diff -urN sssd.orig/Makefile sssd/Makefile --- sssd.orig/Makefile 2014-09-03 07:34:37.000000000 +0000 +++ sssd/Makefile 2014-10-05 10:25:48.000000000 +0000 @@ -2,8 +2,8 @@ # $FreeBSD: head/security/sssd/Makefile 367172 2014-09-03 07:34:37Z vanilla $ PORTNAME= sssd -DISTVERSION= 1.9.6 -PORTREVISION= 9 +DISTVERSION= 1.11.7 +PORTREVISION= 0 CATEGORIES= security MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ http://mirrors.rit.edu/zi/ @@ -32,18 +32,19 @@ xsltproc:${PORTSDIR}/textproc/libxslt \ xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr \ krb5>=1.10:${PORTSDIR}/security/krb5 \ - nsupdate:${PORTSDIR}/dns/bind99 + nsupdate:${PORTSDIR}/dns/bind99 GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ - --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb/ \ + --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ --docdir=${DOCSDIR} --with-pid-path=/var/run \ --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \ - --with-unicode-lib=libunistring --with-autofs=no + --with-unicode-lib=libunistring --with-autofs=no --disable-cifs-idmap-plugin \ + --without-nfsv4-idmapd-plugin --disable-config-lib --with-sudo --with-initscript=sysv CONFIGURE_ENV= XMLLINT="/bin/echo" CFLAGS+= -fstack-protector-all PLIST_SUB= PYTHON_VER=${PYTHON_VER} @@ -57,13 +58,22 @@ USE_PYTHON= yes USE_OPENLDAP= yes USES= gettext gmake iconv libtool pathfix pkgconfig shebangfix +LIBS+= -L${LOCALBASE}/lib -liconv -lintl PATHFIX_MAKEFILEIN= Makefile.am SHEBANG_FILES= src/tools/sss_obfuscate USE_RC_SUBR= ${PORTNAME} PORTDATA= * -OPTIONS_DEFINE= DOCS +OPTIONS_DEFINE= DOCS SMB +OPTIONS_DEFAULT= DOCS +OPTIONS_SUB= yes + +SMB_DESC= Install with Samba support +SMB_LIB_DEPENDS= libsmbclient.so:${PORTSDIR}/net/samba-libsmbclient +SMB_BUILD_DEPENDS= samba41>=4.1.0:${PORTSDIR}/net/samba41 +SMB_CONFIGURE_WITH= samba + .include diff -urN sssd.orig/distinfo sssd/distinfo --- sssd.orig/distinfo 2014-01-22 15:30:13.000000000 +0000 +++ sssd/distinfo 2014-10-05 09:51:40.000000000 +0000 @@ -1,2 +1,2 @@ -SHA256 (sssd-1.9.6.tar.gz) = ca96e8d98eb4113396b13d9601dbdd20f4b2f2613d0f29a0157ffd05e3748601 -SIZE (sssd-1.9.6.tar.gz) = 3180066 +SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5 +SIZE (sssd-1.11.7.tar.gz) = 3661227 diff -urN sssd.orig/files/patch-Makefile.am sssd/files/patch-Makefile.am --- sssd.orig/files/patch-Makefile.am 2014-08-20 08:01:12.000000000 +0000 +++ sssd/files/patch-Makefile.am 2014-10-05 09:48:53.000000000 +0000 @@ -1,17 +1,6 @@ -From e40f55767383f300f71103ca404b7839b8499104 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 01/25] patch-Makefile.am - ---- - Makefile.am | 10 ++++++---- - 1 file changed, 6 insertions(+), 4 deletions(-) - -diff --git Makefile.am Makefile.am -index 04df7cb..e2558f7 100644 ---- Makefile.am -+++ Makefile.am -@@ -318,6 +318,7 @@ SSSD_LIBS = \ +--- Makefile.am.orig 2014-10-05 09:16:03.000000000 +0000 ++++ Makefile.am 2014-10-05 10:36:18.000000000 +0000 +@@ -378,6 +378,7 @@ $(DHASH_LIBS) \ $(SSS_CRYPT_LIBS) \ $(OPENLDAP_LIBS) \ @@ -19,24 +8,24 @@ $(TDB_LIBS) PYTHON_BINDINGS_LIBS = \ -@@ -369,6 +370,7 @@ dist_noinst_HEADERS = \ +@@ -431,6 +432,7 @@ src/util/sss_selinux.h \ src/util/sss_utf8.h \ src/util/sss_ssh.h \ + src/util/sss_bsd_errno.h \ + src/util/sss_ini.h \ + src/util/sss_format.h \ src/util/refcount.h \ - src/util/find_uid.h \ - src/util/user_info_msg.h \ -@@ -1170,7 +1172,7 @@ noinst_PROGRAMS += autofs_test_client +@@ -1685,7 +1687,7 @@ endif pam_test_client_SOURCES = src/sss_client/pam_test_client.c --pam_test_client_LDFLAGS = -lpam -lpam_misc -+pam_test_client_LDFLAGS = -lpam +-pam_test_client_LDADD = $(PAM_LIBS) $(PAM_MISC_LIBS) ++pam_test_client_LDADD = $(PAM_LIBS) if BUILD_AUTOFS - autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \ -@@ -1184,9 +1186,10 @@ endif + autofs_test_client_SOURCES = \ +@@ -1700,9 +1702,10 @@ # Client Libraries # #################### @@ -49,23 +38,20 @@ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ -@@ -1198,7 +1201,7 @@ libnss_sss_la_SOURCES = \ - src/sss_client/nss_mc_passwd.c \ - src/sss_client/nss_mc_group.c \ +@@ -1717,7 +1720,7 @@ src/sss_client/nss_mc.h + libnss_sss_la_LIBADD = \ + $(CLIENT_LIBS) -libnss_sss_la_LDFLAGS = \ +nss_sss_la_LDFLAGS = \ - $(CLIENT_LIBS) \ -module \ -version-info 2:0:0 \ -@@ -1532,6 +1535,7 @@ ldap_child_LDADD = \ - $(POPT_LIBS) \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports +@@ -1879,6 +1882,7 @@ + libsss_ldap_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ + $(LTLIBINTL) \ - $(KRB5_LIBS) - - proxy_child_SOURCES = \ --- -1.8.0 - + $(KRB5_LIBS) \ + libsss_ldap_common.la \ + libsss_idmap.la diff -urN sssd.orig/files/patch-src__confdb__confdb.c sssd/files/patch-src__confdb__confdb.c --- sssd.orig/files/patch-src__confdb__confdb.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__confdb__confdb.c 2014-10-05 09:30:22.000000000 +0000 @@ -1,28 +1,14 @@ -From 756e37d0ef957b15d782d5dd87d24e9359541931 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 02/25] patch-src__confdb__confdb.c - ---- - src/confdb/confdb.c | 5 +++++ - 1 file changed, 5 insertions(+) - -diff --git src/confdb/confdb.c src/confdb/confdb.c -index 72c74fe..78b69b8 100644 ---- src/confdb/confdb.c -+++ src/confdb/confdb.c +--- src/confdb/confdb.c.orig 2014-10-05 09:17:01.000000000 +0000 ++++ src/confdb/confdb.c 2014-10-05 10:33:50.000000000 +0000 @@ -28,6 +28,11 @@ #include "util/strtonum.h" #include "db/sysdb.h" +char *strchrnul(const char *s, int ch) { -+ char *ret = strchr(s, ch); -+ return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret; ++ char *ret = strchr(s, ch); ++ return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret; +} + #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ --- -1.8.0 - diff -urN sssd.orig/files/patch-src__external__inotify.m4 sssd/files/patch-src__external__inotify.m4 --- sssd.orig/files/patch-src__external__inotify.m4 2013-11-08 10:58:10.000000000 +0000 +++ sssd/files/patch-src__external__inotify.m4 2014-10-05 09:44:10.000000000 +0000 @@ -1,17 +1,6 @@ -From 558989d6ac329b4036e02873fb7c981c5912040c Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Thu, 7 Nov 2013 13:28:13 +0100 -Subject: [PATCH] patch-src__external__inotify.m4 - ---- - src/external/inotify.m4 | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git src/external/inotify.m4 src/external/inotify.m4 -index 9572f6d2fefedf8a1d6a2468c712a83e7db2969f..2a5a8cf00d80e0979dca50fd102c3dc2872b2970 100644 ---- src/external/inotify.m4 -+++ src/external/inotify.m4 -@@ -20,10 +20,10 @@ int main () { +--- src/external/inotify.m4.orig 2014-10-05 09:17:30.000000000 +0000 ++++ src/external/inotify.m4 2014-10-05 10:47:50.000000000 +0000 +@@ -20,10 +20,10 @@ AS_IF([test x"$inotify_works" != xyes], [AC_CHECK_LIB([inotify], [inotify_init], @@ -24,6 +13,3 @@ ) AS_IF([test x"$inotify_works" = xyes], --- -1.8.3.1 - diff -urN sssd.orig/files/patch-src__external__krb5.m4 sssd/files/patch-src__external__krb5.m4 --- sssd.orig/files/patch-src__external__krb5.m4 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__external__krb5.m4 2014-10-05 09:44:10.000000000 +0000 @@ -1,17 +1,6 @@ -From b7947258702e250dbf569bb9cd74f1e73f0c94bb Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 30 Oct 2013 08:53:42 +0100 -Subject: [PATCH 1/4] patch-src__external__krb5.m4 - ---- - src/external/krb5.