Attachment #212864 for bug #241347




# $FreeBSD$

PORTNAME=	sssd
PORTVERSION=	1.16.4
PORTREVISION=	1
CATEGORIES=	security
MASTER_SITES=	https://releases.pagure.org/SSSD/${PORTNAME}/


		libtalloc.so:devel/talloc \
		libtevent.so:devel/tevent \
		libtdb.so:databases/tdb \
		libldb.so:databases/ldb15 \
		libcares.so:dns/c-ares \
		libdbus-1.so:devel/dbus \
		libdhash.so:devel/ding-libs \

		nsupdate:dns/bind-tools

GNU_CONFIGURE=	yes
CONFIGURE_ARGS=	--without-selinux --without-semanage \
		--without-libnl --without-nfsv4-idmapd-plugin \
		--without-autofs --without-secrets --without-kcm \
		--without-python2-bindings \
		--with-init-dir=no \
		--disable-cifs-idmap-plugin \
		--with-unicode-lib=libunistring \
		--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
		--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
		--datadir=${DATADIR} --docdir=${DOCSDIR} --localstatedir=/var \
		--with-db-path=/var/db/sss/db --with-mcache-path=/var/db/sss/mc \
		--with-pubconf-path=/var/db/sss/pubconf  \
		--with-gpo-cache-path=/var/db/sss/gpo_cache  \
		--with-pid-path=/var/run --with-pipe-path=/var/run/sss/pipes \
		--with-krb5-conf=/etc/krb5.conf \
		--enable-pammoddir=${PREFIX}/lib
		--with-krb5-conf=/etc/krb5.conf
CFLAGS+=	-fstack-protector-all
PLIST_SUB=	PYTHON_VER=${PYTHON_VER}
#DEBUG_FLAGS=	-g

USE_LDCONFIG=	yes
USE_OPENLDAP=	yes
USES=		autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \
		python:3.6 shebangfix gssapi:mit
INSTALL_TARGET=	install-strip
CPE_VENDOR=	fedoraproject

BINARY_ALIAS=	python3=python${PYTHON_VER}
SHEBANG_FILES=	src/tools/sss_obfuscate \
		src/sbus/sbus_codegen


OPTIONS_SUB=	yes

SMB_DESC=		Install IPA and AD providers (requires Samba4)
SMB_USES=		samba:lib
SMB_CONFIGURE_WITH=	samba smb-idmap-interface-version=6
SMB_LIB_DEPENDS=	libndr-nbt.so.0:net/samba410 \
			libndr-krb5pac.so.0:net/samba410 \
			libndr-standard.so.0:net/samba410 \
			libndr.so.0:net/samba410 \
			libsamba-util.so.0:net/samba410 \
			libsmbclient.so.0:net/samba410

post-patch:
	@${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c

	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \
		${STAGEDIR}${ETCDIR}/sssd.conf.sample
	${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1

.for d in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss
	@${RMDIR} ${STAGEDIR}/var/${d}
.endfor
# clean unused man dirs
.for i in es/man1 nl/man1 nl/man5 pt/man1 pt/man5 sv/man1
	@${RMDIR} ${STAGEDIR}${PREFIX}/man/${i}
.endfor


Lines 1-2 Link Here

(-)b/security/sssd/distinfo (-2 / +3 lines)
1	SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5	1	TIMESTAMP = 1571499373
2	SIZE (sssd-1.11.7.tar.gz) = 3661227	2	SHA256 (sssd-1.16.4.tar.gz) = 6bb212cd6b75b918e945c24e7c3f95a486fb54d7f7d489a9334cfa1a1f3bf959
		3	SIZE (sssd-1.16.4.tar.gz) = 6355636




diff --git Makefile.am Makefile.am
index be17d6a59..03386d1f8 100644
--- Makefile.am
+++ Makefile.am
@@ -61,7 +61,7 @@ sssdapiplugindir = $(sssddatadir)/sssd.api.d
 sssdtapscriptdir = $(sssddatadir)/systemtap
 dbuspolicydir = $(sysconfdir)/dbus-1/system.d
 dbusservicedir = $(datadir)/dbus-1/system-services
-sss_statedir = $(localstatedir)/lib/sss
+sss_statedir = $(localstatedir)/db/sss
 runstatedir = @runstatedir@
 localedir = @localedir@
 nsslibdir = @nsslibdir@
@@ -378,12 +378,6 @@ sssdlib_LTLIBRARIES += \
     libsss_ad.la
 endif
 
-if HAVE_INOTIFY
-sssdlib_LTLIBRARIES += \
-    libsss_files.la \
-    $(NULL)
-endif # HAVE_INOTIFY
-
 ldblib_LTLIBRARIES = \
     memberof.la
 
@@ -610,6 +604,7 @@ SSSD_FAILOVER_OBJ = \
 
 SSSD_LIBS = \
     $(TALLOC_LIBS) \
+    $(LTLIBINTL) \
     $(TEVENT_LIBS) \
     $(POPT_LIBS) \
     $(LDB_LIBS) \
@@ -664,6 +659,7 @@ dist_noinst_HEADERS = \
     src/util/sss_ssh.h \
     src/util/sss_ini.h \
     src/util/sss_format.h \

     src/util/refcount.h \
     src/util/find_uid.h \
     src/util/user_info_msg.h \
@@ -1358,6 +1354,7 @@ sssd_LDADD = \
     $(SSSD_LIBS) \
     $(INOTIFY_LIBS) \
     $(LIBNL_LIBS) \
+    $(LTLIBINTL) \
     $(KEYUTILS_LIBS) \
     $(SYSTEMD_DAEMON_LIBS) \
     $(SSSD_INTERNAL_LTLIBS)
@@ -1381,6 +1378,7 @@ sssd_nss_SOURCES = \
 sssd_nss_LDADD = \
     $(TDB_LIBS) \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     libsss_idmap.la \
     libsss_cert.la \
     $(SYSTEMD_DAEMON_LIBS) \
@@ -1397,6 +1395,7 @@ sssd_pam_SOURCES = \
 sssd_pam_LDADD = \
     $(TDB_LIBS) \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(SELINUX_LIBS) \
     $(PAM_LIBS) \
     $(SYSTEMD_DAEMON_LIBS) \
@@ -1414,6 +1413,7 @@ sssd_sudo_SOURCES = \
     $(SSSD_RESPONDER_OBJ)
 sssd_sudo_LDADD = \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(SYSTEMD_DAEMON_LIBS) \
     $(SSSD_INTERNAL_LTLIBS)
 endif
@@ -1426,6 +1426,7 @@ sssd_autofs_SOURCES = \
     $(SSSD_RESPONDER_OBJ)
 sssd_autofs_LDADD = \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(SYSTEMD_DAEMON_LIBS) \
     $(SSSD_INTERNAL_LTLIBS)
 endif
@@ -1441,6 +1442,7 @@ sssd_ssh_SOURCES = \
     $(NULL)
 sssd_ssh_LDADD = \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(SSSD_INTERNAL_LTLIBS) \
     $(SYSTEMD_DAEMON_LIBS) \
     libsss_cert.la \
@@ -1481,6 +1483,7 @@ sssd_ifp_CFLAGS = \
     $(AM_CFLAGS)
 sssd_ifp_LDADD = \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(SYSTEMD_DAEMON_LIBS) \
     $(SSSD_INTERNAL_LTLIBS) \
     libsss_cert.la \
@@ -1604,6 +1607,7 @@ sssd_be_SOURCES = \
 sssd_be_LDADD = \
     $(LIBADD_DL) \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(CARES_LIBS) \
     $(PAM_LIBS) \
     $(SSSD_INTERNAL_LTLIBS)
@@ -1726,6 +1730,7 @@ sss_signal_SOURCES = \
     src/tools/common/sss_process.c
     $(NULL)
 sss_signal_LDADD = \
+    $(LTLIBINTL) \
     libsss_debug.la \
     $(NULL)
 
@@ -2318,6 +2323,7 @@ test_ssh_client_CFLAGS = \
 test_ssh_client_LDADD = \
     $(SSSD_INTERNAL_LTLIBS) \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(NULL)
 
 if BUILD_DBUS_TESTS
@@ -2602,6 +2608,7 @@ test_authtok_LDADD = \
     $(CMOCKA_LIBS) \
     $(DHASH_LIBS) \
     $(POPT_LIBS) \
+    $(LTLIBINTL) \
     libsss_test_common.la \
     libsss_debug.la \
     $(NULL)
@@ -2622,6 +2629,7 @@ deskprofile_utils_tests_SOURCES = \
 deskprofile_utils_tests_CFLAGS = \
     $(AM_CFLAGS)
 deskprofile_utils_tests_LDADD = \
+    $(LTLIBINTL) \
     $(CMOCKA_LIBS) \
     $(SSSD_INTERNAL_LTLIBS) \
     libsss_test_common.la
@@ -2654,6 +2662,7 @@ domain_resolution_order_tests_CFLAGS = \
 	$(AM_CFLAGS)
 domain_resolution_order_tests_LDADD = \
 	$(CMOCKA_LIBS) \
+        $(LTLIBINTL) \
 	$(SSSD_INTERNAL_LTLIBS) \
 	libsss_test_common.la
 
@@ -2738,6 +2747,7 @@ test_search_bases_LDADD = \
     $(CMOCKA_LIBS) \
     $(TALLOC_LIBS) \
     $(SSSD_INTERNAL_LTLIBS) \
+    $(LTLIBINTL) \
     libsss_ldap_common.la \
     libsss_test_common.la \
     libdlopen_test_providers.la \
@@ -3545,6 +3555,7 @@ test_inotify_LDADD = \
     $(CMOCKA_LIBS) \
     $(SSSD_LIBS) \
     $(SSSD_INTERNAL_LTLIBS) \
+    $(INOTIFY_LIBS) \
     $(LIBADD_DL) \
     libsss_test_common.la \
     $(NULL)
@@ -3637,9 +3648,6 @@ endif
 if BUILD_WITH_LIBCURL
 noinst_PROGRAMS += tcurl-test-tool
 endif
-if BUILD_PAC_RESPONDER
-    noinst_PROGRAMS += sssd_pac_test_client
-endif
 
 if BUILD_AUTOFS
 autofs_test_client_SOURCES = \
@@ -3730,9 +3738,10 @@ intgcheck:
 # Client Libraries #
 ####################
 

     src/sss_client/nss_passwd.c \
     src/sss_client/nss_group.c \
     src/sss_client/nss_netgroup.c \
@@ -3748,9 +3757,9 @@ libnss_sss_la_SOURCES = \
     src/sss_client/nss_mc_passwd.c \
     src/sss_client/nss_mc_group.c \
     src/sss_client/nss_mc_initgr.c \
     src/sss_client/nss_mc.h
-libnss_sss_la_LIBADD = \
+nss_sss_la_LIBADD = \

     -module \
     -version-info 2:0:0 \
     -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
@@ -3908,6 +3917,7 @@ libsss_ldap_common_la_LIBADD = \
     $(POPT_LIBS) \
     $(OPENLDAP_LIBS) \
     $(DHASH_LIBS) \
     $(KRB5_LIBS) \
+    $(LTLIBINTL) \
     libsss_krb5_common.la \
     libsss_idmap.la \
     libsss_certmap.la \
@@ -4271,6 +4281,7 @@ ldap_child_CFLAGS = \
     $(KRB5_CFLAGS)
 ldap_child_LDADD = \
     libsss_debug.la \
+    $(LTLIBINTL) \
     $(TALLOC_LIBS) \
     $(POPT_LIBS) \
     $(DHASH_LIBS) \
@@ -4313,6 +4324,7 @@ gpo_child_CFLAGS = \
     $(SMBCLIENT_CFLAGS)
 gpo_child_LDADD = \
     libsss_debug.la \
+    $(LTLIBINTL) \
     $(TALLOC_LIBS) \
     $(POPT_LIBS) \
     $(DHASH_LIBS) \
@@ -4329,6 +4341,7 @@ proxy_child_CFLAGS = \
 proxy_child_LDADD = \
     $(PAM_LIBS) \
     $(SSSD_LIBS) \
+    $(LTLIBINTL) \
     $(SSSD_INTERNAL_LTLIBS)
 
 p11_child_SOURCES = \
@@ -4361,6 +4374,7 @@ endif
 
 p11_child_LDADD = \
     libsss_debug.la \
+    $(LTLIBINTL) \
     $(TALLOC_LIBS) \
     $(DHASH_LIBS) \
     $(POPT_LIBS) \




diff --git configure.ac configure.ac
index 9df463d9c..17d0d9ea7 100644
--- configure.ac
+++ configure.ac
@@ -44,8 +44,6 @@ AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
 AC_CHECK_HEADERS(stdint.h dlfcn.h)
 AC_CONFIG_HEADER(config.h)
 
-AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
+AC_CONFIG_AUX_DIR([build])
+
 m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
     [AC_USE_SYSTEM_EXTENSIONS],
     [AC_GNU_SOURCE])
 
 CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
 
-AC_CONFIG_SRCDIR([BUILD.txt])
-AC_CONFIG_AUX_DIR([build])
-
 m4_include([src/build_macros.m4])
 BUILD_WITH_SHARED_BUILD_DIR
 

Lines 1-5 Link Here

(-)b/security/sssd/files/patch-src__confdb__confdb.c (-1 / +1 lines)
1	diff --git src/confdb/confdb.c src/confdb/confdb.c	1	diff --git src/confdb/confdb.c src/confdb/confdb.c
2	index 19d8884..67720f7 100644	2	index e55f88e4e..81fd3417a 100644
3	--- src/confdb/confdb.c	3	--- src/confdb/confdb.c
4	+++ src/confdb/confdb.c	4	+++ src/confdb/confdb.c
5	@@ -28,6 +28,11 @@	5	@@ -28,6 +28,11 @@

Lines 1-5 Link Here

(-)b/security/sssd/files/patch-src__external__inotify.m4 (-1 / +1 lines)
1	diff --git src/external/inotify.m4 src/external/inotify.m4	1	diff --git src/external/inotify.m4 src/external/inotify.m4
2	index 9572f6d..2a5a8cf 100644	2	index 3ae5ae314..e88bd3ffc 100644
3	--- src/external/inotify.m4	3	--- src/external/inotify.m4
4	+++ src/external/inotify.m4	4	+++ src/external/inotify.m4
5	@@ -20,10 +20,10 @@ int main () {	5	@@ -20,10 +20,10 @@ int main () {




diff --git src/external/krb5.m4 src/external/krb5.m4
index b844c2fbe..856ef56fe 100644
--- src/external/krb5.m4
+++ src/external/krb5.m4
@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
     KRB5_PASSED_CFLAGS=$KRB5_CFLAGS
 fi
 
-AC_PATH_TOOL(KRB5_CONFIG, krb5-config)
+AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
 AC_MSG_CHECKING(for working krb5-config)
 if test -x "$KRB5_CONFIG"; then
   KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"




diff --git src/external/ldap.m4 src/external/ldap.m4
index cd13fde62..73ca93674 100644
--- src/external/ldap.m4
+++ src/external/ldap.m4
@@ -32,8 +32,7 @@ dnl Check for other libraries we need to link with to get the main routines.
 test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
 test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
 test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
-CFLAGS=$SAVE_CFLAGS
-LIBS=$SAVE_LIBS
+
 dnl Recently, we need -lber even though the main routines are elsewhere,
 dnl because otherwise we get link errors w.r.t. ber_pvt_opt_on. So just
 dnl check for that (it's a variable not a fun but that doesn't seem to
@@ -42,6 +41,9 @@ dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
 dnl #### understands LDAP needs to fix this properly.
 test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
 
+CFLAGS=$SAVE_CFLAGS
+LIBS=$SAVE_LIBS
+
 if test "$with_ldap" = "yes"; then
   if test "$with_ldap_des" = "yes" ; then
     OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes"




diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
index dc986a1b8..09efdb139 100644
--- src/external/pac_responder.m4
+++ src/external/pac_responder.m4
@@ -7,7 +7,7 @@ AC_ARG_ENABLE([pac-responder],
 krb5_version_ok=no
 if test x$build_pac_responder = xyes
 then
-    AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+    AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
     AC_MSG_CHECKING(for supported MIT krb5 version)
     KRB5_VERSION="`$KRB5_CONFIG --version`"
     case $KRB5_VERSION in
--- src/external/pac_responder.m4
+++ src/external/pac_responder.m4
@@ -19,7 +19,8 @@
         Kerberos\ 5\ release\ 1.14* | \
         Kerberos\ 5\ release\ 1.15* | \
         Kerberos\ 5\ release\ 1.16* | \
-        Kerberos\ 5\ release\ 1.17*)
+        Kerberos\ 5\ release\ 1.17  | \
+        Kerberos\ 5\ release\ 1.18*)
             krb5_version_ok=yes
             AC_MSG_RESULT([yes])
             ;;




diff --git src/lib/winbind_idmap_sss/winbind_idmap_sss.h src/lib/winbind_idmap_sss/winbind_idmap_sss.h
index 868049fff..cb1604ef1 100644
--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h
+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h
@@ -29,6 +29,8 @@
 #include <stdbool.h>
 
 #include <core/ntstatus.h>
+#include <unistd.h>
+#include <time.h>
 #include <ndr.h>
 #include <gen_ndr/security.h>
 




diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
index 0d154ca57..407d37a37 100644
--- src/providers/ad/ad_common.c
+++ src/providers/ad/ad_common.c
@@ -419,7 +419,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
     char *server;
     char *realm;
     char *ad_hostname;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
     char *case_sensitive_opt;
     const char *opt_override;
 
@@ -458,7 +458,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
      */
     ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
     if (ad_hostname == NULL) {
-        gret = gethostname(hostname, sizeof(hostname));
+        gret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (gret != 0) {
             ret = errno;
             DEBUG(SSSDBG_FATAL_FAILURE,
@@ -466,7 +466,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
                    strerror(ret));
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
         DEBUG(SSSDBG_CONF_SETTINGS,
               "Setting ad_hostname to [%s].\n", hostname);
         ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);




diff --git src/providers/ad/ad_pac.h src/providers/ad/ad_pac.h
index 34f1e92c7..00a53cccd 100644
--- src/providers/ad/ad_pac.h
+++ src/providers/ad/ad_pac.h
@@ -32,6 +32,8 @@
 #ifdef ldb_val
 #error Please make sure to include ad_pac.h before ldb.h
 #endif
+#include <unistd.h>
+#include <time.h>
 #include <ndr.h>
 #include <gen_ndr/krb5pac.h>
 #include <gen_ndr/ndr_krb5pac.h>




diff --git src/providers/data_provider_fo.c src/providers/data_provider_fo.c
index 473b667e5..63f2dd131 100644
--- src/providers/data_provider_fo.c
+++ src/providers/data_provider_fo.c
@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx,
                                         const char *hostname)
 {
     struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
-    char resolved_hostname[HOST_NAME_MAX + 1];
+    char resolved_hostname[_POSIX_HOST_NAME_MAX + 1];
     errno_t ret;
 
     if (hostname == NULL) {
-        ret = gethostname(resolved_hostname, sizeof(resolved_hostname));
+        ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX);
         if (ret != EOK) {
             ret = errno;
             DEBUG(SSSDBG_CRIT_FAILURE,
                   "gethostname() failed: [%d]: %s\n", ret, strerror(ret));
             return ret;
         }
-        resolved_hostname[HOST_NAME_MAX] = '\0';
+        resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0';
         hostname = resolved_hostname;
     }
 




diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
index 17d14e6b0..681ac8615 100644
--- src/providers/ipa/ipa_common.c
+++ src/providers/ipa/ipa_common.c
@@ -49,7 +49,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
     char *realm;
     char *ipa_hostname;
     int ret;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 
     opts = talloc_zero(memctx, struct ipa_options);
     if (!opts) return ENOMEM;
@@ -79,14 +79,14 @@ int ipa_get_options(TALLOC_CTX *memctx,
 
     ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
     if (ipa_hostname == NULL) {
-        ret = gethostname(hostname, sizeof(hostname));
+        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (ret != EOK) {
             DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
                       strerror(errno));
             ret = errno;
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
         DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
         ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
         if (ret != EOK) {




diff --git src/providers/ipa/ipa_deskprofile_rules_util.c src/providers/ipa/ipa_deskprofile_rules_util.c
index 991c6053d..59483b452 100644
--- src/providers/ipa/ipa_deskprofile_rules_util.c
+++ src/providers/ipa/ipa_deskprofile_rules_util.c
@@ -25,6 +25,8 @@
 #include "providers/ipa/ipa_rules_common.h"
 #include <ctype.h>
 #include <fcntl.h>
+#include <sys/types.h>
+#include <signal.h>
 
 #define DESKPROFILE_GLOBAL_POLICY_MIN_VALUE 1
 #define DESKPROFILE_GLOBAL_POLICY_MAX_VALUE 24

Lines 1-8 Link Here

(-)b/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (-3 / +3 lines)
1	diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c	1	diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
2	index 33b839e..da6ccfc 100644	2	index 1cb7eade0..4aaeb84b2 100644
3	--- src/providers/krb5/krb5_delayed_online_authentication.c	3	--- src/providers/krb5/krb5_delayed_online_authentication.c
4	+++ src/providers/krb5/krb5_delayed_online_authentication.c	4	+++ src/providers/krb5/krb5_delayed_online_authentication.c
5	@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,	5	@@ -328,6 +328,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
6	struct tevent_context *ev)	6	struct tevent_context *ev)
7	{	7	{
8	int ret;	8	int ret;
Lines 10-16 index 33b839e..da6ccfc 100644 Link Here
10	hash_table_t *tmp_table;	10	hash_table_t *tmp_table;
11		11
12	ret = get_uid_table(krb5_ctx, &tmp_table);	12	ret = get_uid_table(krb5_ctx, &tmp_table);
13	@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,	13	@@ -347,6 +348,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
14	"hash_destroy failed [%s].\n", hash_error_string(ret));	14	"hash_destroy failed [%s].\n", hash_error_string(ret));
15	return EFAULT;	15	return EFAULT;
16	}	16	}




diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
index de22689ae..fdfd67cf4 100644
--- src/providers/ldap/ldap_auth.c
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@

 #include <security/pam_modules.h>
 
 #include "util/util.h"
@@ -52,6 +51,22 @@
 
 #define LDAP_PWEXPIRE_WARNING_TIME 0
 
+struct spwd
+{

 static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
 {
     int ret;
@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
         return EINVAL;
     }
 
+    tzset();
     expire_time = mktime(&tm);
     if (expire_time == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
         return EINVAL;
     }
 
-    tzset();
-    expire_time -= timezone;
     DEBUG(SSSDBG_TRACE_ALL,
-          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
-           "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],

 
     if (difftime(now, expire_time) > 0.0) {
         DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
@@ -946,14 +961,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
 
     state->pd = pd;
     state->be_ctx = params->be_ctx;
-    pd->pam_status = PAM_SYSTEM_ERR;
+    pd->pam_status = PAM_SERVICE_ERR;
 
     switch (pd->cmd) {
     case SSS_PAM_AUTHENTICATE:
         subreq = auth_send(state, params->ev, auth_ctx,
                            pd->user, pd->authtok, false);
         if (subreq == NULL) {
-            pd->pam_status = PAM_SYSTEM_ERR;
+            pd->pam_status = PAM_SERVICE_ERR;
             goto immediately;
         }
 
@@ -963,14 +978,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
         subreq = auth_send(state, params->ev, auth_ctx,
                            pd->user, pd->authtok, true);
         if (subreq == NULL) {
-            pd->pam_status = PAM_SYSTEM_ERR;
+            pd->pam_status = PAM_SERVICE_ERR;
             goto immediately;
         }
 
         tevent_req_set_callback(subreq, sdap_pam_auth_handler_done, req);
         break;
     case SSS_PAM_CHAUTHTOK:
-        pd->pam_status = PAM_SYSTEM_ERR;
+        pd->pam_status = PAM_SERVICE_ERR;
         goto immediately;
 
     case SSS_PAM_ACCT_MGMT:
@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
                                 state->be_ctx->domain->pwd_expiration_warning);
         if (ret == EINVAL) {
             /* Unknown password expiration type. */
-            state->pd->pam_status = PAM_SYSTEM_ERR;
+            state->pd->pam_status = PAM_SERVICE_ERR;
             goto done;
         }
     }
@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
         state->pd->pam_status = PAM_BAD_ITEM;
         break;
     default:
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         break;
     }
 
@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
     DEBUG(SSSDBG_OP_FAILURE,
           "starting password change request for user [%s].\n", pd->user);
 

 
     if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
         DEBUG(SSSDBG_OP_FAILURE,
@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
     subreq = auth_send(state, params->ev, auth_ctx,
                        pd->user, pd->authtok, true);
     if (subreq == NULL) {
-        pd->pam_status = PAM_SYSTEM_ERR;
+        pd->pam_status = PAM_SERVICE_ERR;
         goto immediately;
     }
 
@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
             if (ret == ERR_PASSWORD_EXPIRED) {
                 DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change "
                       "kerberos passwords.\n");
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
             }
             break;
@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
             break;
         default:
             DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
-                state->pd->pam_status = PAM_SYSTEM_ERR;
+                state->pd->pam_status = PAM_SERVICE_ERR;
                 goto done;
         }
     }
@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
                 if (subreq == NULL) {
                     DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for "
                           "%s\n", state->pd->user);
-                    state->pd->pam_status = PAM_SYSTEM_ERR;
+                    state->pd->pam_status = PAM_SERVICE_ERR;
                     goto done;
                 }
 
@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
             be_mark_offline(state->be_ctx);
             break;
         default:
-            state->pd->pam_status = PAM_SYSTEM_ERR;
+            state->pd->pam_status = PAM_SERVICE_ERR;
             break;
         }
 
@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
         state->pd->pam_status = PAM_AUTHTOK_ERR;
         break;
     default:
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         break;
     }
 
@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
                                                     state->sh, state->dn,
                                                     lastchanged_name);
         if (subreq == NULL) {

             goto done;
         }
 
@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq)
     talloc_free(subreq);
 
     ret = sdap_modify_shadow_lastchange_recv(req);
     if (ret != EOK) {
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         goto done;
     }
 
@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
         goto done;
     }
 
-    pd->pam_status = PAM_SYSTEM_ERR;
+    pd->pam_status = PAM_SERVICE_ERR;
 
     switch (pd->cmd) {
     case SSS_PAM_AUTHENTICATE:
@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
         state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
         break;
     default:
-        state->pd->pam_status = PAM_SYSTEM_ERR;
+        state->pd->pam_status = PAM_SERVICE_ERR;
         dp_err = DP_ERR_FATAL;
     }
 




diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c
index 368bb91e1..1bc86ecb5 100644
--- src/providers/ldap/ldap_child.c
+++ src/providers/ldap/ldap_child.c
@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
             full_princ = talloc_strdup(tmp_ctx, princ_str);
         }
     } else {
-        char hostname[HOST_NAME_MAX + 1];
+        char hostname[_POSIX_HOST_NAME_MAX + 1];
 
-        ret = gethostname(hostname, sizeof(hostname));
+        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
         if (ret == -1) {
             krberr = KRB5KRB_ERR_GENERIC;
             goto done;
         }
-        hostname[HOST_NAME_MAX] = '\0';
+        hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
         DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
 




diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
index dd04ec512..58a3766fc 100644
--- src/providers/ldap/sdap_access.c
+++ src/providers/ldap/sdap_access.c
@@ -562,9 +562,9 @@ bool nds_check_expired(const char *exp_time_str)
         return true;
     }
 
+    tzset();
     expire_time = mktime(&tm);
     if (expire_time == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str)
         return true;
     }
 
-    tzset();
-    expire_time -= timezone;
     now = time(NULL);
     DEBUG(SSSDBG_TRACE_ALL,
-          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "

 
     if (difftime(now, expire_time) > 0.0) {
         DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
     struct ldb_message_element *el;
     unsigned int i;
     char *host;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
 
     el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
     if (!el || el->num_values == 0) {
@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
         return ERR_ACCESS_DENIED;
     }
 
-    if (gethostname(hostname, sizeof(hostname)) == -1) {
+    if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
         DEBUG(SSSDBG_CRIT_FAILURE,
               "Unable to get system hostname. Access denied\n");
         return ERR_ACCESS_DENIED;
     }
-    hostname[HOST_NAME_MAX] = '\0';
+    hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
     /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
      *        in some attempt to get aliases and/or FQDN for the machine.




diff --git src/providers/ldap/sdap_async_groups.c src/providers/ldap/sdap_async_groups.c
index 09e15bc3d..c74e4c3ea 100644
--- src/providers/ldap/sdap_async_groups.c
+++ src/providers/ldap/sdap_async_groups.c
@@ -505,6 +505,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     struct sysdb_attrs *group_attrs;
     const char *group_name = NULL;
     gid_t gid;
+    id_t temp_id;
     errno_t ret;
     char *usn_value = NULL;
     TALLOC_CTX *tmpctx = NULL;
@@ -615,7 +616,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
                    group_name, sid_str);
 
             /* Convert the SID into a UNIX group ID */
-            ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid);
+            ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id);
+            gid = (gid_t) temp_id;
             if (ret == ENOTSUP) {
                 /* ENOTSUP is returned if built-in SID was provided
                  * => do not store the group, but return EOK */




diff --git src/providers/ldap/sdap_async_initgroups.c src/providers/ldap/sdap_async_initgroups.c
index 620782b6f..9831ac1d6 100644
--- src/providers/ldap/sdap_async_initgroups.c
+++ src/providers/ldap/sdap_async_initgroups.c
@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
     const char *uuid = NULL;
     char **missing;
     gid_t gid;
+    id_t temp_id;
     int ret;
     errno_t sret;
     bool in_transaction = false;
@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
 
                     /* Convert the SID into a UNIX group ID */
                     ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str,
-                                                 &gid);
+                                                 &temp_id);
+                    gid = (gid_t) temp_id;
                     if (ret == EOK) {
                         DEBUG(SSSDBG_TRACE_INTERNAL,
                               "Group [%s] has mapped gid [%lu]\n",
@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
     int ret;
     TALLOC_CTX *tmp_ctx;
     gid_t primary_gid;
+    id_t temp_id;
     char *gid;
     char *sid_str;
     char *dom_sid_str;
@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
 
         /* Convert the SID into a UNIX group ID */
         ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str,
-                                     &primary_gid);
+                                     &temp_id);
         if (ret != EOK) goto done;
+        primary_gid = (gid_t) temp_id;
     } else {
         ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM,
                                        &primary_gid);




diff --git src/providers/ldap/sdap_async_initgroups_ad.c src/providers/ldap/sdap_async_initgroups_ad.c
index 3c58f5bc4..7e0a5169d 100644
--- src/providers/ldap/sdap_async_initgroups_ad.c
+++ src/providers/ldap/sdap_async_initgroups_ad.c
@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
     size_t i;
     time_t now;
     gid_t gid;
+    id_t temp_id;
     char **groups = NULL;
     size_t num_groups;
     errno_t ret;
@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
         sid = sids[i];
         DEBUG(SSSDBG_TRACE_LIBS, "Processing membership SID [%s]\n", sid);
 
-        ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &gid);
+        ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &temp_id);
+        gid = (gid_t) temp_id;
         if (ret == ENOTSUP) {
             DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
             continue;




diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
index a3c3e1068..f33299304 100644
--- src/providers/ldap/sdap_async_sudo_hostinfo.c
+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
@@ -357,7 +357,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
     struct tevent_req *subreq = NULL;
     struct sdap_sudo_get_hostnames_state *state = NULL;
     char *dot = NULL;
-    char hostname[HOST_NAME_MAX + 1];
+    char hostname[_POSIX_HOST_NAME_MAX + 1];
     int ret;
 
     req = tevent_req_create(mem_ctx, &state,
@@ -380,14 +380,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
     /* get hostname */
 
     errno = 0;
-    ret = gethostname(hostname, sizeof(hostname));
+    ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
     if (ret != EOK) {
         ret = errno;
         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname "
                                     "[%d]: %s\n", ret, strerror(ret));
         goto done;
     }
-    hostname[HOST_NAME_MAX] = '\0';
+    hostname[_POSIX_HOST_NAME_MAX] = '\0';
 
     state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
     if (state->hostnames[0] == NULL) {




diff --git src/providers/ldap/sdap_async_users.c src/providers/ldap/sdap_async_users.c
index 92eeda1d3..8847be79b 100644
--- src/providers/ldap/sdap_async_users.c
+++ src/providers/ldap/sdap_async_users.c
@@ -61,7 +61,8 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
 {
     errno_t ret;
     TALLOC_CTX *tmpctx = NULL;
-    gid_t gid, primary_gid;
+    id_t gid;
+    gid_t primary_gid;
     char *group_sid_str;
 
     tmpctx = talloc_new(NULL);
@@ -108,7 +109,7 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
     if (ret != EOK) goto done;
 
     ret = EOK;
-    *_gid = gid;
+    *_gid = (gid_t) gid;
 done:
     talloc_free(tmpctx);
     return ret;
@@ -188,6 +189,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
     const char *orig_dn = NULL;
     uid_t uid = 0;
     gid_t gid = 0;
+    id_t temp_id;
     struct sysdb_attrs *user_attrs;
     char *upn = NULL;
     size_t i;
@@ -331,7 +333,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
               "Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str);
 
