Index: security/sssd/Makefile
===================================================================
--- security/sssd/Makefile	(revision 554848)
+++ security/sssd/Makefile	(working copy)
@@ -2,8 +2,8 @@
 # $FreeBSD$
 
 PORTNAME=	sssd
-PORTVERSION=	1.11.7
-PORTREVISION=	22
+PORTVERSION=	1.16.5
+PORTREVISION=	2
 CATEGORIES=	security
 MASTER_SITES=	https://releases.pagure.org/SSSD/${PORTNAME}/
 
@@ -13,14 +13,11 @@
 LICENSE=	GPLv3+
 LICENSE_FILE=	${WRKSRC}/COPYING
 
-DEPRECATED=	Uses deprecated version of python
-EXPIRATION_DATE=	2020-09-15
-
 LIB_DEPENDS=	libpopt.so:devel/popt \
 		libtalloc.so:devel/talloc \
 		libtevent.so:devel/tevent \
 		libtdb.so:databases/tdb \
-		libldb.so:databases/ldb14 \
+		libldb.so:databases/ldb20 \
 		libcares.so:dns/c-ares \
 		libdbus-1.so:devel/dbus \
 		libdhash.so:devel/ding-libs \
@@ -37,24 +34,23 @@
 		krb5>=1.10:security/krb5 \
 		nsupdate:dns/bind-tools
 
-USES=		autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \
-		python:2.7 shebangfix gssapi:mit
-
-USE_LDCONFIG=	yes
-USE_OPENLDAP=	yes
-
 GNU_CONFIGURE=	yes
-CONFIGURE_ARGS=	--with-selinux=no --with-semanage=no \
+CONFIGURE_ARGS=	--without-selinux --without-semanage \
+		--without-libnl --without-nfsv4-idmapd-plugin \
+		--without-autofs --without-secrets --without-kcm \
+		--without-python2-bindings \
+		--with-init-dir=no \
+		--disable-cifs-idmap-plugin \
+		--with-unicode-lib=libunistring \
 		--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
 		--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
-		--with-libnl=no --with-init-dir=no --datadir=${DATADIR} \
-		--docdir=${DOCSDIR} --with-pid-path=/var/run \
-		--localstatedir=/var --enable-pammoddir=${PREFIX}/lib \
-		--with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \
-		--with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \
-		--with-unicode-lib=libunistring --with-autofs=no \
-		--disable-cifs-idmap-plugin --disable-config-lib \
-		--with-krb5-conf=/etc/krb5.conf
+		--datadir=${DATADIR} --docdir=${DOCSDIR} --localstatedir=/var \
+		--with-db-path=/var/db/sss/db --with-mcache-path=/var/db/sss/mc \
+		--with-pubconf-path=/var/db/sss/pubconf  \
+		--with-gpo-cache-path=/var/db/sss/gpo_cache  \
+		--with-pid-path=/var/run --with-pipe-path=/var/run/sss/pipes \
+		--with-krb5-conf=/etc/krb5.conf \
+		--enable-pammoddir=${PREFIX}/lib
 CFLAGS+=	-fstack-protector-all
 PLIST_SUB=	PYTHON_VER=${PYTHON_VER}
 #DEBUG_FLAGS=	-g
@@ -61,9 +57,14 @@
 MAKE_ENV+=	LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW"
 SUB_FILES=	pkg-message
 
+USE_LDCONFIG=	yes
+USE_OPENLDAP=	yes
+USES=		autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \
+		python:3.7 shebangfix gssapi:mit
 INSTALL_TARGET=	install-strip
 CPE_VENDOR=	fedoraproject
 
+BINARY_ALIAS= python3=python${PYTHON_VER}
 SHEBANG_FILES=	src/tools/sss_obfuscate \
 		src/sbus/sbus_codegen
 
@@ -73,18 +74,17 @@
 OPTIONS_DEFINE=	DOCS SMB
 OPTIONS_SUB=	yes
 
-# If the port fails to package with SMB=on due to some missing files from
-# pkg-plist, check if there was a version bump of security/krb5 and
-# update files/patch-src__external__krb5.m4 accordingly.
-#
-# See: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244778
-
 SMB_DESC=		Install IPA and AD providers (requires Samba4)
-SMB_USES=		samba:lib # libndr-krb5pac libndr-nbt libndr libsamba-util
-SMB_CONFIGURE_WITH=	samba
+SMB_USES=		samba:lib
+SMB_CONFIGURE_WITH=	samba smb-idmap-interface-version=6
+SMB_LIB_DEPENDS=	libndr-nbt.so.0:net/samba410 \
+			libndr-krb5pac.so.0:net/samba410 \
+			libndr-standard.so.0:net/samba410 \
+			libndr.so.0:net/samba410 \
+			libsamba-util.so.0:net/samba410 \
+			libsmbclient.so.0:net/samba410
 
 post-patch:
-	@${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c
 	@${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \
 		-e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \
 		-e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \
@@ -108,12 +108,9 @@
 	${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \
 		${STAGEDIR}${ETCDIR}/sssd.conf.sample
 	${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1
-# clean these up from the install; we create them in rc script start_precmd
-.for d in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss
-	@${RMDIR} ${STAGEDIR}/var/${d}
-.endfor
+
 # clean unused man dirs
-.for i in nl/man1 nl/man5 pt/man1 pt/man5
+.for i in es/man1 nl/man1 nl/man5 pt/man1 pt/man5 sv/man1
 	@${RMDIR} ${STAGEDIR}${PREFIX}/man/${i}
 .endfor
 
Index: security/sssd/distinfo
===================================================================
--- security/sssd/distinfo	(revision 554848)
+++ security/sssd/distinfo	(working copy)
@@ -1,2 +1,3 @@
-SHA256 (sssd-1.11.7.tar.gz) = ff12d5730a6d7d08fe11140aa58e544900b75c63902b7a07bbbc12d6a99cb5b5
-SIZE (sssd-1.11.7.tar.gz) = 3661227
+TIMESTAMP = 1587639728
+SHA256 (sssd-1.16.5.tar.gz) = 2e1a7bf036b583f686d35164f2d79bdf4857b98f51fe8b0d17aa0fa756e4d0c0
+SIZE (sssd-1.16.5.tar.gz) = 6639917
Index: security/sssd/files/patch-Makefile.am
===================================================================
--- security/sssd/files/patch-Makefile.am	(revision 554848)
+++ security/sssd/files/patch-Makefile.am	(working copy)
@@ -1,22 +1,38 @@
---- Makefile.am.orig	2020-03-16 18:30:24 UTC
+diff --git Makefile.am Makefile.am
+index be17d6a59..03386d1f8 100644
+--- Makefile.am
 +++ Makefile.am
-@@ -311,6 +311,7 @@ AM_CPPFLAGS = \
-     $(LIBNL_CFLAGS) \
-     $(OPENLDAP_CFLAGS) \
-     $(GLIB2_CFLAGS) \
-+    -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \
-     -DLIBDIR=\"$(libdir)\" \
-     -DVARDIR=\"$(localstatedir)\" \
-     -DSHLIBEXT=\"$(SHLIBEXT)\" \
-@@ -378,6 +379,7 @@ SSSD_LIBS = \
-     $(DHASH_LIBS) \
-     $(SSS_CRYPT_LIBS) \
-     $(OPENLDAP_LIBS) \
+@@ -61,7 +61,7 @@ sssdapiplugindir = $(sssddatadir)/sssd.api.d
+ sssdtapscriptdir = $(sssddatadir)/systemtap
+ dbuspolicydir = $(sysconfdir)/dbus-1/system.d
+ dbusservicedir = $(datadir)/dbus-1/system-services
+-sss_statedir = $(localstatedir)/lib/sss
++sss_statedir = $(localstatedir)/db/sss
+ runstatedir = @runstatedir@
+ localedir = @localedir@
+ nsslibdir = @nsslibdir@
+@@ -378,12 +378,6 @@ sssdlib_LTLIBRARIES += \
+     libsss_ad.la
+ endif
+ 
+-if HAVE_INOTIFY
+-sssdlib_LTLIBRARIES += \
+-    libsss_files.la \
+-    $(NULL)
+-endif # HAVE_INOTIFY
+-
+ ldblib_LTLIBRARIES = \
+     memberof.la
+ 
+@@ -610,6 +604,7 @@ SSSD_FAILOVER_OBJ = \
+ 
+ SSSD_LIBS = \
+     $(TALLOC_LIBS) \
 +    $(LTLIBINTL) \
-     $(TDB_LIBS)
- 
- PYTHON_BINDINGS_LIBS = \
-@@ -433,6 +435,7 @@ dist_noinst_HEADERS = \
+     $(TEVENT_LIBS) \
+     $(POPT_LIBS) \
+     $(LDB_LIBS) \
+@@ -664,6 +659,7 @@ dist_noinst_HEADERS = \
      src/util/sss_ssh.h \
      src/util/sss_ini.h \
      src/util/sss_format.h \
@@ -24,7 +40,137 @@
      src/util/refcount.h \
      src/util/find_uid.h \
      src/util/user_info_msg.h \
-@@ -1700,9 +1703,10 @@ endif
+@@ -1358,6 +1354,7 @@ sssd_LDADD = \
+     $(SSSD_LIBS) \
+     $(INOTIFY_LIBS) \
+     $(LIBNL_LIBS) \
++    $(LTLIBINTL) \
+     $(KEYUTILS_LIBS) \
+     $(SYSTEMD_DAEMON_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS)
+@@ -1381,6 +1378,7 @@ sssd_nss_SOURCES = \
+ sssd_nss_LDADD = \
+     $(TDB_LIBS) \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     libsss_idmap.la \
+     libsss_cert.la \
+     $(SYSTEMD_DAEMON_LIBS) \
+@@ -1397,6 +1395,7 @@ sssd_pam_SOURCES = \
+ sssd_pam_LDADD = \
+     $(TDB_LIBS) \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(SELINUX_LIBS) \
+     $(PAM_LIBS) \
+     $(SYSTEMD_DAEMON_LIBS) \
+@@ -1414,6 +1413,7 @@ sssd_sudo_SOURCES = \
+     $(SSSD_RESPONDER_OBJ)
+ sssd_sudo_LDADD = \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(SYSTEMD_DAEMON_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS)
+ endif
+@@ -1426,6 +1426,7 @@ sssd_autofs_SOURCES = \
+     $(SSSD_RESPONDER_OBJ)
+ sssd_autofs_LDADD = \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(SYSTEMD_DAEMON_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS)
+ endif
+@@ -1441,6 +1442,7 @@ sssd_ssh_SOURCES = \
+     $(NULL)
+ sssd_ssh_LDADD = \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(SSSD_INTERNAL_LTLIBS) \
+     $(SYSTEMD_DAEMON_LIBS) \
+     libsss_cert.la \
+@@ -1481,6 +1483,7 @@ sssd_ifp_CFLAGS = \
+     $(AM_CFLAGS)
+ sssd_ifp_LDADD = \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(SYSTEMD_DAEMON_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS) \
+     libsss_cert.la \
+@@ -1604,6 +1607,7 @@ sssd_be_SOURCES = \
+ sssd_be_LDADD = \
+     $(LIBADD_DL) \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(CARES_LIBS) \
+     $(PAM_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS)
+@@ -1726,6 +1730,7 @@ sss_signal_SOURCES = \
+     src/tools/common/sss_process.c
+     $(NULL)
+ sss_signal_LDADD = \
++    $(LTLIBINTL) \
+     libsss_debug.la \
+     $(NULL)
+ 
+@@ -2318,6 +2323,7 @@ test_ssh_client_CFLAGS = \
+ test_ssh_client_LDADD = \
+     $(SSSD_INTERNAL_LTLIBS) \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(NULL)
+ 
+ if BUILD_DBUS_TESTS
+@@ -2602,6 +2608,7 @@ test_authtok_LDADD = \
+     $(CMOCKA_LIBS) \
+     $(DHASH_LIBS) \
+     $(POPT_LIBS) \
++    $(LTLIBINTL) \
+     libsss_test_common.la \
+     libsss_debug.la \
+     $(NULL)
+@@ -2622,6 +2629,7 @@ deskprofile_utils_tests_SOURCES = \
+ deskprofile_utils_tests_CFLAGS = \
+     $(AM_CFLAGS)
+ deskprofile_utils_tests_LDADD = \
++    $(LTLIBINTL) \
+     $(CMOCKA_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS) \
+     libsss_test_common.la
+@@ -2654,6 +2662,7 @@ domain_resolution_order_tests_CFLAGS = \
+ 	$(AM_CFLAGS)
+ domain_resolution_order_tests_LDADD = \
+ 	$(CMOCKA_LIBS) \
++        $(LTLIBINTL) \
+ 	$(SSSD_INTERNAL_LTLIBS) \
+ 	libsss_test_common.la
+ 
+@@ -2738,6 +2747,7 @@ test_search_bases_LDADD = \
+     $(CMOCKA_LIBS) \
+     $(TALLOC_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS) \
++    $(LTLIBINTL) \
+     libsss_ldap_common.la \
+     libsss_test_common.la \
+     libdlopen_test_providers.la \
+@@ -3545,6 +3555,7 @@ test_inotify_LDADD = \
+     $(CMOCKA_LIBS) \
+     $(SSSD_LIBS) \
+     $(SSSD_INTERNAL_LTLIBS) \
++    $(INOTIFY_LIBS) \
+     $(LIBADD_DL) \
+     libsss_test_common.la \
+     $(NULL)
+@@ -3637,9 +3648,6 @@ endif
+ if BUILD_WITH_LIBCURL
+ noinst_PROGRAMS += tcurl-test-tool
+ endif
+-if BUILD_PAC_RESPONDER
+-    noinst_PROGRAMS += sssd_pac_test_client
+-endif
+ 
+ if BUILD_AUTOFS
+ autofs_test_client_SOURCES = \
+@@ -3730,9 +3738,10 @@ intgcheck:
  # Client Libraries #
  ####################
  