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git src/external/krb5.m4 src/external/krb5.m4 -index 71239c9..63c8ece 100644 ---- src/external/krb5.m4 -+++ src/external/krb5.m4 -@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then +--- src/external/krb5.m4.orig 2014-10-05 09:17:49.000000000 +0000 ++++ src/external/krb5.m4 2014-10-05 10:48:54.000000000 +0000 +@@ -9,7 +9,7 @@ KRB5_PASSED_CFLAGS=$KRB5_CFLAGS fi @@ -20,6 +9,3 @@ AC_MSG_CHECKING(for working krb5-config) if test -x "$KRB5_CONFIG"; then KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" --- -1.8.0 - diff -urN sssd.orig/files/patch-src__external__pac_responder sssd/files/patch-src__external__pac_responder --- sssd.orig/files/patch-src__external__pac_responder 1970-01-01 00:00:00.000000000 +0000 +++ sssd/files/patch-src__external__pac_responder 2014-10-05 09:44:10.000000000 +0000 @@ -0,0 +1,11 @@ +--- src/external/pac_responder.m4.orig 2014-10-05 09:18:11.000000000 +0000 ++++ src/external/pac_responder.m4 2014-10-05 10:49:36.000000000 +0000 +@@ -14,7 +14,7 @@ + PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes, + AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac])) + +- AC_PATH_PROG(KRB5_CONFIG, krb5-config) ++ AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH]) + AC_MSG_CHECKING(for supported MIT krb5 version) + KRB5_VERSION="`$KRB5_CONFIG --version`" + case $KRB5_VERSION in diff -urN sssd.orig/files/patch-src__external__pac_responder.m4 sssd/files/patch-src__external__pac_responder.m4 --- sssd.orig/files/patch-src__external__pac_responder.m4 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__external__pac_responder.m4 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -From b52128bc333fd4717a96950ef8fb4171f25fabcf Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 30 Oct 2013 08:54:41 +0100 -Subject: [PATCH 2/4] patch-src__external__pac_responder.m4 - ---- - src/external/pac_responder.m4 | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git src/external/pac_responder.m4 src/external/pac_responder.m4 -index 49d5cbb..2b4ca5c 100644 ---- src/external/pac_responder.m4 -+++ src/external/pac_responder.m4 -@@ -14,7 +14,7 @@ then - PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes, - AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac])) - -- AC_PATH_PROG(KRB5_CONFIG, krb5-config) -+ AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH]) - AC_MSG_CHECKING(for supported MIT krb5 version) - KRB5_VERSION="`$KRB5_CONFIG --version`" - case $KRB5_VERSION in --- -1.8.0 - diff -urN sssd.orig/files/patch-src__man__pam_sss.8.xml sssd/files/patch-src__man__pam_sss.8.xml --- sssd.orig/files/patch-src__man__pam_sss.8.xml 2014-06-12 14:35:01.000000000 +0000 +++ sssd/files/patch-src__man__pam_sss.8.xml 1970-01-01 00:00:00.000000000 +0000 @@ -1,57 +0,0 @@ -From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Tue, 3 Jun 2014 22:10:50 +0200 -Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml - ---- - src/man/pam_sss.8.xml | 27 +++++++++++++++++++++++++++ - 1 file changed, 27 insertions(+) - -diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml -index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644 ---- src/man/pam_sss.8.xml -+++ src/man/pam_sss.8.xml -@@ -37,6 +37,12 @@ - - retry=N - -+ -+ ignore_unknown_user -+ -+ -+ ignore_authinfo_unavail -+ - - - -@@ -103,6 +109,27 @@ - . - - -+ -+ -+ -+ -+ -+ If this option is specified and the user does not -+ exist, the PAM module will return PAM_IGNORE. This causes -+ the PAM framework to ignore this module. -+ -+ -+ -+ -+ -+ -+ -+ -+ Specifies that the PAM module should return PAM_IGNORE -+ if it cannot contact the SSSD daemon. This causes -+ the PAM framework to ignore this module. -+ -+ - - - --- -1.9.3 - diff -urN sssd.orig/files/patch-src__providers__ad__ad_access.c sssd/files/patch-src__providers__ad__ad_access.c --- sssd.orig/files/patch-src__providers__ad__ad_access.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__ad__ad_access.c 2014-10-05 09:44:10.000000000 +0000 @@ -1,16 +1,5 @@ -From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 27 Jul 2013 15:04:27 +0200 -Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c - ---- - src/providers/ad/ad_access.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c -index 314cdcf..ca0fb8b 100644 ---- src/providers/ad/ad_access.c -+++ src/providers/ad/ad_access.c +--- src/providers/ad/ad_access.c.orig 2014-10-05 09:18:50.000000000 +0000 ++++ src/providers/ad/ad_access.c 2014-10-05 10:50:22.000000000 +0000 @@ -21,6 +21,7 @@ */ @@ -19,6 +8,3 @@ #include "src/util/util.h" #include "src/providers/data_provider.h" #include "src/providers/dp_backend.h" --- -1.8.0 - diff -urN sssd.orig/files/patch-src__providers__ad__ad_common.c sssd/files/patch-src__providers__ad__ad_common.c --- sssd.orig/files/patch-src__providers__ad__ad_common.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__ad__ad_common.c 2014-10-05 09:44:10.000000000 +0000 @@ -1,17 +1,6 @@ -From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 27 Jul 2013 15:03:49 +0200 -Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c - ---- - src/providers/ad/ad_common.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c -index 8600dab..d628385 100644 ---- src/providers/ad/ad_common.c -+++ src/providers/ad/ad_common.c -@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, +--- src/providers/ad/ad_common.c.orig 2014-10-05 09:19:09.000000000 +0000 ++++ src/providers/ad/ad_common.c 2014-10-05 10:51:16.000000000 +0000 +@@ -262,7 +262,7 @@ char *server; char *realm; char *ad_hostname; @@ -20,7 +9,7 @@ opts = talloc_zero(mem_ctx, struct ad_options); if (!opts) return ENOMEM; -@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, +@@ -299,7 +299,7 @@ */ ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME); if (ad_hostname == NULL) { @@ -29,15 +18,12 @@ if (gret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, -@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, - strerror(ret))); +@@ -307,7 +307,7 @@ + strerror(ret)); goto done; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; DEBUG(SSSDBG_CONF_SETTINGS, - ("Setting ad_hostname to [%s].\n", hostname)); + "Setting ad_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); --- -1.8.0 - diff -urN sssd.orig/files/patch-src__providers__data_provider_fo.c sssd/files/patch-src__providers__data_provider_fo.c --- sssd.orig/files/patch-src__providers__data_provider_fo.c 1970-01-01 00:00:00.000000000 +0000 +++ sssd/files/patch-src__providers__data_provider_fo.c 2014-10-05 09:48:52.000000000 +0000 @@ -0,0 +1,24 @@ +--- src/providers/data_provider_fo.c.orig 2014-10-05 09:22:57.000000000 +0000 ++++ src/providers/data_provider_fo.c 2014-10-05 11:00:24.000000000 +0000 +@@ -258,18 +258,18 @@ + const char *hostname) + { + struct fo_resolve_srv_dns_ctx *srv_ctx = NULL; +- char resolved_hostname[HOST_NAME_MAX + 1]; ++ char resolved_hostname[_POSIX_HOST_NAME_MAX + 1]; + errno_t ret; + + if (hostname == NULL) { +- ret = gethostname(resolved_hostname, HOST_NAME_MAX); ++ ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX); + if (ret != EOK) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, + "gethostname() failed: [%d]: %s\n", ret, strerror(ret)); + return ret; + } +- resolved_hostname[HOST_NAME_MAX] = '\0'; ++ resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0'; + hostname = resolved_hostname; + } + diff -urN sssd.orig/files/patch-src__providers__fail_over.c sssd/files/patch-src__providers__fail_over.c --- sssd.orig/files/patch-src__providers__fail_over.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__fail_over.c 2014-10-05 10:07:34.000000000 +0000 @@ -1,41 +1,11 @@ -From 08bc75705abe29a9e046a0a8871adcf42eeee35c Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 07/25] patch-src__providers__fail_over.c - ---- - src/providers/fail_over.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git src/providers/fail_over.c src/providers/fail_over.c -index 59cbacd..197c0ef 100644 ---- src/providers/fail_over.c -+++ src/providers/fail_over.c -@@ -1331,7 +1331,7 @@ resolve_srv_recv(struct tevent_req *req, struct fo_server **server) +--- src/providers/fail_over.c.orig 2014-10-05 10:05:45.000000000 +0000 ++++ src/providers/fail_over.c 2014-10-05 10:06:10.000000000 +0000 +@@ -1391,7 +1391,7 @@ *******************************************************************/ struct resolve_get_domain_state { char *fqdn; - char hostname[HOST_NAME_MAX]; -+ char hostname[_POSIX_HOST_NAME_MAX + 1]; ++ char hostname[_POSIX_HOST_NAME_MAX]; }; - static void resolve_get_domain_done(struct tevent_req *subreq); -@@ -1351,13 +1351,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx, - return NULL; - } - -- ret = gethostname(state->hostname, HOST_NAME_MAX); -+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX); - if (ret) { - ret = errno; - DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret))); - return NULL; - } -- state->hostname[HOST_NAME_MAX-1] = '\0'; -+ state->hostname[_POSIX_HOST_NAME_MAX] = '\0'; - DEBUG(7, ("Host name is: %s\n", state->hostname)); - - subreq = resolv_gethostbyname_send(state, ev, resolv, --- -1.8.0 - + static void diff -urN sssd.orig/files/patch-src__providers__ipa__ipa_common.c sssd/files/patch-src__providers__ipa__ipa_common.c --- sssd.orig/files/patch-src__providers__ipa__ipa_common.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__ipa__ipa_common.c 2014-10-05 09:44:10.000000000 +0000 @@ -1,17 +1,6 @@ -From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 4 May 2013 16:08:11 +0200 -Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c - ---- - src/providers/ipa/ipa_common.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c -index eb384a1..d7d8052 100644 ---- src/providers/ipa/ipa_common.c -+++ src/providers/ipa/ipa_common.c -@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx, +--- src/providers/ipa/ipa_common.c.orig 2014-10-05 09:19:35.000000000 +0000 ++++ src/providers/ipa/ipa_common.c 2014-10-05 10:52:02.000000000 +0000 +@@ -49,7 +49,7 @@ char *realm; char *ipa_hostname; int ret; @@ -20,23 +9,20 @@ opts = talloc_zero(memctx, struct ipa_options); if (!opts) return ENOMEM; -@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx, +@@ -79,14 +79,14 @@ ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { - ret = gethostname(hostname, HOST_NAME_MAX); + ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); if (ret != EOK) { - DEBUG(1, ("gethostname failed [%d][%s].\n", errno, - strerror(errno))); + DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno, + strerror(errno)); ret = errno; goto done; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; - DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); + DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { --- -1.8.0 - diff -urN sssd.orig/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c --- sssd.orig/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c 2013-11-08 10:58:10.000000000 +0000 +++ sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c 2014-10-05 09:44:10.000000000 +0000 @@ -1,32 +1,19 @@ -From eba3efda911eb0212a98353740e13ad619aaa282 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 09/25] patch-src__providers__krb5__krb5_delayed_online_authentication.c - ---- - src/providers/krb5/krb5_delayed_online_authentication.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c -index d5dea3b..da6b6bb 100644 ---- src/providers/krb5/krb5_delayed_online_authentication.c -+++ src/providers/krb5/krb5_delayed_online_authentication.c -@@ -296,6 +296,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, - struct tevent_context *ev) +--- src/providers/krb5/krb5_delayed_online_authentication.c.orig 2014-10-05 09:20:01.000000000 +0000 ++++ src/providers/krb5/krb5_delayed_online_authentication.c 2014-10-05 10:53:52.000000000 +0000 +@@ -321,7 +321,7 @@ { int ret; -+#ifdef __linux__ hash_table_t *tmp_table; - +- ++#ifdef __linux__ ret = get_uid_table(krb5_ctx, &tmp_table); -@@ -314,6 +315,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, - DEBUG(1, ("hash_destroy failed [%s].\n", hash_error_string(ret))); + if (ret != EOK) { + if (ret == ENOSYS) { +@@ -339,6 +339,7 @@ + "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } +#endif /* __linux__ */ krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); --- -1.8.0 - diff -urN sssd.orig/files/patch-src__providers__ldap__ldap_auth.c sssd/files/patch-src__providers__ldap__ldap_auth.c --- sssd.orig/files/patch-src__providers__ldap__ldap_auth.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__ldap__ldap_auth.c 2014-10-05 09:44:10.000000000 +0000 @@ -1,16 +1,5 @@ -From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 4 May 2013 16:08:11 +0200 -Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c - ---- - src/providers/ldap/ldap_auth.c | 60 ++++++++++++++++++++++++++---------------- - 1 file changed, 37 insertions(+), 23 deletions(-) - -diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c -index b0dd30c..6b1ad83 100644 ---- src/providers/ldap/ldap_auth.c -+++ src/providers/ldap/ldap_auth.c +--- src/providers/ldap/ldap_auth.c.orig 2014-10-05 09:20:29.000000000 +0000 ++++ src/providers/ldap/ldap_auth.c 2014-10-05 10:57:50.000000000 +0000 @@ -37,7 +37,6 @@ #include #include @@ -19,7 +8,7 @@ #include #include "util/util.h" -@@ -56,6 +55,22 @@ enum pwexpire { +@@ -56,6 +55,22 @@ PWEXPIRE_SHADOW }; @@ -31,93 +20,85 @@ + long int sp_min; /* Minimum number of days between changes. */ + long int sp_max; /* Maximum number of days between changes. */ + long int sp_warn; /* Number of days to warn user to change -+ the password. */ ++ the password. */ + long int sp_inact; /* Number of days the account may be -+ inactive. */ ++ inactive. */ + long int sp_expire; /* Number of days since 1970-01-01 until -+ account expires. */ ++ account expires. */ + unsigned long int sp_flag; /* Reserved. */ +}; + static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -110,17 +125,16 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, +@@ -109,6 +124,7 @@ return EINVAL; } + tzset(); expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, ("mktime failed to convert [%s].\n", expire_date)); + DEBUG(SSSDBG_CRIT_FAILURE, +@@ -116,12 +132,9 @@ return EINVAL; } - tzset(); - expire_time -= timezone; -- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " -- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], -- tzname[1], timezone, daylight, now, expire_time)); +- DEBUG(SSSDBG_TRACE_ALL, +- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " +- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], +- tzname[1], timezone, daylight, now, expire_time); + DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]" + "now [%d] expire_time [%d].\n", tzname[0], + tzname[1], now, expire_time)); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, ("Kerberos password expired.\n")); -@@ -762,7 +776,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) - - DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); + DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); +@@ -924,7 +937,7 @@ + DEBUG(SSSDBG_OP_FAILURE, + "starting password change request for user [%s].\n", pd->user); - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { - DEBUG(2, ("chpass target was called by wrong pam command.\n")); -@@ -821,7 +835,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) - &pw_expire_type, &pw_expire_data); - talloc_zfree(req); - if (ret) { -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - -@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) - &result); - if (ret != EOK) { - DEBUG(1, ("check_pwexpire_shadow failed.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - break; -@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req) - state->breq->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(1, ("check_pwexpire_kerberos failed.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - - if (result == SDAP_AUTH_PW_EXPIRED) { - DEBUG(1, ("LDAP provider cannot change kerberos " - "passwords.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - break; -@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) - break; - default: - DEBUG(1, ("Unknow pasword expiration type.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; + DEBUG(SSSDBG_OP_FAILURE, +@@ -991,7 +1004,7 @@ + DEBUG(SSSDBG_CRIT_FAILURE, + "LDAP provider cannot change kerberos " + "passwords.\n"); +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + break; +@@ -1000,7 +1013,7 @@ + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; } } -@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) +@@ -1023,13 +1036,13 @@ + ret = sss_authtok_get_password(state->pd->authtok, + &password, NULL); + if (ret) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + ret = sss_authtok_get_password(state->pd->newauthtok, + &new_password, NULL); + if (ret) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + +@@ -1069,7 +1082,7 @@ dp_err = DP_ERR_OFFLINE; break; default: @@ -126,25 +107,25 @@ } done: -@@ -929,7 +943,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) - ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); - talloc_zfree(req); - if (ret && ret != EIO) { +@@ -1104,7 +1117,7 @@ + state->pd->pam_status = PAM_AUTHTOK_ERR; + break; + default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; - goto done; + break; } -@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) - state->dn, - lastchanged_name); +@@ -1131,7 +1144,7 @@ + state->sh, state->dn, + lastchanged_name); if (subreq == NULL) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -991,7 +1005,7 @@ static void sdap_lastchange_done(struct tevent_req *req) +@@ -1152,7 +1165,7 @@ ret = sdap_modify_shadow_lastchange_recv(req); if (ret != EOK) { @@ -153,7 +134,7 @@ goto done; } -@@ -1032,7 +1046,7 @@ void sdap_pam_auth_handler(struct be_req *breq) +@@ -1193,7 +1206,7 @@ goto done; } @@ -162,52 +143,16 @@ switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: -@@ -1090,7 +1104,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - &pw_expire_type, &pw_expire_data); - talloc_zfree(req); - if (ret != EOK) { -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - dp_err = DP_ERR_FATAL; - goto done; - } -@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - state->pd, &result); - if (ret != EOK) { - DEBUG(1, ("check_pwexpire_shadow failed.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - break; -@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - be_ctx->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(1, ("check_pwexpire_kerberos failed.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - break; -@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - be_ctx->domain->pwd_expiration_warning); - if (ret != EOK) { - DEBUG(1, ("check_pwexpire_ldap failed.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; - } - break; -@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - break; - default: - DEBUG(1, ("Unknow pasword expiration type.\n")); -- state->pd->pam_status = PAM_SYSTEM_ERR; -+ state->pd->pam_status = PAM_SERVICE_ERR; - goto done; +@@ -1265,7 +1278,7 @@ + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, "Unknow pasword expiration type.\n"); +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; } } -@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) +@@ -1291,7 +1304,7 @@ state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; default: @@ -216,6 +161,3 @@ dp_err = DP_ERR_FATAL; } --- -1.8.0 - diff -urN sssd.orig/files/patch-src__providers__ldap__ldap_child.c sssd/files/patch-src__providers__ldap__ldap_child.c --- sssd.orig/files/patch-src__providers__ldap__ldap_child.c 1970-01-01 00:00:00.000000000 +0000 +++ sssd/files/patch-src__providers__ldap__ldap_child.c 2014-10-05 09:48:52.000000000 +0000 @@ -0,0 +1,20 @@ +--- src/providers/ldap/ldap_child.c.orig 2014-10-05 09:20:49.000000000 +0000 ++++ src/providers/ldap/ldap_child.c 2014-10-05 10:58:06.000000000 +0000 +@@ -240,14 +240,14 @@ + full_princ = talloc_strdup(tmp_ctx, princ_str); + } + } else { +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[_POSIX_HOST_NAME_MAX + 1]; + +- ret = gethostname(hostname, HOST_NAME_MAX); ++ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); + if (ret == -1) { + krberr = KRB5KRB_ERR_GENERIC; + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[_POSIX_HOST_NAME_MAX] = '\0'; + + DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname); + diff -urN sssd.orig/files/patch-src__providers__ldap__sdap_access.c sssd/files/patch-src__providers__ldap__sdap_access.c --- sssd.orig/files/patch-src__providers__ldap__sdap_access.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__ldap__sdap_access.c 2014-10-05 10:06:48.000000000 +0000 @@ -1,205 +1,51 @@ -From 9a3d9a05b2c8790c771c166b42f8b80e76b4b336 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 11/25] patch-src__providers__ldap__sdap_access.c - ---- - src/providers/ldap/sdap_access.c | 46 +++++++++++++++++++--------------------- - 1 file changed, 22 insertions(+), 24 deletions(-) - -diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c -index b198e04..1eaedf7 100644 ---- src/providers/ldap/sdap_access.c -+++ src/providers/ldap/sdap_access.c -@@ -22,9 +22,7 @@ - along with this program. If not, see . - */ - --#define _XOPEN_SOURCE 500 /* for strptime() */ - #include --#undef _XOPEN_SOURCE - #include - #include - #include -@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq) - pd); - if (req == NULL) { - DEBUG(1, ("Unable to start sdap_access request\n")); -- sdap_access_reply(breq, PAM_SYSTEM_ERR); -+ sdap_access_reply(breq, PAM_SERVICE_ERR); - return; - } - -@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, - - state->be_req = be_req; - state->pd = pd; -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - state->ev = ev; - state->access_ctx = access_ctx; - state->current_rule = 0; -@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str) +--- src/providers/ldap/sdap_access.c.orig 2014-10-05 09:21:27.000000000 +0000 ++++ src/providers/ldap/sdap_access.c 2014-10-05 10:05:28.000000000 +0000 +@@ -499,6 +499,7 @@ return true; } + tzset(); expire_time = mktime(&tm); if (expire_time == -1) { - DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str)); + DEBUG(SSSDBG_CRIT_FAILURE, +@@ -506,13 +507,10 @@ return true; } - tzset(); - expire_time -= timezone; now = time(NULL); -- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " -- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], -- tzname[1], timezone, daylight, now, expire_time)); +- DEBUG(SSSDBG_TRACE_ALL, +- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " +- "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], +- tzname[1], timezone, daylight, now, expire_time); + DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%d] expire_time [%d].\n", tzname[0], + tzname[1], now, expire_time)); if (difftime(now, expire_time) > 0.0) { - DEBUG(4, ("NDS account expired.\n")); -@@ -662,7 +659,7 @@ static struct tevent_req *sdap_account_expired_send(TALLOC_CTX *mem_ctx, - return NULL; - } - -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - - expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, - SDAP_ACCOUNT_EXPIRE_POLICY); -@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq) - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - tevent_req_error(req, ret); - return; - } -@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, - state->filter = NULL; - state->be_req = be_req; - state->username = username; -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - state->sdap_ctx = access_ctx->id_ctx; - state->ev = ev; - state->access_ctx = access_ctx; -@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) - false); - if (subreq == NULL) { - DEBUG(1, ("Could not start LDAP communication\n")); -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - tevent_req_error(req, EIO); - return; - } -@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) - if (ret == EOK) { - return; - } -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - } else if (dp_error == DP_ERR_OFFLINE) { - sdap_access_filter_decide_offline(req); - } else { - DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n", - ret, strerror(ret))); -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - } - - goto done; -@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) - else if (results == NULL) { - DEBUG(1, ("num_results > 0, but results is NULL\n")); - ret = EIO; -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - goto done; - } - else if (num_results > 1) { -@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) - */ - DEBUG(1, ("Received multiple replies\n")); - ret = EIO; -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - goto done; - } - else { /* Ok, we got a single reply */ -@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - tevent_req_error(req, ret); - return; - } -@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq) - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - tevent_req_error(req, ret); - return; - } -@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send( + DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); +@@ -1139,7 +1137,7 @@ struct ldb_message_element *el; unsigned int i; char *host; -- char hostname[HOST_NAME_MAX+1]; +- char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; - req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); - if (!req) { -@@ -1285,11 +1282,12 @@ static struct tevent_req *sdap_access_host_send( - goto done; + el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST); + if (!el || el->num_values == 0) { +@@ -1147,12 +1145,12 @@ + return ERR_ACCESS_DENIED; } -- if (gethostname(hostname, sizeof(hostname)) == -1) { +- if (gethostname(hostname, HOST_NAME_MAX) == -1) { + if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) { - DEBUG(1, ("Unable to get system hostname. Access denied\n")); - ret = EOK; - goto done; + DEBUG(SSSDBG_CRIT_FAILURE, + "Unable to get system hostname. Access denied\n"); + return ERR_ACCESS_DENIED; } +- hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname * in some attempt to get aliases and/or FQDN for the machine. -@@ -1365,7 +1363,7 @@ static void sdap_access_host_done(struct tevent_req *subreq) - talloc_zfree(subreq); - if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); -- state->pam_status = PAM_SYSTEM_ERR; -+ state->pam_status = PAM_SERVICE_ERR; - tevent_req_error(req, ret); - return; - } -@@ -1391,7 +1389,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status) - static void sdap_access_done(struct tevent_req *req) - { - errno_t ret; -- int pam_status = PAM_SYSTEM_ERR; -+ int pam_status = PAM_SERVICE_ERR; - struct be_req *breq = - tevent_req_callback_data(req, struct be_req); - -@@ -1399,7 +1397,7 @@ static void sdap_access_done(struct tevent_req *req) - talloc_zfree(req); - if (ret != EOK) { - DEBUG(1, ("Error retrieving access check result.\n")); -- pam_status = PAM_SYSTEM_ERR; -+ pam_status = PAM_SERVICE_ERR; - } - - sdap_access_reply(breq, pam_status); --- -1.8.0 - diff -urN sssd.orig/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c --- sssd.orig/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c 2014-10-05 09:48:52.000000000 +0000 @@ -1,26 +1,15 @@ -From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 27 Jul 2013 15:01:26 +0200 -Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c - ---- - src/providers/ldap/sdap_async_sudo_hostinfo.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c -index 0a695cd..108b4c2 100644 ---- src/providers/ldap/sdap_async_sudo_hostinfo.c -+++ src/providers/ldap/sdap_async_sudo_hostinfo.c -@@ -371,7 +371,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, +--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2014-10-05 09:21:58.000000000 +0000 ++++ src/providers/ldap/sdap_async_sudo_hostinfo.c 2014-10-05 10:59:58.000000000 +0000 +@@ -371,7 +371,7 @@ struct tevent_req *subreq = NULL; struct sdap_sudo_get_hostnames_state *state = NULL; char *dot = NULL; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; - int resolv_timeout; int ret; -@@ -395,14 +395,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, + req = tevent_req_create(mem_ctx, &state, +@@ -394,14 +394,14 @@ /* get hostname */ errno = 0; @@ -28,8 +17,8 @@ + ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); if (ret != EOK) { ret = errno; - DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname " - "[%d]: %s\n", ret, strerror(ret))); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname " + "[%d]: %s\n", ret, strerror(ret)); goto done; } - hostname[HOST_NAME_MAX] = '\0'; @@ -37,6 +26,3 @@ state->hostnames[0] = talloc_strdup(state->hostnames, hostname); if (state->hostnames[0] == NULL) { --- -1.8.0 - diff -urN sssd.orig/files/patch-src__resolv__async_resolv.c sssd/files/patch-src__resolv__async_resolv.c --- sssd.orig/files/patch-src__resolv__async_resolv.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__resolv__async_resolv.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 4 May 2013 16:08:11 +0200 -Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c - ---- - src/resolv/async_resolv.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c -index 268d266..1bb84e5 100644 ---- src/resolv/async_resolv.c -+++ src/resolv/async_resolv.c -@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name) - hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ - - ret = getaddrinfo(name, NULL, &hints, &res); -- freeaddrinfo(res); - if (ret != 0) { - if (ret == -2) { - DEBUG(9, ("[%s] does not look like an IP address\n", name)); -@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name) - DEBUG(2, ("getaddrinfo failed [%d]: %s\n", - ret, gai_strerror(ret))); - } -+ } else { -+ freeaddrinfo(res); - } - - return ret == 0; --- -1.8.0 - diff -urN sssd.orig/files/patch-src__resolv__async_resolv_utils.c sssd/files/patch-src__resolv__async_resolv_utils.c --- sssd.orig/files/patch-src__resolv__async_resolv_utils.c 1970-01-01 00:00:00.000000000 +0000 +++ sssd/files/patch-src__resolv__async_resolv_utils.c 2014-10-05 09:48:52.000000000 +0000 @@ -0,0 +1,28 @@ +--- src/resolv/async_resolv_utils.c.orig 2014-10-05 09:25:19.000000000 +0000 ++++ src/resolv/async_resolv_utils.c 2014-10-05 11:00:48.000000000 +0000 +@@ -44,7 +44,7 @@ + struct resolv_get_domain_state *state = NULL; + struct tevent_req *req = NULL; + struct tevent_req *subreq = NULL; +- char system_hostname[HOST_NAME_MAX + 1]; ++ char system_hostname[_POSIX_HOST_NAME_MAX + 1]; + errno_t ret; + + req = tevent_req_create(mem_ctx, &state, +@@ -56,14 +56,14 @@ + + if (hostname == NULL) { + /* use system hostname */ +- ret = gethostname(system_hostname, HOST_NAME_MAX); ++ ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX); + if (ret) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n", + ret, strerror(ret)); + goto immediately; + } +- system_hostname[HOST_NAME_MAX] = '\0'; ++ system_hostname[_POSIX_HOST_NAME_MAX] = '\0'; + hostname = system_hostname; + } + diff -urN sssd.orig/files/patch-src__sss_client__common.c sssd/files/patch-src__sss_client__common.c --- sssd.orig/files/patch-src__sss_client__common.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__sss_client__common.c 2014-10-05 09:48:52.000000000 +0000 @@ -1,16 +1,5 @@ -From 6874fb930a30eac6fe12104923ab97083f58bcf9 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 14/25] patch-src__sss_client__common.c - ---- - src/sss_client/common.c | 15 +++++++-------- - 1 file changed, 7 insertions(+), 8 deletions(-) - -diff --git src/sss_client/common.c src/sss_client/common.c -index ec5c708..5d17eed 100644 ---- src/sss_client/common.c -+++ src/sss_client/common.c +--- src/sss_client/common.c.orig 2014-10-05 09:25:49.000000000 +0000 ++++ src/sss_client/common.c 2014-10-05 11:03:18.000000000 +0000 @@ -25,6 +25,7 @@ #include "config.h" @@ -27,7 +16,7 @@ #if HAVE_PTHREAD #include -@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, +@@ -124,7 +126,6 @@ *errnop = error; break; case 0: @@ -35,7 +24,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, +@@ -232,7 +233,6 @@ *errnop = error; break; case 0: @@ -43,7 +32,7 @@ break; case 1: if (pfd.revents & (POLLHUP)) { -@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name +@@ -669,7 +669,6 @@ *errnop = error; break; case 0: @@ -51,7 +40,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, +@@ -719,23 +718,23 @@ /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { @@ -80,6 +69,32 @@ } } --- -1.8.0 - +@@ -750,23 +749,23 @@ + /* avoid looping in the nss daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + } + + ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + switch (ret) { + case SSS_STATUS_TRYAGAIN: +- return NSS_STATUS_TRYAGAIN; ++ return NS_TRYAGAIN; + case SSS_STATUS_SUCCESS: +- return NSS_STATUS_SUCCESS; ++ return NS_SUCCESS; + case SSS_STATUS_UNAVAIL: + default: +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + } + diff -urN sssd.orig/files/patch-src__sss_client__nss_group.c sssd/files/patch-src__sss_client__nss_group.c --- sssd.orig/files/patch-src__sss_client__nss_group.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__sss_client__nss_group.c 2014-10-05 09:48:52.000000000 +0000 @@ -1,17 +1,6 @@ -From 5a0c2079efae0f9734d85932ed72645808b32091 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:20 +0100 -Subject: [PATCH 15/25] patch-src__sss_client__nss_group.c - ---- - src/sss_client/nss_group.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 70 insertions(+) - -diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c -index e6ea54b..b27b671 100644 ---- src/sss_client/nss_group.c -+++ src/sss_client/nss_group.c -@@ -343,6 +343,76 @@ out: +--- src/sss_client/nss_group.c.orig 2014-10-05 09:26:05.000000000 +0000 ++++ src/sss_client/nss_group.c 2014-10-05 11:04:48.000000000 +0000 +@@ -343,6 +343,76 @@ } @@ -88,6 +77,3 @@ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { --- -1.8.0 - diff -urN sssd.orig/files/patch-src__sss_client__pam_sss.c sssd/files/patch-src__sss_client__pam_sss.c --- sssd.orig/files/patch-src__sss_client__pam_sss.c 2014-06-12 14:35:01.000000000 +0000 +++ sssd/files/patch-src__sss_client__pam_sss.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,79 +0,0 @@ -From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:21 +0100 -Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c - ---- - src/sss_client/pam_sss.c | 24 ++++++++++++++++++++++++ - 1 file changed, 24 insertions(+) - -diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c -index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644 ---- src/sss_client/pam_sss.c -+++ src/sss_client/pam_sss.c -@@ -52,6 +52,8 @@ - #define FLAGS_USE_FIRST_PASS (1 << 0) - #define FLAGS_FORWARD_PASS (1 << 1) - #define FLAGS_USE_AUTHTOK (1 << 2) -+#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) -+#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4) - - #define PWEXP_FLAG "pam_sss:password_expired_flag" - #define FD_DESTRUCTOR "pam_sss:fd_destructor" -@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) - - static void close_fd(pam_handle_t *pamh, void *ptr, int err) - { -+#ifdef PAM_DATA_REPLACE - if (err & PAM_DATA_REPLACE) { - /* Nothing to do */ - return; - } -+#endif /* PAM_DATA_REPLACE */ - - D(("Closing the fd")); - sss_pam_close_fd(); -@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, - } - } else if (strcmp(*argv, "quiet") == 0) { - *quiet_mode = true; -+ } else if (strcmp(*argv, "ignore_unknown_user") == 0) { -+ *flags |= FLAGS_IGNORE_UNKNOWN_USER; -+ } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) { -+ *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL; - } else { - logger(pamh, LOG_WARNING, "unknown option: %s", *argv); - } -@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, - ret = get_pam_items(pamh, &pi); - if (ret != PAM_SUCCESS) { - D(("get items returned error: %s", pam_strerror(pamh,ret))); -+ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { -+ ret = PAM_IGNORE; -+ } -+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL -+ && ret == PAM_AUTHINFO_UNAVAIL) { -+ ret = PAM_IGNORE; -+ } - return ret; - } - -@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, - - pam_status = send_and_receive(pamh, &pi, task, quiet_mode); - -+ if (flags & FLAGS_IGNORE_UNKNOWN_USER -+ && pam_status == PAM_USER_UNKNOWN) { -+ pam_status = PAM_IGNORE; -+ } -+ if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL -+ && pam_status == PAM_AUTHINFO_UNAVAIL) { -+ pam_status = PAM_IGNORE; -+ } -+ - switch (task) { - case SSS_PAM_AUTHENTICATE: - /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during --- -1.9.3 - diff -urN sssd.orig/files/patch-src__sss_client__pam_test_client.c sssd/files/patch-src__sss_client__pam_test_client.c --- sssd.orig/files/patch-src__sss_client__pam_test_client.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__sss_client__pam_test_client.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,32 +0,0 @@ -From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 4 May 2013 16:08:11 +0200 -Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c - ---- - src/sss_client/pam_test_client.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c -index ef424e7..d8cf36c 100644 ---- src/sss_client/pam_test_client.c -+++ src/sss_client/pam_test_client.c -@@ -24,12 +24,13 @@ - - #include - #include -+#include - - #include --#include -+#include - - static struct pam_conv conv = { -- misc_conv, -+ openpam_ttyconv, - NULL - }; - --- -1.8.0 - diff -urN sssd.orig/files/patch-src__sss_client__sss_nss.exports sssd/files/patch-src__sss_client__sss_nss.exports --- sssd.orig/files/patch-src__sss_client__sss_nss.exports 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__sss_client__sss_nss.exports 2014-10-05 09:48:52.000000000 +0000 @@ -1,17 +1,6 @@ -From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 4 May 2013 16:08:11 +0200 -Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports - ---- - src/sss_client/sss_nss.exports | 18 ++++++++++++++++++ - 1 file changed, 18 insertions(+) - -diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports -index 1eefea8..8e85a05 100644 ---- src/sss_client/sss_nss.exports -+++ src/sss_client/sss_nss.exports -@@ -3,6 +3,7 @@ EXPORTED { +--- src/sss_client/sss_nss.exports.orig 2014-10-05 09:26:51.000000000 +0000 ++++ src/sss_client/sss_nss.exports 2014-10-05 11:05:56.000000000 +0000 +@@ -3,6 +3,7 @@ # public functions global: @@ -19,7 +8,7 @@ _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; -@@ -14,8 +15,25 @@ EXPORTED { +@@ -14,8 +15,25 @@ _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; @@ -45,6 +34,3 @@ #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; #_nss_sss_getaliasent_r; --- -1.8.0 - diff -urN sssd.orig/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c --- sssd.orig/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c 2014-10-05 09:48:52.000000000 +0000 @@ -1,16 +1,5 @@ -From 74422233fe8c6efa826b20c6b579f4c99e45ff87 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:21 +0100 -Subject: [PATCH 19/25] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c - ---- - src/util/crypto/libcrypto/crypto_sha512crypt.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c -index 88628b6..4510403 100644 ---- src/util/crypto/libcrypto/crypto_sha512crypt.c -+++ src/util/crypto/libcrypto/crypto_sha512crypt.c +--- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2014-10-05 09:27:43.000000000 +0000 ++++ src/util/crypto/libcrypto/crypto_sha512crypt.c 2014-10-05 11:07:04.000000000 +0000 @@ -28,6 +28,14 @@ #include #include @@ -26,6 +15,3 @@ /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) --- -1.8.0 - diff -urN sssd.orig/files/patch-src__util__crypto__nss__nss_sha512crypt.c sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c --- sssd.orig/files/patch-src__util__crypto__nss__nss_sha512crypt.