         /* Convert the SID into a UNIX user ID */
-        ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid);
+        ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id);
         if (ret == ENOTSUP) {
             DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
             ret = EOK;
@@ -339,6 +341,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
         } else if (ret != EOK) {
             goto done;
         }
+        uid = (uid_t) temp_id;
 
         /* Store the UID in the ldap_attrs so it doesn't get
          * treated as a missing attribute from LDAP and removed.




diff --git src/resolv/async_resolv_utils.c src/resolv/async_resolv_utils.c
index f86181b91..25323cf7a 100644
--- src/resolv/async_resolv_utils.c
+++ src/resolv/async_resolv_utils.c
@@ -45,7 +45,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
     struct resolv_get_domain_state *state = NULL;
     struct tevent_req *req = NULL;
     struct tevent_req *subreq = NULL;
-    char system_hostname[HOST_NAME_MAX + 1];
+    char system_hostname[_POSIX_HOST_NAME_MAX + 1];
     errno_t ret;
 
     req = tevent_req_create(mem_ctx, &state,
@@ -57,14 +57,14 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
 
     if (hostname == NULL) {
         /* use system hostname */
-        ret = gethostname(system_hostname, sizeof(system_hostname));
+        ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX);
         if (ret) {
             ret = errno;
             DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n",
                                         ret, strerror(ret));
             goto immediately;
         }
-        system_hostname[HOST_NAME_MAX] = '\0';
+        system_hostname[_POSIX_HOST_NAME_MAX] = '\0';
         hostname = system_hostname;
     }
 

Added Link Here

(-)b/security/sssd/files/patch-src__sbus__sbus_codegen (+10 lines)
1	diff --git src/sbus/sbus_codegen src/sbus/sbus_codegen
2	index a97a92591..fb3b6d9b3 100755
3	--- src/sbus/sbus_codegen
4	+++ src/sbus/sbus_codegen
5	@@ -1,4 +1,4 @@
6	-#!/usr/bin/env python
7	+#!/usr/bin/env python3
8
9	#
10	# Authors:




diff --git src/sss_client/common.c src/sss_client/common.c
index d8effb6dd..edeb4a159 100644
--- src/sss_client/common.c
+++ src/sss_client/common.c
@@ -25,6 +25,7 @@

 #include <security/pam_modules.h>
 #include <errno.h>
 #include <sys/types.h>
@@ -44,6 +45,7 @@
 #include <libintl.h>
 #define _(STRING) dgettext (PACKAGE, STRING)
 #include "sss_cli.h"
 #include "common_private.h"
+#include "util/sss_bsd_errno.h"
 
 #if HAVE_PTHREAD
 #include <pthread.h>
@@ -126,7 +128,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,
             *errnop = error;
             break;
         case 0:

             break;
         case 1:
             if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
@@ -235,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,
             *errnop = error;
             break;
         case 0:

             break;
         case 1:
             if (pfd.revents & (POLLHUP)) {
@@ -679,7 +679,6 @@ static enum sss_status sss_cli_check_socket(int *errnop,
             *errnop = error;
             break;
         case 0:

             break;
         case 1:
             if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
@@ -730,7 +729,7 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
     /* avoid looping in the nss daemon */
     envval = getenv("_SSS_LOOPS");
     if (envval && strcmp(envval, "NO") == 0) {

+        return NS_NOTFOUND;
     }
 
     ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME, timeout);
@@ -738,9 +737,9 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
 #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR
         *errnop = 0;
         errno = 0;
-        return NSS_STATUS_NOTFOUND;
+        return NS_NOTFOUND;
 #else
-        return NSS_STATUS_UNAVAIL;
+        return NS_UNAVAIL;
 #endif
     }
 
@@ -765,17 +764,17 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
     }
     switch (ret) {
     case SSS_STATUS_TRYAGAIN:
-        return NSS_STATUS_TRYAGAIN;

+        return NS_SUCCESS;
     case SSS_STATUS_UNAVAIL:
     default:
 #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR
         *errnop = 0;
         errno = 0;
-        return NSS_STATUS_NOTFOUND;
+        return NS_NOTFOUND;
 #else
-        return NSS_STATUS_UNAVAIL;
+        return NS_UNAVAIL;
 #endif
     }
 }
 

Lines 1-8 Link Here

(-)b/security/sssd/files/patch-src__sss_client__nss_group.c (-2 / +2 lines)
1	diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c	1	diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c
2	index e6ea54b..b27b671 100644	2	index 5ab2bdf78..69ba75dcb 100644
3	--- src/sss_client/nss_group.c	3	--- src/sss_client/nss_group.c
4	+++ src/sss_client/nss_group.c	4	+++ src/sss_client/nss_group.c
5	@@ -343,6 +343,76 @@ out:	5	@@ -390,6 +390,76 @@ out:
6	}	6	}
7		7
8		8




diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
index f634f7659..1de88fefe 100644
--- src/sss_client/pam_sss.c
+++ src/sss_client/pam_sss.c
@@ -263,9 +263,9 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
 
         pam_msg->msg_style = msg_style;
         if (state == SSS_PAM_CONV_REENTER) {
-            pam_msg->msg = reenter_msg;
+            pam_msg->msg = (char *)(intptr_t)reenter_msg;
         } else {
-            pam_msg->msg = msg;
+            pam_msg->msg = (char *)(intptr_t)msg;
         }
 
         mesg[0] = (const struct pam_message *) pam_msg;

Lines 1-5 Link Here

(-)b/security/sssd/files/patch-src__sss_client__sss_nss.exports (-1 / +1 lines)
1	diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports	1	diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports
2	index 1eefea8..8e85a05 100644	2	index 1eefea8d5..8e85a0541 100644
3	--- src/sss_client/sss_nss.exports	3	--- src/sss_client/sss_nss.exports
4	+++ src/sss_client/sss_nss.exports	4	+++ src/sss_client/sss_nss.exports
5	@@ -3,6 +3,7 @@ EXPORTED {	5	@@ -3,6 +3,7 @@ EXPORTED {




diff --git src/tests/cmocka/test_authtok.c src/tests/cmocka/test_authtok.c
index 9422f96bc..8492e186a 100644
--- src/tests/cmocka/test_authtok.c
+++ src/tests/cmocka/test_authtok.c
@@ -28,6 +28,7 @@
 #include "tests/cmocka/common_mock.h"
 
 #include "util/authtok.h"
+#include "util/sss_endian.h"
 
 
 struct test_state {




diff --git src/tests/cmocka/test_pam_srv.c src/tests/cmocka/test_pam_srv.c
index 446985d5d..f53f84be2 100644
--- src/tests/cmocka/test_pam_srv.c
+++ src/tests/cmocka/test_pam_srv.c
@@ -1177,7 +1177,7 @@ void test_pam_open_session(void **state)
 
     /* make sure pam_status is not touched by setting it to a value which is
      * not used by SSSD. */
-    pam_test_ctx->exp_pam_status = _PAM_RETURN_VALUES;
+    pam_test_ctx->exp_pam_status = PAM_NUM_ERRORS;
     set_cmd_cb(test_pam_simple_check);
     ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_OPEN_SESSION,
                           pam_test_ctx->pam_cmds);




diff --git src/tests/cwrap/test_responder_common.c src/tests/cwrap/test_responder_common.c
index 11cc3abd8..191310143 100644
--- src/tests/cwrap/test_responder_common.c
+++ src/tests/cwrap/test_responder_common.c
@@ -136,11 +136,13 @@ void check_sock_properties(struct create_pipe_ctx *ctx, mode_t mode)
     assert_true(S_ISSOCK(sbuf.st_mode));
     assert_true((sbuf.st_mode & ~S_IFMT) == mode);
 
+#ifdef SO_DOMAIN
     /* Check it's a UNIX socket */
     optlen = sizeof(optval);
     ret = getsockopt(ctx->fd, SOL_SOCKET, SO_DOMAIN, &optval, &optlen);
     assert_int_equal(ret, 0);
     assert_int_equal(optval, AF_UNIX);
+#endif
 
     optlen = sizeof(optval);
     ret = getsockopt(ctx->fd, SOL_SOCKET, SO_TYPE, &optval, &optlen);




diff --git src/tests/cwrap/test_server.c src/tests/cwrap/test_server.c
index 85ecb7f74..a2ddc595f 100644
--- src/tests/cwrap/test_server.c
+++ src/tests/cwrap/test_server.c
@@ -23,6 +23,7 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#include <signal.h>
 
 #include <popt.h>
 #include "util/util.h"




diff --git src/tests/dlopen-tests.c src/tests/dlopen-tests.c
index 9a5d3597f..4b469726b 100644
--- src/tests/dlopen-tests.c
+++ src/tests/dlopen-tests.c
@@ -44,7 +44,7 @@ struct so {
     { "libipa_hbac.so", { LIBPFX"libipa_hbac.so", NULL } },
     { "libsss_idmap.so", { LIBPFX"libsss_idmap.so", NULL } },
     { "libsss_nss_idmap.so", { LIBPFX"libsss_nss_idmap.so", NULL } },
-    { "libnss_sss.so", { LIBPFX"libnss_sss.so", NULL } },
+    { "nss_sss.so", { LIBPFX"nss_sss.so", NULL } },
     { "libsss_certmap.so", { LIBPFX"libsss_certmap.so", NULL } },
     { "pam_sss.so", { LIBPFX"pam_sss.so", NULL } },
 #ifdef BUILD_LIBWBCLIENT
@@ -82,8 +82,6 @@ struct so {
     { "libsss_util.so", { LIBPFX"libsss_util.so", NULL } },
     { "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so",
                             LIBPFX"libsss_simple.so", NULL } },
-    { "libsss_files.so", { LIBPFX"libdlopen_test_providers.so",
-                           LIBPFX"libsss_files.so", NULL } },
 #ifdef BUILD_SAMBA
     { "libsss_ad.so", { LIBPFX"libdlopen_test_providers.so",
                         LIBPFX"libsss_ad.so", NULL } },




diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
index 2275ccd96..c1e418917 100644
--- src/util/crypto/libcrypto/crypto_sha512crypt.c
+++ src/util/crypto/libcrypto/crypto_sha512crypt.c
@@ -30,6 +30,11 @@
 
 #include "sss_openssl.h"
 
+void *
+mempcpy (void *dest, const void *src, size_t n)
+{
+  return (char *) memcpy (dest, src, n) + n;
+}
 
 /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
 const char sha512_salt_prefix[] = "$6$";
 #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)

Lines 1-5 Link Here

(-)b/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c (-1 / +1 lines)
1	diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c	1	diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c
2	index 9fedd5e..90192ac 100644	2	index 4d0594d9f..49801222d 100644
3	--- src/util/crypto/nss/nss_sha512crypt.c	3	--- src/util/crypto/nss/nss_sha512crypt.c
4	+++ src/util/crypto/nss/nss_sha512crypt.c	4	+++ src/util/crypto/nss/nss_sha512crypt.c
5	@@ -29,6 +29,12 @@	5	@@ -29,6 +29,12 @@




diff --git src/util/find_uid.c src/util/find_uid.c
index 215c0d338..42a1df729 100644
--- src/util/find_uid.c
+++ src/util/find_uid.c
@@ -72,7 +72,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
     uint32_t num=0;
     errno_t error;
 
-    ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
+    ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
     if (ret < 0) {
         DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed\n");
         return EINVAL;
@@ -218,12 +218,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
     struct dirent *dirent;
     int ret, err;
     pid_t pid = -1;

     if (proc_dir == NULL) {
         ret = errno;
         DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
@@ -298,9 +298,8 @@ done:
 
 errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
 {




diff --git src/util/server.c src/util/server.c
index f34bf49f6..7cb3864af 100644
--- src/util/server.c
+++ src/util/server.c
@@ -311,10 +311,13 @@ static void setup_signals(void)
     BlockSignals(false, SIGTERM);
 
     CatchSignal(SIGHUP, sig_hup);
-
 #ifndef HAVE_PRCTL
-        /* If prctl is not defined on the system, try to handle
-         * some common termination signals gracefully */




diff --git src/util/signal.c src/util/signal.c
index 053457b..bb8f8be 100644
--- src/util/signal.c
+++ src/util/signal.c
@@ -28,45 +28,6 @@
  * @brief Signal handling
  */
 
-/****************************************************************************
- Catch child exits and reap the child zombie status.
-****************************************************************************/
-
-static void sig_cld(int signum)
-{
-	while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0)
-		;
-
-	/*
-	 * Turns out it's *really* important not to
-	 * restore the signal handler here if we have real POSIX
-	 * signal handling. If we do, then we get the signal re-delivered
-	 * immediately - hey presto - instant loop ! JRA.
-	 */
-
-#if !defined(HAVE_SIGACTION)
-	CatchSignal(SIGCLD, sig_cld);
-#endif
-}
-
-/****************************************************************************
-catch child exits - leave status;
-****************************************************************************/
-
-static void sig_cld_leave_status(int signum)
-{
-	/*
-	 * Turns out it's *really* important not to
-	 * restore the signal handler here if we have real POSIX
-	 * signal handling. If we do, then we get the signal re-delivered
-	 * immediately - hey presto - instant loop ! JRA.
-	 */
-
-#if !defined(HAVE_SIGACTION)
-	CatchSignal(SIGCLD, sig_cld_leave_status);
-#endif
-}
-
 /**
  Block sigs.
 **/
@@ -126,21 +87,3 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int)
 	return signal(signum, handler);
 #endif
 }
-
-/**
- Ignore SIGCLD via whatever means is necessary for this OS.
-**/
-
-void CatchChild(void)
-{
-	CatchSignal(SIGCLD, sig_cld);
-}
-
-/**
- Catch SIGCLD but leave the child around so it's status can be reaped.
-**/
-
-void CatchChildLeaveStatus(void)
-{
-	CatchSignal(SIGCLD, sig_cld_leave_status);
-}




diff --git src/util/sss_endian.h src/util/sss_endian.h
index 834c35980..d0bc1d338 100644
--- src/util/sss_endian.h
+++ src/util/sss_endian.h
@@ -29,6 +29,18 @@
 # include <sys/endian.h>
 #endif /* !HAVE_ENDIAN_H && !HAVE_SYS_ENDIAN_H */
 
+#if defined(_BYTE_ORDER) && !defined(__BYTE_ORDER)
+#define __BYTE_ORDER _BYTE_ORDER
+#endif
+
+#if defined(_LITTLE_ENDIAN) && !defined(__LITTLE_ENDIAN)
+#define __LITTLE_ENDIAN _LITTLE_ENDIAN
+#endif
+
+#if defined(_BIG_ENDIAN) && !defined(__BIG_ENDIAN)
+#define __BIG_ENDIAN _BIG_ENDIAN
+#endif
+
 /* Endianness-compatibility for systems running older versions of glibc */
 
 #ifndef le32toh




diff --git src/util/sss_krb5.c src/util/sss_krb5.c
index c0cc28a75..88e6e6008 100644
--- src/util/sss_krb5.c
+++ src/util/sss_krb5.c
@@ -28,6 +28,7 @@
 #include "util/sss_iobuf.h"
 #include "util/util.h"
 #include "util/sss_krb5.h"
+#include "util/sss_endian.h"
 
 static char *
 sss_krb5_get_primary(TALLOC_CTX *mem_ctx,




diff --git src/util/sss_ldap.c src/util/sss_ldap.c
index dd63b4b..0764622 100644
--- src/util/sss_ldap.c
+++ src/util/sss_ldap.c
@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev,
     errno = 0;
     ret = connect(state->fd, (struct sockaddr *) &state->addr,
                   state->addr_len);
+    if (errno == EISCONN) {
+        ret = EOK;
+    }
     if (ret != EOK) {
         ret = errno;
         if (ret == EINPROGRESS || ret == EINTR) {
@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx,
           "Using file descriptor [%d] for LDAP connection.\n", state->sd);
 
     subreq = sdap_async_sys_connect_send(state, ev, state->sd,
-                                         (struct sockaddr *) addr, addr_len);
+                                         (struct sockaddr *) addr, sizeof(struct sockaddr));
     if (subreq == NULL) {
         ret = ENOMEM;
         DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");




diff --git src/util/util.c src/util/util.c
index e3efa7fef..4ca677fe6 100644
--- src/util/util.c
+++ src/util/util.c
@@ -868,15 +868,13 @@ errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *_unix_tim
         return EINVAL;
     }
 
-    ut = mktime(&tm);
+    ut = timegm(&tm);
     if (ut == -1) {
         DEBUG(SSSDBG_TRACE_INTERNAL,
-              "mktime failed to convert [%s].\n", str);
+              "timegm failed to convert [%s].\n", str);
         return EINVAL;
     }
 
-    tzset();
-    ut -= timezone;
     *_unix_time = ut;
     return EOK;
 }




diff --git src/util/util.h src/util/util.h
index 1e36bf02a..e883f322f 100644
--- src/util/util.h
+++ src/util/util.h
@@ -733,4 +733,6 @@ errno_t create_preauth_indicator(void);
 #define N_ELEMENTS(arr) (sizeof(arr) / sizeof(arr[0]))
 #endif
 void (*CatchSignal(int signum,void (*handler)(int )))(int);
-void CatchChild(void);
-void CatchChildLeaveStatus(void);
 
 /* from memory.c */
 typedef int (void_destructor_fn_t)(void *);
@@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx,
 char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx,
                                  const char *orig_name,
                                  const char replace_char);
+#include "util/sss_bsd_errno.h"
+
 #endif /* __SSSD_UTIL_H__ */




--- src/external/pac_responder.m4.orig	2014-09-17 13:01:37 UTC
+++ src/external/pac_responder.m4
@@ -14,14 +14,19 @@ then
     PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
         AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
 
-    AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+    AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
     AC_MSG_CHECKING(for supported MIT krb5 version)
     KRB5_VERSION="`$KRB5_CONFIG --version`"
     case $KRB5_VERSION in
         Kerberos\ 5\ release\ 1.9* | \
         Kerberos\ 5\ release\ 1.10* | \
         Kerberos\ 5\ release\ 1.11* | \
-        Kerberos\ 5\ release\ 1.12*)
+        Kerberos\ 5\ release\ 1.12* | \
+        Kerberos\ 5\ release\ 1.13* | \
+        Kerberos\ 5\ release\ 1.14* | \
+        Kerberos\ 5\ release\ 1.15* | \
+        Kerberos\ 5\ release\ 1.16* | \
+        Kerberos\ 5\ release\ 1.17*)
             krb5_version_ok=yes
             AC_MSG_RESULT([yes])
             ;;

Lines 34-40 start_precmd=sssd_prestart Link Here

(-)b/security/sssd/files/sssd.in (-1 / +2 lines)
34		34
35	sssd_prestart()	35	sssd_prestart()
36	{	36	{
37	for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do	37
		38	for i in db/sss/db db/sss/gpo_cache db/sss/keytabs db/sss/mc db/sss/pubconf/krb5.include.d/ db/sss/secrets log/sssd run/sss/pipes/private; do
38	if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi	39	if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi
39	done	40	done
40	}	41	}

Lines 3-40 bin/sss_ssh_knownhostsproxy Link Here

(-)b/security/sssd/pkg-plist (-39 / +83 lines)
3	etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf	3	etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
4	%%ETCDIR%%/sssd.conf.sample	4	%%ETCDIR%%/sssd.conf.sample
5	include/ipa_hbac.h	5	include/ipa_hbac.h
		6	include/sss_certmap.h
6	include/sss_idmap.h	7	include/sss_idmap.h
7	include/sss_nss_idmap.h	8	include/sss_nss_idmap.h
		9	include/sss_sifp.h
		10	include/sss_sifp_dbus.h
		11	include/wbclient_sssd.h
8	%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so	12	%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so
9	lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so	13	lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
10	lib/libipa_hbac.so	14	lib/libipa_hbac.so
11	lib/libipa_hbac.so.0	15	lib/libipa_hbac.so.0
12	lib/libipa_hbac.so.0.0.1	16	lib/libipa_hbac.so.0.1.0
		17	lib/libsss_certmap.so
		18	lib/libsss_certmap.so.0
		19	lib/libsss_certmap.so.0.0.0
13	lib/libsss_idmap.so	20	lib/libsss_idmap.so
14	lib/libsss_idmap.so.0	21	lib/libsss_idmap.so.0
15	lib/libsss_idmap.so.0.4.0	22	lib/libsss_idmap.so.0.5.1
16	lib/libsss_nss_idmap.so	23	lib/libsss_nss_idmap.so
17	lib/libsss_nss_idmap.so.0	24	lib/libsss_nss_idmap.so.0
18	lib/libsss_nss_idmap.so.0.0.1	25	lib/libsss_nss_idmap.so.0.5.0
		26	lib/libsss_simpleifp.so
		27	lib/libsss_simpleifp.so.0
		28	lib/libsss_simpleifp.so.0.1.1
19	lib/libsss_sudo.so	29	lib/libsss_sudo.so
20	lib/nss_sss.so	30	lib/nss_sss.so
21	lib/nss_sss.so.1	31	lib/nss_sss.so.1
22	lib/nss_sss.so.2	32	lib/nss_sss.so.2
23	lib/nss_sss.so.2.0.0	33	lib/nss_sss.so.2.0.0
24	lib/pam_sss.so	34	lib/pam_sss.so
25	%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info	35	%%PYTHON_SITELIBDIR%%/SSSDConfig-1.16.4-py%%PYTHON_VER%%.egg-info
26	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py	36	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
27	%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc	37	%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__.cpython-36.pyc
		38	%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf.cpython-36.pyc
28	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py	39	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py
29	%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.pyc
30	%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.py
31	%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.pyc
32	%%PYTHON_SITELIBDIR%%/pyhbac.so	40	%%PYTHON_SITELIBDIR%%/pyhbac.so
33	%%PYTHON_SITELIBDIR%%/pysss.so	41	%%PYTHON_SITELIBDIR%%/pysss.so
34	%%PYTHON_SITELIBDIR%%/pysss_murmur.so	42	%%PYTHON_SITELIBDIR%%/pysss_murmur.so
35	%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so	43	%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
		44	%%SMB%%lib/samba/idmap/winbind_idmap_sss.so
36	lib/shared-modules/ldb/memberof.so	45	lib/shared-modules/ldb/memberof.so
37	%%SMB%%lib/sssd/libsss_ad.so	46	%%SMB%%lib/sssd/libsss_ad.so
		47	lib/sssd/conf/sssd.conf
		48	lib/sssd/libsss_cert.so
38	lib/sssd/libsss_child.so	49	lib/sssd/libsss_child.so
39	lib/sssd/libsss_crypt.so	50	lib/sssd/libsss_crypt.so
40	lib/sssd/libsss_debug.so	51	lib/sssd/libsss_debug.so
Lines 44-56 lib/sssd/libsss_krb5_common.so Link Here
44	lib/sssd/libsss_ldap.so	55	lib/sssd/libsss_ldap.so
45	lib/sssd/libsss_ldap_common.so	56	lib/sssd/libsss_ldap_common.so
46	lib/sssd/libsss_proxy.so	57	lib/sssd/libsss_proxy.so
		58	lib/sssd/libsss_semanage.so
47	lib/sssd/libsss_simple.so	59	lib/sssd/libsss_simple.so
48	lib/sssd/libsss_util.so	60	lib/sssd/libsss_util.so
		61	lib/sssd/modules/libwbclient.so
		62	lib/sssd/modules/libwbclient.so.0
		63	lib/sssd/modules/libwbclient.so.0.14.0
		64	lib/sssd/modules/sssd_krb5_localauth_plugin.so
49	libdata/pkgconfig/ipa_hbac.pc	65	libdata/pkgconfig/ipa_hbac.pc
		66	libdata/pkgconfig/sss_certmap.pc
50	libdata/pkgconfig/sss_idmap.pc	67	libdata/pkgconfig/sss_idmap.pc
51	libdata/pkgconfig/sss_nss_idmap.pc	68	libdata/pkgconfig/sss_nss_idmap.pc
		69	libdata/pkgconfig/sss_simpleifp.pc
		70	libdata/pkgconfig/wbclient_sssd.pc
		71	%%SMB%%libexec/sssd/gpo_child
52	libexec/sssd/krb5_child	72	libexec/sssd/krb5_child
53	libexec/sssd/ldap_child	73	libexec/sssd/ldap_child
		74	libexec/sssd/p11_child
54	libexec/sssd/proxy_child	75	libexec/sssd/proxy_child
55	libexec/sssd/sss_signal	76	libexec/sssd/sss_signal
56	libexec/sssd/sssd_be	77	libexec/sssd/sssd_be
Lines 60-74 libexec/sssd/sssd_nss Link Here
60	libexec/sssd/sssd_pam	81	libexec/sssd/sssd_pam
61	libexec/sssd/sssd_ssh	82	libexec/sssd/sssd_ssh
62	libexec/sssd/sssd_sudo	83	libexec/sssd/sssd_sudo
63	man/es/man1/sss_ssh_authorizedkeys.1.gz	84	man/de/man1/sss_ssh_knownhostsproxy.1.gz
64	man/es/man1/sss_ssh_knownhostsproxy.1.gz	85	man/de/man5/sssd-ifp.5.gz
65	man/es/man5/sssd-ldap.5.gz	86	man/de/man5/sssd-krb5.5.gz
		87	man/de/man5/sssd-ldap.5.gz
		88	man/de/man5/sssd-simple.5.gz
		89	man/de/man5/sssd-sudo.5.gz
		90	man/de/man8/sss_groupadd.8.gz
		91	man/de/man8/sss_groupdel.8.gz
		92	man/de/man8/sss_groupmod.8.gz
		93	man/de/man8/sss_groupshow.8.gz
		94	man/de/man8/sss_obfuscate.8.gz
		95	man/de/man8/sss_seed.8.gz
		96	man/de/man8/sss_useradd.8.gz
		97	man/de/man8/sss_userdel.8.gz
		98	man/de/man8/sss_usermod.8.gz
		99	man/de/man8/sssd.8.gz
66	man/es/man5/sssd-simple.5.gz	100	man/es/man5/sssd-simple.5.gz
67	man/es/man5/sssd-sudo.5.gz	101	man/es/man5/sssd-sudo.5.gz
68	man/es/man5/sssd.conf.5.gz
69	man/es/man8/pam_sss.8.gz
70	man/es/man8/sss_cache.8.gz
71	man/es/man8/sss_debuglevel.8.gz
72	man/es/man8/sss_groupadd.8.gz	102	man/es/man8/sss_groupadd.8.gz
73	man/es/man8/sss_groupdel.8.gz	103	man/es/man8/sss_groupdel.8.gz
74	man/es/man8/sss_groupmod.8.gz	104	man/es/man8/sss_groupmod.8.gz
Lines 79-96 man/es/man8/sss_useradd.8.gz Link Here
79	man/es/man8/sss_userdel.8.gz	109	man/es/man8/sss_userdel.8.gz
80	man/es/man8/sss_usermod.8.gz	110	man/es/man8/sss_usermod.8.gz
81	man/es/man8/sssd.8.gz	111	man/es/man8/sssd.8.gz
82	man/es/man8/sssd_krb5_locator_plugin.8.gz
83	man/fr/man1/sss_ssh_authorizedkeys.1.gz
84	man/fr/man1/sss_ssh_knownhostsproxy.1.gz	112	man/fr/man1/sss_ssh_knownhostsproxy.1.gz
85	man/fr/man5/sssd-ad.5.gz
86	man/fr/man5/sssd-krb5.5.gz	113	man/fr/man5/sssd-krb5.5.gz
87	man/fr/man5/sssd-ldap.5.gz	114	man/fr/man5/sssd-ldap.5.gz
88	man/fr/man5/sssd-simple.5.gz	115	man/fr/man5/sssd-simple.5.gz
89	man/fr/man5/sssd-sudo.5.gz	116	man/fr/man5/sssd-sudo.5.gz
90	man/fr/man5/sssd.conf.5.gz
91	man/fr/man8/pam_sss.8.gz
92	man/fr/man8/sss_cache.8.gz
93	man/fr/man8/sss_debuglevel.8.gz
94	man/fr/man8/sss_groupadd.8.gz	117	man/fr/man8/sss_groupadd.8.gz
95	man/fr/man8/sss_groupdel.8.gz	118	man/fr/man8/sss_groupdel.8.gz
96	man/fr/man8/sss_groupmod.8.gz	119	man/fr/man8/sss_groupmod.8.gz
Lines 101-116 man/fr/man8/sss_useradd.8.gz Link Here
101	man/fr/man8/sss_userdel.8.gz	124	man/fr/man8/sss_userdel.8.gz
102	man/fr/man8/sss_usermod.8.gz	125	man/fr/man8/sss_usermod.8.gz
103	man/fr/man8/sssd.8.gz	126	man/fr/man8/sssd.8.gz
104	man/fr/man8/sssd_krb5_locator_plugin.8.gz
105	man/ja/man1/sss_ssh_authorizedkeys.1.gz
106	man/ja/man1/sss_ssh_knownhostsproxy.1.gz	127	man/ja/man1/sss_ssh_knownhostsproxy.1.gz
107	man/ja/man5/sssd-krb5.5.gz	128	man/ja/man5/sssd-krb5.5.gz
108	man/ja/man5/sssd-ldap.5.gz
109	man/ja/man5/sssd-simple.5.gz	129	man/ja/man5/sssd-simple.5.gz
110	man/ja/man5/sssd.conf.5.gz
111	man/ja/man8/pam_sss.8.gz
112	man/ja/man8/sss_cache.8.gz
113	man/ja/man8/sss_debuglevel.8.gz
114	man/ja/man8/sss_groupadd.8.gz	130	man/ja/man8/sss_groupadd.8.gz
115	man/ja/man8/sss_groupdel.8.gz	131	man/ja/man8/sss_groupdel.8.gz
116	man/ja/man8/sss_groupmod.8.gz	132	man/ja/man8/sss_groupmod.8.gz
Lines 120-136 man/ja/man8/sss_useradd.8.gz Link Here
120	man/ja/man8/sss_userdel.8.gz	136	man/ja/man8/sss_userdel.8.gz
121	man/ja/man8/sss_usermod.8.gz	137	man/ja/man8/sss_usermod.8.gz
122	man/ja/man8/sssd.8.gz	138	man/ja/man8/sssd.8.gz
123	man/ja/man8/sssd_krb5_locator_plugin.8.gz
124	man/man1/sss_ssh_authorizedkeys.1.gz	139	man/man1/sss_ssh_authorizedkeys.1.gz
125	man/man1/sss_ssh_knownhostsproxy.1.gz	140	man/man1/sss_ssh_knownhostsproxy.1.gz
126	man/man5/sssd-ad.5.gz	141	man/man5/sss-certmap.5.gz
		142	%%SMB%%man/man5/sssd-ad.5.gz
		143	man/man5/sssd-files.5.gz
127	man/man5/sssd-ifp.5.gz	144	man/man5/sssd-ifp.5.gz
128	man/man5/sssd-ipa.5.gz	145	%%SMB%%man/man5/sssd-ipa.5.gz
129	man/man5/sssd-krb5.5.gz	146	man/man5/sssd-krb5.5.gz
130	man/man5/sssd-ldap.5.gz	147	man/man5/sssd-ldap.5.gz
		148	man/man5/sssd-session-recording.5.gz
131	man/man5/sssd-simple.5.gz	149	man/man5/sssd-simple.5.gz
132	man/man5/sssd-sudo.5.gz	150	man/man5/sssd-sudo.5.gz
133	man/man5/sssd.conf.5.gz	151	man/man5/sssd.conf.5.gz
		152	man/man8/idmap_sss.8.gz
134	man/man8/pam_sss.8.gz	153	man/man8/pam_sss.8.gz
135	man/man8/sss_cache.8.gz	154	man/man8/sss_cache.8.gz
136	man/man8/sss_debuglevel.8.gz	155	man/man8/sss_debuglevel.8.gz
Lines 139-162 man/man8/sss_groupdel.8.gz Link Here
139	man/man8/sss_groupmod.8.gz	158	man/man8/sss_groupmod.8.gz
140	man/man8/sss_groupshow.8.gz	159	man/man8/sss_groupshow.8.gz
141	man/man8/sss_obfuscate.8.gz	160	man/man8/sss_obfuscate.8.gz
		161	man/man8/sss_override.8.gz
142	man/man8/sss_seed.8.gz	162	man/man8/sss_seed.8.gz
143	man/man8/sss_useradd.8.gz	163	man/man8/sss_useradd.8.gz
144	man/man8/sss_userdel.8.gz	164	man/man8/sss_userdel.8.gz
145	man/man8/sss_usermod.8.gz	165	man/man8/sss_usermod.8.gz
		166	man/man8/sssctl.8.gz
146	man/man8/sssd.8.gz	167	man/man8/sssd.8.gz
147	man/man8/sssd_krb5_locator_plugin.8.gz	168	man/man8/sssd_krb5_locator_plugin.8.gz
148	man/nl/man8/sss_groupmod.8.gz	169	man/nl/man8/sss_groupmod.8.gz
149	man/pt/man8/sss_groupdel.8.gz	170	man/pt/man8/sss_groupdel.8.gz
150	man/pt/man8/sss_groupmod.8.gz	171	man/pt/man8/sss_groupmod.8.gz
		172	man/sv/man5/sssd.conf.5.gz
		173	man/sv/man8/sss_groupmod.8.gz
151	man/uk/man1/sss_ssh_authorizedkeys.1.gz	174	man/uk/man1/sss_ssh_authorizedkeys.1.gz
152	man/uk/man1/sss_ssh_knownhostsproxy.1.gz	175	man/uk/man1/sss_ssh_knownhostsproxy.1.gz
		176	man/uk/man5/sss-certmap.5.gz
		177	man/uk/man5/sss_rpcidmapd.5.gz
153	man/uk/man5/sssd-ad.5.gz	178	man/uk/man5/sssd-ad.5.gz
		179	man/uk/man5/sssd-files.5.gz
154	man/uk/man5/sssd-ifp.5.gz	180	man/uk/man5/sssd-ifp.5.gz
		181	man/uk/man5/sssd-ipa.5.gz
155	man/uk/man5/sssd-krb5.5.gz	182	man/uk/man5/sssd-krb5.5.gz
156	man/uk/man5/sssd-ldap.5.gz	183	man/uk/man5/sssd-ldap.5.gz
		184	man/uk/man5/sssd-secrets.5.gz
		185	man/uk/man5/sssd-session-recording.5.gz
157	man/uk/man5/sssd-simple.5.gz	186	man/uk/man5/sssd-simple.5.gz
158	man/uk/man5/sssd-sudo.5.gz	187	man/uk/man5/sssd-sudo.5.gz
		188	man/uk/man5/sssd-systemtap.5.gz
159	man/uk/man5/sssd.conf.5.gz	189	man/uk/man5/sssd.conf.5.gz
		190	man/uk/man8/idmap_sss.8.gz
160	man/uk/man8/pam_sss.8.gz	191	man/uk/man8/pam_sss.8.gz
161	man/uk/man8/sss_cache.8.gz	192	man/uk/man8/sss_cache.8.gz
162	man/uk/man8/sss_debuglevel.8.gz	193	man/uk/man8/sss_debuglevel.8.gz
Lines 165-174 man/uk/man8/sss_groupdel.8.gz Link Here
165	man/uk/man8/sss_groupmod.8.gz	196	man/uk/man8/sss_groupmod.8.gz
166	man/uk/man8/sss_groupshow.8.gz	197	man/uk/man8/sss_groupshow.8.gz
167	man/uk/man8/sss_obfuscate.8.gz	198	man/uk/man8/sss_obfuscate.8.gz
		199	man/uk/man8/sss_override.8.gz
168	man/uk/man8/sss_seed.8.gz	200	man/uk/man8/sss_seed.8.gz
169	man/uk/man8/sss_useradd.8.gz	201	man/uk/man8/sss_useradd.8.gz
170	man/uk/man8/sss_userdel.8.gz	202	man/uk/man8/sss_userdel.8.gz
171	man/uk/man8/sss_usermod.8.gz	203	man/uk/man8/sss_usermod.8.gz
		204	man/uk/man8/sssctl.8.gz
		205	man/uk/man8/sssd-kcm.8.gz
172	man/uk/man8/sssd.8.gz	206	man/uk/man8/sssd.8.gz
173	man/uk/man8/sssd_krb5_locator_plugin.8.gz	207	man/uk/man8/sssd_krb5_locator_plugin.8.gz
174	sbin/sss_cache	208	sbin/sss_cache
Lines 178-196 sbin/sss_groupdel Link Here
178	sbin/sss_groupmod	212	sbin/sss_groupmod
179	sbin/sss_groupshow	213	sbin/sss_groupshow
180	sbin/sss_obfuscate	214	sbin/sss_obfuscate
		215	sbin/sss_override
181	sbin/sss_seed	216	sbin/sss_seed
182	sbin/sss_useradd	217	sbin/sss_useradd
183	sbin/sss_userdel	218	sbin/sss_userdel
184	sbin/sss_usermod	219	sbin/sss_usermod
		220	sbin/sssctl
185	sbin/sssd	221	sbin/sssd
		222	@dir %%ETCDIR%%/conf.d
		223	@dir %%ETCDIR%%/pki
186	@dir lib/ldb	224	@dir lib/ldb
187	@dir lib/sssd/modules
188	%%PORTDOCS%%@dir %%DOCSDIR%%/doc	225	%%PORTDOCS%%@dir %%DOCSDIR%%/doc
189	%%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc	226	%%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc
190	%%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc	227	%%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc
191	%%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc
192	%%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc	228	%%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc
193	@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi	229	%%PORTDOCS%%@dir %%DOCSDIR%%/sss_simpleifp_doc
194	@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi	230	@dir /var/db/sss/db
195	@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi	231	@dir /var/db/sss/deskprofile
196	@unexec if [ -d /var/run/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/run/sss`` to remove any additional files."; fi	232	@dir /var/db/sss/gpo_cache
		233	@dir /var/db/sss/keytabs
		234	@dir /var/db/sss/mc
		235	@dir /var/db/sss/pubconf/krb5.include.d
		236	@dir /var/db/sss/pubconf
		237	@dir /var/db/sss
		238	@dir /var/log/sssd
		239	@dir /var/run/sss/pipes/private
		240	@dir /var/run/sss/pipes
		241	@dir /var/run/sss
197	-

Return to bug 241347

Lines 2-9 Link Here

(-)b/security/sssd/Makefile (-20 / +29 lines)
2	# $FreeBSD$	2	# $FreeBSD$
3		3
4	PORTNAME= sssd	4	PORTNAME= sssd
5	PORTVERSION= 1.11.7	5	PORTVERSION= 1.16.4
6	PORTREVISION= 19	6	PORTREVISION= 1
7	CATEGORIES= security	7	CATEGORIES= security
8	MASTER_SITES= https://releases.pagure.org/SSSD/${PORTNAME}/	8	MASTER_SITES= https://releases.pagure.org/SSSD/${PORTNAME}/
9		9
Lines 20-26 LIB_DEPENDS= libpopt.so:devel/popt \ Link Here
20	libtalloc.so:devel/talloc \	20	libtalloc.so:devel/talloc \
21	libtevent.so:devel/tevent \	21	libtevent.so:devel/tevent \
22	libtdb.so:databases/tdb \	22	libtdb.so:databases/tdb \
23	libldb.so:databases/ldb14 \	23	libldb.so:databases/ldb15 \
24	libcares.so:dns/c-ares \	24	libcares.so:dns/c-ares \
25	libdbus-1.so:devel/dbus \	25	libdbus-1.so:devel/dbus \
26	libdhash.so:devel/ding-libs \	26	libdhash.so:devel/ding-libs \
Lines 38-54 BUILD_DEPENDS= xmlcatalog:textproc/libxml2 \ Link Here
38	nsupdate:dns/bind-tools	38	nsupdate:dns/bind-tools
39		39
40	GNU_CONFIGURE= yes	40	GNU_CONFIGURE= yes
41	CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \	41	CONFIGURE_ARGS= --without-selinux --without-semanage \
		42	--without-libnl --without-nfsv4-idmapd-plugin \
		43	--without-autofs --without-secrets --without-kcm \
		44	--without-python2-bindings \
		45	--with-init-dir=no \
		46	--disable-cifs-idmap-plugin \
		47	--with-unicode-lib=libunistring \
42	--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \	48	--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
43	--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \	49	--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
44	--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \	50	--datadir=${DATADIR} --docdir=${DOCSDIR} --localstatedir=/var \
45	--docdir=${DOCSDIR} --with-pid-path=/var/run \	51	--with-db-path=/var/db/sss/db --with-mcache-path=/var/db/sss/mc \
46	--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \	52	--with-pubconf-path=/var/db/sss/pubconf \
47	--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \	53	--with-gpo-cache-path=/var/db/sss/gpo_cache \
48	--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \	54	--with-pid-path=/var/run --with-pipe-path=/var/run/sss/pipes \
49	--with-unicode-lib=libunistring --with-autofs=no \	55	--with-krb5-conf=/etc/krb5.conf \
50	--disable-cifs-idmap-plugin --disable-config-lib \	56	--enable-pammoddir=${PREFIX}/lib
51	--with-krb5-conf=/etc/krb5.conf
52	CFLAGS+= -fstack-protector-all	57	CFLAGS+= -fstack-protector-all
53	PLIST_SUB= PYTHON_VER=${PYTHON_VER}	58	PLIST_SUB= PYTHON_VER=${PYTHON_VER}
54	#DEBUG_FLAGS= -g	59	#DEBUG_FLAGS= -g
Lines 58-67 SUB_FILES= pkg-message Link Here
58	USE_LDCONFIG= yes	63	USE_LDCONFIG= yes
59	USE_OPENLDAP= yes	64	USE_OPENLDAP= yes
60	USES= autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \	65	USES= autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \
61	python:2.7 shebangfix gssapi:mit	66	python:3.6 shebangfix gssapi:mit
62	INSTALL_TARGET= install-strip	67	INSTALL_TARGET= install-strip
63	CPE_VENDOR= fedoraproject	68	CPE_VENDOR= fedoraproject
64		69
		70	BINARY_ALIAS= python3=python${PYTHON_VER}
65	SHEBANG_FILES= src/tools/sss_obfuscate \	71	SHEBANG_FILES= src/tools/sss_obfuscate \
66	src/sbus/sbus_codegen	72	src/sbus/sbus_codegen
67		73
Lines 72-79 OPTIONS_DEFINE= DOCS SMB Link Here
72	OPTIONS_SUB= yes	78	OPTIONS_SUB= yes
73		79
74	SMB_DESC= Install IPA and AD providers (requires Samba4)	80	SMB_DESC= Install IPA and AD providers (requires Samba4)
75	SMB_USES= samba:lib # libndr-krb5pac libndr-nbt libndr libsamba-util	81	SMB_USES= samba:lib
76	SMB_CONFIGURE_WITH= samba	82	SMB_CONFIGURE_WITH= samba smb-idmap-interface-version=6
		83	SMB_LIB_DEPENDS= libndr-nbt.so.0:net/samba410 \
		84	libndr-krb5pac.so.0:net/samba410 \
		85	libndr-standard.so.0:net/samba410 \
		86	libndr.so.0:net/samba410 \
		87	libsamba-util.so.0:net/samba410 \
		88	libsmbclient.so.0:net/samba410
77		89
78	post-patch:	90	post-patch:
79	@${REINPLACE_CMD} -e 's\|SIGCLD\|SIGCHLD\|g' ${WRKSRC}/src/util/signal.c	91	@${REINPLACE_CMD} -e 's\|SIGCLD\|SIGCHLD\|g' ${WRKSRC}/src/util/signal.c
Lines 100-111 post-install: Link Here
100	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \	112	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \
101	${STAGEDIR}${ETCDIR}/sssd.conf.sample	113	${STAGEDIR}${ETCDIR}/sssd.conf.sample
102	${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1	114	${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1
103	# clean these up from the install; we create them in rc script start_precmd	115
104	.for d in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss
105	@${RMDIR} ${STAGEDIR}/var/${d}
106	.endfor
107	# clean unused man dirs	116	# clean unused man dirs
108	.for i in nl/man1 nl/man5 pt/man1 pt/man5	117	.for i in es/man1 nl/man1 nl/man5 pt/man1 pt/man5 sv/man1
109	@${RMDIR} ${STAGEDIR}${PREFIX}/man/${i}	118	@${RMDIR} ${STAGEDIR}${PREFIX}/man/${i}
110	.endfor	119	.endfor
111		120

Lines 1-24 Link Here

(-)b/security/sssd/files/patch-Makefile.am (-24 / +200 lines)
1	diff --git Makefile.am Makefile.am	1	diff --git Makefile.am Makefile.am
2	index fd74d85..4a7e6ae 100644	2	index be17d6a59..03386d1f8 100644
3	--- Makefile.am	3	--- Makefile.am
4	+++ Makefile.am	4	+++ Makefile.am
5	@@ -311,6 +311,7 @@ AM_CPPFLAGS = \	5	@@ -61,7 +61,7 @@ sssdapiplugindir = $(sssddatadir)/sssd.api.d
6	$(LIBNL_CFLAGS) \	6	sssdtapscriptdir = $(sssddatadir)/systemtap
7	$(OPENLDAP_CFLAGS) \	7	dbuspolicydir = $(sysconfdir)/dbus-1/system.d
8	$(GLIB2_CFLAGS) \	8	dbusservicedir = $(datadir)/dbus-1/system-services
9	+ -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \	9	-sss_statedir = $(localstatedir)/lib/sss
10	-DLIBDIR=\"$(libdir)\" \	10	+sss_statedir = $(localstatedir)/db/sss
11	-DVARDIR=\"$(localstatedir)\" \	11	runstatedir = @runstatedir@
12	-DSHLIBEXT=\"$(SHLIBEXT)\" \	12	localedir = @localedir@
13	@@ -378,6 +379,7 @@ SSSD_LIBS = \	13	nsslibdir = @nsslibdir@
14	$(DHASH_LIBS) \	14	@@ -378,12 +378,6 @@ sssdlib_LTLIBRARIES += \
15	$(SSS_CRYPT_LIBS) \	15	libsss_ad.la
16	$(OPENLDAP_LIBS) \	16	endif
17	+ $(LTLIBINTL) \	17
18	$(TDB_LIBS)	18	-if HAVE_INOTIFY
		19	-sssdlib_LTLIBRARIES += \
		20	- libsss_files.la \
		21	- $(NULL)
		22	-endif # HAVE_INOTIFY
		23	-
		24	ldblib_LTLIBRARIES = \
		25	memberof.la
		26
		27	@@ -610,6 +604,7 @@ SSSD_FAILOVER_OBJ = \
19		28
20	PYTHON_BINDINGS_LIBS = \	29	SSSD_LIBS = \
21	@@ -433,6 +435,7 @@ dist_noinst_HEADERS = \	30	$(TALLOC_LIBS) \
		31	+ $(LTLIBINTL) \
		32	$(TEVENT_LIBS) \
		33	$(POPT_LIBS) \
		34	$(LDB_LIBS) \
		35	@@ -664,6 +659,7 @@ dist_noinst_HEADERS = \
22	src/util/sss_ssh.h \	36	src/util/sss_ssh.h \
23	src/util/sss_ini.h \	37	src/util/sss_ini.h \
24	src/util/sss_format.h \	38	src/util/sss_format.h \
Lines 26-32 index fd74d85..4a7e6ae 100644 Link Here
26	src/util/refcount.h \	40	src/util/refcount.h \
27	src/util/find_uid.h \	41	src/util/find_uid.h \
28	src/util/user_info_msg.h \	42	src/util/user_info_msg.h \
29	@@ -1700,9 +1703,10 @@ endif	43	@@ -1358,6 +1354,7 @@ sssd_LDADD = \
		44	$(SSSD_LIBS) \
		45	$(INOTIFY_LIBS) \
		46	$(LIBNL_LIBS) \
		47	+ $(LTLIBINTL) \
		48	$(KEYUTILS_LIBS) \
		49	$(SYSTEMD_DAEMON_LIBS) \
		50	$(SSSD_INTERNAL_LTLIBS)
		51	@@ -1381,6 +1378,7 @@ sssd_nss_SOURCES = \
		52	sssd_nss_LDADD = \
		53	$(TDB_LIBS) \
		54	$(SSSD_LIBS) \
		55	+ $(LTLIBINTL) \
		56	libsss_idmap.la \
		57	libsss_cert.la \
		58	$(SYSTEMD_DAEMON_LIBS) \
		59	@@ -1397,6 +1395,7 @@ sssd_pam_SOURCES = \
		60	sssd_pam_LDADD = \
		61	$(TDB_LIBS) \
		62	$(SSSD_LIBS) \
		63	+ $(LTLIBINTL) \
		64	$(SELINUX_LIBS) \
		65	$(PAM_LIBS) \
		66	$(SYSTEMD_DAEMON_LIBS) \
		67	@@ -1414,6 +1413,7 @@ sssd_sudo_SOURCES = \
		68	$(SSSD_RESPONDER_OBJ)
		69	sssd_sudo_LDADD = \
		70	$(SSSD_LIBS) \
		71	+ $(LTLIBINTL) \
		72	$(SYSTEMD_DAEMON_LIBS) \
		73	$(SSSD_INTERNAL_LTLIBS)
		74	endif
		75	@@ -1426,6 +1426,7 @@ sssd_autofs_SOURCES = \
		76	$(SSSD_RESPONDER_OBJ)
		77	sssd_autofs_LDADD = \
		78	$(SSSD_LIBS) \
		79	+ $(LTLIBINTL) \
		80	$(SYSTEMD_DAEMON_LIBS) \
		81	$(SSSD_INTERNAL_LTLIBS)
		82	endif
		83	@@ -1441,6 +1442,7 @@ sssd_ssh_SOURCES = \
		84	$(NULL)
		85	sssd_ssh_LDADD = \
		86	$(SSSD_LIBS) \
		87	+ $(LTLIBINTL) \
		88	$(SSSD_INTERNAL_LTLIBS) \
		89	$(SYSTEMD_DAEMON_LIBS) \
		90	libsss_cert.la \
		91	@@ -1481,6 +1483,7 @@ sssd_ifp_CFLAGS = \
		92	$(AM_CFLAGS)
		93	sssd_ifp_LDADD = \
		94	$(SSSD_LIBS) \
		95	+ $(LTLIBINTL) \
		96	$(SYSTEMD_DAEMON_LIBS) \
		97	$(SSSD_INTERNAL_LTLIBS) \
		98	libsss_cert.la \
		99	@@ -1604,6 +1607,7 @@ sssd_be_SOURCES = \
		100	sssd_be_LDADD = \
		101	$(LIBADD_DL) \
		102	$(SSSD_LIBS) \
		103	+ $(LTLIBINTL) \
		104	$(CARES_LIBS) \
		105	$(PAM_LIBS) \
		106	$(SSSD_INTERNAL_LTLIBS)
		107	@@ -1726,6 +1730,7 @@ sss_signal_SOURCES = \
108	src/tools/common/sss_process.c
109	$(NULL)
110	sss_signal_LDADD = \
111	+ $(LTLIBINTL) \
112	libsss_debug.la \
113	$(NULL)
114
115	@@ -2318,6 +2323,7 @@ test_ssh_client_CFLAGS = \
116	test_ssh_client_LDADD = \
117	$(SSSD_INTERNAL_LTLIBS) \
118	$(SSSD_LIBS) \
119	+ $(LTLIBINTL) \
120	$(NULL)
121
122	if BUILD_DBUS_TESTS
123	@@ -2602,6 +2608,7 @@ test_authtok_LDADD = \
124	$(CMOCKA_LIBS) \
125	$(DHASH_LIBS) \
126	$(POPT_LIBS) \
127	+ $(LTLIBINTL) \
128	libsss_test_common.la \
129	libsss_debug.la \
130	$(NULL)
131	@@ -2622,6 +2629,7 @@ deskprofile_utils_tests_SOURCES = \
132	deskprofile_utils_tests_CFLAGS = \
133	$(AM_CFLAGS)
134	deskprofile_utils_tests_LDADD = \
135	+ $(LTLIBINTL) \
136	$(CMOCKA_LIBS) \
137	$(SSSD_INTERNAL_LTLIBS) \
138	libsss_test_common.la
139	@@ -2654,6 +2662,7 @@ domain_resolution_order_tests_CFLAGS = \
140	$(AM_CFLAGS)
141	domain_resolution_order_tests_LDADD = \
142	$(CMOCKA_LIBS) \
143	+ $(LTLIBINTL) \
144	$(SSSD_INTERNAL_LTLIBS) \
145	libsss_test_common.la
146
147	@@ -2738,6 +2747,7 @@ test_search_bases_LDADD = \
148	$(CMOCKA_LIBS) \
149	$(TALLOC_LIBS) \
150	$(SSSD_INTERNAL_LTLIBS) \
151	+ $(LTLIBINTL) \
152	libsss_ldap_common.la \
153	libsss_test_common.la \
154	libdlopen_test_providers.la \
155	@@ -3545,6 +3555,7 @@ test_inotify_LDADD = \
156	$(CMOCKA_LIBS) \
157	$(SSSD_LIBS) \
158	$(SSSD_INTERNAL_LTLIBS) \
159	+ $(INOTIFY_LIBS) \
160	$(LIBADD_DL) \
161	libsss_test_common.la \
162	$(NULL)
163	@@ -3637,9 +3648,6 @@ endif
164	if BUILD_WITH_LIBCURL
165	noinst_PROGRAMS += tcurl-test-tool
166	endif
167	-if BUILD_PAC_RESPONDER
168	- noinst_PROGRAMS += sssd_pac_test_client
169	-endif
170
171	if BUILD_AUTOFS
172	autofs_test_client_SOURCES = \
173	@@ -3730,9 +3738,10 @@ intgcheck:
30	# Client Libraries #	174	# Client Libraries #
31	####################	175	####################
32		176
Lines 39-47 index fd74d85..4a7e6ae 100644 Link Here
39	src/sss_client/nss_passwd.c \	183	src/sss_client/nss_passwd.c \
40	src/sss_client/nss_group.c \	184	src/sss_client/nss_group.c \
41	src/sss_client/nss_netgroup.c \	185	src/sss_client/nss_netgroup.c \
42	@@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \	186	@@ -3748,9 +3757,9 @@ libnss_sss_la_SOURCES = \
43	src/sss_client/nss_mc_passwd.c \
44	src/sss_client/nss_mc_group.c \	187	src/sss_client/nss_mc_group.c \
		188	src/sss_client/nss_mc_initgr.c \
45	src/sss_client/nss_mc.h	189	src/sss_client/nss_mc.h
46	-libnss_sss_la_LIBADD = \	190	-libnss_sss_la_LIBADD = \
47	+nss_sss_la_LIBADD = \	191	+nss_sss_la_LIBADD = \
Lines 51-61 index fd74d85..4a7e6ae 100644 Link Here
51	-module \	195	-module \
52	-version-info 2:0:0 \	196	-version-info 2:0:0 \
53	-Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports	197	-Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
54	@@ -2086,6 +2090,7 @@ ldap_child_LDADD = \	198	@@ -3908,6 +3917,7 @@ libsss_ldap_common_la_LIBADD = \
55	$(POPT_LIBS) \
56	$(OPENLDAP_LIBS) \	199	$(OPENLDAP_LIBS) \
57	$(DHASH_LIBS) \	200	$(DHASH_LIBS) \
		201	$(KRB5_LIBS) \
58	+ $(LTLIBINTL) \	202	+ $(LTLIBINTL) \
59	$(KRB5_LIBS)	203	libsss_krb5_common.la \
		204	libsss_idmap.la \
		205	libsss_certmap.la \
		206	@@ -4271,6 +4281,7 @@ ldap_child_CFLAGS = \
		207	$(KRB5_CFLAGS)
		208	ldap_child_LDADD = \
		209	libsss_debug.la \
		210	+ $(LTLIBINTL) \
		211	$(TALLOC_LIBS) \
		212	$(POPT_LIBS) \
		213	$(DHASH_LIBS) \
		214	@@ -4313,6 +4324,7 @@ gpo_child_CFLAGS = \
		215	$(SMBCLIENT_CFLAGS)
		216	gpo_child_LDADD = \
		217	libsss_debug.la \
		218	+ $(LTLIBINTL) \
		219	$(TALLOC_LIBS) \
		220	$(POPT_LIBS) \
		221	$(DHASH_LIBS) \
		222	@@ -4329,6 +4341,7 @@ proxy_child_CFLAGS = \
		223	proxy_child_LDADD = \
		224	$(PAM_LIBS) \
		225	$(SSSD_LIBS) \
		226	+ $(LTLIBINTL) \
		227	$(SSSD_INTERNAL_LTLIBS)
60		228
61	proxy_child_SOURCES = \	229	p11_child_SOURCES = \
		230	@@ -4361,6 +4374,7 @@ endif
		231
		232	p11_child_LDADD = \
		233	libsss_debug.la \
		234	+ $(LTLIBINTL) \
		235	$(TALLOC_LIBS) \
		236	$(DHASH_LIBS) \
		237	$(POPT_LIBS) \

Lines 1-21 Link Here

(-)b/security/sssd/files/patch-configure.ac (-18 / +10 lines)
1	--- configure.ac.orig 2013-11-06 18:35:03 UTC	1	diff --git configure.ac configure.ac
		2	index 9df463d9c..17d0d9ea7 100644
		3	--- configure.ac
2	+++ configure.ac	4	+++ configure.ac
3	@@ -5,15 +5,15 @@ AC_INIT([sssd],	5	@@ -44,8 +44,6 @@ AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
4	VERSION_NUMBER,	6	AC_CHECK_HEADERS(stdint.h dlfcn.h)
5	[sssd-devel@lists.fedorahosted.org])	7	AC_CONFIG_HEADER(config.h)
6		8
7	+AC_CONFIG_SRCDIR([BUILD.txt])	9	-AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
8	+AC_CONFIG_AUX_DIR([build])
9	+
10	m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
11	[AC_USE_SYSTEM_EXTENSIONS],
12	[AC_GNU_SOURCE])
13
14	CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
15
16	-AC_CONFIG_SRCDIR([BUILD.txt])
17	-AC_CONFIG_AUX_DIR([build])
18	-	10	-
19	AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax])	11	m4_include([src/build_macros.m4])
20	AM_PROG_CC_C_O	12	BUILD_WITH_SHARED_BUILD_DIR
21	m4_ifdef([AM_PROG_AR], [AM_PROG_AR])	13

Lines 1-13 Link Here

(-)b/security/sssd/files/patch-src__external__krb5.m4 (-3 / +3 lines)
1	diff --git src/external/krb5.m4 src/external/krb5.m4	1	diff --git src/external/krb5.m4 src/external/krb5.m4
2	index 861c8c9..978ec03 100644	2	index b844c2fbe..856ef56fe 100644
3	--- src/external/krb5.m4	3	--- src/external/krb5.m4
4	+++ src/external/krb5.m4	4	+++ src/external/krb5.m4
5	@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then	5	@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
6	KRB5_PASSED_CFLAGS=$KRB5_CFLAGS	6	KRB5_PASSED_CFLAGS=$KRB5_CFLAGS
7	fi	7	fi
8		8
9	-AC_PATH_PROG(KRB5_CONFIG, krb5-config)	9	-AC_PATH_TOOL(KRB5_CONFIG, krb5-config)
10	+AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])	10	+AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
11	AC_MSG_CHECKING(for working krb5-config)	11	AC_MSG_CHECKING(for working krb5-config)
12	if test -x "$KRB5_CONFIG"; then	12	if test -x "$KRB5_CONFIG"; then
13	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"	13	KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"

Added Link Here

(-)b/security/sssd/files/patch-src__external__ldap.m4 (+24 lines)
1	diff --git src/external/ldap.m4 src/external/ldap.m4
2	index cd13fde62..73ca93674 100644
3	--- src/external/ldap.m4
4	+++ src/external/ldap.m4
5	@@ -32,8 +32,7 @@ dnl Check for other libraries we need to link with to get the main routines.
6	test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
7	test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
8	test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
9	-CFLAGS=$SAVE_CFLAGS
10	-LIBS=$SAVE_LIBS
11	+
12	dnl Recently, we need -lber even though the main routines are elsewhere,
13	dnl because otherwise we get link errors w.r.t. ber_pvt_opt_on. So just
14	dnl check for that (it's a variable not a fun but that doesn't seem to
15	@@ -42,6 +41,9 @@ dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
16	dnl #### understands LDAP needs to fix this properly.
17	test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
18
19	+CFLAGS=$SAVE_CFLAGS
20	+LIBS=$SAVE_LIBS
21	+
22	if test "$with_ldap" = "yes"; then
23	if test "$with_ldap_des" = "yes" ; then
24	OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes"

Added Link Here

(-)b/security/sssd/files/patch-src__external__pac_responder.m4 (+25 lines)
1	diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
2	index dc986a1b8..09efdb139 100644
3	--- src/external/pac_responder.m4
4	+++ src/external/pac_responder.m4
5	@@ -7,7 +7,7 @@ AC_ARG_ENABLE([pac-responder],
6	krb5_version_ok=no
7	if test x$build_pac_responder = xyes
8	then
9	- AC_PATH_PROG(KRB5_CONFIG, krb5-config)
10	+ AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
11	AC_MSG_CHECKING(for supported MIT krb5 version)
12	KRB5_VERSION="`$KRB5_CONFIG --version`"
13	case $KRB5_VERSION in
14	--- src/external/pac_responder.m4
15	+++ src/external/pac_responder.m4
16	@@ -19,7 +19,8 @@
17	Kerberos\ 5\ release\ 1.14* \| \
18	Kerberos\ 5\ release\ 1.15* \| \
19	Kerberos\ 5\ release\ 1.16* \| \
20	- Kerberos\ 5\ release\ 1.17*)
21	+ Kerberos\ 5\ release\ 1.17 \| \
22	+ Kerberos\ 5\ release\ 1.18*)
23	krb5_version_ok=yes
24	AC_MSG_RESULT([yes])
25	;;

Added Link Here

(-)b/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h (+13 lines)
1	diff --git src/lib/winbind_idmap_sss/winbind_idmap_sss.h src/lib/winbind_idmap_sss/winbind_idmap_sss.h
2	index 868049fff..cb1604ef1 100644
3	--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h
4	+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h
5	@@ -29,6 +29,8 @@
6	#include <stdbool.h>
7
8	#include <core/ntstatus.h>
9	+#include <unistd.h>
10	+#include <time.h>
11	#include <ndr.h>
12	#include <gen_ndr/security.h>
13

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ad__ad_common.c (+31 lines)
1	diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
2	index 0d154ca57..407d37a37 100644
3	--- src/providers/ad/ad_common.c
4	+++ src/providers/ad/ad_common.c
5	@@ -419,7 +419,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
6	char *server;
7	char *realm;
8	char *ad_hostname;
9	- char hostname[HOST_NAME_MAX + 1];
10	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
11	char *case_sensitive_opt;
12	const char *opt_override;
13
14	@@ -458,7 +458,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
15	*/
16	ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
17	if (ad_hostname == NULL) {
18	- gret = gethostname(hostname, sizeof(hostname));
19	+ gret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
20	if (gret != 0) {
21	ret = errno;
22	DEBUG(SSSDBG_FATAL_FAILURE,
23	@@ -466,7 +466,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
24	strerror(ret));
25	goto done;
26	}
27	- hostname[HOST_NAME_MAX] = '\0';
28	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
29	DEBUG(SSSDBG_CONF_SETTINGS,
30	"Setting ad_hostname to [%s].\n", hostname);
31	ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ad__ad_pac.h (+13 lines)
1	diff --git src/providers/ad/ad_pac.h src/providers/ad/ad_pac.h
2	index 34f1e92c7..00a53cccd 100644
3	--- src/providers/ad/ad_pac.h
4	+++ src/providers/ad/ad_pac.h
5	@@ -32,6 +32,8 @@
6	#ifdef ldb_val
7	#error Please make sure to include ad_pac.h before ldb.h
8	#endif
9	+#include <unistd.h>
10	+#include <time.h>
11	#include <ndr.h>
12	#include <gen_ndr/krb5pac.h>
13	#include <gen_ndr/ndr_krb5pac.h>

Added Link Here

(-)b/security/sssd/files/patch-src__providers__data_provider_fo.c (+26 lines)
1	diff --git src/providers/data_provider_fo.c src/providers/data_provider_fo.c
2	index 473b667e5..63f2dd131 100644
3	--- src/providers/data_provider_fo.c
4	+++ src/providers/data_provider_fo.c
5	@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx,
6	const char *hostname)
7	{
8	struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
9	- char resolved_hostname[HOST_NAME_MAX + 1];
10	+ char resolved_hostname[_POSIX_HOST_NAME_MAX + 1];
11	errno_t ret;
12
13	if (hostname == NULL) {
14	- ret = gethostname(resolved_hostname, sizeof(resolved_hostname));
15	+ ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX);
16	if (ret != EOK) {
17	ret = errno;
18	DEBUG(SSSDBG_CRIT_FAILURE,
19	"gethostname() failed: [%d]: %s\n", ret, strerror(ret));
20	return ret;
21	}
22	- resolved_hostname[HOST_NAME_MAX] = '\0';
23	+ resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0';
24	hostname = resolved_hostname;
25	}
26

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ipa__ipa_common.c (+30 lines)
1	diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
2	index 17d14e6b0..681ac8615 100644
3	--- src/providers/ipa/ipa_common.c
4	+++ src/providers/ipa/ipa_common.c
5	@@ -49,7 +49,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
6	char *realm;
7	char *ipa_hostname;
8	int ret;
9	- char hostname[HOST_NAME_MAX + 1];
10	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
11
12	opts = talloc_zero(memctx, struct ipa_options);
13	if (!opts) return ENOMEM;
14	@@ -79,14 +79,14 @@ int ipa_get_options(TALLOC_CTX *memctx,
15
16	ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
17	if (ipa_hostname == NULL) {
18	- ret = gethostname(hostname, sizeof(hostname));
19	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
20	if (ret != EOK) {
21	DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
22	strerror(errno));
23	ret = errno;
24	goto done;
25	}
26	- hostname[HOST_NAME_MAX] = '\0';
27	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
28	DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
29	ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
30	if (ret != EOK) {

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c (+13 lines)
1	diff --git src/providers/ipa/ipa_deskprofile_rules_util.c src/providers/ipa/ipa_deskprofile_rules_util.c
2	index 991c6053d..59483b452 100644
3	--- src/providers/ipa/ipa_deskprofile_rules_util.c
4	+++ src/providers/ipa/ipa_deskprofile_rules_util.c
5	@@ -25,6 +25,8 @@
6	#include "providers/ipa/ipa_rules_common.h"
7	#include <ctype.h>
8	#include <fcntl.h>
9	+#include <sys/types.h>
10	+#include <signal.h>
11
12	#define DESKPROFILE_GLOBAL_POLICY_MIN_VALUE 1
13	#define DESKPROFILE_GLOBAL_POLICY_MAX_VALUE 24

Lines 1-5 Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c (-41 / +109 lines)
1	diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c	1	diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
2	index 2aacce0..e019cf7 100644	2	index de22689ae..fdfd67cf4 100644
3	--- src/providers/ldap/ldap_auth.c	3	--- src/providers/ldap/ldap_auth.c
4	+++ src/providers/ldap/ldap_auth.c	4	+++ src/providers/ldap/ldap_auth.c
5	@@ -37,7 +37,6 @@	5	@@ -37,7 +37,6 @@
Lines 10-18 index 2aacce0..e019cf7 100644 Link Here
10	#include <security/pam_modules.h>	10	#include <security/pam_modules.h>
11		11
12	#include "util/util.h"	12	#include "util/util.h"
13	@@ -56,6 +55,22 @@ enum pwexpire {	13	@@ -52,6 +51,22 @@
14	PWEXPIRE_SHADOW	14
15	};	15	#define LDAP_PWEXPIRE_WARNING_TIME 0
16		16
17	+struct spwd	17	+struct spwd
18	+{	18	+{
Lines 33-52 index 2aacce0..e019cf7 100644 Link Here
33	static errno_t add_expired_warning(struct pam_data *pd, long exp_time)	33	static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
34	{	34	{
35	int ret;	35	int ret;
36	@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,	36	@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
37	return EINVAL;
38	}
39
40	+ tzset();
41	expire_time = mktime(&tm);
42	if (expire_time == -1) {
43	DEBUG(SSSDBG_CRIT_FAILURE,
44	@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
45	return EINVAL;
46	}	37	}
47		38
48	- tzset();
49	- expire_time -= timezone;
50	DEBUG(SSSDBG_TRACE_ALL,	39	DEBUG(SSSDBG_TRACE_ALL,
51	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "	40	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
52	- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],	41	- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
Lines 57-63 index 2aacce0..e019cf7 100644 Link Here
57		46
58	if (difftime(now, expire_time) > 0.0) {	47	if (difftime(now, expire_time) > 0.0) {
59	DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");	48	DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
60	@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)	49	@@ -946,14 +961,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
		50
		51	state->pd = pd;
		52	state->be_ctx = params->be_ctx;
		53	- pd->pam_status = PAM_SYSTEM_ERR;
		54	+ pd->pam_status = PAM_SERVICE_ERR;
		55
		56	switch (pd->cmd) {
		57	case SSS_PAM_AUTHENTICATE:
		58	subreq = auth_send(state, params->ev, auth_ctx,
		59	pd->user, pd->authtok, false);
		60	if (subreq == NULL) {
		61	- pd->pam_status = PAM_SYSTEM_ERR;
		62	+ pd->pam_status = PAM_SERVICE_ERR;
		63	goto immediately;
		64	}
		65
		66	@@ -963,14 +978,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
		67	subreq = auth_send(state, params->ev, auth_ctx,
		68	pd->user, pd->authtok, true);
		69	if (subreq == NULL) {
		70	- pd->pam_status = PAM_SYSTEM_ERR;
		71	+ pd->pam_status = PAM_SERVICE_ERR;
		72	goto immediately;
		73	}
		74
		75	tevent_req_set_callback(subreq, sdap_pam_auth_handler_done, req);
		76	break;
		77	case SSS_PAM_CHAUTHTOK:
		78	- pd->pam_status = PAM_SYSTEM_ERR;
		79	+ pd->pam_status = PAM_SERVICE_ERR;
		80	goto immediately;
		81
		82	case SSS_PAM_ACCT_MGMT:
		83	@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
		84	state->be_ctx->domain->pwd_expiration_warning);
		85	if (ret == EINVAL) {
		86	/* Unknown password expiration type. */
		87	- state->pd->pam_status = PAM_SYSTEM_ERR;
		88	+ state->pd->pam_status = PAM_SERVICE_ERR;
		89	goto done;
		90	}
		91	}
		92	@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
		93	state->pd->pam_status = PAM_BAD_ITEM;
		94	break;
		95	default:
		96	- state->pd->pam_status = PAM_SYSTEM_ERR;
		97	+ state->pd->pam_status = PAM_SERVICE_ERR;
		98	break;
		99	}
		100
		101	@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
61	DEBUG(SSSDBG_OP_FAILURE,	102	DEBUG(SSSDBG_OP_FAILURE,
62	"starting password change request for user [%s].\n", pd->user);	103	"starting password change request for user [%s].\n", pd->user);
63		104
Lines 66-81 index 2aacce0..e019cf7 100644 Link Here
66		107
67	if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {	108	if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
68	DEBUG(SSSDBG_OP_FAILURE,	109	DEBUG(SSSDBG_OP_FAILURE,
69	@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req)	110	@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
70	dp_err = DP_ERR_OFFLINE;	111	subreq = auth_send(state, params->ev, auth_ctx,
		112	pd->user, pd->authtok, true);
		113	if (subreq == NULL) {
		114	- pd->pam_status = PAM_SYSTEM_ERR;
		115	+ pd->pam_status = PAM_SERVICE_ERR;
		116	goto immediately;
		117	}
		118
		119	@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
		120	if (ret == ERR_PASSWORD_EXPIRED) {
		121	DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change "
		122	"kerberos passwords.\n");
		123	- state->pd->pam_status = PAM_SYSTEM_ERR;
		124	+ state->pd->pam_status = PAM_SERVICE_ERR;
		125	goto done;
		126	}
		127	break;
		128	@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
		129	break;
		130	default:
		131	DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
		132	- state->pd->pam_status = PAM_SYSTEM_ERR;
		133	+ state->pd->pam_status = PAM_SERVICE_ERR;
		134	goto done;
		135	}
		136	}
		137	@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
		138	if (subreq == NULL) {
		139	DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for "
		140	"%s\n", state->pd->user);
		141	- state->pd->pam_status = PAM_SYSTEM_ERR;
		142	+ state->pd->pam_status = PAM_SERVICE_ERR;
		143	goto done;
		144	}
		145
		146	@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
		147	be_mark_offline(state->be_ctx);
		148	break;
		149	default:
		150	- state->pd->pam_status = PAM_SYSTEM_ERR;
		151	+ state->pd->pam_status = PAM_SERVICE_ERR;
		152	break;
		153	}
		154
		155	@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
		156	state->pd->pam_status = PAM_AUTHTOK_ERR;
71	break;	157	break;
72	default:	158	default:
73	- state->pd->pam_status = PAM_SYSTEM_ERR;	159	- state->pd->pam_status = PAM_SYSTEM_ERR;
74	+ state->pd->pam_status = PAM_SERVICE_ERR;	160	+ state->pd->pam_status = PAM_SERVICE_ERR;
		161	break;
75	}	162	}
76		163
77	done:	164	@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
78	@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req)
79	state->sh, state->dn,	165	state->sh, state->dn,
80	lastchanged_name);	166	lastchanged_name);
81	if (subreq == NULL) {	167	if (subreq == NULL) {
Lines 84-113 index 2aacce0..e019cf7 100644 Link Here
84	goto done;	170	goto done;
85	}	171	}
86		172
87	@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *req)	173	@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq)
		174	talloc_free(subreq);
88		175
89	ret = sdap_modify_shadow_lastchange_recv(req);
90	if (ret != EOK) {	176	if (ret != EOK) {
91	- state->pd->pam_status = PAM_SYSTEM_ERR;	177	- state->pd->pam_status = PAM_SYSTEM_ERR;
92	+ state->pd->pam_status = PAM_SERVICE_ERR;	178	+ state->pd->pam_status = PAM_SERVICE_ERR;
93	goto done;	179	goto done;
94	}	180	}
95		181
96	@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
97	goto done;
98	}
99
100	- pd->pam_status = PAM_SYSTEM_ERR;
101	+ pd->pam_status = PAM_SERVICE_ERR;
102
103	switch (pd->cmd) {
104	case SSS_PAM_AUTHENTICATE:
105	@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
106	state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
107	break;
108	default:
109	- state->pd->pam_status = PAM_SYSTEM_ERR;
110	+ state->pd->pam_status = PAM_SERVICE_ERR;
111	dp_err = DP_ERR_FATAL;
112	}
113

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__ldap_child.c (+22 lines)
1	diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c
2	index 368bb91e1..1bc86ecb5 100644
3	--- src/providers/ldap/ldap_child.c
4	+++ src/providers/ldap/ldap_child.c
5	@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
6	full_princ = talloc_strdup(tmp_ctx, princ_str);
7	}
8	} else {
9	- char hostname[HOST_NAME_MAX + 1];
10	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
11
12	- ret = gethostname(hostname, sizeof(hostname));
13	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
14	if (ret == -1) {
15	krberr = KRB5KRB_ERR_GENERIC;
16	goto done;
17	}
18	- hostname[HOST_NAME_MAX] = '\0';
19	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
20
21	DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
22

Lines 1-21 Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__sdap_access.c (-14 / +26 lines)
1	diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c	1	diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
2	index 880735e..d349dcf 100644	2	index dd04ec512..58a3766fc 100644
3	--- src/providers/ldap/sdap_access.c	3	--- src/providers/ldap/sdap_access.c
4	+++ src/providers/ldap/sdap_access.c	4	+++ src/providers/ldap/sdap_access.c
5	@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str)	5	@@ -562,9 +562,9 @@ bool nds_check_expired(const char *exp_time_str)
6	return true;
7	}
8		6
9	+ tzset();
10	expire_time = mktime(&tm);
11	if (expire_time == -1) {
12	DEBUG(SSSDBG_CRIT_FAILURE,
13	@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str)
14	return true;
15	}
16
17	- tzset();
18	- expire_time -= timezone;
19	now = time(NULL);	7	now = time(NULL);
20	DEBUG(SSSDBG_TRACE_ALL,	8	DEBUG(SSSDBG_TRACE_ALL,
21	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "	9	- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
Lines 27-29 index 880735e..d349dcf 100644 Link Here
27		15
28	if (difftime(now, expire_time) > 0.0) {	16	if (difftime(now, expire_time) > 0.0) {
29	DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");	17	DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
		18	@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
		19	struct ldb_message_element *el;
		20	unsigned int i;
		21	char *host;
		22	- char hostname[HOST_NAME_MAX + 1];
		23	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
		24
		25	el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
		26	if (!el \|\| el->num_values == 0) {
		27	@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
		28	return ERR_ACCESS_DENIED;
		29	}
		30
		31	- if (gethostname(hostname, sizeof(hostname)) == -1) {
		32	+ if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
		33	DEBUG(SSSDBG_CRIT_FAILURE,
		34	"Unable to get system hostname. Access denied\n");
		35	return ERR_ACCESS_DENIED;
		36	}
		37	- hostname[HOST_NAME_MAX] = '\0';
		38	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
		39
		40	/* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
		41	* in some attempt to get aliases and/or FQDN for the machine.

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c (+22 lines)
1	diff --git src/providers/ldap/sdap_async_groups.c src/providers/ldap/sdap_async_groups.c
2	index 09e15bc3d..c74e4c3ea 100644
3	--- src/providers/ldap/sdap_async_groups.c
4	+++ src/providers/ldap/sdap_async_groups.c
5	@@ -505,6 +505,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
6	struct sysdb_attrs *group_attrs;
7	const char *group_name = NULL;
8	gid_t gid;
9	+ id_t temp_id;
10	errno_t ret;
11	char *usn_value = NULL;
12	TALLOC_CTX *tmpctx = NULL;
13	@@ -615,7 +616,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
14	group_name, sid_str);
15
16	/* Convert the SID into a UNIX group ID */
17	- ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid);
18	+ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id);
19	+ gid = (gid_t) temp_id;
20	if (ret == ENOTSUP) {
21	/* ENOTSUP is returned if built-in SID was provided
22	* => do not store the group, but return EOK */

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c (+41 lines)
1	diff --git src/providers/ldap/sdap_async_initgroups.c src/providers/ldap/sdap_async_initgroups.c
2	index 620782b6f..9831ac1d6 100644
3	--- src/providers/ldap/sdap_async_initgroups.c
4	+++ src/providers/ldap/sdap_async_initgroups.c
5	@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
6	const char *uuid = NULL;
7	char **missing;
8	gid_t gid;
9	+ id_t temp_id;
10	int ret;
11	errno_t sret;
12	bool in_transaction = false;
13	@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
14
15	/* Convert the SID into a UNIX group ID */
16	ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str,
17	- &gid);
18	+ &temp_id);
19	+ gid = (gid_t) temp_id;
20	if (ret == EOK) {
21	DEBUG(SSSDBG_TRACE_INTERNAL,
22	"Group [%s] has mapped gid [%lu]\n",
23	@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
24	int ret;
25	TALLOC_CTX *tmp_ctx;
26	gid_t primary_gid;
27	+ id_t temp_id;
28	char *gid;
29	char *sid_str;
30	char *dom_sid_str;
31	@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
32
33	/* Convert the SID into a UNIX group ID */
34	ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str,
35	- &primary_gid);
36	+ &temp_id);
37	if (ret != EOK) goto done;
38	+ primary_gid = (gid_t) temp_id;
39	} else {
40	ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM,
41	&primary_gid);

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c (+22 lines)
1	diff --git src/providers/ldap/sdap_async_initgroups_ad.c src/providers/ldap/sdap_async_initgroups_ad.c
2	index 3c58f5bc4..7e0a5169d 100644
3	--- src/providers/ldap/sdap_async_initgroups_ad.c
4	+++ src/providers/ldap/sdap_async_initgroups_ad.c
5	@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
6	size_t i;
7	time_t now;
8	gid_t gid;
9	+ id_t temp_id;
10	char **groups = NULL;
11	size_t num_groups;
12	errno_t ret;
13	@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
14	sid = sids[i];
15	DEBUG(SSSDBG_TRACE_LIBS, "Processing membership SID [%s]\n", sid);
16
17	- ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &gid);
18	+ ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &temp_id);
19	+ gid = (gid_t) temp_id;
20	if (ret == ENOTSUP) {
21	DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
22	continue;

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (+30 lines)
1	diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
2	index a3c3e1068..f33299304 100644
3	--- src/providers/ldap/sdap_async_sudo_hostinfo.c
4	+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
5	@@ -357,7 +357,7 @@ static struct tevent_req sdap_sudo_get_hostnames_send(TALLOC_CTX mem_ctx,
6	struct tevent_req *subreq = NULL;
7	struct sdap_sudo_get_hostnames_state *state = NULL;
8	char *dot = NULL;
9	- char hostname[HOST_NAME_MAX + 1];
10	+ char hostname[_POSIX_HOST_NAME_MAX + 1];
11	int ret;
12
13	req = tevent_req_create(mem_ctx, &state,
14	@@ -380,14 +380,14 @@ static struct tevent_req sdap_sudo_get_hostnames_send(TALLOC_CTX mem_ctx,
15	/* get hostname */
16
17	errno = 0;
18	- ret = gethostname(hostname, sizeof(hostname));
19	+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
20	if (ret != EOK) {
21	ret = errno;
22	DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname "
23	"[%d]: %s\n", ret, strerror(ret));
24	goto done;
25	}
26	- hostname[HOST_NAME_MAX] = '\0';
27	+ hostname[_POSIX_HOST_NAME_MAX] = '\0';
28
29	state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
30	if (state->hostnames[0] == NULL) {

Added Link Here

(-)b/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c (+48 lines)
1	diff --git src/providers/ldap/sdap_async_users.c src/providers/ldap/sdap_async_users.c
2	index 92eeda1d3..8847be79b 100644
3	--- src/providers/ldap/sdap_async_users.c
4	+++ src/providers/ldap/sdap_async_users.c
5	@@ -61,7 +61,8 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
6	{
7	errno_t ret;
8	TALLOC_CTX *tmpctx = NULL;
9	- gid_t gid, primary_gid;
10	+ id_t gid;
11	+ gid_t primary_gid;
12	char *group_sid_str;
13
14	tmpctx = talloc_new(NULL);
15	@@ -108,7 +109,7 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
16	if (ret != EOK) goto done;
17
18	ret = EOK;
19	- *_gid = gid;
20	+ *_gid = (gid_t) gid;
21	done:
22	talloc_free(tmpctx);
23	return ret;
24	@@ -188,6 +189,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
25	const char *orig_dn = NULL;
26	uid_t uid = 0;
27	gid_t gid = 0;
28	+ id_t temp_id;
29	struct sysdb_attrs *user_attrs;
30	char *upn = NULL;
31	size_t i;
32	@@ -331,7 +333,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
33	"Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str);
34
35	/* Convert the SID into a UNIX user ID */
36	- ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid);
37	+ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id);
38	if (ret == ENOTSUP) {
39	DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
40	ret = EOK;
41	@@ -339,6 +341,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
42	} else if (ret != EOK) {
43	goto done;
44	}
45	+ uid = (uid_t) temp_id;
46
47	/* Store the UID in the ldap_attrs so it doesn't get
48	* treated as a missing attribute from LDAP and removed.

Added Link Here

(-)b/security/sssd/files/patch-src__resolv__async_resolv_utils.c (+30 lines)
1	diff --git src/resolv/async_resolv_utils.c src/resolv/async_resolv_utils.c
2	index f86181b91..25323cf7a 100644
3	--- src/resolv/async_resolv_utils.c
4	+++ src/resolv/async_resolv_utils.c
5	@@ -45,7 +45,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
6	struct resolv_get_domain_state *state = NULL;
7	struct tevent_req *req = NULL;
8	struct tevent_req *subreq = NULL;
9	- char system_hostname[HOST_NAME_MAX + 1];
10	+ char system_hostname[_POSIX_HOST_NAME_MAX + 1];
11	errno_t ret;
12
13	req = tevent_req_create(mem_ctx, &state,
14	@@ -57,14 +57,14 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
15
16	if (hostname == NULL) {
17	/* use system hostname */
18	- ret = gethostname(system_hostname, sizeof(system_hostname));
19	+ ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX);
20	if (ret) {
21	ret = errno;
22	DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n",
23	ret, strerror(ret));
24	goto immediately;
25	}
26	- system_hostname[HOST_NAME_MAX] = '\0';
27	+ system_hostname[_POSIX_HOST_NAME_MAX] = '\0';
28	hostname = system_hostname;
29	}
30

Lines 1-5 Link Here

(-)b/security/sssd/files/patch-src__sss_client__common.c (-11 / +25 lines)
1	diff --git src/sss_client/common.c src/sss_client/common.c	1	diff --git src/sss_client/common.c src/sss_client/common.c
2	index ec5c708..5d17eed 100644	2	index d8effb6dd..edeb4a159 100644
3	--- src/sss_client/common.c	3	--- src/sss_client/common.c
4	+++ src/sss_client/common.c	4	+++ src/sss_client/common.c
5	@@ -25,6 +25,7 @@	5	@@ -25,6 +25,7 @@
Lines 10-24 index ec5c708..5d17eed 100644 Link Here
10	#include <security/pam_modules.h>	10	#include <security/pam_modules.h>
11	#include <errno.h>	11	#include <errno.h>
12	#include <sys/types.h>	12	#include <sys/types.h>
13	@@ -43,6 +44,7 @@	13	@@ -44,6 +45,7 @@
14	#include <libintl.h>
15	#define _(STRING) dgettext (PACKAGE, STRING)	14	#define _(STRING) dgettext (PACKAGE, STRING)
16	#include "sss_cli.h"	15	#include "sss_cli.h"
		16	#include "common_private.h"
17	+#include "util/sss_bsd_errno.h"	17	+#include "util/sss_bsd_errno.h"
18		18
19	#if HAVE_PTHREAD	19	#if HAVE_PTHREAD
20	#include <pthread.h>	20	#include <pthread.h>
21	@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,	21	@@ -126,7 +128,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,
22	*errnop = error;	22	*errnop = error;
23	break;	23	break;
24	case 0:	24	case 0:
Lines 26-32 index ec5c708..5d17eed 100644 Link Here
26	break;	26	break;
27	case 1:	27	case 1:
28	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {	28	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {
29	@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,	29	@@ -235,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,
30	*errnop = error;	30	*errnop = error;
31	break;	31	break;
32	case 0:	32	case 0:
Lines 34-40 index ec5c708..5d17eed 100644 Link Here
34	break;	34	break;
35	case 1:	35	case 1:
36	if (pfd.revents & (POLLHUP)) {	36	if (pfd.revents & (POLLHUP)) {
37	@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int errnop, const char socket_name	37	@@ -679,7 +679,6 @@ static enum sss_status sss_cli_check_socket(int *errnop,
38	*errnop = error;	38	*errnop = error;
39	break;	39	break;
40	case 0:	40	case 0:
Lines 42-48 index ec5c708..5d17eed 100644 Link Here
42	break;	42	break;
43	case 1:	43	case 1:
44	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {	44	if (pfd.revents & (POLLERR \| POLLHUP \| POLLNVAL)) {
45	@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd,	45	@@ -730,7 +729,7 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
46	/* avoid looping in the nss daemon */	46	/* avoid looping in the nss daemon */
47	envval = getenv("_SSS_LOOPS");	47	envval = getenv("_SSS_LOOPS");
48	if (envval && strcmp(envval, "NO") == 0) {	48	if (envval && strcmp(envval, "NO") == 0) {
Lines 50-62 index ec5c708..5d17eed 100644 Link Here
50	+ return NS_NOTFOUND;	50	+ return NS_NOTFOUND;
51	}	51	}
52		52
53	ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME);	53	ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME, timeout);
54	if (ret != SSS_STATUS_SUCCESS) {	54	@@ -738,9 +737,9 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
		55	#ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR
		56	*errnop = 0;
		57	errno = 0;
		58	- return NSS_STATUS_NOTFOUND;
		59	+ return NS_NOTFOUND;
		60	#else
55	- return NSS_STATUS_UNAVAIL;	61	- return NSS_STATUS_UNAVAIL;
56	+ return NS_UNAVAIL;	62	+ return NS_UNAVAIL;
		63	#endif
57	}	64	}
58		65
59	ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);	66	@@ -765,17 +764,17 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
		67	}
60	switch (ret) {	68	switch (ret) {
61	case SSS_STATUS_TRYAGAIN:	69	case SSS_STATUS_TRYAGAIN:
62	- return NSS_STATUS_TRYAGAIN;	70	- return NSS_STATUS_TRYAGAIN;
Lines 66-73 index ec5c708..5d17eed 100644 Link Here
66	+ return NS_SUCCESS;	74	+ return NS_SUCCESS;
67	case SSS_STATUS_UNAVAIL:	75	case SSS_STATUS_UNAVAIL:
68	default:	76	default:
		77	#ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR
		78	*errnop = 0;
		79	errno = 0;
		80	- return NSS_STATUS_NOTFOUND;
		81	+ return NS_NOTFOUND;
		82	#else
69	- return NSS_STATUS_UNAVAIL;	83	- return NSS_STATUS_UNAVAIL;
70	+ return NS_UNAVAIL;	84	+ return NS_UNAVAIL;
		85	#endif
71	}	86	}
72	}	87	}
73

Added Link Here

(-)b/security/sssd/files/patch-src__sss_client__pam_sss.c (+16 lines)
1	diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
2	index f634f7659..1de88fefe 100644
3	--- src/sss_client/pam_sss.c
4	+++ src/sss_client/pam_sss.c
5	@@ -263,9 +263,9 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
6
7	pam_msg->msg_style = msg_style;
8	if (state == SSS_PAM_CONV_REENTER) {
9	- pam_msg->msg = reenter_msg;
10	+ pam_msg->msg = (char *)(intptr_t)reenter_msg;
11	} else {
12	- pam_msg->msg = msg;
13	+ pam_msg->msg = (char *)(intptr_t)msg;
14	}
15
16	mesg[0] = (const struct pam_message *) pam_msg;

Added Link Here

(-)b/security/sssd/files/patch-src__tests__cmocka__test_authtok.c (+12 lines)
1	diff --git src/tests/cmocka/test_authtok.c src/tests/cmocka/test_authtok.c
2	index 9422f96bc..8492e186a 100644
3	--- src/tests/cmocka/test_authtok.c
4	+++ src/tests/cmocka/test_authtok.c
5	@@ -28,6 +28,7 @@
6	#include "tests/cmocka/common_mock.h"
7
8	#include "util/authtok.h"
9	+#include "util/sss_endian.h"
10
11
12	struct test_state {

Added Link Here

(-)b/security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c (+13 lines)
1	diff --git src/tests/cmocka/test_pam_srv.c src/tests/cmocka/test_pam_srv.c
2	index 446985d5d..f53f84be2 100644
3	--- src/tests/cmocka/test_pam_srv.c
4	+++ src/tests/cmocka/test_pam_srv.c
5	@@ -1177,7 +1177,7 @@ void test_pam_open_session(void **state)
6
7	/* make sure pam_status is not touched by setting it to a value which is
8	* not used by SSSD. */
9	- pam_test_ctx->exp_pam_status = _PAM_RETURN_VALUES;
10	+ pam_test_ctx->exp_pam_status = PAM_NUM_ERRORS;
11	set_cmd_cb(test_pam_simple_check);
12	ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_OPEN_SESSION,
13	pam_test_ctx->pam_cmds);

Added Link Here

(-)b/security/sssd/files/patch-src__tests__cwrap__test_responder_common.c (+18 lines)
1	diff --git src/tests/cwrap/test_responder_common.c src/tests/cwrap/test_responder_common.c
2	index 11cc3abd8..191310143 100644
3	--- src/tests/cwrap/test_responder_common.c
4	+++ src/tests/cwrap/test_responder_common.c
5	@@ -136,11 +136,13 @@ void check_sock_properties(struct create_pipe_ctx *ctx, mode_t mode)
6	assert_true(S_ISSOCK(sbuf.st_mode));
7	assert_true((sbuf.st_mode & ~S_IFMT) == mode);
8
9	+#ifdef SO_DOMAIN
10	/* Check it's a UNIX socket */
11	optlen = sizeof(optval);
12	ret = getsockopt(ctx->fd, SOL_SOCKET, SO_DOMAIN, &optval, &optlen);
13	assert_int_equal(ret, 0);
14	assert_int_equal(optval, AF_UNIX);
15	+#endif
16
17	optlen = sizeof(optval);
18	ret = getsockopt(ctx->fd, SOL_SOCKET, SO_TYPE, &optval, &optlen);

Added Link Here

(-)b/security/sssd/files/patch-src__tests__cwrap__test_server.c (+12 lines)
1	diff --git src/tests/cwrap/test_server.c src/tests/cwrap/test_server.c
2	index 85ecb7f74..a2ddc595f 100644
3	--- src/tests/cwrap/test_server.c
4	+++ src/tests/cwrap/test_server.c
5	@@ -23,6 +23,7 @@
6	#include <sys/types.h>
7	#include <sys/stat.h>
8	#include <fcntl.h>
9	+#include <signal.h>
10
11	#include <popt.h>
12	#include "util/util.h"

Added Link Here

(-)b/security/sssd/files/patch-src__tests__dlopen-tests.c (+22 lines)
1	diff --git src/tests/dlopen-tests.c src/tests/dlopen-tests.c
2	index 9a5d3597f..4b469726b 100644
3	--- src/tests/dlopen-tests.c
4	+++ src/tests/dlopen-tests.c
5	@@ -44,7 +44,7 @@ struct so {
6	{ "libipa_hbac.so", { LIBPFX"libipa_hbac.so", NULL } },
7	{ "libsss_idmap.so", { LIBPFX"libsss_idmap.so", NULL } },
8	{ "libsss_nss_idmap.so", { LIBPFX"libsss_nss_idmap.so", NULL } },
9	- { "libnss_sss.so", { LIBPFX"libnss_sss.so", NULL } },
10	+ { "nss_sss.so", { LIBPFX"nss_sss.so", NULL } },
11	{ "libsss_certmap.so", { LIBPFX"libsss_certmap.so", NULL } },
12	{ "pam_sss.so", { LIBPFX"pam_sss.so", NULL } },
13	#ifdef BUILD_LIBWBCLIENT
14	@@ -82,8 +82,6 @@ struct so {
15	{ "libsss_util.so", { LIBPFX"libsss_util.so", NULL } },
16	{ "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so",
17	LIBPFX"libsss_simple.so", NULL } },
18	- { "libsss_files.so", { LIBPFX"libdlopen_test_providers.so",
19	- LIBPFX"libsss_files.so", NULL } },
20	#ifdef BUILD_SAMBA
21	{ "libsss_ad.so", { LIBPFX"libdlopen_test_providers.so",
22	LIBPFX"libsss_ad.so", NULL } },

Lines 1-17 Link Here

(-)b/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (-6 / +5 lines)
1	diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c	1	diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
2	index 34547d0..6901851 100644	2	index 2275ccd96..c1e418917 100644
3	--- src/util/crypto/libcrypto/crypto_sha512crypt.c	3	--- src/util/crypto/libcrypto/crypto_sha512crypt.c
4	+++ src/util/crypto/libcrypto/crypto_sha512crypt.c	4	+++ src/util/crypto/libcrypto/crypto_sha512crypt.c
5	@@ -28,6 +28,12 @@	5	@@ -30,6 +30,11 @@
6	#include <openssl/evp.h>	6
7	#include <openssl/rand.h>	7	#include "sss_openssl.h"
8		8
9	+void *	9	+void *
10	+mempcpy (void dest, const void src, size_t n)	10	+mempcpy (void dest, const void src, size_t n)
11	+{	11	+{
12	+ return (char *) memcpy (dest, src, n) + n;	12	+ return (char *) memcpy (dest, src, n) + n;
13	+}	13	+}
14	+	14
15	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */	15	/* Define our magic string to mark salt for SHA512 "encryption" replacement. */
16	const char sha512_salt_prefix[] = "$6$";	16	const char sha512_salt_prefix[] = "$6$";
17	#define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)

Lines 1-17 Link Here

(-)b/security/sssd/files/patch-src__util__find_uid.c (-5 / +5 lines)
1	diff --git src/util/find_uid.c src/util/find_uid.c	1	diff --git src/util/find_uid.c src/util/find_uid.c
2	index 4c8f73a..40f3690 100644	2	index 215c0d338..42a1df729 100644
3	--- src/util/find_uid.c	3	--- src/util/find_uid.c
4	+++ src/util/find_uid.c	4	+++ src/util/find_uid.c
5	@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)	5	@@ -72,7 +72,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
6	uint32_t num=0;	6	uint32_t num=0;
7	errno_t error;	7	errno_t error;
8		8
9	- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);	9	- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
10	+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);	10	+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
11	if (ret < 0) {	11	if (ret < 0) {
12	DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");	12	DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed\n");
13	return EINVAL;	13	return EINVAL;
14	@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)	14	@@ -218,12 +218,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
15	struct dirent *dirent;	15	struct dirent *dirent;
16	int ret, err;	16	int ret, err;
17	pid_t pid = -1;	17	pid_t pid = -1;
Lines 26-32 index 4c8f73a..40f3690 100644 Link Here
26	if (proc_dir == NULL) {	26	if (proc_dir == NULL) {
27	ret = errno;	27	ret = errno;
28	DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");	28	DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
29	@@ -287,9 +287,8 @@ done:	29	@@ -298,9 +298,8 @@ done:
30		30
31	errno_t get_uid_table(TALLOC_CTX mem_ctx, hash_table_t *table)	31	errno_t get_uid_table(TALLOC_CTX mem_ctx, hash_table_t *table)
32	{	32	{