FreeBSD Bugzilla – Attachment 119088 Details for
Bug 161555
[new port] security/sssd
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
file.shar
file.shar (text/plain), 80.33 KB, created by
aweits
on 2011-10-13 19:40:09 UTC
(
hide
)
Description:
file.shar
Filename:
MIME Type:
Creator:
aweits
Created:
2011-10-13 19:40:09 UTC
Size:
80.33 KB
patch
obsolete
># This is a shell archive. Save it in a file, remove anything before ># this line, and then unpack it by entering "sh file". Note, it may ># create directories; files and directories will be owned by you and ># have default permissions. ># ># This archive contains: ># ># sssd ># sssd/files ># sssd/files/patch-src__providers__ldap__ldap_child.c ># sssd/files/patch-src__confdb__confdb.c ># sssd/files/patch-src__sss_client__common.c ># sssd/files/pam_macros.h ># sssd/files/patch-src__providers__ldap__ldap_common.c ># sssd/files/patch-src__providers__ldap__sdap_access.c ># sssd/files/patch-src__util__sss_krb5.h ># sssd/files/patch-src__providers__ldap__ldap_auth.c ># sssd/files/patch-src__util__sss_ldap.c ># sssd/files/patch-src__util__sss_krb5.c ># sssd/files/patch-src__providers__krb5__krb5_utils.c ># sssd/files/bsdnss.c ># sssd/files/patch-src__monitor__monitor.c ># sssd/files/patch-src__providers__proxy__proxy_init.c ># sssd/files/patch-src__providers__ipa__ipa_common.c ># sssd/files/patch-src__sss_client__pam_test_client.c ># sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c ># sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c ># sssd/files/patch-src__responder__common__responder_common.c ># sssd/files/patch-src__responder__common__responder_packet.c ># sssd/files/patch-src__responder__common__responder_dp.c ># sssd/files/sssd.in ># sssd/files/patch-src__providers__data_provider_be.c ># sssd/files/patch-src__providers__fail_over.c ># sssd/files/patch-src__providers__krb5__krb5_child.c ># sssd/files/patch-src__util__util.c ># sssd/files/patch-Makefile.am ># sssd/files/patch-src__sss_client__sss_nss.exports ># sssd/files/patch-src__resolv__async_resolv.c ># sssd/files/patch-src__util__server.c ># sssd/files/patch-src__sss_client__nss_group.c ># sssd/files/patch-src__util__find_uid.c ># sssd/Makefile ># sssd/distinfo ># sssd/pkg-descr ># sssd/pkg-plist ># sssd/pkg-message ># >echo c - sssd >mkdir -p sssd > /dev/null 2>&1 >echo c - sssd/files >mkdir -p sssd/files > /dev/null 2>&1 >echo x - sssd/files/patch-src__providers__ldap__ldap_child.c >sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_child.c << '0dff636266206d37854277ccc608940b' >X--- ./src/providers/ldap/ldap_child.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/ldap/ldap_child.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -165,7 +165,7 @@ >X } >X >X realm_name = talloc_strdup(memctx, default_realm); >X- krb5_free_default_realm(context, default_realm); >X+ free(default_realm); >X if (!realm_name) { >X krberr = KRB5KRB_ERR_GENERIC; >X goto done; >X@@ -279,20 +279,20 @@ >X goto done; >X } >X >X- krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); >X- if (krberr) { >X- DEBUG(2, ("Failed to get KDC time offset: %s\n", >X- sss_krb5_get_error_message(context, krberr))); >X- kdc_time_offset = 0; >X- } else { >X- if (kdc_time_offset_usec > 0) { >X- kdc_time_offset++; >X- } >X- } >X+ // krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); >X+ // if (krberr) { >X+ // DEBUG(2, ("Failed to get KDC time offset: %s\n", >X+ // sss_krb5_get_error_message(context, krberr))); >X+ // kdc_time_offset = 0; >X+ // } else { >X+ // if (kdc_time_offset_usec > 0) { >X+ // kdc_time_offset++; >X+ // } >X+ // } >X >X krberr = 0; >X *ccname_out = ccname; >X- *expire_time_out = my_creds.times.endtime - kdc_time_offset; >X+ *expire_time_out = my_creds.times.endtime; >X >X done: >X if (keytab) krb5_kt_close(context, keytab); >0dff636266206d37854277ccc608940b >echo x - sssd/files/patch-src__confdb__confdb.c >sed 's/^X//' >sssd/files/patch-src__confdb__confdb.c << '627640ab7c3922efe0925fdadd8e5f56' >X--- ./src/confdb/confdb.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/confdb/confdb.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -28,6 +28,11 @@ >X #include "util/strtonum.h" >X #include "db/sysdb.h" >X >X+char *strchrnul(const char *s, int ch) { >X+ char *ret = strchr(s, ch); >X+ return ret == NULL ? ((char *)s) + strlen(s) : ret; >X+} >X+ >X #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ >X if (!var) { \ >X ret = err; \ >627640ab7c3922efe0925fdadd8e5f56 >echo x - sssd/files/patch-src__sss_client__common.c >sed 's/^X//' >sssd/files/patch-src__sss_client__common.c << '26621ce01bbd60b4170be0b5004a9ef1' >X--- ./src/sss_client/common.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/sss_client/common.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -26,6 +26,7 @@ >X #include "config.h" >X >X #include <nss.h> >X+#include <nsswitch.h> >X #include <security/pam_modules.h> >X #include <errno.h> >X #include <sys/types.h> >X@@ -111,7 +112,6 @@ >X *errnop = error; >X break; >X case 0: >X- *errnop = ETIME; >X break; >X case 1: >X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { >X@@ -216,7 +216,6 @@ >X *errnop = error; >X break; >X case 0: >X- *errnop = ETIME; >X break; >X case 1: >X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { >X@@ -638,7 +637,6 @@ >X *errnop = error; >X break; >X case 0: >X- *errnop = ETIME; >X break; >X case 1: >X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { >X@@ -688,23 +686,23 @@ >X /* avoid looping in the nss daemon */ >X envval = getenv("_SSS_LOOPS"); >X if (envval && strcmp(envval, "NO") == 0) { >X- return NSS_STATUS_NOTFOUND; >X+ return NS_NOTFOUND; >X } >X >X ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); >X if (ret != SSS_STATUS_SUCCESS) { >X- return NSS_STATUS_UNAVAIL; >X+ return NS_UNAVAIL; >X } >X >X ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); >X switch (ret) { >X case SSS_STATUS_TRYAGAIN: >X- return NSS_STATUS_TRYAGAIN; >X+ return NS_TRYAGAIN; >X case SSS_STATUS_SUCCESS: >X- return NSS_STATUS_SUCCESS; >X+ return NS_SUCCESS; >X case SSS_STATUS_UNAVAIL: >X default: >X- return NSS_STATUS_UNAVAIL; >X+ return NS_UNAVAIL; >X } >X } >X >26621ce01bbd60b4170be0b5004a9ef1 >echo x - sssd/files/pam_macros.h >sed 's/^X//' >sssd/files/pam_macros.h << '2219b187c780ea2d3d08bf43fc8c16c4' >X#ifndef PAM_MACROS_H >X#define PAM_MACROS_H >X >X/* >X * All kind of macros used by PAM, but usable in some other >X * programs too. >X * Organized by Cristian Gafton <gafton@redhat.com> >X */ >X >X/* a 'safe' version of strdup */ >X >X#include <stdlib.h> >X#include <string.h> >X >X#define x_strdup(s) ( (s) ? strdup(s):NULL ) >X >X/* Good policy to strike out passwords with some characters not just >X free the memory */ >X >X#define _pam_overwrite(x) \ >Xdo { \ >X register char *__xx__; \ >X if ((__xx__=(x))) \ >X while (*__xx__) \ >X *__xx__++ = '\0'; \ >X} while (0) >X >X#define _pam_overwrite_n(x,n) \ >Xdo { \ >X register char *__xx__; \ >X register unsigned int __i__ = 0; \ >X if ((__xx__=(x))) \ >X for (;__i__<n; __i__++) \ >X __xx__[__i__] = 0; \ >X} while (0) >X >X/* >X * Don't just free it, forget it too. >X */ >X >X#define _pam_drop(X) \ >Xdo { \ >X if (X) { \ >X free(X); \ >X X=NULL; \ >X } \ >X} while (0) >X >X#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ >Xdo { \ >X int reply_i; \ >X \ >X for (reply_i=0; reply_i<replies; ++reply_i) { \ >X if (reply[reply_i].resp) { \ >X _pam_overwrite(reply[reply_i].resp); \ >X free(reply[reply_i].resp); \ >X } \ >X } \ >X if (reply) \ >X free(reply); \ >X} while (0) >X >X/* some debugging code */ >X >X#ifdef DEBUG >X >X/* >X * This provides the necessary function to do debugging in PAM. >X * Cristian Gafton <gafton@redhat.com> >X */ >X >X#include <stdio.h> >X#include <sys/types.h> >X#include <stdarg.h> >X#include <errno.h> >X#include <sys/stat.h> >X#include <fcntl.h> >X#include <unistd.h> >X >X/* >X * This is for debugging purposes ONLY. DO NOT use on live systems !!! >X * You have been warned :-) - CG >X * >X * to get automated debugging to the log file, it must be created manually. >X * _PAM_LOGFILE must exist and be writable to the programs you debug. >X */ >X >X#ifndef _PAM_LOGFILE >X#define _PAM_LOGFILE "/var/run/pam-debug.log" >X#endif >X >Xstatic void _pam_output_debug_info(const char *file, const char *fn >X , const int line) >X{ >X FILE *logfile; >X int must_close = 1, fd; >X >X#ifdef O_NOFOLLOW >X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { >X#else >X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { >X#endif >X if (!