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c 2014-10-05 09:48:52.000000000 +0000 @@ -1,16 +1,5 @@ -From be27b76238aa49ac0ace123f80c9957ae25501fa Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:21 +0100 -Subject: [PATCH 20/25] patch-src__util__crypto__nss__nss_sha512crypt.c - ---- - src/util/crypto/nss/nss_sha512crypt.c | 8 ++++++++ - 1 file changed, 8 insertions(+) - -diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c -index 2838c47..a6cf43f 100644 ---- src/util/crypto/nss/nss_sha512crypt.c -+++ src/util/crypto/nss/nss_sha512crypt.c +--- src/util/crypto/nss/nss_sha512crypt.c.orig 2014-10-05 09:28:09.000000000 +0000 ++++ src/util/crypto/nss/nss_sha512crypt.c 2014-10-05 11:07:34.000000000 +0000 @@ -29,6 +29,14 @@ #include #include @@ -26,6 +15,3 @@ /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) --- -1.8.0 - diff -urN sssd.orig/files/patch-src__util__find_uid.c sssd/files/patch-src__util__find_uid.c --- sssd.orig/files/patch-src__util__find_uid.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__util__find_uid.c 2014-10-05 09:48:52.000000000 +0000 @@ -1,26 +1,15 @@ -From ccc51217c877dde1857300662fdacab2298f5816 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:21 +0100 -Subject: [PATCH 21/25] patch-src__util__find_uid.c - ---- - src/util/find_uid.c | 9 ++++----- - 1 file changed, 4 insertions(+), 5 deletions(-) - -diff --git src/util/find_uid.c src/util/find_uid.c -index d34a4ab..9dec900 100644 ---- src/util/find_uid.c -+++ src/util/find_uid.c -@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) +--- src/util/find_uid.c.orig 2014-10-05 09:28:26.000000000 +0000 ++++ src/util/find_uid.c 2014-10-05 11:09:40.000000000 +0000 +@@ -67,7 +67,7 @@ uint32_t num=0; errno_t error; - ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); + ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid); if (ret < 0) { - DEBUG(1, ("snprintf failed")); + DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed"); return EINVAL; -@@ -201,12 +201,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) +@@ -207,12 +207,12 @@ struct dirent *dirent; int ret, err; pid_t pid = -1; @@ -34,18 +23,15 @@ + proc_dir = opendir("/compat/linux/proc"); if (proc_dir == NULL) { ret = errno; - DEBUG(1, ("Cannot open proc dir.\n")); -@@ -280,9 +280,8 @@ done: + DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n"); +@@ -287,9 +287,9 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { -#ifdef __linux__ int ret; -- + +#if 1 ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); --- -1.8.0 - diff -urN sssd.orig/files/patch-src__util__server.c sssd/files/patch-src__util__server.c --- sssd.orig/files/patch-src__util__server.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__util__server.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -From cc6cab9e45ba978eaf33c6fa1860ee94166780be Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:21 +0100 -Subject: [PATCH 22/25] patch-src__util__server.c - ---- - src/util/server.c | 12 +++++++----- - 1 file changed, 7 insertions(+), 5 deletions(-) - -diff --git src/util/server.c src/util/server.c -index b3073fc..ddc124f 100644 ---- src/util/server.c -+++ src/util/server.c -@@ -321,12 +321,14 @@ static void setup_signals(void) - BlockSignals(false, SIGTERM); - - CatchSignal(SIGHUP, sig_hup); -- - #ifndef HAVE_PRCTL -- /* If prctl is not defined on the system, try to handle -- * some common termination signals gracefully */ -- CatchSignal(SIGSEGV, sig_segv_abrt); -- CatchSignal(SIGABRT, sig_segv_abrt); -+ /* If prctl is not defined on the system, try to handle -+ * some common termination signals gracefully */ -+ (void) sig_segv_abrt; /* unused */ -+ /* -+ CatchSignal(SIGSEGV, sig_segv_abrt); -+ CatchSignal(SIGABRT, sig_segv_abrt); -+ */ - #endif - - } --- -1.8.0 - diff -urN sssd.orig/files/patch-src__util__sss_ldap.c sssd/files/patch-src__util__sss_ldap.c --- sssd.orig/files/patch-src__util__sss_ldap.c 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__util__sss_ldap.c 2014-10-05 09:56:07.000000000 +0000 @@ -1,17 +1,6 @@ -From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Sat, 4 May 2013 16:08:12 +0200 -Subject: [PATCH 27/34] patch-src__util__sss_ldap.c - ---- - src/util/sss_ldap.c | 7 +++++-- - 1 file changed, 5 insertions(+), 2 deletions(-) - -diff --git src/util/sss_ldap.c src/util/sss_ldap.c -index 060aacf..a2cc82a 100644 ---- src/util/sss_ldap.c -+++ src/util/sss_ldap.c -@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, +--- src/util/sss_ldap.c.orig 2014-10-05 09:28:45.000000000 +0000 ++++ src/util/sss_ldap.c 2014-10-05 11:11:12.000000000 +0000 +@@ -206,6 +206,9 @@ errno = 0; ret = connect(state->fd, (struct sockaddr *) &state->addr, state->addr_len); @@ -21,24 +10,12 @@ if (ret != EOK) { ret = errno; if (ret == EINPROGRESS || ret == EINTR) { -@@ -268,7 +271,7 @@ static errno_t set_fd_flags_and_opts(int fd) - strerror(ret))); - } - -- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); -+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); - if (ret != 0) { - ret = errno; - DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, -@@ -341,7 +344,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, - DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); +@@ -346,7 +349,7 @@ + "Using file descriptor [%d] for LDAP connection.\n", state->sd); subreq = sdap_async_sys_connect_send(state, ev, state->sd, - (struct sockaddr *) addr, addr_len); + (struct sockaddr *) addr, sizeof(struct sockaddr)); if (subreq == NULL) { ret = ENOMEM; - DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); --- -1.8.0 - + DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n"); diff -urN sssd.orig/files/patch-src__util__util.h sssd/files/patch-src__util__util.h --- sssd.orig/files/patch-src__util__util.h 2014-01-22 17:40:44.000000000 +0000 +++ sssd/files/patch-src__util__util.h 2014-10-05 09:48:52.000000000 +0000 @@ -1,23 +1,11 @@ -From 5fcf9d93df255105ec065b168ddc11d98b5bb5d1 Mon Sep 17 00:00:00 2001 -From: Lukas Slebodnik -Date: Wed, 6 Nov 2013 22:01:21 +0100 -Subject: [PATCH 24/25] patch-src__util__util.h - ---- - src/util/util.h | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git src/util/util.h src/util/util.h -index eab1f78..8e29fb5 100644 ---- src/util/util.h -+++ src/util/util.h -@@ -571,4 +571,6 @@ errno_t sss_br_lock_file(int fd, size_t start, size_t len, +--- src/util/util.h.orig 2014-10-05 09:29:04.000000000 +0000 ++++ src/util/util.h 2014-10-05 11:11:58.000000000 +0000 +@@ -535,6 +535,8 @@ #define BUILD_WITH_PAC_RESPONDER false #endif +#include "util/sss_bsd_errno.h" + - #endif /* __SSSD_UTIL_H__ */ --- -1.8.0 - + /* from string_utils.c */ + char * sss_replace_space(TALLOC_CTX *mem_ctx, + const char *orig_name, diff -urN sssd.orig/pkg-plist sssd/pkg-plist --- sssd.orig/pkg-plist 2014-05-22 14:12:25.000000000 +0000 +++ sssd/pkg-plist 2014-10-05 10:22:11.000000000 +0000 @@ -1,23 +1,30 @@ +/you/have/to/check/what/makeplist/gives/you bin/sss_ssh_authorizedkeys bin/sss_ssh_knownhostsproxy -@sample %%ETCDIR%%/sssd.conf.sample +etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +etc/rc.d/sssd +%%ETCDIR%%/sssd.conf.sample include/ipa_hbac.h include/sss_idmap.h -include/sss_sudo.h +include/sss_nss_idmap.h +lib/krb5/plugins/authdata/sssd_pac_plugin.so lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so lib/libipa_hbac.so lib/libipa_hbac.so.0 lib/libipa_hbac.so.0.0.1 lib/libsss_idmap.so lib/libsss_idmap.so.0 -lib/libsss_idmap.so.0.0.1 +lib/libsss_idmap.so.0.4.0 +lib/libsss_nss_idmap.so +lib/libsss_nss_idmap.so.0 +lib/libsss_nss_idmap.so.0.0.1 lib/libsss_sudo.so lib/nss_sss.so lib/nss_sss.so.1 lib/nss_sss.so.2 lib/nss_sss.so.2.0.0 lib/pam_sss.so -%%PYTHON_SITELIBDIR%%/SSSDConfig-1.9.6-py%%PYTHON_VER%%.egg-info +%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py @@ -27,27 +34,36 @@ %%PYTHON_SITELIBDIR%%/pyhbac.so %%PYTHON_SITELIBDIR%%/pysss.so %%PYTHON_SITELIBDIR%%/pysss_murmur.so +%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so lib/shared-modules/ldb/memberof.so -lib/sssd/libsss_ad.so -lib/sssd/libsss_ipa.so +%%SMB%%lib/sssd/libsss_ad.so +lib/sssd/libsss_child.so +lib/sssd/libsss_crypt.so +lib/sssd/libsss_debug.so +%%SMB%%lib/sssd/libsss_ipa.so lib/sssd/libsss_krb5.so +lib/sssd/libsss_krb5_common.so lib/sssd/libsss_ldap.so +lib/sssd/libsss_ldap_common.so lib/sssd/libsss_proxy.so lib/sssd/libsss_simple.so +lib/sssd/libsss_util.so libdata/pkgconfig/ipa_hbac.pc libdata/pkgconfig/sss_idmap.pc +libdata/pkgconfig/sss_nss_idmap.pc libexec/sssd/krb5_child libexec/sssd/ldap_child libexec/sssd/proxy_child +libexec/sssd/sss_signal libexec/sssd/sssd_be +libexec/sssd/sssd_ifp libexec/sssd/sssd_nss +libexec/sssd/sssd_pac libexec/sssd/sssd_pam libexec/sssd/sssd_ssh libexec/sssd/sssd_sudo man/es/man1/sss_ssh_authorizedkeys.1.gz man/es/man1/sss_ssh_knownhostsproxy.1.gz -man/es/man5/sssd-ad.5.gz -man/es/man5/sssd-ipa.5.gz man/es/man5/sssd-ldap.5.gz man/es/man5/sssd-simple.5.gz man/es/man5/sssd-sudo.5.gz @@ -69,7 +85,6 @@ man/fr/man1/sss_ssh_authorizedkeys.1.gz man/fr/man1/sss_ssh_knownhostsproxy.1.gz man/fr/man5/sssd-ad.5.gz -man/fr/man5/sssd-ipa.5.gz man/fr/man5/sssd-krb5.5.gz man/fr/man5/sssd-ldap.5.gz man/fr/man5/sssd-simple.5.gz @@ -91,8 +106,6 @@ man/fr/man8/sssd_krb5_locator_plugin.8.gz man/ja/man1/sss_ssh_authorizedkeys.1.gz man/ja/man1/sss_ssh_knownhostsproxy.1.gz -man/ja/man5/sssd-ad.5.gz -man/ja/man5/sssd-ipa.5.gz man/ja/man5/sssd-krb5.5.gz man/ja/man5/sssd-ldap.5.gz man/ja/man5/sssd-simple.5.gz @@ -113,6 +126,7 @@ man/man1/sss_ssh_authorizedkeys.1.gz man/man1/sss_ssh_knownhostsproxy.1.gz man/man5/sssd-ad.5.gz +man/man5/sssd-ifp.5.gz man/man5/sssd-ipa.5.gz man/man5/sssd-krb5.5.gz man/man5/sssd-ldap.5.gz @@ -139,7 +153,7 @@ man/uk/man1/sss_ssh_authorizedkeys.1.gz man/uk/man1/sss_ssh_knownhostsproxy.1.gz man/uk/man5/sssd-ad.5.gz -man/uk/man5/sssd-ipa.5.gz +man/uk/man5/sssd-ifp.5.gz man/uk/man5/sssd-krb5.5.gz man/uk/man5/sssd-ldap.5.gz man/uk/man5/sssd-simple.5.gz @@ -171,36 +185,112 @@ sbin/sss_userdel sbin/sss_usermod sbin/sssd -%%PORTDOCS%%@dirrm %%DOCSDIR%%/libsss_sudo_doc -%%PORTDOCS%%@dirrm %%DOCSDIR%%/idmap_doc -%%PORTDOCS%%@dirrm %%DOCSDIR%%/hbac_doc -%%PORTDOCS%%@dirrm %%DOCSDIR%%/doc -%%PORTDOCS%%@dirrm %%DOCSDIR%% -@dirrm libexec/sssd -@dirrm lib/sssd/modules -@dirrm lib/sssd -@dirrm %%PYTHON_SITELIBDIR%%/SSSDConfig +%%DATADIR%%/dbus-1/system-services/org.freedesktop.sssd.infopipe.service +%%DATADIR%%/locale/bg/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/de/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/es/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/eu/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/fr/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/hu/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/id/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/it/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/ja/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/nb/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/nl/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/pl/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/pt/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/ru/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/sv/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/tg/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/tr/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/uk/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/zh_CN/LC_MESSAGES/sssd.mo +%%DATADIR%%/locale/zh_TW/LC_MESSAGES/sssd.mo +%%DATADIR%%/sssd/sssd.api.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-ad.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-ipa.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-krb5.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-ldap.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-local.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-proxy.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-simple.conf @dirrmtry %%ETCDIR%% -@dirrmtry man/uk/man8 -@dirrmtry man/uk/man5 -@dirrmtry man/uk/man1 -@dirrmtry man/uk -@dirrmtry man/pt/man8 -@dirrmtry man/pt/man5 -@dirrmtry man/pt/man1 -@dirrmtry man/pt -@dirrmtry man/nl/man8 -@dirrmtry man/nl/man5 -@dirrmtry man/nl/man1 -@dirrmtry man/nl -@dirrmtry man/fr/man8 -@dirrmtry man/fr/man5 -@dirrmtry man/fr/man1 -@dirrmtry man/fr -@dirrmtry man/es/man8 -@dirrmtry man/es/man5 +@dirrmtry %%PYTHON_SITELIBDIR%%/SSSDConfig +@dirrmtry lib/sssd/modules +@dirrmtry lib/sssd +@dirrmtry libexec/sssd @dirrmtry man/es/man1 +@dirrmtry man/es/man5 +@dirrmtry man/es/man8 @dirrmtry man/es +@dirrmtry man/fr/man1 +@dirrmtry man/fr/man5 +@dirrmtry man/fr/man8 +@dirrmtry man/fr +@dirrmtry man/nl/man1 +@dirrmtry man/nl/man5 +@dirrmtry man/nl/man8 +@dirrmtry man/nl +@dirrmtry man/pt/man1 +@dirrmtry man/pt/man5 +@dirrmtry man/pt/man8 +@dirrmtry man/pt +@dirrmtry man/uk/man1 +@dirrmtry man/uk/man5 +@dirrmtry man/uk/man8 +@dirrmtry man/uk +%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/doc +%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/hbac_doc +%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/idmap_doc +%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/libsss_sudo_doc +%%PORTDOCS%%@dirrmtry %%DOCSDIR%%/nss_idmap_doc +%%PORTDOCS%%@dirrmtry %%DOCSDIR%% +@dirrmtry %%DATADIR%%/dbus-1/system-services +@dirrmtry %%DATADIR%%/dbus-1 +@dirrmtry %%DATADIR%%/locale/bg/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/bg +@dirrmtry %%DATADIR%%/locale/de/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/de +@dirrmtry %%DATADIR%%/locale/es/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/es +@dirrmtry %%DATADIR%%/locale/eu/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/eu +@dirrmtry %%DATADIR%%/locale/fr/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/fr +@dirrmtry %%DATADIR%%/locale/hu/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/hu +@dirrmtry %%DATADIR%%/locale/id/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/id +@dirrmtry %%DATADIR%%/locale/it/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/it +@dirrmtry %%DATADIR%%/locale/ja/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/ja +@dirrmtry %%DATADIR%%/locale/nb/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/nb +@dirrmtry %%DATADIR%%/locale/nl/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/nl +@dirrmtry %%DATADIR%%/locale/pl/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/pl +@dirrmtry %%DATADIR%%/locale/pt/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/pt +@dirrmtry %%DATADIR%%/locale/ru/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/ru +@dirrmtry %%DATADIR%%/locale/sv/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/sv +@dirrmtry %%DATADIR%%/locale/tg/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/tg +@dirrmtry %%DATADIR%%/locale/tr/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/tr +@dirrmtry %%DATADIR%%/locale/uk/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/uk +@dirrmtry %%DATADIR%%/locale/zh_CN/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/zh_CN +@dirrmtry %%DATADIR%%/locale/zh_TW/LC_MESSAGES +@dirrmtry %%DATADIR%%/locale/zh_TW +@dirrmtry %%DATADIR%%/locale +@dirrmtry %%DATADIR%%/sssd/sssd.api.d +@dirrmtry %%DATADIR%%/sssd +@dirrmtry %%DATADIR%% @unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi @unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi @unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi