevent_req *subreq); -@@ -1211,13 +1211,13 @@ +@@ -1251,13 +1251,13 @@ return NULL; } Index: files/patch-src__sss_client__sss_nss.exports =================================================================== --- files/patch-src__sss_client__sss_nss.exports (revision 303829) +++ files/patch-src__sss_client__sss_nss.exports (working copy) @@ -1,5 +1,5 @@ ---- ./src/sss_client/sss_nss.exports.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/sss_nss.exports 2011-10-13 12:13:42.000000000 -0400 +--- ./src/sss_client/sss_nss.exports.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/sss_client/sss_nss.exports 2012-09-07 17:48:42.000000000 -0400 @@ -3,6 +3,7 @@ # public functions global: Index: files/patch-src__sss_client__nss_group.c =================================================================== --- files/patch-src__sss_client__nss_group.c (revision 303829) +++ files/patch-src__sss_client__nss_group.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/sss_client/nss_group.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/nss_group.c 2011-10-13 12:15:03.000000000 -0400 -@@ -248,6 +248,77 @@ +--- ./src/sss_client/nss_group.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/sss_client/nss_group.c 2012-09-07 17:48:42.000000000 -0400 +@@ -343,6 +343,77 @@ } Index: files/patch-src__util__find_uid.c =================================================================== --- files/patch-src__util__find_uid.c (revision 303829) +++ files/patch-src__util__find_uid.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/util/find_uid.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/find_uid.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/util/find_uid.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/util/find_uid.c 2012-09-07 17:48:42.000000000 -0400 @@ -67,7 +67,7 @@ uint32_t num=0; errno_t error; @@ -9,7 +9,7 @@ if (ret < 0) { DEBUG(1, ("snprintf failed")); return EINVAL; -@@ -204,7 +204,7 @@ +@@ -208,7 +208,7 @@ hash_key_t key; hash_value_t value; @@ -18,7 +18,7 @@ if (proc_dir == NULL) { ret = errno; DEBUG(1, ("Cannot open proc dir.\n")); -@@ -278,9 +278,8 @@ +@@ -282,9 +282,8 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { Index: files/patch-src__providers__ldap__ldap_common.c =================================================================== --- files/patch-src__providers__ldap__ldap_common.c (revision 303829) +++ files/patch-src__providers__ldap__ldap_common.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/providers/ldap/ldap_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -749,7 +749,7 @@ +--- ./src/providers/ldap/ldap_common.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/ldap/ldap_common.c 2012-09-07 17:48:42.000000000 -0400 +@@ -1242,7 +1242,7 @@ } realm = talloc_strdup(mem_ctx, krb5_realm); Index: files/patch-src__monitor__monitor.c =================================================================== --- files/patch-src__monitor__monitor.c (revision 303829) +++ files/patch-src__monitor__monitor.c (working copy) @@ -1,17 +1,17 @@ ---- ./src/monitor/monitor.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/monitor/monitor.c 2011-10-13 12:15:03.000000000 -0400 -@@ -57,6 +57,10 @@ +--- ./src/monitor/monitor.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/monitor/monitor.c 2012-09-07 17:48:42.000000000 -0400 +@@ -69,6 +69,10 @@ + int cmdline_debug_timestamps; + int cmdline_debug_microseconds; - int cmdline_debug_level; - +errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, + struct mt_ctx *ctx, + const char *file, + monitor_reconf_fn fn); struct svc_spy; - struct mt_svc { -@@ -1606,10 +1610,6 @@ + enum mt_svc_type { +@@ -1582,10 +1586,6 @@ talloc_free(tmp_ctx); } Index: files/patch-src__sss_client__pam_test_client.c =================================================================== --- files/patch-src__sss_client__pam_test_client.c (revision 303829) +++ files/patch-src__sss_client__pam_test_client.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/sss_client/pam_test_client.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/pam_test_client.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/sss_client/pam_test_client.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/sss_client/pam_test_client.c 2012-09-07 17:48:42.000000000 -0400 @@ -24,12 +24,13 @@ #include Index: files/patch-src__resolv__async_resolv.c =================================================================== --- files/patch-src__resolv__async_resolv.c (revision 303829) +++ files/patch-src__resolv__async_resolv.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/resolv/async_resolv.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/resolv/async_resolv.c 2011-10-13 12:15:03.000000000 -0400 -@@ -1073,7 +1073,6 @@ +--- ./src/resolv/async_resolv.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/resolv/async_resolv.c 2012-09-07 17:48:42.000000000 -0400 +@@ -1187,7 +1187,6 @@ hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ ret = getaddrinfo(name, NULL, &hints, &res); @@ -8,7 +8,7 @@ if (ret != 0) { if (ret == -2) { DEBUG(9, ("[%s] does not look like an IP address\n", name)); -@@ -1081,6 +1080,8 @@ +@@ -1195,6 +1194,8 @@ DEBUG(2, ("getaddrinfo failed [%d]: %s\n", ret, gai_strerror(ret))); } Index: files/patch-src__responder__common__responder_common.c =================================================================== --- files/patch-src__responder__common__responder_common.c (revision 303829) +++ files/patch-src__responder__common__responder_common.