Attachment #152411 for bug #194155




# $FreeBSD$

PORTNAME=	sssd
DISTVERSION=	1.11.7
PORTREVISION=	9
CATEGORIES=	security
MASTER_SITES=   https://fedorahosted.org/released/${PORTNAME}/ \
		http://mirrors.rit.edu/zi/


GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--with-selinux=no --with-semanage=no \
		--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
		--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
		--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \
		--docdir=${DOCSDIR} --with-pid-path=/var/run \

		--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \
		--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \
		--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \
		--with-unicode-lib=libunistring --with-autofs=no \
		--disable-cifs-idmap-plugin --disable-config-lib
CFLAGS+=	-fstack-protector-all
PLIST_SUB=	PYTHON_VER=${PYTHON_VER}
#DEBUG_FLAGS=  -g

AUTOMAKE_ARGS=	-a -c -f
USE_LDCONFIG=	yes
USE_OPENLDAP=	yes
USES=		gettext gmake iconv libtool pathfix pkgconfig python:2 shebangfix
PATHFIX_MAKEFILEIN=	Makefile.am
SHEBANG_FILES=	src/tools/sss_obfuscate

python_CMD=   ${SETENV} python2
SHEBANG_FILES=	src/tools/sss_obfuscate \
		src/sbus/sbus_codegen

USE_RC_SUBR=	${PORTNAME}
PORTDATA=	*

OPTIONS_DEFINE=	DOCS SMB
OPTIONS_DEFAULT=	DOCS
OPTIONS_SUB=	yes

SMB_DESC=		Install IPA and AD providers (requires Samba4)
SMB_BUILD_DEPENDS=	samba41>=4.1.0:${PORTSDIR}/net/samba41
SMB_CONFIGURE_WITH=	samba

.include <bsd.port.options.mk>

.if ${ARCH} == "ia64" || ${ARCH} == "powerpc" || ${ARCH} == "sparc64"


post-patch:
	@${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c
	@${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \
		${WRKSRC}/src/util/util.h
	@${REINPLACE_CMD} -e '/pam_misc/d' \
		${WRKSRC}/src/sss_client/pam_test_client.c
	@${REINPLACE_CMD} -e 's|security/pam_misc.h||g' \
		${WRKSRC}/configure.ac ${WRKSRC}/src/external/pam.m4
	@${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \
		-e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \
		-e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \

		-e '/ETIME/d' \
		-e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \
		${WRKSRC}/src/sss_client/common.c
	@${REINPLACE_CMD} \
		${WRKSRC}/src/sss_client/sss_pam_macros.h
	@${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' \
		-e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' \
		-e 's|security/pam_ext.h|security/pam_appl.h|g' \
		-e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \
		-e 's|pam_vsyslog(pamh,|vsyslog(|g' \
		${WRKSRC}/src/sss_client/pam_sss.c
	@${REINPLACE_CMD} \
		-e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \
		-e 's|install-data-hook|notinstall-data-hook|g' \
		-e 's| -lpam_misc||g' \
		${WRKSRC}/Makefile.am
	@${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \
		-e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \
		${WRKSRC}/src/man/*xml
	@${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h
	@${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
	@${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h


.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss
	@${RMDIR} ${STAGEDIR}/var/${VARDIRS}
.endfor
	# clean unused man dirs
.for i in nl/man1 nl/man5 pt/man1 pt/man5
	@${RMDIR} ${STAGEDIR}${PREFIX}/man/${i}
.endfor

.include <bsd.port.mk>

Lines 1-2 Link Here

(-)distinfo (-2 / +2 lines)
1	SHA256 (sssd-1.9.6.tar.gz) = ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601	1	SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5
2	SIZE (sssd-1.9.6.tar.gz) = 3180066	2	SIZE (sssd-1.11.7.tar.gz) = 3661227




#ifndef PAM_MACROS_H
#define PAM_MACROS_H

/*
 * All kind of macros used by PAM, but usable in some other
 * programs too.
 * Organized by Cristian Gafton <gafton@redhat.com>
 */

/* a 'safe' version of strdup */

#include <stdlib.h>
#include <string.h>

#define  x_strdup(s)  ( (s) ? strdup(s):NULL )

/* Good policy to strike out passwords with some characters not just
   free the memory */

#define _pam_overwrite(x)        \
do {                             \
     register char *__xx__;      \
     if ((__xx__=(x)))           \
          while (*__xx__)        \
               *__xx__++ = '\0'; \
} while (0)

#define _pam_overwrite_n(x,n)   \
do {                             \
     register char *__xx__;      \
     register unsigned int __i__ = 0;    \
     if ((__xx__=(x)))           \
        for (;__i__<n; __i__++) \
            __xx__[__i__] = 0; \
} while (0)

/*
 * Don't just free it, forget it too.
 */

#define _pam_drop(X) \
do {                 \
    if (X) {         \
        free(X);     \
        X=NULL;      \
    }                \
} while (0)

#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \
do {                                              \
    int reply_i;                                  \
                                                  \
    for (reply_i=0; reply_i<replies; ++reply_i) { \
	if (reply[reply_i].resp) {                \
	    _pam_overwrite(reply[reply_i].resp);  \
	    free(reply[reply_i].resp);            \
	}                                         \
    }                                             \
    if (reply)                                    \
	free(reply);                              \
} while (0)

/* some debugging code */

#ifdef DEBUG

/*
 * This provides the necessary function to do debugging in PAM.
 * Cristian Gafton <gafton@redhat.com>
 */

#include <stdio.h>
#include <sys/types.h>
#include <stdarg.h>
#include <errno.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>

/*
 * This is for debugging purposes ONLY. DO NOT use on live systems !!!
 * You have been warned :-) - CG
 *
 * to get automated debugging to the log file, it must be created manually.
 * _PAM_LOGFILE must exist and be writable to the programs you debug.
 */

#ifndef _PAM_LOGFILE
#define _PAM_LOGFILE "/var/run/pam-debug.log"
#endif

static void _pam_output_debug_info(const char *file, const char *fn
				   , const int line)
{
    FILE *logfile;
    int must_close = 1, fd;

#ifdef O_NOFOLLOW
    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
#else
    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
#endif
	if (!(logfile = fdopen(fd,"a"))) {
	    logfile = stderr;
	    must_close = 0;
	    close(fd);
	}
    } else {
        logfile = stderr;
	must_close = 0;
    }
    fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
    fflush(logfile);
    if (must_close)
        fclose(logfile);
}

static void _pam_output_debug(const char *format, ...)
{
    va_list args;
    FILE *logfile;
    int must_close = 1, fd;

    va_start(args, format);

#ifdef O_NOFOLLOW
    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) {
#else
    if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) {
#endif
	if (!(logfile = fdopen(fd,"a"))) {
	    logfile = stderr;
	    must_close = 0;
	    close(fd);
	}
    } else {
	logfile = stderr;
	must_close = 0;
    }
    vfprintf(logfile, format, args);
    fprintf(logfile, "\n");
    fflush(logfile);
    if (must_close)
        fclose(logfile);

    va_end(args);
}

#define D(x) do { \
    _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
    _pam_output_debug x ; \
} while (0)

#define _pam_show_mem(X,XS) do {                                      \
      int i;                                                          \
      register unsigned char *x;                                      \
      x = (unsigned char *)X;                                         \
      fprintf(stderr, "  <start at %p>\n", X);                        \
      for (i = 0; i < XS ; ++x, ++i) {                                \
          fprintf(stderr, "    %02X. <%p:%02X>\n", i, x, *x);         \
      }                                                               \
      fprintf(stderr, "  <end for %p after %d bytes>\n", X, XS);      \
} while (0)

#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \
do {                                                                        \
    int reply_i;                                                            \
    setbuf(stderr, NULL);                                                   \
    fprintf(stderr, "array at %p of size %d\n",reply,replies);              \
    fflush(stderr);                                                         \
    if (reply) {                                                            \
	for (reply_i = 0; reply_i < replies; reply_i++) {                   \
	    fprintf(stderr, "  elem# %d at %p: resp = %p, retcode = %d\n",  \
		    reply_i, reply+reply_i, reply[reply_i].resp,            \
		    reply[reply_i].resp, _retcode);                         \
	    fflush(stderr);                                                 \
	    if (reply[reply_i].resp) {                                      \
		fprintf(stderr, "    resp[%d] = '%s'\n",                    \
			strlen(reply[reply_i].resp), reply[reply_i].resp);  \
		fflush(stderr);                                             \
	    }                                                               \
	}                                                                   \
    }                                                                       \
    fprintf(stderr, "done here\n");                                         \
    fflush(stderr);                                                         \
} while (0)

#else

#define D(x)                             do { } while (0)
#define _pam_show_mem(X,XS)              do { } while (0)
#define _pam_show_reply(reply, replies)  do { } while (0)

#endif /* DEBUG */

#endif  /* PAM_MACROS_H */




From e40f55767383f300f71103ca404b7839b8499104 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 01/25] patch-Makefile.am

---
 Makefile.am | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git Makefile.am Makefile.am
index fd74d85..4a7e6ae 100644
--- Makefile.am
+++ Makefile.am
@@ -311,6 +311,7 @@ AM_CPPFLAGS = \
     $(LIBNL_CFLAGS) \
     $(OPENLDAP_CFLAGS) \
     $(GLIB2_CFLAGS) \
+    -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \
     -DLIBDIR=\"$(libdir)\" \
     -DVARDIR=\"$(localstatedir)\" \
     -DSHLIBEXT=\"$(SHLIBEXT)\" \
@@ -378,6 +379,7 @@ SSSD_LIBS = \
     $(DHASH_LIBS) \
     $(SSS_CRYPT_LIBS) \
     $(OPENLDAP_LIBS) \

     $(TDB_LIBS)
 
 PYTHON_BINDINGS_LIBS = \
@@ -433,6 +435,7 @@ dist_noinst_HEADERS = \
     src/util/sss_selinux.h \
     src/util/sss_utf8.h \
     src/util/sss_ssh.h \
     src/util/sss_ini.h \
     src/util/sss_format.h \
+    src/util/sss_bsd_errno.h \
     src/util/refcount.h \
     src/util/find_uid.h \
     src/util/user_info_msg.h \
@@ -1700,9 +1703,10 @@ endif
 endif
 
 pam_test_client_SOURCES = src/sss_client/pam_test_client.c
-pam_test_client_LDFLAGS = -lpam -lpam_misc
+pam_test_client_LDFLAGS = -lpam
 
 if BUILD_AUTOFS
 autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \
@@ -1184,9 +1186,10 @@ endif
 # Client Libraries #
 ####################
 

     src/sss_client/nss_passwd.c \
     src/sss_client/nss_group.c \
     src/sss_client/nss_netgroup.c \
@@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \
     src/sss_client/nss_mc_passwd.c \
     src/sss_client/nss_mc_group.c \
     src/sss_client/nss_mc.h
-libnss_sss_la_LIBADD = \
+nss_sss_la_LIBADD = \
     $(CLIENT_LIBS)
-libnss_sss_la_LDFLAGS = \
+nss_sss_la_LDFLAGS = \
     $(CLIENT_LIBS) \
     -module \
     -version-info 2:0:0 \
     -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
@@ -2086,6 +2090,7 @@ ldap_child_LDADD = \
     $(POPT_LIBS) \
     $(OPENLDAP_LIBS) \
     $(DHASH_LIBS) \

     $(KRB5_LIBS)
 
 proxy_child_SOURCES = \
-- 
1.8.0





From 756e37d0ef957b15d782d5dd87d24e9359541931 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 02/25] patch-src__confdb__confdb.c

---
 src/confdb/confdb.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git src/confdb/confdb.c src/confdb/confdb.c
index 19d8884..67720f7 100644
--- src/confdb/confdb.c
+++ src/confdb/confdb.c
@@ -28,6 +28,11 @@

 #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
     if (!var) { \
         ret = err; \
-- 
1.8.0





From 558989d6ac329b4036e02873fb7c981c5912040c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 7 Nov 2013 13:28:13 +0100
Subject: [PATCH] patch-src__external__inotify.m4

---
 src/external/inotify.m4 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git src/external/inotify.m4 src/external/inotify.m4
index 9572f6d..2a5a8cf 100644
--- src/external/inotify.m4
+++ src/external/inotify.m4
@@ -20,10 +20,10 @@ int main () {

     )
 
     AS_IF([test x"$inotify_works" = xyes],
-- 
1.8.3.1





From b7947258702e250dbf569bb9cd74f1e73f0c94bb Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 30 Oct 2013 08:53:42 +0100
Subject: [PATCH 1/4] patch-src__external__krb5.m4

---
 src/external/krb5.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git src/external/krb5.m4 src/external/krb5.m4
index 861c8c9..978ec03 100644
--- src/external/krb5.m4
+++ src/external/krb5.m4
@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then

 AC_MSG_CHECKING(for working krb5-config)
 if test -x "$KRB5_CONFIG"; then
   KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
-- 
1.8.0





From b52128bc333fd4717a96950ef8fb4171f25fabcf Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 30 Oct 2013 08:54:41 +0100
Subject: [PATCH 2/4] patch-src__external__pac_responder.m4

---
 src/external/pac_responder.m4 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
index 6e29452..50bf4a8 100644
--- src/external/pac_responder.m4
+++ src/external/pac_responder.m4
@@ -14,14 +14,15 @@ then
     PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
         AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
 

     AC_MSG_CHECKING(for supported MIT krb5 version)
     KRB5_VERSION="`$KRB5_CONFIG --version`"
     case $KRB5_VERSION in
         Kerberos\ 5\ release\ 1.9* | \
         Kerberos\ 5\ release\ 1.10* | \
         Kerberos\ 5\ release\ 1.11* | \
-        Kerberos\ 5\ release\ 1.12*)
+        Kerberos\ 5\ release\ 1.12* | \
+        Kerberos\ 5\ release\ 1.13*)
             krb5_version_ok=yes
             AC_MSG_RESULT([yes])
             ;;




From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Tue, 3 Jun 2014 22:10:50 +0200
Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml

---
 src/man/pam_sss.8.xml | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644
--- src/man/pam_sss.8.xml
+++ src/man/pam_sss.8.xml
@@ -37,6 +37,12 @@
             <arg choice='opt'>
                 <replaceable>retry=N</replaceable>
             </arg>
+            <arg choice='opt'>
+                <replaceable>ignore_unknown_user</replaceable>
+            </arg>
+            <arg choice='opt'>
+                <replaceable>ignore_authinfo_unavail</replaceable>
+            </arg>
         </cmdsynopsis>
     </refsynopsisdiv>
 
@@ -103,6 +109,27 @@
                     <option>PasswordAuthentication</option>.</para>
                 </listitem>
             </varlistentry>
+            <varlistentry>
+                <term>
+                    <option>ignore_unknown_user</option>
+                </term>
+                <listitem>
+                    <para>If this option is specified and the user does not
+                    exist, the PAM module will return PAM_IGNORE. This causes
+                    the PAM framework to ignore this module.</para>
+                </listitem>
+            </varlistentry>
+            <varlistentry>
+                <term>
+                    <option>ignore_authinfo_unavail</option>
+                </term>
+                <listitem>
+                    <para>
+                    Specifies  that  the  PAM module should return PAM_IGNORE
+                    if it cannot contact the SSSD daemon. This causes
+                    the PAM framework to ignore this module.</para>
+                </listitem>
+            </varlistentry>
         </variablelist>
     </refsect1>
 
-- 
1.9.3





From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 27 Jul 2013 15:04:27 +0200
Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c

---
 src/providers/ad/ad_access.c | 1 +
 1 file changed, 1 insertion(+)

diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c
index 314cdcf..ca0fb8b 100644
--- src/providers/ad/ad_access.c
+++ src/providers/ad/ad_access.c
@@ -21,6 +21,7 @@
 */
 
 #include <security/pam_modules.h>
+#include <security/pam_appl.h>
 #include "src/util/util.h"
 #include "src/providers/data_provider.h"
 #include "src/providers/dp_backend.h"
-- 
1.8.0





From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 27 Jul 2013 15:03:49 +0200
Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c

---
 src/providers/ad/ad_common.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
index 8600dab..d628385 100644
--- src/providers/ad/ad_common.c
+++ src/providers/ad/ad_common.c
@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
     char *server;
     char *realm;
     char *ad_hostname;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 
     opts = talloc_zero(mem_ctx, struct ad_options);
     if (!opts) return ENOMEM;
@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
      */
     ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
     if (ad_hostname == NULL) {
-        gret = gethostname(hostname, HOST_NAME_MAX);
+        gret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (gret != 0) {
             ret = errno;
             DEBUG(SSSDBG_FATAL_FAILURE,
@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
                    strerror(ret)));
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
         DEBUG(SSSDBG_CONF_SETTINGS,
               ("Setting ad_hostname to [%s].\n", hostname));
         ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
-- 
1.8.0





From 08bc75705abe29a9e046a0a8871adcf42eeee35c Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 07/25] patch-src__providers__fail_over.c

---
 src/providers/fail_over.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/fail_over.c src/providers/fail_over.c
index 59cbacd..197c0ef 100644
--- src/providers/fail_over.c
+++ src/providers/fail_over.c
@@ -1331,7 +1331,7 @@ resolve_srv_recv(struct tevent_req *req, struct fo_server **server)
  *******************************************************************/
 struct resolve_get_domain_state {
     char *fqdn;
-    char hostname[HOST_NAME_MAX];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 };
 
 static void resolve_get_domain_done(struct tevent_req *subreq);
@@ -1351,13 +1351,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx,
         return NULL;
     }
 
-    ret = gethostname(state->hostname, HOST_NAME_MAX);
+    ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX);
     if (ret) {
         ret = errno;
         DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret)));
         return NULL;
     }
-    state->hostname[HOST_NAME_MAX-1] = '\0';
+    state->hostname[_POSIX_HOST_NAME_MAX] = '\0';
     DEBUG(7, ("Host name is: %s\n", state->hostname));
 
     subreq = resolv_gethostbyname_send(state, ev, resolv,
-- 
1.8.0





From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c

---
 src/providers/ipa/ipa_common.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
index eb384a1..d7d8052 100644
--- src/providers/ipa/ipa_common.c
+++ src/providers/ipa/ipa_common.c
@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
     char *realm;
     char *ipa_hostname;
     int ret;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 
     opts = talloc_zero(memctx, struct ipa_options);
     if (!opts) return ENOMEM;
@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx,
 
     ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
     if (ipa_hostname == NULL) {
-        ret = gethostname(hostname, HOST_NAME_MAX);
+        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (ret != EOK) {
             DEBUG(1, ("gethostname failed [%d][%s].\n", errno,
                       strerror(errno)));
             ret = errno;
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
         DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname));
         ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
         if (ret != EOK) {
-- 
1.8.0





From eba3efda911eb0212a98353740e13ad619aaa282 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 09/25] patch-src__providers__krb5__krb5_delayed_online_authentication.c

---
 src/providers/krb5/krb5_delayed_online_authentication.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
index 33b839e..da6ccfc 100644
--- src/providers/krb5/krb5_delayed_online_authentication.c
+++ src/providers/krb5/krb5_delayed_online_authentication.c
@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
                                            struct tevent_context *ev)
 {
     int ret;

     hash_table_t *tmp_table;
 
     ret = get_uid_table(krb5_ctx, &tmp_table);
@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
               "hash_destroy failed [%s].\n", hash_error_string(ret));
         return EFAULT;
     }
+#endif /* __linux__ */

 
     krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
                                           struct deferred_auth_ctx);
-- 
1.8.0





From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c

---
 src/providers/ldap/ldap_auth.c | 60 ++++++++++++++++++++++++++----------------
 1 file changed, 37 insertions(+), 23 deletions(-)

diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
index 2aacce0..e019cf7 100644
--- src/providers/ldap/ldap_auth.c
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@

 static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
 {
     int ret;
@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
         return EINVAL;
     }
 

+    tzset();
     expire_time = mktime(&tm);
     if (expire_time == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
         return EINVAL;
     }
 
-    tzset();
-    expire_time -= timezone;
     DEBUG(SSSDBG_TRACE_ALL,
-          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
-           "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
-           tzname[1], timezone, daylight, now, expire_time);
+          "Time info: tzname[0] [%s] tzname[1] [%s] "
+          "now [%ld] expire_time [%ld].\n", tzname[0],
+          tzname[1], now, expire_time);
 
     if (difftime(now, expire_time) > 0.0) {
         DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)
     DEBUG(SSSDBG_OP_FAILURE,
           "starting password change request for user [%s].\n", pd->user);
 
     DEBUG(2, ("starting password change request for user [%s].\n", pd->user));
 
-    pd->pam_status = PAM_SYSTEM_ERR;
+    pd->pam_status = PAM_SERVICE_ERR;
 
     if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
         DEBUG(SSSDBG_OP_FAILURE,
@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                     &pw_expire_type, &pw_expire_data);
     talloc_zfree(req);
     if (ret) {
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
 
@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                                             &result);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_shadow failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                                               state->breq->domain->pwd_expiration_warning);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
 
                 if (result == SDAP_AUTH_PW_EXPIRED) {
                     DEBUG(1, ("LDAP provider cannot change kerberos "
                               "passwords.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
                 break;
             default:
                 DEBUG(1, ("Unknow pasword expiration type.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
         }
     }
@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
         dp_err = DP_ERR_OFFLINE;
         break;
     default:

     }
 
 done:
@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
                                                     state->sh, state->dn,
                                                     lastchanged_name);
     if (ret && ret != EIO) {
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
 
@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
                                               state->dn,
                                               lastchanged_name);
         if (subreq == NULL) {
-            state->pd->pam_status = PAM_SYSTEM_ERR;
+            state->pd->pam_status = PAM_SERVICE_ERR;

             goto done;
         }
 
@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *req)
 
     ret = sdap_modify_shadow_lastchange_recv(req);
     if (ret != EOK) {

         goto done;
     }
 
@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
         goto done;
     }
 

 
     switch (pd->cmd) {
     case SSS_PAM_AUTHENTICATE:
@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                     &pw_expire_type, &pw_expire_data);
     talloc_zfree(req);
     if (ret != EOK) {
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         dp_err = DP_ERR_FATAL;
         goto done;
     }
@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                                             state->pd, &result);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_shadow failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                                               be_ctx->domain->pwd_expiration_warning);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                                           be_ctx->domain->pwd_expiration_warning);
                 if (ret != EOK) {
                     DEBUG(1, ("check_pwexpire_ldap failed.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
                 break;
@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
                 break;
             default:
                 DEBUG(1, ("Unknow pasword expiration type.\n"));
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
         }
     }
@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
         state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
         break;
     default:

         dp_err = DP_ERR_FATAL;
     }
 
-- 
1.8.0





From 9a3d9a05b2c8790c771c166b42f8b80e76b4b336 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c

---
 src/providers/ldap/sdap_access.c | 46 +++++++++++++++++++---------------------
 1 file changed, 22 insertions(+), 24 deletions(-)

diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
index 880735e..d349dcf 100644
--- src/providers/ldap/sdap_access.c
+++ src/providers/ldap/sdap_access.c
@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str)
     along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 
-#define _XOPEN_SOURCE 500 /* for strptime() */
 #include <time.h>
-#undef _XOPEN_SOURCE
 #include <sys/param.h>
 #include <security/pam_modules.h>
 #include <talloc.h>
@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq)
                            pd);
     if (req == NULL) {
         DEBUG(1, ("Unable to start sdap_access request\n"));
-        sdap_access_reply(breq, PAM_SYSTEM_ERR);
+        sdap_access_reply(breq, PAM_SERVICE_ERR);
         return;
     }
 
@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
 
     state->be_req = be_req;
     state->pd = pd;
-    state->pam_status = PAM_SYSTEM_ERR;
+    state->pam_status = PAM_SERVICE_ERR;
     state->ev = ev;
     state->access_ctx = access_ctx;
     state->current_rule = 0;
@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str)
         return true;
     }
 

+    tzset();
     expire_time = mktime(&tm);
     if (expire_time == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str)
         return true;
     }
 

-    tzset();
-    expire_time -= timezone;
     now = time(NULL);
     DEBUG(SSSDBG_TRACE_ALL,
-          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
-           "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
-           tzname[1], timezone, daylight, now, expire_time);
+          "Time info: tzname[0] [%s] tzname[1] [%s] "
+          "now [%ld] expire_time [%ld].\n", tzname[0],
+          tzname[1], now, expire_time);
 
     if (difftime(now, expire_time) > 0.0) {
         DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
@@ -662,7 +659,7 @@ static struct tevent_req *sdap_account_expired_send(TALLOC_CTX *mem_ctx,
         return NULL;
     }
 
-    state->pam_status = PAM_SYSTEM_ERR;
+    state->pam_status = PAM_SERVICE_ERR;
 
     expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
                                 SDAP_ACCOUNT_EXPIRE_POLICY);
@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx,
     state->filter = NULL;
     state->be_req = be_req;
     state->username = username;
-    state->pam_status = PAM_SYSTEM_ERR;
+    state->pam_status = PAM_SERVICE_ERR;
     state->sdap_ctx = access_ctx->id_ctx;
     state->ev = ev;
     state->access_ctx = access_ctx;
@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
                                    false);
     if (subreq == NULL) {
         DEBUG(1, ("Could not start LDAP communication\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, EIO);
         return;
     }
@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
             if (ret == EOK) {
                 return;
             }
-            state->pam_status = PAM_SYSTEM_ERR;
+            state->pam_status = PAM_SERVICE_ERR;
         } else if (dp_error == DP_ERR_OFFLINE) {
             sdap_access_filter_decide_offline(req);
         } else {
             DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
                       ret, strerror(ret)));
-            state->pam_status = PAM_SYSTEM_ERR;
+            state->pam_status = PAM_SERVICE_ERR;
         }
 
         goto done;
@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
     else if (results == NULL) {
         DEBUG(1, ("num_results > 0, but results is NULL\n"));
         ret = EIO;
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
     else if (num_results > 1) {
@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
          */
         DEBUG(1, ("Received multiple replies\n"));
         ret = EIO;
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
     else { /* Ok, we got a single reply */
@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send(
     struct ldb_message_element *el;
     unsigned int i;
     char *host;
-    char hostname[HOST_NAME_MAX+1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 
     req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx);
     if (!req) {
@@ -1285,11 +1282,12 @@ static struct tevent_req *sdap_access_host_send(
         goto done;
     }
 
-    if (gethostname(hostname, sizeof(hostname)) == -1) {
+    if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
         DEBUG(1, ("Unable to get system hostname. Access denied\n"));
         ret = EOK;
         goto done;
     }
+    hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
     /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
      *        in some attempt to get aliases and/or FQDN for the machine.
@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq)
     talloc_zfree(subreq);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        state->pam_status = PAM_SYSTEM_ERR;
+        state->pam_status = PAM_SERVICE_ERR;
         tevent_req_error(req, ret);
         return;
     }
@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status)
 static void sdap_access_done(struct tevent_req *req)
 {
     errno_t ret;
-    int pam_status = PAM_SYSTEM_ERR;
+    int pam_status = PAM_SERVICE_ERR;
     struct be_req *breq =
             tevent_req_callback_data(req, struct be_req);
 
@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req)
     talloc_zfree(req);
     if (ret != EOK) {
         DEBUG(1, ("Error retrieving access check result.\n"));
-        pam_status = PAM_SYSTEM_ERR;
+        pam_status = PAM_SERVICE_ERR;
     }
 
     sdap_access_reply(breq, pam_status);
-- 
1.8.0





From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 27 Jul 2013 15:01:26 +0200
Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c

---
 src/providers/ldap/sdap_async_sudo_hostinfo.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
index 0a695cd..108b4c2 100644
--- src/providers/ldap/sdap_async_sudo_hostinfo.c
+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
@@ -371,7 +371,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
     struct tevent_req *subreq = NULL;
     struct sdap_sudo_get_hostnames_state *state = NULL;
     char *dot = NULL;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
     int resolv_timeout;
     int ret;
 
@@ -395,14 +395,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
     /* get hostname */
 
     errno = 0;
-    ret = gethostname(hostname, HOST_NAME_MAX);
+    ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
     if (ret != EOK) {
         ret = errno;
         DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname "
                                     "[%d]: %s\n", ret, strerror(ret)));
         goto done;
     }
-    hostname[HOST_NAME_MAX] = '\0';
+    hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
     state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
     if (state->hostnames[0] == NULL) {
-- 
1.8.0





From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c

---
 src/resolv/async_resolv.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c
index 268d266..1bb84e5 100644
--- src/resolv/async_resolv.c
+++ src/resolv/async_resolv.c
@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name)
     hints.ai_flags = AI_NUMERICHOST; /* No network lookups */
 
     ret = getaddrinfo(name, NULL, &hints, &res);
-    freeaddrinfo(res);
     if (ret != 0) {
         if (ret == -2) {
             DEBUG(9, ("[%s] does not look like an IP address\n", name));
@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name)
             DEBUG(2, ("getaddrinfo failed [%d]: %s\n",
                       ret, gai_strerror(ret)));
         }
+    } else {
+     freeaddrinfo(res);
     }
 
     return ret == 0;
-- 
1.8.0





From 6874fb930a30eac6fe12104923ab97083f58bcf9 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 14/25] patch-src__sss_client__common.c

---
 src/sss_client/common.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git src/sss_client/common.c src/sss_client/common.c
index ec5c708..5d17eed 100644
--- src/sss_client/common.c

     }
 }
 
-- 
1.8.0





From 5a0c2079efae0f9734d85932ed72645808b32091 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:20 +0100
Subject: [PATCH 15/25] patch-src__sss_client__nss_group.c

---
 src/sss_client/nss_group.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 70 insertions(+)

diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c
index e6ea54b..b27b671 100644
--- src/sss_client/nss_group.c

 enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
                                     char *buffer, size_t buflen, int *errnop)
 {
-- 
1.8.0





From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c

---
 src/sss_client/pam_sss.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644
--- src/sss_client/pam_sss.c
+++ src/sss_client/pam_sss.c
@@ -52,6 +52,8 @@
 #define FLAGS_USE_FIRST_PASS (1 << 0)
 #define FLAGS_FORWARD_PASS   (1 << 1)
 #define FLAGS_USE_AUTHTOK    (1 << 2)
+#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4)
 
 #define PWEXP_FLAG "pam_sss:password_expired_flag"
 #define FD_DESTRUCTOR "pam_sss:fd_destructor"
@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
 
 static void close_fd(pam_handle_t *pamh, void *ptr, int err)
 {
+#ifdef PAM_DATA_REPLACE
     if (err & PAM_DATA_REPLACE) {
         /* Nothing to do */
         return;
     }
+#endif /* PAM_DATA_REPLACE */
 
     D(("Closing the fd"));
     sss_pam_close_fd();
@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
             }
         } else if (strcmp(*argv, "quiet") == 0) {
             *quiet_mode = true;
+        } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
+            *flags |= FLAGS_IGNORE_UNKNOWN_USER;
+        } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) {
+            *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL;
         } else {
             logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
         }
@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
     ret = get_pam_items(pamh, &pi);
     if (ret != PAM_SUCCESS) {
         D(("get items returned error: %s", pam_strerror(pamh,ret)));
+        if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
+            ret = PAM_IGNORE;
+        }
+        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
+                && ret == PAM_AUTHINFO_UNAVAIL) {
+            ret = PAM_IGNORE;
+        }
         return ret;
     }
 
@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
 
         pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
 
+        if (flags & FLAGS_IGNORE_UNKNOWN_USER
+                && pam_status == PAM_USER_UNKNOWN) {
+            pam_status = PAM_IGNORE;
+        }
+        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
+                && pam_status == PAM_AUTHINFO_UNAVAIL) {
+            pam_status = PAM_IGNORE;
+        }
+
         switch (task) {
             case SSS_PAM_AUTHENTICATE:
                 /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
-- 
1.9.3





From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c

---
 src/sss_client/pam_test_client.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c
index ef424e7..d8cf36c 100644
--- src/sss_client/pam_test_client.c
+++ src/sss_client/pam_test_client.c
@@ -24,12 +24,13 @@
 
 #include <stdio.h>
 #include <unistd.h>
+#include <string.h>
 
 #include <security/pam_appl.h>
-#include <security/pam_misc.h>
+#include <security/openpam.h>
 
 static struct pam_conv conv = {
-    misc_conv,
+    openpam_ttyconv,
     NULL
 };
 
-- 
1.8.0





From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:11 +0200
Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports

---
 src/sss_client/sss_nss.exports | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports
index 1eefea8..8e85a05 100644
--- src/sss_client/sss_nss.exports

 		#_nss_sss_getaliasbyname_r;
 		#_nss_sss_setaliasent;
 		#_nss_sss_getaliasent_r;
-- 
1.8.0





From 74422233fe8c6efa826b20c6b579f4c99e45ff87 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 19/25] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c

---
 src/util/crypto/libcrypto/crypto_sha512crypt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
index 34547d0..6901851 100644
--- src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -28,6 +28,12 @@
 #include <openssl/evp.h>
 #include <openssl/rand.h>
 
+#define __stpncpy(x, y, z) stpncpy(x, y, z)
+
+void *
+mempcpy (void *dest, const void *src, size_t n)
+{

 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";
 #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
-- 
1.8.0





From be27b76238aa49ac0ace123f80c9957ae25501fa Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 20/25] patch-src__util__crypto__nss__nss_sha512crypt.c

---
 src/util/crypto/nss/nss_sha512crypt.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c
index 9fedd5e..90192ac 100644
--- src/util/crypto/nss/nss_sha512crypt.c
+++ src/util/crypto/nss/nss_sha512crypt.c
@@ -29,6 +29,12 @@
 #include <sechash.h>
 #include <pk11func.h>
 
+#define __stpncpy(x, y, z) stpncpy(x, y, z)
+
+static void *
+mempcpy (void *dest, const void *src, size_t n)
+{

 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";
 #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
-- 
1.8.0





From ccc51217c877dde1857300662fdacab2298f5816 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 21/25] patch-src__util__find_uid.c

---
 src/util/find_uid.c | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git src/util/find_uid.c src/util/find_uid.c
index 4c8f73a..40f3690 100644
--- src/util/find_uid.c
+++ src/util/find_uid.c
@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)

-    ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
+    ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
     if (ret < 0) {
         DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");
         return EINVAL;
@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
     struct dirent *dirent;
     int ret, err;
     pid_t pid = -1;

+    proc_dir = opendir("/compat/linux/proc");
     if (proc_dir == NULL) {
         ret = errno;
         DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
@@ -287,9 +287,8 @@ done:
 
 errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
 {

     ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,
                          hash_talloc, hash_talloc_free, mem_ctx,
                          NULL, NULL);
-- 
1.8.0





From cc6cab9e45ba978eaf33c6fa1860ee94166780be Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 22/25] patch-src__util__server.c

---
 src/util/server.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git src/util/server.c src/util/server.c
index 343668c..f8a1627 100644
--- src/util/server.c
+++ src/util/server.c
@@ -322,12 +322,14 @@ static void setup_signals(void)
     BlockSignals(false, SIGTERM);
 
     CatchSignal(SIGHUP, sig_hup);

 #endif
 
 }
-- 
1.8.0





diff --git src/util/signal.c src/util/signal.c
index 053457b..bb8f8be 100644
--- src/util/signal.c
+++ src/util/signal.c
@@ -28,45 +28,6 @@
  * @brief Signal handling
  */
 
-/****************************************************************************
- Catch child exits and reap the child zombie status.
-****************************************************************************/
-
-static void sig_cld(int signum)
-{
-	while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0)
-		;
-
-	/*
-	 * Turns out it's *really* important not to
-	 * restore the signal handler here if we have real POSIX
-	 * signal handling. If we do, then we get the signal re-delivered
-	 * immediately - hey presto - instant loop ! JRA.
-	 */
-
-#if !defined(HAVE_SIGACTION)
-	CatchSignal(SIGCLD, sig_cld);
-#endif
-}
-
-/****************************************************************************
-catch child exits - leave status;
-****************************************************************************/
-
-static void sig_cld_leave_status(int signum)
-{
-	/*
-	 * Turns out it's *really* important not to
-	 * restore the signal handler here if we have real POSIX
-	 * signal handling. If we do, then we get the signal re-delivered
-	 * immediately - hey presto - instant loop ! JRA.
-	 */
-
-#if !defined(HAVE_SIGACTION)
-	CatchSignal(SIGCLD, sig_cld_leave_status);
-#endif
-}
-
 /**
  Block sigs.
 **/
@@ -126,21 +87,3 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int)
 	return signal(signum, handler);
 #endif
 }
-
-/**
- Ignore SIGCLD via whatever means is necessary for this OS.
-**/
-
-void CatchChild(void)
-{
-	CatchSignal(SIGCLD, sig_cld);
-}
-
-/**
- Catch SIGCLD but leave the child around so it's status can be reaped.
-**/
-
-void CatchChildLeaveStatus(void)
-{
-	CatchSignal(SIGCLD, sig_cld_leave_status);
-}




From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Sat, 4 May 2013 16:08:12 +0200
Subject: [PATCH 27/34] patch-src__util__sss_ldap.c

---
 src/util/sss_ldap.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git src/util/sss_ldap.c src/util/sss_ldap.c
index dd63b4b..0764622 100644
--- src/util/sss_ldap.c
+++ src/util/sss_ldap.c
@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,
     errno = 0;
     ret = connect(state->fd, (struct sockaddr *) &state->addr,
                   state->addr_len);

     if (ret != EOK) {
         ret = errno;
         if (ret == EINPROGRESS || ret == EINTR) {
@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
           "Using file descriptor [%d] for LDAP connection.\n", state->sd);
     }
 
-    ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
+    ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
     if (ret != 0) {
         ret = errno;
         DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
@@ -341,7 +344,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
     DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd));
 
     subreq = sdap_async_sys_connect_send(state, ev, state->sd,
-                                         (struct sockaddr *) addr, addr_len);
+                                         (struct sockaddr *) addr, sizeof(struct sockaddr));
     if (subreq == NULL) {
         ret = ENOMEM;
         DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");
-- 
1.8.0





From 5fcf9d93df255105ec065b168ddc11d98b5bb5d1 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
Date: Wed, 6 Nov 2013 22:01:21 +0100
Subject: [PATCH 24/25] patch-src__util__util.h

---
 src/util/util.h | 2 ++
 1 file changed, 2 insertions(+)

diff --git src/util/util.h src/util/util.h
index 7a66846..5e63275 100644
--- src/util/util.h
+++ src/util/util.h
@@ -227,8 +227,6 @@ void sig_term(int sig);
 #include <signal.h>
 void BlockSignals(bool block, int signum);
 void (*CatchSignal(int signum,void (*handler)(int )))(int);
-void CatchChild(void);
-void CatchChildLeaveStatus(void);
 
 /* from memory.c */
 typedef int (void_destructor_fn_t)(void *);
@@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx,
 char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx,
                                  const char *orig_name,
                                  const char replace_char);
+#include "util/sss_bsd_errno.h"
 
 #endif /* __SSSD_UTIL_H__ */
-- 
1.8.0





bin/sss_ssh_authorizedkeys
bin/sss_ssh_knownhostsproxy
etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%%ETCDIR%%/sssd.conf.sample
include/ipa_hbac.h
include/sss_idmap.h
include/sss_nss_idmap.h
%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so
lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
lib/libipa_hbac.so
lib/libipa_hbac.so.0

lib/libipa_hbac.so.0.0.1
lib/libsss_idmap.so
lib/libsss_idmap.so.0
lib/libsss_idmap.so.0.4.0
lib/libsss_nss_idmap.so
lib/libsss_nss_idmap.so.0
lib/libsss_nss_idmap.so.0.0.1
lib/libsss_sudo.so
lib/nss_sss.so
lib/nss_sss.so.1

lib/nss_sss.so.2
lib/nss_sss.so.2.0.0
lib/pam_sss.so
%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info
%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc
%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py

%%PYTHON_SITELIBDIR%%/pyhbac.so
%%PYTHON_SITELIBDIR%%/pysss.so
%%PYTHON_SITELIBDIR%%/pysss_murmur.so
%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
lib/shared-modules/ldb/memberof.so
%%SMB%%lib/sssd/libsss_ad.so
lib/sssd/libsss_child.so
lib/sssd/libsss_crypt.so
lib/sssd/libsss_debug.so
%%SMB%%lib/sssd/libsss_ipa.so
lib/sssd/libsss_krb5.so
lib/sssd/libsss_krb5_common.so
lib/sssd/libsss_ldap.so
lib/sssd/libsss_ldap_common.so
lib/sssd/libsss_proxy.so
lib/sssd/libsss_simple.so
lib/sssd/libsss_util.so
libdata/pkgconfig/ipa_hbac.pc
libdata/pkgconfig/sss_idmap.pc
libdata/pkgconfig/sss_nss_idmap.pc
libexec/sssd/krb5_child
libexec/sssd/ldap_child
libexec/sssd/proxy_child
libexec/sssd/sss_signal
libexec/sssd/sssd_be
libexec/sssd/sssd_ifp
libexec/sssd/sssd_nss
%%SMB%%libexec/sssd/sssd_pac
libexec/sssd/sssd_pam
libexec/sssd/sssd_ssh
libexec/sssd/sssd_sudo
man/es/man1/sss_ssh_authorizedkeys.1.gz
man/es/man1/sss_ssh_knownhostsproxy.1.gz
man/es/man5/sssd-ad.5.gz
man/es/man5/sssd-ipa.5.gz
man/es/man5/sssd-ldap.5.gz
man/es/man5/sssd-simple.5.gz
man/es/man5/sssd-sudo.5.gz

man/fr/man1/sss_ssh_authorizedkeys.1.gz
man/fr/man1/sss_ssh_knownhostsproxy.1.gz
man/fr/man5/sssd-ad.5.gz
man/fr/man5/sssd-ipa.5.gz
man/fr/man5/sssd-krb5.5.gz
man/fr/man5/sssd-ldap.5.gz
man/fr/man5/sssd-simple.5.gz

man/fr/man8/sssd_krb5_locator_plugin.8.gz
man/ja/man1/sss_ssh_authorizedkeys.1.gz
man/ja/man1/sss_ssh_knownhostsproxy.1.gz
man/ja/man5/sssd-ad.5.gz
man/ja/man5/sssd-ipa.5.gz
man/ja/man5/sssd-krb5.5.gz
man/ja/man5/sssd-ldap.5.gz
man/ja/man5/sssd-simple.5.gz

man/man1/sss_ssh_authorizedkeys.1.gz
man/man1/sss_ssh_knownhostsproxy.1.gz
man/man5/sssd-ad.5.gz
man/man5/sssd-ifp.5.gz
man/man5/sssd-ipa.5.gz
man/man5/sssd-krb5.5.gz
man/man5/sssd-ldap.5.gz

man/uk/man1/sss_ssh_authorizedkeys.1.gz
man/uk/man1/sss_ssh_knownhostsproxy.1.gz
man/uk/man5/sssd-ad.5.gz
man/uk/man5/sssd-ifp.5.gz
man/uk/man5/sssd-krb5.5.gz
man/uk/man5/sssd-ldap.5.gz
man/uk/man5/sssd-simple.5.gz

sbin/sss_userdel
sbin/sss_usermod
sbin/sssd
@dir lib/ldb
@dir lib/sssd/modules
%%PORTDOCS%%@dir %%DOCSDIR%%/doc
%%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc
%%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc
%%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc
%%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc
@dirrm lib/sssd
@dirrm %%PYTHON_SITELIBDIR%%/SSSDConfig
@dirrmtry %%ETCDIR%%
@dirrmtry man/uk/man8
@dirrmtry man/uk/man5
@dirrmtry man/uk/man1
@dirrmtry man/uk
@dirrmtry man/pt/man8
@dirrmtry man/pt/man5
@dirrmtry man/pt/man1
@dirrmtry man/pt
@dirrmtry man/nl/man8
@dirrmtry man/nl/man5
@dirrmtry man/nl/man1
@dirrmtry man/nl
@dirrmtry man/fr/man8
@dirrmtry man/fr/man5
@dirrmtry man/fr/man1
@dirrmtry man/fr
@dirrmtry man/es/man8
@dirrmtry man/es/man5
@dirrmtry man/es/man1
@dirrmtry man/es
@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi
@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi
@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi

Return to bug 194155

Lines 2-9 Link Here

(-)Makefile (-22 / +21 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= sssd	4	PORTNAME= sssd
5	DISTVERSION= 1.9.6	5	DISTVERSION= 1.11.7
6	PORTREVISION= 9
7	CATEGORIES= security	6	CATEGORIES= security
8	MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \	7	MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \
9	http://mirrors.rit.edu/zi/	8	http://mirrors.rit.edu/zi/
Lines 36-42 Link Here
36		35
37	GNU_CONFIGURE= yes	36	GNU_CONFIGURE= yes
38	CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \	37	CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \
39	--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb/ \	38	--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
40	--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \	39	--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
41	--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \	40	--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \
42	--docdir=${DOCSDIR} --with-pid-path=/var/run \	41	--docdir=${DOCSDIR} --with-pid-path=/var/run \
Lines 43-50 Link Here
43	--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \	42	--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \
44	--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \	43	--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \
45	--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \	44	--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \
46	--with-unicode-lib=libunistring --with-autofs=no	45	--with-unicode-lib=libunistring --with-autofs=no \
47	CONFIGURE_ENV= XMLLINT="/bin/echo"	46	--disable-cifs-idmap-plugin --disable-config-lib
48	CFLAGS+= -fstack-protector-all	47	CFLAGS+= -fstack-protector-all
49	PLIST_SUB= PYTHON_VER=${PYTHON_VER}	48	PLIST_SUB= PYTHON_VER=${PYTHON_VER}
50	#DEBUG_FLAGS= -g	49	#DEBUG_FLAGS= -g
Lines 55-69 Link Here
55	AUTOMAKE_ARGS= -a -c -f	54	AUTOMAKE_ARGS= -a -c -f
56	USE_LDCONFIG= yes	55	USE_LDCONFIG= yes
57	USE_OPENLDAP= yes	56	USE_OPENLDAP= yes
58	USES= gettext gmake iconv libtool pathfix pkgconfig python shebangfix	57	USES= gettext gmake iconv libtool pathfix pkgconfig python:2 shebangfix
59	PATHFIX_MAKEFILEIN= Makefile.am	58	PATHFIX_MAKEFILEIN= Makefile.am
60	SHEBANG_FILES= src/tools/sss_obfuscate
61		59
		60	python_CMD= ${SETENV} python2
		61	SHEBANG_FILES= src/tools/sss_obfuscate \
		62	src/sbus/sbus_codegen
		63
62	USE_RC_SUBR= ${PORTNAME}	64	USE_RC_SUBR= ${PORTNAME}
63	PORTDATA= *	65	PORTDATA= *
64		66
65	OPTIONS_DEFINE= DOCS	67	OPTIONS_DEFINE= DOCS SMB
		68	OPTIONS_DEFAULT= DOCS
		69	OPTIONS_SUB= yes
66		70
		71	SMB_DESC= Install IPA and AD providers (requires Samba4)
		72	SMB_BUILD_DEPENDS= samba41>=4.1.0:${PORTSDIR}/net/samba41
		73	SMB_CONFIGURE_WITH= samba
		74
67	.include <bsd.port.options.mk>	75	.include <bsd.port.options.mk>
68		76
69	.if ${ARCH} == "ia64" \|\| ${ARCH} == "powerpc" \|\| ${ARCH} == "sparc64"	77	.if ${ARCH} == "ia64" \|\| ${ARCH} == "powerpc" \|\| ${ARCH} == "sparc64"
Lines 72-83 Link Here
72		80
73	post-patch:	81	post-patch:
74	@${REINPLACE_CMD} -e 's\|SIGCLD\|SIGCHLD\|g' ${WRKSRC}/src/util/signal.c	82	@${REINPLACE_CMD} -e 's\|SIGCLD\|SIGCHLD\|g' ${WRKSRC}/src/util/signal.c
75	@${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \
76	${WRKSRC}/src/util/util.h
77	@${REINPLACE_CMD} -e '/pam_misc/d' \
78	${WRKSRC}/src/sss_client/pam_test_client.c
79	@${REINPLACE_CMD} -e 's\|security/pam_misc.h\|\|g' \
80	${WRKSRC}/configure.ac ${WRKSRC}/src/external/pam.m4
81	@${REINPLACE_CMD} -e 's\|NSS_STATUS_NOTFOUND\|NS_NOTFOUND\|g' \	83	@${REINPLACE_CMD} -e 's\|NSS_STATUS_NOTFOUND\|NS_NOTFOUND\|g' \
82	-e 's\|NSS_STATUS_UNAVAIL\|NS_UNAVAIL\|g' \	84	-e 's\|NSS_STATUS_UNAVAIL\|NS_UNAVAIL\|g' \
83	-e 's\|NSS_STATUS_TRYAGAIN\|NS_TRYAGAIN\|g' \	85	-e 's\|NSS_STATUS_TRYAGAIN\|NS_TRYAGAIN\|g' \
Lines 84-106 Link Here
84	-e '/ETIME/d' \	86	-e '/ETIME/d' \
85	-e 's\|NSS_STATUS_SUCCESS\|NS_SUCCESS\|g' \	87	-e 's\|NSS_STATUS_SUCCESS\|NS_SUCCESS\|g' \
86	${WRKSRC}/src/sss_client/common.c	88	${WRKSRC}/src/sss_client/common.c
87	@${REINPLACE_CMD} -e 's\|security/_pam_macros.h\|pam_macros.h\|g' \	89	@${REINPLACE_CMD} \
88	${WRKSRC}/src/sss_client/sss_pam_macros.h
89	@${REINPLACE_CMD} -e 's\|#include <security/pam_modutil.h>\|\|g' \
90	-e 's\|PAM_BAD_ITEM\|PAM_USER_UNKNOWN\|g' \
91	-e 's\|security/pam_ext.h\|security/pam_appl.h\|g' \
92	-e 's\|pam_modutil_getlogin(pamh)\|getlogin()\|g' \	90	-e 's\|pam_modutil_getlogin(pamh)\|getlogin()\|g' \
93	-e 's\|pam_vsyslog(pamh,\|vsyslog(\|g' \
94	${WRKSRC}/src/sss_client/pam_sss.c	91	${WRKSRC}/src/sss_client/pam_sss.c
95	@${REINPLACE_CMD} \	92	@${REINPLACE_CMD} \
96	-e 's\|install-data-hook install-dist_initSCRIPTS\|install-dist_initSCRIPTS\|g' \	93	-e 's\|install-data-hook install-dist_initSCRIPTS\|install-dist_initSCRIPTS\|g' \
97	-e 's\|install-data-hook\|notinstall-data-hook\|g' \	94	-e 's\|install-data-hook\|notinstall-data-hook\|g' \
98	-e 's\| -lpam_misc\|\|g' \
99	${WRKSRC}/Makefile.am	95	${WRKSRC}/Makefile.am
100	@${REINPLACE_CMD} -e 's\|/etc/sssd/\|${ETCDIR}/\|g' \	96	@${REINPLACE_CMD} -e 's\|/etc/sssd/\|${ETCDIR}/\|g' \
101	-e 's\|/etc/openldap/\|${LOCALBASE}/etc/openldap/\|g' \	97	-e 's\|/etc/openldap/\|${LOCALBASE}/etc/openldap/\|g' \
102	${WRKSRC}/src/man/*xml	98	${WRKSRC}/src/man/*xml
103	@${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h
104	@${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c	99	@${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
105	@${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h	100	@${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h
106		101
Lines 112-116 Link Here
112	.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss	107	.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss
113	@${RMDIR} ${STAGEDIR}/var/${VARDIRS}	108	@${RMDIR} ${STAGEDIR}/var/${VARDIRS}
114	.endfor	109	.endfor
		110	# clean unused man dirs
		111	.for i in nl/man1 nl/man5 pt/man1 pt/man5
		112	@${RMDIR} ${STAGEDIR}${PREFIX}/man/${i}
		113	.endfor
115		114
116	.include <bsd.port.mk>	115	.include <bsd.port.mk>

Lines 1-196 Link Here

(-)files/pam_macros.h (-196 lines)
1	#ifndef PAM_MACROS_H
2	#define PAM_MACROS_H
3
4	/*
5	* All kind of macros used by PAM, but usable in some other
6	* programs too.
7	* Organized by Cristian Gafton <gafton@redhat.com>
8	*/
9
10	/* a 'safe' version of strdup */
11
12	#include <stdlib.h>
13	#include <string.h>
14
15	#define x_strdup(s) ( (s) ? strdup(s):NULL )
16
17	/* Good policy to strike out passwords with some characters not just
18	free the memory */
19
20	#define _pam_overwrite(x) \
21	do { \
22	register char *__xx__; \
23	if ((__xx__=(x))) \
24	while (*__xx__) \
25	*__xx__++ = '\0'; \
26	} while (0)
27
28	#define _pam_overwrite_n(x,n) \
29	do { \
30	register char *__xx__; \
31	register unsigned int __i__ = 0; \
32	if ((__xx__=(x))) \
33	for (;__i__<n; __i__++) \
34	__xx__[__i__] = 0; \
35	} while (0)
36
37	/*
38	* Don't just free it, forget it too.
39	*/
40
41	#define _pam_drop(X) \
42	do { \
43	if (X) { \
44	free(X); \
45	X=NULL; \
46	} \
47	} while (0)
48
49	#define _pam_drop_reply(/* struct pam_response * / reply, / int */ replies) \
50	do { \
51	int reply_i; \
52	\
53	for (reply_i=0; reply_i<replies; ++reply_i) { \
54	if (reply[reply_i].resp) { \
55	_pam_overwrite(reply[reply_i].resp); \
56	free(reply[reply_i].resp); \
57	} \
58	} \
59	if (reply) \
60	free(reply); \
61	} while (0)
62
63	/* some debugging code */
64
65	#ifdef DEBUG
66
67	/*
68	* This provides the necessary function to do debugging in PAM.
69	* Cristian Gafton <gafton@redhat.com>
70	*/
71
72	#include <stdio.h>
73	#include <sys/types.h>
74	#include <stdarg.h>
75	#include <errno.h>
76	#include <sys/stat.h>
77	#include <fcntl.h>
78	#include <unistd.h>
79
80	/*
81	* This is for debugging purposes ONLY. DO NOT use on live systems !!!
82	* You have been warned :-) - CG
83	*
84	* to get automated debugging to the log file, it must be created manually.
85	* _PAM_LOGFILE must exist and be writable to the programs you debug.
86	*/
87
88	#ifndef _PAM_LOGFILE
89	#define _PAM_LOGFILE "/var/run/pam-debug.log"
90	#endif
91
92	static void _pam_output_debug_info(const char file, const char fn
93	, const int line)
94	{
95	FILE *logfile;
96	int must_close = 1, fd;
97
98	#ifdef O_NOFOLLOW
99	if ((fd = open(_PAM_LOGFILE, O_WRONLY\|O_NOFOLLOW\|O_APPEND)) != -1) {
100	#else
101	if ((fd = open(_PAM_LOGFILE, O_WRONLY\|O_APPEND)) != -1) {
102	#endif
103	if (!(logfile = fdopen(fd,"a"))) {
104	logfile = stderr;
105	must_close = 0;
106	close(fd);
107	}
108	} else {
109	logfile = stderr;
110	must_close = 0;
111	}
112	fprintf(logfile,"[%s:%s(%d)] ",file, fn, line);
113	fflush(logfile);
114	if (must_close)
115	fclose(logfile);
116	}
117
118	static void _pam_output_debug(const char *format, ...)
119	{
120	va_list args;
121	FILE *logfile;
122	int must_close = 1, fd;
123
124	va_start(args, format);
125
126	#ifdef O_NOFOLLOW
127	if ((fd = open(_PAM_LOGFILE, O_WRONLY\|O_NOFOLLOW\|O_APPEND)) != -1) {
128	#else
129	if ((fd = open(_PAM_LOGFILE, O_WRONLY\|O_APPEND)) != -1) {
130	#endif
131	if (!(logfile = fdopen(fd,"a"))) {
132	logfile = stderr;
133	must_close = 0;
134	close(fd);
135	}
136	} else {
137	logfile = stderr;
138	must_close = 0;
139	}
140	vfprintf(logfile, format, args);
141	fprintf(logfile, "\n");
142	fflush(logfile);
143	if (must_close)
144	fclose(logfile);
145
146	va_end(args);
147	}
148
149	#define D(x) do { \
150	_pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \
151	_pam_output_debug x ; \
152	} while (0)
153
154	#define _pam_show_mem(X,XS) do { \
155	int i; \
156	register unsigned char *x; \
157	x = (unsigned char *)X; \
158	fprintf(stderr, " <start at %p>\n", X); \
159	for (i = 0; i < XS ; ++x, ++i) { \
160	fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \
161	} \
162	fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \
163	} while (0)
164
165	#define _pam_show_reply(/* struct pam_response * /reply, / int */replies) \
166	do { \
167	int reply_i; \
168	setbuf(stderr, NULL); \
169	fprintf(stderr, "array at %p of size %d\n",reply,replies); \
170	fflush(stderr); \
171	if (reply) { \
172	for (reply_i = 0; reply_i < replies; reply_i++) { \
173	fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \
174	reply_i, reply+reply_i, reply[reply_i].resp, \
175	reply[reply_i].resp, _retcode); \
176	fflush(stderr); \
177	if (reply[reply_i].resp) { \
178	fprintf(stderr, " resp[%d] = '%s'\n", \
179	strlen(reply[reply_i].resp), reply[reply_i].resp); \
180	fflush(stderr); \
181	} \
182	} \
183	} \
184	fprintf(stderr, "done here\n"); \
185	fflush(stderr); \
186	} while (0)
187
188	#else
189
190	#define D(x) do { } while (0)
191	#define _pam_show_mem(X,XS) do { } while (0)
192	#define _pam_show_reply(reply, replies) do { } while (0)
193
194	#endif /* DEBUG */
195
196	#endif /* PAM_MACROS_H */

Lines 1-17 Link Here

(-)files/patch-Makefile.am (-30 / +20 lines)
1	From e40f55767383f300f71103ca404b7839b8499104 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 01/25] patch-Makefile.am
5
6	---
7	Makefile.am \| 10 ++++++----
8	1 file changed, 6 insertions(+), 4 deletions(-)
9
10	diff --git Makefile.am Makefile.am	1	diff --git Makefile.am Makefile.am
11	index 04df7cb..e2558f7 100644	2	index fd74d85..4a7e6ae 100644
12	--- Makefile.am	3	--- Makefile.am
13	+++ Makefile.am	4	+++ Makefile.am
14	@@ -318,6 +318,7 @@ SSSD_LIBS = \	5	@@ -311,6 +311,7 @@ AM_CPPFLAGS = \
		6	$(LIBNL_CFLAGS) \
		7	$(OPENLDAP_CFLAGS) \
		8	$(GLIB2_CFLAGS) \
		9	+ -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \
		10	-DLIBDIR=\"$(libdir)\" \
		11	-DVARDIR=\"$(localstatedir)\" \
		12	-DSHLIBEXT=\"$(SHLIBEXT)\" \
		13	@@ -378,6 +379,7 @@ SSSD_LIBS = \
15	$(DHASH_LIBS) \	14	$(DHASH_LIBS) \
16	$(SSS_CRYPT_LIBS) \	15	$(SSS_CRYPT_LIBS) \
17	$(OPENLDAP_LIBS) \	16	$(OPENLDAP_LIBS) \
Lines 19-42 Link Here
19	$(TDB_LIBS)	18	$(TDB_LIBS)
20		19
21	PYTHON_BINDINGS_LIBS = \	20	PYTHON_BINDINGS_LIBS = \
22	@@ -369,6 +370,7 @@ dist_noinst_HEADERS = \	21	@@ -433,6 +435,7 @@ dist_noinst_HEADERS = \
23	src/util/sss_selinux.h \
24	src/util/sss_utf8.h \
25	src/util/sss_ssh.h \	22	src/util/sss_ssh.h \
		23	src/util/sss_ini.h \
		24	src/util/sss_format.h \
26	+ src/util/sss_bsd_errno.h \	25	+ src/util/sss_bsd_errno.h \
27	src/util/refcount.h \	26	src/util/refcount.h \
28	src/util/find_uid.h \	27	src/util/find_uid.h \
29	src/util/user_info_msg.h \	28	src/util/user_info_msg.h \
30	@@ -1170,7 +1172,7 @@ noinst_PROGRAMS += autofs_test_client	29	@@ -1700,9 +1703,10 @@ endif
31	endif
32
33	pam_test_client_SOURCES = src/sss_client/pam_test_client.c
34	-pam_test_client_LDFLAGS = -lpam -lpam_misc
35	+pam_test_client_LDFLAGS = -lpam
36
37	if BUILD_AUTOFS
38	autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \
39	@@ -1184,9 +1186,10 @@ endif
40	# Client Libraries #	30	# Client Libraries #
41	####################	31	####################
42		32
Lines 49-64 Link Here
49	src/sss_client/nss_passwd.c \	39	src/sss_client/nss_passwd.c \
50	src/sss_client/nss_group.c \	40	src/sss_client/nss_group.c \
51	src/sss_client/nss_netgroup.c \	41	src/sss_client/nss_netgroup.c \
52	@@ -1198,7 +1201,7 @@ libnss_sss_la_SOURCES = \	42	@@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \
53	src/sss_client/nss_mc_passwd.c \	43	src/sss_client/nss_mc_passwd.c \
54	src/sss_client/nss_mc_group.c \	44	src/sss_client/nss_mc_group.c \
55	src/sss_client/nss_mc.h	45	src/sss_client/nss_mc.h
		46	-libnss_sss_la_LIBADD = \
		47	+nss_sss_la_LIBADD = \
		48	$(CLIENT_LIBS)
56	-libnss_sss_la_LDFLAGS = \	49	-libnss_sss_la_LDFLAGS = \
57	+nss_sss_la_LDFLAGS = \	50	+nss_sss_la_LDFLAGS = \
58	$(CLIENT_LIBS) \
59	-module \	51	-module \
60	-version-info 2:0:0 \	52	-version-info 2:0:0 \
61	@@ -1532,6 +1535,7 @@ ldap_child_LDADD = \	53	-Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
		54	@@ -2086,6 +2090,7 @@ ldap_child_LDADD = \
62	$(POPT_LIBS) \	55	$(POPT_LIBS) \
63	$(OPENLDAP_LIBS) \	56	$(OPENLDAP_LIBS) \
64	$(DHASH_LIBS) \	57	$(DHASH_LIBS) \
Lines 66-71 Link Here
66	$(KRB5_LIBS)	59	$(KRB5_LIBS)
67		60
68	proxy_child_SOURCES = \	61	proxy_child_SOURCES = \
69	--
70	1.8.0
71

Lines 1-14 Link Here

(-)files/patch-src__confdb__confdb.c (-13 / +1 lines)
1	From 756e37d0ef957b15d782d5dd87d24e9359541931 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 02/25] patch-src__confdb__confdb.c
5
6	---
7	src/confdb/confdb.c \| 5 +++++
8	1 file changed, 5 insertions(+)
9
10	diff --git src/confdb/confdb.c src/confdb/confdb.c	1	diff --git src/confdb/confdb.c src/confdb/confdb.c
11	index 72c74fe..78b69b8 100644	2	index 19d8884..67720f7 100644
12	--- src/confdb/confdb.c	3	--- src/confdb/confdb.c
13	+++ src/confdb/confdb.c	4	+++ src/confdb/confdb.c
14	@@ -28,6 +28,11 @@	5	@@ -28,6 +28,11 @@
Lines 23-28 Link Here
23	#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \	14	#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
24	if (!var) { \	15	if (!var) { \
25	ret = err; \	16	ret = err; \
26	--
27	1.8.0
28

Lines 1-14 Link Here

(-)files/patch-src__external__inotify.m4 (-13 / +1 lines)
1	From 558989d6ac329b4036e02873fb7c981c5912040c Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lslebodn@redhat.com>
3	Date: Thu, 7 Nov 2013 13:28:13 +0100
4	Subject: [PATCH] patch-src__external__inotify.m4
5
6	---
7	src/external/inotify.m4 \| 4 ++--
8	1 file changed, 2 insertions(+), 2 deletions(-)
9
10	diff --git src/external/inotify.m4 src/external/inotify.m4	1	diff --git src/external/inotify.m4 src/external/inotify.m4
11	index 9572f6d2fefedf8a1d6a2468c712a83e7db2969f..2a5a8cf00d80e0979dca50fd102c3dc2872b2970 100644	2	index 9572f6d..2a5a8cf 100644
12	--- src/external/inotify.m4	3	--- src/external/inotify.m4
13	+++ src/external/inotify.m4	4	+++ src/external/inotify.m4
14	@@ -20,10 +20,10 @@ int main () {	5	@@ -20,10 +20,10 @@ int main () {
Lines 24-29 Link Here
24	)	15	)
25		16
26	AS_IF([test x"$inotify_works" = xyes],	17	AS_IF([test x"$inotify_works" = xyes],
27	--
28	1.8.3.1
29

Lines 1-14 Link Here

(-)files/patch-src__external__krb5.m4 (-13 / +1 lines)
1	From b7947258702e250dbf569bb9cd74f1e73f0c94bb Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 30 Oct 2013 08:53:42 +0100
4	Subject: [PATCH 1/4] patch-src__external__krb5.m4
5
6	---
7	src/external/krb5.m4 \| 2 +-
8	1 file changed, 1 insertion(+), 1 deletion(-)
9
10	diff --git src/external/krb5.m4 src/external/krb5.m4	1	diff --git src/external/krb5.m4 src/external/krb5.m4
11	index 71239c9..63c8ece 100644	2	index 861c8c9..978ec03 100644
12	--- src/external/krb5.m4	3	--- src/external/krb5.m4
13	+++ src/external/krb5.m4	4	+++ src/external/krb5.m4
14	@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then	5	@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
Lines 20-25 Link Here
20	AC_MSG_CHECKING(for working krb5-config)	11	AC_MSG_CHECKING(for working krb5-config)
21	if test -x "$KRB5_CONFIG"; then	12	if test -x "$KRB5_CONFIG"; then
22	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"	13	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
23	--
24	1.8.0
25

Lines 1-17 Link Here

(-)files/patch-src__external__pac_responder.m4 (-14 / +11 lines)
1	From b52128bc333fd4717a96950ef8fb4171f25fabcf Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 30 Oct 2013 08:54:41 +0100
4	Subject: [PATCH 2/4] patch-src__external__pac_responder.m4
5
6	---
7	src/external/pac_responder.m4 \| 2 +-
8	1 file changed, 1 insertion(+), 1 deletion(-)
9
10	diff --git src/external/pac_responder.m4 src/external/pac_responder.m4	1	diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
11	index 49d5cbb..2b4ca5c 100644	2	index 6e29452..50bf4a8 100644
12	--- src/external/pac_responder.m4	3	--- src/external/pac_responder.m4
13	+++ src/external/pac_responder.m4	4	+++ src/external/pac_responder.m4
14	@@ -14,7 +14,7 @@ then	5	@@ -14,14 +14,15 @@ then
15	PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,	6	PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
16	AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))	7	AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
17		8
Lines 20-25 Link Here
20	AC_MSG_CHECKING(for supported MIT krb5 version)	11	AC_MSG_CHECKING(for supported MIT krb5 version)
21	KRB5_VERSION="`$KRB5_CONFIG --version`"	12	KRB5_VERSION="`$KRB5_CONFIG --version`"
22	case $KRB5_VERSION in	13	case $KRB5_VERSION in
23	--	14	Kerberos\ 5\ release\ 1.9* \| \
24	1.8.0	15	Kerberos\ 5\ release\ 1.10* \| \
25		16	Kerberos\ 5\ release\ 1.11* \| \
		17	- Kerberos\ 5\ release\ 1.12*)
		18	+ Kerberos\ 5\ release\ 1.12* \| \
		19	+ Kerberos\ 5\ release\ 1.13*)
		20	krb5_version_ok=yes
		21	AC_MSG_RESULT([yes])
		22	;;

Lines 1-57 Link Here

(-)files/patch-src__man__pam_sss.8.xml (-57 lines)
1	From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Tue, 3 Jun 2014 22:10:50 +0200
4	Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml
5
6	---
7	src/man/pam_sss.8.xml \| 27 +++++++++++++++++++++++++++
8	1 file changed, 27 insertions(+)
9
10	diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
11	index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644
12	--- src/man/pam_sss.8.xml
13	+++ src/man/pam_sss.8.xml
14	@@ -37,6 +37,12 @@
15	<arg choice='opt'>
16	<replaceable>retry=N</replaceable>
17	</arg>
18	+ <arg choice='opt'>
19	+ <replaceable>ignore_unknown_user</replaceable>
20	+ </arg>
21	+ <arg choice='opt'>
22	+ <replaceable>ignore_authinfo_unavail</replaceable>
23	+ </arg>
24	</cmdsynopsis>
25	</refsynopsisdiv>
26
27	@@ -103,6 +109,27 @@
28	<option>PasswordAuthentication</option>.</para>
29	</listitem>
30	</varlistentry>
31	+ <varlistentry>
32	+ <term>
33	+ <option>ignore_unknown_user</option>
34	+ </term>
35	+ <listitem>
36	+ <para>If this option is specified and the user does not
37	+ exist, the PAM module will return PAM_IGNORE. This causes
38	+ the PAM framework to ignore this module.</para>
39	+ </listitem>
40	+ </varlistentry>
41	+ <varlistentry>
42	+ <term>
43	+ <option>ignore_authinfo_unavail</option>
44	+ </term>
45	+ <listitem>
46	+ <para>
47	+ Specifies that the PAM module should return PAM_IGNORE
48	+ if it cannot contact the SSSD daemon. This causes
49	+ the PAM framework to ignore this module.</para>
50	+ </listitem>
51	+ </varlistentry>
52	</variablelist>
53	</refsect1>
54
55	--
56	1.9.3
57

Lines 1-24 Link Here

(-)files/patch-src__providers__ad__ad_access.c (-24 lines)
1	From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 27 Jul 2013 15:04:27 +0200
4	Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c
5
6	---
7	src/providers/ad/ad_access.c \| 1 +
8	1 file changed, 1 insertion(+)
9
10	diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c
11	index 314cdcf..ca0fb8b 100644
12	--- src/providers/ad/ad_access.c
13	+++ src/providers/ad/ad_access.c
14	@@ -21,6 +21,7 @@
15	*/
16
17	#include <security/pam_modules.h>
18	+#include <security/pam_appl.h>
19	#include "src/util/util.h"
20	#include "src/providers/data_provider.h"
21	#include "src/providers/dp_backend.h"
22	--
23	1.8.0
24

Lines 1-43 Link Here

(-)files/patch-src__providers__ad__ad_common.c (-43 lines)
1	From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 27 Jul 2013 15:03:49 +0200
4	Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c
5
6	---
7	src/providers/ad/ad_common.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
11	index 8600dab..d628385 100644
12	--- src/providers/ad/ad_common.c
13	+++ src/providers/ad/ad_common.c
14	@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
15	char *server;
16	char *realm;
17	char *ad_hostname;
18	- char hostname[HOST_NAME_MAX + 1];
19	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
20
21	opts = talloc_zero(mem_ctx, struct ad_options);
22	if (!opts) return ENOMEM;
23	@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
24	*/
25	ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
26	if (ad_hostname == NULL) {
27	- gret = gethostname(hostname, HOST_NAME_MAX);
28	+ gret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
29	if (gret != 0) {
30	ret = errno;
31	DEBUG(SSSDBG_FATAL_FAILURE,
32	@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
33	strerror(ret)));
34	goto done;
35	}
36	- hostname[HOST_NAME_MAX] = '\0';
37	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
38	DEBUG(SSSDBG_CONF_SETTINGS,
39	("Setting ad_hostname to [%s].\n", hostname));
40	ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
41	--
42	1.8.0
43

Lines 1-41 Link Here

(-)files/patch-src__providers__fail_over.c (-41 lines)
1	From 08bc75705abe29a9e046a0a8871adcf42eeee35c Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 07/25] patch-src__providers__fail_over.c
5
6	---
7	src/providers/fail_over.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/fail_over.c src/providers/fail_over.c
11	index 59cbacd..197c0ef 100644
12	--- src/providers/fail_over.c
13	+++ src/providers/fail_over.c
14	@@ -1331,7 +1331,7 @@ resolve_srv_recv(struct tevent_req req, struct fo_server *server)
15	*******************************************************************/
16	struct resolve_get_domain_state {
17	char *fqdn;
18	- char hostname[HOST_NAME_MAX];
19	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
20	};
21
22	static void resolve_get_domain_done(struct tevent_req *subreq);
23	@@ -1351,13 +1351,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx,
24	return NULL;
25	}
26
27	- ret = gethostname(state->hostname, HOST_NAME_MAX);
28	+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX);
29	if (ret) {
30	ret = errno;
31	DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret)));
32	return NULL;
33	}
34	- state->hostname[HOST_NAME_MAX-1] = '\0';
35	+ state->hostname[_POSIX_HOST_NAME_MAX] = '\0';
36	DEBUG(7, ("Host name is: %s\n", state->hostname));
37
38	subreq = resolv_gethostbyname_send(state, ev, resolv,
39	--
40	1.8.0
41

Lines 1-42 Link Here

(-)files/patch-src__providers__ipa__ipa_common.c (-42 lines)
1	From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c
5
6	---
7	src/providers/ipa/ipa_common.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
11	index eb384a1..d7d8052 100644
12	--- src/providers/ipa/ipa_common.c
13	+++ src/providers/ipa/ipa_common.c
14	@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
15	char *realm;
16	char *ipa_hostname;
17	int ret;
18	- char hostname[HOST_NAME_MAX + 1];
19	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
20
21	opts = talloc_zero(memctx, struct ipa_options);
22	if (!opts) return ENOMEM;
23	@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx,
24
25	ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
26	if (ipa_hostname == NULL) {
27	- ret = gethostname(hostname, HOST_NAME_MAX);
28	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
29	if (ret != EOK) {
30	DEBUG(1, ("gethostname failed [%d][%s].\n", errno,
31	strerror(errno)));
32	ret = errno;
33	goto done;
34	}
35	- hostname[HOST_NAME_MAX] = '\0';
36	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
37	DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname));
38	ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
39	if (ret != EOK) {
40	--
41	1.8.0
42

Lines 1-17 Link Here

(-)files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (-16 / +4 lines)
1	From eba3efda911eb0212a98353740e13ad619aaa282 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 09/25] patch-src__providers__krb5__krb5_delayed_online_authentication.c
5
6	---
7	src/providers/krb5/krb5_delayed_online_authentication.c \| 2 ++
8	1 file changed, 2 insertions(+)
9
10	diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c	1	diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
11	index d5dea3b..da6b6bb 100644	2	index 33b839e..da6ccfc 100644
12	--- src/providers/krb5/krb5_delayed_online_authentication.c	3	--- src/providers/krb5/krb5_delayed_online_authentication.c
13	+++ src/providers/krb5/krb5_delayed_online_authentication.c	4	+++ src/providers/krb5/krb5_delayed_online_authentication.c
14	@@ -296,6 +296,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,	5	@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
15	struct tevent_context *ev)	6	struct tevent_context *ev)
16	{	7	{
17	int ret;	8	int ret;
Lines 19-26 Link Here
19	hash_table_t *tmp_table;	10	hash_table_t *tmp_table;
20		11
21	ret = get_uid_table(krb5_ctx, &tmp_table);	12	ret = get_uid_table(krb5_ctx, &tmp_table);
22	@@ -314,6 +315,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,	13	@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
23	DEBUG(1, ("hash_destroy failed [%s].\n", hash_error_string(ret)));	14	"hash_destroy failed [%s].\n", hash_error_string(ret));
24	return EFAULT;	15	return EFAULT;
25	}	16	}
26	+#endif /* __linux__ */	17	+#endif /* __linux__ */
Lines 27-32 Link Here
27		18
28	krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,	19	krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx,
29	struct deferred_auth_ctx);	20	struct deferred_auth_ctx);
30	--
31	1.8.0
32

Lines 1-14 Link Here

(-)files/patch-src__providers__ldap__ldap_auth.c (-131 / +23 lines)
1	From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c
5
6	---
7	src/providers/ldap/ldap_auth.c \| 60 ++++++++++++++++++++++++++----------------
8	1 file changed, 37 insertions(+), 23 deletions(-)
9
10	diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c	1	diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
11	index b0dd30c..6b1ad83 100644	2	index 2aacce0..e019cf7 100644
12	--- src/providers/ldap/ldap_auth.c	3	--- src/providers/ldap/ldap_auth.c
13	+++ src/providers/ldap/ldap_auth.c	4	+++ src/providers/ldap/ldap_auth.c
14	@@ -37,7 +37,6 @@	5	@@ -37,7 +37,6 @@
Lines 42-48 Link Here
42	static errno_t add_expired_warning(struct pam_data *pd, long exp_time)	33	static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
43	{	34	{
44	int ret;	35	int ret;
45	@@ -110,17 +125,16 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,	36	@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
46	return EINVAL;	37	return EINVAL;
47	}	38	}
48		39
Lines 49-123 Link Here
49	+ tzset();	40	+ tzset();
50	expire_time = mktime(&tm);	41	expire_time = mktime(&tm);
51	if (expire_time == -1) {	42	if (expire_time == -1) {
52	DEBUG(1, ("mktime failed to convert [%s].\n", expire_date));	43	DEBUG(SSSDBG_CRIT_FAILURE,
		44	@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
53	return EINVAL;	45	return EINVAL;
54	}	46	}
55		47
56	- tzset();	48	- tzset();
57	- expire_time -= timezone;	49	- expire_time -= timezone;
58	- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "	50	DEBUG(SSSDBG_TRACE_ALL,
59	- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],	51	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
60	- tzname[1], timezone, daylight, now, expire_time));	52	- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
61	+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]"	53	- tzname[1], timezone, daylight, now, expire_time);
62	+ "now [%d] expire_time [%d].\n", tzname[0],	54	+ "Time info: tzname[0] [%s] tzname[1] [%s] "
63	+ tzname[1], now, expire_time));	55	+ "now [%ld] expire_time [%ld].\n", tzname[0],
		56	+ tzname[1], now, expire_time);
64		57
65	if (difftime(now, expire_time) > 0.0) {	58	if (difftime(now, expire_time) > 0.0) {
66	DEBUG(4, ("Kerberos password expired.\n"));	59	DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
67	@@ -762,7 +776,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)	60	@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)
		61	DEBUG(SSSDBG_OP_FAILURE,
		62	"starting password change request for user [%s].\n", pd->user);
68		63
69	DEBUG(2, ("starting password change request for user [%s].\n", pd->user));
70
71	- pd->pam_status = PAM_SYSTEM_ERR;	64	- pd->pam_status = PAM_SYSTEM_ERR;
72	+ pd->pam_status = PAM_SERVICE_ERR;	65	+ pd->pam_status = PAM_SERVICE_ERR;
73		66
74	if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {	67	if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
75	DEBUG(2, ("chpass target was called by wrong pam command.\n"));	68	DEBUG(SSSDBG_OP_FAILURE,
76	@@ -821,7 +835,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)	69	@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
77	&pw_expire_type, &pw_expire_data);
78	talloc_zfree(req);
79	if (ret) {
80	- state->pd->pam_status = PAM_SYSTEM_ERR;
81	+ state->pd->pam_status = PAM_SERVICE_ERR;
82	goto done;
83	}
84
85	@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
86	&result);
87	if (ret != EOK) {
88	DEBUG(1, ("check_pwexpire_shadow failed.\n"));
89	- state->pd->pam_status = PAM_SYSTEM_ERR;
90	+ state->pd->pam_status = PAM_SERVICE_ERR;
91	goto done;
92	}
93	break;
94	@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
95	state->breq->domain->pwd_expiration_warning);
96	if (ret != EOK) {
97	DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
98	- state->pd->pam_status = PAM_SYSTEM_ERR;
99	+ state->pd->pam_status = PAM_SERVICE_ERR;
100	goto done;
101	}
102
103	if (result == SDAP_AUTH_PW_EXPIRED) {
104	DEBUG(1, ("LDAP provider cannot change kerberos "
105	"passwords.\n"));
106	- state->pd->pam_status = PAM_SYSTEM_ERR;
107	+ state->pd->pam_status = PAM_SERVICE_ERR;
108	goto done;
109	}
110	break;
111	@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
112	break;
113	default:
114	DEBUG(1, ("Unknow pasword expiration type.\n"));
115	- state->pd->pam_status = PAM_SYSTEM_ERR;
116	+ state->pd->pam_status = PAM_SERVICE_ERR;
117	goto done;
118	}
119	}
120	@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)
121	dp_err = DP_ERR_OFFLINE;	70	dp_err = DP_ERR_OFFLINE;
122	break;	71	break;
123	default:	72	default:
Lines 126-143 Link Here
126	}	75	}
127		76
128	done:	77	done:
129	@@ -929,7 +943,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)	78	@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
130	ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message);	79	state->sh, state->dn,
131	talloc_zfree(req);	80	lastchanged_name);
132	if (ret && ret != EIO) {
133	- state->pd->pam_status = PAM_SYSTEM_ERR;
134	+ state->pd->pam_status = PAM_SERVICE_ERR;
135	goto done;
136	}
137
138	@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
139	state->dn,
140	lastchanged_name);
141	if (subreq == NULL) {	81	if (subreq == NULL) {
142	- state->pd->pam_status = PAM_SYSTEM_ERR;	82	- state->pd->pam_status = PAM_SYSTEM_ERR;
143	+ state->pd->pam_status = PAM_SERVICE_ERR;	83	+ state->pd->pam_status = PAM_SERVICE_ERR;
Lines 144-150 Link Here
144	goto done;	84	goto done;
145	}	85	}
146		86
147	@@ -991,7 +1005,7 @@ static void sdap_lastchange_done(struct tevent_req *req)	87	@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *req)
148		88
149	ret = sdap_modify_shadow_lastchange_recv(req);	89	ret = sdap_modify_shadow_lastchange_recv(req);
150	if (ret != EOK) {	90	if (ret != EOK) {
Lines 153-159 Link Here
153	goto done;	93	goto done;
154	}	94	}
155		95
156	@@ -1032,7 +1046,7 @@ void sdap_pam_auth_handler(struct be_req *breq)	96	@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
157	goto done;	97	goto done;
158	}	98	}
159		99
Lines 162-213 Link Here
162		102
163	switch (pd->cmd) {	103	switch (pd->cmd) {
164	case SSS_PAM_AUTHENTICATE:	104	case SSS_PAM_AUTHENTICATE:
165	@@ -1090,7 +1104,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)	105	@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
166	&pw_expire_type, &pw_expire_data);
167	talloc_zfree(req);
168	if (ret != EOK) {
169	- state->pd->pam_status = PAM_SYSTEM_ERR;
170	+ state->pd->pam_status = PAM_SERVICE_ERR;
171	dp_err = DP_ERR_FATAL;
172	goto done;
173	}
174	@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
175	state->pd, &result);
176	if (ret != EOK) {
177	DEBUG(1, ("check_pwexpire_shadow failed.\n"));
178	- state->pd->pam_status = PAM_SYSTEM_ERR;
179	+ state->pd->pam_status = PAM_SERVICE_ERR;
180	goto done;
181	}
182	break;
183	@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
184	be_ctx->domain->pwd_expiration_warning);
185	if (ret != EOK) {
186	DEBUG(1, ("check_pwexpire_kerberos failed.\n"));
187	- state->pd->pam_status = PAM_SYSTEM_ERR;
188	+ state->pd->pam_status = PAM_SERVICE_ERR;
189	goto done;
190	}
191	break;
192	@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
193	be_ctx->domain->pwd_expiration_warning);
194	if (ret != EOK) {
195	DEBUG(1, ("check_pwexpire_ldap failed.\n"));
196	- state->pd->pam_status = PAM_SYSTEM_ERR;
197	+ state->pd->pam_status = PAM_SERVICE_ERR;
198	goto done;
199	}
200	break;
201	@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
202	break;
203	default:
204	DEBUG(1, ("Unknow pasword expiration type.\n"));
205	- state->pd->pam_status = PAM_SYSTEM_ERR;
206	+ state->pd->pam_status = PAM_SERVICE_ERR;
207	goto done;
208	}
209	}
210	@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
211	state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;	106	state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
212	break;	107	break;
213	default:	108	default:
Lines 216-221 Link Here
216	dp_err = DP_ERR_FATAL;	111	dp_err = DP_ERR_FATAL;
217	}	112	}
218		113
219	--
220	1.8.0
221

Lines 1-45 Link Here

(-)files/patch-src__providers__ldap__sdap_access.c (-188 / +12 lines)
1	From 9a3d9a05b2c8790c771c166b42f8b80e76b4b336 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c
5
6	---
7	src/providers/ldap/sdap_access.c \| 46 +++++++++++++++++++---------------------
8	1 file changed, 22 insertions(+), 24 deletions(-)
9
10	diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c	1	diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
11	index b198e04..1eaedf7 100644	2	index 880735e..d349dcf 100644
12	--- src/providers/ldap/sdap_access.c	3	--- src/providers/ldap/sdap_access.c
13	+++ src/providers/ldap/sdap_access.c	4	+++ src/providers/ldap/sdap_access.c
14	@@ -22,9 +22,7 @@	5	@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str)
15	along with this program. If not, see <http://www.gnu.org/licenses/>.
16	*/
17
18	-#define _XOPEN_SOURCE 500 /* for strptime() */
19	#include <time.h>
20	-#undef _XOPEN_SOURCE
21	#include <sys/param.h>
22	#include <security/pam_modules.h>
23	#include <talloc.h>
24	@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq)
25	pd);
26	if (req == NULL) {
27	DEBUG(1, ("Unable to start sdap_access request\n"));
28	- sdap_access_reply(breq, PAM_SYSTEM_ERR);
29	+ sdap_access_reply(breq, PAM_SERVICE_ERR);
30	return;
31	}
32
33	@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx,
34
35	state->be_req = be_req;
36	state->pd = pd;
37	- state->pam_status = PAM_SYSTEM_ERR;
38	+ state->pam_status = PAM_SERVICE_ERR;
39	state->ev = ev;
40	state->access_ctx = access_ctx;
41	state->current_rule = 0;
42	@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str)
43	return true;	6	return true;
44	}	7	}
45		8
Lines 46-52 Link Here
46	+ tzset();	9	+ tzset();
47	expire_time = mktime(&tm);	10	expire_time = mktime(&tm);
48	if (expire_time == -1) {	11	if (expire_time == -1) {
49	DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str));	12	DEBUG(SSSDBG_CRIT_FAILURE,
		13	@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str)
50	return true;	14	return true;
51	}	15	}
52		16
Lines 53-205 Link Here
53	- tzset();	17	- tzset();
54	- expire_time -= timezone;	18	- expire_time -= timezone;
55	now = time(NULL);	19	now = time(NULL);
56	- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] "	20	DEBUG(SSSDBG_TRACE_ALL,
57	- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0],	21	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
58	- tzname[1], timezone, daylight, now, expire_time));	22	- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
59	+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] "	23	- tzname[1], timezone, daylight, now, expire_time);
60	+ "now [%d] expire_time [%d].\n", tzname[0],	24	+ "Time info: tzname[0] [%s] tzname[1] [%s] "
61	+ tzname[1], now, expire_time));	25	+ "now [%ld] expire_time [%ld].\n", tzname[0],
		26	+ tzname[1], now, expire_time);
62		27
63	if (difftime(now, expire_time) > 0.0) {	28	if (difftime(now, expire_time) > 0.0) {
64	DEBUG(4, ("NDS account expired.\n"));	29	DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
65	@@ -662,7 +659,7 @@ static struct tevent_req sdap_account_expired_send(TALLOC_CTX mem_ctx,
66	return NULL;
67	}
68
69	- state->pam_status = PAM_SYSTEM_ERR;
70	+ state->pam_status = PAM_SERVICE_ERR;
71
72	expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
73	SDAP_ACCOUNT_EXPIRE_POLICY);
74	@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq)
75	talloc_zfree(subreq);
76	if (ret != EOK) {
77	DEBUG(1, ("Error retrieving access check result.\n"));
78	- state->pam_status = PAM_SYSTEM_ERR;
79	+ state->pam_status = PAM_SERVICE_ERR;
80	tevent_req_error(req, ret);
81	return;
82	}
83	@@ -806,7 +803,7 @@ static struct tevent_req sdap_access_filter_send(TALLOC_CTX mem_ctx,
84	state->filter = NULL;
85	state->be_req = be_req;
86	state->username = username;
87	- state->pam_status = PAM_SYSTEM_ERR;
88	+ state->pam_status = PAM_SERVICE_ERR;
89	state->sdap_ctx = access_ctx->id_ctx;
90	state->ev = ev;
91	state->access_ctx = access_ctx;
92	@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq)
93	false);
94	if (subreq == NULL) {
95	DEBUG(1, ("Could not start LDAP communication\n"));
96	- state->pam_status = PAM_SYSTEM_ERR;
97	+ state->pam_status = PAM_SERVICE_ERR;
98	tevent_req_error(req, EIO);
99	return;
100	}
101	@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
102	if (ret == EOK) {
103	return;
104	}
105	- state->pam_status = PAM_SYSTEM_ERR;
106	+ state->pam_status = PAM_SERVICE_ERR;
107	} else if (dp_error == DP_ERR_OFFLINE) {
108	sdap_access_filter_decide_offline(req);
109	} else {
110	DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n",
111	ret, strerror(ret)));
112	- state->pam_status = PAM_SYSTEM_ERR;
113	+ state->pam_status = PAM_SERVICE_ERR;
114	}
115
116	goto done;
117	@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
118	else if (results == NULL) {
119	DEBUG(1, ("num_results > 0, but results is NULL\n"));
120	ret = EIO;
121	- state->pam_status = PAM_SYSTEM_ERR;
122	+ state->pam_status = PAM_SERVICE_ERR;
123	goto done;
124	}
125	else if (num_results > 1) {
126	@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq)
127	*/
128	DEBUG(1, ("Received multiple replies\n"));
129	ret = EIO;
130	- state->pam_status = PAM_SYSTEM_ERR;
131	+ state->pam_status = PAM_SERVICE_ERR;
132	goto done;
133	}
134	else { /* Ok, we got a single reply */
135	@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq)
136	talloc_zfree(subreq);
137	if (ret != EOK) {
138	DEBUG(1, ("Error retrieving access check result.\n"));
139	- state->pam_status = PAM_SYSTEM_ERR;
140	+ state->pam_status = PAM_SERVICE_ERR;
141	tevent_req_error(req, ret);
142	return;
143	}
144	@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq)
145	talloc_zfree(subreq);
146	if (ret != EOK) {
147	DEBUG(1, ("Error retrieving access check result.\n"));
148	- state->pam_status = PAM_SYSTEM_ERR;
149	+ state->pam_status = PAM_SERVICE_ERR;
150	tevent_req_error(req, ret);
151	return;
152	}
153	@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send(
154	struct ldb_message_element *el;
155	unsigned int i;
156	char *host;
157	- char hostname[HOST_NAME_MAX+1];
158	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
159
160	req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx);
161	if (!req) {
162	@@ -1285,11 +1282,12 @@ static struct tevent_req *sdap_access_host_send(
163	goto done;
164	}
165
166	- if (gethostname(hostname, sizeof(hostname)) == -1) {
167	+ if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
168	DEBUG(1, ("Unable to get system hostname. Access denied\n"));
169	ret = EOK;
170	goto done;
171	}
172	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
173
174	/* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
175	* in some attempt to get aliases and/or FQDN for the machine.
176	@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq)
177	talloc_zfree(subreq);
178	if (ret != EOK) {
179	DEBUG(1, ("Error retrieving access check result.\n"));
180	- state->pam_status = PAM_SYSTEM_ERR;
181	+ state->pam_status = PAM_SERVICE_ERR;
182	tevent_req_error(req, ret);
183	return;
184	}
185	@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req req, int pam_status)
186	static void sdap_access_done(struct tevent_req *req)
187	{
188	errno_t ret;
189	- int pam_status = PAM_SYSTEM_ERR;
190	+ int pam_status = PAM_SERVICE_ERR;
191	struct be_req *breq =
192	tevent_req_callback_data(req, struct be_req);
193
194	@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req)
195	talloc_zfree(req);
196	if (ret != EOK) {
197	DEBUG(1, ("Error retrieving access check result.\n"));
198	- pam_status = PAM_SYSTEM_ERR;
199	+ pam_status = PAM_SERVICE_ERR;
200	}
201
202	sdap_access_reply(breq, pam_status);
203	--
204	1.8.0
205

Lines 1-42 Link Here

(-)files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (-42 lines)
1	From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 27 Jul 2013 15:01:26 +0200
4	Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
5
6	---
7	src/providers/ldap/sdap_async_sudo_hostinfo.c \| 6 +++---
8	1 file changed, 3 insertions(+), 3 deletions(-)
9
10	diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
11	index 0a695cd..108b4c2 100644
12	--- src/providers/ldap/sdap_async_sudo_hostinfo.c
13	+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
14	@@ -371,7 +371,7 @@ static struct tevent_req sdap_sudo_get_hostnames_send(TALLOC_CTX mem_ctx,
15	struct tevent_req *subreq = NULL;
16	struct sdap_sudo_get_hostnames_state *state = NULL;
17	char *dot = NULL;
18	- char hostname[HOST_NAME_MAX + 1];
19	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
20	int resolv_timeout;
21	int ret;
22
23	@@ -395,14 +395,14 @@ static struct tevent_req sdap_sudo_get_hostnames_send(TALLOC_CTX mem_ctx,
24	/* get hostname */
25
26	errno = 0;
27	- ret = gethostname(hostname, HOST_NAME_MAX);
28	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
29	if (ret != EOK) {
30	ret = errno;
31	DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname "
32	"[%d]: %s\n", ret, strerror(ret)));
33	goto done;
34	}
35	- hostname[HOST_NAME_MAX] = '\0';
36	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
37
38	state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
39	if (state->hostnames[0] == NULL) {
40	--
41	1.8.0
42

