Date: Fri, 30 Oct 2009 13:07:55 GMT From: Jacob Myers <jacob@whotookspaz.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/140107: [PATCH] Enhance net/nss_ldap to support FreeBSD login classes Message-ID: <200910301307.n9UD7t4A090184@www.freebsd.org> Resent-Message-ID: <200910301310.n9UDA9Dv067576@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 140107
>Category: ports
>Synopsis: [PATCH] Enhance net/nss_ldap to support FreeBSD login classes
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Oct 30 13:10:09 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Jacob Myers
>Release: 7.2-RELEASE-p4
>Organization:
Wilcox Technologies
>Environment:
FreeBSD kusanagi.whotookspaz.org 7.2-RELEASE-p4 FreeBSD 7.2-RELEASE-p4 #1: Wed Oct 28 10:07:06 EDT 2009 root@kusanagi.whotookspaz.org:/usr/obj/usr/src/sys/KUSANAGI i386
>Description:
This patch allows the use of login classes in nss_ldap via a new LDAP attribute (loginClass). Administrators should be able to add this attribute to their schemata easily.
>How-To-Repeat:
N/A
>Fix:
See attached patch file.
Patch attached with submission follows:
--- nss_ldap/Makefile 2009-09-16 18:06:58.000000000 -0400
+++ nss_ldap/Makefile 2009-10-30 08:47:23.000000000 -0400
@@ -23,6 +23,8 @@
USE_LDCONFIG= yes
USE_OPENLDAP= yes
+OPTIONS= LCLASS "Enable login classes via the loginClass attribute" on
+
PLIST_FILES= etc/nss_ldap.conf.sample \
lib/nss_ldap.so.1
@@ -41,6 +43,10 @@
CONFIGURE_ARGS+=--enable-configurable-krb5-ccname-env
.endif
+.if defined(WITH_LCLASS)
+CFLAGS+="-DHAVE_LOGIN_CLASSES"
+.endif
+
post-extract:
${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}
--- nss_ldap/files/patch-login-classes 1969-12-31 19:00:00.000000000 -0500
+++ nss_ldap/files/patch-login-classes 2009-10-30 08:44:19.000000000 -0400
@@ -0,0 +1,52 @@
+--- ldap-pwd.c 2009-08-29 09:21:43.000000000 -0400
++++ ldap-pwd.c 2009-08-29 08:17:12.000000000 -0400
+@@ -170,6 +170,15 @@
+ }
++
++#ifdef HAVE_LOGIN_CLASSES
++ stat =
++ _nss_ldap_assign_attrval (e, AT (loginClass), &pw->pw_class, &buffer,
++ &buflen);
++ if (stat != NSS_SUCCESS)
++ (void) _nss_ldap_assign_emptystring (&pw->pw_class, &buffer, &buflen);
++#endif
++
+ stat =
+ _nss_ldap_assign_attrval (e, AT (homeDirectory), &pw->pw_dir, &buffer,
+ &buflen);
+ if (stat != NSS_SUCCESS)
+
+--- ldap-schema.c 2009-08-29 09:21:43.000000000 -0400
++++ ldap-schema.c 2009-08-28 12:09:52.000000000 -0400
+@@ -334,6 +334,9 @@
+ #ifdef HAVE_PASSWD_PW_EXPIRE
+ (*pwd_attrs)[i++] = AT (shadowExpire);
+ #endif /* HAVE_PASSWD_PW_EXPIRE */
++#ifdef HAVE_LOGIN_CLASSES
++ (*pwd_attrs)[i++] = AT (loginClass);
++#endif
+ (*pwd_attrs)[i] = NULL;
+ }
+
+--- ldap-schema.h 2009-08-29 09:21:43.000000000 -0400
++++ ldap-schema.h 2009-08-29 06:37:18.000000000 -0400
+@@ -24,7 +24,7 @@
+ #define _LDAP_NSS_LDAP_LDAP_SCHEMA_H
+
+ /* max number of attributes per object class */
+-#define ATTRTAB_SIZE 15
++#define ATTRTAB_SIZE 16
+
+ /**
+ * function to initialize global lookup filters.
+@@ -153,6 +153,10 @@
+ #define AT_gecos "gecos"
+ #define AT_homeDirectory "homeDirectory"
+
++#ifdef HAVE_LOGIN_CLASSES
++/* FreeBSD extension -Jacob Myers <jacob@whotokspaz.org> */
++#define AT_loginClass "loginClass"
++#endif
+ /*
+ * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY
+ * DESC 'Additional attributes for shadow passwords'
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910301307.n9UD7t4A090184>