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/responder/common/responder_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_common.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/responder/common/responder_common.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/responder/common/responder_common.c 2012-09-07 17:48:42.000000000 -0400 @@ -195,7 +195,7 @@ talloc_free(cctx); break; Index: files/patch-Makefile.am =================================================================== --- files/patch-Makefile.am (revision 303829) +++ files/patch-Makefile.am (working copy) @@ -1,22 +1,23 @@ ---- ./Makefile.am.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./Makefile.am 2011-10-13 12:13:42.000000000 -0400 -@@ -33,7 +33,7 @@ - systemdunitdir = @systemdunitdir@ - logpath = @logpath@ - pubconfpath = @pubconfpath@ --pkgconfigdir = $(libdir)/pkgconfig -+pkgconfigdir = $(prefix)/libdata/pkgconfig +--- ./Makefile.am.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./Makefile.am 2012-09-07 19:30:46.000000000 -0400 +@@ -547,7 +547,6 @@ + src/providers/data_provider_callbacks.c \ + $(SSSD_FAILOVER_OBJ) + sssd_be_LDADD = \ +- -ldl \ + $(SSSD_LIBS) \ + $(CARES_LIBS) \ + libsss_util.la +@@ -928,7 +927,7 @@ + endif - AM_CFLAGS = - if WANT_AUX_INFO -@@ -753,21 +753,22 @@ - - noinst_PROGRAMS = pam_test_client pam_test_client_SOURCES = src/sss_client/pam_test_client.c -pam_test_client_LDFLAGS = -lpam -lpam_misc +pam_test_client_LDFLAGS = -lpam - #################### + if BUILD_AUTOFS + autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \ +@@ -942,16 +941,17 @@ # Client Libraries # #################### @@ -29,6 +30,7 @@ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ + src/sss_client/nss_services.c \ src/sss_client/sss_cli.h \ src/sss_client/nss_compat.h -libnss_sss_la_LDFLAGS = \ @@ -36,26 +38,20 @@ -module \ -version-info 2:0:0 \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports -@@ -780,6 +781,7 @@ +@@ -964,6 +964,7 @@ src/sss_client/sss_pam_macros.h pam_sss_la_LDFLAGS = \ + -lintl \ -lpam \ + $(SELINUX_LIBS) \ -module \ - -avoid-version \ -@@ -1122,10 +1124,10 @@ +@@ -1402,7 +1403,7 @@ mkdir -p $(DESTDIR)$(initdir) endif -install-data-hook: -- rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ -- $(DESTDIR)/$(nsslibdir)/libnss_sss.so -- mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 -+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook: -+ rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \ -+ $(DESTDIR)/$(nsslibdir)/nss_sss.so -+ mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 - - uninstall-hook: - if [ -f $(abs_builddir)/src/config/.files ]; then \ ++nopenopeinstall-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 Index: files/pkg-message.in =================================================================== --- files/pkg-message.in (revision 0) +++ files/pkg-message.in (working copy) @@ -0,0 +1,21 @@ +================================================================================ +Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf +and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) + +To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf + +To enable pam integration, add a line similar to the following to +/etc/pam.d/system: + +login auth sufficient %%PREFIX%%/lib/pam_sss.so + +To enable NSS integration, update /etc/nsswitch.conf as follows: + +group: sss files +passwd: sss files + +For additional details, please see the man pages for pam.conf and nsswitch.conf + +An sssd HOWTO is also available: +https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2 +================================================================================ Property changes on: files/pkg-message.in ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: files/patch-src__providers__data_provider_be.c =================================================================== --- files/patch-src__providers__data_provider_be.c (revision 303829) +++ files/patch-src__providers__data_provider_be.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/providers/data_provider_be.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/data_provider_be.c 2011-10-13 12:15:03.000000000 -0400 -@@ -512,7 +512,7 @@ +--- ./src/providers/data_provider_be.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/data_provider_be.c 2012-09-07 17:48:42.000000000 -0400 +@@ -653,7 +653,7 @@ return EIO; } @@ -9,7 +9,7 @@ pd->domain = talloc_strdup(pd, becli->bectx->domain->name); if (pd->domain == NULL) { talloc_free(be_req); -@@ -1013,7 +1013,7 @@ +@@ -1772,7 +1772,7 @@ if (!handle) { DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n", mod_name, path, dlerror())); @@ -18,7 +18,7 @@ goto done; } -@@ -1033,7 +1033,7 @@ +@@ -1792,7 +1792,7 @@ } else { DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n", mod_init_fn_name, mod_name, dlerror())); Index: files/patch-src__util__crypto__nss__nss_sha512crypt.c =================================================================== --- files/patch-src__util__crypto__nss__nss_sha512crypt.c (revision 303829) +++ files/patch-src__util__crypto__nss__nss_sha512crypt.