Attachment #147992 for bug #194155




# $FreeBSD: head/security/sssd/Makefile 367172 2014-09-03 07:34:37Z vanilla $

PORTNAME=	sssd
DISTVERSION=	1.11.7
PORTREVISION=	0
CATEGORIES=	security
MASTER_SITES=   https://fedorahosted.org/released/${PORTNAME}/ \
		http://mirrors.rit.edu/zi/

		xsltproc:${PORTSDIR}/textproc/libxslt \
		xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr \
		krb5>=1.10:${PORTSDIR}/security/krb5 \
		nsupdate:${PORTSDIR}/dns/bind99 

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--with-selinux=no --with-semanage=no \
		--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
		--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
		--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \
		--docdir=${DOCSDIR} --with-pid-path=/var/run \
		--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \
		--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \
		--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \
		--with-unicode-lib=libunistring --with-autofs=no --disable-cifs-idmap-plugin \
		--without-nfsv4-idmapd-plugin --disable-config-lib --with-sudo --with-initscript=sysv
CONFIGURE_ENV=	XMLLINT="/bin/echo"
CFLAGS+=	-fstack-protector-all
PLIST_SUB=	PYTHON_VER=${PYTHON_VER}

USE_PYTHON=	yes
USE_OPENLDAP=	yes
USES=		gettext gmake iconv libtool pathfix pkgconfig shebangfix
LIBS+=          -L${LOCALBASE}/lib -liconv -lintl
PATHFIX_MAKEFILEIN=	Makefile.am
SHEBANG_FILES=	src/tools/sss_obfuscate

USE_RC_SUBR=	${PORTNAME}
PORTDATA=	*

OPTIONS_DEFINE= 	DOCS SMB
OPTIONS_DEFAULT= 	DOCS
OPTIONS_SUB=		yes

SMB_DESC=          	Install with Samba support
SMB_LIB_DEPENDS=        libsmbclient.so:${PORTSDIR}/net/samba-libsmbclient
SMB_BUILD_DEPENDS=      samba41>=4.1.0:${PORTSDIR}/net/samba41
SMB_CONFIGURE_WITH=	samba


.include <bsd.port.options.mk>


Lines 1-2 Link Here

(-)sssd/distinfo (-2 / +2 lines)
1	SHA256 (sssd-1.9.6.tar.gz) = ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601	1	SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5
2	SIZE (sssd-1.9.6.tar.gz) = 3180066	2	SIZE (sssd-1.11.7.tar.gz) = 3661227




--- Makefile.am.orig	2014-10-05 09:16:03.000000000 +0000
+++ Makefile.am	2014-10-05 10:36:18.000000000 +0000
@@ -378,6 +378,7 @@
Subject: [PATCH 01/25] patch-Makefile.am

---
 Makefile.am | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git Makefile.am Makefile.am
index 04df7cb..e2558f7 100644
--- Makefile.am
+++ Makefile.am
@@ -318,6 +318,7 @@ SSSD_LIBS = \
     $(DHASH_LIBS) \
     $(SSS_CRYPT_LIBS) \
     $(OPENLDAP_LIBS) \

     $(TDB_LIBS)
 
 PYTHON_BINDINGS_LIBS = \
@@ -431,6 +432,7 @@
     src/util/sss_selinux.h \
     src/util/sss_utf8.h \
     src/util/sss_ssh.h \
+    src/util/sss_bsd_errno.h \
     src/util/sss_ini.h \
     src/util/sss_format.h \
     src/util/refcount.h \
@@ -1685,7 +1687,7 @@
     src/util/user_info_msg.h \
@@ -1170,7 +1172,7 @@ noinst_PROGRAMS += autofs_test_client
 endif
 
 pam_test_client_SOURCES = src/sss_client/pam_test_client.c
-pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS)
+pam_test_client_LDADD = $(PAM_LIBS)
 
 if BUILD_AUTOFS
 autofs_test_client_SOURCES = \
@@ -1700,9 +1702,10 @@
 # Client Libraries #
 ####################
 

     src/sss_client/nss_passwd.c \
     src/sss_client/nss_group.c \
     src/sss_client/nss_netgroup.c \
@@ -1717,7 +1720,7 @@
     src/sss_client/nss_mc_passwd.c \
     src/sss_client/nss_mc_group.c \
     src/sss_client/nss_mc.h
 libnss_sss_la_LIBADD = \
     $(CLIENT_LIBS)
-libnss_sss_la_LDFLAGS = \
+nss_sss_la_LDFLAGS = \
     $(CLIENT_LIBS) \
     -module \
     -version-info 2:0:0 \
     -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
@@ -1879,6 +1882,7 @@
 libsss_ldap_la_LIBADD = \
     $(OPENLDAP_LIBS) \
     $(DHASH_LIBS) \
+    $(LTLIBINTL) \
     $(KRB5_LIBS) \
     libsss_ldap_common.la \
     libsss_idmap.la
-- 
1.8.0





--- src/confdb/confdb.c.orig	2014-10-05 09:17:01.000000000 +0000
+++ src/confdb/confdb.c	2014-10-05 10:33:50.000000000 +0000
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 02/25] patch-src__confdb__confdb.c

---
 src/confdb/confdb.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git src/confdb/confdb.c src/confdb/confdb.c
index 72c74fe..78b69b8 100644
--- src/confdb/confdb.c
+++ src/confdb/confdb.c
@@ -28,6 +28,11 @@
 #include "util/strtonum.h"
 #include "db/sysdb.h"
 
+char *strchrnul(const char *s, int ch) {
+    char *ret = strchr(s, ch);
+    return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret;
+}
+
 #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
     if (!var) { \
         ret = err; \
-- 
1.8.0





--- src/external/inotify.m4.orig	2014-10-05 09:17:30.000000000 +0000
+++ src/external/inotify.m4	2014-10-05 10:47:50.000000000 +0000
@@ -20,10 +20,10 @@
Subject: [PATCH] patch-src__external__inotify.m4

---
 src/external/inotify.m4 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git src/external/inotify.m4 src/external/inotify.m4
index 9572f6d2fefedf8a1d6a2468c712a83e7db2969f..2a5a8cf00d80e0979dca50fd102c3dc2872b2970 100644
--- src/external/inotify.m4
+++ src/external/inotify.m4
@@ -20,10 +20,10 @@ int main () {
     AS_IF([test x"$inotify_works" != xyes],
           [AC_CHECK_LIB([inotify],
                         [inotify_init],

     )
 
     AS_IF([test x"$inotify_works" = xyes],
-- 
1.8.3.1





--- src/external/krb5.m4.orig	2014-10-05 09:17:49.000000000 +0000
+++ src/external/krb5.m4	2014-10-05 10:48:54.000000000 +0000
@@ -9,7 +9,7 @@
Subject: [PATCH 1/4] patch-src__external__krb5.m4

---
 src/external/krb5.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git src/external/krb5.m4 src/external/krb5.m4
index 71239c9..63c8ece 100644
--- src/external/krb5.m4
+++ src/external/krb5.m4
@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
     KRB5_PASSED_CFLAGS=$KRB5_CFLAGS
 fi
 

 AC_MSG_CHECKING(for working krb5-config)
 if test -x "$KRB5_CONFIG"; then
   KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
-- 
1.8.0


Line 0 Link Here

(-)sssd/files/patch-src__external__pac_responder (+11 lines)
	1	--- src/external/pac_responder.m4.orig 2014-10-05 09:18:11.000000000 +0000
	2	+++ src/external/pac_responder.m4 2014-10-05 10:49:36.000000000 +0000
	3	@@ -14,7 +14,7 @@
	4	PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
	5	AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
	6
	7	- AC_PATH_PROG(KRB5_CONFIG, krb5-config)
	8	+ AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
	9	AC_MSG_CHECKING(for supported MIT krb5 version)
	10	KRB5_VERSION="`$KRB5_CONFIG --version`"
	11	case $KRB5_VERSION in




From b52128bc333fd4717a96950ef8fb4171f25fabcf Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 30 Oct 2013 08:54:41 +0100
Subject: [PATCH 2/4] patch-src__external__pac_responder.m4

---
 src/external/pac_responder.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
index 49d5cbb..2b4ca5c 100644
--- src/external/pac_responder.m4
+++ src/external/pac_responder.m4
@@ -14,7 +14,7 @@ then
     PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
         AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
 
-    AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+    AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
     AC_MSG_CHECKING(for supported MIT krb5 version)
     KRB5_VERSION="`$KRB5_CONFIG --version`"
     case $KRB5_VERSION in
-- 
1.8.0





From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Tue, 3 Jun 2014 22:10:50 +0200
Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml

---
 src/man/pam_sss.8.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644
--- src/man/pam_sss.8.xml
+++ src/man/pam_sss.8.xml
@@ -37,6 +37,12 @@
             <arg choice='opt'>
                 <replaceable>retry=N</replaceable>
             </arg>
+            <arg choice='opt'>
+                <replaceable>ignore_unknown_user</replaceable>
+            </arg>
+            <arg choice='opt'>
+                <replaceable>ignore_authinfo_unavail</replaceable>
+            </arg>
         </cmdsynopsis>
     </refsynopsisdiv>
 
@@ -103,6 +109,27 @@
                     <option>PasswordAuthentication</option>.</para>
                 </listitem>
             </varlistentry>
+            <varlistentry>
+                <term>
+                    <option>ignore_unknown_user</option>
+                </term>
+                <listitem>
+                    <para>If this option is specified and the user does not
+                    exist, the PAM module will return PAM_IGNORE. This causes
+                    the PAM framework to ignore this module.</para>
+                </listitem>
+            </varlistentry>
+            <varlistentry>
+                <term>
+                    <option>ignore_authinfo_unavail</option>
+                </term>
+                <listitem>
+                    <para>
+                    Specifies  that  the  PAM module should return PAM_IGNORE
+                    if it cannot contact the SSSD daemon. This causes
+                    the PAM framework to ignore this module.</para>
+                </listitem>
+            </varlistentry>
         </variablelist>
     </refsect1>
 
-- 
1.9.3





--- src/providers/ad/ad_access.c.orig	2014-10-05 09:18:50.000000000 +0000
+++ src/providers/ad/ad_access.c	2014-10-05 10:50:22.000000000 +0000
Date: Sat, 27 Jul 2013 15:04:27 +0200
Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c

---
 src/providers/ad/ad_access.c | 1 +
 1 file changed, 1 insertion(+)

diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c
index 314cdcf..ca0fb8b 100644
--- src/providers/ad/ad_access.c
+++ src/providers/ad/ad_access.c
@@ -21,6 +21,7 @@
 */
 

 #include "src/util/util.h"
 #include "src/providers/data_provider.h"
 #include "src/providers/dp_backend.h"
-- 
1.8.0





--- src/providers/ad/ad_common.c.orig	2014-10-05 09:19:09.000000000 +0000
+++ src/providers/ad/ad_common.c	2014-10-05 10:51:16.000000000 +0000
@@ -262,7 +262,7 @@
Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c

---
 src/providers/ad/ad_common.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
index 8600dab..d628385 100644
--- src/providers/ad/ad_common.c
+++ src/providers/ad/ad_common.c
@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
     char *server;
     char *realm;
     char *ad_hostname;

 
     opts = talloc_zero(mem_ctx, struct ad_options);
     if (!opts) return ENOMEM;
@@ -299,7 +299,7 @@
      */
     ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
     if (ad_hostname == NULL) {

         if (gret != 0) {
             ret = errno;
             DEBUG(SSSDBG_FATAL_FAILURE,
@@ -307,7 +307,7 @@
                    strerror(ret));
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
         DEBUG(SSSDBG_CONF_SETTINGS,
               "Setting ad_hostname to [%s].\n", hostname);
         ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
-- 
1.8.0





--- src/providers/data_provider_fo.c.orig	2014-10-05 09:22:57.000000000 +0000
+++ src/providers/data_provider_fo.c	2014-10-05 11:00:24.000000000 +0000
@@ -258,18 +258,18 @@
                                         const char *hostname)
 {
     struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
-    char resolved_hostname[HOST_NAME_MAX + 1];
+    char resolved_hostname[_POSIX_HOST_NAME_MAX + 1];
     errno_t ret;
 
     if (hostname == NULL) {
-        ret = gethostname(resolved_hostname, HOST_NAME_MAX);
+        ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX);
         if (ret != EOK) {
             ret = errno;
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "gethostname() failed: [%d]: %s\n", ret, strerror(ret));
             return ret;
         }
-        resolved_hostname[HOST_NAME_MAX] = '\0';
+        resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0';
         hostname = resolved_hostname;
     }
 




--- src/providers/fail_over.c.orig	2014-10-05 10:05:45.000000000 +0000
+++ src/providers/fail_over.c	2014-10-05 10:06:10.000000000 +0000
@@ -1391,7 +1391,7 @@
Subject: [PATCH 07/25] patch-src__providers__fail_over.c

---
 src/providers/fail_over.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/fail_over.c src/providers/fail_over.c
index 59cbacd..197c0ef 100644
--- src/providers/fail_over.c
+++ src/providers/fail_over.c
@@ -1331,7 +1331,7 @@ resolve_srv_recv(struct tevent_req *req, struct fo_server **server)
  *******************************************************************/
 struct resolve_get_domain_state {
     char *fqdn;
-    char hostname[HOST_NAME_MAX];
+    char hostname[_POSIX_HOST_NAME_MAX];
 };
 
 static void
@@ -1351,13 +1351,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx,
         return NULL;
     }
 
-    ret = gethostname(state->hostname, HOST_NAME_MAX);
+    ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX);
     if (ret) {
         ret = errno;
         DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret)));
         return NULL;
     }
-    state->hostname[HOST_NAME_MAX-1] = '\0';
+    state->hostname[_POSIX_HOST_NAME_MAX] = '\0';
     DEBUG(7, ("Host name is: %s\n", state->hostname));
 
     subreq = resolv_gethostbyname_send(state, ev, resolv,
-- 
1.8.0





--- src/providers/ipa/ipa_common.c.orig	2014-10-05 09:19:35.000000000 +0000
+++ src/providers/ipa/ipa_common.c	2014-10-05 10:52:02.000000000 +0000
@@ -49,7 +49,7 @@
Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c

---
 src/providers/ipa/ipa_common.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
index eb384a1..d7d8052 100644
--- src/providers/ipa/ipa_common.c
+++ src/providers/ipa/ipa_common.c
@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
     char *realm;
     char *ipa_hostname;
     int ret;

 
     opts = talloc_zero(memctx, struct ipa_options);
     if (!opts) return ENOMEM;
@@ -79,14 +79,14 @@
 
     ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
     if (ipa_hostname == NULL) {
-        ret = gethostname(hostname, HOST_NAME_MAX);
+        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (ret != EOK) {
             DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
                       strerror(errno));
             ret = errno;
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
         DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
         ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
         if (ret != EOK) {
-- 
1.8.0





--- src/providers/krb5/krb5_delayed_online_authentication.c.orig	2014-10-05 09:20:01.000000000 +0000
+++ src/providers/krb5/krb5_delayed_online_authentication.c	2014-10-05 10:53:52.000000000 +0000
@@ -321,7 +321,7 @@
Subject: [PATCH 09/25] patch-src__providers__krb5__krb5_delayed_online_authentication.c

---
 src/providers/krb5/krb5_delayed_online_authentication.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
index d5dea3b..da6b6bb 100644
--- src/providers/krb5/krb5_delayed_online_authentication.c
+++ src/providers/krb5/krb5_delayed_online_authentication.c
@@ -296,6 +296,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
                                            struct tevent_context *ev)
 {
     int ret;
+#ifdef __linux__
     hash_table_t *tmp_table;
-
+#ifdef __linux__
     ret = get_uid_table(krb5_ctx, &tmp_table);
     if (ret != EOK) {
         if (ret == ENOSYS) {
@@ -339,6 +339,7 @@
               "hash_destroy failed [%s].\n", hash_error_string(ret));
         return EFAULT;
     }
+#endif /* __linux__ */
 
     krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
                                           struct deferred_auth_ctx);
-- 
1.8.0





--- src/providers/ldap/ldap_auth.c.orig	2014-10-05 09:20:29.000000000 +0000
+++ src/providers/ldap/ldap_auth.c	2014-10-05 10:57:50.000000000 +0000
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c

---
 src/providers/ldap/ldap_auth.c | 60 ++++++++++++++++++++++++++----------------
 1 file changed, 37 insertions(+), 23 deletions(-)

diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
index b0dd30c..6b1ad83 100644
--- src/providers/ldap/ldap_auth.c
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@
 #include <sys/time.h>
 #include <strings.h>

 #include <security/pam_modules.h>
 
 #include "util/util.h"
@@ -56,6 +55,22 @@
     PWEXPIRE_SHADOW
 };
 

+  long int sp_min;            /* Minimum number of days between changes.  */
+  long int sp_max;            /* Maximum number of days between changes.  */
+  long int sp_warn;           /* Number of days to warn user to change
+                                 the password.  */
+  long int sp_inact;          /* Number of days the account may be
+                                inactive.  */
+  long int sp_expire;         /* Number of days since 1970-01-01 until
+                                account expires.  */
+  unsigned long int sp_flag;  /* Reserved.  */
+};
+
 static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
 {
     int ret;
@@ -109,6 +124,7 @@
         return EINVAL;
     }
 
+    tzset();
     expire_time = mktime(&tm);
     if (expire_time == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -116,12 +132,9 @@
         return EINVAL;
     }
 
-    tzset();
-    expire_time -= timezone;
-    DEBUG(SSSDBG_TRACE_ALL,
-          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
-           "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
-           tzname[1], timezone, daylight, now, expire_time);
+    DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]"
+              "now [%d] expire_time [%d].\n", tzname[0],
+              tzname[1], now, expire_time));
 
     if (difftime(now, expire_time) > 0.0) {
         DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
@@ -924,7 +937,7 @@
     DEBUG(SSSDBG_OP_FAILURE,
           "starting password change request for user [%s].\n", pd->user);
 
-    pd->pam_status = PAM_SYSTEM_ERR;
+    pd->pam_status = PAM_SERVICE_ERR;
 
     if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
         DEBUG(SSSDBG_OP_FAILURE,
@@ -991,7 +1004,7 @@
                 DEBUG(SSSDBG_CRIT_FAILURE,
                       "LDAP provider cannot change kerberos "
                           "passwords.\n");
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
             }
             break;
@@ -1000,7 +1013,7 @@
             break;
         default:
             DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
                 }
                 break;
@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                                               state->breq->domain->pwd_expiration_warning);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
 
                 if (result == SDAP_AUTH_PW_EXPIRED) {
                     DEBUG(1, ("LDAP provider cannot change kerberos "
                               "passwords.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                 break;
             default:
                 DEBUG(1, ("Unknow pasword expiration type.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
         }
     }
@@ -1023,13 +1036,13 @@
             ret = sss_authtok_get_password(state->pd->authtok,
                                            &password, NULL);
             if (ret) {
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
             }
             ret = sss_authtok_get_password(state->pd->newauthtok,
                                            &new_password, NULL);
             if (ret) {
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
             }
 
@@ -1069,7 +1082,7 @@
         dp_err = DP_ERR_OFFLINE;
         break;
     default:

     }
 
 done:
@@ -1104,7 +1117,7 @@
         state->pd->pam_status = PAM_AUTHTOK_ERR;
         break;
     default:
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         break;
     }
 
@@ -1131,7 +1144,7 @@
                                                     state->sh, state->dn,
                                                     lastchanged_name);
         if (subreq == NULL) {
-            state->pd->pam_status = PAM_SYSTEM_ERR;
+            state->pd->pam_status = PAM_SERVICE_ERR;
             goto done;
         }
 
@@ -1152,7 +1165,7 @@
 
     ret = sdap_modify_shadow_lastchange_recv(req);
     if (ret != EOK) {

         goto done;
     }
 
@@ -1193,7 +1206,7 @@
         goto done;
     }
 

 
     switch (pd->cmd) {
     case SSS_PAM_AUTHENTICATE:
@@ -1265,7 +1278,7 @@
             break;
         default:
             DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
         goto done;
     }
@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                                             state->pd, &result);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_shadow failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                                               be_ctx->domain->pwd_expiration_warning);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                                           be_ctx->domain->pwd_expiration_warning);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_ldap failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                 break;
             default:
                 DEBUG(1, ("Unknow pasword expiration type.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
         }
     }
@@ -1291,7 +1304,7 @@
         state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
         break;
     default:

         dp_err = DP_ERR_FATAL;
     }
 
-- 
1.8.0





--- src/providers/ldap/ldap_child.c.orig	2014-10-05 09:20:49.000000000 +0000
+++ src/providers/ldap/ldap_child.c	2014-10-05 10:58:06.000000000 +0000
@@ -240,14 +240,14 @@
             full_princ = talloc_strdup(tmp_ctx, princ_str);
         }
     } else {
-        char hostname[HOST_NAME_MAX + 1];
+        char hostname[_POSIX_HOST_NAME_MAX + 1];
 
-        ret = gethostname(hostname, HOST_NAME_MAX);
+        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (ret == -1) {
             krberr = KRB5KRB_ERR_GENERIC;
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
         DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
 




--- src/providers/ldap/sdap_access.c.orig	2014-10-05 09:21:27.000000000 +0000
+++ src/providers/ldap/sdap_access.c	2014-10-05 10:05:28.000000000 +0000
@@ -499,6 +499,7 @@
Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c

---
 src/providers/ldap/sdap_access.c | 46 +++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 24 deletions(-)

diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
index b198e04..1eaedf7 100644
--- src/providers/ldap/sdap_access.c
+++ src/providers/ldap/sdap_access.c
@@ -22,9 +22,7 @@
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#define _XOPEN_SOURCE 500 /* for strptime() */
 #include <time.h>
-#undef _XOPEN_SOURCE
 #include <sys/param.h>
 #include <security/pam_modules.h>
 #include <talloc.h>
@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq)
                            pd);
     if (req == NULL) {
         DEBUG(1, ("Unable to start sdap_access request\n"));
-        sdap_access_reply(breq, PAM_SYSTEM_ERR);
+        sdap_access_reply(breq, PAM_SERVICE_ERR);
         return;
     }
 
@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
 
     state->be_req = be_req;
     state->pd = pd;
-    state->pam_status = PAM_SYSTEM_ERR;
+    state->pam_status = PAM_SERVICE_ERR;
     state->ev = ev;
     state->access_ctx = access_ctx;
     state->current_rule = 0;
@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str)
         return true;
     }
 
+    tzset();
     expire_time = mktime(&tm);
     if (expire_time == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -506,13 +507,10 @@
         return true;
     }
 
-    tzset();
-    expire_time -= timezone;
     now = time(NULL);
-    DEBUG(SSSDBG_TRACE_ALL,
-          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
-           "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
-           tzname[1], timezone, daylight, now, expire_time);
+    DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] "
+              "now [%d] expire_time [%d].\n", tzname[0],
+              tzname[1], now, expire_time));
 
     if (difftime(now, expire_time) > 0.0) {
         DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
@@ -1139,7 +1137,7 @@
         return NULL;
     }
 
-    state->pam_status = PAM_SYSTEM_ERR;
+    state->pam_status = PAM_SERVICE_ERR;
 
     expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
                                 SDAP_ACCOUNT_EXPIRE_POLICY);
@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
     state->filter = NULL;
     state->be_req = be_req;
     state->username = username;
-    state->pam_status = PAM_SYSTEM_ERR;
+    state->pam_status = PAM_SERVICE_ERR;
     state->sdap_ctx = access_ctx->id_ctx;
     state->ev = ev;
     state->access_ctx = access_ctx;
@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
                                    false);
     if (subreq == NULL) {
         DEBUG(1, ("Could not start LDAP communication\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, EIO);
         return;
     }
@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
             if (ret == EOK) {
                 return;
             }
-            state->pam_status = PAM_SYSTEM_ERR;
+            state->pam_status = PAM_SERVICE_ERR;
         } else if (dp_error == DP_ERR_OFFLINE) {
             sdap_access_filter_decide_offline(req);
         } else {
             DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
                       ret, strerror(ret)));
-            state->pam_status = PAM_SYSTEM_ERR;
+            state->pam_status = PAM_SERVICE_ERR;
         }
 
         goto done;
@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
     else if (results == NULL) {
         DEBUG(1, ("num_results > 0, but results is NULL\n"));
         ret = EIO;
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
     else if (num_results > 1) {
@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
          */
         DEBUG(1, ("Received multiple replies\n"));
         ret = EIO;
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
     else { /* Ok, we got a single reply */
@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send(
     struct ldb_message_element *el;
     unsigned int i;
     char *host;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 
     el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
     if (!el || el->num_values == 0) {
@@ -1147,12 +1145,12 @@
         return ERR_ACCESS_DENIED;
     }
 
-    if (gethostname(hostname, HOST_NAME_MAX) == -1) {
+    if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
               "Unable to get system hostname. Access denied\n");
         return ERR_ACCESS_DENIED;
     }
-    hostname[HOST_NAME_MAX] = '\0';
+    hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
     /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
      *        in some attempt to get aliases and/or FQDN for the machine.
@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status)
 static void sdap_access_done(struct tevent_req *req)
 {
     errno_t ret;
-    int pam_status = PAM_SYSTEM_ERR;
+    int pam_status = PAM_SERVICE_ERR;
     struct be_req *breq =
             tevent_req_callback_data(req, struct be_req);
 
@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req)
     talloc_zfree(req);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        pam_status = PAM_SYSTEM_ERR;
+        pam_status = PAM_SERVICE_ERR;
     }
 
     sdap_access_reply(breq, pam_status);
-- 
1.8.0





--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig	2014-10-05 09:21:58.000000000 +0000
+++ src/providers/ldap/sdap_async_sudo_hostinfo.c	2014-10-05 10:59:58.000000000 +0000
@@ -371,7 +371,7 @@
Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c

---
 src/providers/ldap/sdap_async_sudo_hostinfo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
index 0a695cd..108b4c2 100644
--- src/providers/ldap/sdap_async_sudo_hostinfo.c
+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
@@ -371,7 +371,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
     struct tevent_req *subreq = NULL;
     struct sdap_sudo_get_hostnames_state *state = NULL;
     char *dot = NULL;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
     int resolv_timeout;
     int ret;
 
     req = tevent_req_create(mem_ctx, &state,
@@ -394,14 +394,14 @@
     /* get hostname */
 
     errno = 0;

+    ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
     if (ret != EOK) {
         ret = errno;
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname "
                                     "[%d]: %s\n", ret, strerror(ret));
         goto done;
     }
-    hostname[HOST_NAME_MAX] = '\0';

 
     state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
     if (state->hostnames[0] == NULL) {
-- 
1.8.0





From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c

---
 src/resolv/async_resolv.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c
index 268d266..1bb84e5 100644
--- src/resolv/async_resolv.c
+++ src/resolv/async_resolv.c
@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name)
     hints.ai_flags = AI_NUMERICHOST; /* No network lookups */
 
     ret = getaddrinfo(name, NULL, &hints, &res);
-    freeaddrinfo(res);
     if (ret != 0) {
         if (ret == -2) {
             DEBUG(9, ("[%s] does not look like an IP address\n", name));
@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name)
             DEBUG(2, ("getaddrinfo failed [%d]: %s\n",
                       ret, gai_strerror(ret)));
         }
+    } else {
+     freeaddrinfo(res);
     }
 
     return ret == 0;
-- 
1.8.0





--- src/resolv/async_resolv_utils.c.orig	2014-10-05 09:25:19.000000000 +0000
+++ src/resolv/async_resolv_utils.c	2014-10-05 11:00:48.000000000 +0000
@@ -44,7 +44,7 @@
     struct resolv_get_domain_state *state = NULL;
     struct tevent_req *req = NULL;
     struct tevent_req *subreq = NULL;
-    char system_hostname[HOST_NAME_MAX + 1];
+    char system_hostname[_POSIX_HOST_NAME_MAX + 1];
     errno_t ret;
 
     req = tevent_req_create(mem_ctx, &state,
@@ -56,14 +56,14 @@
 
     if (hostname == NULL) {
         /* use system hostname */
-        ret = gethostname(system_hostname, HOST_NAME_MAX);
+        ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX);
         if (ret) {
             ret = errno;
             DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n",
                                         ret, strerror(ret));
             goto immediately;
         }
-        system_hostname[HOST_NAME_MAX] = '\0';
+        system_hostname[_POSIX_HOST_NAME_MAX] = '\0';
         hostname = system_hostname;
     }
 




--- src/sss_client/common.c.orig	2014-10-05 09:25:49.000000000 +0000
+++ src/sss_client/common.c	2014-10-05 11:03:18.000000000 +0000
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 14/25] patch-src__sss_client__common.c

---
 src/sss_client/common.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git src/sss_client/common.c src/sss_client/common.c
index ec5c708..5d17eed 100644
--- src/sss_client/common.c
+++ src/sss_client/common.c
@@ -25,6 +25,7 @@
 #include "config.h"
 

 
 #if HAVE_PTHREAD
 #include <pthread.h>
@@ -124,7 +126,6 @@
             *errnop = error;
             break;
         case 0:

             break;
         case 1:
             if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
@@ -232,7 +233,6 @@
             *errnop = error;
             break;
         case 0:

             break;
         case 1:
             if (pfd.revents & (POLLHUP)) {
@@ -669,7 +669,6 @@
             *errnop = error;
             break;
         case 0:

             break;
         case 1:
             if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
@@ -719,23 +718,23 @@
     /* avoid looping in the nss daemon */
     envval = getenv("_SSS_LOOPS");
     if (envval && strcmp(envval, "NO") == 0) {

     }
 }
 
@@ -750,23 +749,23 @@
     /* avoid looping in the nss daemon */
     envval = getenv("_SSS_LOOPS");
     if (envval && strcmp(envval, "NO") == 0) {
-        return NSS_STATUS_NOTFOUND;
+        return NS_NOTFOUND;
     }
 
     ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME);
     if (ret != SSS_STATUS_SUCCESS) {
-        return NSS_STATUS_UNAVAIL;
+        return NS_UNAVAIL;
     }
 
     ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
     switch (ret) {
     case SSS_STATUS_TRYAGAIN:
-        return NSS_STATUS_TRYAGAIN;
+        return NS_TRYAGAIN;
     case SSS_STATUS_SUCCESS:
-        return NSS_STATUS_SUCCESS;
+        return NS_SUCCESS;
     case SSS_STATUS_UNAVAIL:
     default:
-        return NSS_STATUS_UNAVAIL;
+        return NS_UNAVAIL;
     }
 }
 




--- src/sss_client/nss_group.c.orig	2014-10-05 09:26:05.000000000 +0000
+++ src/sss_client/nss_group.c	2014-10-05 11:04:48.000000000 +0000
@@ -343,6 +343,76 @@
Subject: [PATCH 15/25] patch-src__sss_client__nss_group.c

---
 src/sss_client/nss_group.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c
index e6ea54b..b27b671 100644
--- src/sss_client/nss_group.c
+++ src/sss_client/nss_group.c
@@ -343,6 +343,76 @@ out:
 }
 
 

 enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
                                     char *buffer, size_t buflen, int *errnop)
 {
-- 
1.8.0





From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c

---
 src/sss_client/pam_sss.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644
--- src/sss_client/pam_sss.c
+++ src/sss_client/pam_sss.c
@@ -52,6 +52,8 @@
 #define FLAGS_USE_FIRST_PASS (1 << 0)
 #define FLAGS_FORWARD_PASS   (1 << 1)
 #define FLAGS_USE_AUTHTOK    (1 << 2)
+#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4)
 
 #define PWEXP_FLAG "pam_sss:password_expired_flag"
 #define FD_DESTRUCTOR "pam_sss:fd_destructor"
@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
 
 static void close_fd(pam_handle_t *pamh, void *ptr, int err)
 {
+#ifdef PAM_DATA_REPLACE
     if (err & PAM_DATA_REPLACE) {
         /* Nothing to do */
         return;
     }
+#endif /* PAM_DATA_REPLACE */
 
     D(("Closing the fd"));
     sss_pam_close_fd();
@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
             }
         } else if (strcmp(*argv, "quiet") == 0) {
             *quiet_mode = true;
+        } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
+            *flags |= FLAGS_IGNORE_UNKNOWN_USER;
+        } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) {
+            *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL;
         } else {
             logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
         }
@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
     ret = get_pam_items(pamh, &pi);
     if (ret != PAM_SUCCESS) {
         D(("get items returned error: %s", pam_strerror(pamh,ret)));
+        if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
+            ret = PAM_IGNORE;
+        }
+        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
+                && ret == PAM_AUTHINFO_UNAVAIL) {
+            ret = PAM_IGNORE;
+        }
         return ret;
     }
 
@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
 
         pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
 
+        if (flags & FLAGS_IGNORE_UNKNOWN_USER
+                && pam_status == PAM_USER_UNKNOWN) {
+            pam_status = PAM_IGNORE;
+        }
+        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
+                && pam_status == PAM_AUTHINFO_UNAVAIL) {
+            pam_status = PAM_IGNORE;
+        }
+
         switch (task) {
             case SSS_PAM_AUTHENTICATE:
                 /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
-- 
1.9.3





From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c

---
 src/sss_client/pam_test_client.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c
index ef424e7..d8cf36c 100644
--- src/sss_client/pam_test_client.c
+++ src/sss_client/pam_test_client.c
@@ -24,12 +24,13 @@
 
 #include <stdio.h>
 #include <unistd.h>
+#include <string.h>
 
 #include <security/pam_appl.h>
-#include <security/pam_misc.h>
+#include <security/openpam.h>
 
 static struct pam_conv conv = {
-    misc_conv,
+    openpam_ttyconv,
     NULL
 };
 
-- 
1.8.0





--- src/sss_client/sss_nss.exports.orig	2014-10-05 09:26:51.000000000 +0000
+++ src/sss_client/sss_nss.exports	2014-10-05 11:05:56.000000000 +0000
@@ -3,6 +3,7 @@
Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports

---
 src/sss_client/sss_nss.exports | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports
index 1eefea8..8e85a05 100644
--- src/sss_client/sss_nss.exports
+++ src/sss_client/sss_nss.exports
@@ -3,6 +3,7 @@ EXPORTED {
 	# public functions
 	global:
 

 		_nss_sss_getpwnam_r;
 		_nss_sss_getpwuid_r;
 		_nss_sss_setpwent;
@@ -14,8 +15,25 @@
 		_nss_sss_setgrent;
 		_nss_sss_getgrent_r;
 		_nss_sss_endgrent;

 		#_nss_sss_getaliasbyname_r;
 		#_nss_sss_setaliasent;
 		#_nss_sss_getaliasent_r;
-- 
1.8.0





--- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig	2014-10-05 09:27:43.000000000 +0000
+++ src/util/crypto/libcrypto/crypto_sha512crypt.c	2014-10-05 11:07:04.000000000 +0000
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 19/25] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c

---
 src/util/crypto/libcrypto/crypto_sha512crypt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
index 88628b6..4510403 100644
--- src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -28,6 +28,14 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>

 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";
 #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
-- 
1.8.0





--- src/util/crypto/nss/nss_sha512crypt.c.orig	2014-10-05 09:28:09.000000000 +0000
+++ src/util/crypto/nss/nss_sha512crypt.c	2014-10-05 11:07:34.000000000 +0000
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 20/25] patch-src__util__crypto__nss__nss_sha512crypt.c

---
 src/util/crypto/nss/nss_sha512crypt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c
index 2838c47..a6cf43f 100644
--- src/util/crypto/nss/nss_sha512crypt.c
+++ src/util/crypto/nss/nss_sha512crypt.c
@@ -29,6 +29,14 @@
 #include <sechash.h>
 #include <pk11func.h>

 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";
 #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
-- 
1.8.0





--- src/util/find_uid.c.orig	2014-10-05 09:28:26.000000000 +0000
+++ src/util/find_uid.c	2014-10-05 11:09:40.000000000 +0000
@@ -67,7 +67,7 @@
Subject: [PATCH 21/25] patch-src__util__find_uid.c

---
 src/util/find_uid.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git src/util/find_uid.c src/util/find_uid.c
index d34a4ab..9dec900 100644
--- src/util/find_uid.c
+++ src/util/find_uid.c
@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
     uint32_t num=0;
     errno_t error;
 
-    ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
+    ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
     if (ret < 0) {
         DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");
         return EINVAL;
@@ -207,12 +207,12 @@
     struct dirent *dirent;
     int ret, err;
     pid_t pid = -1;

+    proc_dir = opendir("/compat/linux/proc");
     if (proc_dir == NULL) {
         ret = errno;
         DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
@@ -287,9 +287,9 @@
 
 errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
 {
-#ifdef __linux__
     int ret;
 
+#if 1
     ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,
                          hash_talloc, hash_talloc_free, mem_ctx,
                          NULL, NULL);
-- 
1.8.0





From cc6cab9e45ba978eaf33c6fa1860ee94166780be Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 22/25] patch-src__util__server.c

---
 src/util/server.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git src/util/server.c src/util/server.c
index b3073fc..ddc124f 100644
--- src/util/server.c
+++ src/util/server.c
@@ -321,12 +321,14 @@ static void setup_signals(void)
     BlockSignals(false, SIGTERM);
 
     CatchSignal(SIGHUP, sig_hup);
-
 #ifndef HAVE_PRCTL
-        /* If prctl is not defined on the system, try to handle
-         * some common termination signals gracefully */
-    CatchSignal(SIGSEGV, sig_segv_abrt);
-    CatchSignal(SIGABRT, sig_segv_abrt);
+    /* If prctl is not defined on the system, try to handle
+     * some common termination signals gracefully */
+    (void) sig_segv_abrt; /* unused */
+    /*
+      CatchSignal(SIGSEGV, sig_segv_abrt);
+      CatchSignal(SIGABRT, sig_segv_abrt);
+    */
 #endif
 
 }
-- 
1.8.0





--- src/util/sss_ldap.c.orig	2014-10-05 09:28:45.000000000 +0000
+++ src/util/sss_ldap.c	2014-10-05 11:11:12.000000000 +0000
@@ -206,6 +206,9 @@
Subject: [PATCH 27/34] patch-src__util__sss_ldap.c

---
 src/util/sss_ldap.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git src/util/sss_ldap.c src/util/sss_ldap.c
index 060aacf..a2cc82a 100644
--- src/util/sss_ldap.c
+++ src/util/sss_ldap.c
@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,
     errno = 0;
     ret = connect(state->fd, (struct sockaddr *) &state->addr,
                   state->addr_len);

     if (ret != EOK) {
         ret = errno;
         if (ret == EINPROGRESS || ret == EINTR) {
@@ -346,7 +349,7 @@
           "Using file descriptor [%d] for LDAP connection.\n", state->sd);
     }
 
-    ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
+    ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
     if (ret != 0) {
         ret = errno;
         DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
@@ -341,7 +344,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
     DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd));
 
     subreq = sdap_async_sys_connect_send(state, ev, state->sd,
-                                         (struct sockaddr *) addr, addr_len);
+                                         (struct sockaddr *) addr, sizeof(struct sockaddr));
     if (subreq == NULL) {
         ret = ENOMEM;
         DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");
-- 
1.8.0





--- src/util/util.h.orig	2014-10-05 09:29:04.000000000 +0000
+++ src/util/util.h	2014-10-05 11:11:58.000000000 +0000
@@ -535,6 +535,8 @@
Subject: [PATCH 24/25] patch-src__util__util.h

---
 src/util/util.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git src/util/util.h src/util/util.h
index eab1f78..8e29fb5 100644
--- src/util/util.h
+++ src/util/util.h
@@ -571,4 +571,6 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len,
 #define BUILD_WITH_PAC_RESPONDER false
 #endif
 
+#include "util/sss_bsd_errno.h"
+
 /* from string_utils.c */
 char * sss_replace_space(TALLOC_CTX *mem_ctx,
                          const char *orig_name,


Lines 1-23 Link Here

(-)sssd/pkg-plist (-39 / +129 lines)
		1	/you/have/to/check/what/makeplist/gives/you
1	bin/sss_ssh_authorizedkeys	2	bin/sss_ssh_authorizedkeys
2	bin/sss_ssh_knownhostsproxy	3	bin/sss_ssh_knownhostsproxy
3	@sample %%ETCDIR%%/sssd.conf.sample	4	etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
		5	etc/rc.d/sssd
		6	%%ETCDIR%%/sssd.conf.sample
4	include/ipa_hbac.h	7	include/ipa_hbac.h
5	include/sss_idmap.h	8	include/sss_idmap.h
6	include/sss_sudo.h	9	include/sss_nss_idmap.h
		10	lib/krb5/plugins/authdata/sssd_pac_plugin.so
7	lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so	11	lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
8	lib/libipa_hbac.so	12	lib/libipa_hbac.so
9	lib/libipa_hbac.so.0	13	lib/libipa_hbac.so.0
10	lib/libipa_hbac.so.0.0.1	14	lib/libipa_hbac.so.0.0.1
11	lib/libsss_idmap.so	15	lib/libsss_idmap.so
12	lib/libsss_idmap.so.0	16	lib/libsss_idmap.so.0
13	lib/libsss_idmap.so.0.0.1	17	lib/libsss_idmap.so.0.4.0
		18	lib/libsss_nss_idmap.so
		19	lib/libsss_nss_idmap.so.0
		20	lib/libsss_nss_idmap.so.0.0.1
14	lib/libsss_sudo.so	21	lib/libsss_sudo.so
15	lib/nss_sss.so	22	lib/nss_sss.so
16	lib/nss_sss.so.1	23	lib/nss_sss.so.1
17	lib/nss_sss.so.2	24	lib/nss_sss.so.2
18	lib/nss_sss.so.2.0.0	25	lib/nss_sss.so.2.0.0
19	lib/pam_sss.so	26	lib/pam_sss.so
20	%%PYTHON_SITELIBDIR%%/SSSDConfig-1.9.6-py%%PYTHON_VER%%.egg-info	27	%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info
21	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py	28	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
22	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc	29	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc
23	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py	30	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py
Lines 27-53 Link Here
27	%%PYTHON_SITELIBDIR%%/pyhbac.so	34	%%PYTHON_SITELIBDIR%%/pyhbac.so
28	%%PYTHON_SITELIBDIR%%/pysss.so	35	%%PYTHON_SITELIBDIR%%/pysss.so
29	%%PYTHON_SITELIBDIR%%/pysss_murmur.so	36	%%PYTHON_SITELIBDIR%%/pysss_murmur.so
		37	%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
30	lib/shared-modules/ldb/memberof.so	38	lib/shared-modules/ldb/memberof.so
31	lib/sssd/libsss_ad.so	39	%%SMB%%lib/sssd/libsss_ad.so
32	lib/sssd/libsss_ipa.so	40	lib/sssd/libsss_child.so
		41	lib/sssd/libsss_crypt.so
		42	lib/sssd/libsss_debug.so
		43	%%SMB%%lib/sssd/libsss_ipa.so
33	lib/sssd/libsss_krb5.so	44	lib/sssd/libsss_krb5.so
		45	lib/sssd/libsss_krb5_common.so
34	lib/sssd/libsss_ldap.so	46	lib/sssd/libsss_ldap.so
		47	lib/sssd/libsss_ldap_common.so
35	lib/sssd/libsss_proxy.so	48	lib/sssd/libsss_proxy.so
36	lib/sssd/libsss_simple.so	49	lib/sssd/libsss_simple.so
		50	lib/sssd/libsss_util.so
37	libdata/pkgconfig/ipa_hbac.pc	51	libdata/pkgconfig/ipa_hbac.pc
38	libdata/pkgconfig/sss_idmap.pc	52	libdata/pkgconfig/sss_idmap.pc
		53	libdata/pkgconfig/sss_nss_idmap.pc
39	libexec/sssd/krb5_child	54	libexec/sssd/krb5_child
40	libexec/sssd/ldap_child	55	libexec/sssd/ldap_child
41	libexec/sssd/proxy_child	56	libexec/sssd/proxy_child
		57	libexec/sssd/sss_signal
42	libexec/sssd/sssd_be	58	libexec/sssd/sssd_be
		59	libexec/sssd/sssd_ifp
43	libexec/sssd/sssd_nss	60	libexec/sssd/sssd_nss
		61	libexec/sssd/sssd_pac
44	libexec/sssd/sssd_pam	62	libexec/sssd/sssd_pam
45	libexec/sssd/sssd_ssh	63	libexec/sssd/sssd_ssh
46	libexec/sssd/sssd_sudo	64	libexec/sssd/sssd_sudo
47	man/es/man1/sss_ssh_authorizedkeys.1.gz	65	man/es/man1/sss_ssh_authorizedkeys.1.gz
48	man/es/man1/sss_ssh_knownhostsproxy.1.gz	66	man/es/man1/sss_ssh_knownhostsproxy.1.gz
49	man/es/man5/sssd-ad.5.gz
50	man/es/man5/sssd-ipa.5.gz
51	man/es/man5/sssd-ldap.5.gz	67	man/es/man5/sssd-ldap.5.gz
52	man/es/man5/sssd-simple.5.gz	68	man/es/man5/sssd-simple.5.gz
53	man/es/man5/sssd-sudo.5.gz	69	man/es/man5/sssd-sudo.5.gz
Lines 69-75 Link Here
69	man/fr/man1/sss_ssh_authorizedkeys.1.gz	85	man/fr/man1/sss_ssh_authorizedkeys.1.gz
70	man/fr/man1/sss_ssh_knownhostsproxy.1.gz	86	man/fr/man1/sss_ssh_knownhostsproxy.1.gz
71	man/fr/man5/sssd-ad.5.gz	87	man/fr/man5/sssd-ad.5.gz
72	man/fr/man5/sssd-ipa.5.gz
73	man/fr/man5/sssd-krb5.5.gz	88	man/fr/man5/sssd-krb5.5.gz
74	man/fr/man5/sssd-ldap.5.gz	89	man/fr/man5/sssd-ldap.5.gz
75	man/fr/man5/sssd-simple.5.gz	90	man/fr/man5/sssd-simple.5.gz
Lines 91-98 Link Here
91	man/fr/man8/sssd_krb5_locator_plugin.8.gz	106	man/fr/man8/sssd_krb5_locator_plugin.8.gz
92	man/ja/man1/sss_ssh_authorizedkeys.1.gz	107	man/ja/man1/sss_ssh_authorizedkeys.1.gz
93	man/ja/man1/sss_ssh_knownhostsproxy.1.gz	108	man/ja/man1/sss_ssh_knownhostsproxy.1.gz
94	man/ja/man5/sssd-ad.5.gz
95	man/ja/man5/sssd-ipa.5.gz
96	man/ja/man5/sssd-krb5.5.gz	109	man/ja/man5/sssd-krb5.5.gz
97	man/ja/man5/sssd-ldap.5.gz	110	man/ja/man5/sssd-ldap.5.gz
98	man/ja/man5/sssd-simple.5.gz	111	man/ja/man5/sssd-simple.5.gz
Lines 113-118 Link Here
113	man/man1/sss_ssh_authorizedkeys.1.gz	126	man/man1/sss_ssh_authorizedkeys.1.gz
114	man/man1/sss_ssh_knownhostsproxy.1.gz	127	man/man1/sss_ssh_knownhostsproxy.1.gz
115	man/man5/sssd-ad.5.gz	128	man/man5/sssd-ad.5.gz
		129	man/man5/sssd-ifp.5.gz
116	man/man5/sssd-ipa.5.gz	130	man/man5/sssd-ipa.5.gz
117	man/man5/sssd-krb5.5.gz	131	man/man5/sssd-krb5.5.gz
118	man/man5/sssd-ldap.5.gz	132	man/man5/sssd-ldap.5.gz
Lines 139-145 Link Here
139	man/uk/man1/sss_ssh_authorizedkeys.1.gz	153	man/uk/man1/sss_ssh_authorizedkeys.1.gz
140	man/uk/man1/sss_ssh_knownhostsproxy.1.gz	154	man/uk/man1/sss_ssh_knownhostsproxy.1.gz
141	man/uk/man5/sssd-ad.5.gz	155	man/uk/man5/sssd-ad.5.gz
142	man/uk/man5/sssd-ipa.5.gz	156	man/uk/man5/sssd-ifp.5.gz
143	man/uk/man5/sssd-krb5.5.gz	157	man/uk/man5/sssd-krb5.5.gz
144	man/uk/man5/sssd-ldap.5.gz	158	man/uk/man5/sssd-ldap.5.gz
145	man/uk/man5/sssd-simple.5.gz	159	man/uk/man5/sssd-simple.5.gz
Lines 171-206 Link Here
171	sbin/sss_userdel	185	sbin/sss_userdel
172	sbin/sss_usermod	186	sbin/sss_usermod
173	sbin/sssd	187	sbin/sssd
174	%%PORTDOCS%%@dirrm %%DOCSDIR%%/libsss_sudo_doc	188	%%DATADIR%%/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
175	%%PORTDOCS%%@dirrm %%DOCSDIR%%/idmap_doc	189	%%DATADIR%%/locale/bg/LC_MESSAGES/sssd.mo
176	%%PORTDOCS%%@dirrm %%DOCSDIR%%/hbac_doc	190	%%DATADIR%%/locale/de/LC_MESSAGES/sssd.mo
177	%%PORTDOCS%%@dirrm %%DOCSDIR%%/doc	191	%%DATADIR%%/locale/es/LC_MESSAGES/sssd.mo
178	%%PORTDOCS%%@dirrm %%DOCSDIR%%	192	%%DATADIR%%/locale/eu/LC_MESSAGES/sssd.mo
179	@dirrm libexec/sssd	193	%%DATADIR%%/locale/fr/LC_MESSAGES/sssd.mo
180	@dirrm lib/sssd/modules	194	%%DATADIR%%/locale/hu/LC_MESSAGES/sssd.mo
181	@dirrm lib/sssd	195	%%DATADIR%%/locale/id/LC_MESSAGES/sssd.mo
182	@dirrm %%PYTHON_SITELIBDIR%%/SSSDConfig	196	%%DATADIR%%/locale/it/LC_MESSAGES/sssd.mo
		197	%%DATADIR%%/locale/ja/LC_MESSAGES/sssd.mo
		198	%%DATADIR%%/locale/nb/LC_MESSAGES/sssd.mo
		199	%%DATADIR%%/locale/nl/LC_MESSAGES/sssd.mo
		200	%%DATADIR%%/locale/pl/LC_MESSAGES/sssd.mo
		201	%%DATADIR%%/locale/pt/LC_MESSAGES/sssd.mo
		202	%%DATADIR%%/locale/ru/LC_MESSAGES/sssd.mo
		203	%%DATADIR%%/locale/sv/LC_MESSAGES/sssd.mo
		204	%%DATADIR%%/locale/tg/LC_MESSAGES/sssd.mo
		205	%%DATADIR%%/locale/tr/LC_MESSAGES/sssd.mo
		206	%%DATADIR%%/locale/uk/LC_MESSAGES/sssd.mo
		207	%%DATADIR%%/locale/zh_CN/LC_MESSAGES/sssd.mo
		208	%%DATADIR%%/locale/zh_TW/LC_MESSAGES/sssd.mo
		209	%%DATADIR%%/sssd/sssd.api.conf
		210	%%DATADIR%%/sssd/sssd.api.d/sssd-ad.conf
		211	%%DATADIR%%/sssd/sssd.api.d/sssd-ipa.conf
		212	%%DATADIR%%/sssd/sssd.api.d/sssd-krb5.conf
		213	%%DATADIR%%/sssd/sssd.api.d/sssd-ldap.conf
		214	%%DATADIR%%/sssd/sssd.api.d/sssd-local.conf
		215	%%DATADIR%%/sssd/sssd.api.d/sssd-proxy.conf
		216	%%DATADIR%%/sssd/sssd.api.d/sssd-simple.conf
183	@dirrmtry %%ETCDIR%%	217	@dirrmtry %%ETCDIR%%
184	@dirrmtry man/uk/man8	218	@dirrmtry %%PYTHON_SITELIBDIR%%/SSSDConfig
185	@dirrmtry man/uk/man5	219	@dirrmtry lib/sssd/modules
186	@dirrmtry man/uk/man1	220	@dirrmtry lib/sssd
187	@dirrmtry man/uk	221	@dirrmtry libexec/sssd
188	@dirrmtry man/pt/man8
189	@dirrmtry man/pt/man5
190	@dirrmtry man/pt/man1
191	@dirrmtry man/pt
192	@dirrmtry man/nl/man8
193	@dirrmtry man/nl/man5
194	@dirrmtry man/nl/man1
195	@dirrmtry man/nl
196	@dirrmtry man/fr/man8
197	@dirrmtry man/fr/man5
198	@dirrmtry man/fr/man1
199	@dirrmtry man/fr
200	@dirrmtry man/es/man8
201	@dirrmtry man/es/man5
202	@dirrmtry man/es/man1	222	@dirrmtry man/es/man1
		223	@dirrmtry man/es/man5
		224	@dirrmtry man/es/man8
203	@dirrmtry man/es	225	@dirrmtry man/es
		226	@dirrmtry man/fr/man1
		227	@dirrmtry man/fr/man5
		228	@dirrmtry man/fr/man8
		229	@dirrmtry man/fr
		230	@dirrmtry man/nl/man1
		231	@dirrmtry man/nl/man5
		232	@dirrmtry man/nl/man8
		233	@dirrmtry man/nl
		234	@dirrmtry man/pt/man1
		235	@dirrmtry man/pt/man5
		236	@dirrmtry man/pt/man8
		237	@dirrmtry man/pt
		238	@dirrmtry man/uk/man1
		239	@dirrmtry man/uk/man5
		240	@dirrmtry man/uk/man8
		241	@dirrmtry man/uk
		242	%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/doc
		243	%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/hbac_doc
		244	%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/idmap_doc
		245	%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/libsss_sudo_doc
		246	%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/nss_idmap_doc
		247	%%PORTDOCS%%@dirrmtry %%DOCSDIR%%
		248	@dirrmtry %%DATADIR%%/dbus-1/system-services
		249	@dirrmtry %%DATADIR%%/dbus-1
		250	@dirrmtry %%DATADIR%%/locale/bg/LC_MESSAGES
		251	@dirrmtry %%DATADIR%%/locale/bg
		252	@dirrmtry %%DATADIR%%/locale/de/LC_MESSAGES
		253	@dirrmtry %%DATADIR%%/locale/de
		254	@dirrmtry %%DATADIR%%/locale/es/LC_MESSAGES
		255	@dirrmtry %%DATADIR%%/locale/es
		256	@dirrmtry %%DATADIR%%/locale/eu/LC_MESSAGES
		257	@dirrmtry %%DATADIR%%/locale/eu
		258	@dirrmtry %%DATADIR%%/locale/fr/LC_MESSAGES
		259	@dirrmtry %%DATADIR%%/locale/fr
		260	@dirrmtry %%DATADIR%%/locale/hu/LC_MESSAGES
		261	@dirrmtry %%DATADIR%%/locale/hu
		262	@dirrmtry %%DATADIR%%/locale/id/LC_MESSAGES
		263	@dirrmtry %%DATADIR%%/locale/id
		264	@dirrmtry %%DATADIR%%/locale/it/LC_MESSAGES
		265	@dirrmtry %%DATADIR%%/locale/it
		266	@dirrmtry %%DATADIR%%/locale/ja/LC_MESSAGES
		267	@dirrmtry %%DATADIR%%/locale/ja
		268	@dirrmtry %%DATADIR%%/locale/nb/LC_MESSAGES
		269	@dirrmtry %%DATADIR%%/locale/nb
		270	@dirrmtry %%DATADIR%%/locale/nl/LC_MESSAGES
		271	@dirrmtry %%DATADIR%%/locale/nl
		272	@dirrmtry %%DATADIR%%/locale/pl/LC_MESSAGES
		273	@dirrmtry %%DATADIR%%/locale/pl
		274	@dirrmtry %%DATADIR%%/locale/pt/LC_MESSAGES
		275	@dirrmtry %%DATADIR%%/locale/pt
		276	@dirrmtry %%DATADIR%%/locale/ru/LC_MESSAGES
		277	@dirrmtry %%DATADIR%%/locale/ru
		278	@dirrmtry %%DATADIR%%/locale/sv/LC_MESSAGES
		279	@dirrmtry %%DATADIR%%/locale/sv
		280	@dirrmtry %%DATADIR%%/locale/tg/LC_MESSAGES
		281	@dirrmtry %%DATADIR%%/locale/tg
		282	@dirrmtry %%DATADIR%%/locale/tr/LC_MESSAGES
		283	@dirrmtry %%DATADIR%%/locale/tr
		284	@dirrmtry %%DATADIR%%/locale/uk/LC_MESSAGES
		285	@dirrmtry %%DATADIR%%/locale/uk
		286	@dirrmtry %%DATADIR%%/locale/zh_CN/LC_MESSAGES
		287	@dirrmtry %%DATADIR%%/locale/zh_CN
		288	@dirrmtry %%DATADIR%%/locale/zh_TW/LC_MESSAGES
		289	@dirrmtry %%DATADIR%%/locale/zh_TW
290	@dirrmtry %%DATADIR%%/locale
291	@dirrmtry %%DATADIR%%/sssd/sssd.api.d
292	@dirrmtry %%DATADIR%%/sssd
293	@dirrmtry %%DATADIR%%
204	@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi	294	@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi
205	@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi	295	@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi
206	@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi	296	@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi

Return to bug 194155

Lines 2-9 Link Here

(-)sssd/Makefile (-6 / +16 lines)
2	# $FreeBSD: head/security/sssd/Makefile 367172 2014-09-03 07:34:37Z vanilla $	2	# $FreeBSD: head/security/sssd/Makefile 367172 2014-09-03 07:34:37Z vanilla $
3		3
4	PORTNAME= sssd	4	PORTNAME= sssd
5	DISTVERSION= 1.9.6	5	DISTVERSION= 1.11.7
6	PORTREVISION= 9	6	PORTREVISION= 0
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \	8	MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \
9	http://mirrors.rit.edu/zi/	9	http://mirrors.rit.edu/zi/
Lines 32-49 Link Here
32	xsltproc:${PORTSDIR}/textproc/libxslt \	32	xsltproc:${PORTSDIR}/textproc/libxslt \
33	xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr \	33	xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr \
34	krb5>=1.10:${PORTSDIR}/security/krb5 \	34	krb5>=1.10:${PORTSDIR}/security/krb5 \
35	nsupdate:${PORTSDIR}/dns/bind99	35	nsupdate:${PORTSDIR}/dns/bind99
36		36
37	GNU_CONFIGURE= yes	37	GNU_CONFIGURE= yes
38	CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \	38	CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \
39	--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb/ \	39	--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
40	--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \	40	--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
41	--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \	41	--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \
42	--docdir=${DOCSDIR} --with-pid-path=/var/run \	42	--docdir=${DOCSDIR} --with-pid-path=/var/run \
43	--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \	43	--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \
44	--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \	44	--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \
45	--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \	45	--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \
46	--with-unicode-lib=libunistring --with-autofs=no	46	--with-unicode-lib=libunistring --with-autofs=no --disable-cifs-idmap-plugin \
		47	--without-nfsv4-idmapd-plugin --disable-config-lib --with-sudo --with-initscript=sysv
47	CONFIGURE_ENV= XMLLINT="/bin/echo"	48	CONFIGURE_ENV= XMLLINT="/bin/echo"
48	CFLAGS+= -fstack-protector-all	49	CFLAGS+= -fstack-protector-all
49	PLIST_SUB= PYTHON_VER=${PYTHON_VER}	50	PLIST_SUB= PYTHON_VER=${PYTHON_VER}
Lines 57-69 Link Here
57	USE_PYTHON= yes	58	USE_PYTHON= yes
58	USE_OPENLDAP= yes	59	USE_OPENLDAP= yes
59	USES= gettext gmake iconv libtool pathfix pkgconfig shebangfix	60	USES= gettext gmake iconv libtool pathfix pkgconfig shebangfix
		61	LIBS+= -L${LOCALBASE}/lib -liconv -lintl
60	PATHFIX_MAKEFILEIN= Makefile.am	62	PATHFIX_MAKEFILEIN= Makefile.am
61	SHEBANG_FILES= src/tools/sss_obfuscate	63	SHEBANG_FILES= src/tools/sss_obfuscate
62		64
63	USE_RC_SUBR= ${PORTNAME}	65	USE_RC_SUBR= ${PORTNAME}
64	PORTDATA= *	66	PORTDATA= *
65		67
66	OPTIONS_DEFINE= DOCS	68	OPTIONS_DEFINE= DOCS SMB
		69	OPTIONS_DEFAULT= DOCS
		70	OPTIONS_SUB= yes
		71
		72	SMB_DESC= Install with Samba support
		73	SMB_LIB_DEPENDS= libsmbclient.so:${PORTSDIR}/net/samba-libsmbclient
		74	SMB_BUILD_DEPENDS= samba41>=4.1.0:${PORTSDIR}/net/samba41
		75	SMB_CONFIGURE_WITH= samba
		76
67		77
68	.include <bsd.port.options.mk>	78	.include <bsd.port.options.mk>
69		79

Lines 1-17 Link Here

(-)sssd/files/patch-Makefile.am (-34 / +20 lines)
1	From e40f55767383f300f71103ca404b7839b8499104 Mon Sep 17 00:00:00 2001	1	--- Makefile.am.orig 2014-10-05 09:16:03.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ Makefile.am 2014-10-05 10:36:18.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100	3	@@ -378,6 +378,7 @@
4	Subject: [PATCH 01/25] patch-Makefile.am
5
6	---
7	Makefile.am \| 10 ++++++----
8	1 file changed, 6 insertions(+), 4 deletions(-)
9
10	diff --git Makefile.am Makefile.am
11	index 04df7cb..e2558f7 100644
12	--- Makefile.am
13	+++ Makefile.am
14	@@ -318,6 +318,7 @@ SSSD_LIBS = \
15	$(DHASH_LIBS) \	4	$(DHASH_LIBS) \
16	$(SSS_CRYPT_LIBS) \	5	$(SSS_CRYPT_LIBS) \
17	$(OPENLDAP_LIBS) \	6	$(OPENLDAP_LIBS) \
Lines 19-42 Link Here
19	$(TDB_LIBS)	8	$(TDB_LIBS)
20		9
21	PYTHON_BINDINGS_LIBS = \	10	PYTHON_BINDINGS_LIBS = \
22	@@ -369,6 +370,7 @@ dist_noinst_HEADERS = \	11	@@ -431,6 +432,7 @@
23	src/util/sss_selinux.h \	12	src/util/sss_selinux.h \
24	src/util/sss_utf8.h \	13	src/util/sss_utf8.h \
25	src/util/sss_ssh.h \	14	src/util/sss_ssh.h \
26	+ src/util/sss_bsd_errno.h \	15	+ src/util/sss_bsd_errno.h \
		16	src/util/sss_ini.h \
		17	src/util/sss_format.h \
27	src/util/refcount.h \	18	src/util/refcount.h \
28	src/util/find_uid.h \	19	@@ -1685,7 +1687,7 @@
29	src/util/user_info_msg.h \
30	@@ -1170,7 +1172,7 @@ noinst_PROGRAMS += autofs_test_client
31	endif	20	endif
32		21
33	pam_test_client_SOURCES = src/sss_client/pam_test_client.c	22	pam_test_client_SOURCES = src/sss_client/pam_test_client.c
34	-pam_test_client_LDFLAGS = -lpam -lpam_misc	23	-pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS)
35	+pam_test_client_LDFLAGS = -lpam	24	+pam_test_client_LDADD = $(PAM_LIBS)
36		25
37	if BUILD_AUTOFS	26	if BUILD_AUTOFS
38	autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \	27	autofs_test_client_SOURCES = \
39	@@ -1184,9 +1186,10 @@ endif	28	@@ -1700,9 +1702,10 @@
40	# Client Libraries #	29	# Client Libraries #
41	####################	30	####################
42		31
Lines 49-71 Link Here
49	src/sss_client/nss_passwd.c \	38	src/sss_client/nss_passwd.c \
50	src/sss_client/nss_group.c \	39	src/sss_client/nss_group.c \
51	src/sss_client/nss_netgroup.c \	40	src/sss_client/nss_netgroup.c \
52	@@ -1198,7 +1201,7 @@ libnss_sss_la_SOURCES = \	41	@@ -1717,7 +1720,7 @@
53	src/sss_client/nss_mc_passwd.c \
54	src/sss_client/nss_mc_group.c \
55	src/sss_client/nss_mc.h	42	src/sss_client/nss_mc.h
		43	libnss_sss_la_LIBADD = \
		44	$(CLIENT_LIBS)
56	-libnss_sss_la_LDFLAGS = \	45	-libnss_sss_la_LDFLAGS = \
57	+nss_sss_la_LDFLAGS = \	46	+nss_sss_la_LDFLAGS = \
58	$(CLIENT_LIBS) \
59	-module \	47	-module \
60	-version-info 2:0:0 \	48	-version-info 2:0:0 \
61	@@ -1532,6 +1535,7 @@ ldap_child_LDADD = \	49	-Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
62	$(POPT_LIBS) \	50	@@ -1879,6 +1882,7 @@
		51	libsss_ldap_la_LIBADD = \
63	$(OPENLDAP_LIBS) \	52	$(OPENLDAP_LIBS) \
64	$(DHASH_LIBS) \	53	$(DHASH_LIBS) \
65	+ $(LTLIBINTL) \	54	+ $(LTLIBINTL) \
66	$(KRB5_LIBS)	55	$(KRB5_LIBS) \
67		56	libsss_ldap_common.la \
68	proxy_child_SOURCES = \	57	libsss_idmap.la
69	--
70	1.8.0
71

Lines 1-28 Link Here

(-)sssd/files/patch-src__confdb__confdb.c (-18 / +4 lines)
1	From 756e37d0ef957b15d782d5dd87d24e9359541931 Mon Sep 17 00:00:00 2001	1	--- src/confdb/confdb.c.orig 2014-10-05 09:17:01.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/confdb/confdb.c 2014-10-05 10:33:50.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 02/25] patch-src__confdb__confdb.c
5
6	---
7	src/confdb/confdb.c \| 5 +++++
8	1 file changed, 5 insertions(+)
9
10	diff --git src/confdb/confdb.c src/confdb/confdb.c
11	index 72c74fe..78b69b8 100644
12	--- src/confdb/confdb.c
13	+++ src/confdb/confdb.c
14	@@ -28,6 +28,11 @@	3	@@ -28,6 +28,11 @@
15	#include "util/strtonum.h"	4	#include "util/strtonum.h"
16	#include "db/sysdb.h"	5	#include "db/sysdb.h"
17		6
18	+char strchrnul(const char s, int ch) {	7	+char strchrnul(const char s, int ch) {
19	+ char *ret = strchr(s, ch);	8	+ char *ret = strchr(s, ch);
20	+ return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret;	9	+ return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret;
21	+}	10	+}
22	+	11	+
23	#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \	12	#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
24	if (!var) { \	13	if (!var) { \
25	ret = err; \	14	ret = err; \
26	--
27	1.8.0
28

Lines 1-17 Link Here

(-)sssd/files/patch-src__external__inotify.m4 (-17 / +3 lines)
1	From 558989d6ac329b4036e02873fb7c981c5912040c Mon Sep 17 00:00:00 2001	1	--- src/external/inotify.m4.orig 2014-10-05 09:17:30.000000000 +0000
2	From: Lukas Slebodnik <lslebodn@redhat.com>	2	+++ src/external/inotify.m4 2014-10-05 10:47:50.000000000 +0000
3	Date: Thu, 7 Nov 2013 13:28:13 +0100	3	@@ -20,10 +20,10 @@
4	Subject: [PATCH] patch-src__external__inotify.m4
5
6	---
7	src/external/inotify.m4 \| 4 ++--
8	1 file changed, 2 insertions(+), 2 deletions(-)
9
10	diff --git src/external/inotify.m4 src/external/inotify.m4
11	index 9572f6d2fefedf8a1d6a2468c712a83e7db2969f..2a5a8cf00d80e0979dca50fd102c3dc2872b2970 100644
12	--- src/external/inotify.m4
13	+++ src/external/inotify.m4
14	@@ -20,10 +20,10 @@ int main () {
15	AS_IF([test x"$inotify_works" != xyes],	4	AS_IF([test x"$inotify_works" != xyes],
16	[AC_CHECK_LIB([inotify],	5	[AC_CHECK_LIB([inotify],
17	[inotify_init],	6	[inotify_init],
Lines 24-29 Link Here
24	)	13	)
25		14
26	AS_IF([test x"$inotify_works" = xyes],	15	AS_IF([test x"$inotify_works" = xyes],
27	--
28	1.8.3.1
29

Lines 1-17 Link Here

(-)sssd/files/patch-src__external__krb5.m4 (-17 / +3 lines)
1	From b7947258702e250dbf569bb9cd74f1e73f0c94bb Mon Sep 17 00:00:00 2001	1	--- src/external/krb5.m4.orig 2014-10-05 09:17:49.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/external/krb5.m4 2014-10-05 10:48:54.000000000 +0000
3	Date: Wed, 30 Oct 2013 08:53:42 +0100	3	@@ -9,7 +9,7 @@
4	Subject: [PATCH 1/4] patch-src__external__krb5.m4
5
6	---
7	src/external/krb5.m4 \| 2 +-
8	1 file changed, 1 insertion(+), 1 deletion(-)
9
10	diff --git src/external/krb5.m4 src/external/krb5.m4
11	index 71239c9..63c8ece 100644
12	--- src/external/krb5.m4
13	+++ src/external/krb5.m4
14	@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
15	KRB5_PASSED_CFLAGS=$KRB5_CFLAGS	4	KRB5_PASSED_CFLAGS=$KRB5_CFLAGS
16	fi	5	fi
17		6
Lines 20-25 Link Here
20	AC_MSG_CHECKING(for working krb5-config)	9	AC_MSG_CHECKING(for working krb5-config)
21	if test -x "$KRB5_CONFIG"; then	10	if test -x "$KRB5_CONFIG"; then
22	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"	11	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
23	--
24	1.8.0
25

Lines 1-25 Link Here

(-)sssd/files/patch-src__external__pac_responder.m4 (-25 lines)
1	From b52128bc333fd4717a96950ef8fb4171f25fabcf Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 30 Oct 2013 08:54:41 +0100
4	Subject: [PATCH 2/4] patch-src__external__pac_responder.m4
5
6	---
7	src/external/pac_responder.m4 \| 2 +-
8	1 file changed, 1 insertion(+), 1 deletion(-)
9
10	diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
11	index 49d5cbb..2b4ca5c 100644
12	--- src/external/pac_responder.m4
13	+++ src/external/pac_responder.m4
14	@@ -14,7 +14,7 @@ then
15	PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
16	AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
17
18	- AC_PATH_PROG(KRB5_CONFIG, krb5-config)
19	+ AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
20	AC_MSG_CHECKING(for supported MIT krb5 version)
21	KRB5_VERSION="`$KRB5_CONFIG --version`"
22	case $KRB5_VERSION in
23	--
24	1.8.0
25

Lines 1-57 Link Here

(-)sssd/files/patch-src__man__pam_sss.8.xml (-57 lines)
1	From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Tue, 3 Jun 2014 22:10:50 +0200
4	Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml
5
6	---
7	src/man/pam_sss.8.xml \| 27 +++++++++++++++++++++++++++
8	1 file changed, 27 insertions(+)
9
10	diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
11	index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644
12	--- src/man/pam_sss.8.xml
13	+++ src/man/pam_sss.8.xml
14	@@ -37,6 +37,12 @@
15	<arg choice='opt'>
16	<replaceable>retry=N</replaceable>
17	</arg>
18	+ <arg choice='opt'>
19	+ <replaceable>ignore_unknown_user</replaceable>
20	+ </arg>
21	+ <arg choice='opt'>
22	+ <replaceable>ignore_authinfo_unavail</replaceable>
23	+ </arg>
24	</cmdsynopsis>
25	</refsynopsisdiv>
26
27	@@ -103,6 +109,27 @@
28	<option>PasswordAuthentication</option>.</para>
29	</listitem>
30	</varlistentry>
31	+ <varlistentry>
32	+ <term>
33	+ <option>ignore_unknown_user</option>
34	+ </term>
35	+ <listitem>
36	+ <para>If this option is specified and the user does not
37	+ exist, the PAM module will return PAM_IGNORE. This causes
38	+ the PAM framework to ignore this module.</para>
39	+ </listitem>
40	+ </varlistentry>
41	+ <varlistentry>
42	+ <term>
43	+ <option>ignore_authinfo_unavail</option>
44	+ </term>
45	+ <listitem>
46	+ <para>
47	+ Specifies that the PAM module should return PAM_IGNORE
48	+ if it cannot contact the SSSD daemon. This causes
49	+ the PAM framework to ignore this module.</para>
50	+ </listitem>
51	+ </varlistentry>
52	</variablelist>
53	</refsect1>
54
55	--
56	1.9.3
57

Lines 1-16 Link Here

(-)sssd/files/patch-src__providers__ad__ad_access.c (-16 / +2 lines)
1	From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001	1	--- src/providers/ad/ad_access.c.orig 2014-10-05 09:18:50.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/ad/ad_access.c 2014-10-05 10:50:22.000000000 +0000
3	Date: Sat, 27 Jul 2013 15:04:27 +0200
4	Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c
5
6	---
7	src/providers/ad/ad_access.c \| 1 +
8	1 file changed, 1 insertion(+)
9
10	diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c
11	index 314cdcf..ca0fb8b 100644
12	--- src/providers/ad/ad_access.c
13	+++ src/providers/ad/ad_access.c
14	@@ -21,6 +21,7 @@	3	@@ -21,6 +21,7 @@
15	*/	4	*/
16		5
Lines 19-24 Link Here
19	#include "src/util/util.h"	8	#include "src/util/util.h"
20	#include "src/providers/data_provider.h"	9	#include "src/providers/data_provider.h"
21	#include "src/providers/dp_backend.h"	10	#include "src/providers/dp_backend.h"
22	--
23	1.8.0
24

Lines 1-17 Link Here

(-)sssd/files/patch-src__providers__ad__ad_common.c (-21 / +7 lines)
1	From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001	1	--- src/providers/ad/ad_common.c.orig 2014-10-05 09:19:09.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/ad/ad_common.c 2014-10-05 10:51:16.000000000 +0000
3	Date: Sat, 27 Jul 2013 15:03:49 +0200	3	@@ -262,7 +262,7 @@
4	Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c
5
6	---
7	src/providers/ad/ad_common.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
11	index 8600dab..d628385 100644
12	--- src/providers/ad/ad_common.c
13	+++ src/providers/ad/ad_common.c
14	@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
15	char *server;	4	char *server;
16	char *realm;	5	char *realm;
17	char *ad_hostname;	6	char *ad_hostname;
Lines 20-26 Link Here
20		9
21	opts = talloc_zero(mem_ctx, struct ad_options);	10	opts = talloc_zero(mem_ctx, struct ad_options);
22	if (!opts) return ENOMEM;	11	if (!opts) return ENOMEM;
23	@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,	12	@@ -299,7 +299,7 @@
24	*/	13	*/
25	ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);	14	ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
26	if (ad_hostname == NULL) {	15	if (ad_hostname == NULL) {
Lines 29-43 Link Here
29	if (gret != 0) {	18	if (gret != 0) {
30	ret = errno;	19	ret = errno;
31	DEBUG(SSSDBG_FATAL_FAILURE,	20	DEBUG(SSSDBG_FATAL_FAILURE,
32	@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,	21	@@ -307,7 +307,7 @@
33	strerror(ret)));	22	strerror(ret));
34	goto done;	23	goto done;
35	}	24	}
36	- hostname[HOST_NAME_MAX] = '\0';	25	- hostname[HOST_NAME_MAX] = '\0';
37	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';	26	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
38	DEBUG(SSSDBG_CONF_SETTINGS,	27	DEBUG(SSSDBG_CONF_SETTINGS,
39	("Setting ad_hostname to [%s].\n", hostname));	28	"Setting ad_hostname to [%s].\n", hostname);
40	ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);	29	ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
41	--
42	1.8.0
43

Line 0 Link Here

(-)sssd/files/patch-src__providers__data_provider_fo.c (+24 lines)
	1	--- src/providers/data_provider_fo.c.orig 2014-10-05 09:22:57.000000000 +0000
	2	+++ src/providers/data_provider_fo.c 2014-10-05 11:00:24.000000000 +0000
	3	@@ -258,18 +258,18 @@
	4	const char *hostname)
	5	{
	6	struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
	7	- char resolved_hostname[HOST_NAME_MAX + 1];
	8	+ char resolved_hostname[_POSIX_HOST_NAME_MAX + 1];
	9	errno_t ret;
	10
	11	if (hostname == NULL) {
	12	- ret = gethostname(resolved_hostname, HOST_NAME_MAX);
	13	+ ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX);
	14	if (ret != EOK) {
	15	ret = errno;
	16	DEBUG(SSSDBG_CRIT_FAILURE,
	17	"gethostname() failed: [%d]: %s\n", ret, strerror(ret));
	18	return ret;
	19	}
	20	- resolved_hostname[HOST_NAME_MAX] = '\0';
	21	+ resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0';
	22	hostname = resolved_hostname;
	23	}
	24

Lines 1-41 Link Here

(-)sssd/files/patch-src__providers__fail_over.c (-35 / +5 lines)
1	From 08bc75705abe29a9e046a0a8871adcf42eeee35c Mon Sep 17 00:00:00 2001	1	--- src/providers/fail_over.c.orig 2014-10-05 10:05:45.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/fail_over.c 2014-10-05 10:06:10.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100	3	@@ -1391,7 +1391,7 @@
4	Subject: [PATCH 07/25] patch-src__providers__fail_over.c
5
6	---
7	src/providers/fail_over.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/fail_over.c src/providers/fail_over.c
11	index 59cbacd..197c0ef 100644
12	--- src/providers/fail_over.c
13	+++ src/providers/fail_over.c
14	@@ -1331,7 +1331,7 @@ resolve_srv_recv(struct tevent_req req, struct fo_server *server)
15	*******************************************************************/	4	*******************************************************************/
16	struct resolve_get_domain_state {	5	struct resolve_get_domain_state {
17	char *fqdn;	6	char *fqdn;
18	- char hostname[HOST_NAME_MAX];	7	- char hostname[HOST_NAME_MAX];
19	+ char hostname[_POSIX_HOST_NAME_MAX + 1];	8	+ char hostname[_POSIX_HOST_NAME_MAX];
20	};	9	};
21		10
22	static void resolve_get_domain_done(struct tevent_req *subreq);	11	static void
23	@@ -1351,13 +1351,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx,
24	return NULL;
25	}
26
27	- ret = gethostname(state->hostname, HOST_NAME_MAX);
28	+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX);
29	if (ret) {
30	ret = errno;
31	DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret)));
32	return NULL;
33	}
34	- state->hostname[HOST_NAME_MAX-1] = '\0';
35	+ state->hostname[_POSIX_HOST_NAME_MAX] = '\0';
36	DEBUG(7, ("Host name is: %s\n", state->hostname));
37
38	subreq = resolv_gethostbyname_send(state, ev, resolv,
39	--
40	1.8.0
41

Lines 1-17 Link Here

(-)sssd/files/patch-src__providers__ipa__ipa_common.c (-21 / +7 lines)
1	From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001	1	--- src/providers/ipa/ipa_common.c.orig 2014-10-05 09:19:35.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/ipa/ipa_common.c 2014-10-05 10:52:02.000000000 +0000
3	Date: Sat, 4 May 2013 16:08:11 +0200	3	@@ -49,7 +49,7 @@
4	Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c
5
6	---
7	src/providers/ipa/ipa_common.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
11	index eb384a1..d7d8052 100644
12	--- src/providers/ipa/ipa_common.c
13	+++ src/providers/ipa/ipa_common.c
14	@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
15	char *realm;	4	char *realm;
16	char *ipa_hostname;	5	char *ipa_hostname;
17	int ret;	6	int ret;
Lines 20-42 Link Here
20		9
21	opts = talloc_zero(memctx, struct ipa_options);	10	opts = talloc_zero(memctx, struct ipa_options);
22	if (!opts) return ENOMEM;	11	if (!opts) return ENOMEM;
23	@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx,	12	@@ -79,14 +79,14 @@
24		13
25	ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);	14	ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
26	if (ipa_hostname == NULL) {	15	if (ipa_hostname == NULL) {
27	- ret = gethostname(hostname, HOST_NAME_MAX);	16	- ret = gethostname(hostname, HOST_NAME_MAX);
28	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);	17	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
29	if (ret != EOK) {	18	if (ret != EOK) {
30	DEBUG(1, ("gethostname failed [%d][%s].\n", errno,	19	DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
31	strerror(errno)));	20	strerror(errno));
32	ret = errno;	21	ret = errno;
33	goto done;	22	goto done;
34	}	23	}
35	- hostname[HOST_NAME_MAX] = '\0';	24	- hostname[HOST_NAME_MAX] = '\0';
36	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';	25	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
37	DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname));	26	DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
38	ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);	27	ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
39	if (ret != EOK) {	28	if (ret != EOK) {
40	--
41	1.8.0
42

Lines 1-32 Link Here

(-)sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (-22 / +9 lines)
1	From eba3efda911eb0212a98353740e13ad619aaa282 Mon Sep 17 00:00:00 2001	1	--- src/providers/krb5/krb5_delayed_online_authentication.c.orig 2014-10-05 09:20:01.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/krb5/krb5_delayed_online_authentication.c 2014-10-05 10:53:52.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100	3	@@ -321,7 +321,7 @@
4	Subject: [PATCH 09/25] patch-src__providers__krb5__krb5_delayed_online_authentication.c
5
6	---
7	src/providers/krb5/krb5_delayed_online_authentication.c \| 2 ++
8	1 file changed, 2 insertions(+)
9
10	diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
11	index d5dea3b..da6b6bb 100644
12	--- src/providers/krb5/krb5_delayed_online_authentication.c
13	+++ src/providers/krb5/krb5_delayed_online_authentication.c
14	@@ -296,6 +296,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
15	struct tevent_context *ev)
16	{	4	{
17	int ret;	5	int ret;
18	+#ifdef __linux__
19	hash_table_t *tmp_table;	6	hash_table_t *tmp_table;
20		7	-
		8	+#ifdef __linux__
21	ret = get_uid_table(krb5_ctx, &tmp_table);	9	ret = get_uid_table(krb5_ctx, &tmp_table);
22	@@ -314,6 +315,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,	10	if (ret != EOK) {
23	DEBUG(1, ("hash_destroy failed [%s].\n", hash_error_string(ret)));	11	if (ret == ENOSYS) {
		12	@@ -339,6 +339,7 @@
		13	"hash_destroy failed [%s].\n", hash_error_string(ret));
24	return EFAULT;	14	return EFAULT;
25	}	15	}
26	+#endif /* __linux__ */	16	+#endif /* __linux__ */
27		17
28	krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,	18	krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
29	struct deferred_auth_ctx);	19	struct deferred_auth_ctx);
30	--
31	1.8.0
32

Lines 1-16 Link Here

(-)sssd/files/patch-src__providers__ldap__ldap_auth.c (-127 / +69 lines)
1	From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001	1	--- src/providers/ldap/ldap_auth.c.orig 2014-10-05 09:20:29.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/ldap/ldap_auth.c 2014-10-05 10:57:50.000000000 +0000
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c
5
6	---
7	src/providers/ldap/ldap_auth.c \| 60 ++++++++++++++++++++++++++----------------
8	1 file changed, 37 insertions(+), 23 deletions(-)
9
10	diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
11	index b0dd30c..6b1ad83 100644
12	--- src/providers/ldap/ldap_auth.c
13	+++ src/providers/ldap/ldap_auth.c
14	@@ -37,7 +37,6 @@	3	@@ -37,7 +37,6 @@
15	#include <sys/time.h>	4	#include <sys/time.h>
16	#include <strings.h>	5	#include <strings.h>
Lines 19-25 Link Here
19	#include <security/pam_modules.h>	8	#include <security/pam_modules.h>
20		9
21	#include "util/util.h"	10	#include "util/util.h"
22	@@ -56,6 +55,22 @@ enum pwexpire {	11	@@ -56,6 +55,22 @@
23	PWEXPIRE_SHADOW	12	PWEXPIRE_SHADOW
24	};	13	};
25		14
Lines 31-123 Link Here
31	+ long int sp_min; /* Minimum number of days between changes. */	20	+ long int sp_min; /* Minimum number of days between changes. */
32	+ long int sp_max; /* Maximum number of days between changes. */	21	+ long int sp_max; /* Maximum number of days between changes. */
33	+ long int sp_warn; /* Number of days to warn user to change	22	+ long int sp_warn; /* Number of days to warn user to change
34	+ the password. */	23	+ the password. */
35	+ long int sp_inact; /* Number of days the account may be	24	+ long int sp_inact; /* Number of days the account may be
36	+ inactive. */	25	+ inactive. */
37	+ long int sp_expire; /* Number of days since 1970-01-01 until	26	+ long int sp_expire; /* Number of days since 1970-01-01 until
38	+ account expires. */	27	+ account expires. */
39	+ unsigned long int sp_flag; /* Reserved. */	28	+ unsigned long int sp_flag; /* Reserved. */
40	+};	29	+};
41	+	30	+
42	static errno_t add_expired_warning(struct pam_data *pd, long exp_time)	31	static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
43	{	32	{
44	int ret;	33	int ret;
45	@@ -110,17 +125,16 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,	34	@@ -109,6 +124,7 @@
46	return EINVAL;	35	return EINVAL;
47	}	36	}
48		37
49	+ tzset();	38	+ tzset();
50	expire_time = mktime(&tm);	39	expire_time = mktime(&tm);
51	if (expire_time == -1) {	40	if (expire_time == -1) {
52	DEBUG(1, ("mktime failed to convert [%s].\n", expire_date));	41	DEBUG(SSSDBG_CRIT_FAILURE,
		42	@@ -116,12 +132,9 @@
53	return EINVAL;	43	return EINVAL;
54	}	44	}
55		45
56	- tzset();	46	- tzset();
57	- expire_time -= timezone;	47	- expire_time -= timezone;
58	- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "	48	- DEBUG(SSSDBG_TRACE_ALL,
59	- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],	49	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
60	- tzname[1], timezone, daylight, now, expire_time));	50	- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
		51	- tzname[1], timezone, daylight, now, expire_time);
61	+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]"	52	+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]"
62	+ "now [%d] expire_time [%d].\n", tzname[0],	53	+ "now [%d] expire_time [%d].\n", tzname[0],
63	+ tzname[1], now, expire_time));	54	+ tzname[1], now, expire_time));
64		55
65	if (difftime(now, expire_time) > 0.0) {	56	if (difftime(now, expire_time) > 0.0) {
66	DEBUG(4, ("Kerberos password expired.\n"));	57	DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
67	@@ -762,7 +776,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)	58	@@ -924,7 +937,7 @@
68		59	DEBUG(SSSDBG_OP_FAILURE,
69	DEBUG(2, ("starting password change request for user [%s].\n", pd->user));	60	"starting password change request for user [%s].\n", pd->user);
70		61
71	- pd->pam_status = PAM_SYSTEM_ERR;	62	- pd->pam_status = PAM_SYSTEM_ERR;
72	+ pd->pam_status = PAM_SERVICE_ERR;	63	+ pd->pam_status = PAM_SERVICE_ERR;
73		64
74	if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {	65	if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
75	DEBUG(2, ("chpass target was called by wrong pam command.\n"));	66	DEBUG(SSSDBG_OP_FAILURE,
76	@@ -821,7 +835,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)	67	@@ -991,7 +1004,7 @@
77	&pw_expire_type, &pw_expire_data);	68	DEBUG(SSSDBG_CRIT_FAILURE,
78	talloc_zfree(req);	69	"LDAP provider cannot change kerberos "
79	if (ret) {	70	"passwords.\n");
80	- state->pd->pam_status = PAM_SYSTEM_ERR;	71	- state->pd->pam_status = PAM_SYSTEM_ERR;
81	+ state->pd->pam_status = PAM_SERVICE_ERR;	72	+ state->pd->pam_status = PAM_SERVICE_ERR;
82	goto done;	73	goto done;
83	}	74	}
84		75	break;
85	@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)	76	@@ -1000,7 +1013,7 @@
86	&result);	77	break;
87	if (ret != EOK) {	78	default:
88	DEBUG(1, ("check_pwexpire_shadow failed.\n"));	79	DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
89	- state->pd->pam_status = PAM_SYSTEM_ERR;	80	- state->pd->pam_status = PAM_SYSTEM_ERR;
90	+ state->pd->pam_status = PAM_SERVICE_ERR;	81	+ state->pd->pam_status = PAM_SERVICE_ERR;
91	goto done;	82	goto done;
92	}
93	break;
94	@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
95	state->breq->domain->pwd_expiration_warning);
96	if (ret != EOK) {
97	DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
98	- state->pd->pam_status = PAM_SYSTEM_ERR;
99	+ state->pd->pam_status = PAM_SERVICE_ERR;
100	goto done;
101	}
102
103	if (result == SDAP_AUTH_PW_EXPIRED) {
104	DEBUG(1, ("LDAP provider cannot change kerberos "
105	"passwords.\n"));
106	- state->pd->pam_status = PAM_SYSTEM_ERR;
107	+ state->pd->pam_status = PAM_SERVICE_ERR;
108	goto done;
109	}
110	break;
111	@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
112	break;
113	default:
114	DEBUG(1, ("Unknow pasword expiration type.\n"));
115	- state->pd->pam_status = PAM_SYSTEM_ERR;
116	+ state->pd->pam_status = PAM_SERVICE_ERR;
117	goto done;
118	}	83	}
119	}	84	}
120	@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)	85	@@ -1023,13 +1036,13 @@
		86	ret = sss_authtok_get_password(state->pd->authtok,
		87	&password, NULL);
		88	if (ret) {
		89	- state->pd->pam_status = PAM_SYSTEM_ERR;
		90	+ state->pd->pam_status = PAM_SERVICE_ERR;
		91	goto done;
		92	}
		93	ret = sss_authtok_get_password(state->pd->newauthtok,
		94	&new_password, NULL);
		95	if (ret) {
		96	- state->pd->pam_status = PAM_SYSTEM_ERR;
		97	+ state->pd->pam_status = PAM_SERVICE_ERR;
		98	goto done;
		99	}
		100
		101	@@ -1069,7 +1082,7 @@
121	dp_err = DP_ERR_OFFLINE;	102	dp_err = DP_ERR_OFFLINE;
122	break;	103	break;
123	default:	104	default:
Lines 126-150 Link Here
126	}	107	}
127		108
128	done:	109	done:
129	@@ -929,7 +943,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)	110	@@ -1104,7 +1117,7 @@
130	ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);	111	state->pd->pam_status = PAM_AUTHTOK_ERR;
131	talloc_zfree(req);	112	break;
132	if (ret && ret != EIO) {	113	default:
133	- state->pd->pam_status = PAM_SYSTEM_ERR;	114	- state->pd->pam_status = PAM_SYSTEM_ERR;
134	+ state->pd->pam_status = PAM_SERVICE_ERR;	115	+ state->pd->pam_status = PAM_SERVICE_ERR;
135	goto done;	116	break;
136	}	117	}
137		118
138	@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)	119	@@ -1131,7 +1144,7 @@
139	state->dn,	120	state->sh, state->dn,
140	lastchanged_name);	121	lastchanged_name);
141	if (subreq == NULL) {	122	if (subreq == NULL) {
142	- state->pd->pam_status = PAM_SYSTEM_ERR;	123	- state->pd->pam_status = PAM_SYSTEM_ERR;
143	+ state->pd->pam_status = PAM_SERVICE_ERR;	124	+ state->pd->pam_status = PAM_SERVICE_ERR;
144	goto done;	125	goto done;
145	}	126	}
146		127
147	@@ -991,7 +1005,7 @@ static void sdap_lastchange_done(struct tevent_req *req)	128	@@ -1152,7 +1165,7 @@
148		129
149	ret = sdap_modify_shadow_lastchange_recv(req);	130	ret = sdap_modify_shadow_lastchange_recv(req);
150	if (ret != EOK) {	131	if (ret != EOK) {
Lines 153-159 Link Here
153	goto done;	134	goto done;
154	}	135	}
155		136
156	@@ -1032,7 +1046,7 @@ void sdap_pam_auth_handler(struct be_req *breq)	137	@@ -1193,7 +1206,7 @@
157	goto done;	138	goto done;
158	}	139	}
159		140
Lines 162-213 Link Here
162		143
163	switch (pd->cmd) {	144	switch (pd->cmd) {
164	case SSS_PAM_AUTHENTICATE:	145	case SSS_PAM_AUTHENTICATE:
165	@@ -1090,7 +1104,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)	146	@@ -1265,7 +1278,7 @@
166	&pw_expire_type, &pw_expire_data);	147	break;
167	talloc_zfree(req);	148	default:
168	if (ret != EOK) {	149	DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n");
169	- state->pd->pam_status = PAM_SYSTEM_ERR;	150	- state->pd->pam_status = PAM_SYSTEM_ERR;
170	+ state->pd->pam_status = PAM_SERVICE_ERR;	151	+ state->pd->pam_status = PAM_SERVICE_ERR;
171	dp_err = DP_ERR_FATAL;	152	goto done;
172	goto done;
173	}
174	@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
175	state->pd, &result);
176	if (ret != EOK) {
177	DEBUG(1, ("check_pwexpire_shadow failed.\n"));
178	- state->pd->pam_status = PAM_SYSTEM_ERR;
179	+ state->pd->pam_status = PAM_SERVICE_ERR;
180	goto done;
181	}
182	break;
183	@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
184	be_ctx->domain->pwd_expiration_warning);
185	if (ret != EOK) {
186	DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
187	- state->pd->pam_status = PAM_SYSTEM_ERR;
188	+ state->pd->pam_status = PAM_SERVICE_ERR;
189	goto done;
190	}
191	break;
192	@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
193	be_ctx->domain->pwd_expiration_warning);
194	if (ret != EOK) {
195	DEBUG(1, ("check_pwexpire_ldap failed.\n"));
196	- state->pd->pam_status = PAM_SYSTEM_ERR;
197	+ state->pd->pam_status = PAM_SERVICE_ERR;
198	goto done;
199	}
200	break;
201	@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
202	break;
203	default:
204	DEBUG(1, ("Unknow pasword expiration type.\n"));
205	- state->pd->pam_status = PAM_SYSTEM_ERR;
206	+ state->pd->pam_status = PAM_SERVICE_ERR;
207	goto done;
208	}	153	}
209	}	154	}
210	@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)	155	@@ -1291,7 +1304,7 @@
211	state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;	156	state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
212	break;	157	break;
213	default:	158	default:
Lines 216-221 Link Here
216	dp_err = DP_ERR_FATAL;	161	dp_err = DP_ERR_FATAL;
217	}	162	}
218		163
219	--
220	1.8.0
221

Line 0 Link Here

(-)sssd/files/patch-src__providers__ldap__ldap_child.c (+20 lines)
	1	--- src/providers/ldap/ldap_child.c.orig 2014-10-05 09:20:49.000000000 +0000
	2	+++ src/providers/ldap/ldap_child.c 2014-10-05 10:58:06.000000000 +0000
	3	@@ -240,14 +240,14 @@
	4	full_princ = talloc_strdup(tmp_ctx, princ_str);
	5	}
	6	} else {
	7	- char hostname[HOST_NAME_MAX + 1];
	8	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
	9
	10	- ret = gethostname(hostname, HOST_NAME_MAX);
	11	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
	12	if (ret == -1) {
	13	krberr = KRB5KRB_ERR_GENERIC;
	14	goto done;
	15	}
	16	- hostname[HOST_NAME_MAX] = '\0';
	17	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
	18
	19	DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
	20

Lines 1-205 Link Here

(-)sssd/files/patch-src__providers__ldap__sdap_access.c (-175 / +21 lines)
1	From 9a3d9a05b2c8790c771c166b42f8b80e76b4b336 Mon Sep 17 00:00:00 2001	1	--- src/providers/ldap/sdap_access.c.orig 2014-10-05 09:21:27.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/ldap/sdap_access.c 2014-10-05 10:05:28.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100	3	@@ -499,6 +499,7 @@
4	Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c
5
6	---
7	src/providers/ldap/sdap_access.c \| 46 +++++++++++++++++++---------------------
8	1 file changed, 22 insertions(+), 24 deletions(-)
9
10	diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
11	index b198e04..1eaedf7 100644
12	--- src/providers/ldap/sdap_access.c
13	+++ src/providers/ldap/sdap_access.c
14	@@ -22,9 +22,7 @@
15	along with this program. If not, see <http://www.gnu.org/licenses/>.
16	*/
17
18	-#define _XOPEN_SOURCE 500 /* for strptime() */
19	#include <time.h>
20	-#undef _XOPEN_SOURCE
21	#include <sys/param.h>
22	#include <security/pam_modules.h>
23	#include <talloc.h>
24	@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq)
25	pd);
26	if (req == NULL) {
27	DEBUG(1, ("Unable to start sdap_access request\n"));
28	- sdap_access_reply(breq, PAM_SYSTEM_ERR);
29	+ sdap_access_reply(breq, PAM_SERVICE_ERR);
30	return;
31	}
32
33	@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
34
35	state->be_req = be_req;
36	state->pd = pd;
37	- state->pam_status = PAM_SYSTEM_ERR;
38	+ state->pam_status = PAM_SERVICE_ERR;
39	state->ev = ev;
40	state->access_ctx = access_ctx;
41	state->current_rule = 0;
42	@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str)
43	return true;	4	return true;
44	}	5	}
45		6
46	+ tzset();	7	+ tzset();
47	expire_time = mktime(&tm);	8	expire_time = mktime(&tm);
48	if (expire_time == -1) {	9	if (expire_time == -1) {
49	DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str));	10	DEBUG(SSSDBG_CRIT_FAILURE,
		11	@@ -506,13 +507,10 @@
50	return true;	12	return true;
51	}	13	}
52		14
53	- tzset();	15	- tzset();
54	- expire_time -= timezone;	16	- expire_time -= timezone;
55	now = time(NULL);	17	now = time(NULL);
56	- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "	18	- DEBUG(SSSDBG_TRACE_ALL,
57	- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],	19	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
58	- tzname[1], timezone, daylight, now, expire_time));	20	- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
		21	- tzname[1], timezone, daylight, now, expire_time);
59	+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] "	22	+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] "
60	+ "now [%d] expire_time [%d].\n", tzname[0],	23	+ "now [%d] expire_time [%d].\n", tzname[0],
61	+ tzname[1], now, expire_time));	24	+ tzname[1], now, expire_time));
62		25
63	if (difftime(now, expire_time) > 0.0) {	26	if (difftime(now, expire_time) > 0.0) {
64	DEBUG(4, ("NDS account expired.\n"));	27	DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
65	@@ -662,7 +659,7 @@ static struct tevent_req sdap_account_expired_send(TALLOC_CTX mem_ctx,	28	@@ -1139,7 +1137,7 @@
66	return NULL;
67	}
68
69	- state->pam_status = PAM_SYSTEM_ERR;
70	+ state->pam_status = PAM_SERVICE_ERR;
71
72	expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
73	SDAP_ACCOUNT_EXPIRE_POLICY);
74	@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq)
75	talloc_zfree(subreq);
76	if (ret != EOK) {
77	DEBUG(1, ("Error retrieving access check result.\n"));
78	- state->pam_status = PAM_SYSTEM_ERR;
79	+ state->pam_status = PAM_SERVICE_ERR;
80	tevent_req_error(req, ret);
81	return;
82	}
83	@@ -806,7 +803,7 @@ static struct tevent_req sdap_access_filter_send(TALLOC_CTX mem_ctx,
84	state->filter = NULL;
85	state->be_req = be_req;
86	state->username = username;
87	- state->pam_status = PAM_SYSTEM_ERR;
88	+ state->pam_status = PAM_SERVICE_ERR;
89	state->sdap_ctx = access_ctx->id_ctx;
90	state->ev = ev;
91	state->access_ctx = access_ctx;
92	@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
93	false);
94	if (subreq == NULL) {
95	DEBUG(1, ("Could not start LDAP communication\n"));
96	- state->pam_status = PAM_SYSTEM_ERR;
97	+ state->pam_status = PAM_SERVICE_ERR;
98	tevent_req_error(req, EIO);
99	return;
100	}
101	@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
102	if (ret == EOK) {
103	return;
104	}
105	- state->pam_status = PAM_SYSTEM_ERR;
106	+ state->pam_status = PAM_SERVICE_ERR;
107	} else if (dp_error == DP_ERR_OFFLINE) {
108	sdap_access_filter_decide_offline(req);
109	} else {
110	DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
111	ret, strerror(ret)));
112	- state->pam_status = PAM_SYSTEM_ERR;
113	+ state->pam_status = PAM_SERVICE_ERR;
114	}
115
116	goto done;
117	@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
118	else if (results == NULL) {
119	DEBUG(1, ("num_results > 0, but results is NULL\n"));
120	ret = EIO;
121	- state->pam_status = PAM_SYSTEM_ERR;
122	+ state->pam_status = PAM_SERVICE_ERR;
123	goto done;
124	}
125	else if (num_results > 1) {
126	@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
127	*/
128	DEBUG(1, ("Received multiple replies\n"));
129	ret = EIO;
130	- state->pam_status = PAM_SYSTEM_ERR;
131	+ state->pam_status = PAM_SERVICE_ERR;
132	goto done;
133	}
134	else { /* Ok, we got a single reply */
135	@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
136	talloc_zfree(subreq);
137	if (ret != EOK) {
138	DEBUG(1, ("Error retrieving access check result.\n"));
139	- state->pam_status = PAM_SYSTEM_ERR;
140	+ state->pam_status = PAM_SERVICE_ERR;
141	tevent_req_error(req, ret);
142	return;
143	}
144	@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq)
145	talloc_zfree(subreq);
146	if (ret != EOK) {
147	DEBUG(1, ("Error retrieving access check result.\n"));
148	- state->pam_status = PAM_SYSTEM_ERR;
149	+ state->pam_status = PAM_SERVICE_ERR;
150	tevent_req_error(req, ret);
151	return;
152	}
153	@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send(
154	struct ldb_message_element *el;	29	struct ldb_message_element *el;
155	unsigned int i;	30	unsigned int i;
156	char *host;	31	char *host;
157	- char hostname[HOST_NAME_MAX+1];	32	- char hostname[HOST_NAME_MAX + 1];
158	+ char hostname[_POSIX_HOST_NAME_MAX + 1];	33	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
159		34
160	req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx);	35	el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
161	if (!req) {	36	if (!el \|\| el->num_values == 0) {
162	@@ -1285,11 +1282,12 @@ static struct tevent_req *sdap_access_host_send(	37	@@ -1147,12 +1145,12 @@
163	goto done;	38	return ERR_ACCESS_DENIED;
164	}	39	}
165		40
166	- if (gethostname(hostname, sizeof(hostname)) == -1) {	41	- if (gethostname(hostname, HOST_NAME_MAX) == -1) {
167	+ if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {	42	+ if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
168	DEBUG(1, ("Unable to get system hostname. Access denied\n"));	43	DEBUG(SSSDBG_CRIT_FAILURE,
169	ret = EOK;	44	"Unable to get system hostname. Access denied\n");
170	goto done;	45	return ERR_ACCESS_DENIED;
171	}	46	}
		47	- hostname[HOST_NAME_MAX] = '\0';
172	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';	48	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
173		49
174	/* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname	50	/* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
175	* in some attempt to get aliases and/or FQDN for the machine.	51	* in some attempt to get aliases and/or FQDN for the machine.
176	@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq)
177	talloc_zfree(subreq);
178	if (ret != EOK) {
179	DEBUG(1, ("Error retrieving access check result.\n"));
180	- state->pam_status = PAM_SYSTEM_ERR;
181	+ state->pam_status = PAM_SERVICE_ERR;
182	tevent_req_error(req, ret);
183	return;
184	}
185	@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req req, int pam_status)
186	static void sdap_access_done(struct tevent_req *req)
187	{
188	errno_t ret;
189	- int pam_status = PAM_SYSTEM_ERR;
190	+ int pam_status = PAM_SERVICE_ERR;
191	struct be_req *breq =
192	tevent_req_callback_data(req, struct be_req);
193
194	@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req)
195	talloc_zfree(req);
196	if (ret != EOK) {
197	DEBUG(1, ("Error retrieving access check result.\n"));
198	- pam_status = PAM_SYSTEM_ERR;
199	+ pam_status = PAM_SERVICE_ERR;
200	}
201
202	sdap_access_reply(breq, pam_status);
203	--
204	1.8.0
205

Lines 1-26 Link Here

(-)sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (-21 / +7 lines)
1	From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001	1	--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2014-10-05 09:21:58.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/providers/ldap/sdap_async_sudo_hostinfo.c 2014-10-05 10:59:58.000000000 +0000
3	Date: Sat, 27 Jul 2013 15:01:26 +0200	3	@@ -371,7 +371,7 @@
4	Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
5
6	---
7	src/providers/ldap/sdap_async_sudo_hostinfo.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
11	index 0a695cd..108b4c2 100644
12	--- src/providers/ldap/sdap_async_sudo_hostinfo.c
13	+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
14	@@ -371,7 +371,7 @@ static struct tevent_req sdap_sudo_get_hostnames_send(TALLOC_CTX mem_ctx,
15	struct tevent_req *subreq = NULL;	4	struct tevent_req *subreq = NULL;
16	struct sdap_sudo_get_hostnames_state *state = NULL;	5	struct sdap_sudo_get_hostnames_state *state = NULL;
17	char *dot = NULL;	6	char *dot = NULL;
18	- char hostname[HOST_NAME_MAX + 1];	7	- char hostname[HOST_NAME_MAX + 1];
19	+ char hostname[_POSIX_HOST_NAME_MAX + 1];	8	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
20	int resolv_timeout;
21	int ret;	9	int ret;
22		10
23	@@ -395,14 +395,14 @@ static struct tevent_req sdap_sudo_get_hostnames_send(TALLOC_CTX mem_ctx,	11	req = tevent_req_create(mem_ctx, &state,
		12	@@ -394,14 +394,14 @@
24	/* get hostname */	13	/* get hostname */
25		14
26	errno = 0;	15	errno = 0;
Lines 28-35 Link Here
28	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);	17	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
29	if (ret != EOK) {	18	if (ret != EOK) {
30	ret = errno;	19	ret = errno;
31	DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname "	20	DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname "
32	"[%d]: %s\n", ret, strerror(ret)));	21	"[%d]: %s\n", ret, strerror(ret));
33	goto done;	22	goto done;
34	}	23	}
35	- hostname[HOST_NAME_MAX] = '\0';	24	- hostname[HOST_NAME_MAX] = '\0';
Lines 37-42 Link Here
37		26
38	state->hostnames[0] = talloc_strdup(state->hostnames, hostname);	27	state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
39	if (state->hostnames[0] == NULL) {	28	if (state->hostnames[0] == NULL) {
40	--
41	1.8.0
42

Lines 1-33 Link Here

(-)sssd/files/patch-src__resolv__async_resolv.c (-33 lines)
1	From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c
5
6	---
7	src/resolv/async_resolv.c \| 3 ++-
8	1 file changed, 2 insertions(+), 1 deletion(-)
9
10	diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c
11	index 268d266..1bb84e5 100644
12	--- src/resolv/async_resolv.c
13	+++ src/resolv/async_resolv.c
14	@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name)
15	hints.ai_flags = AI_NUMERICHOST; /* No network lookups */
16
17	ret = getaddrinfo(name, NULL, &hints, &res);
18	- freeaddrinfo(res);
19	if (ret != 0) {
20	if (ret == -2) {
21	DEBUG(9, ("[%s] does not look like an IP address\n", name));
22	@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name)
23	DEBUG(2, ("getaddrinfo failed [%d]: %s\n",
24	ret, gai_strerror(ret)));
25	}
26	+ } else {
27	+ freeaddrinfo(res);
28	}
29
30	return ret == 0;
31	--
32	1.8.0
33

Line 0 Link Here

(-)sssd/files/patch-src__resolv__async_resolv_utils.c (+28 lines)
	1	--- src/resolv/async_resolv_utils.c.orig 2014-10-05 09:25:19.000000000 +0000
	2	+++ src/resolv/async_resolv_utils.c 2014-10-05 11:00:48.000000000 +0000
	3	@@ -44,7 +44,7 @@
	4	struct resolv_get_domain_state *state = NULL;
	5	struct tevent_req *req = NULL;
	6	struct tevent_req *subreq = NULL;
	7	- char system_hostname[HOST_NAME_MAX + 1];
	8	+ char system_hostname[_POSIX_HOST_NAME_MAX + 1];
	9	errno_t ret;
	10
	11	req = tevent_req_create(mem_ctx, &state,
	12	@@ -56,14 +56,14 @@
	13
	14	if (hostname == NULL) {
	15	/* use system hostname */
	16	- ret = gethostname(system_hostname, HOST_NAME_MAX);
	17	+ ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX);
	18	if (ret) {
	19	ret = errno;
	20	DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n",
	21	ret, strerror(ret));
	22	goto immediately;
	23	}
	24	- system_hostname[HOST_NAME_MAX] = '\0';
	25	+ system_hostname[_POSIX_HOST_NAME_MAX] = '\0';
	26	hostname = system_hostname;
	27	}
	28

Lines 1-16 Link Here

(-)sssd/files/patch-src__sss_client__common.c (-20 / +35 lines)
1	From 6874fb930a30eac6fe12104923ab97083f58bcf9 Mon Sep 17 00:00:00 2001	1	--- src/sss_client/common.c.orig 2014-10-05 09:25:49.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/sss_client/common.c 2014-10-05 11:03:18.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 14/25] patch-src__sss_client__common.c
5
6	---
7	src/sss_client/common.c \| 15 +++++++--------
8	1 file changed, 7 insertions(+), 8 deletions(-)
9
10	diff --git src/sss_client/common.c src/sss_client/common.c
11	index ec5c708..5d17eed 100644
12	--- src/sss_client/common.c
13	+++ src/sss_client/common.c
14	@@ -25,6 +25,7 @@	3	@@ -25,6 +25,7 @@
15	#include "config.h"	4	#include "config.h"
16		5
Lines 27-33 Link Here
27		16
28	#if HAVE_PTHREAD	17	#if HAVE_PTHREAD
29	#include <pthread.h>	18	#include <pthread.h>
30	@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,	19	@@ -124,7 +126,6 @@
31	*errnop = error;	20	*errnop = error;
32	break;	21	break;
33	case 0:	22	case 0:
Lines 35-41 Link Here
35	break;	24	break;
36	case 1:	25	case 1:
37	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {	26	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {
38	@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,	27	@@ -232,7 +233,6 @@
39	*errnop = error;	28	*errnop = error;
40	break;	29	break;
41	case 0:	30	case 0:
Lines 43-49 Link Here
43	break;	32	break;
44	case 1:	33	case 1:
45	if (pfd.revents & (POLLHUP)) {	34	if (pfd.revents & (POLLHUP)) {
46	@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int errnop, const char socket_name	35	@@ -669,7 +669,6 @@
47	*errnop = error;	36	*errnop = error;
48	break;	37	break;
49	case 0:	38	case 0:
Lines 51-57 Link Here
51	break;	40	break;
52	case 1:	41	case 1:
53	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {	42	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {
54	@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd,	43	@@ -719,23 +718,23 @@
55	/* avoid looping in the nss daemon */	44	/* avoid looping in the nss daemon */
56	envval = getenv("_SSS_LOOPS");	45	envval = getenv("_SSS_LOOPS");
57	if (envval && strcmp(envval, "NO") == 0) {	46	if (envval && strcmp(envval, "NO") == 0) {
Lines 80-85 Link Here
80	}	69	}
81	}	70	}
82		71
83	--	72	@@ -750,23 +749,23 @@
84	1.8.0	73	/* avoid looping in the nss daemon */
85		74	envval = getenv("_SSS_LOOPS");
		75	if (envval && strcmp(envval, "NO") == 0) {
		76	- return NSS_STATUS_NOTFOUND;
		77	+ return NS_NOTFOUND;
		78	}
		79
		80	ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME);
		81	if (ret != SSS_STATUS_SUCCESS) {
		82	- return NSS_STATUS_UNAVAIL;
		83	+ return NS_UNAVAIL;
		84	}
		85
		86	ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
		87	switch (ret) {
		88	case SSS_STATUS_TRYAGAIN:
		89	- return NSS_STATUS_TRYAGAIN;
		90	+ return NS_TRYAGAIN;
		91	case SSS_STATUS_SUCCESS:
		92	- return NSS_STATUS_SUCCESS;
		93	+ return NS_SUCCESS;
		94	case SSS_STATUS_UNAVAIL:
		95	default:
		96	- return NSS_STATUS_UNAVAIL;
		97	+ return NS_UNAVAIL;
		98	}
		99	}
		100

Lines 1-17 Link Here

(-)sssd/files/patch-src__sss_client__nss_group.c (-17 / +3 lines)
1	From 5a0c2079efae0f9734d85932ed72645808b32091 Mon Sep 17 00:00:00 2001	1	--- src/sss_client/nss_group.c.orig 2014-10-05 09:26:05.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/sss_client/nss_group.c 2014-10-05 11:04:48.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:20 +0100	3	@@ -343,6 +343,76 @@
4	Subject: [PATCH 15/25] patch-src__sss_client__nss_group.c
5
6	---
7	src/sss_client/nss_group.c \| 70 ++++++++++++++++++++++++++++++++++++++++++++++
8	1 file changed, 70 insertions(+)
9
10	diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c
11	index e6ea54b..b27b671 100644
12	--- src/sss_client/nss_group.c
13	+++ src/sss_client/nss_group.c
14	@@ -343,6 +343,76 @@ out:
15	}	4	}
16		5
17		6
Lines 88-93 Link Here
88	enum nss_status _nss_sss_getgrnam_r(const char name, struct group result,	77	enum nss_status _nss_sss_getgrnam_r(const char name, struct group result,
89	char buffer, size_t buflen, int errnop)	78	char buffer, size_t buflen, int errnop)
90	{	79	{
91	--
92	1.8.0
93

Lines 1-79 Link Here

(-)sssd/files/patch-src__sss_client__pam_sss.c (-79 lines)
1	From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c
5
6	---
7	src/sss_client/pam_sss.c \| 24 ++++++++++++++++++++++++
8	1 file changed, 24 insertions(+)
9
10	diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
11	index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644
12	--- src/sss_client/pam_sss.c
13	+++ src/sss_client/pam_sss.c
14	@@ -52,6 +52,8 @@
15	#define FLAGS_USE_FIRST_PASS (1 << 0)
16	#define FLAGS_FORWARD_PASS (1 << 1)
17	#define FLAGS_USE_AUTHTOK (1 << 2)
18	+#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
19	+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4)
20
21	#define PWEXP_FLAG "pam_sss:password_expired_flag"
22	#define FD_DESTRUCTOR "pam_sss:fd_destructor"
23	@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t pamh, void ptr, int err)
24
25	static void close_fd(pam_handle_t pamh, void ptr, int err)
26	{
27	+#ifdef PAM_DATA_REPLACE
28	if (err & PAM_DATA_REPLACE) {
29	/* Nothing to do */
30	return;
31	}
32	+#endif /* PAM_DATA_REPLACE */
33
34	D(("Closing the fd"));
35	sss_pam_close_fd();
36	@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t pamh, int argc, const char *argv,
37	}
38	} else if (strcmp(*argv, "quiet") == 0) {
39	*quiet_mode = true;
40	+ } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
41	+ *flags \|= FLAGS_IGNORE_UNKNOWN_USER;
42	+ } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) {
43	+ *flags \|= FLAGS_IGNORE_AUTHINFO_UNAVAIL;
44	} else {
45	logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
46	}
47	@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
48	ret = get_pam_items(pamh, &pi);
49	if (ret != PAM_SUCCESS) {
50	D(("get items returned error: %s", pam_strerror(pamh,ret)));
51	+ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
52	+ ret = PAM_IGNORE;
53	+ }
54	+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
55	+ && ret == PAM_AUTHINFO_UNAVAIL) {
56	+ ret = PAM_IGNORE;
57	+ }
58	return ret;
59	}
60
61	@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
62
63	pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
64
65	+ if (flags & FLAGS_IGNORE_UNKNOWN_USER
66	+ && pam_status == PAM_USER_UNKNOWN) {
67	+ pam_status = PAM_IGNORE;
68	+ }
69	+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
70	+ && pam_status == PAM_AUTHINFO_UNAVAIL) {
71	+ pam_status = PAM_IGNORE;
72	+ }
73	+
74	switch (task) {
75	case SSS_PAM_AUTHENTICATE:
76	/* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
77	--
78	1.9.3
79

Lines 1-32 Link Here

(-)sssd/files/patch-src__sss_client__pam_test_client.c (-32 lines)
1	From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c
5
6	---
7	src/sss_client/pam_test_client.c \| 5 +++--
8	1 file changed, 3 insertions(+), 2 deletions(-)
9
10	diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c
11	index ef424e7..d8cf36c 100644
12	--- src/sss_client/pam_test_client.c
13	+++ src/sss_client/pam_test_client.c
14	@@ -24,12 +24,13 @@
15
16	#include <stdio.h>
17	#include <unistd.h>
18	+#include <string.h>
19
20	#include <security/pam_appl.h>
21	-#include <security/pam_misc.h>
22	+#include <security/openpam.h>
23
24	static struct pam_conv conv = {
25	- misc_conv,
26	+ openpam_ttyconv,
27	NULL
28	};
29
30	--
31	1.8.0
32

Lines 1-17 Link Here

(-)sssd/files/patch-src__sss_client__sss_nss.exports (-18 / +4 lines)
1	From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001	1	--- src/sss_client/sss_nss.exports.orig 2014-10-05 09:26:51.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/sss_client/sss_nss.exports 2014-10-05 11:05:56.000000000 +0000
3	Date: Sat, 4 May 2013 16:08:11 +0200	3	@@ -3,6 +3,7 @@
4	Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports
5
6	---
7	src/sss_client/sss_nss.exports \| 18 ++++++++++++++++++
8	1 file changed, 18 insertions(+)
9
10	diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports
11	index 1eefea8..8e85a05 100644
12	--- src/sss_client/sss_nss.exports
13	+++ src/sss_client/sss_nss.exports
14	@@ -3,6 +3,7 @@ EXPORTED {
15	# public functions	4	# public functions
16	global:	5	global:
17		6
Lines 19-25 Link Here
19	_nss_sss_getpwnam_r;	8	_nss_sss_getpwnam_r;
20	_nss_sss_getpwuid_r;	9	_nss_sss_getpwuid_r;
21	_nss_sss_setpwent;	10	_nss_sss_setpwent;
22	@@ -14,8 +15,25 @@ EXPORTED {	11	@@ -14,8 +15,25 @@
23	_nss_sss_setgrent;	12	_nss_sss_setgrent;
24	_nss_sss_getgrent_r;	13	_nss_sss_getgrent_r;
25	_nss_sss_endgrent;	14	_nss_sss_endgrent;
Lines 45-50 Link Here
45	#_nss_sss_getaliasbyname_r;	34	#_nss_sss_getaliasbyname_r;
46	#_nss_sss_setaliasent;	35	#_nss_sss_setaliasent;
47	#_nss_sss_getaliasent_r;	36	#_nss_sss_getaliasent_r;
48	--
49	1.8.0
50

Lines 1-16 Link Here

(-)sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (-16 / +2 lines)
1	From 74422233fe8c6efa826b20c6b579f4c99e45ff87 Mon Sep 17 00:00:00 2001	1	--- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2014-10-05 09:27:43.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/util/crypto/libcrypto/crypto_sha512crypt.c 2014-10-05 11:07:04.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 19/25] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c
5
6	---
7	src/util/crypto/libcrypto/crypto_sha512crypt.c \| 8 ++++++++
8	1 file changed, 8 insertions(+)
9
10	diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
11	index 88628b6..4510403 100644
12	--- src/util/crypto/libcrypto/crypto_sha512crypt.c
13	+++ src/util/crypto/libcrypto/crypto_sha512crypt.c
14	@@ -28,6 +28,14 @@	3	@@ -28,6 +28,14 @@
15	#include <openssl/evp.h>	4	#include <openssl/evp.h>
16	#include <openssl/rand.h>	5	#include <openssl/rand.h>
Lines 26-31 Link Here
26	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */	15	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
27	const char sha512_salt_prefix[] = "$6$";	16	const char sha512_salt_prefix[] = "$6$";
28	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)	17	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
29	--
30	1.8.0
31

Lines 1-16 Link Here

(-)sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c (-16 / +2 lines)
1	From be27b76238aa49ac0ace123f80c9957ae25501fa Mon Sep 17 00:00:00 2001	1	--- src/util/crypto/nss/nss_sha512crypt.c.orig 2014-10-05 09:28:09.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/util/crypto/nss/nss_sha512crypt.c 2014-10-05 11:07:34.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 20/25] patch-src__util__crypto__nss__nss_sha512crypt.c
5
6	---
7	src/util/crypto/nss/nss_sha512crypt.c \| 8 ++++++++
8	1 file changed, 8 insertions(+)
9
10	diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c
11	index 2838c47..a6cf43f 100644
12	--- src/util/crypto/nss/nss_sha512crypt.c
13	+++ src/util/crypto/nss/nss_sha512crypt.c
14	@@ -29,6 +29,14 @@	3	@@ -29,6 +29,14 @@
15	#include <sechash.h>	4	#include <sechash.h>
16	#include <pk11func.h>	5	#include <pk11func.h>
Lines 26-31 Link Here
26	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */	15	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
27	const char sha512_salt_prefix[] = "$6$";	16	const char sha512_salt_prefix[] = "$6$";
28	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)	17	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
29	--
30	1.8.0
31

Lines 1-26 Link Here

(-)sssd/files/patch-src__util__find_uid.c (-22 / +8 lines)
1	From ccc51217c877dde1857300662fdacab2298f5816 Mon Sep 17 00:00:00 2001	1	--- src/util/find_uid.c.orig 2014-10-05 09:28:26.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/util/find_uid.c 2014-10-05 11:09:40.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:21 +0100	3	@@ -67,7 +67,7 @@
4	Subject: [PATCH 21/25] patch-src__util__find_uid.c
5
6	---
7	src/util/find_uid.c \| 9 ++++-----
8	1 file changed, 4 insertions(+), 5 deletions(-)
9
10	diff --git src/util/find_uid.c src/util/find_uid.c
11	index d34a4ab..9dec900 100644
12	--- src/util/find_uid.c
13	+++ src/util/find_uid.c
14	@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
15	uint32_t num=0;	4	uint32_t num=0;
16	errno_t error;	5	errno_t error;
17		6
18	- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);	7	- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
19	+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);	8	+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
20	if (ret < 0) {	9	if (ret < 0) {
21	DEBUG(1, ("snprintf failed"));	10	DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");
22	return EINVAL;	11	return EINVAL;
23	@@ -201,12 +201,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)	12	@@ -207,12 +207,12 @@
24	struct dirent *dirent;	13	struct dirent *dirent;
25	int ret, err;	14	int ret, err;
26	pid_t pid = -1;	15	pid_t pid = -1;
Lines 34-51 Link Here
34	+ proc_dir = opendir("/compat/linux/proc");	23	+ proc_dir = opendir("/compat/linux/proc");
35	if (proc_dir == NULL) {	24	if (proc_dir == NULL) {
36	ret = errno;	25	ret = errno;
37	DEBUG(1, ("Cannot open proc dir.\n"));	26	DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
38	@@ -280,9 +280,8 @@ done:	27	@@ -287,9 +287,9 @@
39		28
40	errno_t get_uid_table(TALLOC_CTX mem_ctx, hash_table_t *table)	29	errno_t get_uid_table(TALLOC_CTX mem_ctx, hash_table_t *table)
41	{	30	{
42	-#ifdef __linux__	31	-#ifdef __linux__
43	int ret;	32	int ret;
44	-	33
45	+#if 1	34	+#if 1
46	ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,	35	ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,
47	hash_talloc, hash_talloc_free, mem_ctx,	36	hash_talloc, hash_talloc_free, mem_ctx,
48	NULL, NULL);	37	NULL, NULL);
49	--
50	1.8.0
51

Lines 1-36 Link Here

(-)sssd/files/patch-src__util__server.c (-36 lines)
1	From cc6cab9e45ba978eaf33c6fa1860ee94166780be Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 22/25] patch-src__util__server.c
5
6	---
7	src/util/server.c \| 12 +++++++-----
8	1 file changed, 7 insertions(+), 5 deletions(-)
9
10	diff --git src/util/server.c src/util/server.c
11	index b3073fc..ddc124f 100644
12	--- src/util/server.c
13	+++ src/util/server.c
14	@@ -321,12 +321,14 @@ static void setup_signals(void)
15	BlockSignals(false, SIGTERM);
16
17	CatchSignal(SIGHUP, sig_hup);
18	-
19	#ifndef HAVE_PRCTL
20	- /* If prctl is not defined on the system, try to handle
21	- * some common termination signals gracefully */
22	- CatchSignal(SIGSEGV, sig_segv_abrt);
23	- CatchSignal(SIGABRT, sig_segv_abrt);
24	+ /* If prctl is not defined on the system, try to handle
25	+ * some common termination signals gracefully */
26	+ (void) sig_segv_abrt; /* unused */
27	+ /*
28	+ CatchSignal(SIGSEGV, sig_segv_abrt);
29	+ CatchSignal(SIGABRT, sig_segv_abrt);
30	+ */
31	#endif
32
33	}
34	--
35	1.8.0
36

Lines 1-17 Link Here

(-)sssd/files/patch-src__util__sss_ldap.c (-29 / +6 lines)
1	From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001	1	--- src/util/sss_ldap.c.orig 2014-10-05 09:28:45.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/util/sss_ldap.c 2014-10-05 11:11:12.000000000 +0000
3	Date: Sat, 4 May 2013 16:08:12 +0200	3	@@ -206,6 +206,9 @@
4	Subject: [PATCH 27/34] patch-src__util__sss_ldap.c
5
6	---
7	src/util/sss_ldap.c \| 7 +++++--
8	1 file changed, 5 insertions(+), 2 deletions(-)
9
10	diff --git src/util/sss_ldap.c src/util/sss_ldap.c
11	index 060aacf..a2cc82a 100644
12	--- src/util/sss_ldap.c
13	+++ src/util/sss_ldap.c
14	@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,
15	errno = 0;	4	errno = 0;
16	ret = connect(state->fd, (struct sockaddr *) &state->addr,	5	ret = connect(state->fd, (struct sockaddr *) &state->addr,
17	state->addr_len);	6	state->addr_len);
Lines 21-44 Link Here
21	if (ret != EOK) {	10	if (ret != EOK) {
22	ret = errno;	11	ret = errno;
23	if (ret == EINPROGRESS \|\| ret == EINTR) {	12	if (ret == EINPROGRESS \|\| ret == EINTR) {
24	@@ -268,7 +271,7 @@ static errno_t set_fd_flags_and_opts(int fd)	13	@@ -346,7 +349,7 @@
25	strerror(ret)));	14	"Using file descriptor [%d] for LDAP connection.\n", state->sd);
26	}
27
28	- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
29	+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
30	if (ret != 0) {
31	ret = errno;
32	DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
33	@@ -341,7 +344,7 @@ struct tevent_req sss_ldap_init_send(TALLOC_CTX mem_ctx,
34	DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd));
35		15
36	subreq = sdap_async_sys_connect_send(state, ev, state->sd,	16	subreq = sdap_async_sys_connect_send(state, ev, state->sd,
37	- (struct sockaddr *) addr, addr_len);	17	- (struct sockaddr *) addr, addr_len);
38	+ (struct sockaddr *) addr, sizeof(struct sockaddr));	18	+ (struct sockaddr *) addr, sizeof(struct sockaddr));
39	if (subreq == NULL) {	19	if (subreq == NULL) {
40	ret = ENOMEM;	20	ret = ENOMEM;
41	DEBUG(1, ("sdap_async_sys_connect_send failed.\n"));	21	DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");
42	--
43	1.8.0
44

Lines 1-23 Link Here

(-)sssd/files/patch-src__util__util.h (-18 / +6 lines)
1	From 5fcf9d93df255105ec065b168ddc11d98b5bb5d1 Mon Sep 17 00:00:00 2001	1	--- src/util/util.h.orig 2014-10-05 09:29:04.000000000 +0000
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>	2	+++ src/util/util.h 2014-10-05 11:11:58.000000000 +0000
3	Date: Wed, 6 Nov 2013 22:01:21 +0100	3	@@ -535,6 +535,8 @@
4	Subject: [PATCH 24/25] patch-src__util__util.h
5
6	---
7	src/util/util.h \| 2 ++
8	1 file changed, 2 insertions(+)
9
10	diff --git src/util/util.h src/util/util.h
11	index eab1f78..8e29fb5 100644
12	--- src/util/util.h
13	+++ src/util/util.h
14	@@ -571,4 +571,6 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len,
15	#define BUILD_WITH_PAC_RESPONDER false	4	#define BUILD_WITH_PAC_RESPONDER false
16	#endif	5	#endif
17		6
18	+#include "util/sss_bsd_errno.h"	7	+#include "util/sss_bsd_errno.h"
19	+	8	+
20	#endif /* __SSSD_UTIL_H__ */	9	/* from string_utils.c */
21	--	10	char * sss_replace_space(TALLOC_CTX *mem_ctx,
22	1.8.0	11	const char *orig_name,
23