@@ -37,9 +183,9 @@
      src/sss_client/nss_passwd.c \
      src/sss_client/nss_group.c \
      src/sss_client/nss_netgroup.c \
-@@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \
-     src/sss_client/nss_mc_passwd.c \
+@@ -3748,9 +3757,9 @@ libnss_sss_la_SOURCES = \
      src/sss_client/nss_mc_group.c \
+     src/sss_client/nss_mc_initgr.c \
      src/sss_client/nss_mc.h
 -libnss_sss_la_LIBADD = \
 +nss_sss_la_LIBADD = \
@@ -49,20 +195,43 @@
      -module \
      -version-info 2:0:0 \
      -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports
-@@ -2086,6 +2090,7 @@ ldap_child_LDADD = \
-     $(POPT_LIBS) \
+@@ -3908,6 +3917,7 @@ libsss_ldap_common_la_LIBADD = \
      $(OPENLDAP_LIBS) \
      $(DHASH_LIBS) \
+     $(KRB5_LIBS) \
 +    $(LTLIBINTL) \
-     $(KRB5_LIBS)
+     libsss_krb5_common.la \
+     libsss_idmap.la \
+     libsss_certmap.la \
+@@ -4271,6 +4281,7 @@ ldap_child_CFLAGS = \
+     $(KRB5_CFLAGS)
+ ldap_child_LDADD = \
+     libsss_debug.la \
++    $(LTLIBINTL) \
+     $(TALLOC_LIBS) \
+     $(POPT_LIBS) \
+     $(DHASH_LIBS) \
+@@ -4313,6 +4324,7 @@ gpo_child_CFLAGS = \
+     $(SMBCLIENT_CFLAGS)
+ gpo_child_LDADD = \
+     libsss_debug.la \
++    $(LTLIBINTL) \
+     $(TALLOC_LIBS) \
+     $(POPT_LIBS) \
+     $(DHASH_LIBS) \
+@@ -4329,6 +4341,7 @@ proxy_child_CFLAGS = \
+ proxy_child_LDADD = \
+     $(PAM_LIBS) \
+     $(SSSD_LIBS) \
++    $(LTLIBINTL) \
+     $(SSSD_INTERNAL_LTLIBS)
  
- proxy_child_SOURCES = \
-@@ -2333,7 +2338,7 @@ else
- 	mkdir -p $(DESTDIR)$(initdir)
- endif
+ p11_child_SOURCES = \
+@@ -4361,6 +4374,7 @@ endif
  
--install-data-hook:
-+notinstall-data-hook:
- 	rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \
-        $(DESTDIR)/$(nsslibdir)/libnss_sss.so
- 	mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2
+ p11_child_LDADD = \
+     libsss_debug.la \
++    $(LTLIBINTL) \
+     $(TALLOC_LIBS) \
+     $(DHASH_LIBS) \
+     $(POPT_LIBS) \
Index: security/sssd/files/patch-configure.ac
===================================================================
--- security/sssd/files/patch-configure.ac	(revision 554848)
+++ security/sssd/files/patch-configure.ac	(working copy)
@@ -1,20 +1,13 @@
---- configure.ac.orig	2014-09-17 13:01:37 UTC
+diff --git configure.ac configure.ac
+index 9df463d9c..17d0d9ea7 100644
+--- configure.ac
 +++ configure.ac
-@@ -5,14 +5,14 @@ AC_INIT([sssd],
-         VERSION_NUMBER,
-         [sssd-devel@lists.fedorahosted.org])
+@@ -44,8 +44,6 @@ AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = yes])
+ AC_CHECK_HEADERS(stdint.h dlfcn.h)
+ AC_CONFIG_HEADER(config.h)
  
-+AC_CONFIG_SRCDIR([BUILD.txt])
-+AC_CONFIG_AUX_DIR([build])
-+
- m4_ifdef([AC_USE_SYSTEM_EXTENSIONS],
-     [AC_USE_SYSTEM_EXTENSIONS],
-     [AC_GNU_SOURCE])
- 
- CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE"
+-AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
 -
--AC_CONFIG_SRCDIR([BUILD.txt])
--AC_CONFIG_AUX_DIR([build])
+ m4_include([src/build_macros.m4])
+ BUILD_WITH_SHARED_BUILD_DIR
  
- AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax])
- AM_PROG_CC_C_O
Index: security/sssd/files/patch-src-monitor-monitor.c
===================================================================
--- security/sssd/files/patch-src-monitor-monitor.c	(revision 554848)
+++ security/sssd/files/patch-src-monitor-monitor.c	(nonexistent)
@@ -1,26 +0,0 @@
-Backport a887e33fbd from upstream:
-MONITOR: Do not use two configuration databases
-
---- src/monitor/monitor.c.orig	2014-09-17 13:01:37 UTC
-+++ src/monitor/monitor.c
-@@ -2832,6 +2832,20 @@ int main(int argc, const char *argv[])
-     ret = server_setup(MONITOR_NAME, flags, monitor->conf_path, &main_ctx);
-     if (ret != EOK) return 2;
- 
-+    /* Use confd initialized in server_setup. ldb_tdb module (1.4.0) check PID
-+    * of process which initialized db for locking purposes.
-+    * Failed to unlock db: ../ldb_tdb/ldb_tdb.c:147:
-+    *    Reusing ldb opened by pid 28889 in process 28893
-+    */
-+    talloc_zfree(monitor->cdb);
-+    monitor->cdb = main_ctx->confdb_ctx;
-+
-+    ret = confdb_get_domains(monitor->cdb, &monitor->domains);
-+    if (ret != EOK) {
-+	     DEBUG(SSSDBG_FATAL_FAILURE, "No domains configured.\n");
-+	     return 4;
-+    }
-+
-     monitor->is_daemon = !opt_interactive;
-     monitor->parent_pid = main_ctx->parent_pid;
-     monitor->ev = main_ctx->event_ctx;

Property changes on: security/sssd/files/patch-src-monitor-monitor.c
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__confdb__confdb.c
===================================================================
--- security/sssd/files/patch-src__confdb__confdb.c	(revision 554848)
+++ security/sssd/files/patch-src__confdb__confdb.c	(working copy)
@@ -1,4 +1,6 @@
---- src/confdb/confdb.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/confdb/confdb.c src/confdb/confdb.c
+index e55f88e4e..81fd3417a 100644
+--- src/confdb/confdb.c
 +++ src/confdb/confdb.c
 @@ -28,6 +28,11 @@
  #include "util/strtonum.h"
Index: security/sssd/files/patch-src__external__inotify.m4
===================================================================
--- security/sssd/files/patch-src__external__inotify.m4	(revision 554848)
+++ security/sssd/files/patch-src__external__inotify.m4	(working copy)
@@ -1,4 +1,6 @@
---- src/external/inotify.m4.orig	2014-09-17 13:01:37 UTC
+diff --git src/external/inotify.m4 src/external/inotify.m4
+index 3ae5ae314..e88bd3ffc 100644
+--- src/external/inotify.m4
 +++ src/external/inotify.m4
 @@ -20,10 +20,10 @@ int main () {
      AS_IF([test x"$inotify_works" != xyes],
Index: security/sssd/files/patch-src__external__krb5.m4
===================================================================
--- security/sssd/files/patch-src__external__krb5.m4	(revision 554848)
+++ security/sssd/files/patch-src__external__krb5.m4	(working copy)
@@ -1,11 +1,13 @@
---- src/external/krb5.m4.orig	2014-09-17 13:01:37 UTC
+diff --git src/external/krb5.m4 src/external/krb5.m4
+index b844c2fbe..856ef56fe 100644
+--- src/external/krb5.m4
 +++ src/external/krb5.m4
 @@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then
      KRB5_PASSED_CFLAGS=$KRB5_CFLAGS
  fi
  
--AC_PATH_PROG(KRB5_CONFIG, krb5-config)
-+AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
+-AC_PATH_TOOL(KRB5_CONFIG, krb5-config)
++AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
  AC_MSG_CHECKING(for working krb5-config)
  if test -x "$KRB5_CONFIG"; then
    KRB5_CFLAGS="`$KRB5_CONFIG --cflags`"
Index: security/sssd/files/patch-src__external__ldap.m4
===================================================================
--- security/sssd/files/patch-src__external__ldap.m4	(nonexistent)
+++ security/sssd/files/patch-src__external__ldap.m4	(working copy)
@@ -0,0 +1,24 @@
+diff --git src/external/ldap.m4 src/external/ldap.m4
+index cd13fde62..73ca93674 100644
+--- src/external/ldap.m4
++++ src/external/ldap.m4
+@@ -32,8 +32,7 @@ dnl Check for other libraries we need to link with to get the main routines.
+ test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) }
+ test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) }
+ test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) }
+-CFLAGS=$SAVE_CFLAGS
+-LIBS=$SAVE_LIBS
++
+ dnl Recently, we need -lber even though the main routines are elsewhere,
+ dnl because otherwise we get link errors w.r.t. ber_pvt_opt_on. So just
+ dnl check for that (it's a variable not a fun but that doesn't seem to
+@@ -42,6 +41,9 @@ dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who
+ dnl #### understands LDAP needs to fix this properly.
+ test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) }
+ 
++CFLAGS=$SAVE_CFLAGS
++LIBS=$SAVE_LIBS
++
+ if test "$with_ldap" = "yes"; then
+   if test "$with_ldap_des" = "yes" ; then
+     OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes"

Property changes on: security/sssd/files/patch-src__external__ldap.m4
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__external__pac_responder.m4
===================================================================
--- security/sssd/files/patch-src__external__pac_responder.m4	(nonexistent)
+++ security/sssd/files/patch-src__external__pac_responder.m4	(working copy)
@@ -0,0 +1,13 @@
+diff --git src/external/pac_responder.m4 src/external/pac_responder.m4
+index dc986a1b8..09efdb139 100644
+--- src/external/pac_responder.m4
++++ src/external/pac_responder.m4
+@@ -7,7 +7,7 @@ AC_ARG_ENABLE([pac-responder],
+ krb5_version_ok=no
+ if test x$build_pac_responder = xyes
+ then
+-    AC_PATH_PROG(KRB5_CONFIG, krb5-config)
++    AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
+     AC_MSG_CHECKING(for supported MIT krb5 version)
+     KRB5_VERSION="`$KRB5_CONFIG --version`"
+     case $KRB5_VERSION in

Property changes on: security/sssd/files/patch-src__external__pac_responder.m4
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h
===================================================================
--- security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h	(nonexistent)
+++ security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h	(working copy)
@@ -0,0 +1,13 @@
+diff --git src/lib/winbind_idmap_sss/winbind_idmap_sss.h src/lib/winbind_idmap_sss/winbind_idmap_sss.h
+index 868049fff..cb1604ef1 100644
+--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h
++++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h
+@@ -29,6 +29,8 @@
+ #include <stdbool.h>
+ 
+ #include <core/ntstatus.h>
++#include <unistd.h>
++#include <time.h>
+ #include <ndr.h>
+ #include <gen_ndr/security.h>
+ 

Property changes on: security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ad__ad_common.c
===================================================================
--- security/sssd/files/patch-src__providers__ad__ad_common.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ad__ad_common.c	(working copy)
@@ -0,0 +1,31 @@
+diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c
+index 0d154ca57..407d37a37 100644
+--- src/providers/ad/ad_common.c
++++ src/providers/ad/ad_common.c
+@@ -419,7 +419,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
+     char *server;
+     char *realm;
+     char *ad_hostname;
+-    char hostname[HOST_NAME_MAX + 1];
++    char hostname[_POSIX_HOST_NAME_MAX + 1];
+     char *case_sensitive_opt;
+     const char *opt_override;
+ 
+@@ -458,7 +458,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
+      */
+     ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
+     if (ad_hostname == NULL) {
+-        gret = gethostname(hostname, sizeof(hostname));
++        gret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
+         if (gret != 0) {
+             ret = errno;
+             DEBUG(SSSDBG_FATAL_FAILURE,
+@@ -466,7 +466,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
+                    strerror(ret));
+             goto done;
+         }
+-        hostname[HOST_NAME_MAX] = '\0';
++        hostname[_POSIX_HOST_NAME_MAX] = '\0';
+         DEBUG(SSSDBG_CONF_SETTINGS,
+               "Setting ad_hostname to [%s].\n", hostname);
+         ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);

Property changes on: security/sssd/files/patch-src__providers__ad__ad_common.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ad__ad_pac.h
===================================================================
--- security/sssd/files/patch-src__providers__ad__ad_pac.h	(nonexistent)
+++ security/sssd/files/patch-src__providers__ad__ad_pac.h	(working copy)
@@ -0,0 +1,13 @@
+diff --git src/providers/ad/ad_pac.h src/providers/ad/ad_pac.h
+index 34f1e92c7..00a53cccd 100644
+--- src/providers/ad/ad_pac.h
++++ src/providers/ad/ad_pac.h
+@@ -32,6 +32,8 @@
+ #ifdef ldb_val
+ #error Please make sure to include ad_pac.h before ldb.h
+ #endif
++#include <unistd.h>
++#include <time.h>
+ #include <ndr.h>
+ #include <gen_ndr/krb5pac.h>
+ #include <gen_ndr/ndr_krb5pac.h>

Property changes on: security/sssd/files/patch-src__providers__ad__ad_pac.h
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__data_provider_fo.c
===================================================================
--- security/sssd/files/patch-src__providers__data_provider_fo.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__data_provider_fo.c	(working copy)
@@ -0,0 +1,26 @@
+diff --git src/providers/data_provider_fo.c src/providers/data_provider_fo.c
+index 473b667e5..63f2dd131 100644
+--- src/providers/data_provider_fo.c
++++ src/providers/data_provider_fo.c
+@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx,
+                                         const char *hostname)
+ {
+     struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
+-    char resolved_hostname[HOST_NAME_MAX + 1];
++    char resolved_hostname[_POSIX_HOST_NAME_MAX + 1];
+     errno_t ret;
+ 
+     if (hostname == NULL) {
+-        ret = gethostname(resolved_hostname, sizeof(resolved_hostname));
++        ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX);
+         if (ret != EOK) {
+             ret = errno;
+             DEBUG(SSSDBG_CRIT_FAILURE,
+                   "gethostname() failed: [%d]: %s\n", ret, strerror(ret));
+             return ret;
+         }
+-        resolved_hostname[HOST_NAME_MAX] = '\0';
++        resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0';
+         hostname = resolved_hostname;
+     }
+ 

Property changes on: security/sssd/files/patch-src__providers__data_provider_fo.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ipa__ipa_common.c
===================================================================
--- security/sssd/files/patch-src__providers__ipa__ipa_common.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ipa__ipa_common.c	(working copy)
@@ -0,0 +1,30 @@
+diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c
+index 17d14e6b0..681ac8615 100644
+--- src/providers/ipa/ipa_common.c
++++ src/providers/ipa/ipa_common.c
+@@ -49,7 +49,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
+     char *realm;
+     char *ipa_hostname;
+     int ret;
+-    char hostname[HOST_NAME_MAX + 1];
++    char hostname[_POSIX_HOST_NAME_MAX + 1];
+ 
+     opts = talloc_zero(memctx, struct ipa_options);
+     if (!opts) return ENOMEM;
+@@ -79,14 +79,14 @@ int ipa_get_options(TALLOC_CTX *memctx,
+ 
+     ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
+     if (ipa_hostname == NULL) {
+-        ret = gethostname(hostname, sizeof(hostname));
++        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
+         if (ret != EOK) {
+             DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
+                       strerror(errno));
+             ret = errno;
+             goto done;
+         }
+-        hostname[HOST_NAME_MAX] = '\0';
++        hostname[_POSIX_HOST_NAME_MAX] = '\0';
+         DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
+         ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
+         if (ret != EOK) {

Property changes on: security/sssd/files/patch-src__providers__ipa__ipa_common.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c
===================================================================
--- security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c	(working copy)
@@ -0,0 +1,13 @@
+diff --git src/providers/ipa/ipa_deskprofile_rules_util.c src/providers/ipa/ipa_deskprofile_rules_util.c
+index 991c6053d..59483b452 100644
+--- src/providers/ipa/ipa_deskprofile_rules_util.c
++++ src/providers/ipa/ipa_deskprofile_rules_util.c
+@@ -25,6 +25,8 @@
+ #include "providers/ipa/ipa_rules_common.h"
+ #include <ctype.h>
+ #include <fcntl.h>
++#include <sys/types.h>
++#include <signal.h>
+ 
+ #define DESKPROFILE_GLOBAL_POLICY_MIN_VALUE 1
+ #define DESKPROFILE_GLOBAL_POLICY_MAX_VALUE 24

Property changes on: security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c
===================================================================
--- security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c	(revision 554848)
+++ security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c	(working copy)
@@ -1,6 +1,8 @@
---- src/providers/krb5/krb5_delayed_online_authentication.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c
+index 1cb7eade0..4aaeb84b2 100644
+--- src/providers/krb5/krb5_delayed_online_authentication.c
 +++ src/providers/krb5/krb5_delayed_online_authentication.c
-@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5
+@@ -328,6 +328,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
                                             struct tevent_context *ev)
  {
      int ret;
@@ -8,7 +10,7 @@
      hash_table_t *tmp_table;
  
      ret = get_uid_table(krb5_ctx, &tmp_table);
-@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5
+@@ -347,6 +348,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx,
                "hash_destroy failed [%s].\n", hash_error_string(ret));
          return EFAULT;
      }
Index: security/sssd/files/patch-src__providers__ldap__ldap_auth.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__ldap_auth.c	(revision 554848)
+++ security/sssd/files/patch-src__providers__ldap__ldap_auth.c	(working copy)
@@ -1,4 +1,6 @@
---- src/providers/ldap/ldap_auth.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c
+index de22689ae..fdfd67cf4 100644
+--- src/providers/ldap/ldap_auth.c
 +++ src/providers/ldap/ldap_auth.c
 @@ -37,7 +37,6 @@
  #include <sys/time.h>
@@ -8,10 +10,10 @@
  #include <security/pam_modules.h>
  
  #include "util/util.h"
-@@ -56,6 +55,22 @@ enum pwexpire {
-     PWEXPIRE_SHADOW
- };
+@@ -52,6 +51,22 @@
  
+ #define LDAP_PWEXPIRE_WARNING_TIME 0
+ 
 +struct spwd
 +{
 +  char *sp_namp;              /* Login name.  */
@@ -31,20 +33,9 @@
  static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
  {
      int ret;
-@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *exp
-         return EINVAL;
+@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now,
      }
  
-+    tzset();
-     expire_time = mktime(&tm);
-     if (expire_time == -1) {
-         DEBUG(SSSDBG_CRIT_FAILURE,
-@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *exp
-         return EINVAL;
-     }
- 
--    tzset();
--    expire_time -= timezone;
      DEBUG(SSSDBG_TRACE_ALL,
 -          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
 -           "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0],
@@ -55,7 +46,59 @@
  
      if (difftime(now, expire_time) > 0.0) {
          DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n");
-@@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq)
+@@ -946,14 +961,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
+ 
+     state->pd = pd;
+     state->be_ctx = params->be_ctx;
+-    pd->pam_status = PAM_SYSTEM_ERR;
++    pd->pam_status = PAM_SERVICE_ERR;
+ 
+     switch (pd->cmd) {
+     case SSS_PAM_AUTHENTICATE:
+         subreq = auth_send(state, params->ev, auth_ctx,
+                            pd->user, pd->authtok, false);
+         if (subreq == NULL) {
+-            pd->pam_status = PAM_SYSTEM_ERR;
++            pd->pam_status = PAM_SERVICE_ERR;
+             goto immediately;
+         }
+ 
+@@ -963,14 +978,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx,
+         subreq = auth_send(state, params->ev, auth_ctx,
+                            pd->user, pd->authtok, true);
+         if (subreq == NULL) {
+-            pd->pam_status = PAM_SYSTEM_ERR;
++            pd->pam_status = PAM_SERVICE_ERR;
+             goto immediately;
+         }
+ 
+         tevent_req_set_callback(subreq, sdap_pam_auth_handler_done, req);
+         break;
+     case SSS_PAM_CHAUTHTOK:
+-        pd->pam_status = PAM_SYSTEM_ERR;
++        pd->pam_status = PAM_SERVICE_ERR;
+         goto immediately;
+ 
+     case SSS_PAM_ACCT_MGMT:
+@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
+                                 state->be_ctx->domain->pwd_expiration_warning);
+         if (ret == EINVAL) {
+             /* Unknown password expiration type. */
+-            state->pd->pam_status = PAM_SYSTEM_ERR;
++            state->pd->pam_status = PAM_SERVICE_ERR;
+             goto done;
+         }
+     }
+@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq)
+         state->pd->pam_status = PAM_BAD_ITEM;
+         break;
+     default:
+-        state->pd->pam_status = PAM_SYSTEM_ERR;
++        state->pd->pam_status = PAM_SERVICE_ERR;
+         break;
+     }
+ 
+@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
      DEBUG(SSSDBG_OP_FAILURE,
            "starting password change request for user [%s].\n", pd->user);
  