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/crypto/nss/nss_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2012-09-08 09:32:28.000000000 -0400 ++++ ./src/util/crypto/nss/nss_sha512crypt.c 2012-09-08 10:19:36.000000000 -0400 @@ -10,7 +10,7 @@ #include "config.h" @@ -9,21 +9,30 @@ #include #include #include -@@ -267,7 +267,7 @@ - goto done; +@@ -42,6 +42,8 @@ + #define ROUNDS_MIN 1000 + #define ROUNDS_MAX 999999999 + ++#define __stpncpy(x, y, z) stpncpy(x, y, z) ++ + /* Table with characters for base64 transformation. */ + const char b64t[64] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +@@ -205,7 +207,7 @@ + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } + memcpy(cp, temp_result, cnt); -- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); -+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); - buflen -= SALT_PREF_SIZE; - - if (rounds_custom) { -@@ -285,7 +285,7 @@ - ret = ERANGE; - goto done; +@@ -223,7 +225,7 @@ + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } -- cp = __stpncpy(cp, salt, salt_len); -+ cp = stpncpy(cp, salt, salt_len); - *cp++ = '$'; - buflen -= salt_len + 1; + memcpy(cp, temp_result, cnt); Index: files/patch-src__providers__ldap__ldap_auth.c =================================================================== --- files/patch-src__providers__ldap__ldap_auth.c (revision 303829) +++ files/patch-src__providers__ldap__ldap_auth.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/providers/ldap/ldap_auth.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_auth.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/providers/ldap/ldap_auth.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/ldap/ldap_auth.c 2012-09-07 17:48:42.000000000 -0400 @@ -37,7 +37,6 @@ #include #include @@ -8,15 +8,15 @@ #include #include "util/util.h" -@@ -46,6 +45,7 @@ - #include "providers/ldap/ldap_common.h" +@@ -47,6 +46,7 @@ #include "providers/ldap/sdap_async.h" + #include "providers/ldap/sdap_async_private.h" + /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the * fact that using the expiration time of a Kerberos password with LDAP * authentication is presumably a rare case a separate config option is not -@@ -59,6 +59,22 @@ +@@ -60,6 +60,22 @@ PWEXPIRE_SHADOW }; @@ -39,7 +39,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -111,17 +127,16 @@ +@@ -112,17 +128,16 @@ return EINVAL; } @@ -61,7 +61,7 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("Kerberos password expired.\n")); -@@ -742,7 +757,7 @@ +@@ -746,7 +761,7 @@ DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); @@ -70,7 +70,7 @@ if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(2, ("chpass target was called by wrong pam command.\n")); -@@ -799,7 +814,7 @@ +@@ -805,7 +820,7 @@ &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret) { @@ -79,7 +79,7 @@ goto done; } -@@ -819,7 +834,7 @@ +@@ -825,7 +840,7 @@ &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); @@ -88,7 +88,7 @@ goto done; } break; -@@ -828,14 +843,14 @@ +@@ -834,14 +849,14 @@ &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); @@ -105,7 +105,7 @@ goto done; } break; -@@ -844,7 +859,7 @@ +@@ -850,7 +865,7 @@ break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); @@ -114,7 +114,7 @@ goto done; } } -@@ -884,7 +899,7 @@ +@@ -890,7 +905,7 @@ dp_err = DP_ERR_OFFLINE; break; default: @@ -123,25 +123,43 @@ } done: -@@ -905,7 +920,7 @@ +@@ -913,7 +928,7 @@ ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -964,7 +979,7 @@ +@@ -954,7 +969,7 @@ + state->dn, + lastchanged_name); + if (subreq == NULL) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + +@@ -975,7 +990,7 @@ + + ret = sdap_modify_shadow_lastchange_recv(req); + if (ret != EOK) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; goto done; } +@@ -1016,7 +1031,7 @@ + goto done; + } + - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: -@@ -1021,7 +1036,7 @@ +@@ -1073,7 +1088,7 @@ &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret != EOK) { @@ -150,7 +168,7 @@ dp_err = DP_ERR_FATAL; goto done; } -@@ -1033,7 +1048,7 @@ +@@ -1085,7 +1100,7 @@ state->pd, &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); @@ -159,7 +177,7 @@ goto done; } break; -@@ -1042,7 +1057,7 @@ +@@ -1094,7 +1109,7 @@ state->pd, &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); @@ -168,7 +186,7 @@ goto done; } break; -@@ -1050,7 +1065,7 @@ +@@ -1102,7 +1117,7 @@ ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_ldap failed.\n")); @@ -177,7 +195,7 @@ goto done; } break; -@@ -1058,7 +1073,7 @@ +@@ -1110,7 +1125,7 @@ break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); @@ -186,7 +204,7 @@ goto done; } } -@@ -1080,7 +1095,7 @@ +@@ -1132,7 +1147,7 @@ state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; default: Index: files/patch-src__providers__krb5__krb5_utils.c =================================================================== --- files/patch-src__providers__krb5__krb5_utils.c (revision 303829) +++ files/patch-src__providers__krb5__krb5_utils.c (working copy) @@ -1,17 +0,0 @@ ---- ./src/providers/krb5/krb5_utils.