Date: Mon, 26 Aug 2013 15:14:01 GMT From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/181566: [update] security/sssd to 1.9.5 Message-ID: <201308261514.r7QFE1NL031386@oldred.freebsd.org> Resent-Message-ID: <201308261520.r7QFK3vA020370@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 181566 >Category: ports >Synopsis: [update] security/sssd to 1.9.5 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Mon Aug 26 15:20:01 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Lukas Slebodnik >Release: 9.1-RELEASE-p6 >Organization: >Environment: >Description: Update sssd to 1.9.5, because 1.6.1 is outdated and there are some problems with sssd compilation http://pointyhat.freebsd.org/errorlogs/i386-errorlogs/e.8.20130820094743.pointyhat/sssd-1.6.1_5.log >How-To-Repeat: >Fix: Patch attached with submission follows: Index: Makefile =================================================================== --- Makefile (revision 325399) +++ Makefile (working copy) @@ -1,70 +1,93 @@ -# New ports collection makefile for: sssd -# Date created: Sep 6 2011 -# Whom: Andrew Elble <aweits@rit.edu> +# Created by: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +# $FreeBSD: security/sssd/Makefile 325398 2013-08-26 16:05:24Z$ # -# $FreeBSD$ -# PORTNAME= sssd -DISTVERSION= 1.6.1 +DISTVERSION= 1.9.5 PORTREVISION= 1 CATEGORIES= security -MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ +MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ + http://mirrors.rit.edu/zi/ MAINTAINER= aweits@rit.edu COMMENT= System Security Services Daemon LICENSE= GPLv3 -LIB_DEPENDS= popt.0:${PORTSDIR}/devel/popt \ - talloc.2:${PORTSDIR}/devel/talloc \ - tevent.0:${PORTSDIR}/devel/tevent \ - xslt.2:${PORTSDIR}/textproc/libxslt \ - tdb.1:${PORTSDIR}/databases/tdb \ +LIB_DEPENDS= popt:${PORTSDIR}/devel/popt \ + talloc:${PORTSDIR}/devel/talloc \ + tevent:${PORTSDIR}/devel/tevent \ + xslt:${PORTSDIR}/textproc/libxslt \ + tdb:${PORTSDIR}/databases/tdb \ ldb:${PORTSDIR}/databases/ldb \ - cares.2:${PORTSDIR}/dns/c-ares \ + cares:${PORTSDIR}/dns/c-ares \ dbus:${PORTSDIR}/devel/dbus \ - dhash.1:${PORTSDIR}/devel/ding-libs \ - pcre.1:${PORTSDIR}/devel/pcre \ - unistring.1:${PORTSDIR}/devel/libunistring \ - nss3.1:${PORTSDIR}/security/nss \ - sasl2.2:${PORTSDIR}/security/cyrus-sasl2 \ - xml2:${PORTSDIR}/textproc/libxml2 + dhash:${PORTSDIR}/devel/ding-libs \ + pcre:${PORTSDIR}/devel/pcre \ + unistring:${PORTSDIR}/devel/libunistring \ + nss3:${PORTSDIR}/security/nss \ + sasl2:${PORTSDIR}/security/cyrus-sasl2 \ + krb5:${PORTSDIR}/security/krb5 \ + ldap:${PORTSDIR}/net/openldap24-sasl-client BUILD_DEPENDS= xmlcatalog:${PORTSDIR}/textproc/libxml2 \ - docbook-xsl>=0:${PORTSDIR}/textproc/docbook-xsl -RUN_DEPENDS= xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr + docbook-xsl>=1:${PORTSDIR}/textproc/docbook-xsl \ + xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr \ + krb5>=1.10:${PORTSDIR}/security/krb5 GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ - --with-ldb-lib-dir=${LOCALBASE}/lib/ldb \ + --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb/ \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ - --with-libnl=no --with-init-dir=no \ + --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ --docdir=${WRKDIR}/docs --with-pid-path=/var/run \ --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ - --with-pubconf-path=/var/run/sss -CFLAGS+= -L${LOCALBASE}/lib -fstack-protector-all + --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \ + --with-unicode-lib=libunistring --with-autofs=no +CFLAGS+= -L${LOCALBASE}/lib -fstack-protector-all -Wno-format PLIST_SUB= PYTHON_VER=${PYTHON_VER} -#DEBUG_FLAGS= -g +#DEBUG_FLAGS= -g +MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" +SUB_FILES= pkg-message -USE_AUTOTOOLS= autoconf automake +USE_AUTOTOOLS= autoconf automake libtoolize +AUTOMAKE_ARGS= --add-missing USE_LDCONFIG= yes USE_PYTHON= yes USE_OPENLDAP= yes USE_GMAKE= yes -USE_GNOME= pkgconfig -USE_GETTEXT= yes -USE_ICONV= yes +USES= gettext iconv pkgconfig USE_PYTHON= yes USE_RC_SUBR= ${PORTNAME} -MAN5= sssd-ipa.5 sssd-krb5.5 sssd-ldap.5 sssd-simple.5 \ - sssd.conf.5 -MAN8= pam_sss.8 sss_cache.8 sss_groupadd.8 sss_groupdel.8 \ - sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \ +MANLANG= "" cs es ja nl pt uk +MAN1_EN= sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 +MAN1_JA= sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 +MAN1_UK= sss_ssh_authorizedkeys.1 sss_ssh_knownhostsproxy.1 +MAN5_EN= sssd-ad.5 sssd-ldap.5 sssd.conf.5 sssd-sudo.5 sssd-ipa.5 \ + sssd-krb5.5 sssd-simple.5 +MAN5_JA= sssd-ipa.5 sssd-ldap.5 sssd-simple.5 sssd.conf.5 +MAN5_UK= sssd-ad.5 sssd-ipa.5 sssd-krb5.5 sssd-ldap.5 sssd-simple.5 \ + sssd-sudo.5 sssd.conf.5 +#MAN8_CS= sss_groupdel.8 +MAN8_EN= sss_usermod.8 sssd.8 sss_seed.8 sss_groupmod.8 sss_groupshow.8\ + sss_debuglevel.8 sss_obfuscate.8 sss_groupadd.8 pam_sss.8 \ + sss_cache.8 sss_groupdel.8 sss_useradd.8 sss_userdel.8 \ + sssd_krb5_locator_plugin.8 +#MAN8_ES= sss_groupmod.8 +MAN8_JA= pam_sss.8 sss_cache.8 sss_debuglevel.8 sss_groupadd.8 \ + sss_groupdel.8 sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \ sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \ sssd_krb5_locator_plugin.8 +MAN8_NL= sss_groupmod.8 +MAN8_PT= sss_groupdel.8 sss_groupmod.8 +MAN8_UK= pam_sss.8 sss_cache.8 sss_debuglevel.8 sss_groupadd.8 \ + sss_groupdel.8 sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \ + sss_seed.8 sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \ + sssd_krb5_locator_plugin.8 +PORTDATA= * + .include <bsd.port.pre.mk> .if ${OSVERSION} < 800107 @@ -74,40 +97,46 @@ BROKEN= Does not link on ia64, powerpc, or sparc64 .endif -AUTOTOOLSFILES= aclocal.m4 - post-patch: - @${REINPLACE_CMD} -e 's|1.11.1|%%AUTOMAKE_APIVER%%|g' ${WRKSRC}/aclocal.m4 @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c - @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' ${WRKSRC}/src/util/util.h - @${REINPLACE_CMD} -e '/pam_misc/d' ${WRKSRC}/src/sss_client/pam_test_client.c - @${REINPLACE_CMD} -e '/ETIME/d' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's| -lpam_misc||g' ${WRKSRC}/Makefile.am ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 - @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' ${WRKSRC}/src/sss_client/common.c - @${REINPLACE_CMD} -e 's|security/pam_ext.h|security/pam_appl.h|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' ${WRKSRC}/src/sss_client/sss_pam_macros.h - @${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|pam_vsyslog(pamh,|vsyslog(|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' ${WRKSRC}/src/sss_client/pam_sss.c - @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ + @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \ + ${WRKSRC}/src/util/util.h + @${REINPLACE_CMD} -e '/pam_misc/d' \ + ${WRKSRC}/src/sss_client/pam_test_client.c + @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' \ + ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 + @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \ + -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \ + -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \ + -e '/ETIME/d' \ + -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \ + ${WRKSRC}/src/sss_client/common.c + @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' \ + ${WRKSRC}/src/sss_client/sss_pam_macros.h + @${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' \ + -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' \ + -e 's|security/pam_ext.h|security/pam_appl.h|g' \ + -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \ + -e 's|pam_vsyslog(pamh,|vsyslog(|g' \ + ${WRKSRC}/src/sss_client/pam_sss.c + @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' \ + ${WRKSRC}/Makefile.in + @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' \ + -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ + -e 's|install-data-hook|notinstall-data-hook|g' \ + -e 's| -lpam_misc||g' \ ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am - @${REINPLACE_CMD} -e 's|install-data-hook|notinstall-data-hook|g' ${WRKSRC}/Makefile.in \ - ${WRKSRC}/Makefile.am - @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in \ - ${WRKSRC}/Makefile.am - @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' ${WRKSRC}/src/man/*xml - @${REINPLACE_CMD} -e 's|/etc/openldap/|${PREFIX}/etc/openldap/|g' ${WRKSRC}/src/man/*xml + @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ + -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ + ${WRKSRC}/src/man/*xml @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c +pre-configure: + (cd ${WRKSRC} && ${AUTORECONF} -i -f) + post-install: - ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd.conf ${ETCDIR}/sssd.conf.sample + ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf ${ETCDIR}/sssd.conf.sample (cd ${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1) (cd ${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5) @${RM} -f ${PREFIX}/lib/ldb/memberof.la Index: distinfo =================================================================== --- distinfo (revision 325399) +++ distinfo (working copy) @@ -1,2 +1,2 @@ -SHA256 (sssd-1.6.1.tar.gz) = ba30d8cf7eae1fd66053b4f11e8e5b98bc6db113cf6d2f33e429f2e21d90ade9 -SIZE (sssd-1.6.1.tar.gz) = 1406047 +SHA256 (sssd-1.9.5.tar.gz) = a377c436901e92d689de811d48e37d88764460e889e47bfddd90626f0a8a015c +SIZE (sssd-1.9.5.tar.gz) = 3106988 Index: files/patch-Makefile.am =================================================================== --- files/patch-Makefile.am (revision 325399) +++ files/patch-Makefile.am (working copy) @@ -1,22 +1,43 @@ ---- ./Makefile.am.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./Makefile.am 2011-10-13 12:13:42.000000000 -0400 -@@ -33,7 +33,7 @@ - systemdunitdir = @systemdunitdir@ - logpath = @logpath@ - pubconfpath = @pubconfpath@ --pkgconfigdir = $(libdir)/pkgconfig -+pkgconfigdir = $(prefix)/libdata/pkgconfig +From 2f2d2045b64edf63bbfb845095dbfaf754dc5ad3 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 01/34] patch-Makefile.am + +--- + Makefile.am | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git Makefile.am Makefile.am +index f0ee88b..10e1e73 100644 +--- Makefile.am ++++ Makefile.am +@@ -649,7 +649,6 @@ sssd_be_SOURCES = \ + src/providers/data_provider_callbacks.c \ + $(SSSD_FAILOVER_OBJ) + sssd_be_LDADD = \ +- -ldl \ + $(SSSD_LIBS) \ + $(CARES_LIBS) \ + libsss_util.la +@@ -772,7 +771,7 @@ sss_sudo_cli_SOURCES = \ + src/sss_client/sudo/sss_sudo_response.c \ + src/sss_client/sudo_testcli/sudo_testcli.c + sss_sudo_cli_CFLAGS = $(AM_CFLAGS) +-sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) ++sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) -lintl + endif - AM_CFLAGS = - if WANT_AUX_INFO -@@ -753,21 +753,22 @@ + if BUILD_SSH +@@ -1159,7 +1158,7 @@ noinst_PROGRAMS += autofs_test_client + endif - noinst_PROGRAMS = pam_test_client pam_test_client_SOURCES = src/sss_client/pam_test_client.c -pam_test_client_LDFLAGS = -lpam -lpam_misc +pam_test_client_LDFLAGS = -lpam - #################### + if BUILD_AUTOFS + autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \ +@@ -1173,9 +1172,10 @@ endif # Client Libraries # #################### @@ -29,33 +50,32 @@ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ - src/sss_client/sss_cli.h \ - src/sss_client/nss_compat.h +@@ -1187,7 +1187,7 @@ libnss_sss_la_SOURCES = \ + src/sss_client/nss_mc_passwd.c \ + src/sss_client/nss_mc_group.c \ + src/sss_client/nss_mc.h -libnss_sss_la_LDFLAGS = \ +nss_sss_la_LDFLAGS = \ + $(CLIENT_LIBS) \ -module \ -version-info 2:0:0 \ - -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports -@@ -780,6 +781,7 @@ - src/sss_client/sss_pam_macros.h +@@ -1203,6 +1203,7 @@ pam_sss_la_SOURCES = \ pam_sss_la_LDFLAGS = \ + $(CLIENT_LIBS) \ + -lintl \ -lpam \ -module \ -avoid-version \ -@@ -1122,10 +1124,10 @@ +@@ -1727,7 +1728,7 @@ else mkdir -p $(DESTDIR)$(initdir) endif -install-data-hook: -- rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ -- $(DESTDIR)/$(nsslibdir)/libnss_sss.so -- mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 -+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook: -+ rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \ -+ $(DESTDIR)/$(nsslibdir)/nss_sss.so -+ mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 - - uninstall-hook: - if [ -f $(abs_builddir)/src/config/.files ]; then \ ++nopenopeinstall-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 +-- +1.8.0 + Index: files/patch-configure.ac =================================================================== --- files/patch-configure.ac (revision 0) +++ files/patch-configure.ac (working copy) @@ -0,0 +1,24 @@ +From 281379e22034335ebcc64b1759564310cad91bce Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 02/34] patch-configure.ac + +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +diff --git configure.ac configure.ac +index 70671ae..0668884 100644 +--- configure.ac ++++ configure.ac +@@ -18,6 +18,7 @@ AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) + AM_PROG_CC_C_O + AC_DISABLE_STATIC + AC_PROG_INSTALL ++AM_PROG_AR + AC_PROG_LIBTOOL + AC_CONFIG_MACRO_DIR([m4]) + AM_GNU_GETTEXT([external]) +-- +1.8.0 + Index: files/patch-src__confdb__confdb.c =================================================================== --- files/patch-src__confdb__confdb.c (revision 325399) +++ files/patch-src__confdb__confdb.c (working copy) @@ -1,5 +1,16 @@ ---- ./src/confdb/confdb.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/confdb/confdb.c 2011-10-13 12:15:03.000000000 -0400 +From 18614fe436d525826e260e7a0e8334c41bd2ce37 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 03/34] patch-src__confdb__confdb.c + +--- + src/confdb/confdb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git src/confdb/confdb.c src/confdb/confdb.c +index d70dc36..9ee1f8c 100644 +--- src/confdb/confdb.c ++++ src/confdb/confdb.c @@ -28,6 +28,11 @@ #include "util/strtonum.h" #include "db/sysdb.h" @@ -12,3 +23,6 @@ #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ +-- +1.8.0 + Index: files/patch-src__lib__idmap__sss_idmap_conv.c =================================================================== --- files/patch-src__lib__idmap__sss_idmap_conv.c (revision 0) +++ files/patch-src__lib__idmap__sss_idmap_conv.c (working copy) @@ -0,0 +1,24 @@ +From 194aa2e2960a2a67f9c0beb771635b8392e6e337 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:25:53 +0200 +Subject: [PATCH 34/34] patch-src__lib__idmap__sss_idmap_conv.c + +--- + src/lib/idmap/sss_idmap_conv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/lib/idmap/sss_idmap_conv.c src/lib/idmap/sss_idmap_conv.c +index a336042..ac07746 100644 +--- src/lib/idmap/sss_idmap_conv.c ++++ src/lib/idmap/sss_idmap_conv.c +@@ -26,6 +26,7 @@ + #include <stdio.h> + #include <errno.h> + #include <ctype.h> ++#include <sys/endian.h> + + #include "lib/idmap/sss_idmap.h" + #include "lib/idmap/sss_idmap_private.h" +-- +1.8.0 + Index: files/patch-src__monitor__monitor.c =================================================================== --- files/patch-src__monitor__monitor.c (revision 325399) +++ files/patch-src__monitor__monitor.c (working copy) @@ -1,24 +1,40 @@ ---- ./src/monitor/monitor.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/monitor/monitor.c 2011-10-13 12:15:03.000000000 -0400 -@@ -57,6 +57,10 @@ +From 628c783aa78c576f10087e3e4812904b90d218b0 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 04/34] patch-src__monitor__monitor.c + +--- + src/monitor/monitor.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git src/monitor/monitor.c src/monitor/monitor.c +index 8612524..3d3cab8 100644 +--- src/monitor/monitor.c ++++ src/monitor/monitor.c +@@ -90,6 +90,11 @@ int cmdline_debug_level; + int cmdline_debug_timestamps; + int cmdline_debug_microseconds; - int cmdline_debug_level; - +errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, + struct mt_ctx *ctx, + const char *file, -+ monitor_reconf_fn fn); ++ monitor_reconf_fn fn, ++ bool ignore_missing); struct svc_spy; - struct mt_svc { -@@ -1606,10 +1610,6 @@ + enum mt_svc_type { +@@ -1792,11 +1797,6 @@ done: talloc_free(tmp_ctx); } -errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, - struct mt_ctx *ctx, - const char *file, -- monitor_reconf_fn fn); +- monitor_reconf_fn fn, +- bool ignore_missing); static void rewatch_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) +-- +1.8.0 + Index: files/patch-src__providers__ad__ad_access.c =================================================================== --- files/patch-src__providers__ad__ad_access.c (revision 0) +++ files/patch-src__providers__ad__ad_access.c (working copy) @@ -0,0 +1,24 @@ +From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:04:27 +0200 +Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c + +--- + src/providers/ad/ad_access.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c +index 314cdcf..ca0fb8b 100644 +--- src/providers/ad/ad_access.c ++++ src/providers/ad/ad_access.c +@@ -21,6 +21,7 @@ + */ + + #include <security/pam_modules.h> ++#include <security/pam_appl.h> + #include "src/util/util.h" + #include "src/providers/data_provider.h" + #include "src/providers/dp_backend.h" +-- +1.8.0 + Index: files/patch-src__providers__ad__ad_common.c =================================================================== --- files/patch-src__providers__ad__ad_common.c (revision 0) +++ files/patch-src__providers__ad__ad_common.c (working copy) @@ -0,0 +1,43 @@ +From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:03:49 +0200 +Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c + +--- + src/providers/ad/ad_common.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c +index 8600dab..d628385 100644 +--- src/providers/ad/ad_common.c ++++ src/providers/ad/ad_common.c +@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + char *server; + char *realm; + char *ad_hostname; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[_POSIX_HOST_NAME_MAX + 1]; + + opts = talloc_zero(mem_ctx, struct ad_options); + if (!opts) return ENOMEM; +@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + */ + ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME); + if (ad_hostname == NULL) { +- gret = gethostname(hostname, HOST_NAME_MAX); ++ gret = gethostname(hostname, _POSIX_HOST_NAME_MAX); + if (gret != 0) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, +@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + strerror(ret))); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[_POSIX_HOST_NAME_MAX] = '\0'; + DEBUG(SSSDBG_CONF_SETTINGS, + ("Setting ad_hostname to [%s].\n", hostname)); + ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); +-- +1.8.0 + Index: files/patch-src__providers__data_provider_be.c =================================================================== --- files/patch-src__providers__data_provider_be.c (revision 325399) +++ files/patch-src__providers__data_provider_be.c (working copy) @@ -1,15 +1,17 @@ ---- ./src/providers/data_provider_be.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/data_provider_be.c 2011-10-13 12:15:03.000000000 -0400 -@@ -512,7 +512,7 @@ - return EIO; - } - -- pd->pam_status = PAM_SYSTEM_ERR; -+ pd->pam_status = PAM_SERVICE_ERR; - pd->domain = talloc_strdup(pd, becli->bectx->domain->name); - if (pd->domain == NULL) { - talloc_free(be_req); -@@ -1013,7 +1013,7 @@ +From f6d110d1f78a78ee957f7fce975d09fc698e0949 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 05/34] patch-src__providers__data_provider_be.c + +--- + src/providers/data_provider_be.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git src/providers/data_provider_be.c src/providers/data_provider_be.c +index 33590ae..1a25959 100644 +--- src/providers/data_provider_be.c ++++ src/providers/data_provider_be.c +@@ -2316,7 +2316,7 @@ static int load_backend_module(struct be_ctx *ctx, if (!handle) { DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n", mod_name, path, dlerror())); @@ -18,7 +20,7 @@ goto done; } -@@ -1033,7 +1033,7 @@ +@@ -2336,7 +2336,7 @@ static int load_backend_module(struct be_ctx *ctx, } else { DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n", mod_init_fn_name, mod_name, dlerror())); @@ -27,3 +29,6 @@ } goto done; } +-- +1.8.0 + Index: files/patch-src__providers__fail_over.c =================================================================== --- files/patch-src__providers__fail_over.c (revision 325399) +++ files/patch-src__providers__fail_over.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/providers/fail_over.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/fail_over.c 2011-10-13 12:15:03.000000000 -0400 -@@ -1191,7 +1191,7 @@ +From 9c10da92d16e5daa9589ca0e3e5f43f399844071 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 06/34] patch-src__providers__fail_over.c + +--- + src/providers/fail_over.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/fail_over.c src/providers/fail_over.c +index e7c4417..120022a 100644 +--- src/providers/fail_over.c ++++ src/providers/fail_over.c +@@ -1320,7 +1320,7 @@ resolve_srv_recv(struct tevent_req *req, struct fo_server **server) *******************************************************************/ struct resolve_get_domain_state { char *fqdn; @@ -9,7 +20,7 @@ }; static void resolve_get_domain_done(struct tevent_req *subreq); -@@ -1211,13 +1211,13 @@ +@@ -1340,13 +1340,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx, return NULL; } @@ -25,3 +36,6 @@ DEBUG(7, ("Host name is: %s\n", state->hostname)); subreq = resolv_gethostbyname_send(state, ev, resolv, +-- +1.8.0 + Index: files/patch-src__providers__ipa__ipa_common.c =================================================================== --- files/patch-src__providers__ipa__ipa_common.c (revision 325399) +++ files/patch-src__providers__ipa__ipa_common.c (working copy) @@ -1,15 +1,26 @@ ---- ./src/providers/ipa/ipa_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ipa/ipa_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -191,7 +191,7 @@ +From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c + +--- + src/providers/ipa/ipa_common.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c +index eb384a1..d7d8052 100644 +--- src/providers/ipa/ipa_common.c ++++ src/providers/ipa/ipa_common.c +@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx, + char *realm; char *ipa_hostname; int ret; - int i; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; opts = talloc_zero(memctx, struct ipa_options); if (!opts) return ENOMEM; -@@ -220,14 +220,14 @@ +@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx, ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { @@ -26,3 +37,6 @@ DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { +-- +1.8.0 + Index: files/patch-src__providers__ipa__ipa_hbac.h =================================================================== --- files/patch-src__providers__ipa__ipa_hbac.h (revision 0) +++ files/patch-src__providers__ipa__ipa_hbac.h (working copy) @@ -0,0 +1,24 @@ +From 08d2bd8bcd975f1bbd2ea3671ba42f022779d3a8 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 08/34] patch-src__providers__ipa__ipa_hbac.h + +--- + src/providers/ipa/ipa_hbac.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/providers/ipa/ipa_hbac.h src/providers/ipa/ipa_hbac.h +index 02077e3..b1d8efa 100644 +--- src/providers/ipa/ipa_hbac.h ++++ src/providers/ipa/ipa_hbac.h +@@ -39,6 +39,7 @@ + + #include <stdint.h> + #include <stdbool.h> ++#include <time.h> + + /** Result of HBAC evaluation */ + enum hbac_eval_result { +-- +1.8.0 + Index: files/patch-src__providers__krb5__krb5_child.c =================================================================== --- files/patch-src__providers__krb5__krb5_child.c (revision 325399) +++ files/patch-src__providers__krb5__krb5_child.c (working copy) @@ -1,377 +0,0 @@ ---- ./src/providers/krb5/krb5_child.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/krb5/krb5_child.c 2011-10-13 12:15:03.000000000 -0400 -@@ -39,6 +39,15 @@ - - #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" - -+typedef struct _krb5_ticket_times { -+ krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime -+ in ticket? otherwise client can't get this */ -+ krb5_timestamp starttime; /* optional in ticket, if not present, -+ use authtime */ -+ krb5_timestamp endtime; -+ krb5_timestamp renew_till; -+} krb5_ticket_times; -+ - struct krb5_child_ctx { - /* opts taken from kinit */ - /* in seconds */ -@@ -100,10 +109,10 @@ - - static krb5_context krb5_error_ctx; - static const char *__krb5_error_msg; --#define KRB5_DEBUG(level, krb5_error) do { \ -- __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ -+#define KRB5_DEBUG(level, krb5_error, ctx) do { \ -+ __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \ - DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ -- sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ -+ sss_krb5_free_error_message(ctx, __krb5_error_msg); \ - } while(0); - - static void sss_krb5_expire_callback_func(krb5_context context, void *data, -@@ -267,13 +276,13 @@ - - kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - - kerr = krb5_cc_initialize(ctx, tmp_cc, princ); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - if (fd != -1) { -@@ -284,7 +293,7 @@ - if (creds == NULL) { - kerr = create_empty_cred(ctx, princ, &l_cred); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - } else { -@@ -293,13 +302,13 @@ - - kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - - kerr = krb5_cc_close(ctx, tmp_cc); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - tmp_cc = NULL; -@@ -420,7 +429,7 @@ - talloc_zfree(msg); - } - } else { -- krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); -+ krb5_msg = sss_krb5_get_error_message(kr->ctx, kerr); - if (krb5_msg == NULL) { - DEBUG(1, ("sss_krb5_get_error_message failed.\n")); - return NULL; -@@ -429,7 +438,7 @@ - ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO, - strlen(krb5_msg) + 1, - (const uint8_t *) krb5_msg); -- sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); -+ sss_krb5_free_error_message(kr->ctx, krb5_msg); - } - if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); -@@ -527,7 +536,7 @@ - break; - } - -- kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); -+ kerr = krb5_kt_free_entry(kr->ctx, &entry); - if (kerr != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -575,7 +584,7 @@ - if (krb5_kt_close(kr->ctx, keytab) != 0) { - DEBUG(1, ("krb5_kt_close failed")); - } -- if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { -+ if (krb5_kt_free_entry(kr->ctx, &entry) != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } - if (principal != NULL) { -@@ -605,13 +614,13 @@ - kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, - &options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - return kerr; - } - - kerr = create_ccache_file(ctx, princ, ccname, &creds); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - kerr = 0; -@@ -633,21 +642,21 @@ - sss_krb5_expire_callback_func, - kr); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - DEBUG(1, ("Failed to set expire callback, continue without.\n")); - } - kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, - password, sss_krb5_prompter, kr, 0, - NULL, kr->options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - return kerr; - } - - if (kr->validate) { - kerr = validate_tgt(kr); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - return kerr; - } - -@@ -668,7 +677,7 @@ - - kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - -@@ -692,7 +701,7 @@ - krb5_error_code kerr = 0; - char *pass_str = NULL; - char *newpass_str = NULL; -- int pam_status = PAM_SYSTEM_ERR; -+ int pam_status = PAM_SERVICE_ERR; - int result_code = -1; - krb5_data result_code_string; - krb5_data result_string; -@@ -734,7 +743,7 @@ - changepw_princ, - kr->options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - if (kerr == KRB5_KDC_UNREACH) { - pam_status = PAM_AUTHINFO_UNAVAIL; - } -@@ -773,7 +782,7 @@ - - if (kerr != 0 || result_code != 0) { - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - } else { - kerr = KRB5KRB_ERR_GENERIC; - } -@@ -825,7 +834,7 @@ - memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size); - - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - if (kerr == KRB5_KDC_UNREACH) { - pam_status = PAM_AUTHINFO_UNAVAIL; - } -@@ -846,7 +855,7 @@ - krb5_error_code kerr = 0; - char *pass_str = NULL; - char *changepw_princ = NULL; -- int pam_status = PAM_SYSTEM_ERR; -+ int pam_status = PAM_SERVICE_ERR; - - if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { - pam_status = PAM_CRED_INSUFFICIENT; -@@ -881,7 +890,7 @@ - kr->options, - NULL, NULL); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - DEBUG(1, ("Failed to unset expire callback, continue ...\n")); - } - kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, -@@ -899,7 +908,7 @@ - memset(kr->pd->authtok, 0, kr->pd->authtok_size); - - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - switch (kerr) { - case KRB5_KDC_UNREACH: - pam_status = PAM_AUTHINFO_UNAVAIL; -@@ -911,7 +920,7 @@ - pam_status = PAM_CRED_ERR; - break; - default: -- pam_status = PAM_SYSTEM_ERR; -+ pam_status = PAM_SERVICE_ERR; - } - } - -@@ -981,13 +990,13 @@ - - kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - - kerr = krb5_get_renewed_creds(kr->ctx, kr->creds, kr->princ, ccache, NULL); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - if (kerr == KRB5_KDC_UNREACH) { - status = PAM_AUTHINFO_UNAVAIL; - } -@@ -997,7 +1006,7 @@ - if (kr->validate) { - kerr = validate_tgt(kr); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - -@@ -1019,13 +1028,13 @@ - - kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - - kerr = krb5_cc_store_cred(kr->ctx, ccache, kr->creds); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - -@@ -1059,8 +1068,8 @@ - - ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL); - if (ret != 0) { -- KRB5_DEBUG(1, ret); -- pam_status = PAM_SYSTEM_ERR; -+ KRB5_DEBUG(1, ret, kr->ctx); -+ pam_status = PAM_SERVICE_ERR; - } - - ret = sendresponse(fd, ret, pam_status, kr); -@@ -1375,19 +1384,20 @@ - - kerr = krb5_init_context(&kr->ctx); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ /* FIXME: This sucks */ -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - - kerr = krb5_parse_name(kr->ctx, kr->upn, &kr->princ); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - - kerr = krb5_unparse_name(kr->ctx, kr->princ, &kr->name); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - -@@ -1400,18 +1410,18 @@ - - kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - - /* A prompter is used to catch messages about when a password will - * expired. The library shall not use the prompter to ask for a new password - * but shall return KRB5KDC_ERR_KEY_EXP. */ -- krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); -- if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -- goto failed; -- } -+ // krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); -+ // if (kerr != 0) { -+ // KRB5_DEBUG(1, kerr, kr->ctx); -+ // goto failed; -+ // } - - lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); - if (lifetime_str == NULL) { -@@ -1422,7 +1432,7 @@ - if (kerr != 0) { - DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", - lifetime_str)); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime); -@@ -1437,7 +1447,7 @@ - if (kerr != 0) { - DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", - lifetime_str)); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime); -@@ -1486,7 +1496,7 @@ - kr, &kr->fast_ccname); - if (kerr != 0) { - DEBUG(1, ("check_fast_ccache failed.\n")); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - -@@ -1496,7 +1506,7 @@ - if (kerr != 0) { - DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name " - "failed.\n")); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - -@@ -1507,7 +1517,7 @@ - if (kerr != 0) { - DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags " - "failed.\n")); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - } Index: files/patch-src__providers__krb5__krb5_utils.c =================================================================== --- files/patch-src__providers__krb5__krb5_utils.c (revision 325399) +++ files/patch-src__providers__krb5__krb5_utils.c (working copy) @@ -1,17 +0,0 @@ ---- ./src/providers/krb5/krb5_utils.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/krb5/krb5_utils.c 2011-10-13 12:15:03.000000000 -0400 -@@ -435,10 +435,10 @@ - } - - server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data, -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data); -+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), -+ krb5_princ_realm(ctx, client_princ), -+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), -+ krb5_princ_realm(ctx, client_princ)); - if (server_name == NULL) { - kerr = KRB5_CC_NOMEM; - DEBUG(1, ("talloc_asprintf failed.\n")); Index: files/patch-src__providers__ldap__ldap_auth.c =================================================================== --- files/patch-src__providers__ldap__ldap_auth.c (revision 325399) +++ files/patch-src__providers__ldap__ldap_auth.c (working copy) @@ -1,5 +1,16 @@ ---- ./src/providers/ldap/ldap_auth.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_auth.c 2011-10-13 12:15:03.000000000 -0400 +From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c + +--- + src/providers/ldap/ldap_auth.c | 60 ++++++++++++++++++++++++++---------------- + 1 file changed, 37 insertions(+), 23 deletions(-) + +diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c +index b0dd30c..6b1ad83 100644 +--- src/providers/ldap/ldap_auth.c ++++ src/providers/ldap/ldap_auth.c @@ -37,7 +37,6 @@ #include <sys/time.h> #include <strings.h> @@ -8,15 +19,7 @@ #include <security/pam_modules.h> #include "util/util.h" -@@ -46,6 +45,7 @@ - #include "providers/ldap/ldap_common.h" - #include "providers/ldap/sdap_async.h" - -+ - /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the - * fact that using the expiration time of a Kerberos password with LDAP - * authentication is presumably a rare case a separate config option is not -@@ -59,6 +59,22 @@ +@@ -56,6 +55,22 @@ enum pwexpire { PWEXPIRE_SHADOW }; @@ -39,7 +42,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -111,17 +127,16 @@ +@@ -110,17 +125,16 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, return EINVAL; } @@ -61,7 +64,7 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("Kerberos password expired.\n")); -@@ -742,7 +757,7 @@ +@@ -762,7 +776,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); @@ -70,7 +73,7 @@ if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(2, ("chpass target was called by wrong pam command.\n")); -@@ -799,7 +814,7 @@ +@@ -821,7 +835,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret) { @@ -79,7 +82,7 @@ goto done; } -@@ -819,7 +834,7 @@ +@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); @@ -88,8 +91,8 @@ goto done; } break; -@@ -828,14 +843,14 @@ - &result); +@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req) + state->breq->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; @@ -105,7 +108,7 @@ goto done; } break; -@@ -844,7 +859,7 @@ +@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); @@ -114,7 +117,7 @@ goto done; } } -@@ -884,7 +899,7 @@ +@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) dp_err = DP_ERR_OFFLINE; break; default: @@ -123,25 +126,43 @@ } done: -@@ -905,7 +920,7 @@ +@@ -929,7 +943,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -964,7 +979,7 @@ +@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) + state->dn, + lastchanged_name); + if (subreq == NULL) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + +@@ -991,7 +1005,7 @@ static void sdap_lastchange_done(struct tevent_req *req) + + ret = sdap_modify_shadow_lastchange_recv(req); + if (ret != EOK) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; goto done; } +@@ -1032,7 +1046,7 @@ void sdap_pam_auth_handler(struct be_req *breq) + goto done; + } + - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: -@@ -1021,7 +1036,7 @@ +@@ -1090,7 +1104,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret != EOK) { @@ -150,7 +171,7 @@ dp_err = DP_ERR_FATAL; goto done; } -@@ -1033,7 +1048,7 @@ +@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd, &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); @@ -159,8 +180,8 @@ goto done; } break; -@@ -1042,7 +1057,7 @@ - state->pd, &result); +@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) + be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; @@ -168,8 +189,8 @@ goto done; } break; -@@ -1050,7 +1065,7 @@ - ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result); +@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) + be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_ldap failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; @@ -177,7 +198,7 @@ goto done; } break; -@@ -1058,7 +1073,7 @@ +@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); @@ -186,7 +207,7 @@ goto done; } } -@@ -1080,7 +1095,7 @@ +@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; default: @@ -195,3 +216,6 @@ dp_err = DP_ERR_FATAL; } +-- +1.8.0 + Index: files/patch-src__providers__ldap__ldap_child.c =================================================================== --- files/patch-src__providers__ldap__ldap_child.c (revision 325399) +++ files/patch-src__providers__ldap__ldap_child.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/providers/ldap/ldap_child.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_child.c 2011-10-13 12:15:03.000000000 -0400 -@@ -165,7 +165,7 @@ +From 144bf96dbd929248159bf932c1d3b5bccf451bee Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 10/34] patch-src__providers__ldap__ldap_child.c + +--- + src/providers/ldap/ldap_child.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c +index f35d946..9a45cf5 100644 +--- src/providers/ldap/ldap_child.c ++++ src/providers/ldap/ldap_child.c +@@ -206,7 +206,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } realm_name = talloc_strdup(memctx, default_realm); @@ -9,35 +20,6 @@ if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; -@@ -279,20 +279,20 @@ - goto done; - } - -- krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); -- if (krberr) { -- DEBUG(2, ("Failed to get KDC time offset: %s\n", -- sss_krb5_get_error_message(context, krberr))); -- kdc_time_offset = 0; -- } else { -- if (kdc_time_offset_usec > 0) { -- kdc_time_offset++; -- } -- } -+ // krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); -+ // if (krberr) { -+ // DEBUG(2, ("Failed to get KDC time offset: %s\n", -+ // sss_krb5_get_error_message(context, krberr))); -+ // kdc_time_offset = 0; -+ // } else { -+ // if (kdc_time_offset_usec > 0) { -+ // kdc_time_offset++; -+ // } -+ // } - - krberr = 0; - *ccname_out = ccname; -- *expire_time_out = my_creds.times.endtime - kdc_time_offset; -+ *expire_time_out = my_creds.times.endtime; - - done: - if (keytab) krb5_kt_close(context, keytab); +-- +1.8.0 + Index: files/patch-src__providers__ldap__ldap_common.c =================================================================== --- files/patch-src__providers__ldap__ldap_common.c (revision 325399) +++ files/patch-src__providers__ldap__ldap_common.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/providers/ldap/ldap_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -749,7 +749,7 @@ +From 5becc163a7101c94c84c4b7e330b62eb137c3bd7 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 11/34] patch-src__providers__ldap__ldap_common.c + +--- + src/providers/ldap/ldap_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.c +index f8b921a..84e51ae 100644 +--- src/providers/ldap/ldap_common.c ++++ src/providers/ldap/ldap_common.c +@@ -1109,7 +1109,7 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) } realm = talloc_strdup(mem_ctx, krb5_realm); @@ -9,3 +20,6 @@ if (!realm) { DEBUG(0, ("Out of memory\n")); goto done; +-- +1.8.0 + Index: files/patch-src__providers__ldap__sdap_access.c =================================================================== --- files/patch-src__providers__ldap__sdap_access.c (revision 325399) +++ files/patch-src__providers__ldap__sdap_access.c (working copy) @@ -1,5 +1,16 @@ ---- ./src/providers/ldap/sdap_access.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/sdap_access.c 2011-10-13 12:15:03.000000000 -0400 +From cebca2806d06fce5a5c610a39044a5a4039f71ef Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 12/34] patch-src__providers__ldap__sdap_access.c + +--- + src/providers/ldap/sdap_access.c | 43 +++++++++++++++++++--------------------- + 1 file changed, 20 insertions(+), 23 deletions(-) + +diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c +index b198e04..37eae45 100644 +--- src/providers/ldap/sdap_access.c ++++ src/providers/ldap/sdap_access.c @@ -22,9 +22,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -10,7 +21,7 @@ #include <sys/param.h> #include <security/pam_modules.h> #include <talloc.h> -@@ -119,7 +117,7 @@ +@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq) pd); if (req == NULL) { DEBUG(1, ("Unable to start sdap_access request\n")); @@ -19,16 +30,16 @@ return; } -@@ -157,7 +155,7 @@ +@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, - state->be_ctx = be_ctx; + state->be_req = be_req; state->pd = pd; - state->pam_status = PAM_SYSTEM_ERR; + state->pam_status = PAM_SERVICE_ERR; state->ev = ev; state->access_ctx = access_ctx; state->current_rule = 0; -@@ -502,18 +500,17 @@ +@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str) return true; } @@ -51,7 +62,7 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("NDS account expired.\n")); -@@ -663,7 +660,7 @@ +@@ -662,7 +659,7 @@ static struct tevent_req *sdap_account_expired_send(TALLOC_CTX *mem_ctx, return NULL; } @@ -60,7 +71,7 @@ expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); -@@ -747,7 +744,7 @@ +@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -69,17 +80,17 @@ tevent_req_error(req, ret); return; } -@@ -807,7 +804,7 @@ +@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->filter = NULL; - state->be_ctx = be_ctx; + state->be_req = be_req; state->username = username; - state->pam_status = PAM_SYSTEM_ERR; + state->pam_status = PAM_SERVICE_ERR; state->sdap_ctx = access_ctx->id_ctx; state->ev = ev; state->access_ctx = access_ctx; -@@ -953,7 +950,7 @@ - SDAP_SEARCH_TIMEOUT)); +@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) + false); if (subreq == NULL) { DEBUG(1, ("Could not start LDAP communication\n")); - state->pam_status = PAM_SYSTEM_ERR; @@ -87,7 +98,7 @@ tevent_req_error(req, EIO); return; } -@@ -984,13 +981,13 @@ +@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) if (ret == EOK) { return; } @@ -103,7 +114,7 @@ } goto done; -@@ -1009,7 +1006,7 @@ +@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) else if (results == NULL) { DEBUG(1, ("num_results > 0, but results is NULL\n")); ret = EIO; @@ -112,7 +123,7 @@ goto done; } else if (num_results > 1) { -@@ -1018,7 +1015,7 @@ +@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) */ DEBUG(1, ("Received multiple replies\n")); ret = EIO; @@ -121,7 +132,7 @@ goto done; } else { /* Ok, we got a single reply */ -@@ -1106,7 +1103,7 @@ +@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -130,7 +141,7 @@ tevent_req_error(req, ret); return; } -@@ -1247,7 +1244,7 @@ +@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -139,7 +150,7 @@ tevent_req_error(req, ret); return; } -@@ -1274,7 +1271,7 @@ +@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send( struct ldb_message_element *el; unsigned int i; char *host; @@ -148,7 +159,7 @@ req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); if (!req) { -@@ -1370,7 +1367,7 @@ +@@ -1365,7 +1362,7 @@ static void sdap_access_host_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -157,7 +168,7 @@ tevent_req_error(req, ret); return; } -@@ -1395,7 +1392,7 @@ +@@ -1391,7 +1388,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status) static void sdap_access_done(struct tevent_req *req) { errno_t ret; @@ -166,7 +177,7 @@ struct be_req *breq = tevent_req_callback_data(req, struct be_req); -@@ -1403,7 +1400,7 @@ +@@ -1399,7 +1396,7 @@ static void sdap_access_done(struct tevent_req *req) talloc_zfree(req); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -175,3 +186,6 @@ } sdap_access_reply(breq, pam_status); +-- +1.8.0 + Index: files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c =================================================================== --- files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (revision 0) +++ files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (working copy) @@ -0,0 +1,42 @@ +From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:01:26 +0200 +Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c + +--- + src/providers/ldap/sdap_async_sudo_hostinfo.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c +index 0a695cd..108b4c2 100644 +--- src/providers/ldap/sdap_async_sudo_hostinfo.c ++++ src/providers/ldap/sdap_async_sudo_hostinfo.c +@@ -371,7 +371,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, + struct tevent_req *subreq = NULL; + struct sdap_sudo_get_hostnames_state *state = NULL; + char *dot = NULL; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[_POSIX_HOST_NAME_MAX + 1]; + int resolv_timeout; + int ret; + +@@ -395,14 +395,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, + /* get hostname */ + + errno = 0; +- ret = gethostname(hostname, HOST_NAME_MAX); ++ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); + if (ret != EOK) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname " + "[%d]: %s\n", ret, strerror(ret))); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[_POSIX_HOST_NAME_MAX] = '\0'; + + state->hostnames[0] = talloc_strdup(state->hostnames, hostname); + if (state->hostnames[0] == NULL) { +-- +1.8.0 + Index: files/patch-src__providers__proxy__proxy_init.c =================================================================== --- files/patch-src__providers__proxy__proxy_init.c (revision 325399) +++ files/patch-src__providers__proxy__proxy_init.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/providers/proxy/proxy_init.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/proxy/proxy_init.c 2011-10-13 12:15:03.000000000 -0400 -@@ -124,7 +124,7 @@ +From 6d9c90d8cd4dedbc0f3642e9fc8287eb34504e1a Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 13/34] patch-src__providers__proxy__proxy_init.c + +--- + src/providers/proxy/proxy_init.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git src/providers/proxy/proxy_init.c src/providers/proxy/proxy_init.c +index de4d7b6..99b464a 100644 +--- src/providers/proxy/proxy_init.c ++++ src/providers/proxy/proxy_init.c +@@ -123,7 +123,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, if (!ctx->handle) { DEBUG(0, ("Unable to load %s module with path, error: %s\n", libpath, dlerror())); @@ -9,7 +20,7 @@ goto done; } -@@ -132,7 +132,7 @@ +@@ -131,7 +131,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getpwnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -18,7 +29,7 @@ goto done; } -@@ -140,14 +140,14 @@ +@@ -139,14 +139,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getpwuid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -35,7 +46,7 @@ goto done; } -@@ -155,14 +155,14 @@ +@@ -154,14 +154,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getpwent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -52,7 +63,7 @@ goto done; } -@@ -170,7 +170,7 @@ +@@ -169,7 +169,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getgrnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -61,7 +72,7 @@ goto done; } -@@ -178,14 +178,14 @@ +@@ -177,14 +177,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getgrgid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -78,7 +89,7 @@ goto done; } -@@ -193,14 +193,14 @@ +@@ -192,14 +192,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getgrent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -95,3 +106,6 @@ goto done; } +-- +1.8.0 + Index: files/patch-src__resolv__async_resolv.c =================================================================== --- files/patch-src__resolv__async_resolv.c (revision 325399) +++ files/patch-src__resolv__async_resolv.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/resolv/async_resolv.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/resolv/async_resolv.c 2011-10-13 12:15:03.000000000 -0400 -@@ -1073,7 +1073,6 @@ +From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c + +--- + src/resolv/async_resolv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c +index 268d266..1bb84e5 100644 +--- src/resolv/async_resolv.c ++++ src/resolv/async_resolv.c +@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name) hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ ret = getaddrinfo(name, NULL, &hints, &res); @@ -8,7 +19,7 @@ if (ret != 0) { if (ret == -2) { DEBUG(9, ("[%s] does not look like an IP address\n", name)); -@@ -1081,6 +1080,8 @@ +@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name) DEBUG(2, ("getaddrinfo failed [%d]: %s\n", ret, gai_strerror(ret))); } @@ -17,3 +28,6 @@ } return ret == 0; +-- +1.8.0 + Index: files/patch-src__responder__common__responder_common.c =================================================================== --- files/patch-src__responder__common__responder_common.c (revision 325399) +++ files/patch-src__responder__common__responder_common.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/responder/common/responder_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -195,7 +195,7 @@ +From b668ec58a5d60c65e24c3b123ab7589fb28c3e83 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 15/34] patch-src__responder__common__responder_common.c + +--- + src/responder/common/responder_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/responder/common/responder_common.c src/responder/common/responder_common.c +index c5d7577..965a870 100644 +--- src/responder/common/responder_common.c ++++ src/responder/common/responder_common.c +@@ -308,7 +308,7 @@ static void client_recv(struct cli_ctx *cctx) talloc_free(cctx); break; @@ -9,3 +20,6 @@ DEBUG(5, ("Client disconnected!\n")); talloc_free(cctx); break; +-- +1.8.0 + Index: files/patch-src__responder__common__responder_dp.c =================================================================== --- files/patch-src__responder__common__responder_dp.c (revision 325399) +++ files/patch-src__responder__common__responder_dp.c (working copy) @@ -1,15 +1,17 @@ ---- ./src/responder/common/responder_dp.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_dp.c 2011-10-13 12:15:03.000000000 -0400 -@@ -210,7 +210,7 @@ - &sdp_req->err_min, - &sdp_req->err_msg); - if (ret != EOK) { -- if (ret == ETIME) { -+ if (ret == ETIMEDOUT) { - sdp_req->err_maj = DP_ERR_TIMEOUT; - sdp_req->err_min = ret; - sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); -@@ -569,7 +569,7 @@ +From e98e59d8a6958ac1dc87b53f71aa9f51251b4568 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 16/34] patch-src__responder__common__responder_dp.c + +--- + src/responder/common/responder_dp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git src/responder/common/responder_dp.c src/responder/common/responder_dp.c +index d15ca4d..3cb406a 100644 +--- src/responder/common/responder_dp.c ++++ src/responder/common/responder_dp.c +@@ -213,7 +213,7 @@ static int sss_dp_get_reply(DBusPendingCall *pending, case DBUS_MESSAGE_TYPE_ERROR: if (strcmp(dbus_message_get_error_name(reply), DBUS_ERROR_NO_REPLY) == 0) { @@ -18,3 +20,15 @@ goto done; } DEBUG(0,("The Data Provider returned an error [%s]\n", +@@ -734,7 +734,7 @@ static void sss_dp_internal_get_done(DBusPendingCall *pending, void *ptr) + &sdp_req->dp_ret, + &sdp_req->err_msg); + if (ret != EOK) { +- if (ret == ETIME) { ++ if (ret == ETIMEDOUT) { + sdp_req->dp_err = DP_ERR_TIMEOUT; + sdp_req->dp_ret = ret; + sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); +-- +1.8.0 + Index: files/patch-src__responder__common__responder_packet.c =================================================================== --- files/patch-src__responder__common__responder_packet.c (revision 325399) +++ files/patch-src__responder__common__responder_packet.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/responder/common/responder_packet.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_packet.c 2011-10-13 12:15:03.000000000 -0400 -@@ -192,7 +192,7 @@ +From dd2d4ee745852a6d059b07966d1728b10c1240ff Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 17/34] patch-src__responder__common__responder_packet.c + +--- + src/responder/common/responder_packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/responder/common/responder_packet.c src/responder/common/responder_packet.c +index 5132d95..09b8d6d 100644 +--- src/responder/common/responder_packet.c ++++ src/responder/common/responder_packet.c +@@ -192,7 +192,7 @@ int sss_packet_recv(struct sss_packet *packet, int fd) } if (rb == 0) { @@ -9,3 +20,6 @@ } if (*packet->len > packet->memsize) { +-- +1.8.0 + Index: files/patch-src__sss_client__common.c =================================================================== --- files/patch-src__sss_client__common.c (revision 325399) +++ files/patch-src__sss_client__common.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/sss_client/common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -26,6 +26,7 @@ +From f40ad7e39f68345f3bfec169556463c1a13706e0 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 18/34] patch-src__sss_client__common.c + +--- + src/sss_client/common.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git src/sss_client/common.c src/sss_client/common.c +index 6639ae1..d0b5c6d 100644 +--- src/sss_client/common.c ++++ src/sss_client/common.c +@@ -25,6 +25,7 @@ #include "config.h" #include <nss.h> @@ -8,7 +19,18 @@ #include <security/pam_modules.h> #include <errno.h> #include <sys/types.h> -@@ -111,7 +112,6 @@ +@@ -61,6 +62,10 @@ + #define SSS_DEFAULT_WRITE_FLAGS 0 + #endif + ++#ifndef EOWNERDEAD ++#define EOWNERDEAD 130 ++#endif ++ + /* common functions */ + + int sss_cli_sd = -1; /* the sss client socket descriptor */ +@@ -124,7 +129,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, *errnop = error; break; case 0: @@ -16,15 +38,15 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -216,7 +216,6 @@ +@@ -232,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: - if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -638,7 +637,6 @@ + if (pfd.revents & (POLLHUP)) { +@@ -669,7 +672,6 @@ static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name *errnop = error; break; case 0: @@ -32,7 +54,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -688,23 +686,23 @@ +@@ -719,23 +721,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { @@ -61,3 +83,15 @@ } } +@@ -984,7 +986,7 @@ errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len) + *len = 0; + while (*len < maxlen) { + if (str[*len] == '\0') break; +- len++; ++ ++*len; + } + #endif + +-- +1.8.0 + Index: files/patch-src__sss_client__nss_group.c =================================================================== --- files/patch-src__sss_client__nss_group.c (revision 325399) +++ files/patch-src__sss_client__nss_group.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/sss_client/nss_group.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/nss_group.c 2011-10-13 12:15:03.000000000 -0400 -@@ -248,6 +248,77 @@ +From 36ea9e6d18578237b9e7ffef382788736eab49f5 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 19/34] patch-src__sss_client__nss_group.c + +--- + src/sss_client/nss_group.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 71 insertions(+) + +diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c +index e6ea54b..88cd1ab 100644 +--- src/sss_client/nss_group.c ++++ src/sss_client/nss_group.c +@@ -343,6 +343,77 @@ out: } @@ -78,3 +89,6 @@ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { +-- +1.8.0 + Index: files/patch-src__sss_client__pam_sss.c =================================================================== --- files/patch-src__sss_client__pam_sss.c (revision 0) +++ files/patch-src__sss_client__pam_sss.c (working copy) @@ -0,0 +1,29 @@ +From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:02:31 +0200 +Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c + +--- + src/sss_client/pam_sss.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c +index 3734c8f..7110d38 100644 +--- src/sss_client/pam_sss.c ++++ src/sss_client/pam_sss.c +@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) + + static void close_fd(pam_handle_t *pamh, void *ptr, int err) + { ++#ifdef PAM_DATA_REPLACE + if (err & PAM_DATA_REPLACE) { + /* Nothing to do */ + return; + } ++#endif /* PAM_DATA_REPLACE */ + + D(("Closing the fd")); + sss_pam_close_fd(); +-- +1.8.0 + Index: files/patch-src__sss_client__pam_test_client.c =================================================================== --- files/patch-src__sss_client__pam_test_client.c (revision 325399) +++ files/patch-src__sss_client__pam_test_client.c (working copy) @@ -1,5 +1,16 @@ ---- ./src/sss_client/pam_test_client.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/pam_test_client.c 2011-10-13 12:15:03.000000000 -0400 +From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c + +--- + src/sss_client/pam_test_client.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c +index ef424e7..d8cf36c 100644 +--- src/sss_client/pam_test_client.c ++++ src/sss_client/pam_test_client.c @@ -24,12 +24,13 @@ #include <stdio.h> @@ -16,3 +27,6 @@ NULL }; +-- +1.8.0 + Index: files/patch-src__sss_client__sss_nss.exports =================================================================== --- files/patch-src__sss_client__sss_nss.exports (revision 325399) +++ files/patch-src__sss_client__sss_nss.exports (working copy) @@ -1,6 +1,17 @@ ---- ./src/sss_client/sss_nss.exports.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/sss_nss.exports 2011-10-13 12:13:42.000000000 -0400 -@@ -3,6 +3,7 @@ +From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports + +--- + src/sss_client/sss_nss.exports | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports +index 1eefea8..8e85a05 100644 +--- src/sss_client/sss_nss.exports ++++ src/sss_client/sss_nss.exports +@@ -3,6 +3,7 @@ EXPORTED { # public functions global: @@ -8,7 +19,7 @@ _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; -@@ -14,8 +15,25 @@ +@@ -14,8 +15,25 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; @@ -34,3 +45,6 @@ #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; #_nss_sss_getaliasent_r; +-- +1.8.0 + Index: files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c =================================================================== --- files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (revision 325399) +++ files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (working copy) @@ -1,20 +1,54 @@ ---- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 -@@ -265,7 +265,7 @@ - goto done; - } +From 557ea27d9f1a8f86dc769ea6c174055992ebf803 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 22/34] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c + +--- + src/util/crypto/libcrypto/crypto_sha512crypt.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c +index f4c3e0d..ed77fa6 100644 +--- src/util/crypto/libcrypto/crypto_sha512crypt.c ++++ src/util/crypto/libcrypto/crypto_sha512crypt.c +@@ -10,9 +10,7 @@ + /* SHA512-based Unix crypt implementation. + Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. */ -- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); -+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); - buflen -= SALT_PREF_SIZE; +-#include "config.h" +- +-#include <endian.h> ++#include <sys/endian.h> + #include <errno.h> + #include <limits.h> + #include <stdbool.h> +@@ -41,6 +39,8 @@ const char sha512_rounds_prefix[] = "rounds="; + #define ROUNDS_MIN 1000 + #define ROUNDS_MAX 999999999 - if (rounds_custom) { -@@ -283,7 +283,7 @@ - ret = ERANGE; - goto done; ++#define __stpncpy(x, y, z) stpncpy(x, y, z) ++ + /* Table with characters for base64 transformation. */ + const char b64t[64] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +@@ -198,7 +198,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } -- cp = __stpncpy(cp, salt, salt_len); -+ cp = stpncpy(cp, salt, salt_len); - *cp++ = '$'; - buflen -= salt_len + 1; + memcpy(cp, temp_result, cnt); +@@ -219,7 +219,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; + } + memcpy(cp, temp_result, cnt); + +-- +1.8.0 + Index: files/patch-src__util__crypto__nss__nss_sha512crypt.c =================================================================== --- files/patch-src__util__crypto__nss__nss_sha512crypt.c (revision 325399) +++ files/patch-src__util__crypto__nss__nss_sha512crypt.c (working copy) @@ -1,5 +1,16 @@ ---- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/crypto/nss/nss_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 +From f5fbf2eee46f33a4614f0553403c8590ca04bb59 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 23/34] patch-src__util__crypto__nss__nss_sha512crypt.c + +--- + src/util/crypto/nss/nss_sha512crypt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c +index 76eb8a6..db7582d 100644 +--- src/util/crypto/nss/nss_sha512crypt.c ++++ src/util/crypto/nss/nss_sha512crypt.c @@ -10,7 +10,7 @@ #include "config.h" @@ -9,21 +20,33 @@ #include <errno.h> #include <limits.h> #include <stdbool.h> -@@ -267,7 +267,7 @@ - goto done; +@@ -42,6 +42,8 @@ const char sha512_rounds_prefix[] = "rounds="; + #define ROUNDS_MIN 1000 + #define ROUNDS_MAX 999999999 + ++#define __stpncpy(x, y, z) stpncpy(x, y, z) ++ + /* Table with characters for base64 transformation. */ + const char b64t[64] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +@@ -205,7 +207,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } + memcpy(cp, temp_result, cnt); -- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); -+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); - buflen -= SALT_PREF_SIZE; - - if (rounds_custom) { -@@ -285,7 +285,7 @@ - ret = ERANGE; - goto done; +@@ -223,7 +225,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } -- cp = __stpncpy(cp, salt, salt_len); -+ cp = stpncpy(cp, salt, salt_len); - *cp++ = '$'; - buflen -= salt_len + 1; + memcpy(cp, temp_result, cnt); +-- +1.8.0 + Index: files/patch-src__util__find_uid.c =================================================================== --- files/patch-src__util__find_uid.c (revision 325399) +++ files/patch-src__util__find_uid.c (working copy) @@ -1,6 +1,17 @@ ---- ./src/util/find_uid.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/find_uid.c 2011-10-13 12:15:03.000000000 -0400 -@@ -67,7 +67,7 @@ +From 0b1b319b34db96e2088c1f71d51ce95f819ccce8 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 24/34] patch-src__util__find_uid.c + +--- + src/util/find_uid.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git src/util/find_uid.c src/util/find_uid.c +index d34a4ab..b309b19 100644 +--- src/util/find_uid.c ++++ src/util/find_uid.c +@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) uint32_t num=0; errno_t error; @@ -9,7 +20,7 @@ if (ret < 0) { DEBUG(1, ("snprintf failed")); return EINVAL; -@@ -204,7 +204,7 @@ +@@ -206,7 +206,7 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) hash_key_t key; hash_value_t value; @@ -18,7 +29,7 @@ if (proc_dir == NULL) { ret = errno; DEBUG(1, ("Cannot open proc dir.\n")); -@@ -278,9 +278,8 @@ +@@ -280,9 +280,8 @@ done: errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { @@ -29,3 +40,6 @@ ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); +-- +1.8.0 + Index: files/patch-src__util__murmurhash3.c =================================================================== --- files/patch-src__util__murmurhash3.c (revision 0) +++ files/patch-src__util__murmurhash3.c (working copy) @@ -0,0 +1,27 @@ +From 1295f600b3e94e02d8c5181b1b156325619c449f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 25/34] patch-src__util__murmurhash3.c + +--- + src/util/murmurhash3.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git src/util/murmurhash3.c src/util/murmurhash3.c +index 80e52ed..341505c 100644 +--- src/util/murmurhash3.c ++++ src/util/murmurhash3.c +@@ -8,9 +8,8 @@ + + #include <stdlib.h> + #include <stdint.h> +-#include <endian.h> ++#include <sys/endian.h> + #include <string.h> +-#include <byteswap.h> + + /* support RHEL5 lack of definitions */ + #ifndef le32toh +-- +1.8.0 + Index: files/patch-src__util__server.c =================================================================== --- files/patch-src__util__server.c (revision 325399) +++ files/patch-src__util__server.c (working copy) @@ -1,22 +1,35 @@ ---- ./src/util/server.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/server.c 2011-10-13 12:15:03.000000000 -0400 -@@ -296,14 +296,15 @@ - BlockSignals(false, SIGTERM); +From 43f9d669315d710d8479b259e33d1f16afcba1d2 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 26/34] patch-src__util__server.c + +--- + src/util/server.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git src/util/server.c src/util/server.c +index b3073fc..2def1f6 100644 +--- src/util/server.c ++++ src/util/server.c +@@ -321,12 +321,13 @@ static void setup_signals(void) + BlockSignals(false, SIGTERM); - CatchSignal(SIGHUP, sig_hup); + CatchSignal(SIGHUP, sig_hup); - #ifndef HAVE_PRCTL - /* If prctl is not defined on the system, try to handle - * some common termination signals gracefully */ -- CatchSignal(SIGSEGV, sig_segv_abrt); -- CatchSignal(SIGABRT, sig_segv_abrt); -+ /* -+ CatchSignal(SIGSEGV, sig_segv_abrt); -+ CatchSignal(SIGABRT, sig_segv_abrt); -+ */ +- /* If prctl is not defined on the system, try to handle +- * some common termination signals gracefully */ +- CatchSignal(SIGSEGV, sig_segv_abrt); +- CatchSignal(SIGABRT, sig_segv_abrt); ++ /* If prctl is not defined on the system, try to handle ++ * some common termination signals gracefully */ ++ /* ++ CatchSignal(SIGSEGV, sig_segv_abrt); ++ CatchSignal(SIGABRT, sig_segv_abrt); ++ */ #endif -- -+ + } - - /* +-- +1.8.0 + Index: files/patch-src__util__sss_krb5.c =================================================================== --- files/patch-src__util__sss_krb5.c (revision 325399) +++ files/patch-src__util__sss_krb5.c (working copy) @@ -1,58 +0,0 @@ ---- ./src/util/sss_krb5.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_krb5.c 2011-10-13 12:15:03.000000000 -0400 -@@ -165,8 +165,8 @@ - - if (_realm) { - *_realm = talloc_asprintf(mem_ctx, "%.*s", -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data); -+ krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)), -+ krb5_princ_realm(krb_ctx, client_princ)); - if (!*_realm) { - DEBUG(1, ("talloc_asprintf failed")); - if (_principal) talloc_zfree(*_principal); -@@ -243,7 +243,7 @@ - } - - realm_name = talloc_strdup(tmp_ctx, default_realm); -- krb5_free_default_realm(context, default_realm); -+ free(default_realm); - if (!realm_name) { - ret = ENOMEM; - goto done; -@@ -322,7 +322,7 @@ - found = true; - } - free(kt_principal); -- krberr = krb5_free_keytab_entry_contents(context, &entry); -+ krberr = krb5_kt_free_entry(context, &entry); - if (krberr) { - /* This should never happen. The API docs for this function - * specify only success for this function -@@ -466,7 +466,7 @@ - break; - } - -- kerr = krb5_free_keytab_entry_contents(ctx, &entry); -+ kerr = krb5_kt_free_entry(ctx, &entry); - if (kerr != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -504,7 +504,7 @@ - kerr = 0; - - done: -- kerr_d = krb5_free_keytab_entry_contents(ctx, &entry); -+ kerr_d = krb5_kt_free_entry(ctx, &entry); - if (kerr_d != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -540,7 +540,7 @@ - void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) - { - #ifdef HAVE_KRB5_GET_ERROR_MESSAGE -- krb5_free_error_message(ctx, s); -+ free(s); - #else - free(s); - #endif Index: files/patch-src__util__sss_krb5.h =================================================================== --- files/patch-src__util__sss_krb5.h (revision 325399) +++ files/patch-src__util__sss_krb5.h (working copy) @@ -1,11 +0,0 @@ ---- ./src/util/sss_krb5.h.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_krb5.h 2011-10-13 12:15:09.000000000 -0400 -@@ -34,6 +34,8 @@ - - #include "util/util.h" - -+#define KRB5_CALLCONV -+ - const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, - krb5_error_code); - Index: files/patch-src__util__sss_ldap.c =================================================================== --- files/patch-src__util__sss_ldap.c (revision 325399) +++ files/patch-src__util__sss_ldap.c (working copy) @@ -1,6 +1,27 @@ ---- ./src/util/sss_ldap.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_ldap.c 2011-10-13 12:15:03.000000000 -0400 -@@ -267,7 +267,7 @@ +From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 27/34] patch-src__util__sss_ldap.c + +--- + src/util/sss_ldap.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git src/util/sss_ldap.c src/util/sss_ldap.c +index 060aacf..a2cc82a 100644 +--- src/util/sss_ldap.c ++++ src/util/sss_ldap.c +@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, + errno = 0; + ret = connect(state->fd, (struct sockaddr *) &state->addr, + state->addr_len); ++ if (errno == EISCONN) { ++ ret = EOK; ++ } + if (ret != EOK) { + ret = errno; + if (ret == EINPROGRESS || ret == EINTR) { +@@ -268,7 +271,7 @@ static errno_t set_fd_flags_and_opts(int fd) strerror(ret))); } @@ -9,7 +30,7 @@ if (ret != 0) { ret = errno; DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, -@@ -340,7 +340,7 @@ +@@ -341,7 +344,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); subreq = sdap_async_sys_connect_send(state, ev, state->sd, @@ -18,3 +39,6 @@ if (subreq == NULL) { ret = ENOMEM; DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); +-- +1.8.0 + Index: files/patch-src__util__util.c =================================================================== --- files/patch-src__util__util.c (revision 325399) +++ files/patch-src__util__util.c (working copy) @@ -1,5 +1,16 @@ ---- ./src/util/util.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/util.c 2011-10-13 12:15:03.000000000 -0400 +From a6a31d9de9d15c1e4627f2a7cfb8cb83a6d3e99a Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 17:08:09 +0200 +Subject: [PATCH 28/34] patch-src__util__util.c + +--- + src/util/util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/util/util.c src/util/util.c +index ab98077..e279a2e 100644 +--- src/util/util.c ++++ src/util/util.c @@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -7,4 +18,7 @@ +#include <sys/socket.h> #include <ctype.h> #include <netdb.h> - + #include <poll.h> +-- +1.8.0 + Index: files/patch-src__util__util.h =================================================================== --- files/patch-src__util__util.h (revision 0) +++ files/patch-src__util__util.h (working copy) @@ -0,0 +1,48 @@ +From 4fb9ecea7fca68a58515e1552dfdb408ae28baeb Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 14:59:04 +0200 +Subject: [PATCH 29/34] patch-src__util__util.h + +--- + src/util/util.h | 25 +++++++------------------ + 1 file changed, 7 insertions(+), 18 deletions(-) + +diff --git src/util/util.h src/util/util.h +index 1f7c6c3..82988eb 100644 +--- src/util/util.h ++++ src/util/util.h +@@ -567,24 +567,13 @@ struct sss_domain_info *copy_subdomain(TALLOC_CTX *mem_ctx, + errno_t sss_br_lock_file(int fd, size_t start, size_t len, + int num_tries, useconds_t wait); + +-/* Endianness-compatibility for systems running older versions of glibc */ +- +-#ifndef le32toh +-#include <byteswap.h> +- +-/* Copied from endian.h on glibc 2.15 */ +-#ifdef __USE_BSD +-/* Conversion interfaces. */ +-# if __BYTE_ORDER == __LITTLE_ENDIAN +-# define le32toh(x) (x) +-# define htole32(x) (x) +-# else +-# define le32toh(x) __bswap_32 (x) +-# define htole32(x) __bswap_32 (x) +-# endif +-#endif /* __USE_BSD */ +- +-#endif /* le32toh */ ++#define BSD_ERR_MASK (0xB5DE <<16) ++#ifndef EUCLEAN ++#define EUCLEAN (BSD_ERR_MASK | 117) ++#endif ++#ifndef EMEDIUMTYPE ++#define EMEDIUMTYPE (BSD_ERR_MASK | 124) ++#endif + + #ifdef HAVE_PAC_RESPONDER + #define BUILD_WITH_PAC_RESPONDER true +-- +1.8.0 + Index: files/pkg-message.in =================================================================== --- files/pkg-message.in (revision 0) +++ files/pkg-message.in (working copy) @@ -0,0 +1,21 @@ +================================================================================ +Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf +and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) + +To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf + +To enable pam integration, add a line similar to the following to +/etc/pam.d/system: + +login auth sufficient %%PREFIX%%/lib/pam_sss.so + +To enable NSS integration, update /etc/nsswitch.conf as follows: + +group: sss files +passwd: sss files + +For additional details, please see the man pages for pam.conf and nsswitch.conf + +An sssd HOWTO is also available: +https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2 +================================================================================ Index: files/sssd.in =================================================================== --- files/sssd.in (revision 325399) +++ files/sssd.in (working copy) @@ -21,7 +21,7 @@ rcvar=sssd_enable command="%%PREFIX%%/sbin/$name" -sssd_flags="-D" +sssd_flags="-f -D" pidfile="/var/run/$name.pid" required_files="%%PREFIX%%/etc/$name/$name.conf" Index: pkg-message =================================================================== --- pkg-message (revision 325399) +++ pkg-message (working copy) @@ -1,21 +0,0 @@ -================================================================================ -Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf -and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) - -To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf - -To enable pam integration, add a line similar to the following to -/etc/pam.d/system: - -login auth sufficient %%PREFIX%%/lib/pam_sss.so - -To enable NSS integration, update /etc/nsswitch.conf as follows: - -group: sss files -passwd: sss files - -For additional details, please see the man pages for pam.conf and nsswitch.conf - -An sssd HOWTO is also available: -https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2 -================================================================================ Index: pkg-plist =================================================================== --- pkg-plist (revision 325399) +++ pkg-plist (working copy) @@ -1,16 +1,3 @@ -share/locale/zh_TW/LC_MESSAGES/sssd.mo -share/locale/uk/LC_MESSAGES/sssd.mo -share/locale/sv/LC_MESSAGES/sssd.mo -share/locale/ru/LC_MESSAGES/sssd.mo -share/locale/pt/LC_MESSAGES/sssd.mo -share/locale/pl/LC_MESSAGES/sssd.mo -share/locale/nl/LC_MESSAGES/sssd.mo -share/locale/ja/LC_MESSAGES/sssd.mo -share/locale/it/LC_MESSAGES/sssd.mo -share/locale/id/LC_MESSAGES/sssd.mo -share/locale/fr/LC_MESSAGES/sssd.mo -share/locale/es/LC_MESSAGES/sssd.mo -share/locale/de/LC_MESSAGES/sssd.mo sbin/sssd sbin/sss_usermod sbin/sss_userdel @@ -20,10 +7,16 @@ sbin/sss_groupmod sbin/sss_groupdel sbin/sss_groupadd +sbin/sss_debuglevel sbin/sss_cache +sbin/sss_seed +bin/sss_ssh_authorizedkeys +bin/sss_ssh_knownhostsproxy libexec/sssd/sssd_pam libexec/sssd/sssd_nss libexec/sssd/sssd_be +libexec/sssd/sssd_sudo +libexec/sssd/sssd_ssh libexec/sssd/proxy_child libexec/sssd/ldap_child libexec/sssd/krb5_child @@ -48,37 +41,48 @@ lib/libipa_hbac.so.0 lib/libipa_hbac.so lib/libipa_hbac.la -lib/ldb/memberof.so -%%PYTHON_SITELIBDIR%%/sssd_upgrade_config.pyc -%%PYTHON_SITELIBDIR%%/sssd_upgrade_config.py +lib/libsss_idmap.so.0 +lib/libsss_idmap.so +lib/libsss_idmap.la +libdata/pkgconfig/sss_idmap.pc +lib/libsss_sudo.so +lib/libsss_sudo.la +lib/sssd/libsss_ad.so +lib/sssd/libsss_ad.la +lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.la +lib/shared-modules/ldb/memberof.so +lib/shared-modules/ldb/memberof.la %%PYTHON_SITELIBDIR%%/pysss.so %%PYTHON_SITELIBDIR%%/pysss.la +%%PYTHON_SITELIBDIR%%/pysss_murmur.so +%%PYTHON_SITELIBDIR%%/pysss_murmur.la %%PYTHON_SITELIBDIR%%/pyhbac.so %%PYTHON_SITELIBDIR%%/pyhbac.la -%%PYTHON_SITELIBDIR%%/ipachangeconf.pyc -%%PYTHON_SITELIBDIR%%/ipachangeconf.py -%%PYTHON_SITELIBDIR%%/SSSDConfig.pyc -%%PYTHON_SITELIBDIR%%/SSSDConfig.py -%%PYTHON_SITELIBDIR%%/SSSDConfig-1-py%%PYTHON_VER%%.egg-info +%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py +%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py +%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.py +%%PYTHON_SITELIBDIR%%/SSSDConfig-1.9.5-py%%PYTHON_VER%%.egg-info +etc/sssd/sssd.conf.sample include/ipa_hbac.h -etc/sssd/sssd.api.d/sssd-simple.conf -etc/sssd/sssd.api.d/sssd-proxy.conf -etc/sssd/sssd.api.d/sssd-local.conf -etc/sssd/sssd.api.d/sssd-ldap.conf -etc/sssd/sssd.api.d/sssd-krb5.conf -etc/sssd/sssd.api.d/sssd-ipa.conf -etc/sssd/sssd.api.conf -etc/sssd/sssd.conf.sample -@dirrmtry lib/pkgconfig -@dirrmtry lib/ldb -@dirrmtry etc/sssd/sssd.api.d +include/sss_sudo.h +include/sss_idmap.h +@dirrmtry lib/shared-modules/ldb +@dirrmtry lib/shared-modules +@dirrm %%PYTHON_SITELIBDIR%%/SSSDConfig +@dirrm lib/sssd/modules +@dirrm lib/sssd @dirrmtry etc/sssd -@dirrm share/sssd/introspect -@dirrm share/sssd +@dirrmtry share/sssd/sssd/sssd.api.d +@dirrmtry share/sssd/sssd +@dirrmtry share/sssd @dirrm libexec/sssd -@dirrm lib/sssd @unexec if cmp -s %D/etc/sssd/sssd.conf.sample %D/etc/sssd/sssd.conf; then rm -f %D/etc/sssd/sssd.conf; fi @exec if [ ! -f %D/etc/sssd/sssd.conf ]; then cp -p %D/%F %B/sssd.conf; fi @unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi @unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi +@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi @unexec if [ -d /var/run/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/run/sss`` to remove any additional files."; fi >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308261514.r7QFE1NL031386>