(logfile = fdopen(fd,"a"))) { >X logfile = stderr; >X must_close = 0; >X close(fd); >X } >X } else { >X logfile = stderr; >X must_close = 0; >X } >X fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); >X fflush(logfile); >X if (must_close) >X fclose(logfile); >X} >X >Xstatic void _pam_output_debug(const char *format, ...) >X{ >X va_list args; >X FILE *logfile; >X int must_close = 1, fd; >X >X va_start(args, format); >X >X#ifdef O_NOFOLLOW >X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { >X#else >X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { >X#endif >X if (!(logfile = fdopen(fd,"a"))) { >X logfile = stderr; >X must_close = 0; >X close(fd); >X } >X } else { >X logfile = stderr; >X must_close = 0; >X } >X vfprintf(logfile, format, args); >X fprintf(logfile, "\n"); >X fflush(logfile); >X if (must_close) >X fclose(logfile); >X >X va_end(args); >X} >X >X#define D(x) do { \ >X _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ >X _pam_output_debug x ; \ >X} while (0) >X >X#define _pam_show_mem(X,XS) do { \ >X int i; \ >X register unsigned char *x; \ >X x = (unsigned char *)X; \ >X fprintf(stderr, " <start at %p>\n", X); \ >X for (i = 0; i < XS ; ++x, ++i) { \ >X fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ >X } \ >X fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \ >X} while (0) >X >X#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ >Xdo { \ >X int reply_i; \ >X setbuf(stderr, NULL); \ >X fprintf(stderr, "array at %p of size %d\n",reply,replies); \ >X fflush(stderr); \ >X if (reply) { \ >X for (reply_i = 0; reply_i < replies; reply_i++) { \ >X fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ >X reply_i, reply+reply_i, reply[reply_i].resp, \ >X reply[reply_i].resp, _retcode); \ >X fflush(stderr); \ >X if (reply[reply_i].resp) { \ >X fprintf(stderr, " resp[%d] = '%s'\n", \ >X strlen(reply[reply_i].resp), reply[reply_i].resp); \ >X fflush(stderr); \ >X } \ >X } \ >X } \ >X fprintf(stderr, "done here\n"); \ >X fflush(stderr); \ >X} while (0) >X >X#else >X >X#define D(x) do { } while (0) >X#define _pam_show_mem(X,XS) do { } while (0) >X#define _pam_show_reply(reply, replies) do { } while (0) >X >X#endif /* DEBUG */ >X >X#endif /* PAM_MACROS_H */ >2219b187c780ea2d3d08bf43fc8c16c4 >echo x - sssd/files/patch-src__providers__ldap__ldap_common.c >sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_common.c << 'a6f58fad4c8611b6a964a84b4ae1335e' >X--- ./src/providers/ldap/ldap_common.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/ldap/ldap_common.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -749,7 +749,7 @@ >X } >X >X realm = talloc_strdup(mem_ctx, krb5_realm); >X- krb5_free_default_realm(context, krb5_realm); >X+ free(krb5_realm); >X if (!realm) { >X DEBUG(0, ("Out of memory\n")); >X goto done; >a6f58fad4c8611b6a964a84b4ae1335e >echo x - sssd/files/patch-src__providers__ldap__sdap_access.c >sed 's/^X//' >sssd/files/patch-src__providers__ldap__sdap_access.c << '18fdbf49d936a7d37d6b4b034075953e' >X--- ./src/providers/ldap/sdap_access.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/ldap/sdap_access.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -22,9 +22,7 @@ >X along with this program. If not, see <http://www.gnu.org/licenses/>. >X */ >X >X-#define _XOPEN_SOURCE 500 /* for strptime() */ >X #include <time.h> >X-#undef _XOPEN_SOURCE >X #include <sys/param.h> >X #include <security/pam_modules.h> >X #include <talloc.h> >X@@ -119,7 +117,7 @@ >X pd); >X if (req == NULL) { >X DEBUG(1, ("Unable to start sdap_access request\n")); >X- sdap_access_reply(breq, PAM_SYSTEM_ERR); >X+ sdap_access_reply(breq, PAM_SERVICE_ERR); >X return; >X } >X >X@@ -157,7 +155,7 @@ >X >X state->be_ctx = be_ctx; >X state->pd = pd; >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X state->ev = ev; >X state->access_ctx = access_ctx; >X state->current_rule = 0; >X@@ -502,18 +500,17 @@ >X return true; >X } >X >X+ tzset(); >X expire_time = mktime(&tm); >X if (expire_time == -1) { >X DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str)); >X return true; >X } >X >X- tzset(); >X- expire_time -= timezone; >X now = time(NULL); >X- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " >X- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], >X- tzname[1], timezone, daylight, now, expire_time)); >X+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] " >X+ "now [%d] expire_time [%d].\n", tzname[0], >X+ tzname[1], now, expire_time)); >X >X if (difftime(now, expire_time) > 0.0) { >X DEBUG(4, ("NDS account expired.\n")); >X@@ -663,7 +660,7 @@ >X return NULL; >X } >X >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X >X expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, >X SDAP_ACCOUNT_EXPIRE_POLICY); >X@@ -747,7 +744,7 @@ >X talloc_zfree(subreq); >X if (ret != EOK) { >X DEBUG(1, ("Error retrieving access check result.\n")); >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X tevent_req_error(req, ret); >X return; >X } >X@@ -807,7 +804,7 @@ >X state->filter = NULL; >X state->be_ctx = be_ctx; >X state->username = username; >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X state->sdap_ctx = access_ctx->id_ctx; >X state->ev = ev; >X state->access_ctx = access_ctx; >X@@ -953,7 +950,7 @@ >X SDAP_SEARCH_TIMEOUT)); >X if (subreq == NULL) { >X DEBUG(1, ("Could not start LDAP communication\n")); >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X tevent_req_error(req, EIO); >X return; >X } >X@@ -984,13 +981,13 @@ >X if (ret == EOK) { >X return; >X } >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X } else if (dp_error == DP_ERR_OFFLINE) { >X sdap_access_filter_decide_offline(req); >X } else { >X DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n", >X ret, strerror(ret))); >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X } >X >X goto done; >X@@ -1009,7 +1006,7 @@ >X else if (results == NULL) { >X DEBUG(1, ("num_results > 0, but results is NULL\n")); >X ret = EIO; >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X else if (num_results > 1) { >X@@ -1018,7 +1015,7 @@ >X */ >X DEBUG(1, ("Received multiple replies\n")); >X ret = EIO; >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X else { /* Ok, we got a single reply */ >X@@ -1106,7 +1103,7 @@ >X talloc_zfree(subreq); >X if (ret != EOK) { >X DEBUG(1, ("Error retrieving access check result.\n")); >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X tevent_req_error(req, ret); >X return; >X } >X@@ -1247,7 +1244,7 @@ >X talloc_zfree(subreq); >X if (ret != EOK) { >X DEBUG(1, ("Error retrieving access check result.\n")); >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X tevent_req_error(req, ret); >X return; >X } >X@@ -1274,7 +1271,7 @@ >X struct ldb_message_element *el; >X unsigned int i; >X char *host; >X- char hostname[HOST_NAME_MAX+1]; >X+ char hostname[_POSIX_HOST_NAME_MAX+1]; >X >X req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); >X if (!req) { >X@@ -1370,7 +1367,7 @@ >X talloc_zfree(subreq); >X if (ret != EOK) { >X DEBUG(1, ("Error retrieving access check result.\n")); >X- state->pam_status = PAM_SYSTEM_ERR; >X+ state->pam_status = PAM_SERVICE_ERR; >X tevent_req_error(req, ret); >X return; >X } >X@@ -1395,7 +1392,7 @@ >X static void sdap_access_done(struct tevent_req *req) >X { >X errno_t ret; >X- int pam_status = PAM_SYSTEM_ERR; >X+ int pam_status = PAM_SERVICE_ERR; >X struct be_req *breq = >X tevent_req_callback_data(req, struct be_req); >X >X@@ -1403,7 +1400,7 @@ >X talloc_zfree(req); >X if (ret != EOK) { >X DEBUG(1, ("Error retrieving access check result.\n")); >X- pam_status = PAM_SYSTEM_ERR; >X+ pam_status = PAM_SERVICE_ERR; >X } >X >X sdap_access_reply(breq, pam_status); >18fdbf49d936a7d37d6b4b034075953e >echo x - sssd/files/patch-src__util__sss_krb5.h >sed 's/^X//' >sssd/files/patch-src__util__sss_krb5.h << '86c603ccb5dfe88c791af39eaca57193' >X--- ./src/util/sss_krb5.h.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/sss_krb5.h 2011-10-13 12:15:09.000000000 -0400 >X@@ -34,6 +34,8 @@ >X >X #include "util/util.h" >X >X+#define KRB5_CALLCONV >X+ >X const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, >X krb5_error_code); >X >86c603ccb5dfe88c791af39eaca57193 >echo x - sssd/files/patch-src__providers__ldap__ldap_auth.c >sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_auth.c << 'f5a2f09ae2f7a7f401ec20f6192fb50e' >X--- ./src/providers/ldap/ldap_auth.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/ldap/ldap_auth.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -37,7 +37,6 @@ >X #include <sys/time.h> >X #include <strings.h> >X >X-#include <shadow.h> >X #include <security/pam_modules.h> >X >X #include "util/util.h" >X@@ -46,6 +45,7 @@ >X #include "providers/ldap/ldap_common.h" >X #include "providers/ldap/sdap_async.h" >X >X+ >X /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the >X * fact that using the expiration time of a Kerberos password with LDAP >X * authentication is presumably a rare case a separate config option is not >X@@ -59,6 +59,22 @@ >X PWEXPIRE_SHADOW >X }; >X >X+struct spwd >X+{ >X+ char *sp_namp; /* Login name. */ >X+ char *sp_pwdp; /* Encrypted password. */ >X+ long int sp_lstchg; /* Date of last change. */ >X+ long int sp_min; /* Minimum number of days between changes. */ >X+ long int sp_max; /* Maximum number of days between changes. */ >X+ long int sp_warn; /* Number of days to warn user to change >X+ the password. */ >X+ long int sp_inact; /* Number of days the account may be >X+ inactive. */ >X+ long int sp_expire; /* Number of days since 1970-01-01 until >X+ account expires. */ >X+ unsigned long int sp_flag; /* Reserved. */ >X+}; >X+ >X static errno_t add_expired_warning(struct pam_data *pd, long exp_time) >X { >X int ret; >X@@ -111,17 +127,16 @@ >X return EINVAL; >X } >X >X+ tzset(); >X expire_time = mktime(&tm); >X if (expire_time == -1) { >X DEBUG(1, ("mktime failed to convert [%s].\n", expire_date)); >X return EINVAL; >X } >X >X- tzset(); >X- expire_time -= timezone; >X- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " >X- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], >X- tzname[1], timezone, daylight, now, expire_time)); >X+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]" >X+ "now [%d] expire_time [%d].\n", tzname[0], >X+ tzname[1], now, expire_time)); >X >X if (difftime(now, expire_time) > 0.0) { >X DEBUG(4, ("Kerberos password expired.\n")); >X@@ -742,7 +757,7 @@ >X >X DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); >X >X- pd->pam_status = PAM_SYSTEM_ERR; >X+ pd->pam_status = PAM_SERVICE_ERR; >X >X if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { >X DEBUG(2, ("chpass target was called by wrong pam command.\n")); >X@@ -799,7 +814,7 @@ >X &pw_expire_type, &pw_expire_data); >X talloc_zfree(req); >X if (ret) { >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X >X@@ -819,7 +834,7 @@ >X &result); >X if (ret != EOK) { >X DEBUG(1, ("check_pwexpire_shadow failed.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X break; >X@@ -828,14 +843,14 @@ >X &result); >X if (ret != EOK) { >X DEBUG(1, ("check_pwexpire_kerberos failed.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X >X if (result == SDAP_AUTH_PW_EXPIRED) { >X DEBUG(1, ("LDAP provider cannot change kerberos " >X "passwords.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X break; >X@@ -844,7 +859,7 @@ >X break; >X default: >X DEBUG(1, ("Unknow pasword expiration type.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X } >X@@ -884,7 +899,7 @@ >X dp_err = DP_ERR_OFFLINE; >X break; >X default: >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X } >X >X done: >X@@ -905,7 +920,7 @@ >X ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); >X talloc_zfree(req); >X if (ret) { >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X >X@@ -964,7 +979,7 @@ >X goto done; >X } >X >X- pd->pam_status = PAM_SYSTEM_ERR; >X+ pd->pam_status = PAM_SERVICE_ERR; >X >X switch (pd->cmd) { >X case SSS_PAM_AUTHENTICATE: >X@@ -1021,7 +1036,7 @@ >X &pw_expire_type, &pw_expire_data); >X talloc_zfree(req); >X if (ret != EOK) { >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X dp_err = DP_ERR_FATAL; >X goto done; >X } >X@@ -1033,7 +1048,7 @@ >X state->pd, &result); >X if (ret != EOK) { >X DEBUG(1, ("check_pwexpire_shadow failed.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X break; >X@@ -1042,7 +1057,7 @@ >X state->pd, &result); >X if (ret != EOK) { >X DEBUG(1, ("check_pwexpire_kerberos failed.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X break; >X@@ -1050,7 +1065,7 @@ >X ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result); >X if (ret != EOK) { >X DEBUG(1, ("check_pwexpire_ldap failed.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X break; >X@@ -1058,7 +1073,7 @@ >X break; >X default: >X DEBUG(1, ("Unknow pasword expiration type.\n")); >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X goto done; >X } >X } >X@@ -1080,7 +1095,7 @@ >X state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; >X break; >X default: >X- state->pd->pam_status = PAM_SYSTEM_ERR; >X+ state->pd->pam_status = PAM_SERVICE_ERR; >X dp_err = DP_ERR_FATAL; >X } >X >f5a2f09ae2f7a7f401ec20f6192fb50e >echo x - sssd/files/patch-src__util__sss_ldap.c >sed 's/^X//' >sssd/files/patch-src__util__sss_ldap.c << '34a400de78a3c507347702c52a0360d3' >X--- ./src/util/sss_ldap.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/sss_ldap.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -267,7 +267,7 @@ >X strerror(ret))); >X } >X >X- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); >X+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); >X if (ret != 0) { >X ret = errno; >X DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, >X@@ -340,7 +340,7 @@ >X DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); >X >X subreq = sdap_async_sys_connect_send(state, ev, state->sd, >X- (struct sockaddr *) addr, addr_len); >X+ (struct sockaddr *) addr, sizeof(struct sockaddr)); >X if (subreq == NULL) { >X ret = ENOMEM; >X DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); >34a400de78a3c507347702c52a0360d3 >echo x - sssd/files/patch-src__util__sss_krb5.c >sed 's/^X//' >sssd/files/patch-src__util__sss_krb5.c << '99ac7f8b12ff403efe228bac004fbe31' >X--- ./src/util/sss_krb5.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/sss_krb5.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -165,8 +165,8 @@ >X >X if (_realm) { >X *_realm = talloc_asprintf(mem_ctx, "%.*s", >X- krb5_princ_realm(ctx, client_princ)->length, >X- krb5_princ_realm(ctx, client_princ)->data); >X+ krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)), >X+ krb5_princ_realm(krb_ctx, client_princ)); >X if (!*_realm) { >X DEBUG(1, ("talloc_asprintf failed")); >X if (_principal) talloc_zfree(*_principal); >X@@ -243,7 +243,7 @@ >X } >X >X realm_name = talloc_strdup(tmp_ctx, default_realm); >X- krb5_free_default_realm(context, default_realm); >X+ free(default_realm); >X if (!realm_name) { >X ret = ENOMEM; >X goto done; >X@@ -322,7 +322,7 @@ >X found = true; >X } >X free(kt_principal); >X- krberr = krb5_free_keytab_entry_contents(context, &entry); >X+ krberr = krb5_kt_free_entry(context, &entry); >X if (krberr) { >X /* This should never happen. The API docs for this function >X * specify only success for this function >X@@ -466,7 +466,7 @@ >X break; >X } >X >X- kerr = krb5_free_keytab_entry_contents(ctx, &entry); >X+ kerr = krb5_kt_free_entry(ctx, &entry); >X if (kerr != 0) { >X DEBUG(1, ("Failed to free keytab entry.\n")); >X } >X@@ -504,7 +504,7 @@ >X kerr = 0; >X >X done: >X- kerr_d = krb5_free_keytab_entry_contents(ctx, &entry); >X+ kerr_d = krb5_kt_free_entry(ctx, &entry); >X if (kerr_d != 0) { >X DEBUG(1, ("Failed to free keytab entry.\n")); >X } >X@@ -540,7 +540,7 @@ >X void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) >X { >X #ifdef HAVE_KRB5_GET_ERROR_MESSAGE >X- krb5_free_error_message(ctx, s); >X+ free(s); >X #else >X free(s); >X #endif >99ac7f8b12ff403efe228bac004fbe31 >echo x - sssd/files/patch-src__providers__krb5__krb5_utils.c >sed 's/^X//' >sssd/files/patch-src__providers__krb5__krb5_utils.c << '4807d35142c99fff477b87915f6f26e5' >X--- ./src/providers/krb5/krb5_utils.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/krb5/krb5_utils.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -435,10 +435,10 @@ >X } >X >X server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", >X- krb5_princ_realm(ctx, client_princ)->length, >X- krb5_princ_realm(ctx, client_princ)->data, >X- krb5_princ_realm(ctx, client_princ)->length, >X- krb5_princ_realm(ctx, client_princ)->data); >X+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), >X+ krb5_princ_realm(ctx, client_princ), >X+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), >X+ krb5_princ_realm(ctx, client_princ)); >X if (server_name == NULL) { >X kerr = KRB5_CC_NOMEM; >X DEBUG(1, ("talloc_asprintf failed.\n")); >4807d35142c99fff477b87915f6f26e5 >echo x - sssd/files/bsdnss.c >sed 's/^X//' >sssd/files/bsdnss.c << 'b8f746e6d30f97195d79298ae913038f' >X#include <errno.h> >X#include <sys/param.h> >X#include <netinet/in.h> >X#include <pwd.h> >X#include <grp.h> >X#include <nss.h> >X#include <netdb.h> >X >Xextern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, >X int *); >Xextern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, >X char *, size_t, int *); >Xextern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, >X size_t, int *); >Xextern enum nss_status _nss_sss_setgrent(void); >Xextern enum nss_status _nss_sss_endgrent(void); >X >Xextern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, >X int *); >Xextern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, >X char *, size_t, int *); >Xextern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, >X size_t, int *); >Xextern enum nss_status _nss_sss_setpwent(void); >Xextern enum nss_status _nss_sss_endpwent(void); >X >Xextern enum nss_status _nss_sss_gethostbyname_r (const char *name, struct hostent * result, >X char *buffer, size_t buflen, int *errnop, >X int *h_errnop); >X >Xextern enum nss_status _nss_sss_gethostbyname2_r (const char *name, int af, struct hostent * result, >X char *buffer, size_t buflen, int *errnop, >X int *h_errnop); >Xextern enum nss_status _nss_sss_gethostbyaddr_r (struct in_addr * addr, int len, int type, >X struct hostent * result, char *buffer, >X size_t buflen, int *errnop, int *h_errnop); >X >Xextern enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, >X int maxgrp, int *grpcnt); >X >X >XNSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); >XNSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); >XNSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); >XNSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); >XNSS_METHOD_PROTOTYPE(__nss_compat_setgrent); >XNSS_METHOD_PROTOTYPE(__nss_compat_endgrent); >X >XNSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); >XNSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); >XNSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); >XNSS_METHOD_PROTOTYPE(__nss_compat_setpwent); >XNSS_METHOD_PROTOTYPE(__nss_compat_endpwent); >X >XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); >XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); >XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); >X >Xstatic ns_mtab methods[] = { >X{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, >X{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, >X{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, >X{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, >X{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, >X{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, >X >X{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, >X{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, >X{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, >X{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, >X{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, >X >X// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, >X//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, >X//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, >X >X{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, >X{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, >X{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, >X{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, >X{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, >X >X{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, >X{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, >X{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, >X{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, >X{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, >X >X}; >X >X >Xns_mtab * >Xnss_module_register(const char *source, unsigned int *mtabsize, >X nss_module_unregister_fn *unreg) >X{ >X *mtabsize = sizeof(methods)/sizeof(methods[0]); >X *unreg = NULL; >X return (methods); >X} >X >Xint __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) >X{ >X int (*fn)(const char *, gid_t, gid_t *, int, int *); >X >X const char *uname; >X gid_t agroup; >X gid_t *groups; >X int maxgrp; >X int *grpcnt; >X int errnop; >X enum nss_status status; >X >X fn = mdata; >X uname = va_arg(ap, const char *); >X agroup = va_arg(ap, gid_t); >X groups = va_arg(ap, gid_t *); >X maxgrp = va_arg(ap, int); >X grpcnt = va_arg(ap, int *); >X status = fn(uname, agroup, groups, maxgrp, grpcnt); >X status = __nss_compat_result(status, errnop); >X return (status); >X} >X >Xint __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) >X{ >X enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); >X const char *name; >X struct hostent *result; >X char buffer[1024]; >X size_t buflen = 1024; >X int errnop; >X int h_errnop; >X int af; >X enum nss_status status; >X fn = mdata; >X name = va_arg(ap, const char*); >X af = va_arg(ap,int); >X result = va_arg(ap,struct hostent *); >X status = fn(name, result, buffer, buflen, &errnop, &h_errnop); >X status = __nss_compat_result(status,errnop); >X h_errno = h_errnop; >X return (status); >X} >X >Xint __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) >X{ >X enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); >X const char *name; >X struct hostent *result; >X char buffer[1024]; >X size_t buflen = 1024; >X int errnop; >X int h_errnop; >X int af; >X enum nss_status status; >X fn = mdata; >X name = va_arg(ap, const char*); >X af = va_arg(ap,int); >X result = va_arg(ap,struct hostent *); >X status = fn(name, result, buffer, buflen, &errnop, &h_errnop); >X status = __nss_compat_result(status,errnop); >X h_errno = h_errnop; >X return (status); >X} >X >Xint __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) >X{ >X struct in_addr *addr; >X int len; >X int type; >X struct hostent *result; >X char buffer[1024]; >X size_t buflen = 1024; >X int errnop; >X int h_errnop; >X enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); >X enum nss_status status; >X fn = mdata; >X addr = va_arg(ap, struct in_addr*); >X len = va_arg(ap,int); >X type = va_arg(ap,int); >X result = va_arg(ap, struct hostent*); >X status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); >X status = __nss_compat_result(status,errnop); >X h_errno = h_errnop; >X return (status); >X} >b8f746e6d30f97195d79298ae913038f >echo x - sssd/files/patch-src__monitor__monitor.c >sed 's/^X//' >sssd/files/patch-src__monitor__monitor.c << '41b5227cd341819900afcae066448c00' >X--- ./src/monitor/monitor.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/monitor/monitor.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -57,6 +57,10 @@ >X >X int cmdline_debug_level; >X >X+errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, >X+ struct mt_ctx *ctx, >X+ const char *file, >X+ monitor_reconf_fn fn); >X struct svc_spy; >X >X struct mt_svc { >X@@ -1606,10 +1610,6 @@ >X talloc_free(tmp_ctx); >X } >X >X-errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, >X- struct mt_ctx *ctx, >X- const char *file, >X- monitor_reconf_fn fn); >X static void rewatch_config_file(struct tevent_context *ev, >X struct tevent_timer *te, >X struct timeval t, void *ptr) >41b5227cd341819900afcae066448c00 >echo x - sssd/files/patch-src__providers__proxy__proxy_init.c >sed 's/^X//' >sssd/files/patch-src__providers__proxy__proxy_init.c << 'dfa04b45b6643bb0db5a6612e4e94b8b' >X--- ./src/providers/proxy/proxy_init.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/proxy/proxy_init.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -124,7 +124,7 @@ >X if (!ctx->handle) { >X DEBUG(0, ("Unable to load %s module with path, error: %s\n", >X libpath, dlerror())); >X- ret = ELIBACC; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -132,7 +132,7 @@ >X libname); >X if (!ctx->ops.getpwnam_r) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -140,14 +140,14 @@ >X libname); >X if (!ctx->ops.getpwuid_r) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname); >X if (!ctx->ops.setpwent) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -155,14 +155,14 @@ >X libname); >X if (!ctx->ops.getpwent_r) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname); >X if (!ctx->ops.endpwent) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -170,7 +170,7 @@ >X libname); >X if (!ctx->ops.getgrnam_r) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -178,14 +178,14 @@ >X libname); >X if (!ctx->ops.getgrgid_r) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname); >X if (!ctx->ops.setgrent) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -193,14 +193,14 @@ >X libname); >X if (!ctx->ops.getgrent_r) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >X ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname); >X if (!ctx->ops.endgrent) { >X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X goto done; >X } >X >dfa04b45b6643bb0db5a6612e4e94b8b >echo x - sssd/files/patch-src__providers__ipa__ipa_common.c >sed 's/^X//' >sssd/files/patch-src__providers__ipa__ipa_common.c << 'd6b60ac738da83f273e06f220f8b9238' >X--- ./src/providers/ipa/ipa_common.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/ipa/ipa_common.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -191,7 +191,7 @@ >X char *ipa_hostname; >X int ret; >X int i; >X- char hostname[HOST_NAME_MAX + 1]; >X+ char hostname[_POSIX_HOST_NAME_MAX + 1]; >X >X opts = talloc_zero(memctx, struct ipa_options); >X if (!opts) return ENOMEM; >X@@ -220,14 +220,14 @@ >X >X ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); >X if (ipa_hostname == NULL) { >X- ret = gethostname(hostname, HOST_NAME_MAX); >X+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); >X if (ret != EOK) { >X DEBUG(1, ("gethostname failed [%d][%s].\n", errno, >X strerror(errno))); >X ret = errno; >X goto done; >X } >X- hostname[HOST_NAME_MAX] = '\0'; >X+ hostname[_POSIX_HOST_NAME_MAX] = '\0'; >X DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); >X ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); >X if (ret != EOK) { >d6b60ac738da83f273e06f220f8b9238 >echo x - sssd/files/patch-src__sss_client__pam_test_client.c >sed 's/^X//' >sssd/files/patch-src__sss_client__pam_test_client.c << '7e0d9b62e0bc72ed1c419f1deaa1b016' >X--- ./src/sss_client/pam_test_client.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/sss_client/pam_test_client.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -24,12 +24,13 @@ >X >X #include <stdio.h> >X #include <unistd.h> >X+#include <string.h> >X >X #include <security/pam_appl.h> >X-#include <security/pam_misc.h> >X+#include <security/openpam.h> >X >X static struct pam_conv conv = { >X- misc_conv, >X+ openpam_ttyconv, >X NULL >X }; >X >7e0d9b62e0bc72ed1c419f1deaa1b016 >echo x - sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c >sed 's/^X//' >sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c << '922888bf8082a18eae5adf806c1ae794' >X--- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -265,7 +265,7 @@ >X goto done; >X } >X >X- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); >X+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); >X buflen -= SALT_PREF_SIZE; >X >X if (rounds_custom) { >X@@ -283,7 +283,7 @@ >X ret = ERANGE; >X goto done; >X } >X- cp = __stpncpy(cp, salt, salt_len); >X+ cp = stpncpy(cp, salt, salt_len); >X *cp++ = '$'; >X buflen -= salt_len + 1; >X >922888bf8082a18eae5adf806c1ae794 >echo x - sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c >sed 's/^X//' >sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c << 'cac362937b030b35ecc64052416b1861' >X--- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/crypto/nss/nss_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -10,7 +10,7 @@ >X >X #include "config.h" >X >X-#include <endian.h> >X+#include <sys/endian.h> >X #include <errno.h> >X #include <limits.h> >X #include <stdbool.h> >X@@ -267,7 +267,7 @@ >X goto done; >X } >X >X- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); >X+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); >X buflen -= SALT_PREF_SIZE; >X >X if (rounds_custom) { >X@@ -285,7 +285,7 @@ >X ret = ERANGE; >X goto done; >X } >X- cp = __stpncpy(cp, salt, salt_len); >X+ cp = stpncpy(cp, salt, salt_len); >X *cp++ = '$'; >X buflen -= salt_len + 1; >X >cac362937b030b35ecc64052416b1861 >echo x - sssd/files/patch-src__responder__common__responder_common.c >sed 's/^X//' >sssd/files/patch-src__responder__common__responder_common.c << '0d105c8a0863688f255499f28f1d7b6e' >X--- ./src/responder/common/responder_common.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/responder/common/responder_common.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -195,7 +195,7 @@ >X talloc_free(cctx); >X break; >X >X- case ENODATA: >X+ case ECONNRESET: >X DEBUG(5, ("Client disconnected!\n")); >X talloc_free(cctx); >X break; >0d105c8a0863688f255499f28f1d7b6e >echo x - sssd/files/patch-src__responder__common__responder_packet.c >sed 's/^X//' >sssd/files/patch-src__responder__common__responder_packet.c << '8ddfc2cf01329704e2f45c5c4ed07c11' >X--- ./src/responder/common/responder_packet.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/responder/common/responder_packet.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -192,7 +192,7 @@ >X } >X >X if (rb == 0) { >X- return ENODATA; >X+ return ECONNRESET; >X } >X >X if (*packet->len > packet->memsize) { >8ddfc2cf01329704e2f45c5c4ed07c11 >echo x - sssd/files/patch-src__responder__common__responder_dp.c >sed 's/^X//' >sssd/files/patch-src__responder__common__responder_dp.c << '7d0f7506137ded2f57bb49428706ab09' >X--- ./src/responder/common/responder_dp.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/responder/common/responder_dp.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -210,7 +210,7 @@ >X &sdp_req->err_min, >X &sdp_req->err_msg); >X if (ret != EOK) { >X- if (ret == ETIME) { >X+ if (ret == ETIMEDOUT) { >X sdp_req->err_maj = DP_ERR_TIMEOUT; >X sdp_req->err_min = ret; >X sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); >X@@ -569,7 +569,7 @@ >X case DBUS_MESSAGE_TYPE_ERROR: >X if (strcmp(dbus_message_get_error_name(reply), >X DBUS_ERROR_NO_REPLY) == 0) { >X- err = ETIME; >X+ err = ETIMEDOUT; >X goto done; >X } >X DEBUG(0,("The Data Provider returned an error [%s]\n", >7d0f7506137ded2f57bb49428706ab09 >echo x - sssd/files/sssd.in >sed 's/^X//' >sssd/files/sssd.in << '5130b6f91f034c10420611d80235b07e' >X#!/bin/sh >X# >X# $FreeBSD$ >X# >X >X# PROVIDE: sssd >X# REQUIRE: NETWORKING LOGIN DAEMON devfs >X# BEFORE: securelevel >X# KEYWORD: shutdown >X >X# Add the following lines to /etc/rc.conf to enable `sssd': >X# >X# sssd_enable="YES" >X# >X# See sssd(8) for sssd_flags >X# >X >X. /etc/rc.subr >X >Xname="sssd" >Xrcvar=`set_rcvar` >X >Xcommand="%%PREFIX%%/sbin/$name" >Xsssd_flags="-D" >X# command_args="-D" >Xpidfile="/var/run/$name.pid" >Xrequired_files="%%PREFIX%%/etc/$name/$name.conf" >X >X# read configuration and set defaults >Xload_rc_config "$name" >X: ${sssd_enable="NO"} >X >Xrun_rc_command "$1" >5130b6f91f034c10420611d80235b07e >echo x - sssd/files/patch-src__providers__data_provider_be.c >sed 's/^X//' >sssd/files/patch-src__providers__data_provider_be.c << '038c4010726992e56c5332529b395a87' >X--- ./src/providers/data_provider_be.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/data_provider_be.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -512,7 +512,7 @@ >X return EIO; >X } >X >X- pd->pam_status = PAM_SYSTEM_ERR; >X+ pd->pam_status = PAM_SERVICE_ERR; >X pd->domain = talloc_strdup(pd, becli->bectx->domain->name); >X if (pd->domain == NULL) { >X talloc_free(be_req); >X@@ -1013,7 +1013,7 @@ >X if (!handle) { >X DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n", >X mod_name, path, dlerror())); >X- ret = ELIBACC; >X+ ret = ENOENT; >X goto done; >X } >X >X@@ -1033,7 +1033,7 @@ >X } else { >X DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n", >X mod_init_fn_name, mod_name, dlerror())); >X- ret = ELIBBAD; >X+ ret = ENOENT; >X } >X goto done; >X } >038c4010726992e56c5332529b395a87 >echo x - sssd/files/patch-src__providers__fail_over.c >sed 's/^X//' >sssd/files/patch-src__providers__fail_over.c << '3c274bbbebadfa04de90a471a8215b26' >X--- ./src/providers/fail_over.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/fail_over.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -1191,7 +1191,7 @@ >X *******************************************************************/ >X struct resolve_get_domain_state { >X char *fqdn; >X- char hostname[HOST_NAME_MAX]; >X+ char hostname[_POSIX_HOST_NAME_MAX]; >X }; >X >X static void resolve_get_domain_done(struct tevent_req *subreq); >X@@ -1211,13 +1211,13 @@ >X return NULL; >X } >X >X- ret = gethostname(state->hostname, HOST_NAME_MAX); >X+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX); >X if (ret) { >X ret = errno; >X DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret))); >X return NULL; >X } >X- state->hostname[HOST_NAME_MAX-1] = '\0'; >X+ state->hostname[_POSIX_HOST_NAME_MAX-1] = '\0'; >X DEBUG(7, ("Host name is: %s\n", state->hostname)); >X >X subreq = resolv_gethostbyname_send(state, ev, resolv, >3c274bbbebadfa04de90a471a8215b26 >echo x - sssd/files/patch-src__providers__krb5__krb5_child.c >sed 's/^X//' >sssd/files/patch-src__providers__krb5__krb5_child.c << '0a03d674e8a6cd1921179d2f9189ca25' >X--- ./src/providers/krb5/krb5_child.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/providers/krb5/krb5_child.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -39,6 +39,15 @@ >X >X #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" >X >X+typedef struct _krb5_ticket_times { >X+ krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime >X+ in ticket? otherwise client can't get this */ >X+ krb5_timestamp starttime; /* optional in ticket, if not present, >X+ use authtime */ >X+ krb5_timestamp endtime; >X+ krb5_timestamp renew_till; >X+} krb5_ticket_times; >X+ >X struct krb5_child_ctx { >X /* opts taken from kinit */ >X /* in seconds */ >X@@ -100,10 +109,10 @@ >X >X static krb5_context krb5_error_ctx; >X static const char *__krb5_error_msg; >X-#define KRB5_DEBUG(level, krb5_error) do { \ >X- __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ >X+#define KRB5_DEBUG(level, krb5_error, ctx) do { \ >X+ __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \ >X DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ >X- sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ >X+ sss_krb5_free_error_message(ctx, __krb5_error_msg); \ >X } while(0); >X >X static void sss_krb5_expire_callback_func(krb5_context context, void *data, >X@@ -267,13 +276,13 @@ >X >X kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X goto done; >X } >X >X kerr = krb5_cc_initialize(ctx, tmp_cc, princ); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X goto done; >X } >X if (fd != -1) { >X@@ -284,7 +293,7 @@ >X if (creds == NULL) { >X kerr = create_empty_cred(ctx, princ, &l_cred); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X goto done; >X } >X } else { >X@@ -293,13 +302,13 @@ >X >X kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X goto done; >X } >X >X kerr = krb5_cc_close(ctx, tmp_cc); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X goto done; >X } >X tmp_cc = NULL; >X@@ -420,7 +429,7 @@ >X talloc_zfree(msg); >X } >X } else { >X- krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); >X+ krb5_msg = sss_krb5_get_error_message(kr->ctx, kerr); >X if (krb5_msg == NULL) { >X DEBUG(1, ("sss_krb5_get_error_message failed.\n")); >X return NULL; >X@@ -429,7 +438,7 @@ >X ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO, >X strlen(krb5_msg) + 1, >X (const uint8_t *) krb5_msg); >X- sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); >X+ sss_krb5_free_error_message(kr->ctx, krb5_msg); >X } >X if (ret != EOK) { >X DEBUG(1, ("pam_add_response failed.\n")); >X@@ -527,7 +536,7 @@ >X break; >X } >X >X- kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); >X+ kerr = krb5_kt_free_entry(kr->ctx, &entry); >X if (kerr != 0) { >X DEBUG(1, ("Failed to free keytab entry.\n")); >X } >X@@ -575,7 +584,7 @@ >X if (krb5_kt_close(kr->ctx, keytab) != 0) { >X DEBUG(1, ("krb5_kt_close failed")); >X } >X- if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { >X+ if (krb5_kt_free_entry(kr->ctx, &entry) != 0) { >X DEBUG(1, ("Failed to free keytab entry.\n")); >X } >X if (principal != NULL) { >X@@ -605,13 +614,13 @@ >X kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, >X &options); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X return kerr; >X } >X >X kerr = create_ccache_file(ctx, princ, ccname, &creds); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, ctx); >X goto done; >X } >X kerr = 0; >X@@ -633,21 +642,21 @@ >X sss_krb5_expire_callback_func, >X kr); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X DEBUG(1, ("Failed to set expire callback, continue without.\n")); >X } >X kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, >X password, sss_krb5_prompter, kr, 0, >X NULL, kr->options); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X return kerr; >X } >X >X if (kr->validate) { >X kerr = validate_tgt(kr); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X return kerr; >X } >X >X@@ -668,7 +677,7 @@ >X >X kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto done; >X } >X >X@@ -692,7 +701,7 @@ >X krb5_error_code kerr = 0; >X char *pass_str = NULL; >X char *newpass_str = NULL; >X- int pam_status = PAM_SYSTEM_ERR; >X+ int pam_status = PAM_SERVICE_ERR; >X int result_code = -1; >X krb5_data result_code_string; >X krb5_data result_string; >X@@ -734,7 +743,7 @@ >X changepw_princ, >X kr->options); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X if (kerr == KRB5_KDC_UNREACH) { >X pam_status = PAM_AUTHINFO_UNAVAIL; >X } >X@@ -773,7 +782,7 @@ >X >X if (kerr != 0 || result_code != 0) { >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X } else { >X kerr = KRB5KRB_ERR_GENERIC; >X } >X@@ -825,7 +834,7 @@ >X memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size); >X >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X if (kerr == KRB5_KDC_UNREACH) { >X pam_status = PAM_AUTHINFO_UNAVAIL; >X } >X@@ -846,7 +855,7 @@ >X krb5_error_code kerr = 0; >X char *pass_str = NULL; >X char *changepw_princ = NULL; >X- int pam_status = PAM_SYSTEM_ERR; >X+ int pam_status = PAM_SERVICE_ERR; >X >X if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { >X pam_status = PAM_CRED_INSUFFICIENT; >X@@ -881,7 +890,7 @@ >X kr->options, >X NULL, NULL); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X DEBUG(1, ("Failed to unset expire callback, continue ...\n")); >X } >X kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, >X@@ -899,7 +908,7 @@ >X memset(kr->pd->authtok, 0, kr->pd->authtok_size); >X >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X switch (kerr) { >X case KRB5_KDC_UNREACH: >X pam_status = PAM_AUTHINFO_UNAVAIL; >X@@ -911,7 +920,7 @@ >X pam_status = PAM_CRED_ERR; >X break; >X default: >X- pam_status = PAM_SYSTEM_ERR; >X+ pam_status = PAM_SERVICE_ERR; >X } >X } >X >X@@ -981,13 +990,13 @@ >X >X kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto done; >X } >X >X kerr = krb5_get_renewed_creds(kr->ctx, kr->creds, kr->princ, ccache, NULL); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X if (kerr == KRB5_KDC_UNREACH) { >X status = PAM_AUTHINFO_UNAVAIL; >X } >X@@ -997,7 +1006,7 @@ >X if (kr->validate) { >X kerr = validate_tgt(kr); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto done; >X } >X >X@@ -1019,13 +1028,13 @@ >X >X kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto done; >X } >X >X kerr = krb5_cc_store_cred(kr->ctx, ccache, kr->creds); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto done; >X } >X >X@@ -1059,8 +1068,8 @@ >X >X ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL); >X if (ret != 0) { >X- KRB5_DEBUG(1, ret); >X- pam_status = PAM_SYSTEM_ERR; >X+ KRB5_DEBUG(1, ret, kr->ctx); >X+ pam_status = PAM_SERVICE_ERR; >X } >X >X ret = sendresponse(fd, ret, pam_status, kr); >X@@ -1375,19 +1384,20 @@ >X >X kerr = krb5_init_context(&kr->ctx); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ /* FIXME: This sucks */ >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X >X kerr = krb5_parse_name(kr->ctx, kr->upn, &kr->princ); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X >X kerr = krb5_unparse_name(kr->ctx, kr->princ, &kr->name); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X >X@@ -1400,18 +1410,18 @@ >X >X kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); >X if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X >X /* A prompter is used to catch messages about when a password will >X * expired. The library shall not use the prompter to ask for a new password >X * but shall return KRB5KDC_ERR_KEY_EXP. */ >X- krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); >X- if (kerr != 0) { >X- KRB5_DEBUG(1, kerr); >X- goto failed; >X- } >X+ // krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); >X+ // if (kerr != 0) { >X+ // KRB5_DEBUG(1, kerr, kr->ctx); >X+ // goto failed; >X+ // } >X >X lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); >X if (lifetime_str == NULL) { >X@@ -1422,7 +1432,7 @@ >X if (kerr != 0) { >X DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", >X lifetime_str)); >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime); >X@@ -1437,7 +1447,7 @@ >X if (kerr != 0) { >X DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", >X lifetime_str)); >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime); >X@@ -1486,7 +1496,7 @@ >X kr, &kr->fast_ccname); >X if (kerr != 0) { >X DEBUG(1, ("check_fast_ccache failed.\n")); >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X >X@@ -1496,7 +1506,7 @@ >X if (kerr != 0) { >X DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name " >X "failed.\n")); >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X >X@@ -1507,7 +1517,7 @@ >X if (kerr != 0) { >X DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags " >X "failed.\n")); >X- KRB5_DEBUG(1, kerr); >X+ KRB5_DEBUG(1, kerr, kr->ctx); >X goto failed; >X } >X } >0a03d674e8a6cd1921179d2f9189ca25 >echo x - sssd/files/patch-src__util__util.c >sed 's/^X//' >sssd/files/patch-src__util__util.c << 'b53cb9a74fb3e65d491ba02d3511338f' >X--- ./src/util/util.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/util.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -18,6 +18,7 @@ >X along with this program. If not, see <http://www.gnu.org/licenses/>. >X */ >X >X+#include <sys/socket.h> >X #include <ctype.h> >X #include <netdb.h> >X >b53cb9a74fb3e65d491ba02d3511338f >echo x - sssd/files/patch-Makefile.am >sed 's/^X//' >sssd/files/patch-Makefile.am << 'c4c02364a361b808cc36b464e9b84b38' >X--- ./Makefile.am.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./Makefile.am 2011-10-13 12:13:42.000000000 -0400 >X@@ -33,7 +33,7 @@ >X systemdunitdir = @systemdunitdir@ >X logpath = @logpath@ >X pubconfpath = @pubconfpath@ >X-pkgconfigdir = $(libdir)/pkgconfig >X+pkgconfigdir = $(prefix)/libdata/pkgconfig >X >X AM_CFLAGS = >X if WANT_AUX_INFO >X@@ -753,21 +753,22 @@ >X >X noinst_PROGRAMS = pam_test_client >X pam_test_client_SOURCES = src/sss_client/pam_test_client.c >X-pam_test_client_LDFLAGS = -lpam -lpam_misc >X+pam_test_client_LDFLAGS = -lpam >X >X #################### >X # Client Libraries # >X #################### >X >X-nsslib_LTLIBRARIES = libnss_sss.la >X-libnss_sss_la_SOURCES = \ >X+nsslib_LTLIBRARIES = nss_sss.la >X+nss_sss_la_SOURCES = \ >X src/sss_client/common.c \ >X+ src/sss_client/bsdnss.c \ >X src/sss_client/nss_passwd.c \ >X src/sss_client/nss_group.c \ >X src/sss_client/nss_netgroup.c \ >X src/sss_client/sss_cli.h \ >X src/sss_client/nss_compat.h >X-libnss_sss_la_LDFLAGS = \ >X+nss_sss_la_LDFLAGS = \ >X -module \ >X -version-info 2:0:0 \ >X -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports >X@@ -780,6 +781,7 @@ >X src/sss_client/sss_pam_macros.h >X >X pam_sss_la_LDFLAGS = \ >X+ -lintl \ >X -lpam \ >X -module \ >X -avoid-version \ >X@@ -1122,10 +1124,10 @@ >X mkdir -p $(DESTDIR)$(initdir) >X endif >X >X-install-data-hook: >X- rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ >X- $(DESTDIR)/$(nsslibdir)/libnss_sss.so >X- mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 >X+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook: >X+ rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \ >X+ $(DESTDIR)/$(nsslibdir)/nss_sss.so >X+ mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 >X >X uninstall-hook: >X if [ -f $(abs_builddir)/src/config/.files ]; then \ >c4c02364a361b808cc36b464e9b84b38 >echo x - sssd/files/patch-src__sss_client__sss_nss.exports >sed 's/^X//' >sssd/files/patch-src__sss_client__sss_nss.exports << '219bdc780448578905b15c7ee5b0548c' >X--- ./src/sss_client/sss_nss.exports.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/sss_client/sss_nss.exports 2011-10-13 12:13:42.000000000 -0400 >X@@ -3,6 +3,7 @@ >X # public functions >X global: >X >X+ nss_module_register; >X _nss_sss_getpwnam_r; >X _nss_sss_getpwuid_r; >X _nss_sss_setpwent; >X@@ -14,8 +15,25 @@ >X _nss_sss_setgrent; >X _nss_sss_getgrent_r; >X _nss_sss_endgrent; >X+ _nss_sss_getgroupmembership; >X _nss_sss_initgroups_dyn; >X >X+ __nss_compat_getgrnam_r; >X+ __nss_compat_getgrgid_r; >X+ __nss_compat_getgrent_r; >X+ __nss_compat_setgrent; >X+ __nss_compat_endgrent; >X+ >X+ __nss_compat_getpwnam_r; >X+ __nss_compat_getpwuid_r; >X+ __nss_compat_getpwent_r; >X+ __nss_compat_setpwent; >X+ __nss_compat_endpwent; >X+ >X+ __nss_compat_gethostbyname; >X+ __nss_compat_gethostbyname2; >X+ __nss_compat_gethostbyaddr; >X+ >X #_nss_sss_getaliasbyname_r; >X #_nss_sss_setaliasent; >X #_nss_sss_getaliasent_r; >219bdc780448578905b15c7ee5b0548c >echo x - sssd/files/patch-src__resolv__async_resolv.c >sed 's/^X//' >sssd/files/patch-src__resolv__async_resolv.c << '771e49276b944e2b00696a91c5fb64af' >X--- ./src/resolv/async_resolv.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/resolv/async_resolv.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -1073,7 +1073,6 @@ >X hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ >X >X ret = getaddrinfo(name, NULL, &hints, &res); >X- freeaddrinfo(res); >X if (ret != 0) { >X if (ret == -2) { >X DEBUG(9, ("[%s] does not look like an IP address\n", name)); >X@@ -1081,6 +1080,8 @@ >X DEBUG(2, ("getaddrinfo failed [%d]: %s\n", >X ret, gai_strerror(ret))); >X } >X+ } else { >X+ freeaddrinfo(res); >X } >X >X return ret == 0; >771e49276b944e2b00696a91c5fb64af >echo x - sssd/files/patch-src__util__server.c >sed 's/^X//' >sssd/files/patch-src__util__server.c << '08d9fcddaf8df4722efb89bb605dc5a2' >X--- ./src/util/server.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/server.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -296,14 +296,15 @@ >X BlockSignals(false, SIGTERM); >X >X CatchSignal(SIGHUP, sig_hup); >X- >X #ifndef HAVE_PRCTL >X /* If prctl is not defined on the system, try to handle >X * some common termination signals gracefully */ >X- CatchSignal(SIGSEGV, sig_segv_abrt); >X- CatchSignal(SIGABRT, sig_segv_abrt); >X+ /* >X+ CatchSignal(SIGSEGV, sig_segv_abrt); >X+ CatchSignal(SIGABRT, sig_segv_abrt); >X+ */ >X #endif >X- >X+ >X } >X >X /* >08d9fcddaf8df4722efb89bb605dc5a2 >echo x - sssd/files/patch-src__sss_client__nss_group.c >sed 's/^X//' >sssd/files/patch-src__sss_client__nss_group.c << '4cc88cf9957a2327c73bdf9fc1b1e16e' >X--- ./src/sss_client/nss_group.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/sss_client/nss_group.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -248,6 +248,77 @@ >X } >X >X >X+#define MIN(a, b)((a) < (b) ? (a) : (b)) >X+ >X+gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) >X+{ >X+ int ret, dupc; >X+ >X+ for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { >X+ if (groups[dupc] == gid) >X+ return 1; >X+ } >X+ >X+ ret = 1; >X+ if (*grpcnt < maxgrp) >X+ groups[*grpcnt] = gid; >X+ else >X+ ret = 0; >X+ >X+ (*grpcnt)++; >X+ >X+ return ret; >X+} >X+ >X+enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, >X+ int maxgrp, int *grpcnt) >X+{ >X+ struct sss_cli_req_data rd; >X+ uint8_t *repbuf; >X+ size_t replen; >X+ enum nss_status nret; >X+ uint32_t *rbuf; >X+ uint32_t num_ret; >X+ long int l, max_ret; >X+ int errnop; >X+ >X+ rd.len = strlen(uname) +1; >X+ rd.data = uname; >X+ >X+ sss_nss_lock(); >X+ >X+ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, >X+ &repbuf, &replen, &errnop); >X+ if (nret != NSS_STATUS_SUCCESS) { >X+ goto out; >X+ } >X+ >X+ /* no results if not found */ >X+ num_ret = ((uint32_t *)repbuf)[0]; >X+ if (num_ret == 0) { >X+ free(repbuf); >X+ nret = NSS_STATUS_NOTFOUND; >X+ goto out; >X+ } >X+ max_ret = num_ret; >X+ >X+ gr_addgid(agroup, groups, maxgrp, grpcnt); >X+ >X+ rbuf = &((uint32_t *)repbuf)[2]; >X+ for (l = 0; l < max_ret; l++) { >X+ gr_addgid(rbuf[l], groups, maxgrp, grpcnt); >X+ } >X+ >X+ free(repbuf); >X+ nret = NSS_STATUS_SUCCESS; >X+ >X+out: >X+ sss_nss_unlock(); >X+ return nret; >X+ >X+ >X+} >X+ >X enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, >X char *buffer, size_t buflen, int *errnop) >X { >4cc88cf9957a2327c73bdf9fc1b1e16e >echo x - sssd/files/patch-src__util__find_uid.c >sed 's/^X//' >sssd/files/patch-src__util__find_uid.c << 'b338fbd0e32583e63aa71c8abf1cb1d8' >X--- ./src/util/find_uid.c.orig 2011-08-29 11:39:05.000000000 -0400 >X+++ ./src/util/find_uid.c 2011-10-13 12:15:03.000000000 -0400 >X@@ -67,7 +67,7 @@ >X uint32_t num=0; >X errno_t error; >X >X- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); >X+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid); >X if (ret < 0) { >X DEBUG(1, ("snprintf failed")); >X return EINVAL; >X@@ -204,7 +204,7 @@ >X hash_key_t key; >X hash_value_t value; >X >X- proc_dir = opendir("/proc"); >X+ proc_dir = opendir("/compat/linux/proc"); >X if (proc_dir == NULL) { >X ret = errno; >X DEBUG(1, ("Cannot open proc dir.\n")); >X@@ -278,9 +278,8 @@ >X >X errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) >X { >X-#ifdef __linux__ >X int ret; >X- >X+#if 1 >X ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, >X hash_talloc, hash_talloc_free, mem_ctx, >X NULL, NULL); >b338fbd0e32583e63aa71c8abf1cb1d8 >echo x - sssd/Makefile >sed 's/^X//' >sssd/Makefile << '49dcaf74f8115d631e634a948ce91f7a' >X# New ports collection makefile for: sssd >X# Date created: Sep 6 2011 >X# Whom: Andrew Elble <aweits@rit.edu> >X# >X# $FreeBSD$ >X# >X >XPORTNAME= sssd >XDISTVERSION= 1.6.1 >XCATEGORIES= net >XMASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ >X >XMAINTAINER= aweits@rit.edu >XCOMMENT= System Security Services Daemon >X >XLICENSE= GPLv3 >X >XLIB_DEPENDS= popt.0:${PORTSDIR}/devel/popt \ >X talloc.2:${PORTSDIR}/devel/talloc \ >X tevent.0:${PORTSDIR}/devel/tevent \ >X xslt.2:${PORTSDIR}/textproc/libxslt \ >X tdb.1:${PORTSDIR}/databases/tdb \ >X ldb:${PORTSDIR}/databases/ldb \ >X cares.2:${PORTSDIR}/dns/c-ares \ >X dbus:${PORTSDIR}/devel/dbus \ >X dhash.1:${PORTSDIR}/devel/ding-libs \ >X pcre.0:${PORTSDIR}/devel/pcre \ >X unistring.1:${PORTSDIR}/devel/libunistring \ >X nss3.1:${PORTSDIR}/security/nss \ >X sasl2.2:${PORTSDIR}/security/cyrus-sasl2 \ >X xml2:${PORTSDIR}/textproc/libxml2 >XBUILD_DEPENDS= xmlcatalog:${PORTSDIR}/textproc/libxml2 \ >X docbook-xsl>=0:${PORTSDIR}/textproc/docbook-xsl >XRUN_DEPENDS= xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr >X >XGNU_CONFIGURE= yes >XCONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ >X --with-ldb-lib-dir=${LOCALBASE}/lib/ldb \ >X --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ >X --with-libnl=no --with-init-dir=no \ >X --docdir=${WRKDIR}/docs --with-pid-path=/var/run \ >X --localstatedir=/var >XCFLAGS+= -L${LOCALBASE}/lib -fstack-protector-all >X#DEBUG_FLAGS= -g >X >XUSE_AUTOTOOLS= autoconf automake >XUSE_LDCONFIG= yes >XUSE_PYTHON= yes >XUSE_OPENLDAP= yes >XUSE_GMAKE= yes >XUSE_GNOME= pkgconfig >XUSE_GETTEXT= yes >XUSE_ICONV= yes >XUSE_PYTHON= yes >X >XUSE_RC_SUBR= ${PORTNAME} >XMAN5= sssd-ipa.5 sssd-krb5.5 sssd-ldap.5 sssd-simple.5 \ >X sssd.conf.5 >XMAN8= pam_sss.8 sss_cache.8 sss_groupadd.8 sss_groupdel.8 \ >X sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \ >X sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \ >X sssd_krb5_locator_plugin.8 >X >X.include <bsd.port.pre.mk> >X >X.if ${OSVERSION} < 800107 >XIGNORE= is not supported prior to 8.0-RELEASE >X.endif >X >Xpost-patch: >X @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c >X @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' ${WRKSRC}/src/util/util.h >X @${REINPLACE_CMD} -e '/pam_misc/d' ${WRKSRC}/src/sss_client/pam_test_client.c >X @${REINPLACE_CMD} -e '/ETIME/d' ${WRKSRC}/src/sss_client/common.c >X @${REINPLACE_CMD} -e 's| -lpam_misc||g' ${WRKSRC}/Makefile.am ${WRKSRC}/Makefile.in >X @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 >X @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' ${WRKSRC}/src/sss_client/common.c >X @${REINPLACE_CMD} -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' ${WRKSRC}/src/sss_client/common.c >X @${REINPLACE_CMD} -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' ${WRKSRC}/src/sss_client/common.c >X @${REINPLACE_CMD} -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' ${WRKSRC}/src/sss_client/common.c >X @${REINPLACE_CMD} -e 's|security/pam_ext.h|security/pam_appl.h|g' ${WRKSRC}/src/sss_client/pam_sss.c >X @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' ${WRKSRC}/src/sss_client/sss_pam_macros.h >X @${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' ${WRKSRC}/src/sss_client/pam_sss.c >X @${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' ${WRKSRC}/src/sss_client/pam_sss.c >X @${REINPLACE_CMD} -e 's|pam_vsyslog(pamh,|vsyslog(|g' ${WRKSRC}/src/sss_client/pam_sss.c >X @${REINPLACE_CMD} -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' ${WRKSRC}/src/sss_client/pam_sss.c >X @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' ${WRKSRC}/Makefile.in >X @${REINPLACE_CMD} -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ >X ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am >X @${REINPLACE_CMD} -e 's|install-data-hook|notinstall-data-hook|g' ${WRKSRC}/Makefile.in \ >X ${WRKSRC}/Makefile.am >X @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in \ >X ${WRKSRC}/Makefile.am >X @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' ${WRKSRC}/src/man/*xml >X @${REINPLACE_CMD} -e 's|/etc/openldap/|${PREFIX}/etc/openldap/|g' ${WRKSRC}/src/man/*xml >X @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC} >X @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c >X >Xpost-install: >X ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd.conf ${ETCDIR}/sssd.conf.sample >X (cd ${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1) >X (cd ${PREFIX}/lib/security && ${LN} -s pam_sss.so pam_sss.so.5) >X ${RM} -f ${PREFIX}/lib/ldb/memberof.la >X >X.include <bsd.port.post.mk> >49dcaf74f8115d631e634a948ce91f7a >echo x - sssd/distinfo >sed 's/^X//' >sssd/distinfo << '6a79c0728ff19b2bb09dca7f4e3583cf' >XSHA256 (sssd-1.6.1.tar.gz) = ba30d8cf7eae1fd66053b4f11e8e5b98bc6db113cf6d2f33e429f2e21d90ade9 >XSIZE (sssd-1.6.1.tar.gz) = 1406047 >6a79c0728ff19b2bb09dca7f4e3583cf >echo x - sssd/pkg-descr >sed 's/^X//' >sssd/pkg-descr << 'c2a8f334338c4330dfb865c1ecd61d6d' >XThis project provides a set of daemons to manage access to remote >Xdirectories and authentication mechanisms, it provides an NSS and >XPAM interface toward the system and a pluggable backend system to >Xconnect to multiple different account sources. It is also the >Xbasis to provide client auditing and policy services for projects >Xlike FreeIPA. >X >XWWW: https://fedorahosted.org/sssd/ >c2a8f334338c4330dfb865c1ecd61d6d >echo x - sssd/pkg-plist >sed 's/^X//' >sssd/pkg-plist << '2bed20777c6dcee8c04c2f036eddc08f' >Xshare/locale/zh_TW/LC_MESSAGES/sssd.mo >Xshare/locale/uk/LC_MESSAGES/sssd.mo >Xshare/locale/sv/LC_MESSAGES/sssd.mo >Xshare/locale/ru/LC_MESSAGES/sssd.mo >Xshare/locale/pt/LC_MESSAGES/sssd.mo >Xshare/locale/pl/LC_MESSAGES/sssd.mo >Xshare/locale/nl/LC_MESSAGES/sssd.mo >Xshare/locale/ja/LC_MESSAGES/sssd.mo >Xshare/locale/it/LC_MESSAGES/sssd.mo >Xshare/locale/id/LC_MESSAGES/sssd.mo >Xshare/locale/fr/LC_MESSAGES/sssd.mo >Xshare/locale/es/LC_MESSAGES/sssd.mo >Xshare/locale/de/LC_MESSAGES/sssd.mo >Xsbin/sssd >Xsbin/sss_usermod >Xsbin/sss_userdel >Xsbin/sss_useradd >Xsbin/sss_obfuscate >Xsbin/sss_groupshow >Xsbin/sss_groupmod >Xsbin/sss_groupdel >Xsbin/sss_groupadd >Xsbin/sss_cache >Xlibexec/sssd/sssd_pam >Xlibexec/sssd/sssd_nss >Xlibexec/sssd/sssd_be >Xlibexec/sssd/proxy_child >Xlibexec/sssd/ldap_child >Xlibexec/sssd/krb5_child >Xlibdata/pkgconfig/ipa_hbac.pc >Xlib/sssd/libsss_simple.so >Xlib/sssd/libsss_simple.la >Xlib/sssd/libsss_proxy.so >Xlib/sssd/libsss_proxy.la >Xlib/sssd/libsss_ldap.so >Xlib/sssd/libsss_ldap.la >Xlib/sssd/libsss_krb5.so >Xlib/sssd/libsss_krb5.la >Xlib/sssd/libsss_ipa.so >Xlib/sssd/libsss_ipa.la >Xlib/security/pam_sss.so.5 >Xlib/security/pam_sss.so >Xlib/security/pam_sss.la >Xlib/nss_sss.so.2 >Xlib/nss_sss.so.1 >Xlib/nss_sss.so >Xlib/nss_sss.la >Xlib/libipa_hbac.so.0 >Xlib/libipa_hbac.so >Xlib/libipa_hbac.la >Xlib/ldb/memberof.so >Xlib/%%PYTHON_VERSION%%/site-packages/sssd_upgrade_config.pyc >Xlib/%%PYTHON_VERSION%%/site-packages/sssd_upgrade_config.py >Xlib/%%PYTHON_VERSION%%/site-packages/pysss.so >Xlib/%%PYTHON_VERSION%%/site-packages/pysss.la >Xlib/%%PYTHON_VERSION%%/site-packages/pyhbac.so >Xlib/%%PYTHON_VERSION%%/site-packages/pyhbac.la >Xlib/%%PYTHON_VERSION%%/site-packages/ipachangeconf.pyc >Xlib/%%PYTHON_VERSION%%/site-packages/ipachangeconf.py >Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig.pyc >Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig.py >Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig-1-py2.7.egg-info >Xinclude/ipa_hbac.h >Xetc/sssd/sssd.api.d/sssd-simple.conf >Xetc/sssd/sssd.api.d/sssd-proxy.conf >Xetc/sssd/sssd.api.d/sssd-local.conf >Xetc/sssd/sssd.api.d/sssd-ldap.conf >Xetc/sssd/sssd.api.d/sssd-krb5.conf >Xetc/sssd/sssd.api.d/sssd-ipa.conf >Xetc/sssd/sssd.api.conf >Xetc/sssd/sssd.conf.sample >X@dirrmtry lib/security >X@dirrmtry lib/pkgconfig >X@dirrmtry lib/ldb >X@dirrmtry etc/sssd/sssd.api.d >X@dirrmtry etc/sssd >X@dirrm share/sssd/introspect >X@dirrm share/sssd >X@dirrm libexec/sssd >X@dirrm lib/sssd >X@unexec if cmp -s %D/etc/sssd/sssd.conf.sample %D/etc/sssd/sssd.conf; then rm -f %D/etc/sssd/sssd.conf; fi >X@exec if [ ! -f %D/etc/sssd/sssd.conf ]; then cp -p %D/%F %B/sssd.conf; fi >2bed20777c6dcee8c04c2f036eddc08f >echo x - sssd/pkg-message >sed 's/^X//' >sssd/pkg-message << '5905bf108f9f20379c1da2383d81f45d' >X================================================================================ >XCopy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf >Xand edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) >X >XAdd the following lines to /etc/rc.conf to enable `sssd': >Xsssd_enable="YES" >X >Xand execute >X >X"service start sssd" >X >Xthe module is usable by PAM (man pam.conf): >X >Xlogin auth sufficient %%PREFIX%%/lib/security/pam_sss.so >X >Xas well as NSS (man nsswitch.conf): >X >Xgroup: sss files >Xpasswd: sss files >X >X================================================================================ >5905bf108f9f20379c1da2383d81f45d >exit
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=119088">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 161555
: 119088