Date: Sun, 20 Dec 2009 19:14:12 GMT From: "Alexander V. Chernikov" <melifaro@ipfw.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/141822: [maintainer update] net/nss_ldapd update Message-ID: <200912201914.nBKJECJR024080@www.freebsd.org> Resent-Message-ID: <200912201920.nBKJK0vN036817@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 141822 >Category: ports >Synopsis: [maintainer update] net/nss_ldapd update >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Sun Dec 20 19:20:00 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Alexander V. Chernikov >Release: FreeBSD 9.0-CURRENT >Organization: >Environment: FreeBSD ws.ipfw.ru 9.0-CURRENT FreeBSD 9.0-CURRENT #0: Fri Oct 23 22:14:57 MSD 2009 root@ws.ipfw.ru:/var/ports_tmp/usj/obj/usr/src/sys/WS amd64 >Description: * Update to 0.7.1 * Add pam module option >How-To-Repeat: >Fix: Patch attached with submission follows: diff -urN net/nss_ldapd.orig/Makefile net/nss_ldapd/Makefile --- net/nss_ldapd.orig/Makefile 2009-08-25 02:44:16.000000000 +0400 +++ net/nss_ldapd/Makefile 2009-12-20 22:07:24.000000000 +0300 @@ -6,12 +6,11 @@ # PORTNAME= nss_ldapd -PORTVERSION= 0.6.11 -PORTREVISION= 1 +PORTVERSION= 0.7.1 CATEGORIES= net -MASTER_SITES= http://arthurdejong.org/nss-ldapd/ \ +MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/ \ http://static.ipfw.ru/files/ -DISTNAME= nss-ldapd-${PORTVERSION} +DISTNAME= nss-pam-ldapd-${PORTVERSION} MAINTAINER= melifaro@ipfw.ru COMMENT= Advanced fork of nss_ldap @@ -26,7 +25,8 @@ NSLCD_SOCKET?= /var/run/nslcd.ctl OPTIONS= NSS_COMPAT "Enable nss_ldap compatibility" on \ - SASL "Enable SASL" off + SASL "Enable SASL" off \ + PAM "Build pam_ldap" on .include <bsd.port.pre.mk> @@ -46,9 +46,8 @@ .endif .if defined(WITH_NSS_COMPAT) -CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf +CONFIGURE_ARGS+= --enable-nss_compat --disable-configfile-checking --with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf PLIST_SUB+= CONFIG="nss_ldap" -EXTRA_PATCHES+= ${PATCHDIR}/nss_compat.diff .else CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/nss_ldapd.conf PLIST_SUB+= CONFIG="nss_ldapd" @@ -63,8 +62,12 @@ .if defined(WITH_PAM) CONFIGURE_ARGS+= --enable-pam +MAN8+= pam_ldap.8 +CONFLICTS+= pam_ldap-1.* +PLIST_SUB+= PAM="" .else CONFIGURE_ARGS+= --disable-pam +PLIST_SUB+= PAM="@comment " .endif .if defined(WITHOUT_NSS) @@ -82,16 +85,14 @@ .else CONFIGURE_ARGS+= --enable-nslcd PLIST_SUB+= NSLCD="" -MAN8= nslcd.8 +MAN5+= nslcd.conf.5 +MAN8+= nslcd.8 .endif -MAN5= nss-ldapd.conf.5 - post-extract: @${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in @${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/;s/exports\.linux/exports.freebsd/' ${WRKSRC}/nss/Makefile.in @${REINPLACE_CMD} -e 's/^NSS_VERS = .*/NSS_VERS = 1/;s/libnss_ldap\.so/nss_ldap.so/' ${WRKSRC}/nss/Makefile.in - @${MV} ${WRKSRC}/nss/exports.linux ${WRKSRC}/nss/exports.freebsd @${REINPLACE_CMD} -e 's/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF)/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF).sample/' ${WRKSRC}/Makefile.in post-install: diff -urN net/nss_ldapd.orig/distinfo net/nss_ldapd/distinfo --- net/nss_ldapd.orig/distinfo 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/distinfo 2009-12-20 14:05:28.000000000 +0300 @@ -1,3 +1,3 @@ -MD5 (nss-ldapd-0.6.11.tar.gz) = 8e5087f74a128f2c12f974c176803747 -SHA256 (nss-ldapd-0.6.11.tar.gz) = ac41292c8c7c2a4fb2e77ee9bc165ecefc84e8c33682f8c87ee69381830a8aff -SIZE (nss-ldapd-0.6.11.tar.gz) = 415271 +MD5 (nss-pam-ldapd-0.7.1.tar.gz) = 11a31772554a452a5d978b39665fcf80 +SHA256 (nss-pam-ldapd-0.7.1.tar.gz) = c1a80ecb7def43171b36600f48ba32fe7822aa07541f90edb9481c641539467f +SIZE (nss-pam-ldapd-0.7.1.tar.gz) = 430508 diff -urN net/nss_ldapd.orig/files/nss_compat.diff net/nss_ldapd/files/nss_compat.diff --- net/nss_ldapd.orig/files/nss_compat.diff 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/nss_compat.diff 1970-01-01 03:00:00.000000000 +0300 @@ -1,75 +0,0 @@ ---- nslcd/cfg.c.orig 2009-06-19 16:03:14.000000000 +0400 -+++ nslcd/cfg.c 2009-08-10 20:41:31.000000000 +0400 -@@ -33,6 +33,7 @@ - #include <sys/types.h> - #include <sys/stat.h> - #include <unistd.h> -+#include <libgen.h> - #include <errno.h> - #include <netdb.h> - #include <sys/socket.h> -@@ -649,13 +650,31 @@ - { - FILE *fp; - int lnr=0; -- char linebuf[MAX_LINE_LENGTH]; -+ char linebuf[MAX_LINE_LENGTH], secret_path[512]; - char *line; - char keyword[32]; - char token[64]; - int i; - int rc; - char *value; -+ -+ /* get secret password */ -+ snprintf(secret_path, sizeof(secret_path), "%s/nss_ldap.secret", dirname(filename)); -+ if ((fp=fopen(secret_path,"r"))==NULL) -+ { -+ log_log(LOG_ERR,"cannot open secret file (%s): %s",secret_path,strerror(errno)); -+ /* exit(EXIT_FAILURE); */ -+ } -+ else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL) -+ { -+ i=strlen(linebuf); -+ if (i>0) -+ linebuf[i-1]='\0'; -+ cfg->ldc_bindpw=strdup(linebuf); -+ } -+ if (fp!=NULL) -+ fclose(fp); -+ - /* open config file */ - if ((fp=fopen(filename,"r"))==NULL) - { -@@ -724,13 +743,14 @@ - get_int(filename,lnr,keyword,&line,&cfg->ldc_version); - get_eol(filename,lnr,keyword,&line); - } -- else if (strcasecmp(keyword,"binddn")==0) -+ else if (strcasecmp(keyword,"rootbinddn")==0) - { - get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn); - } - else if (strcasecmp(keyword,"bindpw")==0) - { -- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); -+ if (cfg->ldc_bindpw == NULL) -+ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); - } - /* SASL authentication options */ - else if (strcasecmp(keyword,"sasl_authcid")==0) -@@ -931,12 +951,14 @@ - get_int(filename,lnr,keyword,&line,&cfg->ldc_pagesize); - get_eol(filename,lnr,keyword,&line); - } -+#if 0 - /* fallthrough */ - else - { - log_log(LOG_ERR,"%s:%d: unknown keyword: '%s'",filename,lnr,keyword); - exit(EXIT_FAILURE); - } -+#endif - } - /* we're done reading file, close */ - fclose(fp); diff -urN net/nss_ldapd.orig/files/nss_patch.diff net/nss_ldapd/files/nss_patch.diff --- net/nss_ldapd.orig/files/nss_patch.diff 1970-01-01 03:00:00.000000000 +0300 +++ net/nss_ldapd/files/nss_patch.diff 2009-12-20 20:12:32.000000000 +0300 @@ -0,0 +1,83 @@ +--- configure.ac.orig 2009-10-17 20:09:01.000000000 +0400 ++++ configure.ac 2009-12-20 19:58:24.000000000 +0300 +@@ -160,6 +160,20 @@ + AC_DEFINE(ENABLE_CONFIGFILE_CHECKING,1,[Whether to check configfile options.]) + fi + ++# check whether nss_compat options should be checked ++AC_MSG_CHECKING([whether to check nss_compat option]) ++AC_ARG_ENABLE(nss_compat_checking, ++ AS_HELP_STRING([--enable-nss_compat], ++ [check nss_compat option [[default=no]]]), ++ [nss_compat_checking=$enableval], ++ [nss_compat_checking="no"]) ++AC_MSG_RESULT($nss_compat_checking) ++if test "x$nss_compat_checking" = "xyes" ++then ++ AC_CHECK_HEADERS([libgen.h], [], [AC_MSG_ERROR([libgen.h is required for nss_compat])]) ++ AC_DEFINE(ENABLE_NSS_COMPAT,1,[Whether to check nss_compat options.]) ++fi ++ + # check the name of the configuration file + AC_ARG_WITH(ldap-conf-file, + AS_HELP_STRING([--with-ldap-conf-file=PATH], +--- nslcd/cfg.c.orig 2009-10-05 21:47:47.000000000 +0400 ++++ nslcd/cfg.c 2009-12-20 18:10:37.000000000 +0300 +@@ -33,6 +33,9 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <unistd.h> ++#ifdef ENABLE_NSS_COMPAT ++#include <libgen.h> ++#endif + #include <errno.h> + #include <netdb.h> + #include <sys/socket.h> +@@ -665,6 +668,25 @@ + int rc; + char *value; + #endif ++#ifdef ENABLE_NSS_COMPAT ++ /* get secret password */ ++ snprintf(linebuf, sizeof(linebuf), "%s/nss_ldap.secret", dirname(filename)); ++ if ((fp=fopen(linebuf,"r"))==NULL) ++ { ++ log_log(LOG_ERR,"cannot open secret file (%s): %s",linebuf,strerror(errno)); ++ /* exit(EXIT_FAILURE); */ ++ } ++ else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL) ++ { ++ i=strlen(linebuf); ++ if (i>0) ++ linebuf[i-1]='\0'; ++ cfg->ldc_bindpw=strdup(linebuf); ++ } ++ if (fp!=NULL) ++ fclose(fp); ++#endif ++ + /* open config file */ + if ((fp=fopen(filename,"r"))==NULL) + { +@@ -733,13 +755,20 @@ + get_int(filename,lnr,keyword,&line,&cfg->ldc_version); + get_eol(filename,lnr,keyword,&line); + } ++#ifdef ENABLE_NSS_COMPAT ++ else if (strcasecmp(keyword,"rootbinddn")==0) ++#else + else if (strcasecmp(keyword,"binddn")==0) ++#endif + { + get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn); + } + else if (strcasecmp(keyword,"bindpw")==0) + { +- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); ++#ifdef ENABLE_NSS_COMPAT ++ if (cfg->ldc_bindpw == NULL) ++#endif ++ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); + } + /* SASL authentication options */ + else if (strcasecmp(keyword,"sasl_authcid")==0) diff -urN net/nss_ldapd.orig/files/patch-configure net/nss_ldapd/files/patch-configure --- net/nss_ldapd.orig/files/patch-configure 1970-01-01 03:00:00.000000000 +0300 +++ net/nss_ldapd/files/patch-configure 2009-12-20 20:12:04.000000000 +0300 @@ -0,0 +1,212 @@ +--- config.h.in.orig 2009-12-20 17:49:41.000000000 +0300 ++++ config.h.in 2009-12-20 17:41:46.000000000 +0300 +@@ -3,6 +3,9 @@ + /* Whether to check configfile options. */ + #undef ENABLE_CONFIGFILE_CHECKING + ++/* Whether to check nss_compat options. */ ++#undef ENABLE_NSS_COMPAT ++ + /* Define to 1 if you have the <aliases.h> header file. */ + #undef HAVE_ALIASES_H + +--- configure.orig 19:44:43.000000000 +0300 ++++ configure 2009-12-20 19:47:20.000000000 +0300 +@@ -779,6 +779,7 @@ + enable_sasl + enable_kerberos + enable_configfile_checking ++enable_nss_compat + with_ldap_conf_file + with_nslcd_pidfile + with_nslcd_socket +@@ -1437,6 +1438,7 @@ + --disable-kerberos disable Kerberos support [default=yes] + --disable-configfile-checking + check configfile options [default=yes] ++ --enable-nss_compat check nss_compat option [default=no] + + Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] +@@ -5117,6 +5119,181 @@ + + fi + ++# check whether nss_compat options should be checked ++{ $as_echo "$as_me:$LINENO: checking whether to check nss_compat option" >&5 ++$as_echo_n "checking whether to check nss_compat option... " >&6; } ++# Check whether --enable-nss_compat was given. ++if test "${enable_nss_compat+set}" = set; then ++ enableval=$enable_nss_compat; nss_compat=$enableval ++else ++ nss_compat="no" ++fi ++ ++{ $as_echo "$as_me:$LINENO: result: $nss_compat" >&5 ++$as_echo "$nss_compat" >&6; } ++if test "x$nss_compat" = "xyes" ++then ++ ++for ac_header in libgen.h ++do ++as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then ++ { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 ++$as_echo_n "checking for $ac_header... " >&6; } ++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then ++ $as_echo_n "(cached) " >&6 ++fi ++ac_res=`eval 'as_val=${'$as_ac_Header'} ++ $as_echo "$as_val"'` ++ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++else ++ # Is the header compilable? ++{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 ++$as_echo_n "checking $ac_header usability... " >&6; } ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++$ac_includes_default ++#include <$ac_header> ++_ACEOF ++rm -f conftest.$ac_objext ++if { (ac_try="$ac_compile" ++case "(($ac_try" in ++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; ++ *) ac_try_echo=$ac_try;; ++esac ++eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" ++$as_echo "$ac_try_echo") >&5 ++ (eval "$ac_compile") 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && { ++ test -z "$ac_c_werror_flag" || ++ test ! -s conftest.err ++ } && test -s conftest.$ac_objext; then ++ ac_header_compiler=yes ++else ++ $as_echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ac_header_compiler=no ++fi ++ ++rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext ++{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 ++$as_echo "$ac_header_compiler" >&6; } ++ ++# Is the header present? ++{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 ++$as_echo_n "checking $ac_header presence... " >&6; } ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++#include <$ac_header> ++_ACEOF ++if { (ac_try="$ac_cpp conftest.$ac_ext" ++case "(($ac_try" in ++ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; ++ *) ac_try_echo=$ac_try;; ++esac ++eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" ++$as_echo "$ac_try_echo") >&5 ++ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } >/dev/null && { ++ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || ++ test ! -s conftest.err ++ }; then ++ ac_header_preproc=yes ++else ++ $as_echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ ac_header_preproc=no ++fi ++ ++rm -f conftest.err conftest.$ac_ext ++{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 ++$as_echo "$ac_header_preproc" >&6; } ++ ++# So? What about this header? ++case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in ++ yes:no: ) ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 ++$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 ++$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} ++ ac_header_preproc=yes ++ ;; ++ no:yes:* ) ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 ++$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 ++$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 ++$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 ++$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 ++$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} ++ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 ++$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} ++ ( cat <<\_ASBOX ++## -------------------------------------- ## ++## Report this to arthur@arthurdejong.org ## ++## -------------------------------------- ## ++_ASBOX ++ ) | sed "s/^/$as_me: WARNING: /" >&2 ++ ;; ++esac ++{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 ++$as_echo_n "checking for $ac_header... " >&6; } ++if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then ++ $as_echo_n "(cached) " >&6 ++else ++ eval "$as_ac_Header=\$ac_header_preproc" ++fi ++ac_res=`eval 'as_val=${'$as_ac_Header'} ++ $as_echo "$as_val"'` ++ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 ++$as_echo "$ac_res" >&6; } ++ ++fi ++if test `eval 'as_val=${'$as_ac_Header'} ++ $as_echo "$as_val"'` = yes; then ++ cat >>confdefs.h <<_ACEOF ++#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 ++_ACEOF ++ ++else ++ { { $as_echo "$as_me:$LINENO: error: libgen.h is required for nss_compat" >&5 ++$as_echo "$as_me: error: libgen.h is required for nss_compat" >&2;} ++ { (exit 1); exit 1; }; } ++fi ++ ++done ++ ++ ++cat >>confdefs.h <<\_ACEOF ++#define ENABLE_NSS_COMPAT 1 ++_ACEOF ++ ++fi ++ + # check the name of the configuration file + + # Check whether --with-ldap-conf-file was given. diff -urN net/nss_ldapd.orig/files/patch-nslcd__cfg.c net/nss_ldapd/files/patch-nslcd__cfg.c --- net/nss_ldapd.orig/files/patch-nslcd__cfg.c 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nslcd__cfg.c 2009-12-20 18:11:26.000000000 +0300 @@ -1,23 +1,60 @@ ---- ./nslcd/cfg.c.orig 2009-08-02 22:32:27.000000000 +0000 -+++ ./nslcd/cfg.c 2009-08-02 22:49:26.000000000 +0000 -@@ -37,14 +37,13 @@ +--- nslcd/cfg.c.orig 2009-10-05 21:47:47.000000000 +0400 ++++ nslcd/cfg.c 2009-12-20 18:10:37.000000000 +0300 +@@ -33,6 +33,9 @@ + #include <sys/types.h> + #include <sys/stat.h> + #include <unistd.h> ++#ifdef ENABLE_NSS_COMPAT ++#include <libgen.h> ++#endif #include <errno.h> #include <netdb.h> #include <sys/socket.h> --#ifdef HAVE_GSSAPI_H --#include <gssapi.h> --#endif /* HAVE_GSSAPI_H */ --#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H -+#if HAVE_GSSAPI_GSSAPI_H - #include <gssapi/gssapi.h> --#include <gssapi/gssapi_krb5.h> --#endif /* HAVE_GSSAPI_GSSAPI_KRB5_H */ --#include <sys/types.h> -+#elif HAVE_GSSAPI_GSSAPI_GENERIC_H -+#include <gssapi/gssapi_generic.h> -+#elif HAVE_GSSAPI_H -+#include <gssapi.h> +@@ -665,6 +668,25 @@ + int rc; + char *value; + #endif ++#ifdef ENABLE_NSS_COMPAT ++ /* get secret password */ ++ snprintf(linebuf, sizeof(linebuf), "%s/nss_ldap.secret", dirname(filename)); ++ if ((fp=fopen(linebuf,"r"))==NULL) ++ { ++ log_log(LOG_ERR,"cannot open secret file (%s): %s",linebuf,strerror(errno)); ++ /* exit(EXIT_FAILURE); */ ++ } ++ else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL) ++ { ++ i=strlen(linebuf); ++ if (i>0) ++ linebuf[i-1]='\0'; ++ cfg->ldc_bindpw=strdup(linebuf); ++ } ++ if (fp!=NULL) ++ fclose(fp); ++#endif ++ + /* open config file */ + if ((fp=fopen(filename,"r"))==NULL) + { +@@ -733,13 +755,20 @@ + get_int(filename,lnr,keyword,&line,&cfg->ldc_version); + get_eol(filename,lnr,keyword,&line); + } ++#ifdef ENABLE_NSS_COMPAT ++ else if (strcasecmp(keyword,"rootbinddn")==0) ++#else + else if (strcasecmp(keyword,"binddn")==0) ++#endif + { + get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn); + } + else if (strcasecmp(keyword,"bindpw")==0) + { +- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); ++#ifdef ENABLE_NSS_COMPAT ++ if (cfg->ldc_bindpw == NULL) +#endif - #include <pwd.h> - #include <grp.h> - ++ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); + } + /* SASL authentication options */ + else if (strcasecmp(keyword,"sasl_authcid")==0) diff -urN net/nss_ldapd.orig/files/patch-nslcd__common.c net/nss_ldapd/files/patch-nslcd__common.c --- net/nss_ldapd.orig/files/patch-nslcd__common.c 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nslcd__common.c 1970-01-01 03:00:00.000000000 +0300 @@ -1,12 +0,0 @@ ---- ./nslcd/common.c.orig 2009-02-27 17:27:08.000000000 +0000 -+++ ./nslcd/common.c 2009-08-02 22:32:27.000000000 +0000 -@@ -27,6 +27,9 @@ - #include <stdarg.h> - #include <sys/types.h> - #include <sys/socket.h> -+#ifdef __FreeBSD__ -+#include <netinet/in.h> -+#endif - #include <arpa/inet.h> - #include <strings.h> - #include <limits.h> diff -urN net/nss_ldapd.orig/files/patch-nslcd__common.h net/nss_ldapd/files/patch-nslcd__common.h --- net/nss_ldapd.orig/files/patch-nslcd__common.h 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nslcd__common.h 1970-01-01 03:00:00.000000000 +0300 @@ -1,30 +0,0 @@ ---- ./nslcd/common.h.orig 2009-06-03 10:31:05.000000000 +0000 -+++ ./nslcd/common.h 2009-08-02 22:32:27.000000000 +0000 -@@ -124,9 +124,9 @@ - int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session); - int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session); - int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session); --int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session); --int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session); --int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session); -+int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t uid); -+int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t uid); -+int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t uid); - int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session); - int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session); - int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session); -@@ -145,8 +145,12 @@ - int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session); - - /* macro for generating service handling code */ --#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) \ -- int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \ -+#define COMMA , -+#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) NSLCD_HANDLE_PARAMS(db,fn,,readfn,logcall,action,mkfilter,writefn) -+#define NSLCD_HANDLE_UID(db,fn,readfn,logcall,action,mkfilter,writefn) NSLCD_HANDLE_PARAMS(db,fn,COMMA uid_t calleruid,readfn,logcall,action,mkfilter,writefn) -+ -+#define NSLCD_HANDLE_PARAMS(db,fn,params,readfn,logcall,action,mkfilter,writefn) \ -+ int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session params ) \ - { \ - /* define common variables */ \ - int32_t tmpint32; \ diff -urN net/nss_ldapd.orig/files/patch-nslcd__nslcd.c net/nss_ldapd/files/patch-nslcd__nslcd.c --- net/nss_ldapd.orig/files/patch-nslcd__nslcd.c 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nslcd__nslcd.c 1970-01-01 03:00:00.000000000 +0300 @@ -1,15 +0,0 @@ ---- ./nslcd/nslcd.c.orig 2009-06-12 21:53:18.000000000 +0000 -+++ ./nslcd/nslcd.c 2009-08-02 22:32:27.000000000 +0000 -@@ -398,9 +398,9 @@ - case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp,session); break; - case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp,session); break; - case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp,session); break; -- case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session); break; -- case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session); break; -- case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session); break; -+ case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session,uid); break; -+ case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session,uid); break; -+ case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session,uid); break; - case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp,session); break; - case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break; - case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp,session); break; diff -urN net/nss_ldapd.orig/files/patch-nslcd__passwd.c net/nss_ldapd/files/patch-nslcd__passwd.c --- net/nss_ldapd.orig/files/patch-nslcd__passwd.c 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nslcd__passwd.c 1970-01-01 03:00:00.000000000 +0300 @@ -1,61 +0,0 @@ ---- ./nslcd/passwd.c.orig 2009-06-29 19:04:54.000000000 +0000 -+++ ./nslcd/passwd.c 2009-08-02 22:32:27.000000000 +0000 -@@ -292,7 +292,7 @@ - #define MAXUIDS_PER_ENTRY 5 - - static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser, -- const uid_t *requid) -+ const uid_t *requid,uid_t calleruid) - { - int32_t tmpint32; - const char **tmpvalues; -@@ -323,7 +323,7 @@ - else - { - passwd=get_userpassword(entry,attmap_passwd_userPassword); -- if (passwd==NULL) -+ if ((passwd==NULL) || (calleruid!=0)) - passwd=default_passwd_userPassword; - } - /* get the uids for this entry */ -@@ -451,7 +451,7 @@ - return 0; - } - --NSLCD_HANDLE( -+NSLCD_HANDLE_UID( - passwd,byname, - char name[256]; - char filter[1024]; -@@ -463,10 +463,10 @@ - log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name);, - NSLCD_ACTION_PASSWD_BYNAME, - mkfilter_passwd_byname(name,filter,sizeof(filter)), -- write_passwd(fp,entry,name,NULL) -+ write_passwd(fp,entry,name,NULL,calleruid) - ) - --NSLCD_HANDLE( -+NSLCD_HANDLE_UID( - passwd,byuid, - uid_t uid; - char filter[1024]; -@@ -474,15 +474,15 @@ - log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid);, - NSLCD_ACTION_PASSWD_BYUID, - mkfilter_passwd_byuid(uid,filter,sizeof(filter)), -- write_passwd(fp,entry,NULL,&uid) -+ write_passwd(fp,entry,NULL,&uid,calleruid) - ) - --NSLCD_HANDLE( -+NSLCD_HANDLE_UID( - passwd,all, - const char *filter; - /* no parameters to read */, - log_log(LOG_DEBUG,"nslcd_passwd_all()");, - NSLCD_ACTION_PASSWD_ALL, - (filter=passwd_filter,0), -- write_passwd(fp,entry,NULL,NULL) -+ write_passwd(fp,entry,NULL,NULL,calleruid) - ) diff -urN net/nss_ldapd.orig/files/patch-nss__bsdnss.c net/nss_ldapd/files/patch-nss__bsdnss.c --- net/nss_ldapd.orig/files/patch-nss__bsdnss.c 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nss__bsdnss.c 2009-12-20 16:07:10.000000000 +0300 @@ -1,5 +1,5 @@ ---- ./nss/bsdnss.c.orig 2009-08-10 16:06:22.000000000 +0000 -+++ ./nss/bsdnss.c 2009-08-10 15:58:04.000000000 +0000 +--- nss/bsdnss.c.orig 2009-08-10 16:06:22.000000000 +0000 ++++ nss/bsdnss.c 2009-08-10 15:58:04.000000000 +0000 @@ -0,0 +1,157 @@ +#include <errno.h> +#include <sys/param.h> diff -urN net/nss_ldapd.orig/files/patch-nss__exports.freebsd net/nss_ldapd/files/patch-nss__exports.freebsd --- net/nss_ldapd.orig/files/patch-nss__exports.freebsd 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nss__exports.freebsd 2009-12-20 15:59:38.000000000 +0300 @@ -1,9 +1,86 @@ ---- ./nss/exports.freebsd.orig 2007-12-31 16:49:01.000000000 +0000 -+++ ./nss/exports.freebsd 2009-08-02 22:32:27.000000000 +0000 -@@ -78,6 +78,27 @@ - _nss_ldap_getspent_r; - _nss_ldap_endspent; - +--- nss/exports.freebsd.orig 2009-12-20 15:58:25.000000000 +0300 ++++ nss/exports.freebsd 2009-12-20 15:57:47.000000000 +0300 +@@ -0,0 +1,106 @@ ++EXPORTED { ++ ++ # published NSS service functions ++ global: ++ ++ # aliases - mail aliases ++ _nss_ldap_getaliasbyname_r; ++ _nss_ldap_setaliasent; ++ _nss_ldap_getaliasent_r; ++ _nss_ldap_endaliasent; ++ ++ # ethers - ethernet numbers ++ _nss_ldap_gethostton_r; ++ _nss_ldap_getntohost_r; ++ _nss_ldap_setetherent; ++ _nss_ldap_getetherent_r; ++ _nss_ldap_endetherent; ++ ++ # group - groups of users ++ _nss_ldap_getgrnam_r; ++ _nss_ldap_getgrgid_r; ++ _nss_ldap_initgroups_dyn; ++ _nss_ldap_setgrent; ++ _nss_ldap_getgrent_r; ++ _nss_ldap_endgrent; ++ ++ # hosts - host names and numbers ++ _nss_ldap_gethostbyname_r; ++ _nss_ldap_gethostbyname2_r; ++ _nss_ldap_gethostbyaddr_r; ++ _nss_ldap_sethostent; ++ _nss_ldap_gethostent_r; ++ _nss_ldap_endhostent; ++ ++ # netgroup - list of host and users ++ _nss_ldap_setnetgrent; ++ _nss_ldap_getnetgrent_r; ++ _nss_ldap_endnetgrent; ++ ++ # networks - network names and numbers ++ _nss_ldap_getnetbyname_r; ++ _nss_ldap_getnetbyaddr_r; ++ _nss_ldap_setnetent; ++ _nss_ldap_getnetent_r; ++ _nss_ldap_endnetent; ++ ++ # passwd - user database and passwords ++ _nss_ldap_getpwnam_r; ++ _nss_ldap_getpwuid_r; ++ _nss_ldap_setpwent; ++ _nss_ldap_getpwent_r; ++ _nss_ldap_endpwent; ++ ++ # protocols - network protocols ++ _nss_ldap_getprotobyname_r; ++ _nss_ldap_getprotobynumber_r; ++ _nss_ldap_setprotoent; ++ _nss_ldap_getprotoent_r; ++ _nss_ldap_endprotoent; ++ ++ # rpc - remote procedure call names and numbers ++ _nss_ldap_getrpcbyname_r; ++ _nss_ldap_getrpcbynumber_r; ++ _nss_ldap_setrpcent; ++ _nss_ldap_getrpcent_r; ++ _nss_ldap_endrpcent; ++ ++ # services - network services ++ _nss_ldap_getservbyname_r; ++ _nss_ldap_getservbyport_r; ++ _nss_ldap_setservent; ++ _nss_ldap_getservent_r; ++ _nss_ldap_endservent; ++ ++ # shadow - extended user information ++ _nss_ldap_getspnam_r; ++ _nss_ldap_setspent; ++ _nss_ldap_getspent_r; ++ _nss_ldap_endspent; ++ + # compat 4 bsd + __nss_compat_getgrnam_r; + __nss_compat_getgrgid_r; @@ -25,6 +102,8 @@ + nss_module_register; + + - # everything else should not be exported - local: - *; ++ # everything else should not be exported ++ local: ++ *; ++ ++}; diff -urN net/nss_ldapd.orig/files/patch-nss__prototypes.h net/nss_ldapd/files/patch-nss__prototypes.h --- net/nss_ldapd.orig/files/patch-nss__prototypes.h 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nss__prototypes.h 2009-12-20 15:39:25.000000000 +0300 @@ -1,24 +1,19 @@ ---- ./nss/prototypes.h.orig 2008-05-02 21:00:10.000000000 +0000 -+++ ./nss/prototypes.h 2009-08-02 22:32:27.000000000 +0000 -@@ -24,13 +24,40 @@ +--- nss/prototypes.h.orig 2009-09-04 15:55:35.000000000 +0400 ++++ nss/prototypes.h 2009-12-20 15:37:57.000000000 +0300 +@@ -24,7 +24,9 @@ #define _NSS_EXPORTS_H 1 #include <nss.h> --#include <aliases.h> -+#ifndef __FreeBSD__ - #include <netinet/ether.h> -+#else -+#include <net/ethernet.h> -+#include <sys/socket.h> -+#endif - #include <sys/types.h> - #include <grp.h> - #include <netdb.h> - #include <pwd.h> -+#ifdef HAVE_SHADOW_H - #include <shadow.h> ++#ifdef HAVE_ALIASES_H + #include <aliases.h> +#endif -+ + #ifdef HAVE_NETINET_ETHER_H + #include <netinet/ether.h> + #endif /* HAVE_NETINET_ETHER_H */ +@@ -84,6 +86,27 @@ + void *nip; /* changed from `service_user *nip' */ + }; + +#ifdef __FreeBSD__ +/* + * Import from aliases.h @@ -39,10 +34,11 @@ +}; + +#endif - - /* We define struct etherent here because it does not seem to - be defined in any publicly available header file exposed -@@ -160,10 +187,12 @@ ++ + /* + These are prototypes for functions exported from the ldap NSS module. + For more complete definitions of these functions check the GLIBC +@@ -166,10 +189,12 @@ enum nss_status _nss_ldap_getservent_r(struct servent *result,char *buffer,size_t buflen,int *errnop); enum nss_status _nss_ldap_endservent(void); diff -urN net/nss_ldapd.orig/files/patch-nss__shadow.c net/nss_ldapd/files/patch-nss__shadow.c --- net/nss_ldapd.orig/files/patch-nss__shadow.c 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/files/patch-nss__shadow.c 2009-12-20 16:07:19.000000000 +0300 @@ -1,5 +1,5 @@ ---- ./nss/shadow.c.orig 2009-05-29 21:23:03.000000000 +0000 -+++ ./nss/shadow.c 2009-08-02 22:32:27.000000000 +0000 +--- nss/shadow.c.orig 2009-05-29 21:23:03.000000000 +0000 ++++ nss/shadow.c 2009-08-02 22:32:27.000000000 +0000 @@ -22,6 +22,7 @@ #include "config.h" diff -urN net/nss_ldapd.orig/files/patch-pam__makefile.in net/nss_ldapd/files/patch-pam__makefile.in --- net/nss_ldapd.orig/files/patch-pam__makefile.in 1970-01-01 03:00:00.000000000 +0300 +++ net/nss_ldapd/files/patch-pam__makefile.in 2009-12-20 20:49:36.000000000 +0300 @@ -0,0 +1,12 @@ +--- pam/Makefile.in.orig 2009-12-20 20:47:00.000000000 +0300 ++++ pam/Makefile.in 2009-12-20 20:48:30.000000000 +0300 +@@ -470,7 +470,8 @@ + + # install pam_ldap.so + install-pam_ldap_so: pam_ldap.so +- $(INSTALL_PROGRAM) -D pam_ldap.so $(DESTDIR)$(libdir)/security/pam_ldap.so ++ $(INSTALL_PROGRAM) pam_ldap.so $(DESTDIR)$(libdir)/pam_ldap.so.1 ++ ln -s $(DESTDIR)$(libdir)/pam_ldap.so.1 $(DESTDIR)$(libdir)/pam_ldap.so + uninstall-pam_ldap_so: + -rm -f $(DESTDIR)$(libdir)/security/pam_ldap.so + diff -urN net/nss_ldapd.orig/pkg-plist net/nss_ldapd/pkg-plist --- net/nss_ldapd.orig/pkg-plist 2009-08-14 05:46:44.000000000 +0400 +++ net/nss_ldapd/pkg-plist 2009-12-20 20:51:29.000000000 +0300 @@ -1,3 +1,5 @@ etc/%%CONFIG%%.conf.sample %%NSS%%lib/nss_ldap.so.1 %%NSLCD%%sbin/nslcd +%%PAM%%lib/pam_ldap.so +%%PAM%%lib/pam_ldap.so.1 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200912201914.nBKJECJR024080>