Lines 1-33 Link Here

(-)files/patch-src__resolv__async_resolv.c (-33 lines)
1	From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c
5
6	---
7	src/resolv/async_resolv.c \| 3 ++-
8	1 file changed, 2 insertions(+), 1 deletion(-)
9
10	diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c
11	index 268d266..1bb84e5 100644
12	--- src/resolv/async_resolv.c
13	+++ src/resolv/async_resolv.c
14	@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name)
15	hints.ai_flags = AI_NUMERICHOST; /* No network lookups */
16
17	ret = getaddrinfo(name, NULL, &hints, &res);
18	- freeaddrinfo(res);
19	if (ret != 0) {
20	if (ret == -2) {
21	DEBUG(9, ("[%s] does not look like an IP address\n", name));
22	@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name)
23	DEBUG(2, ("getaddrinfo failed [%d]: %s\n",
24	ret, gai_strerror(ret)));
25	}
26	+ } else {
27	+ freeaddrinfo(res);
28	}
29
30	return ret == 0;
31	--
32	1.8.0
33

Lines 1-12 Link Here

(-)files/patch-src__sss_client__common.c (-12 lines)
1	From 6874fb930a30eac6fe12104923ab97083f58bcf9 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 14/25] patch-src__sss_client__common.c
5
6	---
7	src/sss_client/common.c \| 15 +++++++--------
8	1 file changed, 7 insertions(+), 8 deletions(-)
9
10	diff --git src/sss_client/common.c src/sss_client/common.c	1	diff --git src/sss_client/common.c src/sss_client/common.c
11	index ec5c708..5d17eed 100644	2	index ec5c708..5d17eed 100644
12	--- src/sss_client/common.c	3	--- src/sss_client/common.c
Lines 80-85 Link Here
80	}	71	}
81	}	72	}
82		73
83	--
84	1.8.0
85

Lines 1-12 Link Here

(-)files/patch-src__sss_client__nss_group.c (-12 lines)
1	From 5a0c2079efae0f9734d85932ed72645808b32091 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:20 +0100
4	Subject: [PATCH 15/25] patch-src__sss_client__nss_group.c
5
6	---
7	src/sss_client/nss_group.c \| 70 ++++++++++++++++++++++++++++++++++++++++++++++
8	1 file changed, 70 insertions(+)
9
10	diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c	1	diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c
11	index e6ea54b..b27b671 100644	2	index e6ea54b..b27b671 100644
12	--- src/sss_client/nss_group.c	3	--- src/sss_client/nss_group.c
Lines 88-93 Link Here
88	enum nss_status _nss_sss_getgrnam_r(const char name, struct group result,	79	enum nss_status _nss_sss_getgrnam_r(const char name, struct group result,
89	char buffer, size_t buflen, int errnop)	80	char buffer, size_t buflen, int errnop)
90	{	81	{
91	--
92	1.8.0
93

Lines 1-79 Link Here

(-)files/patch-src__sss_client__pam_sss.c (-79 lines)
1	From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c
5
6	---
7	src/sss_client/pam_sss.c \| 24 ++++++++++++++++++++++++
8	1 file changed, 24 insertions(+)
9
10	diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
11	index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644
12	--- src/sss_client/pam_sss.c
13	+++ src/sss_client/pam_sss.c
14	@@ -52,6 +52,8 @@
15	#define FLAGS_USE_FIRST_PASS (1 << 0)
16	#define FLAGS_FORWARD_PASS (1 << 1)
17	#define FLAGS_USE_AUTHTOK (1 << 2)
18	+#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
19	+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4)
20
21	#define PWEXP_FLAG "pam_sss:password_expired_flag"
22	#define FD_DESTRUCTOR "pam_sss:fd_destructor"
23	@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t pamh, void ptr, int err)
24
25	static void close_fd(pam_handle_t pamh, void ptr, int err)
26	{
27	+#ifdef PAM_DATA_REPLACE
28	if (err & PAM_DATA_REPLACE) {
29	/* Nothing to do */
30	return;
31	}
32	+#endif /* PAM_DATA_REPLACE */
33
34	D(("Closing the fd"));
35	sss_pam_close_fd();
36	@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t pamh, int argc, const char *argv,
37	}
38	} else if (strcmp(*argv, "quiet") == 0) {
39	*quiet_mode = true;
40	+ } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
41	+ *flags \|= FLAGS_IGNORE_UNKNOWN_USER;
42	+ } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) {
43	+ *flags \|= FLAGS_IGNORE_AUTHINFO_UNAVAIL;
44	} else {
45	logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
46	}
47	@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
48	ret = get_pam_items(pamh, &pi);
49	if (ret != PAM_SUCCESS) {
50	D(("get items returned error: %s", pam_strerror(pamh,ret)));
51	+ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
52	+ ret = PAM_IGNORE;
53	+ }
54	+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
55	+ && ret == PAM_AUTHINFO_UNAVAIL) {
56	+ ret = PAM_IGNORE;
57	+ }
58	return ret;
59	}
60
61	@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
62
63	pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
64
65	+ if (flags & FLAGS_IGNORE_UNKNOWN_USER
66	+ && pam_status == PAM_USER_UNKNOWN) {
67	+ pam_status = PAM_IGNORE;
68	+ }
69	+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
70	+ && pam_status == PAM_AUTHINFO_UNAVAIL) {
71	+ pam_status = PAM_IGNORE;
72	+ }
73	+
74	switch (task) {
75	case SSS_PAM_AUTHENTICATE:
76	/* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
77	--
78	1.9.3
79

Lines 1-32 Link Here

(-)files/patch-src__sss_client__pam_test_client.c (-32 lines)
1	From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c
5
6	---
7	src/sss_client/pam_test_client.c \| 5 +++--
8	1 file changed, 3 insertions(+), 2 deletions(-)
9
10	diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c
11	index ef424e7..d8cf36c 100644
12	--- src/sss_client/pam_test_client.c
13	+++ src/sss_client/pam_test_client.c
14	@@ -24,12 +24,13 @@
15
16	#include <stdio.h>
17	#include <unistd.h>
18	+#include <string.h>
19
20	#include <security/pam_appl.h>
21	-#include <security/pam_misc.h>
22	+#include <security/openpam.h>
23
24	static struct pam_conv conv = {
25	- misc_conv,
26	+ openpam_ttyconv,
27	NULL
28	};
29
30	--
31	1.8.0
32

Lines 1-12 Link Here

(-)files/patch-src__sss_client__sss_nss.exports (-12 lines)
1	From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:11 +0200
4	Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports
5
6	---
7	src/sss_client/sss_nss.exports \| 18 ++++++++++++++++++
8	1 file changed, 18 insertions(+)
9
10	diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports	1	diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports
11	index 1eefea8..8e85a05 100644	2	index 1eefea8..8e85a05 100644
12	--- src/sss_client/sss_nss.exports	3	--- src/sss_client/sss_nss.exports
Lines 45-50 Link Here
45	#_nss_sss_getaliasbyname_r;	36	#_nss_sss_getaliasbyname_r;
46	#_nss_sss_setaliasent;	37	#_nss_sss_setaliasent;
47	#_nss_sss_getaliasent_r;	38	#_nss_sss_getaliasent_r;
48	--
49	1.8.0
50

Lines 1-22 Link Here

(-)files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (-16 / +2 lines)
1	From 74422233fe8c6efa826b20c6b579f4c99e45ff87 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 19/25] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c
5
6	---
7	src/util/crypto/libcrypto/crypto_sha512crypt.c \| 8 ++++++++
8	1 file changed, 8 insertions(+)
9
10	diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c	1	diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
11	index 88628b6..4510403 100644	2	index 34547d0..6901851 100644
12	--- src/util/crypto/libcrypto/crypto_sha512crypt.c	3	--- src/util/crypto/libcrypto/crypto_sha512crypt.c
13	+++ src/util/crypto/libcrypto/crypto_sha512crypt.c	4	+++ src/util/crypto/libcrypto/crypto_sha512crypt.c
14	@@ -28,6 +28,14 @@	5	@@ -28,6 +28,12 @@
15	#include <openssl/evp.h>	6	#include <openssl/evp.h>
16	#include <openssl/rand.h>	7	#include <openssl/rand.h>
17		8
18	+#define __stpncpy(x, y, z) stpncpy(x, y, z)
19	+
20	+void *	9	+void *
21	+mempcpy (void dest, const void src, size_t n)	10	+mempcpy (void dest, const void src, size_t n)
22	+{	11	+{
Lines 26-31 Link Here
26	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */	15	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
27	const char sha512_salt_prefix[] = "$6$";	16	const char sha512_salt_prefix[] = "$6$";
28	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)	17	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
29	--
30	1.8.0
31

Lines 1-22 Link Here

(-)files/patch-src__util__crypto__nss__nss_sha512crypt.c (-16 / +2 lines)
1	From be27b76238aa49ac0ace123f80c9957ae25501fa Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 20/25] patch-src__util__crypto__nss__nss_sha512crypt.c
5
6	---
7	src/util/crypto/nss/nss_sha512crypt.c \| 8 ++++++++
8	1 file changed, 8 insertions(+)
9
10	diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c	1	diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c
11	index 2838c47..a6cf43f 100644	2	index 9fedd5e..90192ac 100644
12	--- src/util/crypto/nss/nss_sha512crypt.c	3	--- src/util/crypto/nss/nss_sha512crypt.c
13	+++ src/util/crypto/nss/nss_sha512crypt.c	4	+++ src/util/crypto/nss/nss_sha512crypt.c
14	@@ -29,6 +29,14 @@	5	@@ -29,6 +29,12 @@
15	#include <sechash.h>	6	#include <sechash.h>
16	#include <pk11func.h>	7	#include <pk11func.h>
17		8
18	+#define __stpncpy(x, y, z) stpncpy(x, y, z)
19	+
20	+static void *	9	+static void *
21	+mempcpy (void dest, const void src, size_t n)	10	+mempcpy (void dest, const void src, size_t n)
22	+{	11	+{
Lines 26-31 Link Here
26	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */	15	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
27	const char sha512_salt_prefix[] = "$6$";	16	const char sha512_salt_prefix[] = "$6$";
28	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)	17	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
29	--
30	1.8.0
31

Lines 1-14 Link Here

(-)files/patch-src__util__find_uid.c (-17 / +5 lines)
1	From ccc51217c877dde1857300662fdacab2298f5816 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 21/25] patch-src__util__find_uid.c
5
6	---
7	src/util/find_uid.c \| 9 ++++-----
8	1 file changed, 4 insertions(+), 5 deletions(-)
9
10	diff --git src/util/find_uid.c src/util/find_uid.c	1	diff --git src/util/find_uid.c src/util/find_uid.c
11	index d34a4ab..9dec900 100644	2	index 4c8f73a..40f3690 100644
12	--- src/util/find_uid.c	3	--- src/util/find_uid.c
13	+++ src/util/find_uid.c	4	+++ src/util/find_uid.c
14	@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)	5	@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
Lines 18-26 Link Here
18	- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);	9	- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
19	+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);	10	+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
20	if (ret < 0) {	11	if (ret < 0) {
21	DEBUG(1, ("snprintf failed"));	12	DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");
22	return EINVAL;	13	return EINVAL;
23	@@ -201,12 +201,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)	14	@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
24	struct dirent *dirent;	15	struct dirent *dirent;
25	int ret, err;	16	int ret, err;
26	pid_t pid = -1;	17	pid_t pid = -1;
Lines 34-41 Link Here
34	+ proc_dir = opendir("/compat/linux/proc");	25	+ proc_dir = opendir("/compat/linux/proc");
35	if (proc_dir == NULL) {	26	if (proc_dir == NULL) {
36	ret = errno;	27	ret = errno;
37	DEBUG(1, ("Cannot open proc dir.\n"));	28	DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
38	@@ -280,9 +280,8 @@ done:	29	@@ -287,9 +287,8 @@ done:
39		30
40	errno_t get_uid_table(TALLOC_CTX mem_ctx, hash_table_t *table)	31	errno_t get_uid_table(TALLOC_CTX mem_ctx, hash_table_t *table)
41	{	32	{
Lines 46-51 Link Here
46	ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,	37	ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0,
47	hash_talloc, hash_talloc_free, mem_ctx,	38	hash_talloc, hash_talloc_free, mem_ctx,
48	NULL, NULL);	39	NULL, NULL);
49	--
50	1.8.0
51

Lines 1-17 Link Here

(-)files/patch-src__util__server.c (-14 / +2 lines)
1	From cc6cab9e45ba978eaf33c6fa1860ee94166780be Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 22/25] patch-src__util__server.c
5
6	---
7	src/util/server.c \| 12 +++++++-----
8	1 file changed, 7 insertions(+), 5 deletions(-)
9
10	diff --git src/util/server.c src/util/server.c	1	diff --git src/util/server.c src/util/server.c
11	index b3073fc..ddc124f 100644	2	index 343668c..f8a1627 100644
12	--- src/util/server.c	3	--- src/util/server.c
13	+++ src/util/server.c	4	+++ src/util/server.c
14	@@ -321,12 +321,14 @@ static void setup_signals(void)	5	@@ -322,12 +322,14 @@ static void setup_signals(void)
15	BlockSignals(false, SIGTERM);	6	BlockSignals(false, SIGTERM);
16		7
17	CatchSignal(SIGHUP, sig_hup);	8	CatchSignal(SIGHUP, sig_hup);
Lines 31-36 Link Here
31	#endif	22	#endif
32		23
33	}	24	}
34	--
35	1.8.0
36

Line 0 Link Here

(-)files/patch-src__util__signal.c (+72 lines)
		1	diff --git src/util/signal.c src/util/signal.c
		2	index 053457b..bb8f8be 100644
		3	--- src/util/signal.c
		4	+++ src/util/signal.c
		5	@@ -28,45 +28,6 @@
		6	* @brief Signal handling
		7	*/
		8
		9	-/****************************************************************************
		10	- Catch child exits and reap the child zombie status.
		11	-****************************************************************************/
		12	-
		13	-static void sig_cld(int signum)
		14	-{
		15	- while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0)
		16	- ;
		17	-
		18	- /*
		19	- * Turns out it's really important not to
		20	- * restore the signal handler here if we have real POSIX
		21	- * signal handling. If we do, then we get the signal re-delivered
		22	- * immediately - hey presto - instant loop ! JRA.
		23	- */
		24	-
		25	-#if !defined(HAVE_SIGACTION)
		26	- CatchSignal(SIGCLD, sig_cld);
		27	-#endif
		28	-}
		29	-
		30	-/****************************************************************************
		31	-catch child exits - leave status;
		32	-****************************************************************************/
		33	-
		34	-static void sig_cld_leave_status(int signum)
		35	-{
		36	- /*
		37	- * Turns out it's really important not to
		38	- * restore the signal handler here if we have real POSIX
		39	- * signal handling. If we do, then we get the signal re-delivered
		40	- * immediately - hey presto - instant loop ! JRA.
		41	- */
		42	-
		43	-#if !defined(HAVE_SIGACTION)
		44	- CatchSignal(SIGCLD, sig_cld_leave_status);
		45	-#endif
		46	-}
		47	-
		48	/**
		49	Block sigs.
		50	**/
		51	@@ -126,21 +87,3 @@ void (CatchSignal(int signum,void (handler)(int )))(int)
		52	return signal(signum, handler);
		53	#endif
		54	}
		55	-
		56	-/**
		57	- Ignore SIGCLD via whatever means is necessary for this OS.
		58	-**/
		59	-
		60	-void CatchChild(void)
		61	-{
		62	- CatchSignal(SIGCLD, sig_cld);
		63	-}
		64	-
65	-/**
66	- Catch SIGCLD but leave the child around so it's status can be reaped.
67	-**/
68	-
69	-void CatchChildLeaveStatus(void)
70	-{
71	- CatchSignal(SIGCLD, sig_cld_leave_status);
72	-}

Lines 1-17 Link Here

(-)files/patch-src__util__sss_ldap.c (-26 / +5 lines)
1	From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Sat, 4 May 2013 16:08:12 +0200
4	Subject: [PATCH 27/34] patch-src__util__sss_ldap.c
5
6	---
7	src/util/sss_ldap.c \| 7 +++++--
8	1 file changed, 5 insertions(+), 2 deletions(-)
9
10	diff --git src/util/sss_ldap.c src/util/sss_ldap.c	1	diff --git src/util/sss_ldap.c src/util/sss_ldap.c
11	index 060aacf..a2cc82a 100644	2	index dd63b4b..0764622 100644
12	--- src/util/sss_ldap.c	3	--- src/util/sss_ldap.c
13	+++ src/util/sss_ldap.c	4	+++ src/util/sss_ldap.c
14	@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,	5	@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,
15	errno = 0;	6	errno = 0;
16	ret = connect(state->fd, (struct sockaddr *) &state->addr,	7	ret = connect(state->fd, (struct sockaddr *) &state->addr,
17	state->addr_len);	8	state->addr_len);
Lines 21-44 Link Here
21	if (ret != EOK) {	12	if (ret != EOK) {
22	ret = errno;	13	ret = errno;
23	if (ret == EINPROGRESS \|\| ret == EINTR) {	14	if (ret == EINPROGRESS \|\| ret == EINTR) {
24	@@ -268,7 +271,7 @@ static errno_t set_fd_flags_and_opts(int fd)	15	@@ -346,7 +349,7 @@ struct tevent_req sss_ldap_init_send(TALLOC_CTX mem_ctx,
25	strerror(ret)));	16	"Using file descriptor [%d] for LDAP connection.\n", state->sd);
26	}
27		17
28	- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
29	+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy));
30	if (ret != 0) {
31	ret = errno;
32	DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret,
33	@@ -341,7 +344,7 @@ struct tevent_req sss_ldap_init_send(TALLOC_CTX mem_ctx,
34	DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd));
35
36	subreq = sdap_async_sys_connect_send(state, ev, state->sd,	18	subreq = sdap_async_sys_connect_send(state, ev, state->sd,
37	- (struct sockaddr *) addr, addr_len);	19	- (struct sockaddr *) addr, addr_len);
38	+ (struct sockaddr *) addr, sizeof(struct sockaddr));	20	+ (struct sockaddr *) addr, sizeof(struct sockaddr));
39	if (subreq == NULL) {	21	if (subreq == NULL) {
40	ret = ENOMEM;	22	ret = ENOMEM;
41	DEBUG(1, ("sdap_async_sys_connect_send failed.\n"));	23	DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");
42	--
43	1.8.0
44

Lines 1-23 Link Here

(-)files/patch-src__util__util.h (-17 / +14 lines)
1	From 5fcf9d93df255105ec065b168ddc11d98b5bb5d1 Mon Sep 17 00:00:00 2001
2	From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
3	Date: Wed, 6 Nov 2013 22:01:21 +0100
4	Subject: [PATCH 24/25] patch-src__util__util.h
5
6	---
7	src/util/util.h \| 2 ++
8	1 file changed, 2 insertions(+)
9
10	diff --git src/util/util.h src/util/util.h	1	diff --git src/util/util.h src/util/util.h
11	index eab1f78..8e29fb5 100644	2	index 7a66846..5e63275 100644
12	--- src/util/util.h	3	--- src/util/util.h
13	+++ src/util/util.h	4	+++ src/util/util.h
14	@@ -571,4 +571,6 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len,	5	@@ -227,8 +227,6 @@ void sig_term(int sig);
15	#define BUILD_WITH_PAC_RESPONDER false	6	#include <signal.h>
16	#endif	7	void BlockSignals(bool block, int signum);
		8	void (CatchSignal(int signum,void (handler)(int )))(int);
		9	-void CatchChild(void);
		10	-void CatchChildLeaveStatus(void);
17		11
		12	/* from memory.c */
		13	typedef int (void_destructor_fn_t)(void *);
		14	@@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx,
		15	char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx,
		16	const char *orig_name,
		17	const char replace_char);
18	+#include "util/sss_bsd_errno.h"	18	+#include "util/sss_bsd_errno.h"
19	+	19
20	#endif /* __SSSD_UTIL_H__ */	20	#endif /* __SSSD_UTIL_H__ */
21	--
22	1.8.0
23

Lines 1-9 Link Here

(-)pkg-plist (-42 / +31 lines)
1	bin/sss_ssh_authorizedkeys	1	bin/sss_ssh_authorizedkeys
2	bin/sss_ssh_knownhostsproxy	2	bin/sss_ssh_knownhostsproxy
3	@sample %%ETCDIR%%/sssd.conf.sample	3	etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
		4	%%ETCDIR%%/sssd.conf.sample
4	include/ipa_hbac.h	5	include/ipa_hbac.h
5	include/sss_idmap.h	6	include/sss_idmap.h
6	include/sss_sudo.h	7	include/sss_nss_idmap.h
		8	%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so
7	lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so	9	lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
8	lib/libipa_hbac.so	10	lib/libipa_hbac.so
9	lib/libipa_hbac.so.0	11	lib/libipa_hbac.so.0
Lines 10-16 Link Here
10	lib/libipa_hbac.so.0.0.1	12	lib/libipa_hbac.so.0.0.1
11	lib/libsss_idmap.so	13	lib/libsss_idmap.so
12	lib/libsss_idmap.so.0	14	lib/libsss_idmap.so.0
13	lib/libsss_idmap.so.0.0.1	15	lib/libsss_idmap.so.0.4.0
		16	lib/libsss_nss_idmap.so
		17	lib/libsss_nss_idmap.so.0
		18	lib/libsss_nss_idmap.so.0.0.1
14	lib/libsss_sudo.so	19	lib/libsss_sudo.so
15	lib/nss_sss.so	20	lib/nss_sss.so
16	lib/nss_sss.so.1	21	lib/nss_sss.so.1
Lines 17-23 Link Here
17	lib/nss_sss.so.2	22	lib/nss_sss.so.2
18	lib/nss_sss.so.2.0.0	23	lib/nss_sss.so.2.0.0
19	lib/pam_sss.so	24	lib/pam_sss.so
20	%%PYTHON_SITELIBDIR%%/SSSDConfig-1.9.6-py%%PYTHON_VER%%.egg-info	25	%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info
21	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py	26	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
22	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc	27	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc
23	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py	28	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py
Lines 27-53 Link Here
27	%%PYTHON_SITELIBDIR%%/pyhbac.so	32	%%PYTHON_SITELIBDIR%%/pyhbac.so
28	%%PYTHON_SITELIBDIR%%/pysss.so	33	%%PYTHON_SITELIBDIR%%/pysss.so
29	%%PYTHON_SITELIBDIR%%/pysss_murmur.so	34	%%PYTHON_SITELIBDIR%%/pysss_murmur.so
		35	%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
30	lib/shared-modules/ldb/memberof.so	36	lib/shared-modules/ldb/memberof.so
31	lib/sssd/libsss_ad.so	37	%%SMB%%lib/sssd/libsss_ad.so
32	lib/sssd/libsss_ipa.so	38	lib/sssd/libsss_child.so
		39	lib/sssd/libsss_crypt.so
		40	lib/sssd/libsss_debug.so
		41	%%SMB%%lib/sssd/libsss_ipa.so
33	lib/sssd/libsss_krb5.so	42	lib/sssd/libsss_krb5.so
		43	lib/sssd/libsss_krb5_common.so
34	lib/sssd/libsss_ldap.so	44	lib/sssd/libsss_ldap.so
		45	lib/sssd/libsss_ldap_common.so
35	lib/sssd/libsss_proxy.so	46	lib/sssd/libsss_proxy.so
36	lib/sssd/libsss_simple.so	47	lib/sssd/libsss_simple.so
		48	lib/sssd/libsss_util.so
37	libdata/pkgconfig/ipa_hbac.pc	49	libdata/pkgconfig/ipa_hbac.pc
38	libdata/pkgconfig/sss_idmap.pc	50	libdata/pkgconfig/sss_idmap.pc
		51	libdata/pkgconfig/sss_nss_idmap.pc
39	libexec/sssd/krb5_child	52	libexec/sssd/krb5_child
40	libexec/sssd/ldap_child	53	libexec/sssd/ldap_child
41	libexec/sssd/proxy_child	54	libexec/sssd/proxy_child
		55	libexec/sssd/sss_signal
42	libexec/sssd/sssd_be	56	libexec/sssd/sssd_be
		57	libexec/sssd/sssd_ifp
43	libexec/sssd/sssd_nss	58	libexec/sssd/sssd_nss
		59	%%SMB%%libexec/sssd/sssd_pac
44	libexec/sssd/sssd_pam	60	libexec/sssd/sssd_pam
45	libexec/sssd/sssd_ssh	61	libexec/sssd/sssd_ssh
46	libexec/sssd/sssd_sudo	62	libexec/sssd/sssd_sudo
47	man/es/man1/sss_ssh_authorizedkeys.1.gz	63	man/es/man1/sss_ssh_authorizedkeys.1.gz
48	man/es/man1/sss_ssh_knownhostsproxy.1.gz	64	man/es/man1/sss_ssh_knownhostsproxy.1.gz
49	man/es/man5/sssd-ad.5.gz
50	man/es/man5/sssd-ipa.5.gz
51	man/es/man5/sssd-ldap.5.gz	65	man/es/man5/sssd-ldap.5.gz
52	man/es/man5/sssd-simple.5.gz	66	man/es/man5/sssd-simple.5.gz
53	man/es/man5/sssd-sudo.5.gz	67	man/es/man5/sssd-sudo.5.gz
Lines 69-75 Link Here
69	man/fr/man1/sss_ssh_authorizedkeys.1.gz	83	man/fr/man1/sss_ssh_authorizedkeys.1.gz
70	man/fr/man1/sss_ssh_knownhostsproxy.1.gz	84	man/fr/man1/sss_ssh_knownhostsproxy.1.gz
71	man/fr/man5/sssd-ad.5.gz	85	man/fr/man5/sssd-ad.5.gz
72	man/fr/man5/sssd-ipa.5.gz
73	man/fr/man5/sssd-krb5.5.gz	86	man/fr/man5/sssd-krb5.5.gz
74	man/fr/man5/sssd-ldap.5.gz	87	man/fr/man5/sssd-ldap.5.gz
75	man/fr/man5/sssd-simple.5.gz	88	man/fr/man5/sssd-simple.5.gz
Lines 91-98 Link Here
91	man/fr/man8/sssd_krb5_locator_plugin.8.gz	104	man/fr/man8/sssd_krb5_locator_plugin.8.gz
92	man/ja/man1/sss_ssh_authorizedkeys.1.gz	105	man/ja/man1/sss_ssh_authorizedkeys.1.gz
93	man/ja/man1/sss_ssh_knownhostsproxy.1.gz	106	man/ja/man1/sss_ssh_knownhostsproxy.1.gz
94	man/ja/man5/sssd-ad.5.gz
95	man/ja/man5/sssd-ipa.5.gz
96	man/ja/man5/sssd-krb5.5.gz	107	man/ja/man5/sssd-krb5.5.gz
97	man/ja/man5/sssd-ldap.5.gz	108	man/ja/man5/sssd-ldap.5.gz
98	man/ja/man5/sssd-simple.5.gz	109	man/ja/man5/sssd-simple.5.gz
Lines 113-118 Link Here
113	man/man1/sss_ssh_authorizedkeys.1.gz	124	man/man1/sss_ssh_authorizedkeys.1.gz
114	man/man1/sss_ssh_knownhostsproxy.1.gz	125	man/man1/sss_ssh_knownhostsproxy.1.gz
115	man/man5/sssd-ad.5.gz	126	man/man5/sssd-ad.5.gz
		127	man/man5/sssd-ifp.5.gz
116	man/man5/sssd-ipa.5.gz	128	man/man5/sssd-ipa.5.gz
117	man/man5/sssd-krb5.5.gz	129	man/man5/sssd-krb5.5.gz
118	man/man5/sssd-ldap.5.gz	130	man/man5/sssd-ldap.5.gz
Lines 139-145 Link Here
139	man/uk/man1/sss_ssh_authorizedkeys.1.gz	151	man/uk/man1/sss_ssh_authorizedkeys.1.gz
140	man/uk/man1/sss_ssh_knownhostsproxy.1.gz	152	man/uk/man1/sss_ssh_knownhostsproxy.1.gz
141	man/uk/man5/sssd-ad.5.gz	153	man/uk/man5/sssd-ad.5.gz
142	man/uk/man5/sssd-ipa.5.gz	154	man/uk/man5/sssd-ifp.5.gz
143	man/uk/man5/sssd-krb5.5.gz	155	man/uk/man5/sssd-krb5.5.gz
144	man/uk/man5/sssd-ldap.5.gz	156	man/uk/man5/sssd-ldap.5.gz
145	man/uk/man5/sssd-simple.5.gz	157	man/uk/man5/sssd-simple.5.gz
Lines 171-206 Link Here
171	sbin/sss_userdel	183	sbin/sss_userdel
172	sbin/sss_usermod	184	sbin/sss_usermod
173	sbin/sssd	185	sbin/sssd
174	%%PORTDOCS%%@dirrm %%DOCSDIR%%/libsss_sudo_doc	186	@dir lib/ldb
175	%%PORTDOCS%%@dirrm %%DOCSDIR%%/idmap_doc	187	@dir lib/sssd/modules
176	%%PORTDOCS%%@dirrm %%DOCSDIR%%/hbac_doc	188	%%PORTDOCS%%@dir %%DOCSDIR%%/doc
177	%%PORTDOCS%%@dirrm %%DOCSDIR%%/doc	189	%%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc
178	%%PORTDOCS%%@dirrm %%DOCSDIR%%	190	%%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc
179	@dirrm libexec/sssd	191	%%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc
180	@dirrm lib/sssd/modules	192	%%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc
181	@dirrm lib/sssd
182	@dirrm %%PYTHON_SITELIBDIR%%/SSSDConfig
183	@dirrmtry %%ETCDIR%%
184	@dirrmtry man/uk/man8
185	@dirrmtry man/uk/man5
186	@dirrmtry man/uk/man1
187	@dirrmtry man/uk
188	@dirrmtry man/pt/man8
189	@dirrmtry man/pt/man5
190	@dirrmtry man/pt/man1
191	@dirrmtry man/pt
192	@dirrmtry man/nl/man8
193	@dirrmtry man/nl/man5
194	@dirrmtry man/nl/man1
195	@dirrmtry man/nl
196	@dirrmtry man/fr/man8
197	@dirrmtry man/fr/man5
198	@dirrmtry man/fr/man1
199	@dirrmtry man/fr
200	@dirrmtry man/es/man8
201	@dirrmtry man/es/man5
202	@dirrmtry man/es/man1
203	@dirrmtry man/es
204	@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi	193	@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi
205	@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi	194	@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi
206	@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi	195	@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi