Date: Thu, 13 Oct 2011 18:39:05 GMT From: Andrew Elble <aweits@rit.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/161555: [new port] security/sssd Message-ID: <201110131839.p9DId5Pw051946@red.freebsd.org> Resent-Message-ID: <201110131840.p9DIe9gF064949@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 161555 >Category: ports >Synopsis: [new port] security/sssd >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Thu Oct 13 18:40:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Andrew Elble >Release: 8.2-RELEASE >Organization: RIT >Environment: >Description: new port: security/sssd Integrates the functionality of pam_krb5 and pam_ldap/nss_ldap with caching and additional features. This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. WWW: https://fedorahosted.org/sssd/ >How-To-Repeat: >Fix: Patch attached with submission follows: # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # sssd # sssd/files # sssd/files/patch-src__providers__ldap__ldap_child.c # sssd/files/patch-src__confdb__confdb.c # sssd/files/patch-src__sss_client__common.c # sssd/files/pam_macros.h # sssd/files/patch-src__providers__ldap__ldap_common.c # sssd/files/patch-src__providers__ldap__sdap_access.c # sssd/files/patch-src__util__sss_krb5.h # sssd/files/patch-src__providers__ldap__ldap_auth.c # sssd/files/patch-src__util__sss_ldap.c # sssd/files/patch-src__util__sss_krb5.c # sssd/files/patch-src__providers__krb5__krb5_utils.c # sssd/files/bsdnss.c # sssd/files/patch-src__monitor__monitor.c # sssd/files/patch-src__providers__proxy__proxy_init.c # sssd/files/patch-src__providers__ipa__ipa_common.c # sssd/files/patch-src__sss_client__pam_test_client.c # sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c # sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c # sssd/files/patch-src__responder__common__responder_common.c # sssd/files/patch-src__responder__common__responder_packet.c # sssd/files/patch-src__responder__common__responder_dp.c # sssd/files/sssd.in # sssd/files/patch-src__providers__data_provider_be.c # sssd/files/patch-src__providers__fail_over.c # sssd/files/patch-src__providers__krb5__krb5_child.c # sssd/files/patch-src__util__util.c # sssd/files/patch-Makefile.am # sssd/files/patch-src__sss_client__sss_nss.exports # sssd/files/patch-src__resolv__async_resolv.c # sssd/files/patch-src__util__server.c # sssd/files/patch-src__sss_client__nss_group.c # sssd/files/patch-src__util__find_uid.c # sssd/Makefile # sssd/distinfo # sssd/pkg-descr # sssd/pkg-plist # sssd/pkg-message # echo c - sssd mkdir -p sssd > /dev/null 2>&1 echo c - sssd/files mkdir -p sssd/files > /dev/null 2>&1 echo x - sssd/files/patch-src__providers__ldap__ldap_child.c sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_child.c << '0dff636266206d37854277ccc608940b' X--- ./src/providers/ldap/ldap_child.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/ldap/ldap_child.c 2011-10-13 12:15:03.000000000 -0400 X@@ -165,7 +165,7 @@ X } X X realm_name = talloc_strdup(memctx, default_realm); X- krb5_free_default_realm(context, default_realm); X+ free(default_realm); X if (!realm_name) { X krberr = KRB5KRB_ERR_GENERIC; X goto done; X@@ -279,20 +279,20 @@ X goto done; X } X X- krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); X- if (krberr) { X- DEBUG(2, ("Failed to get KDC time offset: %s\n", X- sss_krb5_get_error_message(context, krberr))); X- kdc_time_offset = 0; X- } else { X- if (kdc_time_offset_usec > 0) { X- kdc_time_offset++; X- } X- } X+ // krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); X+ // if (krberr) { X+ // DEBUG(2, ("Failed to get KDC time offset: %s\n", X+ // sss_krb5_get_error_message(context, krberr))); X+ // kdc_time_offset = 0; X+ // } else { X+ // if (kdc_time_offset_usec > 0) { X+ // kdc_time_offset++; X+ // } X+ // } X X krberr = 0; X *ccname_out = ccname; X- *expire_time_out = my_creds.times.endtime - kdc_time_offset; X+ *expire_time_out = my_creds.times.endtime; X X done: X if (keytab) krb5_kt_close(context, keytab); 0dff636266206d37854277ccc608940b echo x - sssd/files/patch-src__confdb__confdb.c sed 's/^X//' >sssd/files/patch-src__confdb__confdb.c << '627640ab7c3922efe0925fdadd8e5f56' X--- ./src/confdb/confdb.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/confdb/confdb.c 2011-10-13 12:15:03.000000000 -0400 X@@ -28,6 +28,11 @@ X #include "util/strtonum.h" X #include "db/sysdb.h" X X+char *strchrnul(const char *s, int ch) { X+ char *ret = strchr(s, ch); X+ return ret == NULL ? ((char *)s) + strlen(s) : ret; X+} X+ X #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ X if (!var) { \ X ret = err; \ 627640ab7c3922efe0925fdadd8e5f56 echo x - sssd/files/patch-src__sss_client__common.c sed 's/^X//' >sssd/files/patch-src__sss_client__common.c << '26621ce01bbd60b4170be0b5004a9ef1' X--- ./src/sss_client/common.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/sss_client/common.c 2011-10-13 12:15:03.000000000 -0400 X@@ -26,6 +26,7 @@ X #include "config.h" X X #include <nss.h> X+#include <nsswitch.h> X #include <security/pam_modules.h> X #include <errno.h> X #include <sys/types.h> X@@ -111,7 +112,6 @@ X *errnop = error; X break; X case 0: X- *errnop = ETIME; X break; X case 1: X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { X@@ -216,7 +216,6 @@ X *errnop = error; X break; X case 0: X- *errnop = ETIME; X break; X case 1: X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { X@@ -638,7 +637,6 @@ X *errnop = error; X break; X case 0: X- *errnop = ETIME; X break; X case 1: X if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { X@@ -688,23 +686,23 @@ X /* avoid looping in the nss daemon */ X envval = getenv("_SSS_LOOPS"); X if (envval && strcmp(envval, "NO") == 0) { X- return NSS_STATUS_NOTFOUND; X+ return NS_NOTFOUND; X } X X ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); X if (ret != SSS_STATUS_SUCCESS) { X- return NSS_STATUS_UNAVAIL; X+ return NS_UNAVAIL; X } X X ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); X switch (ret) { X case SSS_STATUS_TRYAGAIN: X- return NSS_STATUS_TRYAGAIN; X+ return NS_TRYAGAIN; X case SSS_STATUS_SUCCESS: X- return NSS_STATUS_SUCCESS; X+ return NS_SUCCESS; X case SSS_STATUS_UNAVAIL: X default: X- return NSS_STATUS_UNAVAIL; X+ return NS_UNAVAIL; X } X } X 26621ce01bbd60b4170be0b5004a9ef1 echo x - sssd/files/pam_macros.h sed 's/^X//' >sssd/files/pam_macros.h << '2219b187c780ea2d3d08bf43fc8c16c4' X#ifndef PAM_MACROS_H X#define PAM_MACROS_H X X/* X * All kind of macros used by PAM, but usable in some other X * programs too. X * Organized by Cristian Gafton <gafton@redhat.com> X */ X X/* a 'safe' version of strdup */ X X#include <stdlib.h> X#include <string.h> X X#define x_strdup(s) ( (s) ? strdup(s):NULL ) X X/* Good policy to strike out passwords with some characters not just X free the memory */ X X#define _pam_overwrite(x) \ Xdo { \ X register char *__xx__; \ X if ((__xx__=(x))) \ X while (*__xx__) \ X *__xx__++ = '\0'; \ X} while (0) X X#define _pam_overwrite_n(x,n) \ Xdo { \ X register char *__xx__; \ X register unsigned int __i__ = 0; \ X if ((__xx__=(x))) \ X for (;__i__<n; __i__++) \ X __xx__[__i__] = 0; \ X} while (0) X X/* X * Don't just free it, forget it too. X */ X X#define _pam_drop(X) \ Xdo { \ X if (X) { \ X free(X); \ X X=NULL; \ X } \ X} while (0) X X#define _pam_drop_reply(/* struct pam_response * */ reply, /* int */ replies) \ Xdo { \ X int reply_i; \ X \ X for (reply_i=0; reply_i<replies; ++reply_i) { \ X if (reply[reply_i].resp) { \ X _pam_overwrite(reply[reply_i].resp); \ X free(reply[reply_i].resp); \ X } \ X } \ X if (reply) \ X free(reply); \ X} while (0) X X/* some debugging code */ X X#ifdef DEBUG X X/* X * This provides the necessary function to do debugging in PAM. X * Cristian Gafton <gafton@redhat.com> X */ X X#include <stdio.h> X#include <sys/types.h> X#include <stdarg.h> X#include <errno.h> X#include <sys/stat.h> X#include <fcntl.h> X#include <unistd.h> X X/* X * This is for debugging purposes ONLY. DO NOT use on live systems !!! X * You have been warned :-) - CG X * X * to get automated debugging to the log file, it must be created manually. X * _PAM_LOGFILE must exist and be writable to the programs you debug. X */ X X#ifndef _PAM_LOGFILE X#define _PAM_LOGFILE "/var/run/pam-debug.log" X#endif X Xstatic void _pam_output_debug_info(const char *file, const char *fn X , const int line) X{ X FILE *logfile; X int must_close = 1, fd; X X#ifdef O_NOFOLLOW X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { X#else X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { X#endif X if (!