Date: Wed, 7 May 2014 14:18:54 +0000 (UTC) From: Mark Felder <feld@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r353157 - in head/security/sssd: . files Message-ID: <201405071418.s47EIsAs004411@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: feld Date: Wed May 7 14:18:54 2014 New Revision: 353157 URL: http://svnweb.freebsd.org/changeset/ports/353157 QAT: https://qat.redports.org/buildarchive/r353157/ Log: - rc script now passes rclint - rc script creates dirs in /var before launching daemon - add patch from upstream to match behavior of sssd on Linux https://fedorahosted.org/sssd/ticket/2232 PR: ports/186545 Sponsored by: SupraNet Communications, Inc Added: head/security/sssd/files/patch-src__man__pam_sss.8.xml (contents, props changed) Modified: head/security/sssd/Makefile head/security/sssd/files/patch-src__sss_client__pam_sss.c head/security/sssd/files/sssd.in Modified: head/security/sssd/Makefile ============================================================================== --- head/security/sssd/Makefile Wed May 7 14:11:35 2014 (r353156) +++ head/security/sssd/Makefile Wed May 7 14:18:54 2014 (r353157) @@ -3,7 +3,7 @@ PORTNAME= sssd DISTVERSION= 1.9.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ http://mirrors.rit.edu/zi/ @@ -108,4 +108,10 @@ post-install: (cd ${STAGEDIR}${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5) @${RM} -f ${STAGEDIR}${PREFIX}/lib/ldb/memberof.la + # clean these up from the install; we create them in rc script start_precmd +.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss + @${RMDIR} ${STAGEDIR}/var/${VARDIRS} +.endfor + + .include <bsd.port.post.mk> Added: head/security/sssd/files/patch-src__man__pam_sss.8.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sssd/files/patch-src__man__pam_sss.8.xml Wed May 7 14:18:54 2014 (r353157) @@ -0,0 +1,43 @@ +From 1a7794d0e3c9fa47f7b0256518186ce214e93504 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lslebodn@redhat.com> +Date: Sat, 22 Mar 2014 15:09:34 +0100 +Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml + +--- + src/man/pam_sss.8.xml | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml +index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296bec2d8e739 100644 +--- src/man/pam_sss.8.xml ++++ src/man/pam_sss.8.xml +@@ -37,6 +37,9 @@ + <arg choice='opt'> + <replaceable>retry=N</replaceable> + </arg> ++ <arg choice='opt'> ++ <replaceable>ignore_unknown_user</replaceable> ++ </arg> + </cmdsynopsis> + </refsynopsisdiv> + +@@ -103,6 +106,16 @@ + <option>PasswordAuthentication</option>.</para> + </listitem> + </varlistentry> ++ <varlistentry> ++ <term> ++ <option>ignore_unknown_user</option> ++ </term> ++ <listitem> ++ <para>If this option is specified and the user does not ++ exist, the PAM module will return PAM_IGNORE. This causes ++ the PAM framework to ignore this module.</para> ++ </listitem> ++ </varlistentry> + </variablelist> + </refsect1> + +-- +1.8.5.3 + Modified: head/security/sssd/files/patch-src__sss_client__pam_sss.c ============================================================================== --- head/security/sssd/files/patch-src__sss_client__pam_sss.c Wed May 7 14:11:35 2014 (r353156) +++ head/security/sssd/files/patch-src__sss_client__pam_sss.c Wed May 7 14:18:54 2014 (r353157) @@ -1,17 +1,25 @@ -From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001 +From 68fcd5f830b6451de5fd9d697fa6602dc3ca9972 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> Date: Sat, 27 Jul 2013 15:02:31 +0200 -Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c +Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c --- - src/sss_client/pam_sss.c | 2 ++ - 1 file changed, 2 insertions(+) + src/sss_client/pam_sss.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c -index 3734c8f..7110d38 100644 +index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe4101d2268f3 100644 --- src/sss_client/pam_sss.c +++ src/sss_client/pam_sss.c -@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) +@@ -52,6 +52,7 @@ + #define FLAGS_USE_FIRST_PASS (1 << 0) + #define FLAGS_FORWARD_PASS (1 << 1) + #define FLAGS_USE_AUTHTOK (1 << 2) ++#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) + + #define PWEXP_FLAG "pam_sss:password_expired_flag" + #define FD_DESTRUCTOR "pam_sss:fd_destructor" +@@ -125,10 +126,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) static void close_fd(pam_handle_t *pamh, void *ptr, int err) { @@ -24,6 +32,37 @@ index 3734c8f..7110d38 100644 D(("Closing the fd")); sss_pam_close_fd(); +@@ -1292,6 +1295,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, + } + } else if (strcmp(*argv, "quiet") == 0) { + *quiet_mode = true; ++ } else if (strcmp(*argv, "ignore_unknown_user") == 0) { ++ *flags |= FLAGS_IGNORE_UNKNOWN_USER; + } else { + logger(pamh, LOG_WARNING, "unknown option: %s", *argv); + } +@@ -1429,6 +1434,9 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + ret = get_pam_items(pamh, &pi); + if (ret != PAM_SUCCESS) { + D(("get items returned error: %s", pam_strerror(pamh,ret))); ++ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { ++ ret = PAM_IGNORE; ++ } + return ret; + } + +@@ -1467,6 +1475,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + + pam_status = send_and_receive(pamh, &pi, task, quiet_mode); + ++ if (flags & FLAGS_IGNORE_UNKNOWN_USER ++ && pam_status == PAM_USER_UNKNOWN) { ++ pam_status = PAM_IGNORE; ++ } ++ + switch (task) { + case SSS_PAM_AUTHENTICATE: + /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during -- -1.8.0 +1.8.5.3 Modified: head/security/sssd/files/sssd.in ============================================================================== --- head/security/sssd/files/sssd.in Wed May 7 14:11:35 2014 (r353156) +++ head/security/sssd/files/sssd.in Wed May 7 14:18:54 2014 (r353157) @@ -17,16 +17,26 @@ . /etc/rc.subr -name="sssd" +name=sssd rcvar=sssd_enable +# read configuration and set defaults +load_rc_config "$name" + +: ${sssd_enable:=NO} +: ${sssd_conf="%%PREFIX%%/etc/sssd/ssd.conf"} +: ${sssd_flags="-f -D"} + command="%%PREFIX%%/sbin/$name" -sssd_flags="-f -D" pidfile="/var/run/$name.pid" -required_files="%%PREFIX%%/etc/$name/$name.conf" +required_files="${sssd_conf}" +start_precmd=sssd_prestart -# read configuration and set defaults -load_rc_config "$name" -: ${sssd_enable="NO"} +sssd_prestart() +{ + for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do + if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi + done +} run_rc_command "$1"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405071418.s47EIsAs004411>