--- security/sssd/Makefile 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/Makefile 2020-07-15 11:17:57.532214000 +0200 @@ -1,9 +1,8 @@ # Created by: Lukas Slebodnik -# $FreeBSD: head/security/sssd/Makefile 529824 2020-03-29 18:16:30Z fernape $ +# $FreeBSD: head/security/sssd/Makefile 505782 2019-07-03 19:30:03Z antoine $ PORTNAME= sssd -PORTVERSION= 1.11.7 -PORTREVISION= 20 +PORTVERSION= 1.13.4 CATEGORIES= security MASTER_SITES= https://releases.pagure.org/SSSD/${PORTNAME}/ @@ -13,9 +12,6 @@ LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING -DEPRECATED= Uses deprecated version of python -EXPIRATION_DATE= 2020-09-15 - LIB_DEPENDS= libpopt.so:devel/popt \ libtalloc.so:devel/talloc \ libtevent.so:devel/tevent \ @@ -38,11 +34,8 @@ nsupdate:dns/bind-tools USES= autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \ - python:2.7 shebangfix gssapi:mit + shebangfix gssapi:mit -USE_LDCONFIG= yes -USE_OPENLDAP= yes - GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ @@ -50,17 +43,24 @@ --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ --docdir=${DOCSDIR} --with-pid-path=/var/run \ --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ - --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ - --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \ + --with-db-path=/var/db/sss/db \ + --with-gpo-cache-path=/var/db/sss/gpo_cache \ + --with-pipe-path=/var/run/sss \ + --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss/mc \ --with-unicode-lib=libunistring --with-autofs=no \ --disable-cifs-idmap-plugin --disable-config-lib \ --with-krb5-conf=/etc/krb5.conf +# TODO: investigate possible sssd/nfsuserd compatibility +CONFIGURE_ARGS+= --without-nfsv4-idmapd-plugin CFLAGS+= -fstack-protector-all -PLIST_SUB= PYTHON_VER=${PYTHON_VER} +# add __STDC_WANT_LIB_EXT1__ - see https://stackoverflow.com/questions/24206989/error-use-of-undeclared-identifier-errno-t +#CPPFLAGS+= -D__STDC_WANT_LIB_EXT1__ #DEBUG_FLAGS= -g MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" SUB_FILES= pkg-message +USE_LDCONFIG= yes +USE_OPENLDAP= yes INSTALL_TARGET= install-strip CPE_VENDOR= fedoraproject @@ -70,12 +70,28 @@ USE_RC_SUBR= ${PORTNAME} PORTDATA= * -OPTIONS_DEFINE= DOCS SMB +OPTIONS_DEFINE= DOCS SMB +OPTIONS_DEFAULT= PYTHON3 +OPTIONS_RADIO= PYTHON +OPTIONS_RADIO_PYTHON= PYTHON2 PYTHON3 OPTIONS_SUB= yes +PYTHON2_CONFIGURE_WITH= python2-bindings +PYTHON2_USES= python:2.7 +PYTHON2_VARS= PYTHON2_CMD=${PYTHON_CMD:T} PYTHON3_CMD= +PYTHON3_CONFIGURE_WITH= python3-bindings +PYTHON3_USES= python:3.5+ +PYTHON3_VARS= PYTHON2_CMD= PYTHON3_CMD=${PYTHON_CMD:T} + +PLIST_SUB+= PORTVERSION=${PORTVERSION} \ + PYTHONPREFIX_SITELIBDIR=${PYTHONPREFIX_SITELIBDIR} \ + PYTHON_VER=${PYTHON_VER} + SMB_DESC= Install IPA and AD providers (requires Samba4) SMB_USES= samba:lib # libndr-krb5pac libndr-nbt libndr libsamba-util SMB_CONFIGURE_WITH= samba +# PAC (Privilege Attribute Certificate) responder currently needs samba +SMB_CONFIGURE_ENABLE= pac-responder post-patch: @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c @@ -95,6 +111,9 @@ @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ ${WRKSRC}/src/man/*xml + @${REINPLACE_CMD} 's|%%PYTHON2_CMD%%|${PYTHON2_CMD}|g; \ + s|%%PYTHON3_CMD%%|${PYTHON3_CMD}|g' \ + ${WRKSRC}/configure.ac @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h @@ -102,13 +121,18 @@ ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \ ${STAGEDIR}${ETCDIR}/sssd.conf.sample ${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1 -# clean these up from the install; we create them in rc script start_precmd -.for d in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss - @${RMDIR} ${STAGEDIR}/var/${d} -.endfor # clean unused man dirs .for i in nl/man1 nl/man5 pt/man1 pt/man5 @${RMDIR} ${STAGEDIR}${PREFIX}/man/${i} .endfor + +.include + +.if empty(PORT_OPTIONS:MPYTHON2) && empty(PORT_OPTIONS:MPYTHON3) +PLIST_SUB+= PYTHON="@comment " +USES+= python:3.5+,build +.else +PLIST_SUB+= PYTHON= +.endif .include --- security/sssd/distinfo 2015-01-31 14:53:54.285068000 +0100 +++ security/sssd/distinfo 2020-07-13 15:53:35.000000000 +0200 @@ -1,2 +1,5 @@ -SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5 -SIZE (sssd-1.11.7.tar.gz) = 3661227 +TIMESTAMP = 1560523527 +SHA256 (sssd-1.13.4.tar.gz) = 0a7bba7697088734c5fa1844dbb6de4f1f11afd30df02f0c1dd2579114c0a194 +SIZE (sssd-1.13.4.tar.gz) = 4730392 +SHA256 (sssd-1.13.4.tar.gz.asc) = adf1ebfd023079092748f4998e4d8476014ee78f30ce59e0a464f841aef79afa +SIZE (sssd-1.13.4.tar.gz.asc) = 181 --- security/sssd/files/patch-Makefile.am 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-Makefile.am 2020-07-13 15:53:35.000000000 +0200 @@ -1,30 +1,49 @@ ---- Makefile.am.orig 2020-03-16 18:30:24 UTC +--- Makefile.am.orig 2019-04-13 14:48:41 UTC +++ Makefile.am -@@ -311,6 +311,7 @@ AM_CPPFLAGS = \ - $(LIBNL_CFLAGS) \ +@@ -54,7 +54,7 @@ sssddatadir = $(datadir)/sssd + sssdapiplugindir = $(sssddatadir)/sssd.api.d + dbuspolicydir = $(sysconfdir)/dbus-1/system.d + dbusservicedir = $(datadir)/dbus-1/system-services +-sss_statedir = $(localstatedir)/lib/sss ++sss_statedir = $(localstatedir)/db/sss + localedir = @localedir@ + nsslibdir = @nsslibdir@ + pamlibdir = @pammoddir@ +@@ -96,6 +96,9 @@ + -fno-strict-aliasing \ + -std=gnu99 + endif ++if HAVE_ERRNO_T ++ AM_CFLAGS += -D__STDC_WANT_LIB_EXT1__ ++endif + + pkgconfig_DATA = + +@@ -427,6 +427,7 @@ AM_CPPFLAGS = \ $(OPENLDAP_CFLAGS) \ $(GLIB2_CFLAGS) \ + $(JOURNALD_CFLAGS) \ + -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \ -DLIBDIR=\"$(libdir)\" \ -DVARDIR=\"$(localstatedir)\" \ - -DSHLIBEXT=\"$(SHLIBEXT)\" \ -@@ -378,6 +379,7 @@ SSSD_LIBS = \ + -DSSS_STATEDIR=\"$(sss_statedir)\" \ +@@ -497,6 +498,7 @@ SSSD_LIBS = \ + $(COLLECTION_LIBS) \ $(DHASH_LIBS) \ - $(SSS_CRYPT_LIBS) \ $(OPENLDAP_LIBS) \ + $(LTLIBINTL) \ $(TDB_LIBS) PYTHON_BINDINGS_LIBS = \ -@@ -433,6 +435,7 @@ dist_noinst_HEADERS = \ +@@ -546,6 +548,7 @@ dist_noinst_HEADERS = \ src/util/sss_ssh.h \ src/util/sss_ini.h \ src/util/sss_format.h \ + src/util/sss_bsd_errno.h \ + src/util/sss_config.h \ src/util/refcount.h \ src/util/find_uid.h \ - src/util/user_info_msg.h \ -@@ -1700,9 +1703,10 @@ endif +@@ -2725,9 +2728,10 @@ intgcheck: # Client Libraries # #################### @@ -37,9 +56,9 @@ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ -@@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \ - src/sss_client/nss_mc_passwd.c \ +@@ -2741,9 +2745,9 @@ libnss_sss_la_SOURCES = \ src/sss_client/nss_mc_group.c \ + src/sss_client/nss_mc_initgr.c \ src/sss_client/nss_mc.h -libnss_sss_la_LIBADD = \ +nss_sss_la_LIBADD = \ @@ -49,20 +68,35 @@ -module \ -version-info 2:0:0 \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports -@@ -2086,6 +2090,7 @@ ldap_child_LDADD = \ +@@ -2936,6 +2940,7 @@ libsss_krb5_common_la_CFLAGS = \ + libsss_krb5_common_la_LIBADD = \ + $(KEYUTILS_LIBS) \ + $(DHASH_LIBS) \ ++ $(LTLIBINTL) \ + $(KRB5_LIBS) + libsss_krb5_common_la_LDFLAGS = \ + -avoid-version +@@ -3184,6 +3189,7 @@ ldap_child_LDADD = \ + $(TALLOC_LIBS) \ $(POPT_LIBS) \ - $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ + $(LTLIBINTL) \ $(KRB5_LIBS) + if BUILD_SEMANAGE +@@ -3223,6 +3229,7 @@ gpo_child_LDADD = \ + $(POPT_LIBS) \ + $(DHASH_LIBS) \ + $(INI_CONFIG_LIBS) \ ++ $(LTLIBINTL) \ + $(SMBCLIENT_LIBS) + proxy_child_SOURCES = \ -@@ -2333,7 +2338,7 @@ else - mkdir -p $(DESTDIR)$(initdir) - endif +@@ -3254,6 +3261,7 @@ p11_child_LDADD = \ + $(POPT_LIBS) \ + $(NSS_LIBS) \ + libsss_crypt.la \ ++ $(LTLIBINTL) \ + $(NULL) --install-data-hook: -+notinstall-data-hook: - rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ - $(DESTDIR)/$(nsslibdir)/libnss_sss.so - mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 + memberof_la_SOURCES = \ --- security/sssd/files/patch-configure.ac 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-configure.ac 2020-07-13 15:53:35.000000000 +0200 @@ -1,20 +1,29 @@ ---- configure.ac.orig 2014-09-17 13:01:37 UTC +--- configure.ac.orig 2016-04-13 14:48:41 UTC +++ configure.ac -@@ -5,14 +5,14 @@ AC_INIT([sssd], - VERSION_NUMBER, - [sssd-devel@lists.fedorahosted.org]) +@@ -44,7 +44,8 @@ + AC_CHECK_HEADERS(stdint.h dlfcn.h) + AC_CONFIG_HEADER(config.h) + + AC_CHECK_TYPES([errno_t], [], [], [[#include ]]) ++AM_CONDITIONAL([HAVE_ERRNO_T], [test "$ac_cv_type_errno_t" = yes]) + + m4_include([src/build_macros.m4]) + BUILD_WITH_SHARED_BUILD_DIR +@@ -266,13 +266,13 @@ AM_CONDITIONAL([HAVE_PROFILE_CATALOGS], + AM_CONDITIONAL([HAVE_MANPAGES], [test "x$HAVE_MANPAGES" != "x"]) + AM_CONDITIONAL([HAVE_PO4A], [test "x$PO4A" != "xno"]) -+AC_CONFIG_SRCDIR([BUILD.txt]) -+AC_CONFIG_AUX_DIR([build]) -+ - m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], - [AC_USE_SYSTEM_EXTENSIONS], - [AC_GNU_SOURCE]) +-AC_CHECK_PROG(HAVE_PYTHON2, python2, yes, no) ++AC_CHECK_PROGS(HAVE_PYTHON2, %%PYTHON2_CMD%% python2, yes, no) + AS_IF([test x$HAVE_PYTHON2 = xyes], +- [AC_PATH_PROG(PYTHON2, python2)]) ++ [AC_PATH_PROGS(PYTHON2, %%PYTHON2_CMD%% python2)]) - CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" -- --AC_CONFIG_SRCDIR([BUILD.txt]) --AC_CONFIG_AUX_DIR([build]) +-AC_CHECK_PROG(HAVE_PYTHON3, python3, yes, no) ++AC_CHECK_PROGS(HAVE_PYTHON3, %%PYTHON3_CMD%% python3, yes, no) + AS_IF([test x$HAVE_PYTHON3 = xyes], +- [AC_PATH_PROG(PYTHON3, python3)]) ++ [AC_PATH_PROGS(PYTHON3, %%PYTHON3_CMD%% python3)]) - AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) - AM_PROG_CC_C_O + if test x$HAVE_PYTHON2_BINDINGS = x1; then + AS_IF([test x$HAVE_PYTHON2 != xyes], --- security/sssd/files/patch-src-monitor-monitor.c 1970-01-01 01:00:00.000000000 +0100 +++ security/sssd/files/patch-src-monitor-monitor.c 2020-07-15 11:15:25.654015000 +0200 @@ -0,0 +1,23 @@ +--- src/monitor/monitor.c.orig 2014-09-17 13:01:37 UTC ++++ src/monitor/monitor.c +@@ -2832,6 +2832,20 @@ int main(int argc, const char *argv[]) + ret = server_setup(MONITOR_NAME, flags, monitor->conf_path, &main_ctx); + if (ret != EOK) return 2; + ++ /* Use confd initialized in server_setup. ldb_tdb module (1.4.0) check PID ++ * of process which initialized db for locking purposes. ++ * Failed to unlock db: ../ldb_tdb/ldb_tdb.c:147: ++ * Reusing ldb opened by pid 28889 in process 28893 ++ */ ++ talloc_zfree(monitor->cdb); ++ monitor->cdb = main_ctx->confdb_ctx; ++ ++ ret = confdb_get_domains(monitor->cdb, &monitor->domains); ++ if (ret != EOK) { ++ DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured.\n"); ++ return 4; ++ } ++ + monitor->is_daemon = !opt_interactive; + monitor->parent_pid = main_ctx->parent_pid; + monitor->ev = main_ctx->event_ctx; --- security/sssd/files/patch-src-util-cert-nss-cert.c 1970-01-01 01:00:00.000000000 +0100 +++ security/sssd/files/patch-src-util-cert-nss-cert.c 2020-07-13 15:53:35.000000000 +0200 @@ -0,0 +1,10 @@ +--- src/util/cert/nss/cert.c.orig 2016-04-13 14:48:41 UTC ++++ src/util/cert/nss/cert.c +@@ -31,6 +31,7 @@ + #include "util/crypto/sss_crypto.h" + #include "util/crypto/nss/nss_util.h" + #include "util/cert.h" ++#include "util/sss_endian.h" + + #define NS_CERT_HEADER "-----BEGIN CERTIFICATE-----" + #define NS_CERT_TRAILER "-----END CERTIFICATE-----" --- security/sssd/files/patch-src-util-util.c 1970-01-01 01:00:00.000000000 +0100 +++ security/sssd/files/patch-src-util-util.c 2020-07-13 15:53:35.000000000 +0200 @@ -0,0 +1,29 @@ +--- src/util/util.c.orig 2016-04-13 14:48:41 UTC ++++ src/util/util.c +@@ -946,7 +946,7 @@ errno_t sss_utc_to_time_t(const char *st + len = strlen(str); + if (str[len-1] != 'Z') { + DEBUG(SSSDBG_TRACE_INTERNAL, +- "%s does not seem to be in UTZ time zone.\n", str); ++ "%s does not seem to be in UTC time zone.\n", str); + return ERR_TIMESPEC_NOT_SUPPORTED; + } + +@@ -967,15 +967,13 @@ errno_t sss_utc_to_time_t(const char *st + return EINVAL; + } + +- ut = mktime(&tm); ++ ut = timegm(&tm); + if (ut == -1) { + DEBUG(SSSDBG_TRACE_INTERNAL, +- "mktime failed to convert [%s].\n", str); ++ "timegm failed to convert [%s].\n", str); + return EINVAL; + } + +- tzset(); +- ut -= timezone; + *_unix_time = ut; + return EOK; + } --- security/sssd/files/patch-src__confdb__confdb.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__confdb__confdb.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/confdb/confdb.c.orig 2014-09-17 13:01:37 UTC +diff --git src/confdb/confdb.c src/confdb/confdb.c +index 19d8884..67720f7 100644 +--- src/confdb/confdb.c +++ src/confdb/confdb.c @@ -28,6 +28,11 @@ #include "util/strtonum.h" --- security/sssd/files/patch-src__external__inotify.m4 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__external__inotify.m4 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/external/inotify.m4.orig 2014-09-17 13:01:37 UTC +diff --git src/external/inotify.m4 src/external/inotify.m4 +index 9572f6d..2a5a8cf 100644 +--- src/external/inotify.m4 +++ src/external/inotify.m4 @@ -20,10 +20,10 @@ int main () { AS_IF([test x"$inotify_works" != xyes], --- security/sssd/files/patch-src__external__krb5.m4 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__external__krb5.m4 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/external/krb5.m4.orig 2014-09-17 13:01:37 UTC +diff --git src/external/krb5.m4 src/external/krb5.m4 +index 861c8c9..978ec03 100644 +--- src/external/krb5.m4 +++ src/external/krb5.m4 @@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then KRB5_PASSED_CFLAGS=$KRB5_CFLAGS --- security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,6 +1,8 @@ ---- src/providers/krb5/krb5_delayed_online_authentication.c.orig 2014-09-17 13:01:37 UTC +diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c +index 33b839e..da6ccfc 100644 +--- src/providers/krb5/krb5_delayed_online_authentication.c +++ src/providers/krb5/krb5_delayed_online_authentication.c -@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5 +@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, struct tevent_context *ev) { int ret; @@ -8,7 +10,7 @@ hash_table_t *tmp_table; ret = get_uid_table(krb5_ctx, &tmp_table); -@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5 +@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } --- security/sssd/files/patch-src__providers__ldap__ldap_auth.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__providers__ldap__ldap_auth.c 2020-07-13 15:53:35.000000000 +0200 @@ -1,4 +1,4 @@ ---- src/providers/ldap/ldap_auth.c.orig 2014-09-17 13:01:37 UTC +--- src/providers/ldap/ldap_auth.c.orig 2016-04-13 14:48:41 UTC +++ src/providers/ldap/ldap_auth.c @@ -37,7 +37,6 @@ #include @@ -8,10 +8,10 @@ #include #include "util/util.h" -@@ -56,6 +55,22 @@ enum pwexpire { - PWEXPIRE_SHADOW - }; +@@ -51,6 +50,22 @@ + #define LDAP_PWEXPIRE_WARNING_TIME 0 + +struct spwd +{ + char *sp_namp; /* Login name. */ @@ -31,31 +31,20 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *exp - return EINVAL; +@@ -96,9 +111,9 @@ static errno_t check_pwexpire_kerberos(c } -+ tzset(); - expire_time = mktime(&tm); - if (expire_time == -1) { - DEBUG(SSSDBG_CRIT_FAILURE, -@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *exp - return EINVAL; - } - -- tzset(); -- expire_time -= timezone; DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], - tzname[1], timezone, daylight, now, expire_time); + "Time info: tzname[0] [%s] tzname[1] [%s] " -+ "now [%ld] expire_time [%ld].\n", tzname[0], -+ tzname[1], now, expire_time); ++ "now [%ld] expire_time [%ld].\n", tzname[0], ++ tzname[1], now, expire_time); if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); -@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) +@@ -945,7 +960,7 @@ void sdap_pam_chpass_handler(struct be_r DEBUG(SSSDBG_OP_FAILURE, "starting password change request for user [%s].\n", pd->user); @@ -64,7 +53,7 @@ if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(SSSDBG_OP_FAILURE, -@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *r +@@ -1094,7 +1109,7 @@ static void sdap_auth4chpass_done(struct dp_err = DP_ERR_OFFLINE; break; default: @@ -73,7 +62,7 @@ } done: -@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *re +@@ -1156,7 +1171,7 @@ static void sdap_pam_chpass_done(struct state->sh, state->dn, lastchanged_name); if (subreq == NULL) { @@ -82,7 +71,7 @@ goto done; } -@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *re +@@ -1177,7 +1192,7 @@ static void sdap_lastchange_done(struct ret = sdap_modify_shadow_lastchange_recv(req); if (ret != EOK) { @@ -91,7 +80,7 @@ goto done; } -@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq) +@@ -1218,7 +1233,7 @@ void sdap_pam_auth_handler(struct be_req goto done; } @@ -100,8 +89,8 @@ switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: -@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) - state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; +@@ -1307,7 +1322,7 @@ static void sdap_pam_auth_done(struct te + state->pd->pam_status = PAM_PERM_DENIED; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; --- security/sssd/files/patch-src__providers__ldap__sdap_access.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__providers__ldap__sdap_access.c 2020-07-13 15:53:35.000000000 +0200 @@ -1,27 +1,15 @@ ---- src/providers/ldap/sdap_access.c.orig 2014-09-17 13:01:37 UTC +--- src/providers/ldap/sdap_access.c.orig 2016-04-13 14:48:41 UTC +++ src/providers/ldap/sdap_access.c -@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str - return true; - } +@@ -557,9 +557,9 @@ bool nds_check_expired(const char *exp_t -+ tzset(); - expire_time = mktime(&tm); - if (expire_time == -1) { - DEBUG(SSSDBG_CRIT_FAILURE, -@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str - return true; - } - -- tzset(); -- expire_time -= timezone; now = time(NULL); DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], - tzname[1], timezone, daylight, now, expire_time); + "Time info: tzname[0] [%s] tzname[1] [%s] " -+ "now [%ld] expire_time [%ld].\n", tzname[0], -+ tzname[1], now, expire_time); ++ "now [%ld] expire_time [%ld].\n", tzname[0], ++ tzname[1], now, expire_time); if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); --- security/sssd/files/patch-src__sss_client__common.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__sss_client__common.c 2020-07-13 15:53:35.000000000 +0200 @@ -1,4 +1,4 @@ ---- src/sss_client/common.c.orig 2014-09-17 13:01:37 UTC +--- src/sss_client/common.c.orig 2016-04-13 14:48:41 UTC +++ src/sss_client/common.c @@ -25,6 +25,7 @@ #include "config.h" @@ -16,7 +16,7 @@ #if HAVE_PTHREAD #include -@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c +@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req( *errnop = error; break; case 0: @@ -24,7 +24,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c +@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep( *errnop = error; break; case 0: @@ -32,7 +32,7 @@ break; case 1: if (pfd.revents & (POLLHUP)) { -@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int *errno +@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_soc *errnop = error; break; case 0: @@ -40,7 +40,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_comm +@@ -719,7 +718,7 @@ enum nss_status sss_nss_make_request(enu /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { @@ -49,12 +49,32 @@ } ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); - if (ret != SSS_STATUS_SUCCESS) { +@@ -727,9 +726,9 @@ enum nss_status sss_nss_make_request(enu + #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR + *errnop = 0; + errno = 0; +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + #else - return NSS_STATUS_UNAVAIL; + return NS_UNAVAIL; + #endif } - ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); +@@ -741,9 +740,9 @@ enum nss_status sss_nss_make_request(enu + #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR + *errnop = 0; + errno = 0; +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + #else +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + #endif + } + +@@ -752,17 +751,17 @@ enum nss_status sss_nss_make_request(enu + } switch (ret) { case SSS_STATUS_TRYAGAIN: - return NSS_STATUS_TRYAGAIN; @@ -64,12 +84,18 @@ + return NS_SUCCESS; case SSS_STATUS_UNAVAIL: default: + #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR + *errnop = 0; + errno = 0; +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + #else - return NSS_STATUS_UNAVAIL; + return NS_UNAVAIL; + #endif } } - -@@ -750,23 +749,23 @@ int sss_pac_make_request(enum sss_cli_command cmd, +@@ -791,12 +790,12 @@ int sss_pac_make_request(enum sss_cli_co /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { @@ -84,6 +110,17 @@ } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); +@@ -804,7 +803,7 @@ int sss_pac_make_request(enum sss_cli_co + /* try reopen socket */ + ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + + /* and make request one more time */ +@@ -812,12 +811,12 @@ int sss_pac_make_request(enum sss_cli_co + } switch (ret) { case SSS_STATUS_TRYAGAIN: - return NSS_STATUS_TRYAGAIN; --- security/sssd/files/patch-src__sss_client__nss_group.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__sss_client__nss_group.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/sss_client/nss_group.c.orig 2014-09-17 13:01:37 UTC +diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c +index e6ea54b..b27b671 100644 +--- src/sss_client/nss_group.c +++ src/sss_client/nss_group.c @@ -343,6 +343,76 @@ out: } --- security/sssd/files/patch-src__sss_client__sss_nss.exports 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__sss_client__sss_nss.exports 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/sss_client/sss_nss.exports.orig 2014-09-17 13:01:37 UTC +diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports +index 1eefea8..8e85a05 100644 +--- src/sss_client/sss_nss.exports +++ src/sss_client/sss_nss.exports @@ -3,6 +3,7 @@ EXPORTED { # public functions @@ -8,13 +10,13 @@ _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; -@@ -14,7 +15,24 @@ EXPORTED { +@@ -14,8 +15,25 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; + _nss_sss_getgroupmembership; _nss_sss_initgroups_dyn; -+ + + __nss_compat_getgrnam_r; + __nss_compat_getgrgid_r; + __nss_compat_getgrent_r; @@ -30,6 +32,7 @@ + __nss_compat_gethostbyname; + __nss_compat_gethostbyname2; + __nss_compat_gethostbyaddr; - ++ #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; + #_nss_sss_getaliasent_r; --- security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2014-09-17 13:01:37 UTC +diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c +index 34547d0..6901851 100644 +--- src/util/crypto/libcrypto/crypto_sha512crypt.c +++ src/util/crypto/libcrypto/crypto_sha512crypt.c @@ -28,6 +28,12 @@ #include --- security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,4 +1,6 @@ ---- src/util/crypto/nss/nss_sha512crypt.c.orig 2014-09-17 13:01:37 UTC +diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c +index 9fedd5e..90192ac 100644 +--- src/util/crypto/nss/nss_sha512crypt.c +++ src/util/crypto/nss/nss_sha512crypt.c @@ -29,6 +29,12 @@ #include --- security/sssd/files/patch-src__util__find_uid.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__find_uid.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,6 +1,8 @@ ---- src/util/find_uid.c.orig 2014-09-17 13:01:37 UTC +diff --git src/util/find_uid.c src/util/find_uid.c +index 4c8f73a..40f3690 100644 +--- src/util/find_uid.c +++ src/util/find_uid.c -@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t +@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) uint32_t num=0; errno_t error; @@ -9,7 +11,7 @@ if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed"); return EINVAL; -@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *tabl +@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) struct dirent *dirent; int ret, err; pid_t pid = -1; --- security/sssd/files/patch-src__util__server.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__server.c 2020-07-13 15:53:35.000000000 +0200 @@ -1,17 +1,11 @@ ---- src/util/server.c.orig 2014-09-17 13:01:37 UTC +--- src/util/server.c.orig 2016-04-13 14:48:41 UTC +++ src/util/server.c -@@ -322,12 +322,14 @@ static void setup_signals(void) - BlockSignals(false, SIGTERM); - - CatchSignal(SIGHUP, sig_hup); -- +@@ -308,8 +308,11 @@ static void setup_signals(void) #ifndef HAVE_PRCTL -- /* If prctl is not defined on the system, try to handle -- * some common termination signals gracefully */ + /* If prctl is not defined on the system, try to handle + * some common termination signals gracefully */ - CatchSignal(SIGSEGV, sig_segv_abrt); - CatchSignal(SIGABRT, sig_segv_abrt); -+ /* If prctl is not defined on the system, try to handle -+ * some common termination signals gracefully */ + (void) sig_segv_abrt; /* unused */ + /* + CatchSignal(SIGSEGV, sig_segv_abrt); --- security/sssd/files/patch-src__util__signal.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__signal.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,71 +0,0 @@ ---- src/util/signal.c.orig 2014-09-17 13:01:37 UTC -+++ src/util/signal.c -@@ -28,45 +28,6 @@ - * @brief Signal handling - */ - --/**************************************************************************** -- Catch child exits and reap the child zombie status. --****************************************************************************/ -- --static void sig_cld(int signum) --{ -- while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0) -- ; -- -- /* -- * Turns out it's *really* important not to -- * restore the signal handler here if we have real POSIX -- * signal handling. If we do, then we get the signal re-delivered -- * immediately - hey presto - instant loop ! JRA. -- */ -- --#if !defined(HAVE_SIGACTION) -- CatchSignal(SIGCLD, sig_cld); --#endif --} -- --/**************************************************************************** --catch child exits - leave status; --****************************************************************************/ -- --static void sig_cld_leave_status(int signum) --{ -- /* -- * Turns out it's *really* important not to -- * restore the signal handler here if we have real POSIX -- * signal handling. If we do, then we get the signal re-delivered -- * immediately - hey presto - instant loop ! JRA. -- */ -- --#if !defined(HAVE_SIGACTION) -- CatchSignal(SIGCLD, sig_cld_leave_status); --#endif --} -- - /** - Block sigs. - **/ -@@ -125,22 +86,4 @@ void (*CatchSignal(int signum,void (*handler)(int )))( - /* FIXME: need to handle sigvec and systems with broken signal() */ - return signal(signum, handler); - #endif --} -- --/** -- Ignore SIGCLD via whatever means is necessary for this OS. --**/ -- --void CatchChild(void) --{ -- CatchSignal(SIGCLD, sig_cld); --} -- --/** -- Catch SIGCLD but leave the child around so it's status can be reaped. --**/ -- --void CatchChildLeaveStatus(void) --{ -- CatchSignal(SIGCLD, sig_cld_leave_status); - } --- security/sssd/files/patch-src__util__sss_ldap.c 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__sss_ldap.c 2020-07-13 15:51:19.000000000 +0200 @@ -1,6 +1,8 @@ ---- src/util/sss_ldap.c.orig 2014-09-17 13:01:37 UTC +diff --git src/util/sss_ldap.c src/util/sss_ldap.c +index dd63b4b..0764622 100644 +--- src/util/sss_ldap.c +++ src/util/sss_ldap.c -@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_ +@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, errno = 0; ret = connect(state->fd, (struct sockaddr *) &state->addr, state->addr_len); @@ -10,7 +12,7 @@ if (ret != EOK) { ret = errno; if (ret == EINPROGRESS || ret == EINTR) { -@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ +@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, "Using file descriptor [%d] for LDAP connection.\n", state->sd); subreq = sdap_async_sys_connect_send(state, ev, state->sd, --- security/sssd/files/patch-src__util__util.h 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/files/patch-src__util__util.h 2020-07-13 15:53:35.000000000 +0200 @@ -1,18 +1,13 @@ ---- src/util/util.h.orig 2014-09-17 13:01:37 UTC +--- src/util/util.h.orig 2016-04-13 14:48:41 UTC +++ src/util/util.h -@@ -227,8 +227,6 @@ void sig_term(int sig); - #include - void BlockSignals(bool block, int signum); - void (*CatchSignal(int signum,void (*handler)(int )))(int); --void CatchChild(void); --void CatchChildLeaveStatus(void); - - /* from memory.c */ - typedef int (void_destructor_fn_t)(void *); -@@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx, - char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx, - const char *orig_name, - const char replace_char); +@@ -586,5 +586,10 @@ + * so that it's guaranteed the file is removed. + */ + int sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl); +#include "util/sss_bsd_errno.h" ++ ++#ifndef N_ELEMENTS ++#define N_ELEMENTS(arr) (sizeof(arr) / sizeof(arr[0])) ++#endif #endif /* __SSSD_UTIL_H__ */ --- security/sssd/files/patch-src_external_pac__responder.m4 2019-05-29 08:46:56.815968000 +0200 +++ security/sssd/files/patch-src_external_pac__responder.m4 2020-07-13 15:53:35.000000000 +0200 @@ -1,6 +1,6 @@ ---- src/external/pac_responder.m4.orig 2014-09-17 13:01:37 UTC +--- src/external/pac_responder.m4.orig 2016-04-13 14:48:41 UTC +++ src/external/pac_responder.m4 -@@ -14,14 +14,19 @@ then +@@ -14,7 +14,7 @@ then PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes, AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac])) @@ -9,12 +9,11 @@ AC_MSG_CHECKING(for supported MIT krb5 version) KRB5_VERSION="`$KRB5_CONFIG --version`" case $KRB5_VERSION in - Kerberos\ 5\ release\ 1.9* | \ - Kerberos\ 5\ release\ 1.10* | \ +@@ -23,7 +23,10 @@ then Kerberos\ 5\ release\ 1.11* | \ -- Kerberos\ 5\ release\ 1.12*) -+ Kerberos\ 5\ release\ 1.12* | \ -+ Kerberos\ 5\ release\ 1.13* | \ + Kerberos\ 5\ release\ 1.12* | \ + Kerberos\ 5\ release\ 1.13* | \ +- Kerberos\ 5\ release\ 1.14*) + Kerberos\ 5\ release\ 1.14* | \ + Kerberos\ 5\ release\ 1.15* | \ + Kerberos\ 5\ release\ 1.16* | \ --- security/sssd/files/patch-src_providers_ad_ad__gpo__ndr.c 1970-01-01 01:00:00.000000000 +0100 +++ security/sssd/files/patch-src_providers_ad_ad__gpo__ndr.c 2020-07-13 15:53:35.000000000 +0200 @@ -0,0 +1,11 @@ +--- src/providers/ad/ad_gpo_ndr.c.orig 2019-10-02 15:20:18 UTC ++++ src/providers/ad/ad_gpo_ndr.c +@@ -258,7 +258,7 @@ ndr_pull_dom_sid(struct ndr_pull *ndr, + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->sid_rev_num)); + NDR_CHECK(ndr_pull_int8(ndr, NDR_SCALARS, &r->num_auths)); +- if (r->num_auths < 0 || r->num_auths > ARRAY_SIZE(r->sub_auths)) { ++ if (r->num_auths < 0 || r->num_auths > N_ELEMENTS(r->sub_auths)) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->id_auth, 6)); --- security/sssd/files/sssd.in 2014-05-21 13:46:16.745365000 +0200 +++ security/sssd/files/sssd.in 2020-07-13 15:53:35.000000000 +0200 @@ -34,7 +34,7 @@ sssd_prestart() { - for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do + for i in db/sss db/sss/db db/sss/gpo_cache db/sss/mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi done } --- security/sssd/pkg-plist 2020-03-29 20:16:30.327608000 +0200 +++ security/sssd/pkg-plist 2020-07-15 08:49:59.418939000 +0200 @@ -5,35 +5,46 @@ include/ipa_hbac.h include/sss_idmap.h include/sss_nss_idmap.h +include/sss_sifp_dbus.h +include/sss_sifp.h +include/wbclient_sssd.h +%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so lib/libipa_hbac.so lib/libipa_hbac.so.0 lib/libipa_hbac.so.0.0.1 lib/libsss_idmap.so lib/libsss_idmap.so.0 -lib/libsss_idmap.so.0.4.0 +lib/libsss_idmap.so.0.5.0 lib/libsss_nss_idmap.so lib/libsss_nss_idmap.so.0 -lib/libsss_nss_idmap.so.0.0.1 +lib/libsss_nss_idmap.so.0.1.0 +lib/libsss_simpleifp.so +lib/libsss_simpleifp.so.0 +lib/libsss_simpleifp.so.0.0.1 lib/libsss_sudo.so lib/nss_sss.so lib/nss_sss.so.1 lib/nss_sss.so.2 lib/nss_sss.so.2.0.0 lib/pam_sss.so -%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info -%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py -%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc -%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py -%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.pyc -%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.py -%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.pyc -%%PYTHON_SITELIBDIR%%/pyhbac.so -%%PYTHON_SITELIBDIR%%/pysss.so -%%PYTHON_SITELIBDIR%%/pysss_murmur.so -%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/pyhbac.so +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/pysss_murmur.so +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/pysss_nss_idmap.so +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/pysss.so +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig-%%PORTVERSION%%-py%%PYTHON_VER%%.egg-info +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/__init__.py +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/ipachangeconf.py +%%PYTHON%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.py +%%PYTHON2%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/__init__.pyc +%%PYTHON2%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/ipachangeconf.pyc +%%PYTHON2%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.pyc +%%PYTHON3%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/__pycache__/__init__.cpython-37.pyc +%%PYTHON3%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf.cpython-37.pyc +%%PYTHON3%%%%PYTHONPREFIX_SITELIBDIR%%/SSSDConfig/__pycache__/sssd_upgrade_config.cpython-37.pyc lib/shared-modules/ldb/memberof.so %%SMB%%lib/sssd/libsss_ad.so +lib/sssd/libsss_cert.so lib/sssd/libsss_child.so lib/sssd/libsss_crypt.so lib/sssd/libsss_debug.so @@ -45,26 +56,55 @@ lib/sssd/libsss_proxy.so lib/sssd/libsss_simple.so lib/sssd/libsss_util.so +lib/sssd/libsss_semanage.so +lib/sssd/modules/libwbclient.so +lib/sssd/modules/libwbclient.so.0 +lib/sssd/modules/libwbclient.so.0.12.0 +lib/sssd/modules/sssd_krb5_localauth_plugin.so libdata/pkgconfig/ipa_hbac.pc libdata/pkgconfig/sss_idmap.pc libdata/pkgconfig/sss_nss_idmap.pc +libdata/pkgconfig/sss_simpleifp.pc +libdata/pkgconfig/wbclient_sssd.pc +%%SMB%%libexec/sssd/gpo_child libexec/sssd/krb5_child libexec/sssd/ldap_child +libexec/sssd/p11_child libexec/sssd/proxy_child libexec/sssd/sss_signal libexec/sssd/sssd_be libexec/sssd/sssd_ifp libexec/sssd/sssd_nss +%%SMB%%libexec/sssd/sssd_pac libexec/sssd/sssd_pam libexec/sssd/sssd_ssh libexec/sssd/sssd_sudo -man/es/man1/sss_ssh_authorizedkeys.1.gz +man/de/man1/sss_ssh_authorizedkeys.1.gz +man/de/man1/sss_ssh_knownhostsproxy.1.gz +man/de/man5/sssd-ifp.5.gz +man/de/man5/sssd-krb5.5.gz +man/de/man5/sssd-ldap.5.gz +man/de/man5/sssd-simple.5.gz +man/de/man5/sssd-sudo.5.gz +man/de/man5/sssd.conf.5.gz +man/de/man8/pam_sss.8.gz +man/de/man8/sss_cache.8.gz +man/de/man8/sss_debuglevel.8.gz +man/de/man8/sss_groupadd.8.gz +man/de/man8/sss_groupdel.8.gz +man/de/man8/sss_groupmod.8.gz +man/de/man8/sss_groupshow.8.gz +man/de/man8/sss_obfuscate.8.gz +man/de/man8/sss_seed.8.gz +man/de/man8/sss_useradd.8.gz +man/de/man8/sss_userdel.8.gz +man/de/man8/sss_usermod.8.gz +man/de/man8/sssd_krb5_locator_plugin.8.gz +man/de/man8/sssd.8.gz man/es/man1/sss_ssh_knownhostsproxy.1.gz man/es/man5/sssd-ldap.5.gz man/es/man5/sssd-simple.5.gz man/es/man5/sssd-sudo.5.gz -man/es/man5/sssd.conf.5.gz -man/es/man8/pam_sss.8.gz man/es/man8/sss_cache.8.gz man/es/man8/sss_debuglevel.8.gz man/es/man8/sss_groupadd.8.gz @@ -80,7 +120,6 @@ man/es/man8/sssd_krb5_locator_plugin.8.gz man/fr/man1/sss_ssh_authorizedkeys.1.gz man/fr/man1/sss_ssh_knownhostsproxy.1.gz -man/fr/man5/sssd-ad.5.gz man/fr/man5/sssd-krb5.5.gz man/fr/man5/sssd-ldap.5.gz man/fr/man5/sssd-simple.5.gz @@ -103,10 +142,7 @@ man/ja/man1/sss_ssh_authorizedkeys.1.gz man/ja/man1/sss_ssh_knownhostsproxy.1.gz man/ja/man5/sssd-krb5.5.gz -man/ja/man5/sssd-ldap.5.gz man/ja/man5/sssd-simple.5.gz -man/ja/man5/sssd.conf.5.gz -man/ja/man8/pam_sss.8.gz man/ja/man8/sss_cache.8.gz man/ja/man8/sss_debuglevel.8.gz man/ja/man8/sss_groupadd.8.gz @@ -121,9 +157,9 @@ man/ja/man8/sssd_krb5_locator_plugin.8.gz man/man1/sss_ssh_authorizedkeys.1.gz man/man1/sss_ssh_knownhostsproxy.1.gz -man/man5/sssd-ad.5.gz +%%SMB%%man/man5/sssd-ad.5.gz man/man5/sssd-ifp.5.gz -man/man5/sssd-ipa.5.gz +%%SMB%%man/man5/sssd-ipa.5.gz man/man5/sssd-krb5.5.gz man/man5/sssd-ldap.5.gz man/man5/sssd-simple.5.gz @@ -137,6 +173,7 @@ man/man8/sss_groupmod.8.gz man/man8/sss_groupshow.8.gz man/man8/sss_obfuscate.8.gz +man/man8/sss_override.8.gz man/man8/sss_seed.8.gz man/man8/sss_useradd.8.gz man/man8/sss_userdel.8.gz @@ -148,8 +185,10 @@ man/pt/man8/sss_groupmod.8.gz man/uk/man1/sss_ssh_authorizedkeys.1.gz man/uk/man1/sss_ssh_knownhostsproxy.1.gz +man/uk/man5/sss_rpcidmapd.5.gz man/uk/man5/sssd-ad.5.gz man/uk/man5/sssd-ifp.5.gz +man/uk/man5/sssd-ipa.5.gz man/uk/man5/sssd-krb5.5.gz man/uk/man5/sssd-ldap.5.gz man/uk/man5/sssd-simple.5.gz @@ -167,15 +206,16 @@ man/uk/man8/sss_useradd.8.gz man/uk/man8/sss_userdel.8.gz man/uk/man8/sss_usermod.8.gz -man/uk/man8/sssd.8.gz man/uk/man8/sssd_krb5_locator_plugin.8.gz +man/uk/man8/sssd.8.gz sbin/sss_cache sbin/sss_debuglevel sbin/sss_groupadd sbin/sss_groupdel sbin/sss_groupmod sbin/sss_groupshow -sbin/sss_obfuscate +%%PYTHON%%sbin/sss_obfuscate +sbin/sss_override sbin/sss_seed sbin/sss_useradd sbin/sss_userdel @@ -188,7 +228,13 @@ %%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc %%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc %%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc -@postexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi -@postexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi -@postexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi -@postexec if [ -d /var/run/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/run/sss`` to remove any additional files."; fi +%%PORTDOCS%%@dir %%DOCSDIR%%/sss_simpleifp_doc +@dir /var/db/sss +@dir /var/db/sss/db +@dir /var/db/sss/gpo_cache +@dir /var/db/sss/keytabs +@dir /var/db/sss/mc +@dir /var/log/sssd +@dir /var/run/sss +@dir /var/run/sss/krb5.include.d +@dir /var/run/sss/private