(logfile = fdopen(fd,"a"))) { X logfile = stderr; X must_close = 0; X close(fd); X } X } else { X logfile = stderr; X must_close = 0; X } X fprintf(logfile,"[%s:%s(%d)] ",file, fn, line); X fflush(logfile); X if (must_close) X fclose(logfile); X} X Xstatic void _pam_output_debug(const char *format, ...) X{ X va_list args; X FILE *logfile; X int must_close = 1, fd; X X va_start(args, format); X X#ifdef O_NOFOLLOW X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_NOFOLLOW|O_APPEND)) != -1) { X#else X if ((fd = open(_PAM_LOGFILE, O_WRONLY|O_APPEND)) != -1) { X#endif X if (!(logfile = fdopen(fd,"a"))) { X logfile = stderr; X must_close = 0; X close(fd); X } X } else { X logfile = stderr; X must_close = 0; X } X vfprintf(logfile, format, args); X fprintf(logfile, "\n"); X fflush(logfile); X if (must_close) X fclose(logfile); X X va_end(args); X} X X#define D(x) do { \ X _pam_output_debug_info(__FILE__, __FUNCTION__, __LINE__); \ X _pam_output_debug x ; \ X} while (0) X X#define _pam_show_mem(X,XS) do { \ X int i; \ X register unsigned char *x; \ X x = (unsigned char *)X; \ X fprintf(stderr, " <start at %p>\n", X); \ X for (i = 0; i < XS ; ++x, ++i) { \ X fprintf(stderr, " %02X. <%p:%02X>\n", i, x, *x); \ X } \ X fprintf(stderr, " <end for %p after %d bytes>\n", X, XS); \ X} while (0) X X#define _pam_show_reply(/* struct pam_response * */reply, /* int */replies) \ Xdo { \ X int reply_i; \ X setbuf(stderr, NULL); \ X fprintf(stderr, "array at %p of size %d\n",reply,replies); \ X fflush(stderr); \ X if (reply) { \ X for (reply_i = 0; reply_i < replies; reply_i++) { \ X fprintf(stderr, " elem# %d at %p: resp = %p, retcode = %d\n", \ X reply_i, reply+reply_i, reply[reply_i].resp, \ X reply[reply_i].resp, _retcode); \ X fflush(stderr); \ X if (reply[reply_i].resp) { \ X fprintf(stderr, " resp[%d] = '%s'\n", \ X strlen(reply[reply_i].resp), reply[reply_i].resp); \ X fflush(stderr); \ X } \ X } \ X } \ X fprintf(stderr, "done here\n"); \ X fflush(stderr); \ X} while (0) X X#else X X#define D(x) do { } while (0) X#define _pam_show_mem(X,XS) do { } while (0) X#define _pam_show_reply(reply, replies) do { } while (0) X X#endif /* DEBUG */ X X#endif /* PAM_MACROS_H */ 2219b187c780ea2d3d08bf43fc8c16c4 echo x - sssd/files/patch-src__providers__ldap__ldap_common.c sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_common.c << 'a6f58fad4c8611b6a964a84b4ae1335e' X--- ./src/providers/ldap/ldap_common.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/ldap/ldap_common.c 2011-10-13 12:15:03.000000000 -0400 X@@ -749,7 +749,7 @@ X } X X realm = talloc_strdup(mem_ctx, krb5_realm); X- krb5_free_default_realm(context, krb5_realm); X+ free(krb5_realm); X if (!realm) { X DEBUG(0, ("Out of memory\n")); X goto done; a6f58fad4c8611b6a964a84b4ae1335e echo x - sssd/files/patch-src__providers__ldap__sdap_access.c sed 's/^X//' >sssd/files/patch-src__providers__ldap__sdap_access.c << '18fdbf49d936a7d37d6b4b034075953e' X--- ./src/providers/ldap/sdap_access.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/ldap/sdap_access.c 2011-10-13 12:15:03.000000000 -0400 X@@ -22,9 +22,7 @@ X along with this program. If not, see <http://www.gnu.org/licenses/>. X */ X X-#define _XOPEN_SOURCE 500 /* for strptime() */ X #include <time.h> X-#undef _XOPEN_SOURCE X #include <sys/param.h> X #include <security/pam_modules.h> X #include <talloc.h> X@@ -119,7 +117,7 @@ X pd); X if (req == NULL) { X DEBUG(1, ("Unable to start sdap_access request\n")); X- sdap_access_reply(breq, PAM_SYSTEM_ERR); X+ sdap_access_reply(breq, PAM_SERVICE_ERR); X return; X } X X@@ -157,7 +155,7 @@ X X state->be_ctx = be_ctx; X state->pd = pd; X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X state->ev = ev; X state->access_ctx = access_ctx; X state->current_rule = 0; X@@ -502,18 +500,17 @@ X return true; X } X X+ tzset(); X expire_time = mktime(&tm); X if (expire_time == -1) { X DEBUG(1, ("mktime failed to convert [%s].\n", exp_time_str)); X return true; X } X X- tzset(); X- expire_time -= timezone; X now = time(NULL); X- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " X- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], X- tzname[1], timezone, daylight, now, expire_time)); X+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] " X+ "now [%d] expire_time [%d].\n", tzname[0], X+ tzname[1], now, expire_time)); X X if (difftime(now, expire_time) > 0.0) { X DEBUG(4, ("NDS account expired.\n")); X@@ -663,7 +660,7 @@ X return NULL; X } X X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X X expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, X SDAP_ACCOUNT_EXPIRE_POLICY); X@@ -747,7 +744,7 @@ X talloc_zfree(subreq); X if (ret != EOK) { X DEBUG(1, ("Error retrieving access check result.\n")); X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X tevent_req_error(req, ret); X return; X } X@@ -807,7 +804,7 @@ X state->filter = NULL; X state->be_ctx = be_ctx; X state->username = username; X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X state->sdap_ctx = access_ctx->id_ctx; X state->ev = ev; X state->access_ctx = access_ctx; X@@ -953,7 +950,7 @@ X SDAP_SEARCH_TIMEOUT)); X if (subreq == NULL) { X DEBUG(1, ("Could not start LDAP communication\n")); X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X tevent_req_error(req, EIO); X return; X } X@@ -984,13 +981,13 @@ X if (ret == EOK) { X return; X } X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X } else if (dp_error == DP_ERR_OFFLINE) { X sdap_access_filter_decide_offline(req); X } else { X DEBUG(1, ("sdap_get_generic_send() returned error [%d][%s]\n", X ret, strerror(ret))); X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X } X X goto done; X@@ -1009,7 +1006,7 @@ X else if (results == NULL) { X DEBUG(1, ("num_results > 0, but results is NULL\n")); X ret = EIO; X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X goto done; X } X else if (num_results > 1) { X@@ -1018,7 +1015,7 @@ X */ X DEBUG(1, ("Received multiple replies\n")); X ret = EIO; X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X goto done; X } X else { /* Ok, we got a single reply */ X@@ -1106,7 +1103,7 @@ X talloc_zfree(subreq); X if (ret != EOK) { X DEBUG(1, ("Error retrieving access check result.\n")); X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X tevent_req_error(req, ret); X return; X } X@@ -1247,7 +1244,7 @@ X talloc_zfree(subreq); X if (ret != EOK) { X DEBUG(1, ("Error retrieving access check result.\n")); X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X tevent_req_error(req, ret); X return; X } X@@ -1274,7 +1271,7 @@ X struct ldb_message_element *el; X unsigned int i; X char *host; X- char hostname[HOST_NAME_MAX+1]; X+ char hostname[_POSIX_HOST_NAME_MAX+1]; X X req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); X if (!req) { X@@ -1370,7 +1367,7 @@ X talloc_zfree(subreq); X if (ret != EOK) { X DEBUG(1, ("Error retrieving access check result.\n")); X- state->pam_status = PAM_SYSTEM_ERR; X+ state->pam_status = PAM_SERVICE_ERR; X tevent_req_error(req, ret); X return; X } X@@ -1395,7 +1392,7 @@ X static void sdap_access_done(struct tevent_req *req) X { X errno_t ret; X- int pam_status = PAM_SYSTEM_ERR; X+ int pam_status = PAM_SERVICE_ERR; X struct be_req *breq = X tevent_req_callback_data(req, struct be_req); X X@@ -1403,7 +1400,7 @@ X talloc_zfree(req); X if (ret != EOK) { X DEBUG(1, ("Error retrieving access check result.\n")); X- pam_status = PAM_SYSTEM_ERR; X+ pam_status = PAM_SERVICE_ERR; X } X X sdap_access_reply(breq, pam_status); 18fdbf49d936a7d37d6b4b034075953e echo x - sssd/files/patch-src__util__sss_krb5.h sed 's/^X//' >sssd/files/patch-src__util__sss_krb5.h << '86c603ccb5dfe88c791af39eaca57193' X--- ./src/util/sss_krb5.h.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/sss_krb5.h 2011-10-13 12:15:09.000000000 -0400 X@@ -34,6 +34,8 @@ X X #include "util/util.h" X X+#define KRB5_CALLCONV X+ X const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, X krb5_error_code); X 86c603ccb5dfe88c791af39eaca57193 echo x - sssd/files/patch-src__providers__ldap__ldap_auth.c sed 's/^X//' >sssd/files/patch-src__providers__ldap__ldap_auth.c << 'f5a2f09ae2f7a7f401ec20f6192fb50e' X--- ./src/providers/ldap/ldap_auth.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/ldap/ldap_auth.c 2011-10-13 12:15:03.000000000 -0400 X@@ -37,7 +37,6 @@ X #include <sys/time.h> X #include <strings.h> X X-#include <shadow.h> X #include <security/pam_modules.h> X X #include "util/util.h" X@@ -46,6 +45,7 @@ X #include "providers/ldap/ldap_common.h" X #include "providers/ldap/sdap_async.h" X X+ X /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the X * fact that using the expiration time of a Kerberos password with LDAP X * authentication is presumably a rare case a separate config option is not X@@ -59,6 +59,22 @@ X PWEXPIRE_SHADOW X }; X X+struct spwd X+{ X+ char *sp_namp; /* Login name. */ X+ char *sp_pwdp; /* Encrypted password. */ X+ long int sp_lstchg; /* Date of last change. */ X+ long int sp_min; /* Minimum number of days between changes. */ X+ long int sp_max; /* Maximum number of days between changes. */ X+ long int sp_warn; /* Number of days to warn user to change X+ the password. */ X+ long int sp_inact; /* Number of days the account may be X+ inactive. */ X+ long int sp_expire; /* Number of days since 1970-01-01 until X+ account expires. */ X+ unsigned long int sp_flag; /* Reserved. */ X+}; X+ X static errno_t add_expired_warning(struct pam_data *pd, long exp_time) X { X int ret; X@@ -111,17 +127,16 @@ X return EINVAL; X } X X+ tzset(); X expire_time = mktime(&tm); X if (expire_time == -1) { X DEBUG(1, ("mktime failed to convert [%s].\n", expire_date)); X return EINVAL; X } X X- tzset(); X- expire_time -= timezone; X- DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s] timezone [%d] " X- "daylight [%d] now [%d] expire_time [%d].\n", tzname[0], X- tzname[1], timezone, daylight, now, expire_time)); X+ DEBUG(9, ("Time info: tzname[0] [%s] tzname[1] [%s]" X+ "now [%d] expire_time [%d].\n", tzname[0], X+ tzname[1], now, expire_time)); X X if (difftime(now, expire_time) > 0.0) { X DEBUG(4, ("Kerberos password expired.\n")); X@@ -742,7 +757,7 @@ X X DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); X X- pd->pam_status = PAM_SYSTEM_ERR; X+ pd->pam_status = PAM_SERVICE_ERR; X X if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { X DEBUG(2, ("chpass target was called by wrong pam command.\n")); X@@ -799,7 +814,7 @@ X &pw_expire_type, &pw_expire_data); X talloc_zfree(req); X if (ret) { X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X X@@ -819,7 +834,7 @@ X &result); X if (ret != EOK) { X DEBUG(1, ("check_pwexpire_shadow failed.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X break; X@@ -828,14 +843,14 @@ X &result); X if (ret != EOK) { X DEBUG(1, ("check_pwexpire_kerberos failed.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X X if (result == SDAP_AUTH_PW_EXPIRED) { X DEBUG(1, ("LDAP provider cannot change kerberos " X "passwords.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X break; X@@ -844,7 +859,7 @@ X break; X default: X DEBUG(1, ("Unknow pasword expiration type.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X } X@@ -884,7 +899,7 @@ X dp_err = DP_ERR_OFFLINE; X break; X default: X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X } X X done: X@@ -905,7 +920,7 @@ X ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); X talloc_zfree(req); X if (ret) { X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X X@@ -964,7 +979,7 @@ X goto done; X } X X- pd->pam_status = PAM_SYSTEM_ERR; X+ pd->pam_status = PAM_SERVICE_ERR; X X switch (pd->cmd) { X case SSS_PAM_AUTHENTICATE: X@@ -1021,7 +1036,7 @@ X &pw_expire_type, &pw_expire_data); X talloc_zfree(req); X if (ret != EOK) { X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X dp_err = DP_ERR_FATAL; X goto done; X } X@@ -1033,7 +1048,7 @@ X state->pd, &result); X if (ret != EOK) { X DEBUG(1, ("check_pwexpire_shadow failed.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X break; X@@ -1042,7 +1057,7 @@ X state->pd, &result); X if (ret != EOK) { X DEBUG(1, ("check_pwexpire_kerberos failed.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X break; X@@ -1050,7 +1065,7 @@ X ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result); X if (ret != EOK) { X DEBUG(1, ("check_pwexpire_ldap failed.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X break; X@@ -1058,7 +1073,7 @@ X break; X default: X DEBUG(1, ("Unknow pasword expiration type.\n")); X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X goto done; X } X } X@@ -1080,7 +1095,7 @@ X state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; X break; X default: X- state->pd->pam_status = PAM_SYSTEM_ERR; X+ state->pd->pam_status = PAM_SERVICE_ERR; X dp_err = DP_ERR_FATAL; X } X f5a2f09ae2f7a7f401ec20f6192fb50e echo x - sssd/files/patch-src__util__sss_ldap.c sed 's/^X//' >sssd/files/patch-src__util__sss_ldap.c << '34a400de78a3c507347702c52a0360d3' X--- ./src/util/sss_ldap.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/sss_ldap.c 2011-10-13 12:15:03.000000000 -0400 X@@ -267,7 +267,7 @@ X strerror(ret))); X } X X- ret = setsockopt(fd, SOL_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); X+ ret = setsockopt(fd, IPPROTO_TCP, TCP_NODELAY, &dummy, sizeof(dummy)); X if (ret != 0) { X ret = errno; X DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, X@@ -340,7 +340,7 @@ X DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); X X subreq = sdap_async_sys_connect_send(state, ev, state->sd, X- (struct sockaddr *) addr, addr_len); X+ (struct sockaddr *) addr, sizeof(struct sockaddr)); X if (subreq == NULL) { X ret = ENOMEM; X DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); 34a400de78a3c507347702c52a0360d3 echo x - sssd/files/patch-src__util__sss_krb5.c sed 's/^X//' >sssd/files/patch-src__util__sss_krb5.c << '99ac7f8b12ff403efe228bac004fbe31' X--- ./src/util/sss_krb5.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/sss_krb5.c 2011-10-13 12:15:03.000000000 -0400 X@@ -165,8 +165,8 @@ X X if (_realm) { X *_realm = talloc_asprintf(mem_ctx, "%.*s", X- krb5_princ_realm(ctx, client_princ)->length, X- krb5_princ_realm(ctx, client_princ)->data); X+ krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)), X+ krb5_princ_realm(krb_ctx, client_princ)); X if (!*_realm) { X DEBUG(1, ("talloc_asprintf failed")); X if (_principal) talloc_zfree(*_principal); X@@ -243,7 +243,7 @@ X } X X realm_name = talloc_strdup(tmp_ctx, default_realm); X- krb5_free_default_realm(context, default_realm); X+ free(default_realm); X if (!realm_name) { X ret = ENOMEM; X goto done; X@@ -322,7 +322,7 @@ X found = true; X } X free(kt_principal); X- krberr = krb5_free_keytab_entry_contents(context, &entry); X+ krberr = krb5_kt_free_entry(context, &entry); X if (krberr) { X /* This should never happen. The API docs for this function X * specify only success for this function X@@ -466,7 +466,7 @@ X break; X } X X- kerr = krb5_free_keytab_entry_contents(ctx, &entry); X+ kerr = krb5_kt_free_entry(ctx, &entry); X if (kerr != 0) { X DEBUG(1, ("Failed to free keytab entry.\n")); X } X@@ -504,7 +504,7 @@ X kerr = 0; X X done: X- kerr_d = krb5_free_keytab_entry_contents(ctx, &entry); X+ kerr_d = krb5_kt_free_entry(ctx, &entry); X if (kerr_d != 0) { X DEBUG(1, ("Failed to free keytab entry.\n")); X } X@@ -540,7 +540,7 @@ X void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) X { X #ifdef HAVE_KRB5_GET_ERROR_MESSAGE X- krb5_free_error_message(ctx, s); X+ free(s); X #else X free(s); X #endif 99ac7f8b12ff403efe228bac004fbe31 echo x - sssd/files/patch-src__providers__krb5__krb5_utils.c sed 's/^X//' >sssd/files/patch-src__providers__krb5__krb5_utils.c << '4807d35142c99fff477b87915f6f26e5' X--- ./src/providers/krb5/krb5_utils.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/krb5/krb5_utils.c 2011-10-13 12:15:03.000000000 -0400 X@@ -435,10 +435,10 @@ X } X X server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", X- krb5_princ_realm(ctx, client_princ)->length, X- krb5_princ_realm(ctx, client_princ)->data, X- krb5_princ_realm(ctx, client_princ)->length, X- krb5_princ_realm(ctx, client_princ)->data); X+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), X+ krb5_princ_realm(ctx, client_princ), X+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), X+ krb5_princ_realm(ctx, client_princ)); X if (server_name == NULL) { X kerr = KRB5_CC_NOMEM; X DEBUG(1, ("talloc_asprintf failed.\n")); 4807d35142c99fff477b87915f6f26e5 echo x - sssd/files/bsdnss.c sed 's/^X//' >sssd/files/bsdnss.c << 'b8f746e6d30f97195d79298ae913038f' X#include <errno.h> X#include <sys/param.h> X#include <netinet/in.h> X#include <pwd.h> X#include <grp.h> X#include <nss.h> X#include <netdb.h> X Xextern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, X int *); Xextern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, X char *, size_t, int *); Xextern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, X size_t, int *); Xextern enum nss_status _nss_sss_setgrent(void); Xextern enum nss_status _nss_sss_endgrent(void); X Xextern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, X int *); Xextern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, X char *, size_t, int *); Xextern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, X size_t, int *); Xextern enum nss_status _nss_sss_setpwent(void); Xextern enum nss_status _nss_sss_endpwent(void); X Xextern enum nss_status _nss_sss_gethostbyname_r (const char *name, struct hostent * result, X char *buffer, size_t buflen, int *errnop, X int *h_errnop); X Xextern enum nss_status _nss_sss_gethostbyname2_r (const char *name, int af, struct hostent * result, X char *buffer, size_t buflen, int *errnop, X int *h_errnop); Xextern enum nss_status _nss_sss_gethostbyaddr_r (struct in_addr * addr, int len, int type, X struct hostent * result, char *buffer, X size_t buflen, int *errnop, int *h_errnop); X Xextern enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, X int maxgrp, int *grpcnt); X X XNSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); XNSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); XNSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); XNSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); XNSS_METHOD_PROTOTYPE(__nss_compat_setgrent); XNSS_METHOD_PROTOTYPE(__nss_compat_endgrent); X XNSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); XNSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); XNSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); XNSS_METHOD_PROTOTYPE(__nss_compat_setpwent); XNSS_METHOD_PROTOTYPE(__nss_compat_endpwent); X XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); XNSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); X Xstatic ns_mtab methods[] = { X{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, X{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, X{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, X{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, X{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, X{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, X X{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, X{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, X{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, X{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, X{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, X X// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, X//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, X//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, X X{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, X{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, X{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, X{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, X{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, X X{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, X{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, X{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, X{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, X{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, X X}; X X Xns_mtab * Xnss_module_register(const char *source, unsigned int *mtabsize, X nss_module_unregister_fn *unreg) X{ X *mtabsize = sizeof(methods)/sizeof(methods[0]); X *unreg = NULL; X return (methods); X} X Xint __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) X{ X int (*fn)(const char *, gid_t, gid_t *, int, int *); X X const char *uname; X gid_t agroup; X gid_t *groups; X int maxgrp; X int *grpcnt; X int errnop; X enum nss_status status; X X fn = mdata; X uname = va_arg(ap, const char *); X agroup = va_arg(ap, gid_t); X groups = va_arg(ap, gid_t *); X maxgrp = va_arg(ap, int); X grpcnt = va_arg(ap, int *); X status = fn(uname, agroup, groups, maxgrp, grpcnt); X status = __nss_compat_result(status, errnop); X return (status); X} X Xint __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) X{ X enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); X const char *name; X struct hostent *result; X char buffer[1024]; X size_t buflen = 1024; X int errnop; X int h_errnop; X int af; X enum nss_status status; X fn = mdata; X name = va_arg(ap, const char*); X af = va_arg(ap,int); X result = va_arg(ap,struct hostent *); X status = fn(name, result, buffer, buflen, &errnop, &h_errnop); X status = __nss_compat_result(status,errnop); X h_errno = h_errnop; X return (status); X} X Xint __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) X{ X enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); X const char *name; X struct hostent *result; X char buffer[1024]; X size_t buflen = 1024; X int errnop; X int h_errnop; X int af; X enum nss_status status; X fn = mdata; X name = va_arg(ap, const char*); X af = va_arg(ap,int); X result = va_arg(ap,struct hostent *); X status = fn(name, result, buffer, buflen, &errnop, &h_errnop); X status = __nss_compat_result(status,errnop); X h_errno = h_errnop; X return (status); X} X Xint __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) X{ X struct in_addr *addr; X int len; X int type; X struct hostent *result; X char buffer[1024]; X size_t buflen = 1024; X int errnop; X int h_errnop; X enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); X enum nss_status status; X fn = mdata; X addr = va_arg(ap, struct in_addr*); X len = va_arg(ap,int); X type = va_arg(ap,int); X result = va_arg(ap, struct hostent*); X status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); X status = __nss_compat_result(status,errnop); X h_errno = h_errnop; X return (status); X} b8f746e6d30f97195d79298ae913038f echo x - sssd/files/patch-src__monitor__monitor.c sed 's/^X//' >sssd/files/patch-src__monitor__monitor.c << '41b5227cd341819900afcae066448c00' X--- ./src/monitor/monitor.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/monitor/monitor.c 2011-10-13 12:15:03.000000000 -0400 X@@ -57,6 +57,10 @@ X X int cmdline_debug_level; X X+errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, X+ struct mt_ctx *ctx, X+ const char *file, X+ monitor_reconf_fn fn); X struct svc_spy; X X struct mt_svc { X@@ -1606,10 +1610,6 @@ X talloc_free(tmp_ctx); X } X X-errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, X- struct mt_ctx *ctx, X- const char *file, X- monitor_reconf_fn fn); X static void rewatch_config_file(struct tevent_context *ev, X struct tevent_timer *te, X struct timeval t, void *ptr) 41b5227cd341819900afcae066448c00 echo x - sssd/files/patch-src__providers__proxy__proxy_init.c sed 's/^X//' >sssd/files/patch-src__providers__proxy__proxy_init.c << 'dfa04b45b6643bb0db5a6612e4e94b8b' X--- ./src/providers/proxy/proxy_init.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/proxy/proxy_init.c 2011-10-13 12:15:03.000000000 -0400 X@@ -124,7 +124,7 @@ X if (!ctx->handle) { X DEBUG(0, ("Unable to load %s module with path, error: %s\n", X libpath, dlerror())); X- ret = ELIBACC; X+ ret = ENOENT; X goto done; X } X X@@ -132,7 +132,7 @@ X libname); X if (!ctx->ops.getpwnam_r) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X@@ -140,14 +140,14 @@ X libname); X if (!ctx->ops.getpwuid_r) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname); X if (!ctx->ops.setpwent) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X@@ -155,14 +155,14 @@ X libname); X if (!ctx->ops.getpwent_r) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname); X if (!ctx->ops.endpwent) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X@@ -170,7 +170,7 @@ X libname); X if (!ctx->ops.getgrnam_r) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X@@ -178,14 +178,14 @@ X libname); X if (!ctx->ops.getgrgid_r) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname); X if (!ctx->ops.setgrent) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X@@ -193,14 +193,14 @@ X libname); X if (!ctx->ops.getgrent_r) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X X ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname); X if (!ctx->ops.endgrent) { X DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X goto done; X } X dfa04b45b6643bb0db5a6612e4e94b8b echo x - sssd/files/patch-src__providers__ipa__ipa_common.c sed 's/^X//' >sssd/files/patch-src__providers__ipa__ipa_common.c << 'd6b60ac738da83f273e06f220f8b9238' X--- ./src/providers/ipa/ipa_common.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/ipa/ipa_common.c 2011-10-13 12:15:03.000000000 -0400 X@@ -191,7 +191,7 @@ X char *ipa_hostname; X int ret; X int i; X- char hostname[HOST_NAME_MAX + 1]; X+ char hostname[_POSIX_HOST_NAME_MAX + 1]; X X opts = talloc_zero(memctx, struct ipa_options); X if (!opts) return ENOMEM; X@@ -220,14 +220,14 @@ X X ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); X if (ipa_hostname == NULL) { X- ret = gethostname(hostname, HOST_NAME_MAX); X+ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); X if (ret != EOK) { X DEBUG(1, ("gethostname failed [%d][%s].\n", errno, X strerror(errno))); X ret = errno; X goto done; X } X- hostname[HOST_NAME_MAX] = '\0'; X+ hostname[_POSIX_HOST_NAME_MAX] = '\0'; X DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); X ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); X if (ret != EOK) { d6b60ac738da83f273e06f220f8b9238 echo x - sssd/files/patch-src__sss_client__pam_test_client.c sed 's/^X//' >sssd/files/patch-src__sss_client__pam_test_client.c << '7e0d9b62e0bc72ed1c419f1deaa1b016' X--- ./src/sss_client/pam_test_client.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/sss_client/pam_test_client.c 2011-10-13 12:15:03.000000000 -0400 X@@ -24,12 +24,13 @@ X X #include <stdio.h> X #include <unistd.h> X+#include <string.h> X X #include <security/pam_appl.h> X-#include <security/pam_misc.h> X+#include <security/openpam.h> X X static struct pam_conv conv = { X- misc_conv, X+ openpam_ttyconv, X NULL X }; X 7e0d9b62e0bc72ed1c419f1deaa1b016 echo x - sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c sed 's/^X//' >sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c << '922888bf8082a18eae5adf806c1ae794' X--- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 X@@ -265,7 +265,7 @@ X goto done; X } X X- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); X+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); X buflen -= SALT_PREF_SIZE; X X if (rounds_custom) { X@@ -283,7 +283,7 @@ X ret = ERANGE; X goto done; X } X- cp = __stpncpy(cp, salt, salt_len); X+ cp = stpncpy(cp, salt, salt_len); X *cp++ = '$'; X buflen -= salt_len + 1; X 922888bf8082a18eae5adf806c1ae794 echo x - sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c sed 's/^X//' >sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c << 'cac362937b030b35ecc64052416b1861' X--- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/crypto/nss/nss_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 X@@ -10,7 +10,7 @@ X X #include "config.h" X X-#include <endian.h> X+#include <sys/endian.h> X #include <errno.h> X #include <limits.h> X #include <stdbool.h> X@@ -267,7 +267,7 @@ X goto done; X } X X- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); X+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); X buflen -= SALT_PREF_SIZE; X X if (rounds_custom) { X@@ -285,7 +285,7 @@ X ret = ERANGE; X goto done; X } X- cp = __stpncpy(cp, salt, salt_len); X+ cp = stpncpy(cp, salt, salt_len); X *cp++ = '$'; X buflen -= salt_len + 1; X cac362937b030b35ecc64052416b1861 echo x - sssd/files/patch-src__responder__common__responder_common.c sed 's/^X//' >sssd/files/patch-src__responder__common__responder_common.c << '0d105c8a0863688f255499f28f1d7b6e' X--- ./src/responder/common/responder_common.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/responder/common/responder_common.c 2011-10-13 12:15:03.000000000 -0400 X@@ -195,7 +195,7 @@ X talloc_free(cctx); X break; X X- case ENODATA: X+ case ECONNRESET: X DEBUG(5, ("Client disconnected!\n")); X talloc_free(cctx); X break; 0d105c8a0863688f255499f28f1d7b6e echo x - sssd/files/patch-src__responder__common__responder_packet.c sed 's/^X//' >sssd/files/patch-src__responder__common__responder_packet.c << '8ddfc2cf01329704e2f45c5c4ed07c11' X--- ./src/responder/common/responder_packet.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/responder/common/responder_packet.c 2011-10-13 12:15:03.000000000 -0400 X@@ -192,7 +192,7 @@ X } X X if (rb == 0) { X- return ENODATA; X+ return ECONNRESET; X } X X if (*packet->len > packet->memsize) { 8ddfc2cf01329704e2f45c5c4ed07c11 echo x - sssd/files/patch-src__responder__common__responder_dp.c sed 's/^X//' >sssd/files/patch-src__responder__common__responder_dp.c << '7d0f7506137ded2f57bb49428706ab09' X--- ./src/responder/common/responder_dp.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/responder/common/responder_dp.c 2011-10-13 12:15:03.000000000 -0400 X@@ -210,7 +210,7 @@ X &sdp_req->err_min, X &sdp_req->err_msg); X if (ret != EOK) { X- if (ret == ETIME) { X+ if (ret == ETIMEDOUT) { X sdp_req->err_maj = DP_ERR_TIMEOUT; X sdp_req->err_min = ret; X sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); X@@ -569,7 +569,7 @@ X case DBUS_MESSAGE_TYPE_ERROR: X if (strcmp(dbus_message_get_error_name(reply), X DBUS_ERROR_NO_REPLY) == 0) { X- err = ETIME; X+ err = ETIMEDOUT; X goto done; X } X DEBUG(0,("The Data Provider returned an error [%s]\n", 7d0f7506137ded2f57bb49428706ab09 echo x - sssd/files/sssd.in sed 's/^X//' >sssd/files/sssd.in << '5130b6f91f034c10420611d80235b07e' X#!/bin/sh X# X# $FreeBSD$ X# X X# PROVIDE: sssd X# REQUIRE: NETWORKING LOGIN DAEMON devfs X# BEFORE: securelevel X# KEYWORD: shutdown X X# Add the following lines to /etc/rc.conf to enable `sssd': X# X# sssd_enable="YES" X# X# See sssd(8) for sssd_flags X# X X. /etc/rc.subr X Xname="sssd" Xrcvar=`set_rcvar` X Xcommand="%%PREFIX%%/sbin/$name" Xsssd_flags="-D" X# command_args="-D" Xpidfile="/var/run/$name.pid" Xrequired_files="%%PREFIX%%/etc/$name/$name.conf" X X# read configuration and set defaults Xload_rc_config "$name" X: ${sssd_enable="NO"} X Xrun_rc_command "$1" 5130b6f91f034c10420611d80235b07e echo x - sssd/files/patch-src__providers__data_provider_be.c sed 's/^X//' >sssd/files/patch-src__providers__data_provider_be.c << '038c4010726992e56c5332529b395a87' X--- ./src/providers/data_provider_be.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/data_provider_be.c 2011-10-13 12:15:03.000000000 -0400 X@@ -512,7 +512,7 @@ X return EIO; X } X X- pd->pam_status = PAM_SYSTEM_ERR; X+ pd->pam_status = PAM_SERVICE_ERR; X pd->domain = talloc_strdup(pd, becli->bectx->domain->name); X if (pd->domain == NULL) { X talloc_free(be_req); X@@ -1013,7 +1013,7 @@ X if (!handle) { X DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n", X mod_name, path, dlerror())); X- ret = ELIBACC; X+ ret = ENOENT; X goto done; X } X X@@ -1033,7 +1033,7 @@ X } else { X DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n", X mod_init_fn_name, mod_name, dlerror())); X- ret = ELIBBAD; X+ ret = ENOENT; X } X goto done; X } 038c4010726992e56c5332529b395a87 echo x - sssd/files/patch-src__providers__fail_over.c sed 's/^X//' >sssd/files/patch-src__providers__fail_over.c << '3c274bbbebadfa04de90a471a8215b26' X--- ./src/providers/fail_over.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/fail_over.c 2011-10-13 12:15:03.000000000 -0400 X@@ -1191,7 +1191,7 @@ X *******************************************************************/ X struct resolve_get_domain_state { X char *fqdn; X- char hostname[HOST_NAME_MAX]; X+ char hostname[_POSIX_HOST_NAME_MAX]; X }; X X static void resolve_get_domain_done(struct tevent_req *subreq); X@@ -1211,13 +1211,13 @@ X return NULL; X } X X- ret = gethostname(state->hostname, HOST_NAME_MAX); X+ ret = gethostname(state->hostname, _POSIX_HOST_NAME_MAX); X if (ret) { X ret = errno; X DEBUG(2, ("gethostname() failed: [%d]: %s\n",ret, strerror(ret))); X return NULL; X } X- state->hostname[HOST_NAME_MAX-1] = '\0'; X+ state->hostname[_POSIX_HOST_NAME_MAX-1] = '\0'; X DEBUG(7, ("Host name is: %s\n", state->hostname)); X X subreq = resolv_gethostbyname_send(state, ev, resolv, 3c274bbbebadfa04de90a471a8215b26 echo x - sssd/files/patch-src__providers__krb5__krb5_child.c sed 's/^X//' >sssd/files/patch-src__providers__krb5__krb5_child.c << '0a03d674e8a6cd1921179d2f9189ca25' X--- ./src/providers/krb5/krb5_child.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/providers/krb5/krb5_child.c 2011-10-13 12:15:03.000000000 -0400 X@@ -39,6 +39,15 @@ X X #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" X X+typedef struct _krb5_ticket_times { X+ krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime X+ in ticket? otherwise client can't get this */ X+ krb5_timestamp starttime; /* optional in ticket, if not present, X+ use authtime */ X+ krb5_timestamp endtime; X+ krb5_timestamp renew_till; X+} krb5_ticket_times; X+ X struct krb5_child_ctx { X /* opts taken from kinit */ X /* in seconds */ X@@ -100,10 +109,10 @@ X X static krb5_context krb5_error_ctx; X static const char *__krb5_error_msg; X-#define KRB5_DEBUG(level, krb5_error) do { \ X- __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ X+#define KRB5_DEBUG(level, krb5_error, ctx) do { \ X+ __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \ X DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ X- sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ X+ sss_krb5_free_error_message(ctx, __krb5_error_msg); \ X } while(0); X X static void sss_krb5_expire_callback_func(krb5_context context, void *data, X@@ -267,13 +276,13 @@ X X kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X goto done; X } X X kerr = krb5_cc_initialize(ctx, tmp_cc, princ); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X goto done; X } X if (fd != -1) { X@@ -284,7 +293,7 @@ X if (creds == NULL) { X kerr = create_empty_cred(ctx, princ, &l_cred); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X goto done; X } X } else { X@@ -293,13 +302,13 @@ X X kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X goto done; X } X X kerr = krb5_cc_close(ctx, tmp_cc); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X goto done; X } X tmp_cc = NULL; X@@ -420,7 +429,7 @@ X talloc_zfree(msg); X } X } else { X- krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); X+ krb5_msg = sss_krb5_get_error_message(kr->ctx, kerr); X if (krb5_msg == NULL) { X DEBUG(1, ("sss_krb5_get_error_message failed.\n")); X return NULL; X@@ -429,7 +438,7 @@ X ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO, X strlen(krb5_msg) + 1, X (const uint8_t *) krb5_msg); X- sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); X+ sss_krb5_free_error_message(kr->ctx, krb5_msg); X } X if (ret != EOK) { X DEBUG(1, ("pam_add_response failed.\n")); X@@ -527,7 +536,7 @@ X break; X } X X- kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); X+ kerr = krb5_kt_free_entry(kr->ctx, &entry); X if (kerr != 0) { X DEBUG(1, ("Failed to free keytab entry.\n")); X } X@@ -575,7 +584,7 @@ X if (krb5_kt_close(kr->ctx, keytab) != 0) { X DEBUG(1, ("krb5_kt_close failed")); X } X- if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { X+ if (krb5_kt_free_entry(kr->ctx, &entry) != 0) { X DEBUG(1, ("Failed to free keytab entry.\n")); X } X if (principal != NULL) { X@@ -605,13 +614,13 @@ X kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, X &options); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X return kerr; X } X X kerr = create_ccache_file(ctx, princ, ccname, &creds); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, ctx); X goto done; X } X kerr = 0; X@@ -633,21 +642,21 @@ X sss_krb5_expire_callback_func, X kr); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X DEBUG(1, ("Failed to set expire callback, continue without.\n")); X } X kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, X password, sss_krb5_prompter, kr, 0, X NULL, kr->options); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X return kerr; X } X X if (kr->validate) { X kerr = validate_tgt(kr); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X return kerr; X } X X@@ -668,7 +677,7 @@ X X kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto done; X } X X@@ -692,7 +701,7 @@ X krb5_error_code kerr = 0; X char *pass_str = NULL; X char *newpass_str = NULL; X- int pam_status = PAM_SYSTEM_ERR; X+ int pam_status = PAM_SERVICE_ERR; X int result_code = -1; X krb5_data result_code_string; X krb5_data result_string; X@@ -734,7 +743,7 @@ X changepw_princ, X kr->options); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X if (kerr == KRB5_KDC_UNREACH) { X pam_status = PAM_AUTHINFO_UNAVAIL; X } X@@ -773,7 +782,7 @@ X X if (kerr != 0 || result_code != 0) { X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X } else { X kerr = KRB5KRB_ERR_GENERIC; X } X@@ -825,7 +834,7 @@ X memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size); X X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X if (kerr == KRB5_KDC_UNREACH) { X pam_status = PAM_AUTHINFO_UNAVAIL; X } X@@ -846,7 +855,7 @@ X krb5_error_code kerr = 0; X char *pass_str = NULL; X char *changepw_princ = NULL; X- int pam_status = PAM_SYSTEM_ERR; X+ int pam_status = PAM_SERVICE_ERR; X X if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { X pam_status = PAM_CRED_INSUFFICIENT; X@@ -881,7 +890,7 @@ X kr->options, X NULL, NULL); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X DEBUG(1, ("Failed to unset expire callback, continue ...\n")); X } X kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, X@@ -899,7 +908,7 @@ X memset(kr->pd->authtok, 0, kr->pd->authtok_size); X X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X switch (kerr) { X case KRB5_KDC_UNREACH: X pam_status = PAM_AUTHINFO_UNAVAIL; X@@ -911,7 +920,7 @@ X pam_status = PAM_CRED_ERR; X break; X default: X- pam_status = PAM_SYSTEM_ERR; X+ pam_status = PAM_SERVICE_ERR; X } X } X X@@ -981,13 +990,13 @@ X X kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto done; X } X X kerr = krb5_get_renewed_creds(kr->ctx, kr->creds, kr->princ, ccache, NULL); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X if (kerr == KRB5_KDC_UNREACH) { X status = PAM_AUTHINFO_UNAVAIL; X } X@@ -997,7 +1006,7 @@ X if (kr->validate) { X kerr = validate_tgt(kr); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto done; X } X X@@ -1019,13 +1028,13 @@ X X kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto done; X } X X kerr = krb5_cc_store_cred(kr->ctx, ccache, kr->creds); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto done; X } X X@@ -1059,8 +1068,8 @@ X X ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL); X if (ret != 0) { X- KRB5_DEBUG(1, ret); X- pam_status = PAM_SYSTEM_ERR; X+ KRB5_DEBUG(1, ret, kr->ctx); X+ pam_status = PAM_SERVICE_ERR; X } X X ret = sendresponse(fd, ret, pam_status, kr); X@@ -1375,19 +1384,20 @@ X X kerr = krb5_init_context(&kr->ctx); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ /* FIXME: This sucks */ X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X X kerr = krb5_parse_name(kr->ctx, kr->upn, &kr->princ); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X X kerr = krb5_unparse_name(kr->ctx, kr->princ, &kr->name); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X X@@ -1400,18 +1410,18 @@ X X kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); X if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X X /* A prompter is used to catch messages about when a password will X * expired. The library shall not use the prompter to ask for a new password X * but shall return KRB5KDC_ERR_KEY_EXP. */ X- krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); X- if (kerr != 0) { X- KRB5_DEBUG(1, kerr); X- goto failed; X- } X+ // krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); X+ // if (kerr != 0) { X+ // KRB5_DEBUG(1, kerr, kr->ctx); X+ // goto failed; X+ // } X X lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); X if (lifetime_str == NULL) { X@@ -1422,7 +1432,7 @@ X if (kerr != 0) { X DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", X lifetime_str)); X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime); X@@ -1437,7 +1447,7 @@ X if (kerr != 0) { X DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", X lifetime_str)); X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime); X@@ -1486,7 +1496,7 @@ X kr, &kr->fast_ccname); X if (kerr != 0) { X DEBUG(1, ("check_fast_ccache failed.\n")); X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X X@@ -1496,7 +1506,7 @@ X if (kerr != 0) { X DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name " X "failed.\n")); X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X X@@ -1507,7 +1517,7 @@ X if (kerr != 0) { X DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags " X "failed.\n")); X- KRB5_DEBUG(1, kerr); X+ KRB5_DEBUG(1, kerr, kr->ctx); X goto failed; X } X } 0a03d674e8a6cd1921179d2f9189ca25 echo x - sssd/files/patch-src__util__util.c sed 's/^X//' >sssd/files/patch-src__util__util.c << 'b53cb9a74fb3e65d491ba02d3511338f' X--- ./src/util/util.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/util.c 2011-10-13 12:15:03.000000000 -0400 X@@ -18,6 +18,7 @@ X along with this program. If not, see <http://www.gnu.org/licenses/>. X */ X X+#include <sys/socket.h> X #include <ctype.h> X #include <netdb.h> X b53cb9a74fb3e65d491ba02d3511338f echo x - sssd/files/patch-Makefile.am sed 's/^X//' >sssd/files/patch-Makefile.am << 'c4c02364a361b808cc36b464e9b84b38' X--- ./Makefile.am.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./Makefile.am 2011-10-13 12:13:42.000000000 -0400 X@@ -33,7 +33,7 @@ X systemdunitdir = @systemdunitdir@ X logpath = @logpath@ X pubconfpath = @pubconfpath@ X-pkgconfigdir = $(libdir)/pkgconfig X+pkgconfigdir = $(prefix)/libdata/pkgconfig X X AM_CFLAGS = X if WANT_AUX_INFO X@@ -753,21 +753,22 @@ X X noinst_PROGRAMS = pam_test_client X pam_test_client_SOURCES = src/sss_client/pam_test_client.c X-pam_test_client_LDFLAGS = -lpam -lpam_misc X+pam_test_client_LDFLAGS = -lpam X X #################### X # Client Libraries # X #################### X X-nsslib_LTLIBRARIES = libnss_sss.la X-libnss_sss_la_SOURCES = \ X+nsslib_LTLIBRARIES = nss_sss.la X+nss_sss_la_SOURCES = \ X src/sss_client/common.c \ X+ src/sss_client/bsdnss.c \ X src/sss_client/nss_passwd.c \ X src/sss_client/nss_group.c \ X src/sss_client/nss_netgroup.c \ X src/sss_client/sss_cli.h \ X src/sss_client/nss_compat.h X-libnss_sss_la_LDFLAGS = \ X+nss_sss_la_LDFLAGS = \ X -module \ X -version-info 2:0:0 \ X -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports X@@ -780,6 +781,7 @@ X src/sss_client/sss_pam_macros.h X X pam_sss_la_LDFLAGS = \ X+ -lintl \ X -lpam \ X -module \ X -avoid-version \ X@@ -1122,10 +1124,10 @@ X mkdir -p $(DESTDIR)$(initdir) X endif X X-install-data-hook: X- rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ X- $(DESTDIR)/$(nsslibdir)/libnss_sss.so X- mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 X+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook: X+ rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \ X+ $(DESTDIR)/$(nsslibdir)/nss_sss.so X+ mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 X X uninstall-hook: X if [ -f $(abs_builddir)/src/config/.files ]; then \ c4c02364a361b808cc36b464e9b84b38 echo x - sssd/files/patch-src__sss_client__sss_nss.exports sed 's/^X//' >sssd/files/patch-src__sss_client__sss_nss.exports << '219bdc780448578905b15c7ee5b0548c' X--- ./src/sss_client/sss_nss.exports.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/sss_client/sss_nss.exports 2011-10-13 12:13:42.000000000 -0400 X@@ -3,6 +3,7 @@ X # public functions X global: X X+ nss_module_register; X _nss_sss_getpwnam_r; X _nss_sss_getpwuid_r; X _nss_sss_setpwent; X@@ -14,8 +15,25 @@ X _nss_sss_setgrent; X _nss_sss_getgrent_r; X _nss_sss_endgrent; X+ _nss_sss_getgroupmembership; X _nss_sss_initgroups_dyn; X X+ __nss_compat_getgrnam_r; X+ __nss_compat_getgrgid_r; X+ __nss_compat_getgrent_r; X+ __nss_compat_setgrent; X+ __nss_compat_endgrent; X+ X+ __nss_compat_getpwnam_r; X+ __nss_compat_getpwuid_r; X+ __nss_compat_getpwent_r; X+ __nss_compat_setpwent; X+ __nss_compat_endpwent; X+ X+ __nss_compat_gethostbyname; X+ __nss_compat_gethostbyname2; X+ __nss_compat_gethostbyaddr; X+ X #_nss_sss_getaliasbyname_r; X #_nss_sss_setaliasent; X #_nss_sss_getaliasent_r; 219bdc780448578905b15c7ee5b0548c echo x - sssd/files/patch-src__resolv__async_resolv.c sed 's/^X//' >sssd/files/patch-src__resolv__async_resolv.c << '771e49276b944e2b00696a91c5fb64af' X--- ./src/resolv/async_resolv.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/resolv/async_resolv.c 2011-10-13 12:15:03.000000000 -0400 X@@ -1073,7 +1073,6 @@ X hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ X X ret = getaddrinfo(name, NULL, &hints, &res); X- freeaddrinfo(res); X if (ret != 0) { X if (ret == -2) { X DEBUG(9, ("[%s] does not look like an IP address\n", name)); X@@ -1081,6 +1080,8 @@ X DEBUG(2, ("getaddrinfo failed [%d]: %s\n", X ret, gai_strerror(ret))); X } X+ } else { X+ freeaddrinfo(res); X } X X return ret == 0; 771e49276b944e2b00696a91c5fb64af echo x - sssd/files/patch-src__util__server.c sed 's/^X//' >sssd/files/patch-src__util__server.c << '08d9fcddaf8df4722efb89bb605dc5a2' X--- ./src/util/server.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/server.c 2011-10-13 12:15:03.000000000 -0400 X@@ -296,14 +296,15 @@ X BlockSignals(false, SIGTERM); X X CatchSignal(SIGHUP, sig_hup); X- X #ifndef HAVE_PRCTL X /* If prctl is not defined on the system, try to handle X * some common termination signals gracefully */ X- CatchSignal(SIGSEGV, sig_segv_abrt); X- CatchSignal(SIGABRT, sig_segv_abrt); X+ /* X+ CatchSignal(SIGSEGV, sig_segv_abrt); X+ CatchSignal(SIGABRT, sig_segv_abrt); X+ */ X #endif X- X+ X } X X /* 08d9fcddaf8df4722efb89bb605dc5a2 echo x - sssd/files/patch-src__sss_client__nss_group.c sed 's/^X//' >sssd/files/patch-src__sss_client__nss_group.c << '4cc88cf9957a2327c73bdf9fc1b1e16e' X--- ./src/sss_client/nss_group.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/sss_client/nss_group.c 2011-10-13 12:15:03.000000000 -0400 X@@ -248,6 +248,77 @@ X } X X X+#define MIN(a, b)((a) < (b) ? (a) : (b)) X+ X+gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) X+{ X+ int ret, dupc; X+ X+ for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { X+ if (groups[dupc] == gid) X+ return 1; X+ } X+ X+ ret = 1; X+ if (*grpcnt < maxgrp) X+ groups[*grpcnt] = gid; X+ else X+ ret = 0; X+ X+ (*grpcnt)++; X+ X+ return ret; X+} X+ X+enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, X+ int maxgrp, int *grpcnt) X+{ X+ struct sss_cli_req_data rd; X+ uint8_t *repbuf; X+ size_t replen; X+ enum nss_status nret; X+ uint32_t *rbuf; X+ uint32_t num_ret; X+ long int l, max_ret; X+ int errnop; X+ X+ rd.len = strlen(uname) +1; X+ rd.data = uname; X+ X+ sss_nss_lock(); X+ X+ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, X+ &repbuf, &replen, &errnop); X+ if (nret != NSS_STATUS_SUCCESS) { X+ goto out; X+ } X+ X+ /* no results if not found */ X+ num_ret = ((uint32_t *)repbuf)[0]; X+ if (num_ret == 0) { X+ free(repbuf); X+ nret = NSS_STATUS_NOTFOUND; X+ goto out; X+ } X+ max_ret = num_ret; X+ X+ gr_addgid(agroup, groups, maxgrp, grpcnt); X+ X+ rbuf = &((uint32_t *)repbuf)[2]; X+ for (l = 0; l < max_ret; l++) { X+ gr_addgid(rbuf[l], groups, maxgrp, grpcnt); X+ } X+ X+ free(repbuf); X+ nret = NSS_STATUS_SUCCESS; X+ X+out: X+ sss_nss_unlock(); X+ return nret; X+ X+ X+} X+ X enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, X char *buffer, size_t buflen, int *errnop) X { 4cc88cf9957a2327c73bdf9fc1b1e16e echo x - sssd/files/patch-src__util__find_uid.c sed 's/^X//' >sssd/files/patch-src__util__find_uid.c << 'b338fbd0e32583e63aa71c8abf1cb1d8' X--- ./src/util/find_uid.c.orig 2011-08-29 11:39:05.000000000 -0400 X+++ ./src/util/find_uid.c 2011-10-13 12:15:03.000000000 -0400 X@@ -67,7 +67,7 @@ X uint32_t num=0; X errno_t error; X X- ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); X+ ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid); X if (ret < 0) { X DEBUG(1, ("snprintf failed")); X return EINVAL; X@@ -204,7 +204,7 @@ X hash_key_t key; X hash_value_t value; X X- proc_dir = opendir("/proc"); X+ proc_dir = opendir("/compat/linux/proc"); X if (proc_dir == NULL) { X ret = errno; X DEBUG(1, ("Cannot open proc dir.\n")); X@@ -278,9 +278,8 @@ X X errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) X { X-#ifdef __linux__ X int ret; X- X+#if 1 X ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, X hash_talloc, hash_talloc_free, mem_ctx, X NULL, NULL); b338fbd0e32583e63aa71c8abf1cb1d8 echo x - sssd/Makefile sed 's/^X//' >sssd/Makefile << '49dcaf74f8115d631e634a948ce91f7a' X# New ports collection makefile for: sssd X# Date created: Sep 6 2011 X# Whom: Andrew Elble <aweits@rit.edu> X# X# $FreeBSD$ X# X XPORTNAME= sssd XDISTVERSION= 1.6.1 XCATEGORIES= net XMASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ X XMAINTAINER= aweits@rit.edu XCOMMENT= System Security Services Daemon X XLICENSE= GPLv3 X XLIB_DEPENDS= popt.0:${PORTSDIR}/devel/popt \ X talloc.2:${PORTSDIR}/devel/talloc \ X tevent.0:${PORTSDIR}/devel/tevent \ X xslt.2:${PORTSDIR}/textproc/libxslt \ X tdb.1:${PORTSDIR}/databases/tdb \ X ldb:${PORTSDIR}/databases/ldb \ X cares.2:${PORTSDIR}/dns/c-ares \ X dbus:${PORTSDIR}/devel/dbus \ X dhash.1:${PORTSDIR}/devel/ding-libs \ X pcre.0:${PORTSDIR}/devel/pcre \ X unistring.1:${PORTSDIR}/devel/libunistring \ X nss3.1:${PORTSDIR}/security/nss \ X sasl2.2:${PORTSDIR}/security/cyrus-sasl2 \ X xml2:${PORTSDIR}/textproc/libxml2 XBUILD_DEPENDS= xmlcatalog:${PORTSDIR}/textproc/libxml2 \ X docbook-xsl>=0:${PORTSDIR}/textproc/docbook-xsl XRUN_DEPENDS= xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr X XGNU_CONFIGURE= yes XCONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ X --with-ldb-lib-dir=${LOCALBASE}/lib/ldb \ X --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ X --with-libnl=no --with-init-dir=no \ X --docdir=${WRKDIR}/docs --with-pid-path=/var/run \ X --localstatedir=/var XCFLAGS+= -L${LOCALBASE}/lib -fstack-protector-all X#DEBUG_FLAGS= -g X XUSE_AUTOTOOLS= autoconf automake XUSE_LDCONFIG= yes XUSE_PYTHON= yes XUSE_OPENLDAP= yes XUSE_GMAKE= yes XUSE_GNOME= pkgconfig XUSE_GETTEXT= yes XUSE_ICONV= yes XUSE_PYTHON= yes X XUSE_RC_SUBR= ${PORTNAME} XMAN5= sssd-ipa.5 sssd-krb5.5 sssd-ldap.5 sssd-simple.5 \ X sssd.conf.5 XMAN8= pam_sss.8 sss_cache.8 sss_groupadd.8 sss_groupdel.8 \ X sss_groupmod.8 sss_groupshow.8 sss_obfuscate.8 \ X sss_useradd.8 sss_userdel.8 sss_usermod.8 sssd.8 \ X sssd_krb5_locator_plugin.8 X X.include <bsd.port.pre.mk> X X.if ${OSVERSION} < 800107 XIGNORE= is not supported prior to 8.0-RELEASE X.endif X Xpost-patch: X @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c X @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' ${WRKSRC}/src/util/util.h X @${REINPLACE_CMD} -e '/pam_misc/d' ${WRKSRC}/src/sss_client/pam_test_client.c X @${REINPLACE_CMD} -e '/ETIME/d' ${WRKSRC}/src/sss_client/common.c X @${REINPLACE_CMD} -e 's| -lpam_misc||g' ${WRKSRC}/Makefile.am ${WRKSRC}/Makefile.in X @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 X @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' ${WRKSRC}/src/sss_client/common.c X @${REINPLACE_CMD} -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' ${WRKSRC}/src/sss_client/common.c X @${REINPLACE_CMD} -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' ${WRKSRC}/src/sss_client/common.c X @${REINPLACE_CMD} -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' ${WRKSRC}/src/sss_client/common.c X @${REINPLACE_CMD} -e 's|security/pam_ext.h|security/pam_appl.h|g' ${WRKSRC}/src/sss_client/pam_sss.c X @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' ${WRKSRC}/src/sss_client/sss_pam_macros.h X @${REINPLACE_CMD} -e 's|#include <security/pam_modutil.h>||g' ${WRKSRC}/src/sss_client/pam_sss.c X @${REINPLACE_CMD} -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' ${WRKSRC}/src/sss_client/pam_sss.c X @${REINPLACE_CMD} -e 's|pam_vsyslog(pamh,|vsyslog(|g' ${WRKSRC}/src/sss_client/pam_sss.c X @${REINPLACE_CMD} -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' ${WRKSRC}/src/sss_client/pam_sss.c X @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' ${WRKSRC}/Makefile.in X @${REINPLACE_CMD} -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ X ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am X @${REINPLACE_CMD} -e 's|install-data-hook|notinstall-data-hook|g' ${WRKSRC}/Makefile.in \ X ${WRKSRC}/Makefile.am X @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' ${WRKSRC}/Makefile.in \ X ${WRKSRC}/Makefile.am X @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' ${WRKSRC}/src/man/*xml X @${REINPLACE_CMD} -e 's|/etc/openldap/|${PREFIX}/etc/openldap/|g' ${WRKSRC}/src/man/*xml X @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC} X @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c X Xpost-install: X ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd.conf ${ETCDIR}/sssd.conf.sample X (cd ${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1) X (cd ${PREFIX}/lib/security && ${LN} -s pam_sss.so pam_sss.so.5) X ${RM} -f ${PREFIX}/lib/ldb/memberof.la X X.include <bsd.port.post.mk> 49dcaf74f8115d631e634a948ce91f7a echo x - sssd/distinfo sed 's/^X//' >sssd/distinfo << '6a79c0728ff19b2bb09dca7f4e3583cf' XSHA256 (sssd-1.6.1.tar.gz) = ba30d8cf7eae1fd66053b4f11e8e5b98bc6db113cf6d2f33e429f2e21d90ade9 XSIZE (sssd-1.6.1.tar.gz) = 1406047 6a79c0728ff19b2bb09dca7f4e3583cf echo x - sssd/pkg-descr sed 's/^X//' >sssd/pkg-descr << 'c2a8f334338c4330dfb865c1ecd61d6d' XThis project provides a set of daemons to manage access to remote Xdirectories and authentication mechanisms, it provides an NSS and XPAM interface toward the system and a pluggable backend system to Xconnect to multiple different account sources. It is also the Xbasis to provide client auditing and policy services for projects Xlike FreeIPA. X XWWW: https://fedorahosted.org/sssd/ c2a8f334338c4330dfb865c1ecd61d6d echo x - sssd/pkg-plist sed 's/^X//' >sssd/pkg-plist << '2bed20777c6dcee8c04c2f036eddc08f' Xshare/locale/zh_TW/LC_MESSAGES/sssd.mo Xshare/locale/uk/LC_MESSAGES/sssd.mo Xshare/locale/sv/LC_MESSAGES/sssd.mo Xshare/locale/ru/LC_MESSAGES/sssd.mo Xshare/locale/pt/LC_MESSAGES/sssd.mo Xshare/locale/pl/LC_MESSAGES/sssd.mo Xshare/locale/nl/LC_MESSAGES/sssd.mo Xshare/locale/ja/LC_MESSAGES/sssd.mo Xshare/locale/it/LC_MESSAGES/sssd.mo Xshare/locale/id/LC_MESSAGES/sssd.mo Xshare/locale/fr/LC_MESSAGES/sssd.mo Xshare/locale/es/LC_MESSAGES/sssd.mo Xshare/locale/de/LC_MESSAGES/sssd.mo Xsbin/sssd Xsbin/sss_usermod Xsbin/sss_userdel Xsbin/sss_useradd Xsbin/sss_obfuscate Xsbin/sss_groupshow Xsbin/sss_groupmod Xsbin/sss_groupdel Xsbin/sss_groupadd Xsbin/sss_cache Xlibexec/sssd/sssd_pam Xlibexec/sssd/sssd_nss Xlibexec/sssd/sssd_be Xlibexec/sssd/proxy_child Xlibexec/sssd/ldap_child Xlibexec/sssd/krb5_child Xlibdata/pkgconfig/ipa_hbac.pc Xlib/sssd/libsss_simple.so Xlib/sssd/libsss_simple.la Xlib/sssd/libsss_proxy.so Xlib/sssd/libsss_proxy.la Xlib/sssd/libsss_ldap.so Xlib/sssd/libsss_ldap.la Xlib/sssd/libsss_krb5.so Xlib/sssd/libsss_krb5.la Xlib/sssd/libsss_ipa.so Xlib/sssd/libsss_ipa.la Xlib/security/pam_sss.so.5 Xlib/security/pam_sss.so Xlib/security/pam_sss.la Xlib/nss_sss.so.2 Xlib/nss_sss.so.1 Xlib/nss_sss.so Xlib/nss_sss.la Xlib/libipa_hbac.so.0 Xlib/libipa_hbac.so Xlib/libipa_hbac.la Xlib/ldb/memberof.so Xlib/%%PYTHON_VERSION%%/site-packages/sssd_upgrade_config.pyc Xlib/%%PYTHON_VERSION%%/site-packages/sssd_upgrade_config.py Xlib/%%PYTHON_VERSION%%/site-packages/pysss.so Xlib/%%PYTHON_VERSION%%/site-packages/pysss.la Xlib/%%PYTHON_VERSION%%/site-packages/pyhbac.so Xlib/%%PYTHON_VERSION%%/site-packages/pyhbac.la Xlib/%%PYTHON_VERSION%%/site-packages/ipachangeconf.pyc Xlib/%%PYTHON_VERSION%%/site-packages/ipachangeconf.py Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig.pyc Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig.py Xlib/%%PYTHON_VERSION%%/site-packages/SSSDConfig-1-py2.7.egg-info Xinclude/ipa_hbac.h Xetc/sssd/sssd.api.d/sssd-simple.conf Xetc/sssd/sssd.api.d/sssd-proxy.conf Xetc/sssd/sssd.api.d/sssd-local.conf Xetc/sssd/sssd.api.d/sssd-ldap.conf Xetc/sssd/sssd.api.d/sssd-krb5.conf Xetc/sssd/sssd.api.d/sssd-ipa.conf Xetc/sssd/sssd.api.conf Xetc/sssd/sssd.conf.sample X@dirrmtry lib/security X@dirrmtry lib/pkgconfig X@dirrmtry lib/ldb X@dirrmtry etc/sssd/sssd.api.d X@dirrmtry etc/sssd X@dirrm share/sssd/introspect X@dirrm share/sssd X@dirrm libexec/sssd X@dirrm lib/sssd X@unexec if cmp -s %D/etc/sssd/sssd.conf.sample %D/etc/sssd/sssd.conf; then rm -f %D/etc/sssd/sssd.conf; fi X@exec if [ ! -f %D/etc/sssd/sssd.conf ]; then cp -p %D/%F %B/sssd.conf; fi 2bed20777c6dcee8c04c2f036eddc08f echo x - sssd/pkg-message sed 's/^X//' >sssd/pkg-message << '5905bf108f9f20379c1da2383d81f45d' X================================================================================ XCopy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf Xand edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) X XAdd the following lines to /etc/rc.conf to enable `sssd': Xsssd_enable="YES" X Xand execute X X"service start sssd" X Xthe module is usable by PAM (man pam.conf): X Xlogin auth sufficient %%PREFIX%%/lib/security/pam_sss.so X Xas well as NSS (man nsswitch.conf): X Xgroup: sss files Xpasswd: sss files X X================================================================================ 5905bf108f9f20379c1da2383d81f45d exit >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201110131839.p9DId5Pw051946>