@@ -64,16 +107,61 @@
  
      if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) {
          DEBUG(SSSDBG_OP_FAILURE,
-@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *r
-         dp_err = DP_ERR_OFFLINE;
+@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx,
+     subreq = auth_send(state, params->ev, auth_ctx,
+                        pd->user, pd->authtok, true);
+     if (subreq == NULL) {
+-        pd->pam_status = PAM_SYSTEM_ERR;
++        pd->pam_status = PAM_SERVICE_ERR;
+         goto immediately;
+     }
+ 
+@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+             if (ret == ERR_PASSWORD_EXPIRED) {
+                 DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change "
+                       "kerberos passwords.\n");
+-                state->pd->pam_status = PAM_SYSTEM_ERR;
++                state->pd->pam_status = PAM_SERVICE_ERR;
+                 goto done;
+             }
+             break;
+@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+             break;
+         default:
+             DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n");
+-                state->pd->pam_status = PAM_SYSTEM_ERR;
++                state->pd->pam_status = PAM_SERVICE_ERR;
+                 goto done;
+         }
+     }
+@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+                 if (subreq == NULL) {
+                     DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for "
+                           "%s\n", state->pd->user);
+-                    state->pd->pam_status = PAM_SYSTEM_ERR;
++                    state->pd->pam_status = PAM_SERVICE_ERR;
+                     goto done;
+                 }
+ 
+@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq)
+             be_mark_offline(state->be_ctx);
+             break;
+         default:
+-            state->pd->pam_status = PAM_SYSTEM_ERR;
++            state->pd->pam_status = PAM_SERVICE_ERR;
+             break;
+         }
+ 
+@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
+         state->pd->pam_status = PAM_AUTHTOK_ERR;
          break;
      default:
 -        state->pd->pam_status = PAM_SYSTEM_ERR;
 +        state->pd->pam_status = PAM_SERVICE_ERR;
+         break;
      }
  
- done:
-@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *re
+@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq)
                                                      state->sh, state->dn,
                                                      lastchanged_name);
          if (subreq == NULL) {
@@ -82,9 +170,9 @@
              goto done;
          }
  
-@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *re
+@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq)
+     talloc_free(subreq);
  
-     ret = sdap_modify_shadow_lastchange_recv(req);
      if (ret != EOK) {
 -        state->pd->pam_status = PAM_SYSTEM_ERR;
 +        state->pd->pam_status = PAM_SERVICE_ERR;
@@ -91,21 +179,3 @@
          goto done;
      }
  
-@@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq)
-         goto done;
-     }
- 
--    pd->pam_status = PAM_SYSTEM_ERR;
-+    pd->pam_status = PAM_SERVICE_ERR;
- 
-     switch (pd->cmd) {
-     case SSS_PAM_AUTHENTICATE:
-@@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req)
-         state->pd->pam_status = PAM_NEW_AUTHTOK_REQD;
-         break;
-     default:
--        state->pd->pam_status = PAM_SYSTEM_ERR;
-+        state->pd->pam_status = PAM_SERVICE_ERR;
-         dp_err = DP_ERR_FATAL;
-     }
- 
Index: security/sssd/files/patch-src__providers__ldap__ldap_child.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__ldap_child.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ldap__ldap_child.c	(working copy)
@@ -0,0 +1,22 @@
+diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c
+index 368bb91e1..1bc86ecb5 100644
+--- src/providers/ldap/ldap_child.c
++++ src/providers/ldap/ldap_child.c
+@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
+             full_princ = talloc_strdup(tmp_ctx, princ_str);
+         }
+     } else {
+-        char hostname[HOST_NAME_MAX + 1];
++        char hostname[_POSIX_HOST_NAME_MAX + 1];
+ 
+-        ret = gethostname(hostname, sizeof(hostname));
++        ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
+         if (ret == -1) {
+             krberr = KRB5KRB_ERR_GENERIC;
+             goto done;
+         }
+-        hostname[HOST_NAME_MAX] = '\0';
++        hostname[_POSIX_HOST_NAME_MAX] = '\0';
+ 
+         DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
+ 

Property changes on: security/sssd/files/patch-src__providers__ldap__ldap_child.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ldap__sdap_access.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__sdap_access.c	(revision 554848)
+++ security/sssd/files/patch-src__providers__ldap__sdap_access.c	(working copy)
@@ -1,19 +1,9 @@
---- src/providers/ldap/sdap_access.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c
+index dd04ec512..58a3766fc 100644
+--- src/providers/ldap/sdap_access.c
 +++ src/providers/ldap/sdap_access.c
-@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str
-         return true;
-     }
+@@ -562,9 +562,9 @@ bool nds_check_expired(const char *exp_time_str)
  
-+    tzset();
-     expire_time = mktime(&tm);
-     if (expire_time == -1) {
-         DEBUG(SSSDBG_CRIT_FAILURE,
-@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str
-         return true;
-     }
- 
--    tzset();
--    expire_time -= timezone;
      now = time(NULL);
      DEBUG(SSSDBG_TRACE_ALL,
 -          "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
@@ -25,3 +15,27 @@
  
      if (difftime(now, expire_time) > 0.0) {
          DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
+@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
+     struct ldb_message_element *el;
+     unsigned int i;
+     char *host;
+-    char hostname[HOST_NAME_MAX + 1];
++    char hostname[_POSIX_HOST_NAME_MAX + 1];
+ 
+     el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST);
+     if (!el || el->num_values == 0) {
+@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *user_entry)
+         return ERR_ACCESS_DENIED;
+     }
+ 
+-    if (gethostname(hostname, sizeof(hostname)) == -1) {
++    if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) {
+         DEBUG(SSSDBG_CRIT_FAILURE,
+               "Unable to get system hostname. Access denied\n");
+         return ERR_ACCESS_DENIED;
+     }
+-    hostname[HOST_NAME_MAX] = '\0';
++    hostname[_POSIX_HOST_NAME_MAX] = '\0';
+ 
+     /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname
+      *        in some attempt to get aliases and/or FQDN for the machine.
Index: security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c	(working copy)
@@ -0,0 +1,22 @@
+diff --git src/providers/ldap/sdap_async_groups.c src/providers/ldap/sdap_async_groups.c
+index 09e15bc3d..c74e4c3ea 100644
+--- src/providers/ldap/sdap_async_groups.c
++++ src/providers/ldap/sdap_async_groups.c
+@@ -505,6 +505,7 @@ static int sdap_save_group(TALLOC_CTX *memctx,
+     struct sysdb_attrs *group_attrs;
+     const char *group_name = NULL;
+     gid_t gid;
++    id_t temp_id;
+     errno_t ret;
+     char *usn_value = NULL;
+     TALLOC_CTX *tmpctx = NULL;
+@@ -615,7 +616,8 @@ static int sdap_save_group(TALLOC_CTX *memctx,
+                    group_name, sid_str);
+ 
+             /* Convert the SID into a UNIX group ID */
+-            ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid);
++            ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id);
++            gid = (gid_t) temp_id;
+             if (ret == ENOTSUP) {
+                 /* ENOTSUP is returned if built-in SID was provided
+                  * => do not store the group, but return EOK */

Property changes on: security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c	(working copy)
@@ -0,0 +1,41 @@
+diff --git src/providers/ldap/sdap_async_initgroups.c src/providers/ldap/sdap_async_initgroups.c
+index 620782b6f..9831ac1d6 100644
+--- src/providers/ldap/sdap_async_initgroups.c
++++ src/providers/ldap/sdap_async_initgroups.c
+@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+     const char *uuid = NULL;
+     char **missing;
+     gid_t gid;
++    id_t temp_id;
+     int ret;
+     errno_t sret;
+     bool in_transaction = false;
+@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
+ 
+                     /* Convert the SID into a UNIX group ID */
+                     ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str,
+-                                                 &gid);
++                                                 &temp_id);
++                    gid = (gid_t) temp_id;
+                     if (ret == EOK) {
+                         DEBUG(SSSDBG_TRACE_INTERNAL,
+                               "Group [%s] has mapped gid [%lu]\n",
+@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
+     int ret;
+     TALLOC_CTX *tmp_ctx;
+     gid_t primary_gid;
++    id_t temp_id;
+     char *gid;
+     char *sid_str;
+     char *dom_sid_str;
+@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq)
+ 
+         /* Convert the SID into a UNIX group ID */
+         ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str,
+-                                     &primary_gid);
++                                     &temp_id);
+         if (ret != EOK) goto done;
++        primary_gid = (gid_t) temp_id;
+     } else {
+         ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM,
+                                        &primary_gid);

Property changes on: security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c	(working copy)
@@ -0,0 +1,22 @@
+diff --git src/providers/ldap/sdap_async_initgroups_ad.c src/providers/ldap/sdap_async_initgroups_ad.c
+index 3c58f5bc4..7e0a5169d 100644
+--- src/providers/ldap/sdap_async_initgroups_ad.c
++++ src/providers/ldap/sdap_async_initgroups_ad.c
+@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
+     size_t i;
+     time_t now;
+     gid_t gid;
++    id_t temp_id;
+     char **groups = NULL;
+     size_t num_groups;
+     errno_t ret;
+@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username,
+         sid = sids[i];
+         DEBUG(SSSDBG_TRACE_LIBS, "Processing membership SID [%s]\n", sid);
+ 
+-        ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &gid);
++        ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &temp_id);
++        gid = (gid_t) temp_id;
+         if (ret == ENOTSUP) {
+             DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
+             continue;

Property changes on: security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c	(working copy)
@@ -0,0 +1,30 @@
+diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c
+index a3c3e1068..f33299304 100644
+--- src/providers/ldap/sdap_async_sudo_hostinfo.c
++++ src/providers/ldap/sdap_async_sudo_hostinfo.c
+@@ -357,7 +357,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
+     struct tevent_req *subreq = NULL;
+     struct sdap_sudo_get_hostnames_state *state = NULL;
+     char *dot = NULL;
+-    char hostname[HOST_NAME_MAX + 1];
++    char hostname[_POSIX_HOST_NAME_MAX + 1];
+     int ret;
+ 
+     req = tevent_req_create(mem_ctx, &state,
+@@ -380,14 +380,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx,
+     /* get hostname */
+ 
+     errno = 0;
+-    ret = gethostname(hostname, sizeof(hostname));
++    ret = gethostname(hostname, _POSIX_HOST_NAME_MAX);
+     if (ret != EOK) {
+         ret = errno;
+         DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname "
+                                     "[%d]: %s\n", ret, strerror(ret));
+         goto done;
+     }
+-    hostname[HOST_NAME_MAX] = '\0';
++    hostname[_POSIX_HOST_NAME_MAX] = '\0';
+ 
+     state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
+     if (state->hostnames[0] == NULL) {

Property changes on: security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__providers__ldap__sdap_async_users.c
===================================================================
--- security/sssd/files/patch-src__providers__ldap__sdap_async_users.c	(nonexistent)
+++ security/sssd/files/patch-src__providers__ldap__sdap_async_users.c	(working copy)
@@ -0,0 +1,48 @@
+diff --git src/providers/ldap/sdap_async_users.c src/providers/ldap/sdap_async_users.c
+index 92eeda1d3..8847be79b 100644
+--- src/providers/ldap/sdap_async_users.c
++++ src/providers/ldap/sdap_async_users.c
+@@ -61,7 +61,8 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
+ {
+     errno_t ret;
+     TALLOC_CTX *tmpctx = NULL;
+-    gid_t gid, primary_gid;
++    id_t gid;
++    gid_t primary_gid;
+     char *group_sid_str;
+ 
+     tmpctx = talloc_new(NULL);
+@@ -108,7 +109,7 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts,
+     if (ret != EOK) goto done;
+ 
+     ret = EOK;
+-    *_gid = gid;
++    *_gid = (gid_t) gid;
+ done:
+     talloc_free(tmpctx);
+     return ret;
+@@ -188,6 +189,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
+     const char *orig_dn = NULL;
+     uid_t uid = 0;
+     gid_t gid = 0;
++    id_t temp_id;
+     struct sysdb_attrs *user_attrs;
+     char *upn = NULL;
+     size_t i;
+@@ -331,7 +333,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
+               "Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str);
+ 
+         /* Convert the SID into a UNIX user ID */
+-        ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid);
++        ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id);
+         if (ret == ENOTSUP) {
+             DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
+             ret = EOK;
+@@ -339,6 +341,7 @@ int sdap_save_user(TALLOC_CTX *memctx,
+         } else if (ret != EOK) {
+             goto done;
+         }
++        uid = (uid_t) temp_id;
+ 
+         /* Store the UID in the ldap_attrs so it doesn't get
+          * treated as a missing attribute from LDAP and removed.

Property changes on: security/sssd/files/patch-src__providers__ldap__sdap_async_users.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__resolv__async_resolv_utils.c
===================================================================
--- security/sssd/files/patch-src__resolv__async_resolv_utils.c	(nonexistent)
+++ security/sssd/files/patch-src__resolv__async_resolv_utils.c	(working copy)
@@ -0,0 +1,30 @@
+diff --git src/resolv/async_resolv_utils.c src/resolv/async_resolv_utils.c
+index f86181b91..25323cf7a 100644
+--- src/resolv/async_resolv_utils.c
++++ src/resolv/async_resolv_utils.c
+@@ -45,7 +45,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
+     struct resolv_get_domain_state *state = NULL;
+     struct tevent_req *req = NULL;
+     struct tevent_req *subreq = NULL;
+-    char system_hostname[HOST_NAME_MAX + 1];
++    char system_hostname[_POSIX_HOST_NAME_MAX + 1];
+     errno_t ret;
+ 
+     req = tevent_req_create(mem_ctx, &state,
+@@ -57,14 +57,14 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
+ 
+     if (hostname == NULL) {
+         /* use system hostname */
+-        ret = gethostname(system_hostname, sizeof(system_hostname));
++        ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX);
+         if (ret) {
+             ret = errno;
+             DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n",
+                                         ret, strerror(ret));
+             goto immediately;
+         }
+-        system_hostname[HOST_NAME_MAX] = '\0';
++        system_hostname[_POSIX_HOST_NAME_MAX] = '\0';
+         hostname = system_hostname;
+     }
+ 

Property changes on: security/sssd/files/patch-src__resolv__async_resolv_utils.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__sbus__sbus_codegen
===================================================================
--- security/sssd/files/patch-src__sbus__sbus_codegen	(nonexistent)
+++ security/sssd/files/patch-src__sbus__sbus_codegen	(working copy)
@@ -0,0 +1,10 @@
+diff --git src/sbus/sbus_codegen src/sbus/sbus_codegen
+index a97a92591..fb3b6d9b3 100755
+--- src/sbus/sbus_codegen
++++ src/sbus/sbus_codegen
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env python
++#!/usr/bin/env python3
+ 
+ #
+ # Authors:

Property changes on: security/sssd/files/patch-src__sbus__sbus_codegen
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__sss_client__common.c
===================================================================
--- security/sssd/files/patch-src__sss_client__common.c	(revision 554848)
+++ security/sssd/files/patch-src__sss_client__common.c	(working copy)
@@ -1,4 +1,6 @@
---- src/sss_client/common.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/sss_client/common.c src/sss_client/common.c
+index d8effb6dd..edeb4a159 100644
+--- src/sss_client/common.c
 +++ src/sss_client/common.c
 @@ -25,6 +25,7 @@
  #include "config.h"
@@ -8,15 +10,15 @@
  #include <security/pam_modules.h>
  #include <errno.h>
  #include <sys/types.h>
-@@ -43,6 +44,7 @@
- #include <libintl.h>
+@@ -44,6 +45,7 @@
  #define _(STRING) dgettext (PACKAGE, STRING)
  #include "sss_cli.h"
+ #include "common_private.h"
 +#include "util/sss_bsd_errno.h"
  
  #if HAVE_PTHREAD
  #include <pthread.h>
-@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c
+@@ -126,7 +128,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd,
              *errnop = error;
              break;
          case 0:
@@ -24,7 +26,7 @@
              break;
          case 1:
              if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
-@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c
+@@ -235,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd,
              *errnop = error;
              break;
          case 0:
@@ -32,7 +34,7 @@
              break;
          case 1:
              if (pfd.revents & (POLLHUP)) {
-@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int *errno
+@@ -679,7 +679,6 @@ static enum sss_status sss_cli_check_socket(int *errnop,
              *errnop = error;
              break;
          case 0:
@@ -40,7 +42,7 @@
              break;
          case 1:
              if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) {
-@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_comm
+@@ -730,7 +729,7 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
      /* avoid looping in the nss daemon */
      envval = getenv("_SSS_LOOPS");
      if (envval && strcmp(envval, "NO") == 0) {
@@ -48,13 +50,21 @@
 +        return NS_NOTFOUND;
      }
  
-     ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME);
-     if (ret != SSS_STATUS_SUCCESS) {
+     ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME, timeout);
+@@ -738,9 +737,9 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
+ #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR
+         *errnop = 0;
+         errno = 0;
+-        return NSS_STATUS_NOTFOUND;
++        return NS_NOTFOUND;
+ #else
 -        return NSS_STATUS_UNAVAIL;
 +        return NS_UNAVAIL;
+ #endif
      }
  
-     ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
+@@ -765,17 +764,17 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd,
+     }
      switch (ret) {
      case SSS_STATUS_TRYAGAIN:
 -        return NSS_STATUS_TRYAGAIN;
@@ -64,37 +74,14 @@
 +        return NS_SUCCESS;
      case SSS_STATUS_UNAVAIL:
      default:
--        return NSS_STATUS_UNAVAIL;
-+        return NS_UNAVAIL;
-     }
- }
- 
-@@ -750,23 +749,23 @@ int sss_pac_make_request(enum sss_cli_command cmd,
-     /* avoid looping in the nss daemon */
-     envval = getenv("_SSS_LOOPS");
-     if (envval && strcmp(envval, "NO") == 0) {
+ #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR
+         *errnop = 0;
+         errno = 0;
 -        return NSS_STATUS_NOTFOUND;
 +        return NS_NOTFOUND;
-     }
- 
-     ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME);
-     if (ret != SSS_STATUS_SUCCESS) {
+ #else
 -        return NSS_STATUS_UNAVAIL;
 +        return NS_UNAVAIL;
+ #endif
      }
- 
-     ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop);
-     switch (ret) {
-     case SSS_STATUS_TRYAGAIN:
--        return NSS_STATUS_TRYAGAIN;
-+        return NS_TRYAGAIN;
-     case SSS_STATUS_SUCCESS:
--        return NSS_STATUS_SUCCESS;
-+        return NS_SUCCESS;
-     case SSS_STATUS_UNAVAIL:
-     default:
--        return NSS_STATUS_UNAVAIL;
-+        return NS_UNAVAIL;
-     }
  }
- 
Index: security/sssd/files/patch-src__sss_client__nss_group.c
===================================================================
--- security/sssd/files/patch-src__sss_client__nss_group.c	(revision 554848)
+++ security/sssd/files/patch-src__sss_client__nss_group.c	(working copy)
@@ -1,6 +1,8 @@
---- src/sss_client/nss_group.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c
+index 5ab2bdf78..69ba75dcb 100644
+--- src/sss_client/nss_group.c
 +++ src/sss_client/nss_group.c
-@@ -343,6 +343,76 @@ out:
+@@ -390,6 +390,76 @@ out:
  }
  
  
Index: security/sssd/files/patch-src__sss_client__pam_sss.c
===================================================================
--- security/sssd/files/patch-src__sss_client__pam_sss.c	(nonexistent)
+++ security/sssd/files/patch-src__sss_client__pam_sss.c	(working copy)
@@ -0,0 +1,16 @@
+diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
+index f634f7659..1de88fefe 100644
+--- src/sss_client/pam_sss.c
++++ src/sss_client/pam_sss.c
+@@ -263,9 +263,9 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style,
+ 
+         pam_msg->msg_style = msg_style;
+         if (state == SSS_PAM_CONV_REENTER) {
+-            pam_msg->msg = reenter_msg;
++            pam_msg->msg = (char *)(intptr_t)reenter_msg;
+         } else {
+-            pam_msg->msg = msg;
++            pam_msg->msg = (char *)(intptr_t)msg;
+         }
+ 
+         mesg[0] = (const struct pam_message *) pam_msg;

Property changes on: security/sssd/files/patch-src__sss_client__pam_sss.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__sss_client__sss_nss.exports
===================================================================
--- security/sssd/files/patch-src__sss_client__sss_nss.exports	(revision 554848)
+++ security/sssd/files/patch-src__sss_client__sss_nss.exports	(working copy)
@@ -1,4 +1,6 @@
---- src/sss_client/sss_nss.exports.orig	2014-09-17 13:01:37 UTC
+diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports
+index 1eefea8d5..8e85a0541 100644
+--- src/sss_client/sss_nss.exports
 +++ src/sss_client/sss_nss.exports
 @@ -3,6 +3,7 @@ EXPORTED {
  	# public functions
@@ -8,13 +10,13 @@
  		_nss_sss_getpwnam_r;
  		_nss_sss_getpwuid_r;
  		_nss_sss_setpwent;
-@@ -14,7 +15,24 @@ EXPORTED {
+@@ -14,8 +15,25 @@ EXPORTED {
  		_nss_sss_setgrent;
  		_nss_sss_getgrent_r;
  		_nss_sss_endgrent;
 +		_nss_sss_getgroupmembership;
  		_nss_sss_initgroups_dyn;
-+
+ 
 +		__nss_compat_getgrnam_r;
 +		__nss_compat_getgrgid_r;
 +		__nss_compat_getgrent_r;
@@ -30,6 +32,7 @@
 +		__nss_compat_gethostbyname;
 +		__nss_compat_gethostbyname2;
 +		__nss_compat_gethostbyaddr;
- 
++
  		#_nss_sss_getaliasbyname_r;
  		#_nss_sss_setaliasent;
+ 		#_nss_sss_getaliasent_r;
Index: security/sssd/files/patch-src__tests__cmocka__test_authtok.c
===================================================================
--- security/sssd/files/patch-src__tests__cmocka__test_authtok.c	(nonexistent)
+++ security/sssd/files/patch-src__tests__cmocka__test_authtok.c	(working copy)
@@ -0,0 +1,12 @@
+diff --git src/tests/cmocka/test_authtok.c src/tests/cmocka/test_authtok.c
+index 9422f96bc..8492e186a 100644
+--- src/tests/cmocka/test_authtok.c
++++ src/tests/cmocka/test_authtok.c
+@@ -28,6 +28,7 @@
+ #include "tests/cmocka/common_mock.h"
+ 
+ #include "util/authtok.h"
++#include "util/sss_endian.h"
+ 
+ 
+ struct test_state {

Property changes on: security/sssd/files/patch-src__tests__cmocka__test_authtok.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c
===================================================================
--- security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c	(nonexistent)
+++ security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c	(working copy)
@@ -0,0 +1,13 @@
+diff --git src/tests/cmocka/test_pam_srv.c src/tests/cmocka/test_pam_srv.c
+index 446985d5d..f53f84be2 100644
+--- src/tests/cmocka/test_pam_srv.c
++++ src/tests/cmocka/test_pam_srv.c
+@@ -1177,7 +1177,7 @@ void test_pam_open_session(void **state)
+ 
+     /* make sure pam_status is not touched by setting it to a value which is
+      * not used by SSSD. */
+-    pam_test_ctx->exp_pam_status = _PAM_RETURN_VALUES;
++    pam_test_ctx->exp_pam_status = PAM_NUM_ERRORS;
+     set_cmd_cb(test_pam_simple_check);
+     ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_OPEN_SESSION,
+                           pam_test_ctx->pam_cmds);

Property changes on: security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__tests__cwrap__test_responder_common.c
===================================================================
--- security/sssd/files/patch-src__tests__cwrap__test_responder_common.c	(nonexistent)
+++ security/sssd/files/patch-src__tests__cwrap__test_responder_common.c	(working copy)
@@ -0,0 +1,18 @@
+diff --git src/tests/cwrap/test_responder_common.c src/tests/cwrap/test_responder_common.c
+index 11cc3abd8..191310143 100644
+--- src/tests/cwrap/test_responder_common.c
++++ src/tests/cwrap/test_responder_common.c
+@@ -136,11 +136,13 @@ void check_sock_properties(struct create_pipe_ctx *ctx, mode_t mode)
+     assert_true(S_ISSOCK(sbuf.st_mode));
+     assert_true((sbuf.st_mode & ~S_IFMT) == mode);
+ 
++#ifdef SO_DOMAIN
+     /* Check it's a UNIX socket */
+     optlen = sizeof(optval);
+     ret = getsockopt(ctx->fd, SOL_SOCKET, SO_DOMAIN, &optval, &optlen);
+     assert_int_equal(ret, 0);
+     assert_int_equal(optval, AF_UNIX);
++#endif
+ 
+     optlen = sizeof(optval);
+     ret = getsockopt(ctx->fd, SOL_SOCKET, SO_TYPE, &optval, &optlen);

Property changes on: security/sssd/files/patch-src__tests__cwrap__test_responder_common.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__tests__cwrap__test_server.c
===================================================================
--- security/sssd/files/patch-src__tests__cwrap__test_server.c	(nonexistent)
+++ security/sssd/files/patch-src__tests__cwrap__test_server.c	(working copy)
@@ -0,0 +1,12 @@
+diff --git src/tests/cwrap/test_server.c src/tests/cwrap/test_server.c
+index 85ecb7f74..a2ddc595f 100644
+--- src/tests/cwrap/test_server.c
++++ src/tests/cwrap/test_server.c
+@@ -23,6 +23,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
++#include <signal.h>
+ 
+ #include <popt.h>
+ #include "util/util.h"

Property changes on: security/sssd/files/patch-src__tests__cwrap__test_server.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__tests__dlopen-tests.c
===================================================================
--- security/sssd/files/patch-src__tests__dlopen-tests.c	(nonexistent)
+++ security/sssd/files/patch-src__tests__dlopen-tests.c	(working copy)
@@ -0,0 +1,22 @@
+diff --git src/tests/dlopen-tests.c src/tests/dlopen-tests.c
+index 9a5d3597f..4b469726b 100644
+--- src/tests/dlopen-tests.c
++++ src/tests/dlopen-tests.c
+@@ -44,7 +44,7 @@ struct so {
+     { "libipa_hbac.so", { LIBPFX"libipa_hbac.so", NULL } },
+     { "libsss_idmap.so", { LIBPFX"libsss_idmap.so", NULL } },
+     { "libsss_nss_idmap.so", { LIBPFX"libsss_nss_idmap.so", NULL } },
+-    { "libnss_sss.so", { LIBPFX"libnss_sss.so", NULL } },
++    { "nss_sss.so", { LIBPFX"nss_sss.so", NULL } },
+     { "libsss_certmap.so", { LIBPFX"libsss_certmap.so", NULL } },
+     { "pam_sss.so", { LIBPFX"pam_sss.so", NULL } },
+ #ifdef BUILD_LIBWBCLIENT
+@@ -82,8 +82,6 @@ struct so {
+     { "libsss_util.so", { LIBPFX"libsss_util.so", NULL } },
+     { "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so",
+                             LIBPFX"libsss_simple.so", NULL } },
+-    { "libsss_files.so", { LIBPFX"libdlopen_test_providers.so",
+-                           LIBPFX"libsss_files.so", NULL } },
+ #ifdef BUILD_SAMBA
+     { "libsss_ad.so", { LIBPFX"libdlopen_test_providers.so",
+                         LIBPFX"libsss_ad.so", NULL } },

Property changes on: security/sssd/files/patch-src__tests__dlopen-tests.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c
===================================================================
--- security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c	(revision 554848)
+++ security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c	(working copy)
@@ -1,15 +1,16 @@
---- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c
+index 2275ccd96..c1e418917 100644
+--- src/util/crypto/libcrypto/crypto_sha512crypt.c
 +++ src/util/crypto/libcrypto/crypto_sha512crypt.c
-@@ -28,6 +28,12 @@
- #include <openssl/evp.h>
- #include <openssl/rand.h>
+@@ -30,6 +30,11 @@
  
+ #include "sss_openssl.h"
+ 
 +void *
 +mempcpy (void *dest, const void *src, size_t n)
 +{
 +  return (char *) memcpy (dest, src, n) + n;
 +}
-+
+ 
  /* Define our magic string to mark salt for SHA512 "encryption" replacement. */
  const char sha512_salt_prefix[] = "$6$";
- #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1)
Index: security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c
===================================================================
--- security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c	(revision 554848)
+++ security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c	(working copy)
@@ -1,4 +1,6 @@
---- src/util/crypto/nss/nss_sha512crypt.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c
+index 4d0594d9f..49801222d 100644
+--- src/util/crypto/nss/nss_sha512crypt.c
 +++ src/util/crypto/nss/nss_sha512crypt.c
 @@ -29,6 +29,12 @@
  #include <sechash.h>
Index: security/sssd/files/patch-src__util__find_uid.c
===================================================================
--- security/sssd/files/patch-src__util__find_uid.c	(revision 554848)
+++ security/sssd/files/patch-src__util__find_uid.c	(working copy)
@@ -1,6 +1,8 @@
---- src/util/find_uid.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/util/find_uid.c src/util/find_uid.c
+index 215c0d338..42a1df729 100644
+--- src/util/find_uid.c
 +++ src/util/find_uid.c
-@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t
+@@ -72,7 +72,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid)
      uint32_t num=0;
      errno_t error;
  
@@ -7,9 +9,9 @@
 -    ret = snprintf(path, PATHLEN, "/proc/%d/status", pid);
 +    ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid);
      if (ret < 0) {
-         DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed");
+         DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed\n");
          return EINVAL;
-@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *tabl
+@@ -218,12 +218,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid)
      struct dirent *dirent;
      int ret, err;
      pid_t pid = -1;
@@ -24,7 +26,7 @@
      if (proc_dir == NULL) {
          ret = errno;
          DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n");
-@@ -287,9 +287,8 @@ done:
+@@ -298,9 +298,8 @@ done:
  
  errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table)
  {
Index: security/sssd/files/patch-src__util__nss_dl_load.c
===================================================================
--- security/sssd/files/patch-src__util__nss_dl_load.c	(nonexistent)
+++ security/sssd/files/patch-src__util__nss_dl_load.c	(working copy)
@@ -0,0 +1,30 @@
+--- src/util/nss_dl_load.c-orig	2020-10-22 17:57:10.433049000 +0100
++++ src/util/nss_dl_load.c	2020-11-01 13:25:22.636487000 +0000
+@@ -24,6 +24,7 @@
+ #include "util/util_errors.h"
+ #include "util/debug.h"
+ #include "nss_dl_load.h"
++#include "util/sss_bsd_errno.h"
+ 
+ 
+ #define NSS_FN_NAME "_nss_%s_%s"
+@@ -36,7 +37,8 @@
+     char *funcname;
+     void *funcptr;
+ 
+-    funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name);
++/*    funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name);  */
++    funcname = talloc_asprintf(NULL, "%s", name);
+     if (funcname == NULL) {
+         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
+         return NULL;
+@@ -78,7 +80,8 @@
+         {(void**)&ops->endservent,      "endservent"}
+     };
+ 
+-    libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname);
++/*    libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname); */
++    libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname);
+     if (libpath == NULL) {
+         DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
+         return ENOMEM;

Property changes on: security/sssd/files/patch-src__util__nss_dl_load.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__server.c
===================================================================
--- security/sssd/files/patch-src__util__server.c	(revision 554848)
+++ security/sssd/files/patch-src__util__server.c	(working copy)
@@ -1,10 +1,10 @@
---- src/util/server.c.orig	2014-09-17 13:01:37 UTC
+diff --git src/util/server.c src/util/server.c
+index f34bf49f6..7cb3864af 100644
+--- src/util/server.c
 +++ src/util/server.c
-@@ -322,12 +322,14 @@ static void setup_signals(void)
+@@ -311,10 +311,13 @@ static void setup_signals(void)
      BlockSignals(false, SIGTERM);
  
-     CatchSignal(SIGHUP, sig_hup);
--
  #ifndef HAVE_PRCTL
 -        /* If prctl is not defined on the system, try to handle
 -         * some common termination signals gracefully */
Index: security/sssd/files/patch-src__util__signal.c
===================================================================
--- security/sssd/files/patch-src__util__signal.c	(revision 554848)
+++ security/sssd/files/patch-src__util__signal.c	(nonexistent)
@@ -1,71 +0,0 @@
---- src/util/signal.c.orig	2014-09-17 13:01:37 UTC
-+++ src/util/signal.c
-@@ -28,45 +28,6 @@
-  * @brief Signal handling
-  */
- 
--/****************************************************************************
-- Catch child exits and reap the child zombie status.
--****************************************************************************/
--
--static void sig_cld(int signum)
--{
--	while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0)
--		;
--
--	/*
--	 * Turns out it's *really* important not to
--	 * restore the signal handler here if we have real POSIX
--	 * signal handling. If we do, then we get the signal re-delivered
--	 * immediately - hey presto - instant loop ! JRA.
--	 */
--
--#if !defined(HAVE_SIGACTION)
--	CatchSignal(SIGCLD, sig_cld);
--#endif
--}
--
--/****************************************************************************
--catch child exits - leave status;
--****************************************************************************/
--
--static void sig_cld_leave_status(int signum)
--{
--	/*
--	 * Turns out it's *really* important not to
--	 * restore the signal handler here if we have real POSIX
--	 * signal handling. If we do, then we get the signal re-delivered
--	 * immediately - hey presto - instant loop ! JRA.
--	 */
--
--#if !defined(HAVE_SIGACTION)
--	CatchSignal(SIGCLD, sig_cld_leave_status);
--#endif
--}
--
- /**
-  Block sigs.
- **/
-@@ -125,22 +86,4 @@ void (*CatchSignal(int signum,void (*handler)(int )))(
- 	/* FIXME: need to handle sigvec and systems with broken signal() */
- 	return signal(signum, handler);
- #endif
--}
--
--/**
-- Ignore SIGCLD via whatever means is necessary for this OS.
--**/
--
--void CatchChild(void)
--{
--	CatchSignal(SIGCLD, sig_cld);
--}
--
--/**
-- Catch SIGCLD but leave the child around so it's status can be reaped.
--**/
--
--void CatchChildLeaveStatus(void)
--{
--	CatchSignal(SIGCLD, sig_cld_leave_status);
- }

Property changes on: security/sssd/files/patch-src__util__signal.c
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__sss_endian.h
===================================================================
--- security/sssd/files/patch-src__util__sss_endian.h	(nonexistent)
+++ security/sssd/files/patch-src__util__sss_endian.h	(working copy)
@@ -0,0 +1,23 @@
+diff --git src/util/sss_endian.h src/util/sss_endian.h
+index 834c35980..d0bc1d338 100644
+--- src/util/sss_endian.h
++++ src/util/sss_endian.h
+@@ -29,6 +29,18 @@
+ # include <sys/endian.h>
+ #endif /* !HAVE_ENDIAN_H && !HAVE_SYS_ENDIAN_H */
+ 
++#if defined(_BYTE_ORDER) && !defined(__BYTE_ORDER)
++#define __BYTE_ORDER _BYTE_ORDER
++#endif
++
++#if defined(_LITTLE_ENDIAN) && !defined(__LITTLE_ENDIAN)
++#define __LITTLE_ENDIAN _LITTLE_ENDIAN
++#endif
++
++#if defined(_BIG_ENDIAN) && !defined(__BIG_ENDIAN)
++#define __BIG_ENDIAN _BIG_ENDIAN
++#endif
++
+ /* Endianness-compatibility for systems running older versions of glibc */
+ 
+ #ifndef le32toh

Property changes on: security/sssd/files/patch-src__util__sss_endian.h
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__sss_krb5.c
===================================================================
--- security/sssd/files/patch-src__util__sss_krb5.c	(nonexistent)
+++ security/sssd/files/patch-src__util__sss_krb5.c	(working copy)
@@ -0,0 +1,12 @@
+diff --git src/util/sss_krb5.c src/util/sss_krb5.c
+index c0cc28a75..88e6e6008 100644
+--- src/util/sss_krb5.c
++++ src/util/sss_krb5.c
+@@ -28,6 +28,7 @@
+ #include "util/sss_iobuf.h"
+ #include "util/util.h"
+ #include "util/sss_krb5.h"
++#include "util/sss_endian.h"
+ 
+ static char *
+ sss_krb5_get_primary(TALLOC_CTX *mem_ctx,

Property changes on: security/sssd/files/patch-src__util__sss_krb5.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__sss_ldap.c
===================================================================
--- security/sssd/files/patch-src__util__sss_ldap.c	(revision 554848)
+++ security/sssd/files/patch-src__util__sss_ldap.c	(nonexistent)
@@ -1,21 +0,0 @@
---- src/util/sss_ldap.c.orig	2014-09-17 13:01:37 UTC
-+++ src/util/sss_ldap.c
-@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_
-     errno = 0;
-     ret = connect(state->fd, (struct sockaddr *) &state->addr,
-                   state->addr_len);
-+    if (errno == EISCONN) {
-+        ret = EOK;
-+    }
-     if (ret != EOK) {
-         ret = errno;
-         if (ret == EINPROGRESS || ret == EINTR) {
-@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_
-           "Using file descriptor [%d] for LDAP connection.\n", state->sd);
- 
-     subreq = sdap_async_sys_connect_send(state, ev, state->sd,
--                                         (struct sockaddr *) addr, addr_len);
-+                                         (struct sockaddr *) addr, sizeof(struct sockaddr));
-     if (subreq == NULL) {
-         ret = ENOMEM;
-         DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n");

Property changes on: security/sssd/files/patch-src__util__sss_ldap.c
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__sss_sockets.c
===================================================================
--- security/sssd/files/patch-src__util__sss_sockets.c	(nonexistent)
+++ security/sssd/files/patch-src__util__sss_sockets.c	(working copy)
@@ -0,0 +1,45 @@
+--- src/util/sss_sockets.c.orig	2020-03-17 13:31:28.000000000 +0000
++++ src/util/sss_sockets.c	2020-10-22 19:39:46.454834000 +0100
+@@ -120,14 +120,16 @@
+         }
+ 
+         milli = timeout * 1000; /* timeout in milliseconds */
+-        ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
+-                         sizeof(milli));
+-        if (ret != 0) {
+-            ret = errno;
+-            DEBUG(SSSDBG_FUNC_DATA,
+-                  "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
+-                  strerror(ret));
+-        }
++        /* FreeBSD does not have TCP_USER_TIMEOUT option yet ....
++	 * ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
++         *                  sizeof(milli));
++         * if (ret != 0) {
++         *     ret = errno;
++         *     DEBUG(SSSDBG_FUNC_DATA,
++         *           "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
++         *           strerror(ret));
++         * }
++	 */
+     }
+ 
+     return EOK;
+@@ -230,7 +232,7 @@
+ 
+     talloc_zfree(fde);
+ 
+-    if (ret == EOK) {
++    if (ret == EOK || ret == EISCONN) {
+         tevent_req_done(req);
+     } else {
+         ret = errno;
+@@ -313,7 +315,7 @@
+           "Using file descriptor [%d] for the connection.\n", state->sd);
+ 
+     subreq = sssd_async_connect_send(state, ev, state->sd,
+-                                     (struct sockaddr *) addr, addr_len);
++                                     (struct sockaddr *) addr, sizeof(struct sockaddr));
+     if (subreq == NULL) {
+         ret = ENOMEM;
+         DEBUG(SSSDBG_CRIT_FAILURE, "sssd_async_connect_send failed.\n");

Property changes on: security/sssd/files/patch-src__util__sss_sockets.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__util.c
===================================================================
--- security/sssd/files/patch-src__util__util.c	(nonexistent)
+++ security/sssd/files/patch-src__util__util.c	(working copy)
@@ -0,0 +1,22 @@
+--- src/util/util.c	2020-10-20 19:31:51.466783000 +0100
++++ src/util/util.c	2020-10-20 19:33:20.832098000 +0100
+@@ -830,6 +830,19 @@
+     return EOK;
+ }
+ 
++
++#ifdef __FreeBSD__
++int flb_timezone(void)
++{
++    struct tm tm;
++    time_t t = 0;
++    tzset();
++    localtime_r(&t, &tm);
++    return -(tm.tm_gmtoff);
++}
++#define timezone (flb_timezone())
++#endif
++
+ /* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime)
+  * to unix time (seconds since epoch). Use UTC time zone.
+  */

Property changes on: security/sssd/files/patch-src__util__util.c
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: security/sssd/files/patch-src__util__util.h
===================================================================
--- security/sssd/files/patch-src__util__util.h	(revision 554848)
+++ security/sssd/files/patch-src__util__util.h	(working copy)
@@ -1,18 +1,11 @@
---- src/util/util.h.orig	2014-09-17 13:01:37 UTC
+diff --git src/util/util.h src/util/util.h
+index 1e36bf02a..e883f322f 100644
+--- src/util/util.h
 +++ src/util/util.h
-@@ -227,8 +227,6 @@ void sig_term(int sig);
- #include <signal.h>
- void BlockSignals(bool block, int signum);
- void (*CatchSignal(int signum,void (*handler)(int )))(int);
--void CatchChild(void);
--void CatchChildLeaveStatus(void);
+@@ -733,4 +733,6 @@ errno_t create_preauth_indicator(void);
+ #define N_ELEMENTS(arr) (sizeof(arr) / sizeof(arr[0]))
+ #endif
  
- /* from memory.c */
- typedef int (void_destructor_fn_t)(void *);
-@@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx,
- char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx,
-                                  const char *orig_name,
-                                  const char replace_char);
 +#include "util/sss_bsd_errno.h"
- 
++
  #endif /* __SSSD_UTIL_H__ */
Index: security/sssd/files/patch-src_external_pac__responder.m4
===================================================================
--- security/sssd/files/patch-src_external_pac__responder.m4	(revision 554848)
+++ security/sssd/files/patch-src_external_pac__responder.m4	(nonexistent)
@@ -1,25 +0,0 @@
---- src/external/pac_responder.m4.orig	2014-09-17 13:01:37 UTC
-+++ src/external/pac_responder.m4
-@@ -14,14 +14,20 @@ then
-     PKG_CHECK_MODULES(NDR_KRB5PAC, ndr_krb5pac, ndr_krb5pac_ok=yes,
-         AC_MSG_WARN([Cannot build pac responder without libndr_krb5pac]))
- 
--    AC_PATH_PROG(KRB5_CONFIG, krb5-config)
-+    AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH])
-     AC_MSG_CHECKING(for supported MIT krb5 version)
-     KRB5_VERSION="`$KRB5_CONFIG --version`"
-     case $KRB5_VERSION in
-         Kerberos\ 5\ release\ 1.9* | \
-         Kerberos\ 5\ release\ 1.10* | \
-         Kerberos\ 5\ release\ 1.11* | \
--        Kerberos\ 5\ release\ 1.12*)
-+        Kerberos\ 5\ release\ 1.12* | \
-+        Kerberos\ 5\ release\ 1.13* | \
-+        Kerberos\ 5\ release\ 1.14* | \
-+        Kerberos\ 5\ release\ 1.15* | \
-+        Kerberos\ 5\ release\ 1.16* | \
-+        Kerberos\ 5\ release\ 1.17* | \
-+        Kerberos\ 5\ release\ 1.18*)
-             krb5_version_ok=yes
-             AC_MSG_RESULT([yes])
-             ;;

Property changes on: security/sssd/files/patch-src_external_pac__responder.m4
___________________________________________________________________
Deleted: fbsd:nokeywords
## -1 +0,0 ##
-yes
\ No newline at end of property
Deleted: svn:eol-style
## -1 +0,0 ##
-native
\ No newline at end of property
Deleted: svn:mime-type
## -1 +0,0 ##
-text/plain
\ No newline at end of property
Index: security/sssd/files/pkg-message.in
===================================================================
--- security/sssd/files/pkg-message.in	(revision 554848)
+++ security/sssd/files/pkg-message.in	(working copy)
@@ -1,6 +1,4 @@
-[
-{ type: install
-  message: <<EOM
+================================================================================
 Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf
 and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details)
 
@@ -20,6 +18,4 @@
 
 An sssd HOWTO is also available:
 https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2
-EOM
-}
-]
+================================================================================
Index: security/sssd/files/sssd.in
===================================================================
--- security/sssd/files/sssd.in	(revision 554848)
+++ security/sssd/files/sssd.in	(working copy)
@@ -34,7 +34,8 @@
 
