FreeBSD Bugzilla – Attachment 152411 Details for
Bug 194155
[maintainer] security/sssd: Update to 1.11.7
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix plist issues with previous versions of the patch
sssd.diff.txt (text/plain), 71.52 KB, created by
Thomas Zander
on 2015-01-31 08:23:27 UTC
(
hide
)
Description:
Fix plist issues with previous versions of the patch
Filename:
MIME Type:
Creator:
Thomas Zander
Created:
2015-01-31 08:23:27 UTC
Size:
71.52 KB
patch
obsolete
>Index: Makefile >=================================================================== >--- Makefile (revision 378189) >+++ Makefile (working copy) >@@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= sssd >-DISTVERSION= 1.9.6 >-PORTREVISION= 9 >+DISTVERSION= 1.11.7 > CATEGORIES= security > MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ > http://mirrors.rit.edu/zi/ >@@ -36,7 +35,7 @@ > > GNU_CONFIGURE= yes > CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ >- --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb/ \ >+ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ > --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ > --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ > --docdir=${DOCSDIR} --with-pid-path=/var/run \ >@@ -43,8 +42,8 @@ > --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ > --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ > --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \ >- --with-unicode-lib=libunistring --with-autofs=no >-CONFIGURE_ENV= XMLLINT="/bin/echo" >+ --with-unicode-lib=libunistring --with-autofs=no \ >+ --disable-cifs-idmap-plugin --disable-config-lib > CFLAGS+= -fstack-protector-all > PLIST_SUB= PYTHON_VER=${PYTHON_VER} > #DEBUG_FLAGS= -g >@@ -55,15 +54,24 @@ > AUTOMAKE_ARGS= -a -c -f > USE_LDCONFIG= yes > USE_OPENLDAP= yes >-USES= gettext gmake iconv libtool pathfix pkgconfig python shebangfix >+USES= gettext gmake iconv libtool pathfix pkgconfig python:2 shebangfix > PATHFIX_MAKEFILEIN= Makefile.am >-SHEBANG_FILES= src/tools/sss_obfuscate > >+python_CMD= ${SETENV} python2 >+SHEBANG_FILES= src/tools/sss_obfuscate \ >+ src/sbus/sbus_codegen >+ > USE_RC_SUBR= ${PORTNAME} > PORTDATA= * > >-OPTIONS_DEFINE= DOCS >+OPTIONS_DEFINE= DOCS SMB >+OPTIONS_DEFAULT= DOCS >+OPTIONS_SUB= yes > >+SMB_DESC= Install IPA and AD providers (requires Samba4) >+SMB_BUILD_DEPENDS= samba41>=4.1.0:${PORTSDIR}/net/samba41 >+SMB_CONFIGURE_WITH= samba >+ > .include <bsd.port.options.mk> > > .if ${ARCH} == "ia64" || ${ARCH} == "powerpc" || ${ARCH} == "sparc64" >@@ -72,12 +80,6 @@ > > post-patch: > @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c >- @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \ >- ${WRKSRC}/src/util/util.h >- @${REINPLACE_CMD} -e '/pam_misc/d' \ >- ${WRKSRC}/src/sss_client/pam_test_client.c >- @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' \ >- ${WRKSRC}/configure.ac ${WRKSRC}/src/external/pam.m4 > @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \ > -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \ > -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \ >@@ -84,23 +86,16 @@ > -e '/ETIME/d' \ > -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \ > ${WRKSRC}/src/sss_client/common.c >- @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' \ >- ${WRKSRC}/src/sss_client/sss_pam_macros.h >- @${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' \ >- -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' \ >- -e 's|security/pam_ext.h|security/pam_appl.h|g' \ >+ @${REINPLACE_CMD} \ > -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \ >- -e 's|pam_vsyslog(pamh,|vsyslog(|g' \ > ${WRKSRC}/src/sss_client/pam_sss.c > @${REINPLACE_CMD} \ > -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ > -e 's|install-data-hook|notinstall-data-hook|g' \ >- -e 's| -lpam_misc||g' \ > ${WRKSRC}/Makefile.am > @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ > -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ > ${WRKSRC}/src/man/*xml >- @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h > @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c > @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h > >@@ -112,5 +107,9 @@ > .for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss > @${RMDIR} ${STAGEDIR}/var/${VARDIRS} > .endfor >+ # clean unused man dirs >+.for i in nl/man1 nl/man5 pt/man1 pt/man5 >+ @${RMDIR} ${STAGEDIR}${PREFIX}/man/${i} >+.endfor > > .include <bsd.port.mk> >Index: distinfo >=================================================================== >--- distinfo (revision 378189) >+++ distinfo (working copy) >@@ -1,2 +1,2 @@ >-SHA256 (sssd-1.9.6.tar.gz) = ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601 >-SIZE (sssd-1.9.6.tar.gz) = 3180066 >+SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5 >+SIZE (sssd-1.11.7.tar.gz) = 3661227 >Index: files/pam_macros.h >=================================================================== >--- files/pam_macros.h (revision 378189) >+++ files/pam_macros.h (working copy) >@@ -1,196 +0,0 @@ >-#ifndef PAM_MACROS_H >-#define PAM_MACROS_H >- >-/* >- * All kind of macros used by PAM, but usable in some other >- * programs too. >- * Organized by Cristian Gafton <gafton@redhat.com> >- */ >- >-/* a 'safe' version of strdup */ >- >-#include <stdlib.h> >-#include <string.h> >- >-#define x_strdup(s) ( (s) ? strdup(s):NULL ) >- >-/* Good policy to strike out passwords with some characters not just >- free the memory */ >- >-#define _pam_overwrite(x) \ >-do { \ >- register char *__xx__; \ >- if ((__xx__=(x))) \ >- while (*__xx__) \ >- *__xx__++ = '\0'; \ >-} while (0) >- >-#define _pam_overwrite_n(x,n) \ >-do { \ >- register char *__xx__; \ >- register unsigned int __i__ = 0; \ >- if ((__xx__=(x))) \ >- for (;__i__<n; __i__++) \ >- __xx__[__i__] = 0; \ >-} while (0) >- >-/* >- * Don't just free it, forget it too. >- */ >- >-#define _pam_drop(X) \ >-do { \ >- if (X) { \ >- free(X); \ >- X=NULL; \ >- } \ >-} while (0) >- >-#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ >-do { \ >- int reply_i; \ >- \ >- for (reply_i=0; reply_i<replies; ++reply_i) { \ >- if (reply[reply_i].resp) { \ >- _pam_overwrite(reply[reply_i].resp); \ >- free(reply[reply_i].resp); \ >- } \ >- } \ >- if (reply) \ >- free(reply); \ >-} while (0) >- >-/* some debugging code */ >- >-#ifdef DEBUG >- >-/* >- * This provides the necessary function to do debugging in PAM. >- * Cristian Gafton <gafton@redhat.com> >- */ >- >-#include <stdio.h> >-#include <sys/types.h> >-#include <stdarg.h> >-#include <errno.h> >-#include <sys/stat.h> >-#include <fcntl.h> >-#include <unistd.h> >- >-/* >- * This is for debugging purposes ONLY. DO NOT use on live systems !!! >- * You have been warned :-) - CG >- * >- * to get automated debugging to the log file, it must be created manually. >- * _PAM_LOGFILE must exist and be writable to the programs you debug. >- */ >- >-#ifndef _PAM_LOGFILE >-#define _PAM_LOGFILE "/var/run/pam-debug.log" >-#endif >- >-static void _pam_output_debug_info(const char *file, const char *fn >- , const int line) >-{ >- FILE *logfile; >- int must_close = 1, fd; >- >-#ifdef O_NOFOLLOW >- if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { >-#else >- if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { >-#endif >- if (!(logfile = fdopen(fd,"a"))) { >- logfile = stderr; >- must_close = 0; >- close(fd); >- } >- } else { >- logfile = stderr; >- must_close = 0; >- } >- fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); >- fflush(logfile); >- if (must_close) >- fclose(logfile); >-} >- >-static void _pam_output_debug(const char *format, ...) >-{ >- va_list args; >- FILE *logfile; >- int must_close = 1, fd; >- >- va_start(args, format); >- >-#ifdef O_NOFOLLOW >- if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { >-#else >- if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { >-#endif >- if (!(logfile = fdopen(fd,"a"))) { >- logfile = stderr; >- must_close = 0; >- close(fd); >- } >- } else { >- logfile = stderr; >- must_close = 0; >- } >- vfprintf(logfile, format, args); >- fprintf(logfile, "\n"); >- fflush(logfile); >- if (must_close) >- fclose(logfile); >- >- va_end(args); >-} >- >-#define D(x) do { \ >- _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ >- _pam_output_debug x ; \ >-} while (0) >- >-#define _pam_show_mem(X,XS) do { \ >- int i; \ >- register unsigned char *x; \ >- x = (unsigned char *)X; \ >- fprintf(stderr, " <start at %p>\n", X); \ >- for (i = 0; i < XS ; ++x, ++i) { \ >- fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ >- } \ >- fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \ >-} while (0) >- >-#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ >-do { \ >- int reply_i; \ >- setbuf(stderr, NULL); \ >- fprintf(stderr, "array at %p of size %d\n",reply,replies); \ >- fflush(stderr); \ >- if (reply) { \ >- for (reply_i = 0; reply_i < replies; reply_i++) { \ >- fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ >- reply_i, reply+reply_i, reply[reply_i].resp, \ >- reply[reply_i].resp, _retcode); \ >- fflush(stderr); \ >- if (reply[reply_i].resp) { \ >- fprintf(stderr, " resp[%d] = '%s'\n", \ >- strlen(reply[reply_i].resp), reply[reply_i].resp); \ >- fflush(stderr); \ >- } \ >- } \ >- } \ >- fprintf(stderr, "done here\n"); \ >- fflush(stderr); \ >-} while (0) >- >-#else >- >-#define D(x) do { } while (0) >-#define _pam_show_mem(X,XS) do { } while (0) >-#define _pam_show_reply(reply, replies) do { } while (0) >- >-#endif /* DEBUG */ >- >-#endif /* PAM_MACROS_H */ >Index: files/patch-Makefile.am >=================================================================== >--- files/patch-Makefile.am (revision 378189) >+++ files/patch-Makefile.am (working copy) >@@ -1,17 +1,16 @@ >-From e40f55767383f300f71103ca404b7839b8499104 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 01/25] patch-Makefile.am >- >---- >- Makefile.am | 10 ++++++---- >- 1 file changed, 6 insertions(+), 4 deletions(-) >- > diff --git Makefile.am Makefile.am >-index 04df7cb..e2558f7 100644 >+index fd74d85..4a7e6ae 100644 > --- Makefile.am > +++ Makefile.am >-@@ -318,6 +318,7 @@ SSSD_LIBS = \ >+@@ -311,6 +311,7 @@ AM_CPPFLAGS = \ >+ $(LIBNL_CFLAGS) \ >+ $(OPENLDAP_CFLAGS) \ >+ $(GLIB2_CFLAGS) \ >++ -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \ >+ -DLIBDIR=\"$(libdir)\" \ >+ -DVARDIR=\"$(localstatedir)\" \ >+ -DSHLIBEXT=\"$(SHLIBEXT)\" \ >+@@ -378,6 +379,7 @@ SSSD_LIBS = \ > $(DHASH_LIBS) \ > $(SSS_CRYPT_LIBS) \ > $(OPENLDAP_LIBS) \ >@@ -19,24 +18,15 @@ > $(TDB_LIBS) > > PYTHON_BINDINGS_LIBS = \ >-@@ -369,6 +370,7 @@ dist_noinst_HEADERS = \ >- src/util/sss_selinux.h \ >- src/util/sss_utf8.h \ >+@@ -433,6 +435,7 @@ dist_noinst_HEADERS = \ > src/util/sss_ssh.h \ >+ src/util/sss_ini.h \ >+ src/util/sss_format.h \ > + src/util/sss_bsd_errno.h \ > src/util/refcount.h \ > src/util/find_uid.h \ > src/util/user_info_msg.h \ >-@@ -1170,7 +1172,7 @@ noinst_PROGRAMS += autofs_test_client >- endif >- >- pam_test_client_SOURCES = src/sss_client/pam_test_client.c >--pam_test_client_LDFLAGS = -lpam -lpam_misc >-+pam_test_client_LDFLAGS = -lpam >- >- if BUILD_AUTOFS >- autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \ >-@@ -1184,9 +1186,10 @@ endif >+@@ -1700,9 +1703,10 @@ endif > # Client Libraries # > #################### > >@@ -49,16 +39,19 @@ > src/sss_client/nss_passwd.c \ > src/sss_client/nss_group.c \ > src/sss_client/nss_netgroup.c \ >-@@ -1198,7 +1201,7 @@ libnss_sss_la_SOURCES = \ >+@@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \ > src/sss_client/nss_mc_passwd.c \ > src/sss_client/nss_mc_group.c \ > src/sss_client/nss_mc.h >+-libnss_sss_la_LIBADD = \ >++nss_sss_la_LIBADD = \ >+ $(CLIENT_LIBS) > -libnss_sss_la_LDFLAGS = \ > +nss_sss_la_LDFLAGS = \ >- $(CLIENT_LIBS) \ > -module \ > -version-info 2:0:0 \ >-@@ -1532,6 +1535,7 @@ ldap_child_LDADD = \ >+ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports >+@@ -2086,6 +2090,7 @@ ldap_child_LDADD = \ > $(POPT_LIBS) \ > $(OPENLDAP_LIBS) \ > $(DHASH_LIBS) \ >@@ -66,6 +59,3 @@ > $(KRB5_LIBS) > > proxy_child_SOURCES = \ >--- >-1.8.0 >- >Index: files/patch-src__confdb__confdb.c >=================================================================== >--- files/patch-src__confdb__confdb.c (revision 378189) >+++ files/patch-src__confdb__confdb.c (working copy) >@@ -1,14 +1,5 @@ >-From 756e37d0ef957b15d782d5dd87d24e9359541931 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 02/25] patch-src__confdb__confdb.c >- >---- >- src/confdb/confdb.c | 5 +++++ >- 1 file changed, 5 insertions(+) >- > diff --git src/confdb/confdb.c src/confdb/confdb.c >-index 72c74fe..78b69b8 100644 >+index 19d8884..67720f7 100644 > --- src/confdb/confdb.c > +++ src/confdb/confdb.c > @@ -28,6 +28,11 @@ >@@ -23,6 +14,3 @@ > #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ > if (!var) { \ > ret = err; \ >--- >-1.8.0 >- >Index: files/patch-src__external__inotify.m4 >=================================================================== >--- files/patch-src__external__inotify.m4 (revision 378189) >+++ files/patch-src__external__inotify.m4 (working copy) >@@ -1,14 +1,5 @@ >-From 558989d6ac329b4036e02873fb7c981c5912040c Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lslebodn@redhat.com> >-Date: Thu, 7 Nov 2013 13:28:13 +0100 >-Subject: [PATCH] patch-src__external__inotify.m4 >- >---- >- src/external/inotify.m4 | 4 ++-- >- 1 file changed, 2 insertions(+), 2 deletions(-) >- > diff --git src/external/inotify.m4 src/external/inotify.m4 >-index 9572f6d2fefedf8a1d6a2468c712a83e7db2969f..2a5a8cf00d80e0979dca50fd102c3dc2872b2970 100644 >+index 9572f6d..2a5a8cf 100644 > --- src/external/inotify.m4 > +++ src/external/inotify.m4 > @@ -20,10 +20,10 @@ int main () { >@@ -24,6 +15,3 @@ > ) > > AS_IF([test x"$inotify_works" = xyes], >--- >-1.8.3.1 >- >Index: files/patch-src__external__krb5.m4 >=================================================================== >--- files/patch-src__external__krb5.m4 (revision 378189) >+++ files/patch-src__external__krb5.m4 (working copy) >@@ -1,14 +1,5 @@ >-From b7947258702e250dbf569bb9cd74f1e73f0c94bb Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 30 Oct 2013 08:53:42 +0100 >-Subject: [PATCH 1/4] patch-src__external__krb5.m4 >- >---- >- src/external/krb5.m4 | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- > diff --git src/external/krb5.m4 src/external/krb5.m4 >-index 71239c9..63c8ece 100644 >+index 861c8c9..978ec03 100644 > --- src/external/krb5.m4 > +++ src/external/krb5.m4 > @@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then >@@ -20,6 +11,3 @@ > AC_MSG_CHECKING(for working krb5-config) > if test -x "$KRB5_CONFIG"; then > KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" >--- >-1.8.0 >- >Index: files/patch-src__external__pac_responder.m4 >=================================================================== >--- files/patch-src__external__pac_responder.m4 (revision 378189) >+++ files/patch-src__external__pac_responder.m4 (working copy) >@@ -1,17 +1,8 @@ >-From b52128bc333fd4717a96950ef8fb4171f25fabcf Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 30 Oct 2013 08:54:41 +0100 >-Subject: [PATCH 2/4] patch-src__external__pac_responder.m4 >- >---- >- src/external/pac_responder.m4 | 2 +- >- 1 file changed, 1 insertion(+), 1 deletion(-) >- > diff --git src/external/pac_responder.m4 src/external/pac_responder.m4 >-index 49d5cbb..2b4ca5c 100644 >+index 6e29452..50bf4a8 100644 > --- src/external/pac_responder.m4 > +++ src/external/pac_responder.m4 >-@@ -14,7 +14,7 @@ then >+@@ -14,14 +14,15 @@ then > PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes, > AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac])) > >@@ -20,6 +11,12 @@ > AC_MSG_CHECKING(for supported MIT krb5 version) > KRB5_VERSION="`$KRB5_CONFIG --version`" > case $KRB5_VERSION in >--- >-1.8.0 >- >+ Kerberos\ 5\ release\ 1.9* | \ >+ Kerberos\ 5\ release\ 1.10* | \ >+ Kerberos\ 5\ release\ 1.11* | \ >+- Kerberos\ 5\ release\ 1.12*) >++ Kerberos\ 5\ release\ 1.12* | \ >++ Kerberos\ 5\ release\ 1.13*) >+ krb5_version_ok=yes >+ AC_MSG_RESULT([yes]) >+ ;; >Index: files/patch-src__man__pam_sss.8.xml >=================================================================== >--- files/patch-src__man__pam_sss.8.xml (revision 378189) >+++ files/patch-src__man__pam_sss.8.xml (working copy) >@@ -1,57 +0,0 @@ >-From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Tue, 3 Jun 2014 22:10:50 +0200 >-Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml >- >---- >- src/man/pam_sss.8.xml | 27 +++++++++++++++++++++++++++ >- 1 file changed, 27 insertions(+) >- >-diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml >-index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644 >---- src/man/pam_sss.8.xml >-+++ src/man/pam_sss.8.xml >-@@ -37,6 +37,12 @@ >- <arg choice='opt'> >- <replaceable>retry=N</replaceable> >- </arg> >-+ <arg choice='opt'> >-+ <replaceable>ignore_unknown_user</replaceable> >-+ </arg> >-+ <arg choice='opt'> >-+ <replaceable>ignore_authinfo_unavail</replaceable> >-+ </arg> >- </cmdsynopsis> >- </refsynopsisdiv> >- >-@@ -103,6 +109,27 @@ >- <option>PasswordAuthentication</option>.</para> >- </listitem> >- </varlistentry> >-+ <varlistentry> >-+ <term> >-+ <option>ignore_unknown_user</option> >-+ </term> >-+ <listitem> >-+ <para>If this option is specified and the user does not >-+ exist, the PAM module will return PAM_IGNORE. This causes >-+ the PAM framework to ignore this module.</para> >-+ </listitem> >-+ </varlistentry> >-+ <varlistentry> >-+ <term> >-+ <option>ignore_authinfo_unavail</option> >-+ </term> >-+ <listitem> >-+ <para> >-+ Specifies that the PAM module should return PAM_IGNORE >-+ if it cannot contact the SSSD daemon. This causes >-+ the PAM framework to ignore this module.</para> >-+ </listitem> >-+ </varlistentry> >- </variablelist> >- </refsect1> >- >--- >-1.9.3 >- >Index: files/patch-src__providers__ad__ad_access.c >=================================================================== >--- files/patch-src__providers__ad__ad_access.c (revision 378189) >+++ files/patch-src__providers__ad__ad_access.c (working copy) >@@ -1,24 +0,0 @@ >-From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 27 Jul 2013 15:04:27 +0200 >-Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c >- >---- >- src/providers/ad/ad_access.c | 1 + >- 1 file changed, 1 insertion(+) >- >-diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c >-index 314cdcf..ca0fb8b 100644 >---- src/providers/ad/ad_access.c >-+++ src/providers/ad/ad_access.c >-@@ -21,6 +21,7 @@ >- */ >- >- #include <security/pam_modules.h> >-+#include <security/pam_appl.h> >- #include "src/util/util.h" >- #include "src/providers/data_provider.h" >- #include "src/providers/dp_backend.h" >--- >-1.8.0 >- >Index: files/patch-src__providers__ad__ad_common.c >=================================================================== >--- files/patch-src__providers__ad__ad_common.c (revision 378189) >+++ files/patch-src__providers__ad__ad_common.c (working copy) >@@ -1,43 +0,0 @@ >-From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 27 Jul 2013 15:03:49 +0200 >-Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c >- >---- >- src/providers/ad/ad_common.c | 6 +++--- >- 1 file changed, 3 insertions(+), 3 deletions(-) >- >-diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c >-index 8600dab..d628385 100644 >---- src/providers/ad/ad_common.c >-+++ src/providers/ad/ad_common.c >-@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, >- char *server; >- char *realm; >- char *ad_hostname; >-- char hostname[HOST_NAME_MAX + 1]; >-+ char hostname[_POSIX_HOST_NAME_MAX + 1]; >- >- opts = talloc_zero(mem_ctx, struct ad_options); >- if (!opts) return ENOMEM; >-@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, >- */ >- ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME); >- if (ad_hostname == NULL) { >-- gret = gethostname(hostname, HOST_NAME_MAX); >-+ gret = gethostname(hostname, _POSIX_HOST_NAME_MAX); >- if (gret != 0) { >- ret = errno; >- DEBUG(SSSDBG_FATAL_FAILURE, >-@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, >- strerror(ret))); >- goto done; >- } >-- hostname[HOST_NAME_MAX] = '\0'; >-+ hostname[_POSIX_HOST_NAME_MAX] = '\0'; >- DEBUG(SSSDBG_CONF_SETTINGS, >- ("Setting ad_hostname to [%s].\n", hostname)); >- ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); >--- >-1.8.0 >- >Index: files/patch-src__providers__fail_over.c >=================================================================== >--- files/patch-src__providers__fail_over.c (revision 378189) >+++ files/patch-src__providers__fail_over.c (working copy) >@@ -1,41 +0,0 @@ >-From 08bc75705abe29a9e046a0a8871adcf42eeee35c Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 07/25] patch-src__providers__fail_over.c >- >---- >- src/providers/fail_over.c | 6 +++--- >- 1 file changed, 3 insertions(+), 3 deletions(-) >- >-diff --git src/providers/fail_over.c src/providers/fail_over.c >-index 59cbacd..197c0ef 100644 >---- src/providers/fail_over.c >-+++ src/providers/fail_over.c >-@@ -1331,7 +1331,7 @@ resolve_srv_recv(struct tevent_req *req, struct fo_server **server) >- *******************************************************************/ >- struct resolve_get_domain_state { >- char *fqdn; >-- char hostname[HOST_NAME_MAX]; >-+ char hostname[_POSIX_HOST_NAME_MAX + 1]; >- }; >- >- static void resolve_get_domain_done(struct tevent_req *subreq); >-@@ -1351,13 +1351,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx, >- return NULL; >- } >- >-- ret = gethostname(state->hostname, HOST_NAME_MAX); >-+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX); >- if (ret) { >- ret = errno; >- DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret))); >- return NULL; >- } >-- state->hostname[HOST_NAME_MAX-1] = '\0'; >-+ state->hostname[_POSIX_HOST_NAME_MAX] = '\0'; >- DEBUG(7, ("Host name is: %s\n", state->hostname)); >- >- subreq = resolv_gethostbyname_send(state, ev, resolv, >--- >-1.8.0 >- >Index: files/patch-src__providers__ipa__ipa_common.c >=================================================================== >--- files/patch-src__providers__ipa__ipa_common.c (revision 378189) >+++ files/patch-src__providers__ipa__ipa_common.c (working copy) >@@ -1,42 +0,0 @@ >-From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 4 May 2013 16:08:11 +0200 >-Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c >- >---- >- src/providers/ipa/ipa_common.c | 6 +++--- >- 1 file changed, 3 insertions(+), 3 deletions(-) >- >-diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c >-index eb384a1..d7d8052 100644 >---- src/providers/ipa/ipa_common.c >-+++ src/providers/ipa/ipa_common.c >-@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx, >- char *realm; >- char *ipa_hostname; >- int ret; >-- char hostname[HOST_NAME_MAX + 1]; >-+ char hostname[_POSIX_HOST_NAME_MAX + 1]; >- >- opts = talloc_zero(memctx, struct ipa_options); >- if (!opts) return ENOMEM; >-@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx, >- >- ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); >- if (ipa_hostname == NULL) { >-- ret = gethostname(hostname, HOST_NAME_MAX); >-+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); >- if (ret != EOK) { >- DEBUG(1, ("gethostname failed [%d][%s].\n", errno, >- strerror(errno))); >- ret = errno; >- goto done; >- } >-- hostname[HOST_NAME_MAX] = '\0'; >-+ hostname[_POSIX_HOST_NAME_MAX] = '\0'; >- DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); >- ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); >- if (ret != EOK) { >--- >-1.8.0 >- >Index: files/patch-src__providers__krb5__krb5_delayed_online_authentication.c >=================================================================== >--- files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (revision 378189) >+++ files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (working copy) >@@ -1,17 +1,8 @@ >-From eba3efda911eb0212a98353740e13ad619aaa282 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 09/25] patch-src__providers__krb5__krb5_delayed_online_authentication.c >- >---- >- src/providers/krb5/krb5_delayed_online_authentication.c | 2 ++ >- 1 file changed, 2 insertions(+) >- > diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c >-index d5dea3b..da6b6bb 100644 >+index 33b839e..da6ccfc 100644 > --- src/providers/krb5/krb5_delayed_online_authentication.c > +++ src/providers/krb5/krb5_delayed_online_authentication.c >-@@ -296,6 +296,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, >+@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, > struct tevent_context *ev) > { > int ret; >@@ -19,8 +10,8 @@ > hash_table_t *tmp_table; > > ret = get_uid_table(krb5_ctx, &tmp_table); >-@@ -314,6 +315,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, >- DEBUG(1, ("hash_destroy failed [%s].\n", hash_error_string(ret))); >+@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, >+ "hash_destroy failed [%s].\n", hash_error_string(ret)); > return EFAULT; > } > +#endif /* __linux__ */ >@@ -27,6 +18,3 @@ > > krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, > struct deferred_auth_ctx); >--- >-1.8.0 >- >Index: files/patch-src__providers__ldap__ldap_auth.c >=================================================================== >--- files/patch-src__providers__ldap__ldap_auth.c (revision 378189) >+++ files/patch-src__providers__ldap__ldap_auth.c (working copy) >@@ -1,14 +1,5 @@ >-From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 4 May 2013 16:08:11 +0200 >-Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c >- >---- >- src/providers/ldap/ldap_auth.c | 60 ++++++++++++++++++++++++++---------------- >- 1 file changed, 37 insertions(+), 23 deletions(-) >- > diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c >-index b0dd30c..6b1ad83 100644 >+index 2aacce0..e019cf7 100644 > --- src/providers/ldap/ldap_auth.c > +++ src/providers/ldap/ldap_auth.c > @@ -37,7 +37,6 @@ >@@ -42,7 +33,7 @@ > static errno_t add_expired_warning(struct pam_data *pd, long exp_time) > { > int ret; >-@@ -110,17 +125,16 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, >+@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, > return EINVAL; > } > >@@ -49,75 +40,33 @@ > + tzset(); > expire_time = mktime(&tm); > if (expire_time == -1) { >- DEBUG(1, ("mktime failed to convert [%s].\n", expire_date)); >+ DEBUG(SSSDBG_CRIT_FAILURE, >+@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, > return EINVAL; > } > > - tzset(); > - expire_time -= timezone; >-- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " >-- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], >-- tzname[1], timezone, daylight, now, expire_time)); >-+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]" >-+ "now [%d] expire_time [%d].\n", tzname[0], >-+ tzname[1], now, expire_time)); >+ DEBUG(SSSDBG_TRACE_ALL, >+- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " >+- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], >+- tzname[1], timezone, daylight, now, expire_time); >++ "Time info: tzname[0] [%s] tzname[1] [%s] " >++ "now [%ld] expire_time [%ld].\n", tzname[0], >++ tzname[1], now, expire_time); > > if (difftime(now, expire_time) > 0.0) { >- DEBUG(4, ("Kerberos password expired.\n")); >-@@ -762,7 +776,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) >+ DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); >+@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) >+ DEBUG(SSSDBG_OP_FAILURE, >+ "starting password change request for user [%s].\n", pd->user); > >- DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); >- > - pd->pam_status = PAM_SYSTEM_ERR; > + pd->pam_status = PAM_SERVICE_ERR; > > if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { >- DEBUG(2, ("chpass target was called by wrong pam command.\n")); >-@@ -821,7 +835,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) >- &pw_expire_type, &pw_expire_data); >- talloc_zfree(req); >- if (ret) { >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- >-@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) >- &result); >- if (ret != EOK) { >- DEBUG(1, ("check_pwexpire_shadow failed.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- break; >-@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req) >- state->breq->domain->pwd_expiration_warning); >- if (ret != EOK) { >- DEBUG(1, ("check_pwexpire_kerberos failed.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- >- if (result == SDAP_AUTH_PW_EXPIRED) { >- DEBUG(1, ("LDAP provider cannot change kerberos " >- "passwords.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- break; >-@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) >- break; >- default: >- DEBUG(1, ("Unknow pasword expiration type.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- } >-@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) >+ DEBUG(SSSDBG_OP_FAILURE, >+@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) > dp_err = DP_ERR_OFFLINE; > break; > default: >@@ -126,18 +75,9 @@ > } > > done: >-@@ -929,7 +943,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) >- ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); >- talloc_zfree(req); >- if (ret && ret != EIO) { >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- >-@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) >- state->dn, >- lastchanged_name); >+@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) >+ state->sh, state->dn, >+ lastchanged_name); > if (subreq == NULL) { > - state->pd->pam_status = PAM_SYSTEM_ERR; > + state->pd->pam_status = PAM_SERVICE_ERR; >@@ -144,7 +84,7 @@ > goto done; > } > >-@@ -991,7 +1005,7 @@ static void sdap_lastchange_done(struct tevent_req *req) >+@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *req) > > ret = sdap_modify_shadow_lastchange_recv(req); > if (ret != EOK) { >@@ -153,7 +93,7 @@ > goto done; > } > >-@@ -1032,7 +1046,7 @@ void sdap_pam_auth_handler(struct be_req *breq) >+@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq) > goto done; > } > >@@ -162,52 +102,7 @@ > > switch (pd->cmd) { > case SSS_PAM_AUTHENTICATE: >-@@ -1090,7 +1104,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) >- &pw_expire_type, &pw_expire_data); >- talloc_zfree(req); >- if (ret != EOK) { >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- dp_err = DP_ERR_FATAL; >- goto done; >- } >-@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) >- state->pd, &result); >- if (ret != EOK) { >- DEBUG(1, ("check_pwexpire_shadow failed.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- break; >-@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) >- be_ctx->domain->pwd_expiration_warning); >- if (ret != EOK) { >- DEBUG(1, ("check_pwexpire_kerberos failed.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- break; >-@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) >- be_ctx->domain->pwd_expiration_warning); >- if (ret != EOK) { >- DEBUG(1, ("check_pwexpire_ldap failed.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- break; >-@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) >- break; >- default: >- DEBUG(1, ("Unknow pasword expiration type.\n")); >-- state->pd->pam_status = PAM_SYSTEM_ERR; >-+ state->pd->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- } >-@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) >+@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) > state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; > break; > default: >@@ -216,6 +111,3 @@ > dp_err = DP_ERR_FATAL; > } > >--- >-1.8.0 >- >Index: files/patch-src__providers__ldap__sdap_access.c >=================================================================== >--- files/patch-src__providers__ldap__sdap_access.c (revision 378189) >+++ files/patch-src__providers__ldap__sdap_access.c (working copy) >@@ -1,45 +1,8 @@ >-From 9a3d9a05b2c8790c771c166b42f8b80e76b4b336 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c >- >---- >- src/providers/ldap/sdap_access.c | 46 +++++++++++++++++++--------------------- >- 1 file changed, 22 insertions(+), 24 deletions(-) >- > diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c >-index b198e04..1eaedf7 100644 >+index 880735e..d349dcf 100644 > --- src/providers/ldap/sdap_access.c > +++ src/providers/ldap/sdap_access.c >-@@ -22,9 +22,7 @@ >- along with this program. If not, see <http://www.gnu.org/licenses/>. >- */ >- >--#define _XOPEN_SOURCE 500 /* for strptime() */ >- #include <time.h> >--#undef _XOPEN_SOURCE >- #include <sys/param.h> >- #include <security/pam_modules.h> >- #include <talloc.h> >-@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq) >- pd); >- if (req == NULL) { >- DEBUG(1, ("Unable to start sdap_access request\n")); >-- sdap_access_reply(breq, PAM_SYSTEM_ERR); >-+ sdap_access_reply(breq, PAM_SERVICE_ERR); >- return; >- } >- >-@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, >- >- state->be_req = be_req; >- state->pd = pd; >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- state->ev = ev; >- state->access_ctx = access_ctx; >- state->current_rule = 0; >-@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str) >+@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str) > return true; > } > >@@ -46,7 +9,8 @@ > + tzset(); > expire_time = mktime(&tm); > if (expire_time == -1) { >- DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str)); >+ DEBUG(SSSDBG_CRIT_FAILURE, >+@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str) > return true; > } > >@@ -53,153 +17,13 @@ > - tzset(); > - expire_time -= timezone; > now = time(NULL); >-- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " >-- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], >-- tzname[1], timezone, daylight, now, expire_time)); >-+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] " >-+ "now [%d] expire_time [%d].\n", tzname[0], >-+ tzname[1], now, expire_time)); >+ DEBUG(SSSDBG_TRACE_ALL, >+- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " >+- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], >+- tzname[1], timezone, daylight, now, expire_time); >++ "Time info: tzname[0] [%s] tzname[1] [%s] " >++ "now [%ld] expire_time [%ld].\n", tzname[0], >++ tzname[1], now, expire_time); > > if (difftime(now, expire_time) > 0.0) { >- DEBUG(4, ("NDS account expired.\n")); >-@@ -662,7 +659,7 @@ static struct tevent_req *sdap_account_expired_send(TALLOC_CTX *mem_ctx, >- return NULL; >- } >- >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- >- expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, >- SDAP_ACCOUNT_EXPIRE_POLICY); >-@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq) >- talloc_zfree(subreq); >- if (ret != EOK) { >- DEBUG(1, ("Error retrieving access check result.\n")); >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- tevent_req_error(req, ret); >- return; >- } >-@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, >- state->filter = NULL; >- state->be_req = be_req; >- state->username = username; >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- state->sdap_ctx = access_ctx->id_ctx; >- state->ev = ev; >- state->access_ctx = access_ctx; >-@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) >- false); >- if (subreq == NULL) { >- DEBUG(1, ("Could not start LDAP communication\n")); >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- tevent_req_error(req, EIO); >- return; >- } >-@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) >- if (ret == EOK) { >- return; >- } >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- } else if (dp_error == DP_ERR_OFFLINE) { >- sdap_access_filter_decide_offline(req); >- } else { >- DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n", >- ret, strerror(ret))); >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- } >- >- goto done; >-@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) >- else if (results == NULL) { >- DEBUG(1, ("num_results > 0, but results is NULL\n")); >- ret = EIO; >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- else if (num_results > 1) { >-@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) >- */ >- DEBUG(1, ("Received multiple replies\n")); >- ret = EIO; >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- goto done; >- } >- else { /* Ok, we got a single reply */ >-@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) >- talloc_zfree(subreq); >- if (ret != EOK) { >- DEBUG(1, ("Error retrieving access check result.\n")); >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- tevent_req_error(req, ret); >- return; >- } >-@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq) >- talloc_zfree(subreq); >- if (ret != EOK) { >- DEBUG(1, ("Error retrieving access check result.\n")); >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- tevent_req_error(req, ret); >- return; >- } >-@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send( >- struct ldb_message_element *el; >- unsigned int i; >- char *host; >-- char hostname[HOST_NAME_MAX+1]; >-+ char hostname[_POSIX_HOST_NAME_MAX + 1]; >- >- req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); >- if (!req) { >-@@ -1285,11 +1282,12 @@ static struct tevent_req *sdap_access_host_send( >- goto done; >- } >- >-- if (gethostname(hostname, sizeof(hostname)) == -1) { >-+ if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) { >- DEBUG(1, ("Unable to get system hostname. Access denied\n")); >- ret = EOK; >- goto done; >- } >-+ hostname[_POSIX_HOST_NAME_MAX] = '\0'; >- >- /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname >- * in some attempt to get aliases and/or FQDN for the machine. >-@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq) >- talloc_zfree(subreq); >- if (ret != EOK) { >- DEBUG(1, ("Error retrieving access check result.\n")); >-- state->pam_status = PAM_SYSTEM_ERR; >-+ state->pam_status = PAM_SERVICE_ERR; >- tevent_req_error(req, ret); >- return; >- } >-@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status) >- static void sdap_access_done(struct tevent_req *req) >- { >- errno_t ret; >-- int pam_status = PAM_SYSTEM_ERR; >-+ int pam_status = PAM_SERVICE_ERR; >- struct be_req *breq = >- tevent_req_callback_data(req, struct be_req); >- >-@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req) >- talloc_zfree(req); >- if (ret != EOK) { >- DEBUG(1, ("Error retrieving access check result.\n")); >-- pam_status = PAM_SYSTEM_ERR; >-+ pam_status = PAM_SERVICE_ERR; >- } >- >- sdap_access_reply(breq, pam_status); >--- >-1.8.0 >- >+ DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); >Index: files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c >=================================================================== >--- files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (revision 378189) >+++ files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c (working copy) >@@ -1,42 +0,0 @@ >-From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 27 Jul 2013 15:01:26 +0200 >-Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c >- >---- >- src/providers/ldap/sdap_async_sudo_hostinfo.c | 6 +++--- >- 1 file changed, 3 insertions(+), 3 deletions(-) >- >-diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c >-index 0a695cd..108b4c2 100644 >---- src/providers/ldap/sdap_async_sudo_hostinfo.c >-+++ src/providers/ldap/sdap_async_sudo_hostinfo.c >-@@ -371,7 +371,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, >- struct tevent_req *subreq = NULL; >- struct sdap_sudo_get_hostnames_state *state = NULL; >- char *dot = NULL; >-- char hostname[HOST_NAME_MAX + 1]; >-+ char hostname[_POSIX_HOST_NAME_MAX + 1]; >- int resolv_timeout; >- int ret; >- >-@@ -395,14 +395,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, >- /* get hostname */ >- >- errno = 0; >-- ret = gethostname(hostname, HOST_NAME_MAX); >-+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); >- if (ret != EOK) { >- ret = errno; >- DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname " >- "[%d]: %s\n", ret, strerror(ret))); >- goto done; >- } >-- hostname[HOST_NAME_MAX] = '\0'; >-+ hostname[_POSIX_HOST_NAME_MAX] = '\0'; >- >- state->hostnames[0] = talloc_strdup(state->hostnames, hostname); >- if (state->hostnames[0] == NULL) { >--- >-1.8.0 >- >Index: files/patch-src__resolv__async_resolv.c >=================================================================== >--- files/patch-src__resolv__async_resolv.c (revision 378189) >+++ files/patch-src__resolv__async_resolv.c (working copy) >@@ -1,33 +0,0 @@ >-From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 4 May 2013 16:08:11 +0200 >-Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c >- >---- >- src/resolv/async_resolv.c | 3 ++- >- 1 file changed, 2 insertions(+), 1 deletion(-) >- >-diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c >-index 268d266..1bb84e5 100644 >---- src/resolv/async_resolv.c >-+++ src/resolv/async_resolv.c >-@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name) >- hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ >- >- ret = getaddrinfo(name, NULL, &hints, &res); >-- freeaddrinfo(res); >- if (ret != 0) { >- if (ret == -2) { >- DEBUG(9, ("[%s] does not look like an IP address\n", name)); >-@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name) >- DEBUG(2, ("getaddrinfo failed [%d]: %s\n", >- ret, gai_strerror(ret))); >- } >-+ } else { >-+ freeaddrinfo(res); >- } >- >- return ret == 0; >--- >-1.8.0 >- >Index: files/patch-src__sss_client__common.c >=================================================================== >--- files/patch-src__sss_client__common.c (revision 378189) >+++ files/patch-src__sss_client__common.c (working copy) >@@ -1,12 +1,3 @@ >-From 6874fb930a30eac6fe12104923ab97083f58bcf9 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 14/25] patch-src__sss_client__common.c >- >---- >- src/sss_client/common.c | 15 +++++++-------- >- 1 file changed, 7 insertions(+), 8 deletions(-) >- > diff --git src/sss_client/common.c src/sss_client/common.c > index ec5c708..5d17eed 100644 > --- src/sss_client/common.c >@@ -80,6 +71,3 @@ > } > } > >--- >-1.8.0 >- >Index: files/patch-src__sss_client__nss_group.c >=================================================================== >--- files/patch-src__sss_client__nss_group.c (revision 378189) >+++ files/patch-src__sss_client__nss_group.c (working copy) >@@ -1,12 +1,3 @@ >-From 5a0c2079efae0f9734d85932ed72645808b32091 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:20 +0100 >-Subject: [PATCH 15/25] patch-src__sss_client__nss_group.c >- >---- >- src/sss_client/nss_group.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++ >- 1 file changed, 70 insertions(+) >- > diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c > index e6ea54b..b27b671 100644 > --- src/sss_client/nss_group.c >@@ -88,6 +79,3 @@ > enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, > char *buffer, size_t buflen, int *errnop) > { >--- >-1.8.0 >- >Index: files/patch-src__sss_client__pam_sss.c >=================================================================== >--- files/patch-src__sss_client__pam_sss.c (revision 378189) >+++ files/patch-src__sss_client__pam_sss.c (working copy) >@@ -1,79 +0,0 @@ >-From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:21 +0100 >-Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c >- >---- >- src/sss_client/pam_sss.c | 24 ++++++++++++++++++++++++ >- 1 file changed, 24 insertions(+) >- >-diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c >-index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644 >---- src/sss_client/pam_sss.c >-+++ src/sss_client/pam_sss.c >-@@ -52,6 +52,8 @@ >- #define FLAGS_USE_FIRST_PASS (1 << 0) >- #define FLAGS_FORWARD_PASS (1 << 1) >- #define FLAGS_USE_AUTHTOK (1 << 2) >-+#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) >-+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4) >- >- #define PWEXP_FLAG "pam_sss:password_expired_flag" >- #define FD_DESTRUCTOR "pam_sss:fd_destructor" >-@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) >- >- static void close_fd(pam_handle_t *pamh, void *ptr, int err) >- { >-+#ifdef PAM_DATA_REPLACE >- if (err & PAM_DATA_REPLACE) { >- /* Nothing to do */ >- return; >- } >-+#endif /* PAM_DATA_REPLACE */ >- >- D(("Closing the fd")); >- sss_pam_close_fd(); >-@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, >- } >- } else if (strcmp(*argv, "quiet") == 0) { >- *quiet_mode = true; >-+ } else if (strcmp(*argv, "ignore_unknown_user") == 0) { >-+ *flags |= FLAGS_IGNORE_UNKNOWN_USER; >-+ } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) { >-+ *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL; >- } else { >- logger(pamh, LOG_WARNING, "unknown option: %s", *argv); >- } >-@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, >- ret = get_pam_items(pamh, &pi); >- if (ret != PAM_SUCCESS) { >- D(("get items returned error: %s", pam_strerror(pamh,ret))); >-+ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { >-+ ret = PAM_IGNORE; >-+ } >-+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL >-+ && ret == PAM_AUTHINFO_UNAVAIL) { >-+ ret = PAM_IGNORE; >-+ } >- return ret; >- } >- >-@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, >- >- pam_status = send_and_receive(pamh, &pi, task, quiet_mode); >- >-+ if (flags & FLAGS_IGNORE_UNKNOWN_USER >-+ && pam_status == PAM_USER_UNKNOWN) { >-+ pam_status = PAM_IGNORE; >-+ } >-+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL >-+ && pam_status == PAM_AUTHINFO_UNAVAIL) { >-+ pam_status = PAM_IGNORE; >-+ } >-+ >- switch (task) { >- case SSS_PAM_AUTHENTICATE: >- /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during >--- >-1.9.3 >- >Index: files/patch-src__sss_client__pam_test_client.c >=================================================================== >--- files/patch-src__sss_client__pam_test_client.c (revision 378189) >+++ files/patch-src__sss_client__pam_test_client.c (working copy) >@@ -1,32 +0,0 @@ >-From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 4 May 2013 16:08:11 +0200 >-Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c >- >---- >- src/sss_client/pam_test_client.c | 5 +++-- >- 1 file changed, 3 insertions(+), 2 deletions(-) >- >-diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c >-index ef424e7..d8cf36c 100644 >---- src/sss_client/pam_test_client.c >-+++ src/sss_client/pam_test_client.c >-@@ -24,12 +24,13 @@ >- >- #include <stdio.h> >- #include <unistd.h> >-+#include <string.h> >- >- #include <security/pam_appl.h> >--#include <security/pam_misc.h> >-+#include <security/openpam.h> >- >- static struct pam_conv conv = { >-- misc_conv, >-+ openpam_ttyconv, >- NULL >- }; >- >--- >-1.8.0 >- >Index: files/patch-src__sss_client__sss_nss.exports >=================================================================== >--- files/patch-src__sss_client__sss_nss.exports (revision 378189) >+++ files/patch-src__sss_client__sss_nss.exports (working copy) >@@ -1,12 +1,3 @@ >-From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 4 May 2013 16:08:11 +0200 >-Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports >- >---- >- src/sss_client/sss_nss.exports | 18 ++++++++++++++++++ >- 1 file changed, 18 insertions(+) >- > diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports > index 1eefea8..8e85a05 100644 > --- src/sss_client/sss_nss.exports >@@ -45,6 +36,3 @@ > #_nss_sss_getaliasbyname_r; > #_nss_sss_setaliasent; > #_nss_sss_getaliasent_r; >--- >-1.8.0 >- >Index: files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c >=================================================================== >--- files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (revision 378189) >+++ files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (working copy) >@@ -1,22 +1,11 @@ >-From 74422233fe8c6efa826b20c6b579f4c99e45ff87 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:21 +0100 >-Subject: [PATCH 19/25] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c >- >---- >- src/util/crypto/libcrypto/crypto_sha512crypt.c | 8 ++++++++ >- 1 file changed, 8 insertions(+) >- > diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c >-index 88628b6..4510403 100644 >+index 34547d0..6901851 100644 > --- src/util/crypto/libcrypto/crypto_sha512crypt.c > +++ src/util/crypto/libcrypto/crypto_sha512crypt.c >-@@ -28,6 +28,14 @@ >+@@ -28,6 +28,12 @@ > #include <openssl/evp.h> > #include <openssl/rand.h> > >-+#define __stpncpy(x, y, z) stpncpy(x, y, z) >-+ > +void * > +mempcpy (void *dest, const void *src, size_t n) > +{ >@@ -26,6 +15,3 @@ > /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ > const char sha512_salt_prefix[] = "$6$"; > #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) >--- >-1.8.0 >- >Index: files/patch-src__util__crypto__nss__nss_sha512crypt.c >=================================================================== >--- files/patch-src__util__crypto__nss__nss_sha512crypt.c (revision 378189) >+++ files/patch-src__util__crypto__nss__nss_sha512crypt.c (working copy) >@@ -1,22 +1,11 @@ >-From be27b76238aa49ac0ace123f80c9957ae25501fa Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:21 +0100 >-Subject: [PATCH 20/25] patch-src__util__crypto__nss__nss_sha512crypt.c >- >---- >- src/util/crypto/nss/nss_sha512crypt.c | 8 ++++++++ >- 1 file changed, 8 insertions(+) >- > diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c >-index 2838c47..a6cf43f 100644 >+index 9fedd5e..90192ac 100644 > --- src/util/crypto/nss/nss_sha512crypt.c > +++ src/util/crypto/nss/nss_sha512crypt.c >-@@ -29,6 +29,14 @@ >+@@ -29,6 +29,12 @@ > #include <sechash.h> > #include <pk11func.h> > >-+#define __stpncpy(x, y, z) stpncpy(x, y, z) >-+ > +static void * > +mempcpy (void *dest, const void *src, size_t n) > +{ >@@ -26,6 +15,3 @@ > /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ > const char sha512_salt_prefix[] = "$6$"; > #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) >--- >-1.8.0 >- >Index: files/patch-src__util__find_uid.c >=================================================================== >--- files/patch-src__util__find_uid.c (revision 378189) >+++ files/patch-src__util__find_uid.c (working copy) >@@ -1,14 +1,5 @@ >-From ccc51217c877dde1857300662fdacab2298f5816 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:21 +0100 >-Subject: [PATCH 21/25] patch-src__util__find_uid.c >- >---- >- src/util/find_uid.c | 9 ++++----- >- 1 file changed, 4 insertions(+), 5 deletions(-) >- > diff --git src/util/find_uid.c src/util/find_uid.c >-index d34a4ab..9dec900 100644 >+index 4c8f73a..40f3690 100644 > --- src/util/find_uid.c > +++ src/util/find_uid.c > @@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) >@@ -18,9 +9,9 @@ > - ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); > + ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid); > if (ret < 0) { >- DEBUG(1, ("snprintf failed")); >+ DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed"); > return EINVAL; >-@@ -201,12 +201,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) >+@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) > struct dirent *dirent; > int ret, err; > pid_t pid = -1; >@@ -34,8 +25,8 @@ > + proc_dir = opendir("/compat/linux/proc"); > if (proc_dir == NULL) { > ret = errno; >- DEBUG(1, ("Cannot open proc dir.\n")); >-@@ -280,9 +280,8 @@ done: >+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n"); >+@@ -287,9 +287,8 @@ done: > > errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) > { >@@ -46,6 +37,3 @@ > ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, > hash_talloc, hash_talloc_free, mem_ctx, > NULL, NULL); >--- >-1.8.0 >- >Index: files/patch-src__util__server.c >=================================================================== >--- files/patch-src__util__server.c (revision 378189) >+++ files/patch-src__util__server.c (working copy) >@@ -1,17 +1,8 @@ >-From cc6cab9e45ba978eaf33c6fa1860ee94166780be Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:21 +0100 >-Subject: [PATCH 22/25] patch-src__util__server.c >- >---- >- src/util/server.c | 12 +++++++----- >- 1 file changed, 7 insertions(+), 5 deletions(-) >- > diff --git src/util/server.c src/util/server.c >-index b3073fc..ddc124f 100644 >+index 343668c..f8a1627 100644 > --- src/util/server.c > +++ src/util/server.c >-@@ -321,12 +321,14 @@ static void setup_signals(void) >+@@ -322,12 +322,14 @@ static void setup_signals(void) > BlockSignals(false, SIGTERM); > > CatchSignal(SIGHUP, sig_hup); >@@ -31,6 +22,3 @@ > #endif > > } >--- >-1.8.0 >- >Index: files/patch-src__util__signal.c >=================================================================== >--- files/patch-src__util__signal.c (revision 0) >+++ files/patch-src__util__signal.c (working copy) >@@ -0,0 +1,72 @@ >+diff --git src/util/signal.c src/util/signal.c >+index 053457b..bb8f8be 100644 >+--- src/util/signal.c >++++ src/util/signal.c >+@@ -28,45 +28,6 @@ >+ * @brief Signal handling >+ */ >+ >+-/**************************************************************************** >+- Catch child exits and reap the child zombie status. >+-****************************************************************************/ >+- >+-static void sig_cld(int signum) >+-{ >+- while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0) >+- ; >+- >+- /* >+- * Turns out it's *really* important not to >+- * restore the signal handler here if we have real POSIX >+- * signal handling. If we do, then we get the signal re-delivered >+- * immediately - hey presto - instant loop ! JRA. >+- */ >+- >+-#if !defined(HAVE_SIGACTION) >+- CatchSignal(SIGCLD, sig_cld); >+-#endif >+-} >+- >+-/**************************************************************************** >+-catch child exits - leave status; >+-****************************************************************************/ >+- >+-static void sig_cld_leave_status(int signum) >+-{ >+- /* >+- * Turns out it's *really* important not to >+- * restore the signal handler here if we have real POSIX >+- * signal handling. If we do, then we get the signal re-delivered >+- * immediately - hey presto - instant loop ! JRA. >+- */ >+- >+-#if !defined(HAVE_SIGACTION) >+- CatchSignal(SIGCLD, sig_cld_leave_status); >+-#endif >+-} >+- >+ /** >+ Block sigs. >+ **/ >+@@ -126,21 +87,3 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int) >+ return signal(signum, handler); >+ #endif >+ } >+- >+-/** >+- Ignore SIGCLD via whatever means is necessary for this OS. >+-**/ >+- >+-void CatchChild(void) >+-{ >+- CatchSignal(SIGCLD, sig_cld); >+-} >+- >+-/** >+- Catch SIGCLD but leave the child around so it's status can be reaped. >+-**/ >+- >+-void CatchChildLeaveStatus(void) >+-{ >+- CatchSignal(SIGCLD, sig_cld_leave_status); >+-} > >Property changes on: files/patch-src__util__signal.c >___________________________________________________________________ >Added: fbsd:nokeywords >## -0,0 +1 ## >+yes >\ No newline at end of property >Added: svn:eol-style >## -0,0 +1 ## >+native >\ No newline at end of property >Added: svn:keywords >## -0,0 +1 ## >+FreeBSD=%H >\ No newline at end of property >Added: svn:mime-type >## -0,0 +1 ## >+text/plain >\ No newline at end of property >Index: files/patch-src__util__sss_ldap.c >=================================================================== >--- files/patch-src__util__sss_ldap.c (revision 378189) >+++ files/patch-src__util__sss_ldap.c (working copy) >@@ -1,17 +1,8 @@ >-From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Sat, 4 May 2013 16:08:12 +0200 >-Subject: [PATCH 27/34] patch-src__util__sss_ldap.c >- >---- >- src/util/sss_ldap.c | 7 +++++-- >- 1 file changed, 5 insertions(+), 2 deletions(-) >- > diff --git src/util/sss_ldap.c src/util/sss_ldap.c >-index 060aacf..a2cc82a 100644 >+index dd63b4b..0764622 100644 > --- src/util/sss_ldap.c > +++ src/util/sss_ldap.c >-@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, >+@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, > errno = 0; > ret = connect(state->fd, (struct sockaddr *) &state->addr, > state->addr_len); >@@ -21,24 +12,12 @@ > if (ret != EOK) { > ret = errno; > if (ret == EINPROGRESS || ret == EINTR) { >-@@ -268,7 +271,7 @@ static errno_t set_fd_flags_and_opts(int fd) >- strerror(ret))); >- } >+@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, >+ "Using file descriptor [%d] for LDAP connection.\n", state->sd); > >-- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); >-+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); >- if (ret != 0) { >- ret = errno; >- DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, >-@@ -341,7 +344,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, >- DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); >- > subreq = sdap_async_sys_connect_send(state, ev, state->sd, > - (struct sockaddr *) addr, addr_len); > + (struct sockaddr *) addr, sizeof(struct sockaddr)); > if (subreq == NULL) { > ret = ENOMEM; >- DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); >--- >-1.8.0 >- >+ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n"); >Index: files/patch-src__util__util.h >=================================================================== >--- files/patch-src__util__util.h (revision 378189) >+++ files/patch-src__util__util.h (working copy) >@@ -1,23 +1,20 @@ >-From 5fcf9d93df255105ec065b168ddc11d98b5bb5d1 Mon Sep 17 00:00:00 2001 >-From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> >-Date: Wed, 6 Nov 2013 22:01:21 +0100 >-Subject: [PATCH 24/25] patch-src__util__util.h >- >---- >- src/util/util.h | 2 ++ >- 1 file changed, 2 insertions(+) >- > diff --git src/util/util.h src/util/util.h >-index eab1f78..8e29fb5 100644 >+index 7a66846..5e63275 100644 > --- src/util/util.h > +++ src/util/util.h >-@@ -571,4 +571,6 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len, >- #define BUILD_WITH_PAC_RESPONDER false >- #endif >+@@ -227,8 +227,6 @@ void sig_term(int sig); >+ #include <signal.h> >+ void BlockSignals(bool block, int signum); >+ void (*CatchSignal(int signum,void (*handler)(int )))(int); >+-void CatchChild(void); >+-void CatchChildLeaveStatus(void); > >+ /* from memory.c */ >+ typedef int (void_destructor_fn_t)(void *); >+@@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx, >+ char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx, >+ const char *orig_name, >+ const char replace_char); > +#include "util/sss_bsd_errno.h" >-+ >+ > #endif /* __SSSD_UTIL_H__ */ >--- >-1.8.0 >- >Index: pkg-plist >=================================================================== >--- pkg-plist (revision 378189) >+++ pkg-plist (working copy) >@@ -1,9 +1,11 @@ > bin/sss_ssh_authorizedkeys > bin/sss_ssh_knownhostsproxy >-@sample %%ETCDIR%%/sssd.conf.sample >+etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf >+%%ETCDIR%%/sssd.conf.sample > include/ipa_hbac.h > include/sss_idmap.h >-include/sss_sudo.h >+include/sss_nss_idmap.h >+%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so > lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so > lib/libipa_hbac.so > lib/libipa_hbac.so.0 >@@ -10,7 +12,10 @@ > lib/libipa_hbac.so.0.0.1 > lib/libsss_idmap.so > lib/libsss_idmap.so.0 >-lib/libsss_idmap.so.0.0.1 >+lib/libsss_idmap.so.0.4.0 >+lib/libsss_nss_idmap.so >+lib/libsss_nss_idmap.so.0 >+lib/libsss_nss_idmap.so.0.0.1 > lib/libsss_sudo.so > lib/nss_sss.so > lib/nss_sss.so.1 >@@ -17,7 +22,7 @@ > lib/nss_sss.so.2 > lib/nss_sss.so.2.0.0 > lib/pam_sss.so >-%%PYTHON_SITELIBDIR%%/SSSDConfig-1.9.6-py%%PYTHON_VER%%.egg-info >+%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info > %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py > %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc > %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py >@@ -27,27 +32,36 @@ > %%PYTHON_SITELIBDIR%%/pyhbac.so > %%PYTHON_SITELIBDIR%%/pysss.so > %%PYTHON_SITELIBDIR%%/pysss_murmur.so >+%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so > lib/shared-modules/ldb/memberof.so >-lib/sssd/libsss_ad.so >-lib/sssd/libsss_ipa.so >+%%SMB%%lib/sssd/libsss_ad.so >+lib/sssd/libsss_child.so >+lib/sssd/libsss_crypt.so >+lib/sssd/libsss_debug.so >+%%SMB%%lib/sssd/libsss_ipa.so > lib/sssd/libsss_krb5.so >+lib/sssd/libsss_krb5_common.so > lib/sssd/libsss_ldap.so >+lib/sssd/libsss_ldap_common.so > lib/sssd/libsss_proxy.so > lib/sssd/libsss_simple.so >+lib/sssd/libsss_util.so > libdata/pkgconfig/ipa_hbac.pc > libdata/pkgconfig/sss_idmap.pc >+libdata/pkgconfig/sss_nss_idmap.pc > libexec/sssd/krb5_child > libexec/sssd/ldap_child > libexec/sssd/proxy_child >+libexec/sssd/sss_signal > libexec/sssd/sssd_be >+libexec/sssd/sssd_ifp > libexec/sssd/sssd_nss >+%%SMB%%libexec/sssd/sssd_pac > libexec/sssd/sssd_pam > libexec/sssd/sssd_ssh > libexec/sssd/sssd_sudo > man/es/man1/sss_ssh_authorizedkeys.1.gz > man/es/man1/sss_ssh_knownhostsproxy.1.gz >-man/es/man5/sssd-ad.5.gz >-man/es/man5/sssd-ipa.5.gz > man/es/man5/sssd-ldap.5.gz > man/es/man5/sssd-simple.5.gz > man/es/man5/sssd-sudo.5.gz >@@ -69,7 +83,6 @@ > man/fr/man1/sss_ssh_authorizedkeys.1.gz > man/fr/man1/sss_ssh_knownhostsproxy.1.gz > man/fr/man5/sssd-ad.5.gz >-man/fr/man5/sssd-ipa.5.gz > man/fr/man5/sssd-krb5.5.gz > man/fr/man5/sssd-ldap.5.gz > man/fr/man5/sssd-simple.5.gz >@@ -91,8 +104,6 @@ > man/fr/man8/sssd_krb5_locator_plugin.8.gz > man/ja/man1/sss_ssh_authorizedkeys.1.gz > man/ja/man1/sss_ssh_knownhostsproxy.1.gz >-man/ja/man5/sssd-ad.5.gz >-man/ja/man5/sssd-ipa.5.gz > man/ja/man5/sssd-krb5.5.gz > man/ja/man5/sssd-ldap.5.gz > man/ja/man5/sssd-simple.5.gz >@@ -113,6 +124,7 @@ > man/man1/sss_ssh_authorizedkeys.1.gz > man/man1/sss_ssh_knownhostsproxy.1.gz > man/man5/sssd-ad.5.gz >+man/man5/sssd-ifp.5.gz > man/man5/sssd-ipa.5.gz > man/man5/sssd-krb5.5.gz > man/man5/sssd-ldap.5.gz >@@ -139,7 +151,7 @@ > man/uk/man1/sss_ssh_authorizedkeys.1.gz > man/uk/man1/sss_ssh_knownhostsproxy.1.gz > man/uk/man5/sssd-ad.5.gz >-man/uk/man5/sssd-ipa.5.gz >+man/uk/man5/sssd-ifp.5.gz > man/uk/man5/sssd-krb5.5.gz > man/uk/man5/sssd-ldap.5.gz > man/uk/man5/sssd-simple.5.gz >@@ -171,36 +183,13 @@ > sbin/sss_userdel > sbin/sss_usermod > sbin/sssd >-%%PORTDOCS%%@dirrm %%DOCSDIR%%/libsss_sudo_doc >-%%PORTDOCS%%@dirrm %%DOCSDIR%%/idmap_doc >-%%PORTDOCS%%@dirrm %%DOCSDIR%%/hbac_doc >-%%PORTDOCS%%@dirrm %%DOCSDIR%%/doc >-%%PORTDOCS%%@dirrm %%DOCSDIR%% >-@dirrm libexec/sssd >-@dirrm lib/sssd/modules >-@dirrm lib/sssd >-@dirrm %%PYTHON_SITELIBDIR%%/SSSDConfig >-@dirrmtry %%ETCDIR%% >-@dirrmtry man/uk/man8 >-@dirrmtry man/uk/man5 >-@dirrmtry man/uk/man1 >-@dirrmtry man/uk >-@dirrmtry man/pt/man8 >-@dirrmtry man/pt/man5 >-@dirrmtry man/pt/man1 >-@dirrmtry man/pt >-@dirrmtry man/nl/man8 >-@dirrmtry man/nl/man5 >-@dirrmtry man/nl/man1 >-@dirrmtry man/nl >-@dirrmtry man/fr/man8 >-@dirrmtry man/fr/man5 >-@dirrmtry man/fr/man1 >-@dirrmtry man/fr >-@dirrmtry man/es/man8 >-@dirrmtry man/es/man5 >-@dirrmtry man/es/man1 >-@dirrmtry man/es >+@dir lib/ldb >+@dir lib/sssd/modules >+%%PORTDOCS%%@dir %%DOCSDIR%%/doc >+%%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc >+%%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc >+%%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc >+%%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc > @unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi > @unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi > @unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=152411">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Flags:
riggs
:
maintainer-approval?
(lukas.slebodnik)
Actions:
View
|
Diff
Attachments on
bug 194155
:
147992
|
147993
|
148081
|
148082
|
148091
|
148565
|
152216
|
152217
| 152411