Attachment #242486 for bug #220379

Lines 1-6 Link Here

(-)b/net/nss-pam-ldapd/Makefile (-3 / +8 lines)
1	PORTNAME= nss-pam-ldapd	1	PORTNAME= nss-pam-ldapd
2	PORTVERSION= 0.9.12	2	PORTVERSION= 0.9.12
3	PORTREVISION= 1	3	PORTREVISION= 2
4	CATEGORIES= net	4	CATEGORIES= net
5	MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/ \	5	MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/ \
6	ZI	6	ZI
Lines 12-18 WWW= https://arthurdejong.org/nss-pam-ldapd/ Link Here
12	LICENSE= LGPL21 LGPL3	12	LICENSE= LGPL21 LGPL3
13	LICENSE_COMB= dual	13	LICENSE_COMB= dual
14		14
15	USES= cpe ldap	15	USES= cpe ldap python:build shebangfix
		16	SHEBANG_FILES= utils/chsh.py utils/getent.py
		17
16	CPE_VENDOR= arthurdejong	18	CPE_VENDOR= arthurdejong
17	GNU_CONFIGURE= yes	19	GNU_CONFIGURE= yes
18	USE_RC_SUBR= nslcd	20	USE_RC_SUBR= nslcd
Lines 24-32 NSLCD_PIDFILE?= /var/run/nslcd.pid Link Here
24	NSLCD_VARDIR?= /var/run/nslcd	26	NSLCD_VARDIR?= /var/run/nslcd
25	NSLCD_SOCKET?= ${NSLCD_VARDIR}/nslcd.ctl	27	NSLCD_SOCKET?= ${NSLCD_VARDIR}/nslcd.ctl
26		28
27	OPTIONS_DEFINE= KERBEROS	29	OPTIONS_DEFINE= KERBEROS LCLASS
28	OPTIONS_DEFAULT= KERBEROS	30	OPTIONS_DEFAULT= KERBEROS
29		31
		32	LCLASS_EXTRA_PATCHES= ${PATCHDIR}/lclass-patches
		33	LCLASS_DESC= Build with loginClass support
		34
30	.if defined(SLAVE_PORT)	35	.if defined(SLAVE_PORT)
31	OPTIONS_DEFINE+= SASL	36	OPTIONS_DEFINE+= SASL
32	OPTIONS_MULTI= MG1	37	OPTIONS_MULTI= MG1




--- nslcd/attmap.c.orig	2019-11-02 16:23:45.000000000 +0100
+++ nslcd/attmap.c	2023-05-29 19:22:02.233300000 +0200
@@ -176,6 +176,7 @@
     if (strcasecmp(name, "gecos") == 0)             return &attmap_passwd_gecos;
     if (strcasecmp(name, "homeDirectory") == 0)     return &attmap_passwd_homeDirectory;
     if (strcasecmp(name, "loginShell") == 0)        return &attmap_passwd_loginShell;
+    if (strcasecmp(name, "loginClass") ==0)         return &attmap_passwd_loginClass;
   }
   else if (map == LM_PROTOCOLS)
   {
@@ -230,6 +231,7 @@
         (var != &attmap_shadow_shadowWarning) &&
         (var != &attmap_shadow_shadowInactive) &&
         (var != &attmap_shadow_shadowExpire) &&
+	 (var != &attmap_passwd_loginClass) &&
         (var != &attmap_shadow_shadowFlag))
       return NULL;
     /* the member attribute may only be set to an empty string */

Added Link Here

(-)b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h (+10 lines)
1	--- nslcd/attmap.h.orig 2021-11-15 20:40:49.000000000 +0100
2	+++ nslcd/attmap.h 2023-05-29 19:22:02.233912000 +0200
3	@@ -67,6 +67,7 @@
4	extern const char *attmap_shadow_shadowInactive;
5	extern const char *attmap_shadow_shadowExpire;
6	extern const char *attmap_shadow_shadowFlag;
7	+extern const char *attmap_passwd_loginClass;
8
9	/* return a reference to the map specific base variable */
10	const char **base_get_var(enum ldap_map_selector map);




--- nslcd/passwd.c.orig	2021-11-15 20:40:49.000000000 +0100
+++ nslcd/passwd.c	2023-05-29 19:22:02.234797000 +0200
@@ -63,6 +63,7 @@
 const char *attmap_passwd_gecos         = "\"${gecos:-$cn}\"";
 const char *attmap_passwd_homeDirectory = "homeDirectory";
 const char *attmap_passwd_loginShell    = "loginShell";
+const char *attmap_passwd_loginClass    = "loginClass";
 
 /* special properties for objectSid-based searches
    (these are already LDAP-escaped strings) */
@@ -150,6 +151,7 @@
   attmap_add_attributes(set, attmap_passwd_gecos);
   attmap_add_attributes(set, attmap_passwd_homeDirectory);
   attmap_add_attributes(set, attmap_passwd_loginShell);
+  attmap_add_attributes(set, attmap_passwd_loginClass);
   passwd_attrs = set_tolist(set);
   if (passwd_attrs == NULL)
   {
@@ -428,6 +430,7 @@
   char gecos[1024];
   char homedir[256];
   char shell[64];
+  char lclass[256];
   char passbuffer[BUFLEN_PASSWORDHASH];
   int i, j;
   /* get the usernames for this entry */
@@ -541,6 +544,8 @@
             myldap_get_dn(entry), attmap_passwd_homeDirectory);
   /* get the shell for this entry */
   attmap_get_value(entry, attmap_passwd_loginShell, shell, sizeof(shell));
+  /* get the login class for this entry */
+  attmap_get_value(entry, attmap_passwd_loginClass, lclass, sizeof(lclass));
   /* write the entries */
   for (i = 0; usernames[i] != NULL; i++)
   {
@@ -565,6 +570,7 @@
             WRITE_STRING(fp, gecos);
             WRITE_STRING(fp, homedir);
             WRITE_STRING(fp, shell);
+            WRITE_STRING(fp, lclass);
           }
         }
       }




--- nss/passwd.c.orig	2019-11-02 16:23:46.000000000 +0100
+++ nss/passwd.c	2023-05-29 19:22:02.235416000 +0200
@@ -45,8 +45,8 @@
   READ_BUF_STRING(fp, result->pw_dir);
   READ_BUF_STRING(fp, result->pw_shell);
 #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
-  /* set the user access class to an empty string */
-  result->pw_class = result->pw_name + strlen(result->pw_name);
+  /* set the user access class to an empty string only if empty */
+  READ_BUF_STRING(fp, result->pw_class);
 #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
   return NSS_STATUS_SUCCESS;
 }

Return to bug 220379

Added Link Here

(-)b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c (+18 lines)
1	--- nslcd/attmap.c.orig 2019-11-02 16:23:45.000000000 +0100
2	+++ nslcd/attmap.c 2023-05-29 19:22:02.233300000 +0200
3	@@ -176,6 +176,7 @@
4	if (strcasecmp(name, "gecos") == 0) return &attmap_passwd_gecos;
5	if (strcasecmp(name, "homeDirectory") == 0) return &attmap_passwd_homeDirectory;
6	if (strcasecmp(name, "loginShell") == 0) return &attmap_passwd_loginShell;
7	+ if (strcasecmp(name, "loginClass") ==0) return &attmap_passwd_loginClass;
8	}
9	else if (map == LM_PROTOCOLS)
10	{
11	@@ -230,6 +231,7 @@
12	(var != &attmap_shadow_shadowWarning) &&
13	(var != &attmap_shadow_shadowInactive) &&
14	(var != &attmap_shadow_shadowExpire) &&
15	+ (var != &attmap_passwd_loginClass) &&
16	(var != &attmap_shadow_shadowFlag))
17	return NULL;
18	/* the member attribute may only be set to an empty string */

Added Link Here

(-)b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c (+43 lines)
1	--- nslcd/passwd.c.orig 2021-11-15 20:40:49.000000000 +0100
2	+++ nslcd/passwd.c 2023-05-29 19:22:02.234797000 +0200
3	@@ -63,6 +63,7 @@
4	const char *attmap_passwd_gecos = "\"${gecos:-$cn}\"";
5	const char *attmap_passwd_homeDirectory = "homeDirectory";
6	const char *attmap_passwd_loginShell = "loginShell";
7	+const char *attmap_passwd_loginClass = "loginClass";
8
9	/* special properties for objectSid-based searches
10	(these are already LDAP-escaped strings) */
11	@@ -150,6 +151,7 @@
12	attmap_add_attributes(set, attmap_passwd_gecos);
13	attmap_add_attributes(set, attmap_passwd_homeDirectory);
14	attmap_add_attributes(set, attmap_passwd_loginShell);
15	+ attmap_add_attributes(set, attmap_passwd_loginClass);
16	passwd_attrs = set_tolist(set);
17	if (passwd_attrs == NULL)
18	{
19	@@ -428,6 +430,7 @@
20	char gecos[1024];
21	char homedir[256];
22	char shell[64];
23	+ char lclass[256];
24	char passbuffer[BUFLEN_PASSWORDHASH];
25	int i, j;
26	/* get the usernames for this entry */
27	@@ -541,6 +544,8 @@
28	myldap_get_dn(entry), attmap_passwd_homeDirectory);
29	/* get the shell for this entry */
30	attmap_get_value(entry, attmap_passwd_loginShell, shell, sizeof(shell));
31	+ /* get the login class for this entry */
32	+ attmap_get_value(entry, attmap_passwd_loginClass, lclass, sizeof(lclass));
33	/* write the entries */
34	for (i = 0; usernames[i] != NULL; i++)
35	{
36	@@ -565,6 +570,7 @@
37	WRITE_STRING(fp, gecos);
38	WRITE_STRING(fp, homedir);
39	WRITE_STRING(fp, shell);
40	+ WRITE_STRING(fp, lclass);
41	}
42	}
43	}

Added Link Here

(-)b/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c (+13 lines)
1	--- nss/passwd.c.orig 2019-11-02 16:23:46.000000000 +0100
2	+++ nss/passwd.c 2023-05-29 19:22:02.235416000 +0200
3	@@ -45,8 +45,8 @@
4	READ_BUF_STRING(fp, result->pw_dir);
5	READ_BUF_STRING(fp, result->pw_shell);
6	#ifdef HAVE_STRUCT_PASSWD_PW_CLASS
7	- /* set the user access class to an empty string */
8	- result->pw_class = result->pw_name + strlen(result->pw_name);
9	+ /* set the user access class to an empty string only if empty */
10	+ READ_BUF_STRING(fp, result->pw_class);
11	#endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
12	return NSS_STATUS_SUCCESS;
13	}