 sssd_prestart()
 {
-	for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do
+
+	for i in db/sss/db db/sss/gpo_cache db/sss/keytabs db/sss/mc db/sss/pubconf/krb5.include.d/ db/sss/secrets log/sssd run/sss/pipes/private;  do
 		if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi
 	done
 }
Index: security/sssd/pkg-plist
===================================================================
--- security/sssd/pkg-plist	(revision 554848)
+++ security/sssd/pkg-plist	(working copy)
@@ -1,21 +1,32 @@
 bin/sss_ssh_authorizedkeys
 bin/sss_ssh_knownhostsproxy
 etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
+etc/pam.d/sssd-shadowutils
 %%ETCDIR%%/sssd.conf.sample
 include/ipa_hbac.h
+include/sss_certmap.h
 include/sss_idmap.h
 include/sss_nss_idmap.h
+include/sss_sifp.h
+include/sss_sifp_dbus.h
+include/wbclient_sssd.h
 %%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so
 lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
 lib/libipa_hbac.so
 lib/libipa_hbac.so.0
-lib/libipa_hbac.so.0.0.1
+lib/libipa_hbac.so.0.1.0
+lib/libsss_certmap.so
+lib/libsss_certmap.so.0
+lib/libsss_certmap.so.0.0.0
 lib/libsss_idmap.so
 lib/libsss_idmap.so.0
-lib/libsss_idmap.so.0.4.0
+lib/libsss_idmap.so.0.5.1
 lib/libsss_nss_idmap.so
 lib/libsss_nss_idmap.so.0
-lib/libsss_nss_idmap.so.0.0.1
+lib/libsss_nss_idmap.so.0.5.0
+lib/libsss_simpleifp.so
+lib/libsss_simpleifp.so.0
+lib/libsss_simpleifp.so.0.1.1
 lib/libsss_sudo.so
 lib/nss_sss.so
 lib/nss_sss.so.1
@@ -22,19 +33,20 @@
 lib/nss_sss.so.2
 lib/nss_sss.so.2.0.0
 lib/pam_sss.so
-%%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/SSSDConfig-1.16.5-py%%PYTHON_VER%%.egg-info
 %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
-%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc
+%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__.cpython-37.pyc
+%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf.cpython-37.pyc
 %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py
-%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.pyc
-%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.py
-%%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.pyc
 %%PYTHON_SITELIBDIR%%/pyhbac.so
 %%PYTHON_SITELIBDIR%%/pysss.so
 %%PYTHON_SITELIBDIR%%/pysss_murmur.so
 %%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
+%%SMB%%lib/samba/idmap/winbind_idmap_sss.so
 lib/shared-modules/ldb/memberof.so
 %%SMB%%lib/sssd/libsss_ad.so
+lib/sssd/conf/sssd.conf
+lib/sssd/libsss_cert.so
 lib/sssd/libsss_child.so
 lib/sssd/libsss_crypt.so
 lib/sssd/libsss_debug.so
@@ -44,13 +56,23 @@
 lib/sssd/libsss_ldap.so
 lib/sssd/libsss_ldap_common.so
 lib/sssd/libsss_proxy.so
+lib/sssd/libsss_semanage.so
 lib/sssd/libsss_simple.so
 lib/sssd/libsss_util.so
+lib/sssd/modules/libwbclient.so
+lib/sssd/modules/libwbclient.so.0
+lib/sssd/modules/libwbclient.so.0.14.0
+lib/sssd/modules/sssd_krb5_localauth_plugin.so
 libdata/pkgconfig/ipa_hbac.pc
+libdata/pkgconfig/sss_certmap.pc
 libdata/pkgconfig/sss_idmap.pc
 libdata/pkgconfig/sss_nss_idmap.pc
+libdata/pkgconfig/sss_simpleifp.pc
+libdata/pkgconfig/wbclient_sssd.pc
+%%SMB%%libexec/sssd/gpo_child
 libexec/sssd/krb5_child
 libexec/sssd/ldap_child
+libexec/sssd/p11_child
 libexec/sssd/proxy_child
 libexec/sssd/sss_signal
 libexec/sssd/sssd_be
@@ -60,15 +82,27 @@
 libexec/sssd/sssd_pam
 libexec/sssd/sssd_ssh
 libexec/sssd/sssd_sudo
-man/es/man1/sss_ssh_authorizedkeys.1.gz
-man/es/man1/sss_ssh_knownhostsproxy.1.gz
+man/de/man1/sss_ssh_knownhostsproxy.1.gz
+man/de/man5/sssd-ifp.5.gz
+man/de/man5/sssd-krb5.5.gz
+man/de/man5/sssd-ldap.5.gz
+man/de/man5/sssd-simple.5.gz
+man/de/man5/sssd-sudo.5.gz
+man/de/man8/sss_groupadd.8.gz
+man/de/man8/sss_groupdel.8.gz
+man/de/man8/sss_groupmod.8.gz
+man/de/man8/sss_groupshow.8.gz
+man/de/man8/sss_obfuscate.8.gz
+man/de/man8/sss_seed.8.gz
+man/de/man8/sss_useradd.8.gz
+man/de/man8/sss_userdel.8.gz
+man/de/man8/sss_usermod.8.gz
+man/de/man8/sssd.8.gz
 man/es/man5/sssd-ldap.5.gz
+man/es/man5/sssd.conf.5.gz
 man/es/man5/sssd-simple.5.gz
 man/es/man5/sssd-sudo.5.gz
-man/es/man5/sssd.conf.5.gz
 man/es/man8/pam_sss.8.gz
-man/es/man8/sss_cache.8.gz
-man/es/man8/sss_debuglevel.8.gz
 man/es/man8/sss_groupadd.8.gz
 man/es/man8/sss_groupdel.8.gz
 man/es/man8/sss_groupmod.8.gz
@@ -80,17 +114,11 @@
 man/es/man8/sss_usermod.8.gz
 man/es/man8/sssd.8.gz
 man/es/man8/sssd_krb5_locator_plugin.8.gz
-man/fr/man1/sss_ssh_authorizedkeys.1.gz
 man/fr/man1/sss_ssh_knownhostsproxy.1.gz
-man/fr/man5/sssd-ad.5.gz
 man/fr/man5/sssd-krb5.5.gz
 man/fr/man5/sssd-ldap.5.gz
 man/fr/man5/sssd-simple.5.gz
 man/fr/man5/sssd-sudo.5.gz
-man/fr/man5/sssd.conf.5.gz
-man/fr/man8/pam_sss.8.gz
-man/fr/man8/sss_cache.8.gz
-man/fr/man8/sss_debuglevel.8.gz
 man/fr/man8/sss_groupadd.8.gz
 man/fr/man8/sss_groupdel.8.gz
 man/fr/man8/sss_groupmod.8.gz
@@ -101,16 +129,8 @@
 man/fr/man8/sss_userdel.8.gz
 man/fr/man8/sss_usermod.8.gz
 man/fr/man8/sssd.8.gz
-man/fr/man8/sssd_krb5_locator_plugin.8.gz
-man/ja/man1/sss_ssh_authorizedkeys.1.gz
 man/ja/man1/sss_ssh_knownhostsproxy.1.gz
-man/ja/man5/sssd-krb5.5.gz
-man/ja/man5/sssd-ldap.5.gz
 man/ja/man5/sssd-simple.5.gz
-man/ja/man5/sssd.conf.5.gz
-man/ja/man8/pam_sss.8.gz
-man/ja/man8/sss_cache.8.gz
-man/ja/man8/sss_debuglevel.8.gz
 man/ja/man8/sss_groupadd.8.gz
 man/ja/man8/sss_groupdel.8.gz
 man/ja/man8/sss_groupmod.8.gz
@@ -120,17 +140,20 @@
 man/ja/man8/sss_userdel.8.gz
 man/ja/man8/sss_usermod.8.gz
 man/ja/man8/sssd.8.gz
-man/ja/man8/sssd_krb5_locator_plugin.8.gz
 man/man1/sss_ssh_authorizedkeys.1.gz
 man/man1/sss_ssh_knownhostsproxy.1.gz
-man/man5/sssd-ad.5.gz
+man/man5/sss-certmap.5.gz
+%%SMB%%man/man5/sssd-ad.5.gz
+man/man5/sssd-files.5.gz
 man/man5/sssd-ifp.5.gz
-man/man5/sssd-ipa.5.gz
+%%SMB%%man/man5/sssd-ipa.5.gz
 man/man5/sssd-krb5.5.gz
 man/man5/sssd-ldap.5.gz
+man/man5/sssd-session-recording.5.gz
 man/man5/sssd-simple.5.gz
 man/man5/sssd-sudo.5.gz
 man/man5/sssd.conf.5.gz
+man/man8/idmap_sss.8.gz
 man/man8/pam_sss.8.gz
 man/man8/sss_cache.8.gz
 man/man8/sss_debuglevel.8.gz
@@ -139,24 +162,58 @@
 man/man8/sss_groupmod.8.gz
 man/man8/sss_groupshow.8.gz
 man/man8/sss_obfuscate.8.gz
+man/man8/sss_override.8.gz
 man/man8/sss_seed.8.gz
 man/man8/sss_useradd.8.gz
 man/man8/sss_userdel.8.gz
 man/man8/sss_usermod.8.gz
+man/man8/sssctl.8.gz
 man/man8/sssd.8.gz
 man/man8/sssd_krb5_locator_plugin.8.gz
 man/nl/man8/sss_groupmod.8.gz
 man/pt/man8/sss_groupdel.8.gz
 man/pt/man8/sss_groupmod.8.gz
+man/sv/man5/sssd.conf.5.gz
+man/sv/man5/sssd-ad.5.gz
+man/sv/man5/sssd-ifp.5.gz
+man/sv/man5/sssd-ipa.5.gz
+man/sv/man5/sssd-krb5.5.gz
+man/sv/man5/sssd-ldap.5.gz
+man/sv/man5/sssd-simple.5.gz
+man/sv/man5/sssd-sudo.5.gz
+man/sv/man5/sss-certmap.5.gz
+man/sv/man8/pam_sss.8.gz
+man/sv/man8/sss_cache.8.gz
+man/sv/man8/sss_debuglevel.8.gz
+man/sv/man8/sss_groupadd.8.gz
+man/sv/man8/sss_groupdel.8.gz
+man/sv/man8/sss_groupmod.8.gz
+man/sv/man8/sss_groupshow.8.gz
+man/sv/man8/sss_obfuscate.8.gz
+man/sv/man8/sss_override.8.gz
+man/sv/man8/sss_seed.8.gz
+man/sv/man8/sss_useradd.8.gz
+man/sv/man8/sss_userdel.8.gz
+man/sv/man8/sss_usermod.8.gz
+man/sv/man8/sssd.8.gz
+man/sv/man8/sssd_krb5_locator_plugin.8.gz
 man/uk/man1/sss_ssh_authorizedkeys.1.gz
 man/uk/man1/sss_ssh_knownhostsproxy.1.gz
+man/uk/man5/sss-certmap.5.gz
+man/uk/man5/sss_rpcidmapd.5.gz
 man/uk/man5/sssd-ad.5.gz
+man/uk/man5/sssd-files.5.gz
 man/uk/man5/sssd-ifp.5.gz
+man/uk/man5/sssd-ipa.5.gz
 man/uk/man5/sssd-krb5.5.gz
 man/uk/man5/sssd-ldap.5.gz
+man/uk/man5/sssd-secrets.5.gz
+man/uk/man5/sssd-session-recording.5.gz
 man/uk/man5/sssd-simple.5.gz
 man/uk/man5/sssd-sudo.5.gz
+man/uk/man5/sssd-systemtap.5.gz
 man/uk/man5/sssd.conf.5.gz
+man/uk/man8/idmap_sss.8.gz
 man/uk/man8/pam_sss.8.gz
 man/uk/man8/sss_cache.8.gz
 man/uk/man8/sss_debuglevel.8.gz
@@ -165,10 +222,13 @@
 man/uk/man8/sss_groupmod.8.gz
 man/uk/man8/sss_groupshow.8.gz
 man/uk/man8/sss_obfuscate.8.gz
+man/uk/man8/sss_override.8.gz
 man/uk/man8/sss_seed.8.gz
 man/uk/man8/sss_useradd.8.gz
 man/uk/man8/sss_userdel.8.gz
 man/uk/man8/sss_usermod.8.gz
+man/uk/man8/sssctl.8.gz
+man/uk/man8/sssd-kcm.8.gz
 man/uk/man8/sssd.8.gz
 man/uk/man8/sssd_krb5_locator_plugin.8.gz
 sbin/sss_cache
@@ -178,19 +238,30 @@
 sbin/sss_groupmod
 sbin/sss_groupshow
 sbin/sss_obfuscate
+sbin/sss_override
 sbin/sss_seed
 sbin/sss_useradd
 sbin/sss_userdel
 sbin/sss_usermod
+sbin/sssctl
 sbin/sssd
+@dir %%ETCDIR%%/conf.d
+@dir %%ETCDIR%%/pki
 @dir lib/ldb
-@dir lib/sssd/modules
 %%PORTDOCS%%@dir %%DOCSDIR%%/doc
 %%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc
 %%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc
-%%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc
 %%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc
-@postexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi
-@postexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi
-@postexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi
-@postexec if [ -d /var/run/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/run/sss`` to remove any additional files."; fi
+%%PORTDOCS%%@dir %%DOCSDIR%%/sss_simpleifp_doc
+@dir /var/db/sss/db
+@dir /var/db/sss/deskprofile
+@dir /var/db/sss/gpo_cache
+@dir /var/db/sss/keytabs
+@dir /var/db/sss/mc
+@dir /var/db/sss/pubconf/krb5.include.d
+@dir /var/db/sss/pubconf
+@dir /var/db/sss
+@dir /var/log/sssd
+@dir /var/run/sss/pipes/private
+@dir /var/run/sss/pipes
+@dir /var/run/sss