From owner-svn-ports-all@FreeBSD.ORG Wed May 7 14:18:55 2014 Return-Path: Delivered-To: svn-ports-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9C9E5E48; Wed, 7 May 2014 14:18:55 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 894DFD8E; Wed, 7 May 2014 14:18:55 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.8/8.14.8) with ESMTP id s47EItcF004417; Wed, 7 May 2014 14:18:55 GMT (envelope-from feld@svn.freebsd.org) Received: (from feld@localhost) by svn.freebsd.org (8.14.8/8.14.8/Submit) id s47EIsAs004411; Wed, 7 May 2014 14:18:54 GMT (envelope-from feld@svn.freebsd.org) Message-Id: <201405071418.s47EIsAs004411@svn.freebsd.org> From: Mark Felder Date: Wed, 7 May 2014 14:18:54 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r353157 - in head/security/sssd: . files X-SVN-Group: ports-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 07 May 2014 14:18:55 -0000 Author: feld Date: Wed May 7 14:18:54 2014 New Revision: 353157 URL: http://svnweb.freebsd.org/changeset/ports/353157 QAT: https://qat.redports.org/buildarchive/r353157/ Log: - rc script now passes rclint - rc script creates dirs in /var before launching daemon - add patch from upstream to match behavior of sssd on Linux https://fedorahosted.org/sssd/ticket/2232 PR: ports/186545 Sponsored by: SupraNet Communications, Inc Added: head/security/sssd/files/patch-src__man__pam_sss.8.xml (contents, props changed) Modified: head/security/sssd/Makefile head/security/sssd/files/patch-src__sss_client__pam_sss.c head/security/sssd/files/sssd.in Modified: head/security/sssd/Makefile ============================================================================== --- head/security/sssd/Makefile Wed May 7 14:11:35 2014 (r353156) +++ head/security/sssd/Makefile Wed May 7 14:18:54 2014 (r353157) @@ -3,7 +3,7 @@ PORTNAME= sssd DISTVERSION= 1.9.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ http://mirrors.rit.edu/zi/ @@ -108,4 +108,10 @@ post-install: (cd ${STAGEDIR}${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5) @${RM} -f ${STAGEDIR}${PREFIX}/lib/ldb/memberof.la + # clean these up from the install; we create them in rc script start_precmd +.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss + @${RMDIR} ${STAGEDIR}/var/${VARDIRS} +.endfor + + .include Added: head/security/sssd/files/patch-src__man__pam_sss.8.xml ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/sssd/files/patch-src__man__pam_sss.8.xml Wed May 7 14:18:54 2014 (r353157) @@ -0,0 +1,43 @@ +From 1a7794d0e3c9fa47f7b0256518186ce214e93504 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 22 Mar 2014 15:09:34 +0100 +Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml + +--- + src/man/pam_sss.8.xml | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml +index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296bec2d8e739 100644 +--- src/man/pam_sss.8.xml ++++ src/man/pam_sss.8.xml +@@ -37,6 +37,9 @@ + + retry=N + ++ ++ ignore_unknown_user ++ + + + +@@ -103,6 +106,16 @@ + . + + ++ ++ ++ ++ ++ ++ If this option is specified and the user does not ++ exist, the PAM module will return PAM_IGNORE. This causes ++ the PAM framework to ignore this module. ++ ++ + + + +-- +1.8.5.3 + Modified: head/security/sssd/files/patch-src__sss_client__pam_sss.c ============================================================================== --- head/security/sssd/files/patch-src__sss_client__pam_sss.c Wed May 7 14:11:35 2014 (r353156) +++ head/security/sssd/files/patch-src__sss_client__pam_sss.c Wed May 7 14:18:54 2014 (r353157) @@ -1,17 +1,25 @@ -From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001 +From 68fcd5f830b6451de5fd9d697fa6602dc3ca9972 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Sat, 27 Jul 2013 15:02:31 +0200 -Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c +Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c --- - src/sss_client/pam_sss.c | 2 ++ - 1 file changed, 2 insertions(+) + src/sss_client/pam_sss.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c -index 3734c8f..7110d38 100644 +index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe4101d2268f3 100644 --- src/sss_client/pam_sss.c +++ src/sss_client/pam_sss.c -@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) +@@ -52,6 +52,7 @@ + #define FLAGS_USE_FIRST_PASS (1 << 0) + #define FLAGS_FORWARD_PASS (1 << 1) + #define FLAGS_USE_AUTHTOK (1 << 2) ++#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) + + #define PWEXP_FLAG "pam_sss:password_expired_flag" + #define FD_DESTRUCTOR "pam_sss:fd_destructor" +@@ -125,10 +126,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) static void close_fd(pam_handle_t *pamh, void *ptr, int err) { @@ -24,6 +32,37 @@ index 3734c8f..7110d38 100644 D(("Closing the fd")); sss_pam_close_fd(); +@@ -1292,6 +1295,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, + } + } else if (strcmp(*argv, "quiet") == 0) { + *quiet_mode = true; ++ } else if (strcmp(*argv, "ignore_unknown_user") == 0) { ++ *flags |= FLAGS_IGNORE_UNKNOWN_USER; + } else { + logger(pamh, LOG_WARNING, "unknown option: %s", *argv); + } +@@ -1429,6 +1434,9 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + ret = get_pam_items(pamh, &pi); + if (ret != PAM_SUCCESS) { + D(("get items returned error: %s", pam_strerror(pamh,ret))); ++ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { ++ ret = PAM_IGNORE; ++ } + return ret; + } + +@@ -1467,6 +1475,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + + pam_status = send_and_receive(pamh, &pi, task, quiet_mode); + ++ if (flags & FLAGS_IGNORE_UNKNOWN_USER ++ && pam_status == PAM_USER_UNKNOWN) { ++ pam_status = PAM_IGNORE; ++ } ++ + switch (task) { + case SSS_PAM_AUTHENTICATE: + /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during -- -1.8.0 +1.8.5.3 Modified: head/security/sssd/files/sssd.in ============================================================================== --- head/security/sssd/files/sssd.in Wed May 7 14:11:35 2014 (r353156) +++ head/security/sssd/files/sssd.in Wed May 7 14:18:54 2014 (r353157) @@ -17,16 +17,26 @@ . /etc/rc.subr -name="sssd" +name=sssd rcvar=sssd_enable +# read configuration and set defaults +load_rc_config "$name" + +: ${sssd_enable:=NO} +: ${sssd_conf="%%PREFIX%%/etc/sssd/ssd.conf"} +: ${sssd_flags="-f -D"} + command="%%PREFIX%%/sbin/$name" -sssd_flags="-f -D" pidfile="/var/run/$name.pid" -required_files="%%PREFIX%%/etc/$name/$name.conf" +required_files="${sssd_conf}" +start_precmd=sssd_prestart -# read configuration and set defaults -load_rc_config "$name" -: ${sssd_enable="NO"} +sssd_prestart() +{ + for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do + if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi + done +} run_rc_command "$1"