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/krb5/krb5_utils.c 2011-10-13 12:15:03.000000000 -0400 -@@ -435,10 +435,10 @@ - } - - server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data, -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data); -+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), -+ krb5_princ_realm(ctx, client_princ), -+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), -+ krb5_princ_realm(ctx, client_princ)); - if (server_name == NULL) { - kerr = KRB5_CC_NOMEM; - DEBUG(1, ("talloc_asprintf failed.\n")); Index: files/patch-src__providers__ldap__sdap_access.c =================================================================== --- files/patch-src__providers__ldap__sdap_access.c (revision 303829) +++ files/patch-src__providers__ldap__sdap_access.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/providers/ldap/sdap_access.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/sdap_access.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/providers/ldap/sdap_access.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/ldap/sdap_access.c 2012-09-07 17:48:42.000000000 -0400 @@ -22,9 +22,7 @@ along with this program. If not, see . */ @@ -10,7 +10,7 @@ #include #include #include -@@ -119,7 +117,7 @@ +@@ -109,7 +107,7 @@ pd); if (req == NULL) { DEBUG(1, ("Unable to start sdap_access request\n")); @@ -19,7 +19,7 @@ return; } -@@ -157,7 +155,7 @@ +@@ -148,7 +146,7 @@ state->be_ctx = be_ctx; state->pd = pd; @@ -28,7 +28,7 @@ state->ev = ev; state->access_ctx = access_ctx; state->current_rule = 0; -@@ -502,18 +500,17 @@ +@@ -488,18 +486,17 @@ return true; } @@ -51,7 +51,7 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("NDS account expired.\n")); -@@ -663,7 +660,7 @@ +@@ -648,7 +645,7 @@ return NULL; } @@ -60,7 +60,7 @@ expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); -@@ -747,7 +744,7 @@ +@@ -732,7 +729,7 @@ talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -69,7 +69,7 @@ tevent_req_error(req, ret); return; } -@@ -807,7 +804,7 @@ +@@ -792,7 +789,7 @@ state->filter = NULL; state->be_ctx = be_ctx; state->username = username; @@ -78,8 +78,8 @@ state->sdap_ctx = access_ctx->id_ctx; state->ev = ev; state->access_ctx = access_ctx; -@@ -953,7 +950,7 @@ - SDAP_SEARCH_TIMEOUT)); +@@ -939,7 +936,7 @@ + false); if (subreq == NULL) { DEBUG(1, ("Could not start LDAP communication\n")); - state->pam_status = PAM_SYSTEM_ERR; @@ -87,7 +87,7 @@ tevent_req_error(req, EIO); return; } -@@ -984,13 +981,13 @@ +@@ -970,13 +967,13 @@ if (ret == EOK) { return; } @@ -103,7 +103,7 @@ } goto done; -@@ -1009,7 +1006,7 @@ +@@ -995,7 +992,7 @@ else if (results == NULL) { DEBUG(1, ("num_results > 0, but results is NULL\n")); ret = EIO; @@ -112,7 +112,7 @@ goto done; } else if (num_results > 1) { -@@ -1018,7 +1015,7 @@ +@@ -1004,7 +1001,7 @@ */ DEBUG(1, ("Received multiple replies\n")); ret = EIO; @@ -121,7 +121,7 @@ goto done; } else { /* Ok, we got a single reply */ -@@ -1106,7 +1103,7 @@ +@@ -1090,7 +1087,7 @@ talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -130,7 +130,7 @@ tevent_req_error(req, ret); return; } -@@ -1247,7 +1244,7 @@ +@@ -1230,7 +1227,7 @@ talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -139,7 +139,7 @@ tevent_req_error(req, ret); return; } -@@ -1274,7 +1271,7 @@ +@@ -1255,7 +1252,7 @@ struct ldb_message_element *el; unsigned int i; char *host; @@ -148,7 +148,7 @@ req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); if (!req) { -@@ -1370,7 +1367,7 @@ +@@ -1351,7 +1348,7 @@ talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -157,7 +157,7 @@ tevent_req_error(req, ret); return; } -@@ -1395,7 +1392,7 @@ +@@ -1377,7 +1374,7 @@ static void sdap_access_done(struct tevent_req *req) { errno_t ret; @@ -166,7 +166,7 @@ struct be_req *breq = tevent_req_callback_data(req, struct be_req); -@@ -1403,7 +1400,7 @@ +@@ -1385,7 +1382,7 @@ talloc_zfree(req); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); Index: files/patch-src__providers__ipa__ipa_common.c =================================================================== --- files/patch-src__providers__ipa__ipa_common.c (revision 303829) +++ files/patch-src__providers__ipa__ipa_common.c (working copy) @@ -1,6 +1,6 @@ ---- ./src/providers/ipa/ipa_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ipa/ipa_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -191,7 +191,7 @@ +--- ./src/providers/ipa/ipa_common.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/ipa/ipa_common.c 2012-09-07 17:48:42.000000000 -0400 +@@ -251,7 +251,7 @@ char *ipa_hostname; int ret; int i; @@ -9,7 +9,7 @@ opts = talloc_zero(memctx, struct ipa_options); if (!opts) return ENOMEM; -@@ -220,14 +220,14 @@ +@@ -280,14 +280,14 @@ ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { Index: files/patch-src__util__murmurhash3.c =================================================================== --- files/patch-src__util__murmurhash3.c (revision 0) +++ files/patch-src__util__murmurhash3.c (working copy) @@ -0,0 +1,11 @@ +--- ./src/util/murmurhash3.c.orig 2012-09-07 18:32:20.000000000 -0400 ++++ ./src/util/murmurhash3.c 2012-09-07 18:32:26.000000000 -0400 +@@ -8,7 +8,7 @@ + + #include + #include +-#include ++#include + #include + + /* support RHEL5 lack of definitions */ Property changes on: files/patch-src__util__murmurhash3.c ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: files/patch-src__responder__common__responder_dp.c =================================================================== --- files/patch-src__responder__common__responder_dp.c (revision 303829) +++ files/patch-src__responder__common__responder_dp.c (working copy) @@ -1,15 +1,6 @@ ---- ./src/responder/common/responder_dp.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_dp.c 2011-10-13 12:15:03.000000000 -0400 -@@ -210,7 +210,7 @@ - &sdp_req->err_min, - &sdp_req->err_msg); - if (ret != EOK) { -- if (ret == ETIME) { -+ if (ret == ETIMEDOUT) { - sdp_req->err_maj = DP_ERR_TIMEOUT; - sdp_req->err_min = ret; - sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); -@@ -569,7 +569,7 @@ +--- ./src/responder/common/responder_dp.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/responder/common/responder_dp.c 2012-09-07 17:48:42.000000000 -0400 +@@ -197,7 +197,7 @@ case DBUS_MESSAGE_TYPE_ERROR: if (strcmp(dbus_message_get_error_name(reply), DBUS_ERROR_NO_REPLY) == 0) { @@ -18,3 +9,12 @@ goto done; } DEBUG(0,("The Data Provider returned an error [%s]\n", +@@ -711,7 +711,7 @@ + &sdp_req->dp_ret, + &sdp_req->err_msg); + if (ret != EOK) { +- if (ret == ETIME) { ++ if (ret == ETIMEDOUT) { + sdp_req->dp_err = DP_ERR_TIMEOUT; + sdp_req->dp_ret = ret; + sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); Index: files/patch-src__providers__ipa__ipa_hbac.h =================================================================== --- files/patch-src__providers__ipa__ipa_hbac.h (revision 0) +++ files/patch-src__providers__ipa__ipa_hbac.h (working copy) @@ -0,0 +1,10 @@ +--- ./src/providers/ipa/ipa_hbac.h.orig 2012-09-07 18:27:41.000000000 -0400 ++++ ./src/providers/ipa/ipa_hbac.h 2012-09-07 18:28:52.000000000 -0400 +@@ -39,6 +39,7 @@ + + #include + #include ++#include + + /** Result of HBAC evaluation */ + enum hbac_eval_result { Property changes on: files/patch-src__providers__ipa__ipa_hbac.h ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: files/patch-src__providers__krb5__krb5_child.c =================================================================== --- files/patch-src__providers__krb5__krb5_child.c (revision 303829) +++ files/patch-src__providers__krb5__krb5_child.c (working copy) @@ -1,5 +1,5 @@ ---- ./src/providers/krb5/krb5_child.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/krb5/krb5_child.c 2011-10-13 12:15:03.000000000 -0400 +--- ./src/providers/krb5/krb5_child.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/providers/krb5/krb5_child.c 2012-09-07 19:51:51.000000000 -0400 @@ -39,6 +39,15 @@ #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" @@ -16,21 +16,22 @@ struct krb5_child_ctx { /* opts taken from kinit */ /* in seconds */ -@@ -100,10 +109,10 @@ +@@ -100,11 +109,11 @@ static krb5_context krb5_error_ctx; static const char *__krb5_error_msg; -#define KRB5_DEBUG(level, krb5_error) do { \ - __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ -+#define KRB5_DEBUG(level, krb5_error, ctx) do { \ ++#define KRB5_DEBUG(level, krb5_error, ctx) do { \ + __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \ DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ + sss_log(SSS_LOG_ERR, "%s", __krb5_error_msg); \ - sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ -+ sss_krb5_free_error_message(ctx, __krb5_error_msg); \ - } while(0); ++ sss_krb5_free_error_message(ctx, __krb5_error_msg); \ + } while(0) static void sss_krb5_expire_callback_func(krb5_context context, void *data, -@@ -267,13 +276,13 @@ +@@ -271,13 +280,13 @@ kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc); if (kerr != 0) { @@ -46,7 +47,7 @@ goto done; } if (fd != -1) { -@@ -284,7 +293,7 @@ +@@ -288,7 +297,7 @@ if (creds == NULL) { kerr = create_empty_cred(ctx, princ, &l_cred); if (kerr != 0) { @@ -55,7 +56,7 @@ goto done; } } else { -@@ -293,13 +302,13 @@ +@@ -297,13 +306,13 @@ kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred); if (kerr != 0) { @@ -71,7 +72,7 @@ goto done; } tmp_cc = NULL; -@@ -420,7 +429,7 @@ +@@ -424,7 +433,7 @@ talloc_zfree(msg); } } else { @@ -80,7 +81,7 @@ if (krb5_msg == NULL) { DEBUG(1, ("sss_krb5_get_error_message failed.\n")); return NULL; -@@ -429,7 +438,7 @@ +@@ -433,7 +442,7 @@ ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO, strlen(krb5_msg) + 1, (const uint8_t *) krb5_msg); @@ -89,41 +90,33 @@ } if (ret != EOK) { DEBUG(1, ("pam_add_response failed.\n")); -@@ -527,7 +536,7 @@ +@@ -531,7 +540,7 @@ break; } -- kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); -+ kerr = krb5_kt_free_entry(kr->ctx, &entry); +- kerr = sss_krb5_free_keytab_entry_contents(kr->ctx, &entry); ++ kerr = krb5_kt_free_entry(kr->ctx, &entry); if (kerr != 0) { DEBUG(1, ("Failed to free keytab entry.\n")); } -@@ -575,7 +584,7 @@ - if (krb5_kt_close(kr->ctx, keytab) != 0) { - DEBUG(1, ("krb5_kt_close failed")); - } -- if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { -+ if (krb5_kt_free_entry(kr->ctx, &entry) != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } - if (principal != NULL) { -@@ -605,13 +614,13 @@ +@@ -642,14 +651,14 @@ kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, &options); if (kerr != 0) { - KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); ++ KRB5_DEBUG(1, kerr, ctx); return kerr; } - kerr = create_ccache_file(ctx, princ, ccname, &creds); + /* Use the updated principal in the creds in case canonicalized */ + kerr = create_ccache_file(ctx, creds.client, ccname, &creds); if (kerr != 0) { - KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); ++ KRB5_DEBUG(1, kerr, ctx); goto done; } kerr = 0; -@@ -633,21 +642,21 @@ +@@ -672,21 +681,21 @@ sss_krb5_expire_callback_func, kr); if (kerr != 0) { @@ -148,16 +141,16 @@ return kerr; } -@@ -668,7 +677,7 @@ - - kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds); +@@ -710,7 +719,7 @@ + kr->creds ? kr->creds->client : kr->princ, + kr->ccname, kr->creds); if (kerr != 0) { - KRB5_DEBUG(1, kerr); + KRB5_DEBUG(1, kerr, kr->ctx); goto done; } -@@ -692,7 +701,7 @@ +@@ -734,7 +743,7 @@ krb5_error_code kerr = 0; char *pass_str = NULL; char *newpass_str = NULL; @@ -166,7 +159,7 @@ int result_code = -1; krb5_data result_code_string; krb5_data result_string; -@@ -734,7 +743,7 @@ +@@ -776,7 +785,7 @@ changepw_princ, kr->options); if (kerr != 0) { @@ -175,7 +168,7 @@ if (kerr == KRB5_KDC_UNREACH) { pam_status = PAM_AUTHINFO_UNAVAIL; } -@@ -773,7 +782,7 @@ +@@ -815,7 +824,7 @@ if (kerr != 0 || result_code != 0) { if (kerr != 0) { @@ -184,7 +177,7 @@ } else { kerr = KRB5KRB_ERR_GENERIC; } -@@ -825,7 +834,7 @@ +@@ -867,7 +876,7 @@ memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size); if (kerr != 0) { @@ -193,7 +186,7 @@ if (kerr == KRB5_KDC_UNREACH) { pam_status = PAM_AUTHINFO_UNAVAIL; } -@@ -846,7 +855,7 @@ +@@ -888,7 +897,7 @@ krb5_error_code kerr = 0; char *pass_str = NULL; char *changepw_princ = NULL; @@ -202,7 +195,7 @@ if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { pam_status = PAM_CRED_INSUFFICIENT; -@@ -881,7 +890,7 @@ +@@ -923,7 +932,7 @@ kr->options, NULL, NULL); if (kerr != 0) { @@ -211,7 +204,7 @@ DEBUG(1, ("Failed to unset expire callback, continue ...\n")); } kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, -@@ -899,7 +908,7 @@ +@@ -941,7 +950,7 @@ memset(kr->pd->authtok, 0, kr->pd->authtok_size); if (kerr != 0) { @@ -220,7 +213,7 @@ switch (kerr) { case KRB5_KDC_UNREACH: pam_status = PAM_AUTHINFO_UNAVAIL; -@@ -911,7 +920,7 @@ +@@ -953,7 +962,7 @@ pam_status = PAM_CRED_ERR; break; default: @@ -229,7 +222,7 @@ } } -@@ -981,13 +990,13 @@ +@@ -1023,13 +1032,13 @@ kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache); if (kerr != 0) { @@ -245,7 +238,7 @@ if (kerr == KRB5_KDC_UNREACH) { status = PAM_AUTHINFO_UNAVAIL; } -@@ -997,7 +1006,7 @@ +@@ -1039,7 +1048,7 @@ if (kr->validate) { kerr = validate_tgt(kr); if (kerr != 0) { @@ -254,7 +247,7 @@ goto done; } -@@ -1019,13 +1028,13 @@ +@@ -1061,13 +1070,13 @@ kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ); if (kerr != 0) { @@ -270,7 +263,7 @@ goto done; } -@@ -1059,8 +1068,8 @@ +@@ -1101,8 +1110,8 @@ ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL); if (ret != 0) { @@ -281,7 +274,7 @@ } ret = sendresponse(fd, ret, pam_status, kr); -@@ -1375,19 +1384,20 @@ +@@ -1421,19 +1430,20 @@ kerr = krb5_init_context(&kr->ctx); if (kerr != 0) { @@ -305,32 +298,25 @@ goto failed; } -@@ -1400,18 +1410,18 @@ +@@ -1446,7 +1456,7 @@ kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); if (kerr != 0) { - KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); ++ KRB5_DEBUG(1, kerr, kr->ctx); goto failed; } - /* A prompter is used to catch messages about when a password will - * expired. The library shall not use the prompter to ask for a new password +@@ -1456,7 +1466,7 @@ * but shall return KRB5KDC_ERR_KEY_EXP. */ -- krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); -- if (kerr != 0) { + krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); + if (kerr != 0) { - KRB5_DEBUG(1, kerr); -- goto failed; -- } -+ // krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); -+ // if (kerr != 0) { -+ // KRB5_DEBUG(1, kerr, kr->ctx); -+ // goto failed; -+ // } - - lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); - if (lifetime_str == NULL) { -@@ -1422,7 +1432,7 @@ ++ KRB5_DEBUG(1, kerr, kr->ctx); + goto failed; + } + #endif +@@ -1470,7 +1480,7 @@ if (kerr != 0) { DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", lifetime_str)); @@ -339,7 +325,7 @@ goto failed; } krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime); -@@ -1437,7 +1447,7 @@ +@@ -1485,7 +1495,7 @@ if (kerr != 0) { DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", lifetime_str)); @@ -348,7 +334,7 @@ goto failed; } krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime); -@@ -1486,7 +1496,7 @@ +@@ -1536,7 +1546,7 @@ kr, &kr->fast_ccname); if (kerr != 0) { DEBUG(1, ("check_fast_ccache failed.\n")); @@ -357,7 +343,7 @@ goto failed; } -@@ -1496,7 +1506,7 @@ +@@ -1546,7 +1556,7 @@ if (kerr != 0) { DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name " "failed.\n")); @@ -366,7 +352,7 @@ goto failed; } -@@ -1507,7 +1517,7 @@ +@@ -1557,7 +1567,7 @@ if (kerr != 0) { DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags " "failed.\n")); Index: files/patch-src__util__sss_krb5.c =================================================================== --- files/patch-src__util__sss_krb5.c (revision 303829) +++ files/patch-src__util__sss_krb5.c (working copy) @@ -1,17 +1,6 @@ ---- ./src/util/sss_krb5.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_krb5.c 2011-10-13 12:15:03.000000000 -0400 -@@ -165,8 +165,8 @@ - - if (_realm) { - *_realm = talloc_asprintf(mem_ctx, "%.*s", -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data); -+ krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)), -+ krb5_princ_realm(krb_ctx, client_princ)); - if (!*_realm) { - DEBUG(1, ("talloc_asprintf failed")); - if (_principal) talloc_zfree(*_principal); -@@ -243,7 +243,7 @@ +--- ./src/util/sss_krb5.c.orig 2012-05-30 12:36:51.000000000 -0400 ++++ ./src/util/sss_krb5.c 2012-09-07 19:27:09.000000000 -0400 +@@ -251,7 +251,7 @@ } realm_name = talloc_strdup(tmp_ctx, default_realm); @@ -20,34 +9,7 @@ if (!realm_name) { ret = ENOMEM; goto done; -@@ -322,7 +322,7 @@ - found = true; - } - free(kt_principal); -- krberr = krb5_free_keytab_entry_contents(context, &entry); -+ krberr = krb5_kt_free_entry(context, &entry); - if (krberr) { - /* This should never happen. The API docs for this function - * specify only success for this function -@@ -466,7 +466,7 @@ - break; - } - -- kerr = krb5_free_keytab_entry_contents(ctx, &entry); -+ kerr = krb5_kt_free_entry(ctx, &entry); - if (kerr != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -504,7 +504,7 @@ - kerr = 0; - - done: -- kerr_d = krb5_free_keytab_entry_contents(ctx, &entry); -+ kerr_d = krb5_kt_free_entry(ctx, &entry); - if (kerr_d != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -540,7 +540,7 @@ +@@ -554,7 +554,7 @@ void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) { #ifdef HAVE_KRB5_GET_ERROR_MESSAGE @@ -56,3 +18,29 @@ #else free(s); #endif +@@ -1060,7 +1060,7 @@ + break; + } + +- if (!krb5_c_valid_enctype(entry.key.enctype) || ++ if (!krb5_c_valid_enctype(entry.keyblock.keytype) || + !krb5_principal_compare(context, entry.principal, princ)) { + continue; + } +@@ -1085,13 +1085,13 @@ + break; + } + } +- etypes[count] = entry.key.enctype; ++ etypes[count] = entry.keyblock.keytype; + count++; + + /* All DES key types work with des-cbc-crc, which is more likely to be + * accepted by the KDC (since MIT KDCs refuse des-cbc-md5). */ +- if (entry.key.enctype == ENCTYPE_DES_CBC_MD5 || +- entry.key.enctype == ENCTYPE_DES_CBC_MD4) { ++ if (entry.keyblock.keytype == ENCTYPE_DES_CBC_MD5 || ++ entry.keyblock.keytype == ENCTYPE_DES_CBC_MD4) { + etypes[count] = ENCTYPE_DES_CBC_CRC; + count++; + } Index: pkg-message =================================================================== --- pkg-message (revision 303829) +++ pkg-message (working copy) @@ -1,21 +0,0 @@ -================================================================================ -Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf -and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) - -To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf - -To enable pam integration, add a line similar to the following to -/etc/pam.d/system: - -login auth sufficient %%PREFIX%%/lib/pam_sss.so - -To enable NSS integration, update /etc/nsswitch.conf as follows: - -group: sss files -passwd: sss files - -For additional details, please see the man pages for pam.conf and nsswitch.conf - -An sssd HOWTO is also available: -https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2 -================================================================================ Index: pkg-plist =================================================================== --- pkg-plist (revision 303829) +++ pkg-plist (working copy) @@ -1,16 +1,3 @@ -share/locale/zh_TW/LC_MESSAGES/sssd.mo -share/locale/uk/LC_MESSAGES/sssd.mo -share/locale/sv/LC_MESSAGES/sssd.mo -share/locale/ru/LC_MESSAGES/sssd.mo -share/locale/pt/LC_MESSAGES/sssd.mo -share/locale/pl/LC_MESSAGES/sssd.mo -share/locale/nl/LC_MESSAGES/sssd.mo -share/locale/ja/LC_MESSAGES/sssd.mo -share/locale/it/LC_MESSAGES/sssd.mo -share/locale/id/LC_MESSAGES/sssd.mo -share/locale/fr/LC_MESSAGES/sssd.mo -share/locale/es/LC_MESSAGES/sssd.mo -share/locale/de/LC_MESSAGES/sssd.mo sbin/sssd sbin/sss_usermod sbin/sss_userdel @@ -20,6 +7,7 @@ sbin/sss_groupmod sbin/sss_groupdel sbin/sss_groupadd +sbin/sss_debuglevel sbin/sss_cache libexec/sssd/sssd_pam libexec/sssd/sssd_nss @@ -61,22 +49,15 @@ %%PYTHON_SITELIBDIR%%/SSSDConfig.py %%PYTHON_SITELIBDIR%%/SSSDConfig-1-py%%PYTHON_VER%%.egg-info include/ipa_hbac.h -etc/sssd/sssd.api.d/sssd-simple.conf -etc/sssd/sssd.api.d/sssd-proxy.conf -etc/sssd/sssd.api.d/sssd-local.conf -etc/sssd/sssd.api.d/sssd-ldap.conf -etc/sssd/sssd.api.d/sssd-krb5.conf -etc/sssd/sssd.api.d/sssd-ipa.conf -etc/sssd/sssd.api.conf etc/sssd/sssd.conf.sample @dirrmtry lib/pkgconfig @dirrmtry lib/ldb +@dirrm lib/sssd/modules +@dirrm lib/sssd @dirrmtry etc/sssd/sssd.api.d @dirrmtry etc/sssd -@dirrm share/sssd/introspect @dirrm share/sssd @dirrm libexec/sssd -@dirrm lib/sssd @unexec if cmp -s %D/etc/sssd/sssd.conf.sample %D/etc/sssd/sssd.conf; then rm -f %D/etc/sssd/sssd.conf; fi @exec if [ ! -f %D/etc/sssd/sssd.conf ]; then cp -p %D/%F %B/sssd.conf; fi @unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi Index: Makefile =================================================================== --- Makefile (revision 303829) +++ Makefile (working copy) @@ -6,29 +6,29 @@ # PORTNAME= sssd -DISTVERSION= 1.6.1 -PORTREVISION= 1 +DISTVERSION= 1.8.4 CATEGORIES= security -MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ +MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ + http://mirrors.rit.edu/zi/ MAINTAINER= aweits@rit.edu COMMENT= System Security Services Daemon LICENSE= GPLv3 -LIB_DEPENDS= popt.0:${PORTSDIR}/devel/popt \ - talloc.2:${PORTSDIR}/devel/talloc \ - tevent.0:${PORTSDIR}/devel/tevent \ - xslt.2:${PORTSDIR}/textproc/libxslt \ - tdb.1:${PORTSDIR}/databases/tdb \ +LIB_DEPENDS= popt:${PORTSDIR}/devel/popt \ + talloc:${PORTSDIR}/devel/talloc \ + tevent:${PORTSDIR}/devel/tevent \ + xslt:${PORTSDIR}/textproc/libxslt \ + tdb:${PORTSDIR}/databases/tdb \ ldb:${PORTSDIR}/databases/ldb \ - cares.2:${PORTSDIR}/dns/c-ares \ + cares:${PORTSDIR}/dns/c-ares \ dbus:${PORTSDIR}/devel/dbus \ - dhash.1:${PORTSDIR}/devel/ding-libs \ - pcre.1:${PORTSDIR}/devel/pcre \ - unistring.1:${PORTSDIR}/devel/libunistring \ - nss3.1:${PORTSDIR}/security/nss \ - sasl2.2:${PORTSDIR}/security/cyrus-sasl2 \ + dhash:${PORTSDIR}/devel/ding-libs \ + pcre:${PORTSDIR}/devel/pcre \ + unistring:${PORTSDIR}/devel/libunistring \ + nss3:${PORTSDIR}/security/nss \ + sasl2:${PORTSDIR}/security/cyrus-sasl2 \ xml2:${PORTSDIR}/textproc/libxml2 BUILD_DEPENDS= xmlcatalog:${PORTSDIR}/textproc/libxml2 \ docbook-xsl>=0:${PORTSDIR}/textproc/docbook-xsl @@ -38,16 +38,18 @@ CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ --with-ldb-lib-dir=${LOCALBASE}/lib/ldb \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ - --with-libnl=no --with-init-dir=no \ + --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ --docdir=${WRKDIR}/docs --with-pid-path=/var/run \ --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ --with-pubconf-path=/var/run/sss CFLAGS+= -L${LOCALBASE}/lib -fstack-protector-all PLIST_SUB= PYTHON_VER=${PYTHON_VER} +MAKE_ENV+= LINGUAS="" +SUB_FILES= pkg-message #DEBUG_FLAGS= -g -USE_AUTOTOOLS= autoconf automake +USE_AUTOTOOLS= autoconf automake libtoolize USE_LDCONFIG= yes USE_PYTHON= yes USE_OPENLDAP= yes @@ -63,8 +65,10 @@ MAN8= pam_sss.8 sss_cache.8 sss_groupadd.8 sss_groupdel.8 \ sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \ sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \ - sssd_krb5_locator_plugin.8 + sssd_krb5_locator_plugin.8 sss_debuglevel.8 +PORTDATA= * + .include .if ${OSVERSION} < 800107 @@ -77,37 +81,47 @@ AUTOTOOLSFILES= aclocal.m4 post-patch: - @${REINPLACE_CMD} -e 's|1.11.1|%%AUTOMAKE_APIVER%%|g' ${WRKSRC}/aclocal.m4 + @${REINPLACE_CMD} -e 's|1.11.1|%%AUTOMAKE_APIVER%%|g' \ + ${WRKSRC}/aclocal.m4 @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c - @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' ${WRKSRC}/src/util/util.h - @${REINPLACE_CMD} -e '/pam_misc/d' ${WRKSRC}/src/sss_client/pam_test_client.c - @${REINPLACE_CMD} -e '/ETIME/d' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's| -lpam_misc||g' ${WRKSRC}/Makefile.am ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 - @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|security/pam_ext.h|security/pam_appl.h|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' ${WRKSRC}/src/sss_client/sss_pam_macros.h - @${REINPLACE_CMD} -e 's|#include ||g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|pam_vsyslog(pamh,|vsyslog(|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ + @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \ + ${WRKSRC}/src/util/util.h + @${REINPLACE_CMD} -e '/pam_misc/d' \ + ${WRKSRC}/src/sss_client/pam_test_client.c + @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' \ + ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 + @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \ + -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \ + -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \ + -e '/ETIME/d' \ + -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \ + ${WRKSRC}/src/sss_client/common.c + @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' \ + ${WRKSRC}/src/sss_client/sss_pam_macros.h + @${REINPLACE_CMD} -e 's|#include ||g' \ + -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' \ + -e 's|security/pam_ext.h|security/pam_appl.h|g' \ + -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \ + -e 's|pam_vsyslog(pamh,|vsyslog(|g' \ + ${WRKSRC}/src/sss_client/pam_sss.c + @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' \ + ${WRKSRC}/Makefile.in + @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' \ + -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ + -e 's|install-data-hook|notinstall-data-hook|g' \ + -e 's| -lpam_misc||g' \ ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am - @${REINPLACE_CMD} -e 's|install-data-hook|notinstall-data-hook|g' ${WRKSRC}/Makefile.in \ - ${WRKSRC}/Makefile.am - @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in \ - ${WRKSRC}/Makefile.am - @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' ${WRKSRC}/src/man/*xml - @${REINPLACE_CMD} -e 's|/etc/openldap/|${PREFIX}/etc/openldap/|g' ${WRKSRC}/src/man/*xml + @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ + -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ + ${WRKSRC}/src/man/*xml @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c +pre-configure: + (cd ${WRKSRC} && ${AUTORECONF} -i -f) + post-install: - ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd.conf ${ETCDIR}/sssd.conf.sample + ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf ${ETCDIR}/sssd.conf.sample (cd ${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1) (cd ${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5) @${RM} -f ${PREFIX}/lib/ldb/memberof.la >Release-Note: >Audit-Trail: >Unformatted: