svn commit: r353157 - in head/security/sssd: . files

Mark Felder feld at FreeBSD.org
Wed May 7 14:18:55 UTC 2014 

Author: feld
Date: Wed May  7 14:18:54 2014
New Revision: 353157
URL: http://svnweb.freebsd.org/changeset/ports/353157
QAT: https://qat.redports.org/buildarchive/r353157/

Log:
  - rc script now passes rclint
  - rc script creates dirs in /var before launching daemon
  - add patch from upstream to match behavior of sssd on Linux
  
  https://fedorahosted.org/sssd/ticket/2232
  
  PR:		ports/186545
  Sponsored by:	SupraNet Communications, Inc

Added:
  head/security/sssd/files/patch-src__man__pam_sss.8.xml   (contents, props changed)
Modified:
  head/security/sssd/Makefile
  head/security/sssd/files/patch-src__sss_client__pam_sss.c
  head/security/sssd/files/sssd.in

Modified: head/security/sssd/Makefile
==============================================================================
--- head/security/sssd/Makefile	Wed May  7 14:11:35 2014	(r353156)
+++ head/security/sssd/Makefile	Wed May  7 14:18:54 2014	(r353157)
@@ -3,7 +3,7 @@
 
 PORTNAME=	sssd
 DISTVERSION=	1.9.6
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=   https://fedorahosted.org/released/${PORTNAME}/ \
 		http://mirrors.rit.edu/zi/
@@ -108,4 +108,10 @@ post-install:
 	(cd ${STAGEDIR}${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5)
 	@${RM} -f ${STAGEDIR}${PREFIX}/lib/ldb/memberof.la
 
+	# clean these up from the install; we create them in rc script start_precmd
+.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss
+	@${RMDIR} ${STAGEDIR}/var/${VARDIRS}
+.endfor
+
+
 .include <bsd.port.post.mk>

Added: head/security/sssd/files/patch-src__man__pam_sss.8.xml
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/sssd/files/patch-src__man__pam_sss.8.xml	Wed May  7 14:18:54 2014	(r353157)
@@ -0,0 +1,43 @@
+From 1a7794d0e3c9fa47f7b0256518186ce214e93504 Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lslebodn at redhat.com>
+Date: Sat, 22 Mar 2014 15:09:34 +0100
+Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml
+
+---
+ src/man/pam_sss.8.xml | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
+index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296bec2d8e739 100644
+--- src/man/pam_sss.8.xml
++++ src/man/pam_sss.8.xml
+@@ -37,6 +37,9 @@
+             <arg choice='opt'>
+                 <replaceable>retry=N</replaceable>
+             </arg>
++            <arg choice='opt'>
++                <replaceable>ignore_unknown_user</replaceable>
++            </arg>
+         </cmdsynopsis>
+     </refsynopsisdiv>
+ 
+@@ -103,6 +106,16 @@
+                     <option>PasswordAuthentication</option>.</para>
+                 </listitem>
+             </varlistentry>
++            <varlistentry>
++                <term>
++                    <option>ignore_unknown_user</option>
++                </term>
++                <listitem>
++                    <para>If this option is specified and the user does not
++                    exist, the PAM module will return PAM_IGNORE. This causes
++                    the PAM framework to ignore this module.</para>
++                </listitem>
++            </varlistentry>
+         </variablelist>
+     </refsect1>
+ 
+-- 
+1.8.5.3
+

Modified: head/security/sssd/files/patch-src__sss_client__pam_sss.c
==============================================================================
--- head/security/sssd/files/patch-src__sss_client__pam_sss.c	Wed May  7 14:11:35 2014	(r353156)
+++ head/security/sssd/files/patch-src__sss_client__pam_sss.c	Wed May  7 14:18:54 2014	(r353157)
@@ -1,17 +1,25 @@
-From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001
+From 68fcd5f830b6451de5fd9d697fa6602dc3ca9972 Mon Sep 17 00:00:00 2001
 From: Lukas Slebodnik <lukas.slebodnik at intrak.sk>
 Date: Sat, 27 Jul 2013 15:02:31 +0200
-Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c
+Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c
 
 ---
- src/sss_client/pam_sss.c | 2 ++
- 1 file changed, 2 insertions(+)
+ src/sss_client/pam_sss.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
 
 diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
-index 3734c8f..7110d38 100644
+index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe4101d2268f3 100644
 --- src/sss_client/pam_sss.c
 +++ src/sss_client/pam_sss.c
-@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
+@@ -52,6 +52,7 @@
+ #define FLAGS_USE_FIRST_PASS (1 << 0)
+ #define FLAGS_FORWARD_PASS   (1 << 1)
+ #define FLAGS_USE_AUTHTOK    (1 << 2)
++#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
+ 
+ #define PWEXP_FLAG "pam_sss:password_expired_flag"
+ #define FD_DESTRUCTOR "pam_sss:fd_destructor"
+@@ -125,10 +126,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
  
  static void close_fd(pam_handle_t *pamh, void *ptr, int err)
  {
@@ -24,6 +32,37 @@ index 3734c8f..7110d38 100644
  
      D(("Closing the fd"));
      sss_pam_close_fd();
+@@ -1292,6 +1295,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
+             }
+         } else if (strcmp(*argv, "quiet") == 0) {
+             *quiet_mode = true;
++        } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
++            *flags |= FLAGS_IGNORE_UNKNOWN_USER;
+         } else {
+             logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
+         }
+@@ -1429,6 +1434,9 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+     ret = get_pam_items(pamh, &pi);
+     if (ret != PAM_SUCCESS) {
+         D(("get items returned error: %s", pam_strerror(pamh,ret)));
++        if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
++            ret = PAM_IGNORE;
++        }
+         return ret;
+     }
+ 
+@@ -1467,6 +1475,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ 
+         pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
+ 
++        if (flags & FLAGS_IGNORE_UNKNOWN_USER
++                && pam_status == PAM_USER_UNKNOWN) {
++            pam_status = PAM_IGNORE;
++        }
++
+         switch (task) {
+             case SSS_PAM_AUTHENTICATE:
+                 /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
 -- 
-1.8.0
+1.8.5.3
 

Modified: head/security/sssd/files/sssd.in
==============================================================================
--- head/security/sssd/files/sssd.in	Wed May  7 14:11:35 2014	(r353156)
+++ head/security/sssd/files/sssd.in	Wed May  7 14:18:54 2014	(r353157)
@@ -17,16 +17,26 @@
 
 . /etc/rc.subr
 
-name="sssd"
+name=sssd
 rcvar=sssd_enable
 
+# read configuration and set defaults
+load_rc_config "$name"
+
+: ${sssd_enable:=NO}
+: ${sssd_conf="%%PREFIX%%/etc/sssd/ssd.conf"}
+: ${sssd_flags="-f -D"}
+
 command="%%PREFIX%%/sbin/$name"
-sssd_flags="-f -D"
 pidfile="/var/run/$name.pid"
-required_files="%%PREFIX%%/etc/$name/$name.conf"
+required_files="${sssd_conf}"
+start_precmd=sssd_prestart
 
-# read configuration and set defaults
-load_rc_config "$name"
-: ${sssd_enable="NO"}
+sssd_prestart()
+{
+	for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do
+		if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi
+	done
+}
 
 run_rc_command "$1"

More information about the svn-ports-all mailing list