ports/161555: [new port] security/sssd
Andrew Elble
aweits at rit.edu
Thu Oct 13 18:40:10 UTC 2011
>Number: 161555
>Category: ports
>Synopsis: [new port] security/sssd
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 13 18:40:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Andrew Elble
>Release: 8.2-RELEASE
>Organization:
RIT
>Environment:
>Description:
new port: security/sssd
Integrates the functionality of pam_krb5 and pam_ldap/nss_ldap with caching and additional features.
This project provides a set of daemons to manage access to remote
directories and authentication mechanisms, it provides an NSS and
PAM interface toward the system and a pluggable backend system to
connect to multiple different account sources. It is also the
basis to provide client auditing and policy services for projects
like FreeIPA.
WWW: https://fedorahosted.org/sssd/
>How-To-Repeat:
>Fix:
Patch attached with submission follows:
# This is a shell archive. Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file". Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
# sssd
# sssd/files
# sssd/files/patch-src__providers__ldap__ldap_child.c
# sssd/files/patch-src__confdb__confdb.c
# sssd/files/patch-src__sss_client__common.c
# sssd/files/pam_macros.h
# sssd/files/patch-src__providers__ldap__ldap_common.c
# sssd/files/patch-src__providers__ldap__sdap_access.c
# sssd/files/patch-src__util__sss_krb5.h
# sssd/files/patch-src__providers__ldap__ldap_auth.c
# sssd/files/patch-src__util__sss_ldap.c
# sssd/files/patch-src__util__sss_krb5.c
# sssd/files/patch-src__providers__krb5__krb5_utils.c
# sssd/files/bsdnss.c
# sssd/files/patch-src__monitor__monitor.c
# sssd/files/patch-src__providers__proxy__proxy_init.c
# sssd/files/patch-src__providers__ipa__ipa_common.c
# sssd/files/patch-src__sss_client__pam_test_client.c
# sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c
# sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c
# sssd/files/patch-src__responder__common__responder_common.c
# sssd/files/patch-src__responder__common__responder_packet.c
# sssd/files/patch-src__responder__common__responder_dp.c
# sssd/files/sssd.in
# sssd/files/patch-src__providers__data_provider_be.c
# sssd/files/patch-src__providers__fail_over.c
# sssd/files/patch-src__providers__krb5__krb5_child.c
# sssd/files/patch-src__util__util.c
# sssd/files/patch-Makefile.am
# sssd/files/patch-src__sss_client__sss_nss.exports
# sssd/files/patch-src__resolv__async_resolv.c
# sssd/files/patch-src__util__server.c
# sssd/files/patch-src__sss_client__nss_group.c
# sssd/files/patch-src__util__find_uid.c
# sssd/Makefile
# sssd/distinfo
# sssd/pkg-descr
# sssd/pkg-plist
# sssd/pkg-message
#
echo c - sssd
mkdir -p sssd > /dev/null 2>&1
echo c - sssd/files
mkdir -p sssd/files > /dev/null 2>&1
echo x - sssd/files/patch-src__providers__ldap__ldap_child.c
sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_child.c << '0dff636266206d37854277ccc608940b'
X--- ./src/providers/ldap/ldap_child.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/ldap/ldap_child.c 2011-10-13 12:15:03.000000000 -0400
X@@ -165,7 +165,7 @@
X }
X
X realm_name = talloc_strdup(memctx, default_realm);
X- krb5_free_default_realm(context, default_realm);
X+ free(default_realm);
X if (!realm_name) {
X krberr = KRB5KRB_ERR_GENERIC;
X goto done;
X@@ -279,20 +279,20 @@
X goto done;
X }
X
X- krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec);
X- if (krberr) {
X- DEBUG(2, ("Failed to get KDC time offset: %s\n",
X- sss_krb5_get_error_message(context, krberr)));
X- kdc_time_offset = 0;
X- } else {
X- if (kdc_time_offset_usec > 0) {
X- kdc_time_offset++;
X- }
X- }
X+ // krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec);
X+ // if (krberr) {
X+ // DEBUG(2, ("Failed to get KDC time offset: %s\n",
X+ // sss_krb5_get_error_message(context, krberr)));
X+ // kdc_time_offset = 0;
X+ // } else {
X+ // if (kdc_time_offset_usec > 0) {
X+ // kdc_time_offset++;
X+ // }
X+ // }
X
X krberr = 0;
X *ccname_out = ccname;
X- *expire_time_out = my_creds.times.endtime - kdc_time_offset;
X+ *expire_time_out = my_creds.times.endtime;
X
X done:
X if (keytab) krb5_kt_close(context, keytab);
0dff636266206d37854277ccc608940b
echo x - sssd/files/patch-src__confdb__confdb.c
sed 's/^X//' >sssd/files/patch-src__confdb__confdb.c << '627640ab7c3922efe0925fdadd8e5f56'
X--- ./src/confdb/confdb.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/confdb/confdb.c 2011-10-13 12:15:03.000000000 -0400
X@@ -28,6 +28,11 @@
X #include "util/strtonum.h"
X #include "db/sysdb.h"
X
X+char *strchrnul(const char *s, int ch) {
X+ char *ret = strchr(s, ch);
X+ return ret == NULL ? ((char *)s) + strlen(s) : ret;
X+}
X+
X #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
X if (!var) { \
X ret = err; \
627640ab7c3922efe0925fdadd8e5f56
echo x - sssd/files/patch-src__sss_client__common.c
sed 's/^X//' >sssd/files/patch-src__sss_client__common.c << '26621ce01bbd60b4170be0b5004a9ef1'
X--- ./src/sss_client/common.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/sss_client/common.c 2011-10-13 12:15:03.000000000 -0400
X@@ -26,6 +26,7 @@
X #include "config.h"
X
X #include <nss.h>
X+#include <nsswitch.h>
X #include <security/pam_modules.h>
X #include <errno.h>
X #include <sys/types.h>
X@@ -111,7 +112,6 @@
X *errnop = error;
X break;
X case 0:
X- *errnop = ETIME;
X break;
X case 1:
X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
X@@ -216,7 +216,6 @@
X *errnop = error;
X break;
X case 0:
X- *errnop = ETIME;
X break;
X case 1:
X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
X@@ -638,7 +637,6 @@
X *errnop = error;
X break;
X case 0:
X- *errnop = ETIME;
X break;
X case 1:
X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
X@@ -688,23 +686,23 @@
X /* avoid looping in the nss daemon */
X envval = getenv("_SSS_LOOPS");
X if (envval && strcmp(envval, "NO") == 0) {
X- return NSS_STATUS_NOTFOUND;
X+ return NS_NOTFOUND;
X }
X
X ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME);
X if (ret != SSS_STATUS_SUCCESS) {
X- return NSS_STATUS_UNAVAIL;
X+ return NS_UNAVAIL;
X }
X
X ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
X switch (ret) {
X case SSS_STATUS_TRYAGAIN:
X- return NSS_STATUS_TRYAGAIN;
X+ return NS_TRYAGAIN;
X case SSS_STATUS_SUCCESS:
X- return NSS_STATUS_SUCCESS;
X+ return NS_SUCCESS;
X case SSS_STATUS_UNAVAIL:
X default:
X- return NSS_STATUS_UNAVAIL;
X+ return NS_UNAVAIL;
X }
X }
X
26621ce01bbd60b4170be0b5004a9ef1
echo x - sssd/files/pam_macros.h
sed 's/^X//' >sssd/files/pam_macros.h << '2219b187c780ea2d3d08bf43fc8c16c4'
X#ifndef PAM_MACROS_H
X#define PAM_MACROS_H
X
X/*
X * All kind of macros used by PAM, but usable in some other
X * programs too.
X * Organized by Cristian Gafton <gafton at redhat.com>
X */
X
X/* a 'safe' version of strdup */
X
X#include <stdlib.h>
X#include <string.h>
X
X#define x_strdup(s) ( (s) ? strdup(s):NULL )
X
X/* Good policy to strike out passwords with some characters not just
X free the memory */
X
X#define _pam_overwrite(x) \
Xdo { \
X register char *__xx__; \
X if ((__xx__=(x))) \
X while (*__xx__) \
X *__xx__++ = '\0'; \
X} while (0)
X
X#define _pam_overwrite_n(x,n) \
Xdo { \
X register char *__xx__; \
X register unsigned int __i__ = 0; \
X if ((__xx__=(x))) \
X for (;__i__<n; __i__++) \
X __xx__[__i__] = 0; \
X} while (0)
X
X/*
X * Don't just free it, forget it too.
X */
X
X#define _pam_drop(X) \
Xdo { \
X if (X) { \
X free(X); \
X X=NULL; \
X } \
X} while (0)
X
X#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
Xdo { \
X int reply_i; \
X \
X for (reply_i=0; reply_i<replies; ++reply_i) { \
X if (reply[reply_i].resp) { \
X _pam_overwrite(reply[reply_i].resp); \
X free(reply[reply_i].resp); \
X } \
X } \
X if (reply) \
X free(reply); \
X} while (0)
X
X/* some debugging code */
X
X#ifdef DEBUG
X
X/*
X * This provides the necessary function to do debugging in PAM.
X * Cristian Gafton <gafton at redhat.com>
X */
X
X#include <stdio.h>
X#include <sys/types.h>
X#include <stdarg.h>
X#include <errno.h>
X#include <sys/stat.h>
X#include <fcntl.h>
X#include <unistd.h>
X
X/*
X * This is for debugging purposes ONLY. DO NOT use on live systems !!!
X * You have been warned :-) - CG
X *
X * to get automated debugging to the log file, it must be created manually.
X * _PAM_LOGFILE must exist and be writable to the programs you debug.
X */
X
X#ifndef _PAM_LOGFILE
X#define _PAM_LOGFILE "/var/run/pam-debug.log"
X#endif
X
Xstatic void _pam_output_debug_info(const char *file, const char *fn
X , const int line)
X{
X FILE *logfile;
X int must_close = 1, fd;
X
X#ifdef O_NOFOLLOW
X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
X#else
X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
X#endif
X if (!(logfile = fdopen(fd,"a"))) {
X logfile = stderr;
X must_close = 0;
X close(fd);
X }
X } else {
X logfile = stderr;
X must_close = 0;
X }
X fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
X fflush(logfile);
X if (must_close)
X fclose(logfile);
X}
X
Xstatic void _pam_output_debug(const char *format, ...)
X{
X va_list args;
X FILE *logfile;
X int must_close = 1, fd;
X
X va_start(args, format);
X
X#ifdef O_NOFOLLOW
X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
X#else
X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
X#endif
X if (!(logfile = fdopen(fd,"a"))) {
X logfile = stderr;
X must_close = 0;
X close(fd);
X }
X } else {
X logfile = stderr;
X must_close = 0;
X }
X vfprintf(logfile, format, args);
X fprintf(logfile, "\n");
X fflush(logfile);
X if (must_close)
X fclose(logfile);
X
X va_end(args);
X}
X
X#define D(x) do { \
X _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
X _pam_output_debug x ; \
X} while (0)
X
X#define _pam_show_mem(X,XS) do { \
X int i; \
X register unsigned char *x; \
X x = (unsigned char *)X; \
X fprintf(stderr, " <start at %p>\n", X); \
X for (i = 0; i < XS ; ++x, ++i) { \
X fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \
X } \
X fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \
X} while (0)
X
X#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
Xdo { \
X int reply_i; \
X setbuf(stderr, NULL); \
X fprintf(stderr, "array at %p of size %d\n",reply,replies); \
X fflush(stderr); \
X if (reply) { \
X for (reply_i = 0; reply_i < replies; reply_i++) { \
X fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \
X reply_i, reply+reply_i, reply[reply_i].resp, \
X reply[reply_i].resp, _retcode); \
X fflush(stderr); \
X if (reply[reply_i].resp) { \
X fprintf(stderr, " resp[%d] = '%s'\n", \
X strlen(reply[reply_i].resp), reply[reply_i].resp); \
X fflush(stderr); \
X } \
X } \
X } \
X fprintf(stderr, "done here\n"); \
X fflush(stderr); \
X} while (0)
X
X#else
X
X#define D(x) do { } while (0)
X#define _pam_show_mem(X,XS) do { } while (0)
X#define _pam_show_reply(reply, replies) do { } while (0)
X
X#endif /* DEBUG */
X
X#endif /* PAM_MACROS_H */
2219b187c780ea2d3d08bf43fc8c16c4
echo x - sssd/files/patch-src__providers__ldap__ldap_common.c
sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_common.c << 'a6f58fad4c8611b6a964a84b4ae1335e'
X--- ./src/providers/ldap/ldap_common.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/ldap/ldap_common.c 2011-10-13 12:15:03.000000000 -0400
X@@ -749,7 +749,7 @@
X }
X
X realm = talloc_strdup(mem_ctx, krb5_realm);
X- krb5_free_default_realm(context, krb5_realm);
X+ free(krb5_realm);
X if (!realm) {
X DEBUG(0, ("Out of memory\n"));
X goto done;
a6f58fad4c8611b6a964a84b4ae1335e
echo x - sssd/files/patch-src__providers__ldap__sdap_access.c
sed 's/^X//' >sssd/files/patch-src__providers__ldap__sdap_access.c << '18fdbf49d936a7d37d6b4b034075953e'
X--- ./src/providers/ldap/sdap_access.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/ldap/sdap_access.c 2011-10-13 12:15:03.000000000 -0400
X@@ -22,9 +22,7 @@
X along with this program. If not, see <http://www.gnu.org/licenses/>.
X */
X
X-#define _XOPEN_SOURCE 500 /* for strptime() */
X #include <time.h>
X-#undef _XOPEN_SOURCE
X #include <sys/param.h>
X #include <security/pam_modules.h>
X #include <talloc.h>
X@@ -119,7 +117,7 @@
X pd);
X if (req == NULL) {
X DEBUG(1, ("Unable to start sdap_access request\n"));
X- sdap_access_reply(breq, PAM_SYSTEM_ERR);
X+ sdap_access_reply(breq, PAM_SERVICE_ERR);
X return;
X }
X
X@@ -157,7 +155,7 @@
X
X state->be_ctx = be_ctx;
X state->pd = pd;
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X state->ev = ev;
X state->access_ctx = access_ctx;
X state->current_rule = 0;
X@@ -502,18 +500,17 @@
X return true;
X }
X
X+ tzset();
X expire_time = mktime(&tm);
X if (expire_time == -1) {
X DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str));
X return true;
X }
X
X- tzset();
X- expire_time -= timezone;
X now = time(NULL);
X- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "
X- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],
X- tzname[1], timezone, daylight, now, expire_time));
X+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] "
X+ "now [%d] expire_time [%d].\n", tzname[0],
X+ tzname[1], now, expire_time));
X
X if (difftime(now, expire_time) > 0.0) {
X DEBUG(4, ("NDS account expired.\n"));
X@@ -663,7 +660,7 @@
X return NULL;
X }
X
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X
X expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
X SDAP_ACCOUNT_EXPIRE_POLICY);
X@@ -747,7 +744,7 @@
X talloc_zfree(subreq);
X if (ret != EOK) {
X DEBUG(1, ("Error retrieving access check result.\n"));
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X tevent_req_error(req, ret);
X return;
X }
X@@ -807,7 +804,7 @@
X state->filter = NULL;
X state->be_ctx = be_ctx;
X state->username = username;
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X state->sdap_ctx = access_ctx->id_ctx;
X state->ev = ev;
X state->access_ctx = access_ctx;
X@@ -953,7 +950,7 @@
X SDAP_SEARCH_TIMEOUT));
X if (subreq == NULL) {
X DEBUG(1, ("Could not start LDAP communication\n"));
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X tevent_req_error(req, EIO);
X return;
X }
X@@ -984,13 +981,13 @@
X if (ret == EOK) {
X return;
X }
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X } else if (dp_error == DP_ERR_OFFLINE) {
X sdap_access_filter_decide_offline(req);
X } else {
X DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
X ret, strerror(ret)));
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X }
X
X goto done;
X@@ -1009,7 +1006,7 @@
X else if (results == NULL) {
X DEBUG(1, ("num_results > 0, but results is NULL\n"));
X ret = EIO;
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X else if (num_results > 1) {
X@@ -1018,7 +1015,7 @@
X */
X DEBUG(1, ("Received multiple replies\n"));
X ret = EIO;
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X else { /* Ok, we got a single reply */
X@@ -1106,7 +1103,7 @@
X talloc_zfree(subreq);
X if (ret != EOK) {
X DEBUG(1, ("Error retrieving access check result.\n"));
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X tevent_req_error(req, ret);
X return;
X }
X@@ -1247,7 +1244,7 @@
X talloc_zfree(subreq);
X if (ret != EOK) {
X DEBUG(1, ("Error retrieving access check result.\n"));
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X tevent_req_error(req, ret);
X return;
X }
X@@ -1274,7 +1271,7 @@
X struct ldb_message_element *el;
X unsigned int i;
X char *host;
X- char hostname[HOST_NAME_MAX+1];
X+ char hostname[_POSIX_HOST_NAME_MAX+1];
X
X req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx);
X if (!req) {
X@@ -1370,7 +1367,7 @@
X talloc_zfree(subreq);
X if (ret != EOK) {
X DEBUG(1, ("Error retrieving access check result.\n"));
X- state->pam_status = PAM_SYSTEM_ERR;
X+ state->pam_status = PAM_SERVICE_ERR;
X tevent_req_error(req, ret);
X return;
X }
X@@ -1395,7 +1392,7 @@
X static void sdap_access_done(struct tevent_req *req)
X {
X errno_t ret;
X- int pam_status = PAM_SYSTEM_ERR;
X+ int pam_status = PAM_SERVICE_ERR;
X struct be_req *breq =
X tevent_req_callback_data(req, struct be_req);
X
X@@ -1403,7 +1400,7 @@
X talloc_zfree(req);
X if (ret != EOK) {
X DEBUG(1, ("Error retrieving access check result.\n"));
X- pam_status = PAM_SYSTEM_ERR;
X+ pam_status = PAM_SERVICE_ERR;
X }
X
X sdap_access_reply(breq, pam_status);
18fdbf49d936a7d37d6b4b034075953e
echo x - sssd/files/patch-src__util__sss_krb5.h
sed 's/^X//' >sssd/files/patch-src__util__sss_krb5.h << '86c603ccb5dfe88c791af39eaca57193'
X--- ./src/util/sss_krb5.h.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/sss_krb5.h 2011-10-13 12:15:09.000000000 -0400
X@@ -34,6 +34,8 @@
X
X #include "util/util.h"
X
X+#define KRB5_CALLCONV
X+
X const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context,
X krb5_error_code);
X
86c603ccb5dfe88c791af39eaca57193
echo x - sssd/files/patch-src__providers__ldap__ldap_auth.c
sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_auth.c << 'f5a2f09ae2f7a7f401ec20f6192fb50e'
X--- ./src/providers/ldap/ldap_auth.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/ldap/ldap_auth.c 2011-10-13 12:15:03.000000000 -0400
X@@ -37,7 +37,6 @@
X #include <sys/time.h>
X #include <strings.h>
X
X-#include <shadow.h>
X #include <security/pam_modules.h>
X
X #include "util/util.h"
X@@ -46,6 +45,7 @@
X #include "providers/ldap/ldap_common.h"
X #include "providers/ldap/sdap_async.h"
X
X+
X /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the
X * fact that using the expiration time of a Kerberos password with LDAP
X * authentication is presumably a rare case a separate config option is not
X@@ -59,6 +59,22 @@
X PWEXPIRE_SHADOW
X };
X
X+struct spwd
X+{
X+ char *sp_namp; /* Login name. */
X+ char *sp_pwdp; /* Encrypted password. */
X+ long int sp_lstchg; /* Date of last change. */
X+ long int sp_min; /* Minimum number of days between changes. */
X+ long int sp_max; /* Maximum number of days between changes. */
X+ long int sp_warn; /* Number of days to warn user to change
X+ the password. */
X+ long int sp_inact; /* Number of days the account may be
X+ inactive. */
X+ long int sp_expire; /* Number of days since 1970-01-01 until
X+ account expires. */
X+ unsigned long int sp_flag; /* Reserved. */
X+};
X+
X static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
X {
X int ret;
X@@ -111,17 +127,16 @@
X return EINVAL;
X }
X
X+ tzset();
X expire_time = mktime(&tm);
X if (expire_time == -1) {
X DEBUG(1, ("mktime failed to convert [%s].\n", expire_date));
X return EINVAL;
X }
X
X- tzset();
X- expire_time -= timezone;
X- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "
X- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],
X- tzname[1], timezone, daylight, now, expire_time));
X+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]"
X+ "now [%d] expire_time [%d].\n", tzname[0],
X+ tzname[1], now, expire_time));
X
X if (difftime(now, expire_time) > 0.0) {
X DEBUG(4, ("Kerberos password expired.\n"));
X@@ -742,7 +757,7 @@
X
X DEBUG(2, ("starting password change request for user [%s].\n", pd->user));
X
X- pd->pam_status = PAM_SYSTEM_ERR;
X+ pd->pam_status = PAM_SERVICE_ERR;
X
X if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
X DEBUG(2, ("chpass target was called by wrong pam command.\n"));
X@@ -799,7 +814,7 @@
X &pw_expire_type, &pw_expire_data);
X talloc_zfree(req);
X if (ret) {
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X
X@@ -819,7 +834,7 @@
X &result);
X if (ret != EOK) {
X DEBUG(1, ("check_pwexpire_shadow failed.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X break;
X@@ -828,14 +843,14 @@
X &result);
X if (ret != EOK) {
X DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X
X if (result == SDAP_AUTH_PW_EXPIRED) {
X DEBUG(1, ("LDAP provider cannot change kerberos "
X "passwords.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X break;
X@@ -844,7 +859,7 @@
X break;
X default:
X DEBUG(1, ("Unknow pasword expiration type.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X }
X@@ -884,7 +899,7 @@
X dp_err = DP_ERR_OFFLINE;
X break;
X default:
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X }
X
X done:
X@@ -905,7 +920,7 @@
X ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);
X talloc_zfree(req);
X if (ret) {
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X
X@@ -964,7 +979,7 @@
X goto done;
X }
X
X- pd->pam_status = PAM_SYSTEM_ERR;
X+ pd->pam_status = PAM_SERVICE_ERR;
X
X switch (pd->cmd) {
X case SSS_PAM_AUTHENTICATE:
X@@ -1021,7 +1036,7 @@
X &pw_expire_type, &pw_expire_data);
X talloc_zfree(req);
X if (ret != EOK) {
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X dp_err = DP_ERR_FATAL;
X goto done;
X }
X@@ -1033,7 +1048,7 @@
X state->pd, &result);
X if (ret != EOK) {
X DEBUG(1, ("check_pwexpire_shadow failed.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X break;
X@@ -1042,7 +1057,7 @@
X state->pd, &result);
X if (ret != EOK) {
X DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X break;
X@@ -1050,7 +1065,7 @@
X ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result);
X if (ret != EOK) {
X DEBUG(1, ("check_pwexpire_ldap failed.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X break;
X@@ -1058,7 +1073,7 @@
X break;
X default:
X DEBUG(1, ("Unknow pasword expiration type.\n"));
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X goto done;
X }
X }
X@@ -1080,7 +1095,7 @@
X state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
X break;
X default:
X- state->pd->pam_status = PAM_SYSTEM_ERR;
X+ state->pd->pam_status = PAM_SERVICE_ERR;
X dp_err = DP_ERR_FATAL;
X }
X
f5a2f09ae2f7a7f401ec20f6192fb50e
echo x - sssd/files/patch-src__util__sss_ldap.c
sed 's/^X//' >sssd/files/patch-src__util__sss_ldap.c << '34a400de78a3c507347702c52a0360d3'
X--- ./src/util/sss_ldap.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/sss_ldap.c 2011-10-13 12:15:03.000000000 -0400
X@@ -267,7 +267,7 @@
X strerror(ret)));
X }
X
X- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
X+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
X if (ret != 0) {
X ret = errno;
X DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
X@@ -340,7 +340,7 @@
X DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd));
X
X subreq = sdap_async_sys_connect_send(state, ev, state->sd,
X- (struct sockaddr *) addr, addr_len);
X+ (struct sockaddr *) addr, sizeof(struct sockaddr));
X if (subreq == NULL) {
X ret = ENOMEM;
X DEBUG(1, ("sdap_async_sys_connect_send failed.\n"));
34a400de78a3c507347702c52a0360d3
echo x - sssd/files/patch-src__util__sss_krb5.c
sed 's/^X//' >sssd/files/patch-src__util__sss_krb5.c << '99ac7f8b12ff403efe228bac004fbe31'
X--- ./src/util/sss_krb5.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/sss_krb5.c 2011-10-13 12:15:03.000000000 -0400
X@@ -165,8 +165,8 @@
X
X if (_realm) {
X *_realm = talloc_asprintf(mem_ctx, "%.*s",
X- krb5_princ_realm(ctx, client_princ)->length,
X- krb5_princ_realm(ctx, client_princ)->data);
X+ krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)),
X+ krb5_princ_realm(krb_ctx, client_princ));
X if (!*_realm) {
X DEBUG(1, ("talloc_asprintf failed"));
X if (_principal) talloc_zfree(*_principal);
X@@ -243,7 +243,7 @@
X }
X
X realm_name = talloc_strdup(tmp_ctx, default_realm);
X- krb5_free_default_realm(context, default_realm);
X+ free(default_realm);
X if (!realm_name) {
X ret = ENOMEM;
X goto done;
X@@ -322,7 +322,7 @@
X found = true;
X }
X free(kt_principal);
X- krberr = krb5_free_keytab_entry_contents(context, &entry);
X+ krberr = krb5_kt_free_entry(context, &entry);
X if (krberr) {
X /* This should never happen. The API docs for this function
X * specify only success for this function
X@@ -466,7 +466,7 @@
X break;
X }
X
X- kerr = krb5_free_keytab_entry_contents(ctx, &entry);
X+ kerr = krb5_kt_free_entry(ctx, &entry);
X if (kerr != 0) {
X DEBUG(1, ("Failed to free keytab entry.\n"));
X }
X@@ -504,7 +504,7 @@
X kerr = 0;
X
X done:
X- kerr_d = krb5_free_keytab_entry_contents(ctx, &entry);
X+ kerr_d = krb5_kt_free_entry(ctx, &entry);
X if (kerr_d != 0) {
X DEBUG(1, ("Failed to free keytab entry.\n"));
X }
X@@ -540,7 +540,7 @@
X void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s)
X {
X #ifdef HAVE_KRB5_GET_ERROR_MESSAGE
X- krb5_free_error_message(ctx, s);
X+ free(s);
X #else
X free(s);
X #endif
99ac7f8b12ff403efe228bac004fbe31
echo x - sssd/files/patch-src__providers__krb5__krb5_utils.c
sed 's/^X//' >sssd/files/patch-src__providers__krb5__krb5_utils.c << '4807d35142c99fff477b87915f6f26e5'
X--- ./src/providers/krb5/krb5_utils.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/krb5/krb5_utils.c 2011-10-13 12:15:03.000000000 -0400
X@@ -435,10 +435,10 @@
X }
X
X server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s",
X- krb5_princ_realm(ctx, client_princ)->length,
X- krb5_princ_realm(ctx, client_princ)->data,
X- krb5_princ_realm(ctx, client_princ)->length,
X- krb5_princ_realm(ctx, client_princ)->data);
X+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)),
X+ krb5_princ_realm(ctx, client_princ),
X+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)),
X+ krb5_princ_realm(ctx, client_princ));
X if (server_name == NULL) {
X kerr = KRB5_CC_NOMEM;
X DEBUG(1, ("talloc_asprintf failed.\n"));
4807d35142c99fff477b87915f6f26e5
echo x - sssd/files/bsdnss.c
sed 's/^X//' >sssd/files/bsdnss.c << 'b8f746e6d30f97195d79298ae913038f'
X#include <errno.h>
X#include <sys/param.h>
X#include <netinet/in.h>
X#include <pwd.h>
X#include <grp.h>
X#include <nss.h>
X#include <netdb.h>
X
Xextern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t,
X int *);
Xextern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *,
X char *, size_t, int *);
Xextern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *,
X size_t, int *);
Xextern enum nss_status _nss_sss_setgrent(void);
Xextern enum nss_status _nss_sss_endgrent(void);
X
Xextern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t,
X int *);
Xextern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *,
X char *, size_t, int *);
Xextern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *,
X size_t, int *);
Xextern enum nss_status _nss_sss_setpwent(void);
Xextern enum nss_status _nss_sss_endpwent(void);
X
Xextern enum nss_status _nss_sss_gethostbyname_r (const char *name, struct hostent * result,
X char *buffer, size_t buflen, int *errnop,
X int *h_errnop);
X
Xextern enum nss_status _nss_sss_gethostbyname2_r (const char *name, int af, struct hostent * result,
X char *buffer, size_t buflen, int *errnop,
X int *h_errnop);
Xextern enum nss_status _nss_sss_gethostbyaddr_r (struct in_addr * addr, int len, int type,
X struct hostent * result, char *buffer,
X size_t buflen, int *errnop, int *h_errnop);
X
Xextern enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups,
X int maxgrp, int *grpcnt);
X
X
XNSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership);
XNSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
XNSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
XNSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
XNSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
XNSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
X
XNSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
XNSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
XNSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
XNSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
XNSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
X
XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
X
Xstatic ns_mtab methods[] = {
X{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
X{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
X{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
X{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership },
X{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
X{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
X
X{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
X{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
X{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
X{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
X{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
X
X// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r },
X//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r },
X//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r },
X
X{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
X{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
X{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
X{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
X{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
X
X{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
X{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
X{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
X{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
X{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
X
X};
X
X
Xns_mtab *
Xnss_module_register(const char *source, unsigned int *mtabsize,
X nss_module_unregister_fn *unreg)
X{
X *mtabsize = sizeof(methods)/sizeof(methods[0]);
X *unreg = NULL;
X return (methods);
X}
X
Xint __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap)
X{
X int (*fn)(const char *, gid_t, gid_t *, int, int *);
X
X const char *uname;
X gid_t agroup;
X gid_t *groups;
X int maxgrp;
X int *grpcnt;
X int errnop;
X enum nss_status status;
X
X fn = mdata;
X uname = va_arg(ap, const char *);
X agroup = va_arg(ap, gid_t);
X groups = va_arg(ap, gid_t *);
X maxgrp = va_arg(ap, int);
X grpcnt = va_arg(ap, int *);
X status = fn(uname, agroup, groups, maxgrp, grpcnt);
X status = __nss_compat_result(status, errnop);
X return (status);
X}
X
Xint __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
X{
X enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
X const char *name;
X struct hostent *result;
X char buffer[1024];
X size_t buflen = 1024;
X int errnop;
X int h_errnop;
X int af;
X enum nss_status status;
X fn = mdata;
X name = va_arg(ap, const char*);
X af = va_arg(ap,int);
X result = va_arg(ap,struct hostent *);
X status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
X status = __nss_compat_result(status,errnop);
X h_errno = h_errnop;
X return (status);
X}
X
Xint __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
X{
X enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
X const char *name;
X struct hostent *result;
X char buffer[1024];
X size_t buflen = 1024;
X int errnop;
X int h_errnop;
X int af;
X enum nss_status status;
X fn = mdata;
X name = va_arg(ap, const char*);
X af = va_arg(ap,int);
X result = va_arg(ap,struct hostent *);
X status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
X status = __nss_compat_result(status,errnop);
X h_errno = h_errnop;
X return (status);
X}
X
Xint __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
X{
X struct in_addr *addr;
X int len;
X int type;
X struct hostent *result;
X char buffer[1024];
X size_t buflen = 1024;
X int errnop;
X int h_errnop;
X enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
X enum nss_status status;
X fn = mdata;
X addr = va_arg(ap, struct in_addr*);
X len = va_arg(ap,int);
X type = va_arg(ap,int);
X result = va_arg(ap, struct hostent*);
X status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop);
X status = __nss_compat_result(status,errnop);
X h_errno = h_errnop;
X return (status);
X}
b8f746e6d30f97195d79298ae913038f
echo x - sssd/files/patch-src__monitor__monitor.c
sed 's/^X//' >sssd/files/patch-src__monitor__monitor.c << '41b5227cd341819900afcae066448c00'
X--- ./src/monitor/monitor.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/monitor/monitor.c 2011-10-13 12:15:03.000000000 -0400
X@@ -57,6 +57,10 @@
X
X int cmdline_debug_level;
X
X+errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx,
X+ struct mt_ctx *ctx,
X+ const char *file,
X+ monitor_reconf_fn fn);
X struct svc_spy;
X
X struct mt_svc {
X@@ -1606,10 +1610,6 @@
X talloc_free(tmp_ctx);
X }
X
X-errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx,
X- struct mt_ctx *ctx,
X- const char *file,
X- monitor_reconf_fn fn);
X static void rewatch_config_file(struct tevent_context *ev,
X struct tevent_timer *te,
X struct timeval t, void *ptr)
41b5227cd341819900afcae066448c00
echo x - sssd/files/patch-src__providers__proxy__proxy_init.c
sed 's/^X//' >sssd/files/patch-src__providers__proxy__proxy_init.c << 'dfa04b45b6643bb0db5a6612e4e94b8b'
X--- ./src/providers/proxy/proxy_init.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/proxy/proxy_init.c 2011-10-13 12:15:03.000000000 -0400
X@@ -124,7 +124,7 @@
X if (!ctx->handle) {
X DEBUG(0, ("Unable to load %s module with path, error: %s\n",
X libpath, dlerror()));
X- ret = ELIBACC;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -132,7 +132,7 @@
X libname);
X if (!ctx->ops.getpwnam_r) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -140,14 +140,14 @@
X libname);
X if (!ctx->ops.getpwuid_r) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname);
X if (!ctx->ops.setpwent) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -155,14 +155,14 @@
X libname);
X if (!ctx->ops.getpwent_r) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname);
X if (!ctx->ops.endpwent) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -170,7 +170,7 @@
X libname);
X if (!ctx->ops.getgrnam_r) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -178,14 +178,14 @@
X libname);
X if (!ctx->ops.getgrgid_r) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname);
X if (!ctx->ops.setgrent) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -193,14 +193,14 @@
X libname);
X if (!ctx->ops.getgrent_r) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
X ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname);
X if (!ctx->ops.endgrent) {
X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X goto done;
X }
X
dfa04b45b6643bb0db5a6612e4e94b8b
echo x - sssd/files/patch-src__providers__ipa__ipa_common.c
sed 's/^X//' >sssd/files/patch-src__providers__ipa__ipa_common.c << 'd6b60ac738da83f273e06f220f8b9238'
X--- ./src/providers/ipa/ipa_common.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/ipa/ipa_common.c 2011-10-13 12:15:03.000000000 -0400
X@@ -191,7 +191,7 @@
X char *ipa_hostname;
X int ret;
X int i;
X- char hostname[HOST_NAME_MAX + 1];
X+ char hostname[_POSIX_HOST_NAME_MAX + 1];
X
X opts = talloc_zero(memctx, struct ipa_options);
X if (!opts) return ENOMEM;
X@@ -220,14 +220,14 @@
X
X ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
X if (ipa_hostname == NULL) {
X- ret = gethostname(hostname, HOST_NAME_MAX);
X+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
X if (ret != EOK) {
X DEBUG(1, ("gethostname failed [%d][%s].\n", errno,
X strerror(errno)));
X ret = errno;
X goto done;
X }
X- hostname[HOST_NAME_MAX] = '\0';
X+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
X DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname));
X ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
X if (ret != EOK) {
d6b60ac738da83f273e06f220f8b9238
echo x - sssd/files/patch-src__sss_client__pam_test_client.c
sed 's/^X//' >sssd/files/patch-src__sss_client__pam_test_client.c << '7e0d9b62e0bc72ed1c419f1deaa1b016'
X--- ./src/sss_client/pam_test_client.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/sss_client/pam_test_client.c 2011-10-13 12:15:03.000000000 -0400
X@@ -24,12 +24,13 @@
X
X #include <stdio.h>
X #include <unistd.h>
X+#include <string.h>
X
X #include <security/pam_appl.h>
X-#include <security/pam_misc.h>
X+#include <security/openpam.h>
X
X static struct pam_conv conv = {
X- misc_conv,
X+ openpam_ttyconv,
X NULL
X };
X
7e0d9b62e0bc72ed1c419f1deaa1b016
echo x - sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c
sed 's/^X//' >sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c << '922888bf8082a18eae5adf806c1ae794'
X--- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400
X@@ -265,7 +265,7 @@
X goto done;
X }
X
X- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
X+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
X buflen -= SALT_PREF_SIZE;
X
X if (rounds_custom) {
X@@ -283,7 +283,7 @@
X ret = ERANGE;
X goto done;
X }
X- cp = __stpncpy(cp, salt, salt_len);
X+ cp = stpncpy(cp, salt, salt_len);
X *cp++ = '$';
X buflen -= salt_len + 1;
X
922888bf8082a18eae5adf806c1ae794
echo x - sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c
sed 's/^X//' >sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c << 'cac362937b030b35ecc64052416b1861'
X--- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/crypto/nss/nss_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400
X@@ -10,7 +10,7 @@
X
X #include "config.h"
X
X-#include <endian.h>
X+#include <sys/endian.h>
X #include <errno.h>
X #include <limits.h>
X #include <stdbool.h>
X@@ -267,7 +267,7 @@
X goto done;
X }
X
X- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
X+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE);
X buflen -= SALT_PREF_SIZE;
X
X if (rounds_custom) {
X@@ -285,7 +285,7 @@
X ret = ERANGE;
X goto done;
X }
X- cp = __stpncpy(cp, salt, salt_len);
X+ cp = stpncpy(cp, salt, salt_len);
X *cp++ = '$';
X buflen -= salt_len + 1;
X
cac362937b030b35ecc64052416b1861
echo x - sssd/files/patch-src__responder__common__responder_common.c
sed 's/^X//' >sssd/files/patch-src__responder__common__responder_common.c << '0d105c8a0863688f255499f28f1d7b6e'
X--- ./src/responder/common/responder_common.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/responder/common/responder_common.c 2011-10-13 12:15:03.000000000 -0400
X@@ -195,7 +195,7 @@
X talloc_free(cctx);
X break;
X
X- case ENODATA:
X+ case ECONNRESET:
X DEBUG(5, ("Client disconnected!\n"));
X talloc_free(cctx);
X break;
0d105c8a0863688f255499f28f1d7b6e
echo x - sssd/files/patch-src__responder__common__responder_packet.c
sed 's/^X//' >sssd/files/patch-src__responder__common__responder_packet.c << '8ddfc2cf01329704e2f45c5c4ed07c11'
X--- ./src/responder/common/responder_packet.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/responder/common/responder_packet.c 2011-10-13 12:15:03.000000000 -0400
X@@ -192,7 +192,7 @@
X }
X
X if (rb == 0) {
X- return ENODATA;
X+ return ECONNRESET;
X }
X
X if (*packet->len > packet->memsize) {
8ddfc2cf01329704e2f45c5c4ed07c11
echo x - sssd/files/patch-src__responder__common__responder_dp.c
sed 's/^X//' >sssd/files/patch-src__responder__common__responder_dp.c << '7d0f7506137ded2f57bb49428706ab09'
X--- ./src/responder/common/responder_dp.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/responder/common/responder_dp.c 2011-10-13 12:15:03.000000000 -0400
X@@ -210,7 +210,7 @@
X &sdp_req->err_min,
X &sdp_req->err_msg);
X if (ret != EOK) {
X- if (ret == ETIME) {
X+ if (ret == ETIMEDOUT) {
X sdp_req->err_maj = DP_ERR_TIMEOUT;
X sdp_req->err_min = ret;
X sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out");
X@@ -569,7 +569,7 @@
X case DBUS_MESSAGE_TYPE_ERROR:
X if (strcmp(dbus_message_get_error_name(reply),
X DBUS_ERROR_NO_REPLY) == 0) {
X- err = ETIME;
X+ err = ETIMEDOUT;
X goto done;
X }
X DEBUG(0,("The Data Provider returned an error [%s]\n",
7d0f7506137ded2f57bb49428706ab09
echo x - sssd/files/sssd.in
sed 's/^X//' >sssd/files/sssd.in << '5130b6f91f034c10420611d80235b07e'
X#!/bin/sh
X#
X# $FreeBSD$
X#
X
X# PROVIDE: sssd
X# REQUIRE: NETWORKING LOGIN DAEMON devfs
X# BEFORE: securelevel
X# KEYWORD: shutdown
X
X# Add the following lines to /etc/rc.conf to enable `sssd':
X#
X# sssd_enable="YES"
X#
X# See sssd(8) for sssd_flags
X#
X
X. /etc/rc.subr
X
Xname="sssd"
Xrcvar=`set_rcvar`
X
Xcommand="%%PREFIX%%/sbin/$name"
Xsssd_flags="-D"
X# command_args="-D"
Xpidfile="/var/run/$name.pid"
Xrequired_files="%%PREFIX%%/etc/$name/$name.conf"
X
X# read configuration and set defaults
Xload_rc_config "$name"
X: ${sssd_enable="NO"}
X
Xrun_rc_command "$1"
5130b6f91f034c10420611d80235b07e
echo x - sssd/files/patch-src__providers__data_provider_be.c
sed 's/^X//' >sssd/files/patch-src__providers__data_provider_be.c << '038c4010726992e56c5332529b395a87'
X--- ./src/providers/data_provider_be.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/data_provider_be.c 2011-10-13 12:15:03.000000000 -0400
X@@ -512,7 +512,7 @@
X return EIO;
X }
X
X- pd->pam_status = PAM_SYSTEM_ERR;
X+ pd->pam_status = PAM_SERVICE_ERR;
X pd->domain = talloc_strdup(pd, becli->bectx->domain->name);
X if (pd->domain == NULL) {
X talloc_free(be_req);
X@@ -1013,7 +1013,7 @@
X if (!handle) {
X DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n",
X mod_name, path, dlerror()));
X- ret = ELIBACC;
X+ ret = ENOENT;
X goto done;
X }
X
X@@ -1033,7 +1033,7 @@
X } else {
X DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n",
X mod_init_fn_name, mod_name, dlerror()));
X- ret = ELIBBAD;
X+ ret = ENOENT;
X }
X goto done;
X }
038c4010726992e56c5332529b395a87
echo x - sssd/files/patch-src__providers__fail_over.c
sed 's/^X//' >sssd/files/patch-src__providers__fail_over.c << '3c274bbbebadfa04de90a471a8215b26'
X--- ./src/providers/fail_over.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/fail_over.c 2011-10-13 12:15:03.000000000 -0400
X@@ -1191,7 +1191,7 @@
X *******************************************************************/
X struct resolve_get_domain_state {
X char *fqdn;
X- char hostname[HOST_NAME_MAX];
X+ char hostname[_POSIX_HOST_NAME_MAX];
X };
X
X static void resolve_get_domain_done(struct tevent_req *subreq);
X@@ -1211,13 +1211,13 @@
X return NULL;
X }
X
X- ret = gethostname(state->hostname, HOST_NAME_MAX);
X+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX);
X if (ret) {
X ret = errno;
X DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret)));
X return NULL;
X }
X- state->hostname[HOST_NAME_MAX-1] = '\0';
X+ state->hostname[_POSIX_HOST_NAME_MAX-1] = '\0';
X DEBUG(7, ("Host name is: %s\n", state->hostname));
X
X subreq = resolv_gethostbyname_send(state, ev, resolv,
3c274bbbebadfa04de90a471a8215b26
echo x - sssd/files/patch-src__providers__krb5__krb5_child.c
sed 's/^X//' >sssd/files/patch-src__providers__krb5__krb5_child.c << '0a03d674e8a6cd1921179d2f9189ca25'
X--- ./src/providers/krb5/krb5_child.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/providers/krb5/krb5_child.c 2011-10-13 12:15:03.000000000 -0400
X@@ -39,6 +39,15 @@
X
X #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw"
X
X+typedef struct _krb5_ticket_times {
X+ krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime
X+ in ticket? otherwise client can't get this */
X+ krb5_timestamp starttime; /* optional in ticket, if not present,
X+ use authtime */
X+ krb5_timestamp endtime;
X+ krb5_timestamp renew_till;
X+} krb5_ticket_times;
X+
X struct krb5_child_ctx {
X /* opts taken from kinit */
X /* in seconds */
X@@ -100,10 +109,10 @@
X
X static krb5_context krb5_error_ctx;
X static const char *__krb5_error_msg;
X-#define KRB5_DEBUG(level, krb5_error) do { \
X- __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \
X+#define KRB5_DEBUG(level, krb5_error, ctx) do { \
X+ __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \
X DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \
X- sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \
X+ sss_krb5_free_error_message(ctx, __krb5_error_msg); \
X } while(0);
X
X static void sss_krb5_expire_callback_func(krb5_context context, void *data,
X@@ -267,13 +276,13 @@
X
X kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X goto done;
X }
X
X kerr = krb5_cc_initialize(ctx, tmp_cc, princ);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X goto done;
X }
X if (fd != -1) {
X@@ -284,7 +293,7 @@
X if (creds == NULL) {
X kerr = create_empty_cred(ctx, princ, &l_cred);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X goto done;
X }
X } else {
X@@ -293,13 +302,13 @@
X
X kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X goto done;
X }
X
X kerr = krb5_cc_close(ctx, tmp_cc);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X goto done;
X }
X tmp_cc = NULL;
X@@ -420,7 +429,7 @@
X talloc_zfree(msg);
X }
X } else {
X- krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr);
X+ krb5_msg = sss_krb5_get_error_message(kr->ctx, kerr);
X if (krb5_msg == NULL) {
X DEBUG(1, ("sss_krb5_get_error_message failed.\n"));
X return NULL;
X@@ -429,7 +438,7 @@
X ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO,
X strlen(krb5_msg) + 1,
X (const uint8_t *) krb5_msg);
X- sss_krb5_free_error_message(krb5_error_ctx, krb5_msg);
X+ sss_krb5_free_error_message(kr->ctx, krb5_msg);
X }
X if (ret != EOK) {
X DEBUG(1, ("pam_add_response failed.\n"));
X@@ -527,7 +536,7 @@
X break;
X }
X
X- kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry);
X+ kerr = krb5_kt_free_entry(kr->ctx, &entry);
X if (kerr != 0) {
X DEBUG(1, ("Failed to free keytab entry.\n"));
X }
X@@ -575,7 +584,7 @@
X if (krb5_kt_close(kr->ctx, keytab) != 0) {
X DEBUG(1, ("krb5_kt_close failed"));
X }
X- if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) {
X+ if (krb5_kt_free_entry(kr->ctx, &entry) != 0) {
X DEBUG(1, ("Failed to free keytab entry.\n"));
X }
X if (principal != NULL) {
X@@ -605,13 +614,13 @@
X kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL,
X &options);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X return kerr;
X }
X
X kerr = create_ccache_file(ctx, princ, ccname, &creds);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, ctx);
X goto done;
X }
X kerr = 0;
X@@ -633,21 +642,21 @@
X sss_krb5_expire_callback_func,
X kr);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X DEBUG(1, ("Failed to set expire callback, continue without.\n"));
X }
X kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
X password, sss_krb5_prompter, kr, 0,
X NULL, kr->options);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X return kerr;
X }
X
X if (kr->validate) {
X kerr = validate_tgt(kr);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X return kerr;
X }
X
X@@ -668,7 +677,7 @@
X
X kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto done;
X }
X
X@@ -692,7 +701,7 @@
X krb5_error_code kerr = 0;
X char *pass_str = NULL;
X char *newpass_str = NULL;
X- int pam_status = PAM_SYSTEM_ERR;
X+ int pam_status = PAM_SERVICE_ERR;
X int result_code = -1;
X krb5_data result_code_string;
X krb5_data result_string;
X@@ -734,7 +743,7 @@
X changepw_princ,
X kr->options);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X if (kerr == KRB5_KDC_UNREACH) {
X pam_status = PAM_AUTHINFO_UNAVAIL;
X }
X@@ -773,7 +782,7 @@
X
X if (kerr != 0 || result_code != 0) {
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X } else {
X kerr = KRB5KRB_ERR_GENERIC;
X }
X@@ -825,7 +834,7 @@
X memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size);
X
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X if (kerr == KRB5_KDC_UNREACH) {
X pam_status = PAM_AUTHINFO_UNAVAIL;
X }
X@@ -846,7 +855,7 @@
X krb5_error_code kerr = 0;
X char *pass_str = NULL;
X char *changepw_princ = NULL;
X- int pam_status = PAM_SYSTEM_ERR;
X+ int pam_status = PAM_SERVICE_ERR;
X
X if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) {
X pam_status = PAM_CRED_INSUFFICIENT;
X@@ -881,7 +890,7 @@
X kr->options,
X NULL, NULL);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X DEBUG(1, ("Failed to unset expire callback, continue ...\n"));
X }
X kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ,
X@@ -899,7 +908,7 @@
X memset(kr->pd->authtok, 0, kr->pd->authtok_size);
X
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X switch (kerr) {
X case KRB5_KDC_UNREACH:
X pam_status = PAM_AUTHINFO_UNAVAIL;
X@@ -911,7 +920,7 @@
X pam_status = PAM_CRED_ERR;
X break;
X default:
X- pam_status = PAM_SYSTEM_ERR;
X+ pam_status = PAM_SERVICE_ERR;
X }
X }
X
X@@ -981,13 +990,13 @@
X
X kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto done;
X }
X
X kerr = krb5_get_renewed_creds(kr->ctx, kr->creds, kr->princ, ccache, NULL);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X if (kerr == KRB5_KDC_UNREACH) {
X status = PAM_AUTHINFO_UNAVAIL;
X }
X@@ -997,7 +1006,7 @@
X if (kr->validate) {
X kerr = validate_tgt(kr);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto done;
X }
X
X@@ -1019,13 +1028,13 @@
X
X kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto done;
X }
X
X kerr = krb5_cc_store_cred(kr->ctx, ccache, kr->creds);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto done;
X }
X
X@@ -1059,8 +1068,8 @@
X
X ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL);
X if (ret != 0) {
X- KRB5_DEBUG(1, ret);
X- pam_status = PAM_SYSTEM_ERR;
X+ KRB5_DEBUG(1, ret, kr->ctx);
X+ pam_status = PAM_SERVICE_ERR;
X }
X
X ret = sendresponse(fd, ret, pam_status, kr);
X@@ -1375,19 +1384,20 @@
X
X kerr = krb5_init_context(&kr->ctx);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ /* FIXME: This sucks */
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X
X kerr = krb5_parse_name(kr->ctx, kr->upn, &kr->princ);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X
X kerr = krb5_unparse_name(kr->ctx, kr->princ, &kr->name);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X
X@@ -1400,18 +1410,18 @@
X
X kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options);
X if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X
X /* A prompter is used to catch messages about when a password will
X * expired. The library shall not use the prompter to ask for a new password
X * but shall return KRB5KDC_ERR_KEY_EXP. */
X- krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0);
X- if (kerr != 0) {
X- KRB5_DEBUG(1, kerr);
X- goto failed;
X- }
X+ // krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0);
X+ // if (kerr != 0) {
X+ // KRB5_DEBUG(1, kerr, kr->ctx);
X+ // goto failed;
X+ // }
X
X lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME);
X if (lifetime_str == NULL) {
X@@ -1422,7 +1432,7 @@
X if (kerr != 0) {
X DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n",
X lifetime_str));
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime);
X@@ -1437,7 +1447,7 @@
X if (kerr != 0) {
X DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n",
X lifetime_str));
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime);
X@@ -1486,7 +1496,7 @@
X kr, &kr->fast_ccname);
X if (kerr != 0) {
X DEBUG(1, ("check_fast_ccache failed.\n"));
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X
X@@ -1496,7 +1506,7 @@
X if (kerr != 0) {
X DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name "
X "failed.\n"));
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X
X@@ -1507,7 +1517,7 @@
X if (kerr != 0) {
X DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags "
X "failed.\n"));
X- KRB5_DEBUG(1, kerr);
X+ KRB5_DEBUG(1, kerr, kr->ctx);
X goto failed;
X }
X }
0a03d674e8a6cd1921179d2f9189ca25
echo x - sssd/files/patch-src__util__util.c
sed 's/^X//' >sssd/files/patch-src__util__util.c << 'b53cb9a74fb3e65d491ba02d3511338f'
X--- ./src/util/util.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/util.c 2011-10-13 12:15:03.000000000 -0400
X@@ -18,6 +18,7 @@
X along with this program. If not, see <http://www.gnu.org/licenses/>.
X */
X
X+#include <sys/socket.h>
X #include <ctype.h>
X #include <netdb.h>
X
b53cb9a74fb3e65d491ba02d3511338f
echo x - sssd/files/patch-Makefile.am
sed 's/^X//' >sssd/files/patch-Makefile.am << 'c4c02364a361b808cc36b464e9b84b38'
X--- ./Makefile.am.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./Makefile.am 2011-10-13 12:13:42.000000000 -0400
X@@ -33,7 +33,7 @@
X systemdunitdir = @systemdunitdir@
X logpath = @logpath@
X pubconfpath = @pubconfpath@
X-pkgconfigdir = $(libdir)/pkgconfig
X+pkgconfigdir = $(prefix)/libdata/pkgconfig
X
X AM_CFLAGS =
X if WANT_AUX_INFO
X@@ -753,21 +753,22 @@
X
X noinst_PROGRAMS = pam_test_client
X pam_test_client_SOURCES = src/sss_client/pam_test_client.c
X-pam_test_client_LDFLAGS = -lpam -lpam_misc
X+pam_test_client_LDFLAGS = -lpam
X
X ####################
X # Client Libraries #
X ####################
X
X-nsslib_LTLIBRARIES = libnss_sss.la
X-libnss_sss_la_SOURCES = \
X+nsslib_LTLIBRARIES = nss_sss.la
X+nss_sss_la_SOURCES = \
X src/sss_client/common.c \
X+ src/sss_client/bsdnss.c \
X src/sss_client/nss_passwd.c \
X src/sss_client/nss_group.c \
X src/sss_client/nss_netgroup.c \
X src/sss_client/sss_cli.h \
X src/sss_client/nss_compat.h
X-libnss_sss_la_LDFLAGS = \
X+nss_sss_la_LDFLAGS = \
X -module \
X -version-info 2:0:0 \
X -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
X@@ -780,6 +781,7 @@
X src/sss_client/sss_pam_macros.h
X
X pam_sss_la_LDFLAGS = \
X+ -lintl \
X -lpam \
X -module \
X -avoid-version \
X@@ -1122,10 +1124,10 @@
X mkdir -p $(DESTDIR)$(initdir)
X endif
X
X-install-data-hook:
X- rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
X- $(DESTDIR)/$(nsslibdir)/libnss_sss.so
X- mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
X+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook:
X+ rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \
X+ $(DESTDIR)/$(nsslibdir)/nss_sss.so
X+ mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2
X
X uninstall-hook:
X if [ -f $(abs_builddir)/src/config/.files ]; then \
c4c02364a361b808cc36b464e9b84b38
echo x - sssd/files/patch-src__sss_client__sss_nss.exports
sed 's/^X//' >sssd/files/patch-src__sss_client__sss_nss.exports << '219bdc780448578905b15c7ee5b0548c'
X--- ./src/sss_client/sss_nss.exports.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/sss_client/sss_nss.exports 2011-10-13 12:13:42.000000000 -0400
X@@ -3,6 +3,7 @@
X # public functions
X global:
X
X+ nss_module_register;
X _nss_sss_getpwnam_r;
X _nss_sss_getpwuid_r;
X _nss_sss_setpwent;
X@@ -14,8 +15,25 @@
X _nss_sss_setgrent;
X _nss_sss_getgrent_r;
X _nss_sss_endgrent;
X+ _nss_sss_getgroupmembership;
X _nss_sss_initgroups_dyn;
X
X+ __nss_compat_getgrnam_r;
X+ __nss_compat_getgrgid_r;
X+ __nss_compat_getgrent_r;
X+ __nss_compat_setgrent;
X+ __nss_compat_endgrent;
X+
X+ __nss_compat_getpwnam_r;
X+ __nss_compat_getpwuid_r;
X+ __nss_compat_getpwent_r;
X+ __nss_compat_setpwent;
X+ __nss_compat_endpwent;
X+
X+ __nss_compat_gethostbyname;
X+ __nss_compat_gethostbyname2;
X+ __nss_compat_gethostbyaddr;
X+
X #_nss_sss_getaliasbyname_r;
X #_nss_sss_setaliasent;
X #_nss_sss_getaliasent_r;
219bdc780448578905b15c7ee5b0548c
echo x - sssd/files/patch-src__resolv__async_resolv.c
sed 's/^X//' >sssd/files/patch-src__resolv__async_resolv.c << '771e49276b944e2b00696a91c5fb64af'
X--- ./src/resolv/async_resolv.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/resolv/async_resolv.c 2011-10-13 12:15:03.000000000 -0400
X@@ -1073,7 +1073,6 @@
X hints.ai_flags = AI_NUMERICHOST; /* No network lookups */
X
X ret = getaddrinfo(name, NULL, &hints, &res);
X- freeaddrinfo(res);
X if (ret != 0) {
X if (ret == -2) {
X DEBUG(9, ("[%s] does not look like an IP address\n", name));
X@@ -1081,6 +1080,8 @@
X DEBUG(2, ("getaddrinfo failed [%d]: %s\n",
X ret, gai_strerror(ret)));
X }
X+ } else {
X+ freeaddrinfo(res);
X }
X
X return ret == 0;
771e49276b944e2b00696a91c5fb64af
echo x - sssd/files/patch-src__util__server.c
sed 's/^X//' >sssd/files/patch-src__util__server.c << '08d9fcddaf8df4722efb89bb605dc5a2'
X--- ./src/util/server.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/server.c 2011-10-13 12:15:03.000000000 -0400
X@@ -296,14 +296,15 @@
X BlockSignals(false, SIGTERM);
X
X CatchSignal(SIGHUP, sig_hup);
X-
X #ifndef HAVE_PRCTL
X /* If prctl is not defined on the system, try to handle
X * some common termination signals gracefully */
X- CatchSignal(SIGSEGV, sig_segv_abrt);
X- CatchSignal(SIGABRT, sig_segv_abrt);
X+ /*
X+ CatchSignal(SIGSEGV, sig_segv_abrt);
X+ CatchSignal(SIGABRT, sig_segv_abrt);
X+ */
X #endif
X-
X+
X }
X
X /*
08d9fcddaf8df4722efb89bb605dc5a2
echo x - sssd/files/patch-src__sss_client__nss_group.c
sed 's/^X//' >sssd/files/patch-src__sss_client__nss_group.c << '4cc88cf9957a2327c73bdf9fc1b1e16e'
X--- ./src/sss_client/nss_group.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/sss_client/nss_group.c 2011-10-13 12:15:03.000000000 -0400
X@@ -248,6 +248,77 @@
X }
X
X
X+#define MIN(a, b)((a) < (b) ? (a) : (b))
X+
X+gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt)
X+{
X+ int ret, dupc;
X+
X+ for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) {
X+ if (groups[dupc] == gid)
X+ return 1;
X+ }
X+
X+ ret = 1;
X+ if (*grpcnt < maxgrp)
X+ groups[*grpcnt] = gid;
X+ else
X+ ret = 0;
X+
X+ (*grpcnt)++;
X+
X+ return ret;
X+}
X+
X+enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups,
X+ int maxgrp, int *grpcnt)
X+{
X+ struct sss_cli_req_data rd;
X+ uint8_t *repbuf;
X+ size_t replen;
X+ enum nss_status nret;
X+ uint32_t *rbuf;
X+ uint32_t num_ret;
X+ long int l, max_ret;
X+ int errnop;
X+
X+ rd.len = strlen(uname) +1;
X+ rd.data = uname;
X+
X+ sss_nss_lock();
X+
X+ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd,
X+ &repbuf, &replen, &errnop);
X+ if (nret != NSS_STATUS_SUCCESS) {
X+ goto out;
X+ }
X+
X+ /* no results if not found */
X+ num_ret = ((uint32_t *)repbuf)[0];
X+ if (num_ret == 0) {
X+ free(repbuf);
X+ nret = NSS_STATUS_NOTFOUND;
X+ goto out;
X+ }
X+ max_ret = num_ret;
X+
X+ gr_addgid(agroup, groups, maxgrp, grpcnt);
X+
X+ rbuf = &((uint32_t *)repbuf)[2];
X+ for (l = 0; l < max_ret; l++) {
X+ gr_addgid(rbuf[l], groups, maxgrp, grpcnt);
X+ }
X+
X+ free(repbuf);
X+ nret = NSS_STATUS_SUCCESS;
X+
X+out:
X+ sss_nss_unlock();
X+ return nret;
X+
X+
X+}
X+
X enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
X char *buffer, size_t buflen, int *errnop)
X {
4cc88cf9957a2327c73bdf9fc1b1e16e
echo x - sssd/files/patch-src__util__find_uid.c
sed 's/^X//' >sssd/files/patch-src__util__find_uid.c << 'b338fbd0e32583e63aa71c8abf1cb1d8'
X--- ./src/util/find_uid.c.orig 2011-08-29 11:39:05.000000000 -0400
X+++ ./src/util/find_uid.c 2011-10-13 12:15:03.000000000 -0400
X@@ -67,7 +67,7 @@
X uint32_t num=0;
X errno_t error;
X
X- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
X+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
X if (ret < 0) {
X DEBUG(1, ("snprintf failed"));
X return EINVAL;
X@@ -204,7 +204,7 @@
X hash_key_t key;
X hash_value_t value;
X
X- proc_dir = opendir("/proc");
X+ proc_dir = opendir("/compat/linux/proc");
X if (proc_dir == NULL) {
X ret = errno;
X DEBUG(1, ("Cannot open proc dir.\n"));
X@@ -278,9 +278,8 @@
X
X errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
X {
X-#ifdef __linux__
X int ret;
X-
X+#if 1
X ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,
X hash_talloc, hash_talloc_free, mem_ctx,
X NULL, NULL);
b338fbd0e32583e63aa71c8abf1cb1d8
echo x - sssd/Makefile
sed 's/^X//' >sssd/Makefile << '49dcaf74f8115d631e634a948ce91f7a'
X# New ports collection makefile for: sssd
X# Date created: Sep 6 2011
X# Whom: Andrew Elble <aweits at rit.edu>
X#
X# $FreeBSD$
X#
X
XPORTNAME= sssd
XDISTVERSION= 1.6.1
XCATEGORIES= net
XMASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/
X
XMAINTAINER= aweits at rit.edu
XCOMMENT= System Security Services Daemon
X
XLICENSE= GPLv3
X
XLIB_DEPENDS= popt.0:${PORTSDIR}/devel/popt \
X talloc.2:${PORTSDIR}/devel/talloc \
X tevent.0:${PORTSDIR}/devel/tevent \
X xslt.2:${PORTSDIR}/textproc/libxslt \
X tdb.1:${PORTSDIR}/databases/tdb \
X ldb:${PORTSDIR}/databases/ldb \
X cares.2:${PORTSDIR}/dns/c-ares \
X dbus:${PORTSDIR}/devel/dbus \
X dhash.1:${PORTSDIR}/devel/ding-libs \
X pcre.0:${PORTSDIR}/devel/pcre \
X unistring.1:${PORTSDIR}/devel/libunistring \
X nss3.1:${PORTSDIR}/security/nss \
X sasl2.2:${PORTSDIR}/security/cyrus-sasl2 \
X xml2:${PORTSDIR}/textproc/libxml2
XBUILD_DEPENDS= xmlcatalog:${PORTSDIR}/textproc/libxml2 \
X docbook-xsl>=0:${PORTSDIR}/textproc/docbook-xsl
XRUN_DEPENDS= xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr
X
XGNU_CONFIGURE= yes
XCONFIGURE_ARGS= --with-selinux=no --with-semanage=no \
X --with-ldb-lib-dir=${LOCALBASE}/lib/ldb \
X --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
X --with-libnl=no --with-init-dir=no \
X --docdir=${WRKDIR}/docs --with-pid-path=/var/run \
X --localstatedir=/var
XCFLAGS+= -L${LOCALBASE}/lib -fstack-protector-all
X#DEBUG_FLAGS= -g
X
XUSE_AUTOTOOLS= autoconf automake
XUSE_LDCONFIG= yes
XUSE_PYTHON= yes
XUSE_OPENLDAP= yes
XUSE_GMAKE= yes
XUSE_GNOME= pkgconfig
XUSE_GETTEXT= yes
XUSE_ICONV= yes
XUSE_PYTHON= yes
X
XUSE_RC_SUBR= ${PORTNAME}
XMAN5= sssd-ipa.5 sssd-krb5.5 sssd-ldap.5 sssd-simple.5 \
X sssd.conf.5
XMAN8= pam_sss.8 sss_cache.8 sss_groupadd.8 sss_groupdel.8 \
X sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \
X sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \
X sssd_krb5_locator_plugin.8
X
X.include <bsd.port.pre.mk>
X
X.if ${OSVERSION} < 800107
XIGNORE= is not supported prior to 8.0-RELEASE
X.endif
X
Xpost-patch:
X @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c
X @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' ${WRKSRC}/src/util/util.h
X @${REINPLACE_CMD} -e '/pam_misc/d' ${WRKSRC}/src/sss_client/pam_test_client.c
X @${REINPLACE_CMD} -e '/ETIME/d' ${WRKSRC}/src/sss_client/common.c
X @${REINPLACE_CMD} -e 's| -lpam_misc||g' ${WRKSRC}/Makefile.am ${WRKSRC}/Makefile.in
X @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4
X @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' ${WRKSRC}/src/sss_client/common.c
X @${REINPLACE_CMD} -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' ${WRKSRC}/src/sss_client/common.c
X @${REINPLACE_CMD} -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' ${WRKSRC}/src/sss_client/common.c
X @${REINPLACE_CMD} -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' ${WRKSRC}/src/sss_client/common.c
X @${REINPLACE_CMD} -e 's|security/pam_ext.h|security/pam_appl.h|g' ${WRKSRC}/src/sss_client/pam_sss.c
X @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' ${WRKSRC}/src/sss_client/sss_pam_macros.h
X @${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' ${WRKSRC}/src/sss_client/pam_sss.c
X @${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' ${WRKSRC}/src/sss_client/pam_sss.c
X @${REINPLACE_CMD} -e 's|pam_vsyslog(pamh,|vsyslog(|g' ${WRKSRC}/src/sss_client/pam_sss.c
X @${REINPLACE_CMD} -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' ${WRKSRC}/src/sss_client/pam_sss.c
X @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' ${WRKSRC}/Makefile.in
X @${REINPLACE_CMD} -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \
X ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am
X @${REINPLACE_CMD} -e 's|install-data-hook|notinstall-data-hook|g' ${WRKSRC}/Makefile.in \
X ${WRKSRC}/Makefile.am
X @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in \
X ${WRKSRC}/Makefile.am
X @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' ${WRKSRC}/src/man/*xml
X @${REINPLACE_CMD} -e 's|/etc/openldap/|${PREFIX}/etc/openldap/|g' ${WRKSRC}/src/man/*xml
X @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}
X @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
X
Xpost-install:
X ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd.conf ${ETCDIR}/sssd.conf.sample
X (cd ${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1)
X (cd ${PREFIX}/lib/security && ${LN} -s pam_sss.so pam_sss.so.5)
X ${RM} -f ${PREFIX}/lib/ldb/memberof.la
X
X.include <bsd.port.post.mk>
49dcaf74f8115d631e634a948ce91f7a
echo x - sssd/distinfo
sed 's/^X//' >sssd/distinfo << '6a79c0728ff19b2bb09dca7f4e3583cf'
XSHA256 (sssd-1.6.1.tar.gz) = ba30d8cf7eae1fd66053b4f11e8e5b98bc6db113cf6d2f33e429f2e21d90ade9
XSIZE (sssd-1.6.1.tar.gz) = 1406047
6a79c0728ff19b2bb09dca7f4e3583cf
echo x - sssd/pkg-descr
sed 's/^X//' >sssd/pkg-descr << 'c2a8f334338c4330dfb865c1ecd61d6d'
XThis project provides a set of daemons to manage access to remote
Xdirectories and authentication mechanisms, it provides an NSS and
XPAM interface toward the system and a pluggable backend system to
Xconnect to multiple different account sources. It is also the
Xbasis to provide client auditing and policy services for projects
Xlike FreeIPA.
X
XWWW: https://fedorahosted.org/sssd/
c2a8f334338c4330dfb865c1ecd61d6d
echo x - sssd/pkg-plist
sed 's/^X//' >sssd/pkg-plist << '2bed20777c6dcee8c04c2f036eddc08f'
Xshare/locale/zh_TW/LC_MESSAGES/sssd.mo
Xshare/locale/uk/LC_MESSAGES/sssd.mo
Xshare/locale/sv/LC_MESSAGES/sssd.mo
Xshare/locale/ru/LC_MESSAGES/sssd.mo
Xshare/locale/pt/LC_MESSAGES/sssd.mo
Xshare/locale/pl/LC_MESSAGES/sssd.mo
Xshare/locale/nl/LC_MESSAGES/sssd.mo
Xshare/locale/ja/LC_MESSAGES/sssd.mo
Xshare/locale/it/LC_MESSAGES/sssd.mo
Xshare/locale/id/LC_MESSAGES/sssd.mo
Xshare/locale/fr/LC_MESSAGES/sssd.mo
Xshare/locale/es/LC_MESSAGES/sssd.mo
Xshare/locale/de/LC_MESSAGES/sssd.mo
Xsbin/sssd
Xsbin/sss_usermod
Xsbin/sss_userdel
Xsbin/sss_useradd
Xsbin/sss_obfuscate
Xsbin/sss_groupshow
Xsbin/sss_groupmod
Xsbin/sss_groupdel
Xsbin/sss_groupadd
Xsbin/sss_cache
Xlibexec/sssd/sssd_pam
Xlibexec/sssd/sssd_nss
Xlibexec/sssd/sssd_be
Xlibexec/sssd/proxy_child
Xlibexec/sssd/ldap_child
Xlibexec/sssd/krb5_child
Xlibdata/pkgconfig/ipa_hbac.pc
Xlib/sssd/libsss_simple.so
Xlib/sssd/libsss_simple.la
Xlib/sssd/libsss_proxy.so
Xlib/sssd/libsss_proxy.la
Xlib/sssd/libsss_ldap.so
Xlib/sssd/libsss_ldap.la
Xlib/sssd/libsss_krb5.so
Xlib/sssd/libsss_krb5.la
Xlib/sssd/libsss_ipa.so
Xlib/sssd/libsss_ipa.la
Xlib/security/pam_sss.so.5
Xlib/security/pam_sss.so
Xlib/security/pam_sss.la
Xlib/nss_sss.so.2
Xlib/nss_sss.so.1
Xlib/nss_sss.so
Xlib/nss_sss.la
Xlib/libipa_hbac.so.0
Xlib/libipa_hbac.so
Xlib/libipa_hbac.la
Xlib/ldb/memberof.so
Xlib/%%PYTHON_VERSION%%/site-packages/sssd_upgrade_config.pyc
Xlib/%%PYTHON_VERSION%%/site-packages/sssd_upgrade_config.py
Xlib/%%PYTHON_VERSION%%/site-packages/pysss.so
Xlib/%%PYTHON_VERSION%%/site-packages/pysss.la
Xlib/%%PYTHON_VERSION%%/site-packages/pyhbac.so
Xlib/%%PYTHON_VERSION%%/site-packages/pyhbac.la
Xlib/%%PYTHON_VERSION%%/site-packages/ipachangeconf.pyc
Xlib/%%PYTHON_VERSION%%/site-packages/ipachangeconf.py
Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig.pyc
Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig.py
Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig-1-py2.7.egg-info
Xinclude/ipa_hbac.h
Xetc/sssd/sssd.api.d/sssd-simple.conf
Xetc/sssd/sssd.api.d/sssd-proxy.conf
Xetc/sssd/sssd.api.d/sssd-local.conf
Xetc/sssd/sssd.api.d/sssd-ldap.conf
Xetc/sssd/sssd.api.d/sssd-krb5.conf
Xetc/sssd/sssd.api.d/sssd-ipa.conf
Xetc/sssd/sssd.api.conf
Xetc/sssd/sssd.conf.sample
X at dirrmtry lib/security
X at dirrmtry lib/pkgconfig
X at dirrmtry lib/ldb
X at dirrmtry etc/sssd/sssd.api.d
X at dirrmtry etc/sssd
X at dirrm share/sssd/introspect
X at dirrm share/sssd
X at dirrm libexec/sssd
X at dirrm lib/sssd
X at unexec if cmp -s %D/etc/sssd/sssd.conf.sample %D/etc/sssd/sssd.conf; then rm -f %D/etc/sssd/sssd.conf; fi
X at exec if [ ! -f %D/etc/sssd/sssd.conf ]; then cp -p %D/%F %B/sssd.conf; fi
2bed20777c6dcee8c04c2f036eddc08f
echo x - sssd/pkg-message
sed 's/^X//' >sssd/pkg-message << '5905bf108f9f20379c1da2383d81f45d'
X================================================================================
XCopy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf
Xand edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details)
X
XAdd the following lines to /etc/rc.conf to enable `sssd':
Xsssd_enable="YES"
X
Xand execute
X
X"service start sssd"
X
Xthe module is usable by PAM (man pam.conf):
X
Xlogin auth sufficient %%PREFIX%%/lib/security/pam_sss.so
X
Xas well as NSS (man nsswitch.conf):
X
Xgroup: sss files
Xpasswd: sss files
X
X================================================================================
5905bf108f9f20379c1da2383d81f45d
exit
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list