ports/154000: [patch] Update net/nss-pam-ldap
Tom Judge
tom at tomjudge.com
Fri Jan 14 21:20:07 UTC 2011
>Number: 154000
>Category: ports
>Synopsis: [patch] Update net/nss-pam-ldap
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jan 14 21:20:06 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Tom Judge
>Release: FreeBSD 8.2-PRERELEASE amd64
>Organization:
>Environment:
System: FreeBSD tinderbox.home.tomjudge.com 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #1 r217241: Tue Jan 11 00:18:49 UTC 2011 tj at tinderbox.home.tomjudge.com:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
The attached patch updates nss-pam-ldap to 0.7.13.
It allso impliments the getgroupbymember function to massivly reduce the load on the ldap server.
>How-To-Repeat:
>Fix:
--- net-nss-pam-ldap.txt begins here ---
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/nss-pam-ldapd/Makefile,v
retrieving revision 1.6
diff -u -r1.6 Makefile
--- Makefile 4 Nov 2010 22:29:15 -0000 1.6
+++ Makefile 14 Jan 2011 17:23:51 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= nss-pam-ldapd
-PORTVERSION= 0.7.7
+PORTVERSION= 0.7.13
CATEGORIES= net
MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/ \
http://static.ipfw.ru/files/
@@ -42,7 +42,8 @@
CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE} \
--with-nslcd-socket=${NSLCD_SOCKET} \
- --with-ldap-lib=openldap --disable-kerberos
+ --with-ldap-lib=openldap --disable-kerberos \
+ --with-nss-ldap-soname=nss_ldap.so.1
.if defined(WITHOUT_NSS)
.undef NSS_COMPAT
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/net/nss-pam-ldapd/distinfo,v
retrieving revision 1.4
diff -u -r1.4 distinfo
--- distinfo 15 Jul 2010 22:51:59 -0000 1.4
+++ distinfo 14 Jan 2011 17:07:23 -0000
@@ -1,3 +1,2 @@
-MD5 (nss-pam-ldapd-0.7.7.tar.gz) = 7b37cc13b465495f90248e1209a05595
-SHA256 (nss-pam-ldapd-0.7.7.tar.gz) = fd6397990595243d3116fed2da409f582187329cc42794af2e47943a66ed363d
-SIZE (nss-pam-ldapd-0.7.7.tar.gz) = 457607
+SHA256 (nss-pam-ldapd-0.7.13.tar.gz) = 1bdba144669ac3220162d59bafe5ba4f83404f520bc9ead58b179745c82b8d4a
+SIZE (nss-pam-ldapd-0.7.13.tar.gz) = 478944
Index: pkg-plist
===================================================================
RCS file: /home/ncvs/ports/net/nss-pam-ldapd/pkg-plist,v
retrieving revision 1.3
diff -u -r1.3 pkg-plist
--- pkg-plist 15 Jul 2010 22:51:59 -0000 1.3
+++ pkg-plist 14 Jan 2011 17:43:55 -0000
@@ -1,3 +1,4 @@
+ at unexec if cmp -s %D/etc/%%CONFIG%%.sample %D/etc/%%CONFIG%%; then rm -f %D/etc/%%CONFIG%%; fi
etc/%%CONFIG%%.sample
%%NSS%%lib/nss_ldap.so.1
%%NSLCD%%sbin/nslcd
Index: files/patch-nss__bsdnss.c
===================================================================
RCS file: /home/ncvs/ports/net/nss-pam-ldapd/files/patch-nss__bsdnss.c,v
retrieving revision 1.2
diff -u -r1.2 patch-nss__bsdnss.c
--- files/patch-nss__bsdnss.c 9 Jan 2010 22:45:55 -0000 1.2
+++ files/patch-nss__bsdnss.c 14 Jan 2011 20:47:11 -0000
@@ -1,12 +1,15 @@
---- nss/bsdnss.c.orig 2009-08-10 16:06:22.000000000 +0000
-+++ nss/bsdnss.c 2009-08-10 15:58:04.000000000 +0000
-@@ -0,0 +1,157 @@
+--- /dev/null 2011-01-14 20:44:13.000000000 +0000
++++ nss/bsdnss.c 2011-01-14 20:33:39.000000000 +0000
+@@ -0,0 +1,234 @@
++#include <stdio.h>
++#include <stdlib.h>
+#include <errno.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <pwd.h>
+#include <grp.h>
+#include <nss.h>
++#include <nsswitch.h>
+#include <netdb.h>
+
+#define BUFFER_SIZE 1024
@@ -39,12 +42,15 @@
+extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
+ struct hostent * result, char *buffer,
+ size_t buflen, int *errnop, int *h_errnop);
++extern enum nss_status _nss_ldap_initgroups_dyn(const char *, gid_t, long int *,
++ long int *, gid_t **, long int, int *);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
++static NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
@@ -62,6 +68,7 @@
+{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
+{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
+{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++{ NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
+
+{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
+{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
@@ -150,6 +157,76 @@
+ return (status);
+}
+
++static int
++__gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *groupc)
++{
++ int ret, dupc;
++
++ /* skip duplicates */
++ for (dupc = 0; dupc < MIN(maxgrp, *groupc); dupc++) {
++ if (groups[dupc] == gid)
++ return 1;
++ }
++
++ ret = 1;
++ if (*groupc < maxgrp) /* add this gid */
++ groups[*groupc] = gid;
++ else
++ ret = 0;
++ (*groupc)++;
++ return ret;
++}
++
++static int
++__freebsd_getgroupmembership(void *retval, void *mdata, va_list ap)
++{
++
++ int err;
++ enum nss_status s;
++ gid_t group;
++ gid_t *tmpgroups;
++ size_t bufsize;
++ const char *user;
++ gid_t *groups;
++ gid_t agroup;
++ int maxgrp, *grpcnt;
++ int i, rv, ret_errno;
++ long int lstart, lsize;
++
++
++ user = va_arg(ap, const char *);
++ group = va_arg(ap, gid_t);
++ groups = va_arg(ap, gid_t *);
++ maxgrp = va_arg(ap, int);
++ grpcnt = va_arg(ap, int *);
++
++
++ tmpgroups = malloc(maxgrp * sizeof(gid_t));
++ if (tmpgroups == NULL) {
++ printf("Tried to mallog %u * %u\n", maxgrp, sizeof(gid_t));
++ return NS_TRYAGAIN;
++ }
++
++ /* insert primary membership */
++ __gr_addgid(group, groups, maxgrp, grpcnt);
++
++ lstart = 0;
++ lsize = maxgrp;
++ s = _nss_ldap_initgroups_dyn(user, group, &lstart, &lsize,
++ &tmpgroups, 0, &err);
++ if (s == NSS_STATUS_SUCCESS) {
++ for (i = 0; i < lstart; i++)
++ if (! __gr_addgid(tmpgroups[i], groups, maxgrp, grpcnt)) {
++ ;;
++ }
++ s = NSS_STATUS_NOTFOUND;
++ }
++
++ free(tmpgroups);
++
++ return __nss_compat_result(s, 0);
++}
++
+ns_mtab *
+nss_module_register(const char *source, unsigned int *mtabsize,
+ nss_module_unregister_fn *unreg)
--- net-nss-pam-ldap.txt ends here ---
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list