diff --git a/security/sssd/Makefile b/security/sssd/Makefile index 4ba425fb1bbf..ee98e270d779 100644 --- a/security/sssd/Makefile +++ b/security/sssd/Makefile @@ -1,117 +1,117 @@ PORTNAME= sssd PORTVERSION= 1.16.5 -PORTREVISION= 12 +PORTREVISION= 13 CATEGORIES= security MASTER_SITES= https://releases.pagure.org/SSSD/${PORTNAME}/ MAINTAINER= jhixson@FreeBSD.org COMMENT= System Security Services Daemon WWW= https://pagure.io/SSSD/sssd DEPRECATED= Not supported, please use deve/sssd2 EXPIRATION_DATE= 2024-12-31 LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING LIB_DEPENDS= libpopt.so:devel/popt \ libtalloc.so:devel/talloc \ libtevent.so:devel/tevent \ libtdb.so:databases/tdb \ libldb.so:databases/ldb22 \ libcares.so:dns/c-ares \ libdbus-1.so:devel/dbus \ libdhash.so:devel/ding-libs \ libpcre.so:devel/pcre \ libunistring.so:devel/libunistring \ libnss3.so:security/nss \ libsasl2.so:security/cyrus-sasl2 \ libinotify.so:devel/libinotify \ libplds4.so:devel/nspr BUILD_DEPENDS= xmlcatalog:textproc/libxml2 \ docbook-xsl>=1:textproc/docbook-xsl \ xsltproc:textproc/libxslt \ xmlcatmgr:textproc/xmlcatmgr \ krb5>=1.10:security/krb5 \ nsupdate:dns/bind-tools GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share CONFIGURE_ARGS= ac_cv_prog_PO4A=no \ --without-selinux --without-semanage \ --without-libnl --without-nfsv4-idmapd-plugin \ --without-autofs --without-secrets --without-kcm \ --without-python2-bindings --with-python-prefix=${PREFIX} \ --with-init-dir=no \ --disable-cifs-idmap-plugin \ --with-unicode-lib=libunistring \ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ --datadir=${DATADIR} --docdir=${DOCSDIR} --localstatedir=/var \ --with-db-path=/var/db/sss/db --with-mcache-path=/var/db/sss/mc \ --with-pubconf-path=/var/db/sss/pubconf \ --with-gpo-cache-path=/var/db/sss/gpo_cache \ --with-pid-path=/var/run --with-pipe-path=/var/run/sss/pipes \ --with-krb5-conf=/etc/krb5.conf \ --enable-pammoddir=${PREFIX}/lib \ --without-samba CFLAGS+= -fstack-protector-all PLIST_SUB= PYTHON_VER=${PYTHON_VER} #DEBUG_FLAGS= -g MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" SUB_FILES= pkg-message TEST_TARGET= check USES= autoreconf cpe gettext gmake iconv ldap libtool pathfix pkgconfig \ python shebangfix gssapi:mit USE_LDCONFIG= yes INSTALL_TARGET= install-strip CPE_VENDOR= fedoraproject BINARY_ALIAS= python3=python${PYTHON_VER} SHEBANG_FILES= src/tools/sss_obfuscate \ src/sbus/sbus_codegen USE_RC_SUBR= ${PORTNAME} PORTDATA= * OPTIONS_DEFINE= DOCS OPTIONS_SUB= yes post-patch: @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \ -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \ -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \ -e '/ETIME/d' \ -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \ ${WRKSRC}/src/sss_client/common.c @${REINPLACE_CMD} \ -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \ ${WRKSRC}/src/sss_client/pam_sss.c @${REINPLACE_CMD} \ -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ -e 's|install-data-hook|notinstall-data-hook|g' \ ${WRKSRC}/Makefile.am @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ ${WRKSRC}/src/man/*xml @${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \ -e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \ ${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \ ${WRKSRC}/src/man/*/sss_ssh_knownhostsproxy.1.xml \ ${WRKSRC}/src/man/po/*.po @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h post-install: ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \ ${STAGEDIR}${ETCDIR}/sssd.conf.sample ${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1 # clean unused man dirs .for i in es/man1 nl/man1 nl/man5 pt/man1 pt/man5 sv/man1 @${RMDIR} ${STAGEDIR}${PREFIX}/share/man/${i} .endfor .include diff --git a/security/sssd/files/bsdnss.c b/security/sssd/files/bsdnss.c index 6a1152100c67..21484bdca1f5 100644 --- a/security/sssd/files/bsdnss.c +++ b/security/sssd/files/bsdnss.c @@ -1,196 +1,215 @@ #include #include #include #include #include #include #include +NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); +NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); + +NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); + extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_setgrent(void); extern enum nss_status _nss_sss_endgrent(void); extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_setpwent(void); extern enum nss_status _nss_sss_endpwent(void); extern enum nss_status _nss_sss_gethostbyname_r(const char *name, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len, int type, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, int maxgrp, int *grpcnt); NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); static ns_mtab methods[] = { { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, -{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, { NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, { NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, -// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, -//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, -//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, +{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, +{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, +{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, { NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, { NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, { NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, { NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, +{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, + }; ns_mtab * nss_module_register(const char *source, unsigned int *mtabsize, nss_module_unregister_fn *unreg) { *mtabsize = sizeof(methods)/sizeof(methods[0]); *unreg = NULL; return (methods); } int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) { int (*fn)(const char *, gid_t, gid_t *, int, int *); const char *uname; gid_t agroup; gid_t *groups; int maxgrp; int *grpcnt; int errnop = 0; enum nss_status status; fn = mdata; uname = va_arg(ap, const char *); agroup = va_arg(ap, gid_t); groups = va_arg(ap, gid_t *); maxgrp = va_arg(ap, int); grpcnt = va_arg(ap, int *); status = fn(uname, agroup, groups, maxgrp, grpcnt); status = __nss_compat_result(status, errnop); return (status); } int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) { enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); const char *name; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; int af; enum nss_status status; fn = mdata; name = va_arg(ap, const char*); af = va_arg(ap,int); result = va_arg(ap,struct hostent *); status = fn(name, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) { enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); const char *name; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; int af; enum nss_status status; fn = mdata; name = va_arg(ap, const char*); af = va_arg(ap,int); result = va_arg(ap,struct hostent *); status = fn(name, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) { struct in_addr *addr; int len; int type; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); enum nss_status status; fn = mdata; addr = va_arg(ap, struct in_addr*); len = va_arg(ap,int); type = va_arg(ap,int); result = va_arg(ap, struct hostent*); status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } diff --git a/security/sssd/files/patch-Makefile.am b/security/sssd/files/patch-Makefile.am index 12e49bf033c6..facbd10dcd13 100644 --- a/security/sssd/files/patch-Makefile.am +++ b/security/sssd/files/patch-Makefile.am @@ -1,237 +1,237 @@ -diff --git Makefile.am Makefile.am -index be17d6a59..03386d1f8 100644 ---- Makefile.am +--- Makefile.am.orig 2024-07-05 11:41:32 UTC +++ Makefile.am -@@ -61,7 +61,7 @@ sssdapiplugindir = $(sssddatadir)/sssd.api.d +@@ -61,7 +61,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services sssdtapscriptdir = $(sssddatadir)/systemtap dbuspolicydir = $(sysconfdir)/dbus-1/system.d dbusservicedir = $(datadir)/dbus-1/system-services -sss_statedir = $(localstatedir)/lib/sss +sss_statedir = $(localstatedir)/db/sss runstatedir = @runstatedir@ localedir = @localedir@ nsslibdir = @nsslibdir@ -@@ -378,12 +378,6 @@ sssdlib_LTLIBRARIES += \ +@@ -382,12 +382,6 @@ endif libsss_ad.la endif -if HAVE_INOTIFY -sssdlib_LTLIBRARIES += \ - libsss_files.la \ - $(NULL) -endif # HAVE_INOTIFY - ldblib_LTLIBRARIES = \ memberof.la -@@ -610,6 +604,7 @@ SSSD_FAILOVER_OBJ = \ +@@ -623,6 +617,7 @@ SSSD_LIBS = \ SSSD_LIBS = \ $(TALLOC_LIBS) \ + $(LTLIBINTL) \ $(TEVENT_LIBS) \ $(POPT_LIBS) \ $(LDB_LIBS) \ -@@ -664,6 +659,7 @@ dist_noinst_HEADERS = \ +@@ -677,6 +672,7 @@ dist_noinst_HEADERS = \ src/util/sss_ssh.h \ src/util/sss_ini.h \ src/util/sss_format.h \ + src/util/sss_bsd_errno.h \ src/util/refcount.h \ src/util/find_uid.h \ src/util/user_info_msg.h \ -@@ -1358,6 +1354,7 @@ sssd_LDADD = \ +@@ -1372,6 +1368,7 @@ sssd_LDADD = \ $(SSSD_LIBS) \ $(INOTIFY_LIBS) \ $(LIBNL_LIBS) \ + $(LTLIBINTL) \ $(KEYUTILS_LIBS) \ $(SYSTEMD_DAEMON_LIBS) \ $(SSSD_INTERNAL_LTLIBS) -@@ -1381,6 +1378,7 @@ sssd_nss_SOURCES = \ - sssd_nss_LDADD = \ +@@ -1396,6 +1393,7 @@ sssd_nss_LDADD = \ + $(LIBADD_DL) \ $(TDB_LIBS) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ libsss_idmap.la \ libsss_cert.la \ $(SYSTEMD_DAEMON_LIBS) \ -@@ -1397,6 +1395,7 @@ sssd_pam_SOURCES = \ - sssd_pam_LDADD = \ +@@ -1418,6 +1416,7 @@ sssd_pam_LDADD = \ + $(LIBADD_DL) \ $(TDB_LIBS) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(SELINUX_LIBS) \ $(PAM_LIBS) \ $(SYSTEMD_DAEMON_LIBS) \ -@@ -1414,6 +1413,7 @@ sssd_sudo_SOURCES = \ - $(SSSD_RESPONDER_OBJ) +@@ -1436,6 +1435,8 @@ sssd_sudo_LDADD = \ sssd_sudo_LDADD = \ + $(LIBADD_DL) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) - endif -@@ -1426,6 +1426,7 @@ sssd_autofs_SOURCES = \ - $(SSSD_RESPONDER_OBJ) - sssd_autofs_LDADD = \ - $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(SYSTEMD_DAEMON_LIBS) \ $(SSSD_INTERNAL_LTLIBS) endif -@@ -1441,6 +1442,7 @@ sssd_ssh_SOURCES = \ - $(NULL) +@@ -1464,6 +1465,7 @@ sssd_ssh_LDADD = \ sssd_ssh_LDADD = \ + $(LIBADD_DL) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(SSSD_INTERNAL_LTLIBS) \ $(SYSTEMD_DAEMON_LIBS) \ libsss_cert.la \ -@@ -1481,6 +1483,7 @@ sssd_ifp_CFLAGS = \ - $(AM_CFLAGS) +@@ -1506,6 +1508,7 @@ sssd_ifp_LDADD = \ sssd_ifp_LDADD = \ + $(LIBADD_DL) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(SYSTEMD_DAEMON_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_cert.la \ -@@ -1604,6 +1607,7 @@ sssd_be_SOURCES = \ +@@ -1631,6 +1634,7 @@ sssd_be_LDADD = \ sssd_be_LDADD = \ $(LIBADD_DL) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(CARES_LIBS) \ $(PAM_LIBS) \ $(SSSD_INTERNAL_LTLIBS) -@@ -1726,6 +1730,7 @@ sss_signal_SOURCES = \ +@@ -1753,6 +1757,7 @@ sss_signal_LDADD = \ src/tools/common/sss_process.c $(NULL) sss_signal_LDADD = \ + $(LTLIBINTL) \ libsss_debug.la \ $(NULL) -@@ -2318,6 +2323,7 @@ test_ssh_client_CFLAGS = \ +@@ -2347,6 +2352,7 @@ test_ssh_client_LDADD = \ test_ssh_client_LDADD = \ $(SSSD_INTERNAL_LTLIBS) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(NULL) if BUILD_DBUS_TESTS -@@ -2602,6 +2608,7 @@ test_authtok_LDADD = \ +@@ -2657,6 +2663,7 @@ test_authtok_LDADD = \ $(CMOCKA_LIBS) \ $(DHASH_LIBS) \ $(POPT_LIBS) \ + $(LTLIBINTL) \ libsss_test_common.la \ libsss_debug.la \ $(NULL) -@@ -2622,6 +2629,7 @@ deskprofile_utils_tests_SOURCES = \ +@@ -2692,6 +2699,7 @@ deskprofile_utils_tests_LDADD = \ deskprofile_utils_tests_CFLAGS = \ $(AM_CFLAGS) deskprofile_utils_tests_LDADD = \ + $(LTLIBINTL) \ $(CMOCKA_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la -@@ -2654,6 +2662,7 @@ domain_resolution_order_tests_CFLAGS = \ +@@ -2724,6 +2732,7 @@ domain_resolution_order_tests_LDADD = \ $(AM_CFLAGS) domain_resolution_order_tests_LDADD = \ $(CMOCKA_LIBS) \ + $(LTLIBINTL) \ $(SSSD_INTERNAL_LTLIBS) \ libsss_test_common.la -@@ -2738,6 +2747,7 @@ test_search_bases_LDADD = \ +@@ -2809,6 +2818,7 @@ test_search_bases_LDADD = \ $(CMOCKA_LIBS) \ $(TALLOC_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ + $(LTLIBINTL) \ libsss_ldap_common.la \ libsss_test_common.la \ libdlopen_test_providers.la \ -@@ -3545,6 +3555,7 @@ test_inotify_LDADD = \ +@@ -3619,6 +3629,7 @@ test_inotify_LDADD = \ $(CMOCKA_LIBS) \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) \ + $(INOTIFY_LIBS) \ $(LIBADD_DL) \ libsss_test_common.la \ $(NULL) -@@ -3637,9 +3648,6 @@ endif +@@ -3711,9 +3722,6 @@ endif if BUILD_WITH_LIBCURL noinst_PROGRAMS += tcurl-test-tool endif -if BUILD_PAC_RESPONDER - noinst_PROGRAMS += sssd_pac_test_client -endif if BUILD_AUTOFS autofs_test_client_SOURCES = \ -@@ -3730,9 +3738,10 @@ intgcheck: +@@ -3806,9 +3814,10 @@ intgcheck: # Client Libraries # #################### -nsslib_LTLIBRARIES = libnss_sss.la -libnss_sss_la_SOURCES = \ +nsslib_LTLIBRARIES = nss_sss.la +nss_sss_la_SOURCES = \ src/sss_client/common.c \ + src/sss_client/bsdnss.c \ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ -@@ -3748,9 +3757,9 @@ libnss_sss_la_SOURCES = \ +@@ -3824,9 +3833,9 @@ libnss_sss_la_SOURCES = \ src/sss_client/nss_mc_group.c \ src/sss_client/nss_mc_initgr.c \ src/sss_client/nss_mc.h -libnss_sss_la_LIBADD = \ +nss_sss_la_LIBADD = \ $(CLIENT_LIBS) -libnss_sss_la_LDFLAGS = \ +nss_sss_la_LDFLAGS = \ -module \ -version-info 2:0:0 \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports -@@ -3908,6 +3917,7 @@ libsss_ldap_common_la_LIBADD = \ +@@ -3985,6 +3994,7 @@ libsss_ldap_common_la_LIBADD = \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ $(KRB5_LIBS) \ + $(LTLIBINTL) \ libsss_krb5_common.la \ libsss_idmap.la \ libsss_certmap.la \ -@@ -4271,6 +4281,7 @@ ldap_child_CFLAGS = \ +@@ -4353,6 +4363,7 @@ ldap_child_LDADD = \ $(KRB5_CFLAGS) ldap_child_LDADD = \ libsss_debug.la \ + $(LTLIBINTL) \ $(TALLOC_LIBS) \ $(POPT_LIBS) \ $(DHASH_LIBS) \ -@@ -4313,6 +4324,7 @@ gpo_child_CFLAGS = \ +@@ -4395,6 +4406,7 @@ gpo_child_LDADD = \ $(SMBCLIENT_CFLAGS) gpo_child_LDADD = \ libsss_debug.la \ + $(LTLIBINTL) \ $(TALLOC_LIBS) \ $(POPT_LIBS) \ $(DHASH_LIBS) \ -@@ -4329,6 +4341,7 @@ proxy_child_CFLAGS = \ +@@ -4411,6 +4423,7 @@ proxy_child_LDADD = \ proxy_child_LDADD = \ $(PAM_LIBS) \ $(SSSD_LIBS) \ + $(LTLIBINTL) \ $(SSSD_INTERNAL_LTLIBS) p11_child_SOURCES = \ -@@ -4361,6 +4374,7 @@ endif +@@ -4443,6 +4456,7 @@ p11_child_LDADD = \ p11_child_LDADD = \ libsss_debug.la \ + $(LTLIBINTL) \ $(TALLOC_LIBS) \ $(DHASH_LIBS) \ $(POPT_LIBS) \ +@@ -5094,7 +5108,7 @@ endif + endif + endif + +-install-data-hook: ++notnotinstall-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 diff --git a/security/sssd/files/patch-configure.ac b/security/sssd/files/patch-configure.ac index b62547432984..4dc61dafc774 100644 --- a/security/sssd/files/patch-configure.ac +++ b/security/sssd/files/patch-configure.ac @@ -1,41 +1,43 @@ ---- configure.ac 2020-03-17 13:31:28 UTC +--- configure.ac.orig 2020-03-17 13:31:28 UTC +++ configure.ac -@@ -44,8 +44,6 @@ AM_CONDITIONAL([HAVE_GCC], [test "$ac_cv_prog_gcc" = y +@@ -44,8 +44,6 @@ AC_CONFIG_HEADER(config.h) AC_CHECK_HEADERS(stdint.h dlfcn.h) AC_CONFIG_HEADER(config.h) -AC_CHECK_TYPES([errno_t], [], [], [[#include ]]) - m4_include([src/build_macros.m4]) BUILD_WITH_SHARED_BUILD_DIR -@@ -62,4 +60,18 @@ - +@@ -62,6 +60,20 @@ AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" + AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"]) -+ + +saved_CFLAGS="$CFLAGS" +CFLAGS="-Werror" +AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([[#include ]], + [[(void)mempcpy(NULL, NULL, 0);]])], + [AC_DEFINE([HAVE_MEMPCPY], [1], [mempcpy() available]) + HAVE_MEMPCPY=1 + ], + [AC_MSG_WARN([mempcpy() not found, will use private implementation])]) + +CFLAGS="$saved_CFLAGS" + +AM_CONDITIONAL([HAVE_MEMPCPY], [test x"$HAVE_MEMPCPY" != "x"]) - ++ # Check library for the timer_create function -@@ -356,8 +358,8 @@ them please use argument --without-python3-bindings wh + SAVE_LIBS=$LIBS + LIBS= +@@ -356,8 +368,8 @@ them please use argument --without-python3-bindings wh AM_CHECK_PYTHON_HEADERS([], AC_MSG_ERROR([Could not find python3 headers])) - + - AC_SUBST([py3execdir], [$pyexecdir]) - AC_SUBST([python3dir], [$pythondir]) + AC_SUBST([py3execdir], [$(eval echo $pyexecdir)]) + AC_SUBST([python3dir], [$(eval echo $pythondir)]) AC_SUBST([PYTHON3_CFLAGS], [$PYTHON_CFLAGS]) AC_SUBST([PYTHON3_LIBS], [$PYTHON_LIBS]) AC_SUBST([PYTHON3_INCLUDES], [$PYTHON_INCLUDES]) diff --git a/security/sssd/files/patch-src__confdb__confdb.c b/security/sssd/files/patch-src__confdb__confdb.c index 006f9810a3be..0db5562a301f 100644 --- a/security/sssd/files/patch-src__confdb__confdb.c +++ b/security/sssd/files/patch-src__confdb__confdb.c @@ -1,16 +1,14 @@ -diff --git src/confdb/confdb.c src/confdb/confdb.c -index e55f88e4e..81fd3417a 100644 ---- src/confdb/confdb.c +--- src/confdb/confdb.c.orig 2020-03-17 13:31:28 UTC +++ src/confdb/confdb.c @@ -28,6 +28,11 @@ #include "util/strtonum.h" #include "db/sysdb.h" +char *strchrnul(const char *s, int ch) { + char *ret = strchr(s, ch); + return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret; +} + #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ diff --git a/security/sssd/files/patch-src__external__inotify.m4 b/security/sssd/files/patch-src__external__inotify.m4 index 9acf30c5d281..7b99442f016d 100644 --- a/security/sssd/files/patch-src__external__inotify.m4 +++ b/security/sssd/files/patch-src__external__inotify.m4 @@ -1,17 +1,15 @@ -diff --git src/external/inotify.m4 src/external/inotify.m4 -index 3ae5ae314..e88bd3ffc 100644 ---- src/external/inotify.m4 +--- src/external/inotify.m4.orig 2020-03-17 13:31:28 UTC +++ src/external/inotify.m4 @@ -20,10 +20,10 @@ int main () { AS_IF([test x"$inotify_works" != xyes], [AC_CHECK_LIB([inotify], [inotify_init], - [INOTIFY_LIBS="$sss_extra_libdir -linotify" + [INOTIFY_LIBS="-L$sss_extra_libdir -linotify" inotify_works=yes], [inotify_works=no], - [$sss_extra_libdir])] + [-L$sss_extra_libdir])] ) AS_IF([test x"$inotify_works" = xyes], diff --git a/security/sssd/files/patch-src__external__krb5.m4 b/security/sssd/files/patch-src__external__krb5.m4 index fd36f02e61ee..a7d0d6c58b3b 100644 --- a/security/sssd/files/patch-src__external__krb5.m4 +++ b/security/sssd/files/patch-src__external__krb5.m4 @@ -1,13 +1,11 @@ -diff --git src/external/krb5.m4 src/external/krb5.m4 -index b844c2fbe..856ef56fe 100644 ---- src/external/krb5.m4 +--- src/external/krb5.m4.orig 2020-03-17 13:31:28 UTC +++ src/external/krb5.m4 -@@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then +@@ -9,7 +9,7 @@ fi KRB5_PASSED_CFLAGS=$KRB5_CFLAGS fi -AC_PATH_TOOL(KRB5_CONFIG, krb5-config) +AC_PATH_TOOL(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH]) AC_MSG_CHECKING(for working krb5-config) if test -x "$KRB5_CONFIG"; then KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" diff --git a/security/sssd/files/patch-src__external__ldap.m4 b/security/sssd/files/patch-src__external__ldap.m4 index 682de45f5f0d..8939c02bdeeb 100644 --- a/security/sssd/files/patch-src__external__ldap.m4 +++ b/security/sssd/files/patch-src__external__ldap.m4 @@ -1,24 +1,22 @@ -diff --git src/external/ldap.m4 src/external/ldap.m4 -index cd13fde62..73ca93674 100644 ---- src/external/ldap.m4 +--- src/external/ldap.m4.orig 2020-03-17 13:31:28 UTC +++ src/external/ldap.m4 -@@ -32,8 +32,7 @@ dnl Check for other libraries we need to link with to get the main routines. +@@ -32,8 +32,7 @@ test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, lda test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes], , -llber) } test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes], , -llber -lkrb) } test "$with_ldap" != "yes" && { AC_CHECK_LIB(ldap, ldap_open, [with_ldap=yes with_ldap_lber=yes with_ldap_krb=yes with_ldap_des=yes], , -llber -lkrb -ldes) } -CFLAGS=$SAVE_CFLAGS -LIBS=$SAVE_LIBS + dnl Recently, we need -lber even though the main routines are elsewhere, dnl because otherwise we get link errors w.r.t. ber_pvt_opt_on. So just dnl check for that (it's a variable not a fun but that doesn't seem to -@@ -42,6 +41,9 @@ dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who +@@ -41,6 +40,9 @@ test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber + dnl stick it in always shouldn't hurt, I don't think) ... #### Someone who dnl #### understands LDAP needs to fix this properly. test "$with_ldap_lber" != "yes" && { AC_CHECK_LIB(lber, ber_pvt_opt_on, with_ldap_lber=yes) } - ++ +CFLAGS=$SAVE_CFLAGS +LIBS=$SAVE_LIBS -+ + if test "$with_ldap" = "yes"; then if test "$with_ldap_des" = "yes" ; then - OPENLDAP_LIBS="${OPENLDAP_LIBS} -ldes" diff --git a/security/sssd/files/patch-src__external__python.m4 b/security/sssd/files/patch-src__external__python.m4 index 8453814e053c..12987976c2fb 100644 --- a/security/sssd/files/patch-src__external__python.m4 +++ b/security/sssd/files/patch-src__external__python.m4 @@ -1,9 +1,11 @@ ---- src/external/python.m4 2020-03-17 09:31:28.000000000 -0400 -+++ src/external/python.m4 2022-02-22 22:55:04.425467000 -0500 -@@ -37,5 +37,5 @@ +--- src/external/python.m4.orig 2020-03-17 13:31:28 UTC ++++ src/external/python.m4 +@@ -36,7 +36,7 @@ --without-$1-bindings when running configure.])) + if test $? -eq 0; then PYTHON_DLOPEN_LIB="` $PYTHON_CONFIG --libs --embed | grep -o -- '-lpython@<:@^ @:>@*' |sed -e 's/^-l/lib/'`" if test x"$PYTHON_DLOPEN_LIB" != x; then - python_lib_path="` $PYTHON_CONFIG --ldflags | grep -o -- '-L/@<:@^ @:>@*' | sed -e 's/^-L//'`" + python_lib_path="` $PYTHON_CONFIG --ldflags | sed -n 's/.*-L\(@<:@^ @:>@*\).*/\1/p'`" if test x"$python_lib_path" != x; then PYTHON_DLOPEN_LIB=$python_lib_path"/"$PYTHON_DLOPEN_LIB + fi diff --git a/security/sssd/files/patch-src__lib__certmap__sss_certmap.exports b/security/sssd/files/patch-src__lib__certmap__sss_certmap.exports new file mode 100644 index 000000000000..df8fac78ac91 --- /dev/null +++ b/security/sssd/files/patch-src__lib__certmap__sss_certmap.exports @@ -0,0 +1,10 @@ +--- src/lib/certmap/sss_certmap.exports.orig 2024-01-12 12:05:40 UTC ++++ src/lib/certmap/sss_certmap.exports +@@ -2,7 +2,6 @@ SSS_CERTMAP_0.0 { + global: + sss_certmap_init; + sss_certmap_free_ctx; +- sss_certmap_err_msg; + sss_certmap_add_rule; + sss_certmap_match_cert; + sss_certmap_get_search_filter; diff --git a/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h b/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h index 28013210fe9c..272d51672ba8 100644 --- a/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h +++ b/security/sssd/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h @@ -1,13 +1,11 @@ -diff --git src/lib/winbind_idmap_sss/winbind_idmap_sss.h src/lib/winbind_idmap_sss/winbind_idmap_sss.h -index 868049fff..cb1604ef1 100644 ---- src/lib/winbind_idmap_sss/winbind_idmap_sss.h +--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h.orig 2020-03-17 13:31:28 UTC +++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h @@ -29,6 +29,8 @@ #include #include +#include +#include #include #include diff --git a/security/sssd/files/patch-src__providers__ad__ad_common.c b/security/sssd/files/patch-src__providers__ad__ad_common.c index 178dfb870821..abf17a992994 100644 --- a/security/sssd/files/patch-src__providers__ad__ad_common.c +++ b/security/sssd/files/patch-src__providers__ad__ad_common.c @@ -1,31 +1,29 @@ -diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c -index 0d154ca57..407d37a37 100644 ---- src/providers/ad/ad_common.c +--- src/providers/ad/ad_common.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ad/ad_common.c -@@ -419,7 +419,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, +@@ -420,7 +420,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, char *server; char *realm; char *ad_hostname; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; char *case_sensitive_opt; const char *opt_override; -@@ -458,7 +458,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, +@@ -459,7 +459,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, */ ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME); if (ad_hostname == NULL) { - gret = gethostname(hostname, sizeof(hostname)); + gret = gethostname(hostname, _POSIX_HOST_NAME_MAX); if (gret != 0) { ret = errno; DEBUG(SSSDBG_FATAL_FAILURE, -@@ -466,7 +466,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, +@@ -467,7 +467,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, strerror(ret)); goto done; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; DEBUG(SSSDBG_CONF_SETTINGS, "Setting ad_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); diff --git a/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c b/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c index 7bb5a0c1f476..33f2aaafc884 100644 --- a/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c +++ b/security/sssd/files/patch-src__providers__ad__ad_gpo_ndr.c @@ -1,29 +1,29 @@ ---- src/providers/ad/ad_gpo_ndr.c-orig 2020-11-28 22:21:39.860006000 +0000 -+++ src/providers/ad/ad_gpo_ndr.c 2020-11-28 22:23:15.849602000 +0000 -@@ -105,7 +105,7 @@ +--- src/providers/ad/ad_gpo_ndr.c.orig 2020-03-17 13:31:28 UTC ++++ src/providers/ad/ad_gpo_ndr.c +@@ -105,7 +105,7 @@ ndr_pull_security_ace_object_type(struct ndr_pull *ndr union security_ace_object_type *r) { uint32_t level; - level = ndr_pull_get_switch_value(ndr, r); + level = ndr_token_peek(&ndr->switch_list, r); NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_union_align(ndr, 4)); -@@ -135,7 +135,7 @@ +@@ -135,7 +135,7 @@ ndr_pull_security_ace_object_inherited_type(struct ndr union security_ace_object_inherited_type *r) { uint32_t level; - level = ndr_pull_get_switch_value(ndr, r); + level = ndr_token_peek(&ndr->switch_list, r); NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_union_align(ndr, 4)); -@@ -198,7 +198,7 @@ +@@ -198,7 +198,7 @@ ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, union security_ace_object_ctr *r) { uint32_t level; - level = ndr_pull_get_switch_value(ndr, r); + level = ndr_token_peek(&ndr->switch_list, r); NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_union_align(ndr, 4)); diff --git a/security/sssd/files/patch-src__providers__ad__ad_pac.h b/security/sssd/files/patch-src__providers__ad__ad_pac.h index eb495780b53d..038a52963d46 100644 --- a/security/sssd/files/patch-src__providers__ad__ad_pac.h +++ b/security/sssd/files/patch-src__providers__ad__ad_pac.h @@ -1,13 +1,11 @@ -diff --git src/providers/ad/ad_pac.h src/providers/ad/ad_pac.h -index 34f1e92c7..00a53cccd 100644 ---- src/providers/ad/ad_pac.h +--- src/providers/ad/ad_pac.h.orig 2020-03-17 13:31:28 UTC +++ src/providers/ad/ad_pac.h @@ -32,6 +32,8 @@ #ifdef ldb_val #error Please make sure to include ad_pac.h before ldb.h #endif +#include +#include #include #include #include diff --git a/security/sssd/files/patch-src__providers__data_provider_fo.c b/security/sssd/files/patch-src__providers__data_provider_fo.c index 4be41ef91a87..0b1b5ba212b7 100644 --- a/security/sssd/files/patch-src__providers__data_provider_fo.c +++ b/security/sssd/files/patch-src__providers__data_provider_fo.c @@ -1,26 +1,24 @@ -diff --git src/providers/data_provider_fo.c src/providers/data_provider_fo.c -index 473b667e5..63f2dd131 100644 ---- src/providers/data_provider_fo.c +--- src/providers/data_provider_fo.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/data_provider_fo.c -@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx *be_ctx, +@@ -235,18 +235,18 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx const char *hostname) { struct fo_resolve_srv_dns_ctx *srv_ctx = NULL; - char resolved_hostname[HOST_NAME_MAX + 1]; + char resolved_hostname[_POSIX_HOST_NAME_MAX + 1]; errno_t ret; if (hostname == NULL) { - ret = gethostname(resolved_hostname, sizeof(resolved_hostname)); + ret = gethostname(resolved_hostname, _POSIX_HOST_NAME_MAX); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n", ret, strerror(ret)); return ret; } - resolved_hostname[HOST_NAME_MAX] = '\0'; + resolved_hostname[_POSIX_HOST_NAME_MAX] = '\0'; hostname = resolved_hostname; } diff --git a/security/sssd/files/patch-src__providers__ipa__ipa_common.c b/security/sssd/files/patch-src__providers__ipa__ipa_common.c index 14c01fff88c9..cf16a396cf09 100644 --- a/security/sssd/files/patch-src__providers__ipa__ipa_common.c +++ b/security/sssd/files/patch-src__providers__ipa__ipa_common.c @@ -1,30 +1,28 @@ -diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c -index 17d14e6b0..681ac8615 100644 ---- src/providers/ipa/ipa_common.c +--- src/providers/ipa/ipa_common.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ipa/ipa_common.c @@ -49,7 +49,7 @@ int ipa_get_options(TALLOC_CTX *memctx, char *realm; char *ipa_hostname; int ret; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; opts = talloc_zero(memctx, struct ipa_options); if (!opts) return ENOMEM; @@ -79,14 +79,14 @@ int ipa_get_options(TALLOC_CTX *memctx, ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { - ret = gethostname(hostname, sizeof(hostname)); + ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno, strerror(errno)); ret = errno; goto done; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { diff --git a/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c b/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c index 91fe3ac37b8b..ba7a847dc4fc 100644 --- a/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c +++ b/security/sssd/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c @@ -1,13 +1,11 @@ -diff --git src/providers/ipa/ipa_deskprofile_rules_util.c src/providers/ipa/ipa_deskprofile_rules_util.c -index 991c6053d..59483b452 100644 ---- src/providers/ipa/ipa_deskprofile_rules_util.c +--- src/providers/ipa/ipa_deskprofile_rules_util.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ipa/ipa_deskprofile_rules_util.c @@ -25,6 +25,8 @@ #include "providers/ipa/ipa_rules_common.h" #include #include +#include +#include #define DESKPROFILE_GLOBAL_POLICY_MIN_VALUE 1 #define DESKPROFILE_GLOBAL_POLICY_MAX_VALUE 24 diff --git a/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c b/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c index 84fcfcd99001..3de6e4d92293 100644 --- a/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c +++ b/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c @@ -1,20 +1,18 @@ -diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c -index 1cb7eade0..4aaeb84b2 100644 ---- src/providers/krb5/krb5_delayed_online_authentication.c +--- src/providers/krb5/krb5_delayed_online_authentication.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/krb5/krb5_delayed_online_authentication.c -@@ -328,6 +328,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, +@@ -328,6 +328,7 @@ errno_t init_delayed_online_authentication(struct krb5 struct tevent_context *ev) { int ret; +#ifdef __linux__ hash_table_t *tmp_table; ret = get_uid_table(krb5_ctx, &tmp_table); -@@ -347,6 +348,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, +@@ -347,6 +348,7 @@ errno_t init_delayed_online_authentication(struct krb5 "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } +#endif /* __linux__ */ krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c index ae1bfc922d00..10fc2479bf3a 100644 --- a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c +++ b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c @@ -1,181 +1,179 @@ -diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c -index de22689ae..fdfd67cf4 100644 ---- src/providers/ldap/ldap_auth.c +--- src/providers/ldap/ldap_auth.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/ldap_auth.c @@ -37,7 +37,6 @@ #include #include -#include #include #include "util/util.h" @@ -52,6 +51,22 @@ #define LDAP_PWEXPIRE_WARNING_TIME 0 +struct spwd +{ + char *sp_namp; /* Login name. */ + char *sp_pwdp; /* Encrypted password. */ + long int sp_lstchg; /* Date of last change. */ + long int sp_min; /* Minimum number of days between changes. */ + long int sp_max; /* Maximum number of days between changes. */ + long int sp_warn; /* Number of days to warn user to change + the password. */ + long int sp_inact; /* Number of days the account may be + inactive. */ + long int sp_expire; /* Number of days since 1970-01-01 until + account expires. */ + unsigned long int sp_flag; /* Reserved. */ +}; + static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, +@@ -97,9 +112,9 @@ static errno_t check_pwexpire_kerberos(const char *exp } DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], - tzname[1], timezone, daylight, now, expire_time); + "Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%ld] expire_time [%ld].\n", tzname[0], + tzname[1], now, expire_time); if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); @@ -946,14 +961,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx, state->pd = pd; state->be_ctx = params->be_ctx; - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: subreq = auth_send(state, params->ev, auth_ctx, pd->user, pd->authtok, false); if (subreq == NULL) { - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; goto immediately; } @@ -963,14 +978,14 @@ sdap_pam_auth_handler_send(TALLOC_CTX *mem_ctx, subreq = auth_send(state, params->ev, auth_ctx, pd->user, pd->authtok, true); if (subreq == NULL) { - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; goto immediately; } tevent_req_set_callback(subreq, sdap_pam_auth_handler_done, req); break; case SSS_PAM_CHAUTHTOK: - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; goto immediately; case SSS_PAM_ACCT_MGMT: -@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq) +@@ -1015,7 +1030,7 @@ static void sdap_pam_auth_handler_done(struct tevent_r state->be_ctx->domain->pwd_expiration_warning); if (ret == EINVAL) { /* Unknown password expiration type. */ - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } } -@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_req *subreq) +@@ -1049,7 +1064,7 @@ static void sdap_pam_auth_handler_done(struct tevent_r state->pd->pam_status = PAM_BAD_ITEM; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; break; } -@@ -1271,7 +1286,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx, +@@ -1273,7 +1288,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_OP_FAILURE, "starting password change request for user [%s].\n", pd->user); - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(SSSDBG_OP_FAILURE, -@@ -1282,7 +1297,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx, +@@ -1284,7 +1299,7 @@ sdap_pam_chpass_handler_send(TALLOC_CTX *mem_ctx, subreq = auth_send(state, params->ev, auth_ctx, pd->user, pd->authtok, true); if (subreq == NULL) { - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; goto immediately; } -@@ -1335,7 +1350,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) +@@ -1337,7 +1352,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t if (ret == ERR_PASSWORD_EXPIRED) { DEBUG(SSSDBG_CRIT_FAILURE, "LDAP provider cannot change " "kerberos passwords.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } break; -@@ -1344,7 +1359,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) +@@ -1346,7 +1361,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t break; default: DEBUG(SSSDBG_CRIT_FAILURE, "Unknown password expiration type.\n"); - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } } -@@ -1369,7 +1384,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) +@@ -1371,7 +1386,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t if (subreq == NULL) { DEBUG(SSSDBG_OP_FAILURE, "Failed to change password for " "%s\n", state->pd->user); - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -1401,7 +1416,7 @@ static void sdap_pam_chpass_handler_auth_done(struct tevent_req *subreq) +@@ -1403,7 +1418,7 @@ static void sdap_pam_chpass_handler_auth_done(struct t be_mark_offline(state->be_ctx); break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; break; } -@@ -1437,7 +1452,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq) +@@ -1439,7 +1454,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct state->pd->pam_status = PAM_AUTHTOK_ERR; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; break; } -@@ -1463,7 +1478,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct tevent_req *subreq) +@@ -1465,7 +1480,7 @@ static void sdap_pam_chpass_handler_chpass_done(struct state->sh, state->dn, lastchanged_name); if (subreq == NULL) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -1489,7 +1504,7 @@ static void sdap_pam_chpass_handler_last_done(struct tevent_req *subreq) +@@ -1491,7 +1506,7 @@ static void sdap_pam_chpass_handler_last_done(struct t talloc_free(subreq); if (ret != EOK) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_child.c b/security/sssd/files/patch-src__providers__ldap__ldap_child.c index 745687d00267..11dd67f0e0e9 100644 --- a/security/sssd/files/patch-src__providers__ldap__ldap_child.c +++ b/security/sssd/files/patch-src__providers__ldap__ldap_child.c @@ -1,22 +1,20 @@ -diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c -index 368bb91e1..1bc86ecb5 100644 ---- src/providers/ldap/ldap_child.c +--- src/providers/ldap/ldap_child.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/ldap_child.c -@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, +@@ -324,14 +324,14 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_ full_princ = talloc_strdup(tmp_ctx, princ_str); } } else { - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; - ret = gethostname(hostname, sizeof(hostname)); + ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); if (ret == -1) { krberr = KRB5KRB_ERR_GENERIC; goto done; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname); diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_access.c b/security/sssd/files/patch-src__providers__ldap__sdap_access.c index 5b9e5efc1e1e..4ad743cec9eb 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_access.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_access.c @@ -1,41 +1,39 @@ -diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c -index dd04ec512..58a3766fc 100644 ---- src/providers/ldap/sdap_access.c +--- src/providers/ldap/sdap_access.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/sdap_access.c @@ -562,9 +562,9 @@ bool nds_check_expired(const char *exp_time_str) now = time(NULL); DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], - tzname[1], timezone, daylight, now, expire_time); + "Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%ld] expire_time [%ld].\n", tzname[0], + tzname[1], now, expire_time); if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); -@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) +@@ -1247,7 +1247,7 @@ static errno_t sdap_access_host(struct ldb_message *us struct ldb_message_element *el; unsigned int i; char *host; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; el = ldb_msg_find_element(user_entry, SYSDB_AUTHORIZED_HOST); if (!el || el->num_values == 0) { -@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *user_entry) +@@ -1255,12 +1255,12 @@ static errno_t sdap_access_host(struct ldb_message *us return ERR_ACCESS_DENIED; } - if (gethostname(hostname, sizeof(hostname)) == -1) { + if (gethostname(hostname, _POSIX_HOST_NAME_MAX) == -1) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get system hostname. Access denied\n"); return ERR_ACCESS_DENIED; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; /* FIXME: PADL's pam_ldap also calls gethostbyname() on the hostname * in some attempt to get aliases and/or FQDN for the machine. diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c index 4cebe5fbd6c4..998f97ce4599 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_groups.c @@ -1,22 +1,20 @@ -diff --git src/providers/ldap/sdap_async_groups.c src/providers/ldap/sdap_async_groups.c -index 09e15bc3d..c74e4c3ea 100644 ---- src/providers/ldap/sdap_async_groups.c +--- src/providers/ldap/sdap_async_groups.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/sdap_async_groups.c @@ -505,6 +505,7 @@ static int sdap_save_group(TALLOC_CTX *memctx, struct sysdb_attrs *group_attrs; const char *group_name = NULL; gid_t gid; + id_t temp_id; errno_t ret; char *usn_value = NULL; TALLOC_CTX *tmpctx = NULL; @@ -615,7 +616,8 @@ static int sdap_save_group(TALLOC_CTX *memctx, group_name, sid_str); /* Convert the SID into a UNIX group ID */ - ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &gid); + ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id); + gid = (gid_t) temp_id; if (ret == ENOTSUP) { /* ENOTSUP is returned if built-in SID was provided * => do not store the group, but return EOK */ diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c index 2803124e583b..78b4f54bbbc8 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups.c @@ -1,41 +1,39 @@ -diff --git src/providers/ldap/sdap_async_initgroups.c src/providers/ldap/sdap_async_initgroups.c -index 620782b6f..9831ac1d6 100644 ---- src/providers/ldap/sdap_async_initgroups.c +--- src/providers/ldap/sdap_async_initgroups.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/sdap_async_initgroups.c -@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, +@@ -45,6 +45,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *s const char *uuid = NULL; char **missing; gid_t gid; + id_t temp_id; int ret; errno_t sret; bool in_transaction = false; -@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, +@@ -146,7 +147,8 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *s /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, - &gid); + &temp_id); + gid = (gid_t) temp_id; if (ret == EOK) { DEBUG(SSSDBG_TRACE_INTERNAL, "Group [%s] has mapped gid [%lu]\n", -@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) +@@ -3305,6 +3307,7 @@ static void sdap_get_initgr_done(struct tevent_req *su int ret; TALLOC_CTX *tmp_ctx; gid_t primary_gid; + id_t temp_id; char *gid; char *sid_str; char *dom_sid_str; -@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *subreq) +@@ -3411,8 +3414,9 @@ static void sdap_get_initgr_done(struct tevent_req *su /* Convert the SID into a UNIX group ID */ ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, - &primary_gid); + &temp_id); if (ret != EOK) goto done; + primary_gid = (gid_t) temp_id; } else { ret = sysdb_attrs_get_uint32_t(state->orig_user, SYSDB_GIDNUM, &primary_gid); diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c index b7feb84f1507..209b70aff503 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_initgroups_ad.c @@ -1,22 +1,20 @@ -diff --git src/providers/ldap/sdap_async_initgroups_ad.c src/providers/ldap/sdap_async_initgroups_ad.c -index 3c58f5bc4..7e0a5169d 100644 ---- src/providers/ldap/sdap_async_initgroups_ad.c +--- src/providers/ldap/sdap_async_initgroups_ad.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/sdap_async_initgroups_ad.c -@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username, +@@ -851,6 +851,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(c size_t i; time_t now; gid_t gid; + id_t temp_id; char **groups = NULL; size_t num_groups; errno_t ret; -@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username, +@@ -881,7 +882,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(c sid = sids[i]; DEBUG(SSSDBG_TRACE_LIBS, "Processing membership SID [%s]\n", sid); - ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &gid); + ret = sdap_idmap_sid_to_unix(idmap_ctx, sid, &temp_id); + gid = (gid_t) temp_id; if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n"); continue; diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c index 78deda7d99fa..e3091d63446a 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c @@ -1,30 +1,28 @@ -diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c -index a3c3e1068..f33299304 100644 ---- src/providers/ldap/sdap_async_sudo_hostinfo.c +--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/sdap_async_sudo_hostinfo.c -@@ -357,7 +357,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, +@@ -357,7 +357,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send struct tevent_req *subreq = NULL; struct sdap_sudo_get_hostnames_state *state = NULL; char *dot = NULL; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; int ret; req = tevent_req_create(mem_ctx, &state, -@@ -380,14 +380,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, +@@ -380,14 +380,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send /* get hostname */ errno = 0; - ret = gethostname(hostname, sizeof(hostname)); + ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); if (ret != EOK) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve machine hostname " "[%d]: %s\n", ret, strerror(ret)); goto done; } - hostname[HOST_NAME_MAX] = '\0'; + hostname[_POSIX_HOST_NAME_MAX] = '\0'; state->hostnames[0] = talloc_strdup(state->hostnames, hostname); if (state->hostnames[0] == NULL) { diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c index 4e5fcbb6008c..e835f542d46d 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_users.c @@ -1,48 +1,46 @@ -diff --git src/providers/ldap/sdap_async_users.c src/providers/ldap/sdap_async_users.c -index 92eeda1d3..8847be79b 100644 ---- src/providers/ldap/sdap_async_users.c +--- src/providers/ldap/sdap_async_users.c.orig 2020-03-17 13:31:28 UTC +++ src/providers/ldap/sdap_async_users.c @@ -61,7 +61,8 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts, { errno_t ret; TALLOC_CTX *tmpctx = NULL; - gid_t gid, primary_gid; + id_t gid; + gid_t primary_gid; char *group_sid_str; tmpctx = talloc_new(NULL); @@ -108,7 +109,7 @@ sdap_get_idmap_primary_gid(struct sdap_options *opts, if (ret != EOK) goto done; ret = EOK; - *_gid = gid; + *_gid = (gid_t) gid; done: talloc_free(tmpctx); return ret; @@ -188,6 +189,7 @@ int sdap_save_user(TALLOC_CTX *memctx, const char *orig_dn = NULL; uid_t uid = 0; gid_t gid = 0; + id_t temp_id; struct sysdb_attrs *user_attrs; char *upn = NULL; size_t i; @@ -331,7 +333,7 @@ int sdap_save_user(TALLOC_CTX *memctx, "Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str); /* Convert the SID into a UNIX user ID */ - ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid); + ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &temp_id); if (ret == ENOTSUP) { DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n"); ret = EOK; @@ -339,6 +341,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } else if (ret != EOK) { goto done; } + uid = (uid_t) temp_id; /* Store the UID in the ldap_attrs so it doesn't get * treated as a missing attribute from LDAP and removed. diff --git a/security/sssd/files/patch-src__resolv__async_resolv_utils.c b/security/sssd/files/patch-src__resolv__async_resolv_utils.c index 27457a3399d6..d0bd69b25801 100644 --- a/security/sssd/files/patch-src__resolv__async_resolv_utils.c +++ b/security/sssd/files/patch-src__resolv__async_resolv_utils.c @@ -1,30 +1,28 @@ -diff --git src/resolv/async_resolv_utils.c src/resolv/async_resolv_utils.c -index f86181b91..25323cf7a 100644 ---- src/resolv/async_resolv_utils.c +--- src/resolv/async_resolv_utils.c.orig 2020-03-17 13:31:28 UTC +++ src/resolv/async_resolv_utils.c @@ -45,7 +45,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx, struct resolv_get_domain_state *state = NULL; struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; - char system_hostname[HOST_NAME_MAX + 1]; + char system_hostname[_POSIX_HOST_NAME_MAX + 1]; errno_t ret; req = tevent_req_create(mem_ctx, &state, @@ -57,14 +57,14 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx, if (hostname == NULL) { /* use system hostname */ - ret = gethostname(system_hostname, sizeof(system_hostname)); + ret = gethostname(system_hostname, _POSIX_HOST_NAME_MAX); if (ret) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "gethostname() failed: [%d]: %s\n", ret, strerror(ret)); goto immediately; } - system_hostname[HOST_NAME_MAX] = '\0'; + system_hostname[_POSIX_HOST_NAME_MAX] = '\0'; hostname = system_hostname; } diff --git a/security/sssd/files/patch-src__sbus__sbus_codegen b/security/sssd/files/patch-src__sbus__sbus_codegen index 3e82500c9165..7ea5eb2bf7c0 100644 --- a/security/sssd/files/patch-src__sbus__sbus_codegen +++ b/security/sssd/files/patch-src__sbus__sbus_codegen @@ -1,10 +1,8 @@ -diff --git src/sbus/sbus_codegen src/sbus/sbus_codegen -index a97a92591..fb3b6d9b3 100755 ---- src/sbus/sbus_codegen +--- src/sbus/sbus_codegen.orig 2024-07-05 11:06:22 UTC +++ src/sbus/sbus_codegen @@ -1,4 +1,4 @@ --#!/usr/bin/env python +-#!/usr/local/bin/python3.11 +#!/usr/bin/env python3 # # Authors: diff --git a/security/sssd/files/patch-src__sss_client__common.c b/security/sssd/files/patch-src__sss_client__common.c index 59dcc448fd7c..9fbfebf9900d 100644 --- a/security/sssd/files/patch-src__sss_client__common.c +++ b/security/sssd/files/patch-src__sss_client__common.c @@ -1,87 +1,137 @@ -diff --git src/sss_client/common.c src/sss_client/common.c -index d8effb6dd..edeb4a159 100644 ---- src/sss_client/common.c +--- src/sss_client/common.c.orig 2020-03-17 13:31:28 UTC +++ src/sss_client/common.c @@ -25,6 +25,7 @@ #include "config.h" #include +#include #include #include #include @@ -44,6 +45,7 @@ #define _(STRING) dgettext (PACKAGE, STRING) #include "sss_cli.h" #include "common_private.h" +#include "util/sss_bsd_errno.h" #if HAVE_PTHREAD #include -@@ -126,7 +128,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, +@@ -126,7 +128,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -235,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, +@@ -235,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: if (pfd.revents & (POLLHUP)) { -@@ -679,7 +679,6 @@ static enum sss_status sss_cli_check_socket(int *errnop, +@@ -679,7 +679,6 @@ static enum sss_status sss_cli_check_socket(int *errno *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -730,7 +729,7 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd, +@@ -730,7 +729,7 @@ enum nss_status sss_nss_make_request_timeout(enum sss_ /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { - return NSS_STATUS_NOTFOUND; + return NS_NOTFOUND; } ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME, timeout); -@@ -738,9 +737,9 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd, +@@ -738,9 +737,9 @@ enum nss_status sss_nss_make_request_timeout(enum sss_ #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR *errnop = 0; errno = 0; - return NSS_STATUS_NOTFOUND; + return NS_NOTFOUND; #else - return NSS_STATUS_UNAVAIL; + return NS_UNAVAIL; #endif } -@@ -765,17 +764,17 @@ enum nss_status sss_nss_make_request_timeout(enum sss_cli_command cmd, +@@ -753,9 +752,9 @@ enum nss_status sss_nss_make_request_timeout(enum sss_ + #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR + *errnop = 0; + errno = 0; +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + #else +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + #endif + } + +@@ -765,17 +764,17 @@ enum nss_status sss_nss_make_request_timeout(enum sss_ } switch (ret) { case SSS_STATUS_TRYAGAIN: - return NSS_STATUS_TRYAGAIN; + return NS_TRYAGAIN; case SSS_STATUS_SUCCESS: - return NSS_STATUS_SUCCESS; + return NS_SUCCESS; case SSS_STATUS_UNAVAIL: default: #ifdef NONSTANDARD_SSS_NSS_BEHAVIOUR *errnop = 0; errno = 0; - return NSS_STATUS_NOTFOUND; + return NS_NOTFOUND; #else - return NSS_STATUS_UNAVAIL; + return NS_UNAVAIL; #endif } } +@@ -815,12 +814,12 @@ int sss_pac_make_request(enum sss_cli_command cmd, + /* avoid looping in the nss daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + } + + ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME, timeout); + if (ret != SSS_STATUS_SUCCESS) { +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + + ret = sss_cli_make_request_nochecks(cmd, rd, timeout, repbuf, replen, +@@ -829,7 +828,7 @@ int sss_pac_make_request(enum sss_cli_command cmd, + /* try reopen socket */ + ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME, timeout); + if (ret != SSS_STATUS_SUCCESS) { +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + + /* and make request one more time */ +@@ -838,12 +837,12 @@ int sss_pac_make_request(enum sss_cli_command cmd, + } + switch (ret) { + case SSS_STATUS_TRYAGAIN: +- return NSS_STATUS_TRYAGAIN; ++ return NS_TRYAGAIN; + case SSS_STATUS_SUCCESS: +- return NSS_STATUS_SUCCESS; ++ return NS_SUCCESS; + case SSS_STATUS_UNAVAIL: + default: +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + } + diff --git a/security/sssd/files/patch-src__sss_client__nss_group.c b/security/sssd/files/patch-src__sss_client__nss_group.c index 0deefe48139c..b92cd2028761 100644 --- a/security/sssd/files/patch-src__sss_client__nss_group.c +++ b/security/sssd/files/patch-src__sss_client__nss_group.c @@ -1,81 +1,79 @@ -diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c -index 5ab2bdf78..69ba75dcb 100644 ---- src/sss_client/nss_group.c +--- src/sss_client/nss_group.c.orig 2020-03-17 13:31:28 UTC +++ src/sss_client/nss_group.c @@ -390,6 +390,76 @@ out: } +#define MIN(a, b)((a) < (b) ? (a) : (b)) + +int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) +{ + int ret, dupc; + + for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { + if (groups[dupc] == gid) + return 1; + } + + ret = 1; + if (*grpcnt < maxgrp) + groups[*grpcnt] = gid; + else + ret = 0; + + (*grpcnt)++; + + return ret; +} + +enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, + gid_t *groups, int maxgrp, + int *grpcnt) +{ + struct sss_cli_req_data rd; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t *rbuf; + uint32_t num_ret; + long int l, max_ret; + int errnop; + + rd.len = strlen(uname) +1; + rd.data = uname; + + sss_nss_lock(); + + nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, + &repbuf, &replen, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + goto done; + } + + /* no results if not found */ + num_ret = ((uint32_t *)repbuf)[0]; + if (num_ret == 0) { + free(repbuf); + nret = NSS_STATUS_NOTFOUND; + goto done; + } + max_ret = num_ret; + + gr_addgid(agroup, groups, maxgrp, grpcnt); + + rbuf = &((uint32_t *)repbuf)[2]; + for (l = 0; l < max_ret; l++) { + gr_addgid(rbuf[l], groups, maxgrp, grpcnt); + } + + free(repbuf); + nret = NSS_STATUS_SUCCESS; + +done: + sss_nss_unlock(); + return nret; +} + enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { diff --git a/security/sssd/files/patch-src__sss_client__pam_sss.c b/security/sssd/files/patch-src__sss_client__pam_sss.c index 1e34b7ee9ffd..b33cb5eb4ab2 100644 --- a/security/sssd/files/patch-src__sss_client__pam_sss.c +++ b/security/sssd/files/patch-src__sss_client__pam_sss.c @@ -1,16 +1,23 @@ -diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c -index f634f7659..1de88fefe 100644 ---- src/sss_client/pam_sss.c +--- src/sss_client/pam_sss.c.orig 2020-03-17 13:31:28 UTC +++ src/sss_client/pam_sss.c -@@ -263,9 +263,9 @@ static int do_pam_conversation(pam_handle_t *pamh, const int msg_style, +@@ -266,9 +266,9 @@ static int do_pam_conversation(pam_handle_t *pamh, con pam_msg->msg_style = msg_style; if (state == SSS_PAM_CONV_REENTER) { - pam_msg->msg = reenter_msg; + pam_msg->msg = (char *)(intptr_t)reenter_msg; } else { - pam_msg->msg = msg; + pam_msg->msg = (char *)(intptr_t)msg; } mesg[0] = (const struct pam_message *) pam_msg; +@@ -1253,7 +1253,7 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t + + pi->cli_pid = getpid(); + +- pi->login_name = pam_modutil_getlogin(pamh); ++ pi->login_name = getlogin(); + if (pi->login_name == NULL) pi->login_name=""; + + pi->domain_name = NULL; diff --git a/security/sssd/files/patch-src__sss_client__sss_nss.exports b/security/sssd/files/patch-src__sss_client__sss_nss.exports index ceeb55742553..028d05d8a933 100644 --- a/security/sssd/files/patch-src__sss_client__sss_nss.exports +++ b/security/sssd/files/patch-src__sss_client__sss_nss.exports @@ -1,38 +1,35 @@ -diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports -index 1eefea8d5..8e85a0541 100644 ---- src/sss_client/sss_nss.exports +--- src/sss_client/sss_nss.exports.orig 2020-03-17 13:31:28 UTC +++ src/sss_client/sss_nss.exports @@ -3,6 +3,7 @@ EXPORTED { # public functions global: + nss_module_register; _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; -@@ -14,8 +15,25 @@ EXPORTED { +@@ -14,7 +15,24 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; + _nss_sss_getgroupmembership; _nss_sss_initgroups_dyn; - -+ __nss_compat_getgrnam_r; -+ __nss_compat_getgrgid_r; -+ __nss_compat_getgrent_r; -+ __nss_compat_setgrent; -+ __nss_compat_endgrent; + -+ __nss_compat_getpwnam_r; -+ __nss_compat_getpwuid_r; -+ __nss_compat_getpwent_r; -+ __nss_compat_setpwent; -+ __nss_compat_endpwent; ++ #__nss_compat_getgrnam_r; ++ #__nss_compat_getgrgid_r; ++ #__nss_compat_getgrent_r; ++ #__nss_compat_setgrent; ++ #__nss_compat_endgrent; + -+ __nss_compat_gethostbyname; -+ __nss_compat_gethostbyname2; -+ __nss_compat_gethostbyaddr; ++ #__nss_compat_getpwnam_r; ++ #__nss_compat_getpwuid_r; ++ #__nss_compat_getpwent_r; ++ #__nss_compat_setpwent; ++ #__nss_compat_endpwent; + ++ #__nss_compat_gethostbyname; ++ #__nss_compat_gethostbyname2; ++ #__nss_compat_gethostbyaddr; + #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; - #_nss_sss_getaliasent_r; diff --git a/security/sssd/files/patch-src__tests__cmocka__test_authtok.c b/security/sssd/files/patch-src__tests__cmocka__test_authtok.c index ef3344e4b559..43813d0bb944 100644 --- a/security/sssd/files/patch-src__tests__cmocka__test_authtok.c +++ b/security/sssd/files/patch-src__tests__cmocka__test_authtok.c @@ -1,12 +1,10 @@ -diff --git src/tests/cmocka/test_authtok.c src/tests/cmocka/test_authtok.c -index 9422f96bc..8492e186a 100644 ---- src/tests/cmocka/test_authtok.c +--- src/tests/cmocka/test_authtok.c.orig 2020-03-17 13:31:28 UTC +++ src/tests/cmocka/test_authtok.c @@ -28,6 +28,7 @@ #include "tests/cmocka/common_mock.h" #include "util/authtok.h" +#include "util/sss_endian.h" struct test_state { diff --git a/security/sssd/files/patch-src__tests__cmocka__test_negcache_2.c b/security/sssd/files/patch-src__tests__cmocka__test_negcache_2.c index 81e1790c4ce6..1f3593a6e26a 100644 --- a/security/sssd/files/patch-src__tests__cmocka__test_negcache_2.c +++ b/security/sssd/files/patch-src__tests__cmocka__test_negcache_2.c @@ -1,42 +1,48 @@ ---- src/tests/cmocka/test_negcache_2.c 2020-03-17 09:31:28.000000000 -0400 -+++ src/tests/cmocka/test_negcache_2.c 2022-02-22 23:48:57.315866000 -0500 -@@ -116,12 +116,8 @@ +--- src/tests/cmocka/test_negcache_2.c.orig 2020-03-17 13:31:28 UTC ++++ src/tests/cmocka/test_negcache_2.c +@@ -115,14 +115,10 @@ static void find_local_users(struct ncache_test_ctx *t + static void find_local_users(struct ncache_test_ctx *test_ctx) { int i; - FILE *passwd_file; const struct passwd *pwd; - passwd_file = fopen("/etc/passwd", "r"); - assert_non_null(passwd_file); - for (i = 0; i < 2; /*no-op*/) { - pwd = fgetpwent(passwd_file); + pwd = getpwent(); assert_non_null(pwd); if (pwd->pw_uid == 0) { -@@ -135,5 +131,4 @@ + /* skip root */ +@@ -134,20 +130,15 @@ static void find_local_users(struct ncache_test_ctx *t + ++i; } - fclose(passwd_file); } -@@ -141,12 +136,8 @@ + static void find_local_groups(struct ncache_test_ctx *test_ctx) { int i; - FILE *group_file; const struct group *grp; - group_file = fopen("/etc/group", "r"); - assert_non_null(group_file); - for (i = 0; i < 2; /* no-op */) { - grp = fgetgrent(group_file); + grp = getgrent(); assert_non_null(grp); if (grp->gr_gid == 0) { -@@ -160,5 +151,4 @@ + /* skip root */ +@@ -159,7 +150,6 @@ static void find_local_groups(struct ncache_test_ctx * + ++i; } - fclose(group_file); } + static void find_non_local_users(struct ncache_test_ctx *test_ctx) diff --git a/security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c b/security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c index b88a33513a5b..65d24867e383 100644 --- a/security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c +++ b/security/sssd/files/patch-src__tests__cmocka__test_pam_srv.c @@ -1,13 +1,11 @@ -diff --git src/tests/cmocka/test_pam_srv.c src/tests/cmocka/test_pam_srv.c -index 446985d5d..f53f84be2 100644 ---- src/tests/cmocka/test_pam_srv.c +--- src/tests/cmocka/test_pam_srv.c.orig 2020-03-17 13:31:28 UTC +++ src/tests/cmocka/test_pam_srv.c @@ -1177,7 +1177,7 @@ void test_pam_open_session(void **state) /* make sure pam_status is not touched by setting it to a value which is * not used by SSSD. */ - pam_test_ctx->exp_pam_status = _PAM_RETURN_VALUES; + pam_test_ctx->exp_pam_status = PAM_NUM_ERRORS; set_cmd_cb(test_pam_simple_check); ret = sss_cmd_execute(pam_test_ctx->cctx, SSS_PAM_OPEN_SESSION, pam_test_ctx->pam_cmds); diff --git a/security/sssd/files/patch-src__tests__cwrap__test_responder_common.c b/security/sssd/files/patch-src__tests__cwrap__test_responder_common.c index d759d7f224b3..db2d00080df3 100644 --- a/security/sssd/files/patch-src__tests__cwrap__test_responder_common.c +++ b/security/sssd/files/patch-src__tests__cwrap__test_responder_common.c @@ -1,18 +1,16 @@ -diff --git src/tests/cwrap/test_responder_common.c src/tests/cwrap/test_responder_common.c -index 11cc3abd8..191310143 100644 ---- src/tests/cwrap/test_responder_common.c +--- src/tests/cwrap/test_responder_common.c.orig 2020-03-17 13:31:28 UTC +++ src/tests/cwrap/test_responder_common.c -@@ -136,11 +136,13 @@ void check_sock_properties(struct create_pipe_ctx *ctx, mode_t mode) +@@ -136,11 +136,13 @@ void check_sock_properties(struct create_pipe_ctx *ctx assert_true(S_ISSOCK(sbuf.st_mode)); assert_true((sbuf.st_mode & ~S_IFMT) == mode); +#ifdef SO_DOMAIN /* Check it's a UNIX socket */ optlen = sizeof(optval); ret = getsockopt(ctx->fd, SOL_SOCKET, SO_DOMAIN, &optval, &optlen); assert_int_equal(ret, 0); assert_int_equal(optval, AF_UNIX); +#endif optlen = sizeof(optval); ret = getsockopt(ctx->fd, SOL_SOCKET, SO_TYPE, &optval, &optlen); diff --git a/security/sssd/files/patch-src__tests__cwrap__test_server.c b/security/sssd/files/patch-src__tests__cwrap__test_server.c index 66b4c6198f16..d3fe57ecddd3 100644 --- a/security/sssd/files/patch-src__tests__cwrap__test_server.c +++ b/security/sssd/files/patch-src__tests__cwrap__test_server.c @@ -1,12 +1,10 @@ -diff --git src/tests/cwrap/test_server.c src/tests/cwrap/test_server.c -index 85ecb7f74..a2ddc595f 100644 ---- src/tests/cwrap/test_server.c +--- src/tests/cwrap/test_server.c.orig 2020-03-17 13:31:28 UTC +++ src/tests/cwrap/test_server.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include "util/util.h" diff --git a/security/sssd/files/patch-src__tests__dlopen-tests.c b/security/sssd/files/patch-src__tests__dlopen-tests.c index 0ee773744daf..825a86b021bf 100644 --- a/security/sssd/files/patch-src__tests__dlopen-tests.c +++ b/security/sssd/files/patch-src__tests__dlopen-tests.c @@ -1,22 +1,20 @@ -diff --git src/tests/dlopen-tests.c src/tests/dlopen-tests.c -index 9a5d3597f..4b469726b 100644 ---- src/tests/dlopen-tests.c +--- src/tests/dlopen-tests.c.orig 2020-03-17 13:31:28 UTC +++ src/tests/dlopen-tests.c @@ -44,7 +44,7 @@ struct so { { "libipa_hbac.so", { LIBPFX"libipa_hbac.so", NULL } }, { "libsss_idmap.so", { LIBPFX"libsss_idmap.so", NULL } }, { "libsss_nss_idmap.so", { LIBPFX"libsss_nss_idmap.so", NULL } }, - { "libnss_sss.so", { LIBPFX"libnss_sss.so", NULL } }, + { "nss_sss.so", { LIBPFX"nss_sss.so", NULL } }, { "libsss_certmap.so", { LIBPFX"libsss_certmap.so", NULL } }, { "pam_sss.so", { LIBPFX"pam_sss.so", NULL } }, #ifdef BUILD_LIBWBCLIENT @@ -82,8 +82,6 @@ struct so { { "libsss_util.so", { LIBPFX"libsss_util.so", NULL } }, { "libsss_simple.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_simple.so", NULL } }, - { "libsss_files.so", { LIBPFX"libdlopen_test_providers.so", - LIBPFX"libsss_files.so", NULL } }, #ifdef BUILD_SAMBA { "libsss_ad.so", { LIBPFX"libdlopen_test_providers.so", LIBPFX"libsss_ad.so", NULL } }, diff --git a/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c b/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c index dbea252ea1cd..0677644d2bcf 100644 --- a/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c +++ b/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c @@ -1,18 +1,16 @@ -diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c -index 2275ccd96..c1e418917 100644 ---- src/util/crypto/libcrypto/crypto_sha512crypt.c +--- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2020-03-17 13:31:28 UTC +++ src/util/crypto/libcrypto/crypto_sha512crypt.c @@ -30,6 +30,13 @@ #include "sss_openssl.h" +#ifndef HAVE_MEMPCPY +void * +mempcpy (void *dest, const void *src, size_t n) +{ + return (char *) memcpy (dest, src, n) + n; +} +#endif /* HAVE_MEMPCPY */ /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; diff --git a/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c b/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c index fbce0c0e298f..7df9d0e1d692 100644 --- a/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c +++ b/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c @@ -1,19 +1,17 @@ -diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c -index 4d0594d9f..49801222d 100644 ---- src/util/crypto/nss/nss_sha512crypt.c +--- src/util/crypto/nss/nss_sha512crypt.c.orig 2020-03-17 13:31:28 UTC +++ src/util/crypto/nss/nss_sha512crypt.c @@ -29,6 +29,14 @@ #include #include +#ifndef HAVE_MEMPCPY +static void * +mempcpy (void *dest, const void *src, size_t n) +{ + return (char *) memcpy (dest, src, n) + n; +} +#endif /* HAVE_MEMPCPY */ + /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) diff --git a/security/sssd/files/patch-src__util__find_uid.c b/security/sssd/files/patch-src__util__find_uid.c index 3e2cbd902dcc..f09d9bc47532 100644 --- a/security/sssd/files/patch-src__util__find_uid.c +++ b/security/sssd/files/patch-src__util__find_uid.c @@ -1,39 +1,37 @@ -diff --git src/util/find_uid.c src/util/find_uid.c -index 215c0d338..42a1df729 100644 ---- src/util/find_uid.c +--- src/util/find_uid.c.orig 2020-03-17 13:31:28 UTC +++ src/util/find_uid.c -@@ -72,7 +72,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) +@@ -72,7 +72,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t uint32_t num=0; errno_t error; - ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); + ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed\n"); return EINVAL; -@@ -218,12 +218,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) +@@ -216,12 +216,12 @@ static errno_t get_active_uid_linux(hash_table_t *tabl struct dirent *dirent; int ret, err; pid_t pid = -1; - uid_t uid; + uid_t uid = -1; hash_key_t key; hash_value_t value; - proc_dir = opendir("/proc"); + proc_dir = opendir("/compat/linux/proc"); if (proc_dir == NULL) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n"); -@@ -298,9 +298,8 @@ done: +@@ -301,9 +301,8 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { -#ifdef __linux__ int ret; - +#if 1 ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); diff --git a/security/sssd/files/patch-src__util__nss_dl_load.c b/security/sssd/files/patch-src__util__nss_dl_load.c index 1eb41aaf011e..347b62ab4182 100644 --- a/security/sssd/files/patch-src__util__nss_dl_load.c +++ b/security/sssd/files/patch-src__util__nss_dl_load.c @@ -1,30 +1,30 @@ ---- src/util/nss_dl_load.c-orig 2020-10-22 17:57:10.433049000 +0100 -+++ src/util/nss_dl_load.c 2020-11-01 13:25:22.636487000 +0000 +--- src/util/nss_dl_load.c.orig 2020-03-17 13:31:28 UTC ++++ src/util/nss_dl_load.c @@ -24,6 +24,7 @@ #include "util/util_errors.h" #include "util/debug.h" #include "nss_dl_load.h" +#include "util/sss_bsd_errno.h" #define NSS_FN_NAME "_nss_%s_%s" -@@ -36,7 +37,8 @@ +@@ -36,7 +37,8 @@ static void *proxy_dlsym(void *handle, char *funcname; void *funcptr; - funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name); +/* funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name); */ + funcname = talloc_asprintf(NULL, "%s", name); if (funcname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); return NULL; -@@ -78,7 +80,8 @@ +@@ -78,7 +80,8 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, {(void**)&ops->endservent, "endservent"} }; - libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname); +/* libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname); */ + libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname); if (libpath == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); return ENOMEM; diff --git a/security/sssd/files/patch-src__util__server.c b/security/sssd/files/patch-src__util__server.c index 1d46e15ef9c9..9127a59f39bf 100644 --- a/security/sssd/files/patch-src__util__server.c +++ b/security/sssd/files/patch-src__util__server.c @@ -1,22 +1,20 @@ -diff --git src/util/server.c src/util/server.c -index f34bf49f6..7cb3864af 100644 ---- src/util/server.c +--- src/util/server.c.orig 2020-03-17 13:31:28 UTC +++ src/util/server.c @@ -311,10 +311,13 @@ static void setup_signals(void) BlockSignals(false, SIGTERM); #ifndef HAVE_PRCTL - /* If prctl is not defined on the system, try to handle - * some common termination signals gracefully */ - CatchSignal(SIGSEGV, sig_segv_abrt); - CatchSignal(SIGABRT, sig_segv_abrt); + /* If prctl is not defined on the system, try to handle + * some common termination signals gracefully */ + (void) sig_segv_abrt; /* unused */ + /* + CatchSignal(SIGSEGV, sig_segv_abrt); + CatchSignal(SIGABRT, sig_segv_abrt); + */ #endif } diff --git a/security/sssd/files/patch-src__util__sss_endian.h b/security/sssd/files/patch-src__util__sss_endian.h index fe2c66ef198b..29e212c829c4 100644 --- a/security/sssd/files/patch-src__util__sss_endian.h +++ b/security/sssd/files/patch-src__util__sss_endian.h @@ -1,23 +1,21 @@ -diff --git src/util/sss_endian.h src/util/sss_endian.h -index 834c35980..d0bc1d338 100644 ---- src/util/sss_endian.h +--- src/util/sss_endian.h.orig 2020-03-17 13:31:28 UTC +++ src/util/sss_endian.h @@ -29,6 +29,18 @@ # include #endif /* !HAVE_ENDIAN_H && !HAVE_SYS_ENDIAN_H */ +#if defined(_BYTE_ORDER) && !defined(__BYTE_ORDER) +#define __BYTE_ORDER _BYTE_ORDER +#endif + +#if defined(_LITTLE_ENDIAN) && !defined(__LITTLE_ENDIAN) +#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#endif + +#if defined(_BIG_ENDIAN) && !defined(__BIG_ENDIAN) +#define __BIG_ENDIAN _BIG_ENDIAN +#endif + /* Endianness-compatibility for systems running older versions of glibc */ #ifndef le32toh diff --git a/security/sssd/files/patch-src__util__sss_krb5.c b/security/sssd/files/patch-src__util__sss_krb5.c index 8ee54b4c358b..c818dc1f90d3 100644 --- a/security/sssd/files/patch-src__util__sss_krb5.c +++ b/security/sssd/files/patch-src__util__sss_krb5.c @@ -1,12 +1,10 @@ -diff --git src/util/sss_krb5.c src/util/sss_krb5.c -index c0cc28a75..88e6e6008 100644 ---- src/util/sss_krb5.c +--- src/util/sss_krb5.c.orig 2020-03-17 13:31:28 UTC +++ src/util/sss_krb5.c @@ -28,6 +28,7 @@ #include "util/sss_iobuf.h" #include "util/util.h" #include "util/sss_krb5.h" +#include "util/sss_endian.h" static char * sss_krb5_get_primary(TALLOC_CTX *mem_ctx, diff --git a/security/sssd/files/patch-src__util__sss_sockets.c b/security/sssd/files/patch-src__util__sss_sockets.c index 5e90879b246f..2b05dc360523 100644 --- a/security/sssd/files/patch-src__util__sss_sockets.c +++ b/security/sssd/files/patch-src__util__sss_sockets.c @@ -1,45 +1,45 @@ ---- src/util/sss_sockets.c.orig 2020-03-17 13:31:28.000000000 +0000 -+++ src/util/sss_sockets.c 2020-10-22 19:39:46.454834000 +0100 -@@ -120,14 +120,16 @@ +--- src/util/sss_sockets.c.orig 2020-03-17 13:31:28 UTC ++++ src/util/sss_sockets.c +@@ -120,14 +120,16 @@ static errno_t set_fd_common_opts(int fd, int timeout) } milli = timeout * 1000; /* timeout in milliseconds */ - ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, - sizeof(milli)); - if (ret != 0) { - ret = errno; - DEBUG(SSSDBG_FUNC_DATA, - "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, - strerror(ret)); - } + /* FreeBSD does not have TCP_USER_TIMEOUT option yet .... + * ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, + * sizeof(milli)); + * if (ret != 0) { + * ret = errno; + * DEBUG(SSSDBG_FUNC_DATA, + * "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, + * strerror(ret)); + * } + */ } return EOK; -@@ -230,7 +232,7 @@ +@@ -230,7 +232,7 @@ static void sssd_async_connect_done(struct tevent_cont talloc_zfree(fde); - if (ret == EOK) { + if (ret == EOK || ret == EISCONN) { tevent_req_done(req); } else { ret = errno; -@@ -313,7 +315,7 @@ +@@ -313,7 +315,7 @@ struct tevent_req *sssd_async_socket_init_send(TALLOC_ "Using file descriptor [%d] for the connection.\n", state->sd); subreq = sssd_async_connect_send(state, ev, state->sd, - (struct sockaddr *) addr, addr_len); + (struct sockaddr *) addr, sizeof(struct sockaddr)); if (subreq == NULL) { ret = ENOMEM; DEBUG(SSSDBG_CRIT_FAILURE, "sssd_async_connect_send failed.\n"); diff --git a/security/sssd/files/patch-src__util__util.c b/security/sssd/files/patch-src__util__util.c index f9380a2c16c9..c04d1b23c491 100644 --- a/security/sssd/files/patch-src__util__util.c +++ b/security/sssd/files/patch-src__util__util.c @@ -1,22 +1,22 @@ ---- src/util/util.c 2020-10-20 19:31:51.466783000 +0100 -+++ src/util/util.c 2020-10-20 19:33:20.832098000 +0100 -@@ -830,6 +830,19 @@ +--- src/util/util.c.orig 2020-03-17 13:31:28 UTC ++++ src/util/util.c +@@ -830,6 +830,19 @@ errno_t sss_fd_nonblocking(int fd) return EOK; } + +#ifdef __FreeBSD__ +int flb_timezone(void) +{ + struct tm tm; + time_t t = 0; + tzset(); + localtime_r(&t, &tm); + return -(tm.tm_gmtoff); +} +#define timezone (flb_timezone()) +#endif + /* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime) * to unix time (seconds since epoch). Use UTC time zone. */ diff --git a/security/sssd/files/patch-src__util__util.h b/security/sssd/files/patch-src__util__util.h index 62f6792018c0..4ae734ba6e64 100644 --- a/security/sssd/files/patch-src__util__util.h +++ b/security/sssd/files/patch-src__util__util.h @@ -1,11 +1,9 @@ -diff --git src/util/util.h src/util/util.h -index 1e36bf02a..e883f322f 100644 ---- src/util/util.h +--- src/util/util.h.orig 2020-03-17 13:31:28 UTC +++ src/util/util.h -@@ -733,4 +733,6 @@ errno_t create_preauth_indicator(void); +@@ -749,4 +749,6 @@ errno_t create_preauth_indicator(void); #define N_ELEMENTS(arr) (sizeof(arr) / sizeof(arr[0])) #endif +#include "util/sss_bsd_errno.h" + #endif /* __SSSD_UTIL_H__ */ diff --git a/security/sssd/pkg-plist b/security/sssd/pkg-plist index 8ee68e8602ba..cdd9294c3d4c 100644 --- a/security/sssd/pkg-plist +++ b/security/sssd/pkg-plist @@ -1,259 +1,259 @@ bin/sss_ssh_authorizedkeys bin/sss_ssh_knownhostsproxy etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf etc/pam.d/sssd-shadowutils %%ETCDIR%%/sssd.conf.sample include/ipa_hbac.h include/sss_certmap.h include/sss_idmap.h include/sss_nss_idmap.h include/sss_sifp.h include/sss_sifp_dbus.h include/wbclient_sssd.h lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so lib/libipa_hbac.so lib/libipa_hbac.so.0 lib/libipa_hbac.so.0.1.0 lib/libsss_certmap.so lib/libsss_certmap.so.0 lib/libsss_certmap.so.0.0.0 lib/libsss_idmap.so lib/libsss_idmap.so.0 lib/libsss_idmap.so.0.5.1 lib/libsss_nss_idmap.so lib/libsss_nss_idmap.so.0 lib/libsss_nss_idmap.so.0.5.0 lib/libsss_simpleifp.so lib/libsss_simpleifp.so.0 lib/libsss_simpleifp.so.0.1.1 lib/libsss_sudo.so lib/nss_sss.so lib/nss_sss.so.1 lib/nss_sss.so.2 lib/nss_sss.so.2.0.0 lib/pam_sss.so %%PYTHON_SITELIBDIR%%/SSSDConfig-1.16.5-py%%PYTHON_VER%%.egg-info %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py -%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__.cpython-%%PYTHON_SUFFIX%%.pyc -%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf.cpython-%%PYTHON_SUFFIX%%.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__%%PYTHON_EXT_SUFFIX%%.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf%%PYTHON_EXT_SUFFIX%%.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py %%PYTHON_SITELIBDIR%%/pyhbac.so %%PYTHON_SITELIBDIR%%/pysss.so %%PYTHON_SITELIBDIR%%/pysss_murmur.so %%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so lib/shared-modules/ldb/memberof.so lib/sssd/conf/sssd.conf lib/sssd/libsss_cert.so lib/sssd/libsss_child.so lib/sssd/libsss_crypt.so lib/sssd/libsss_debug.so lib/sssd/libsss_krb5.so lib/sssd/libsss_krb5_common.so lib/sssd/libsss_ldap.so lib/sssd/libsss_ldap_common.so lib/sssd/libsss_proxy.so lib/sssd/libsss_semanage.so lib/sssd/libsss_simple.so lib/sssd/libsss_util.so lib/sssd/modules/libwbclient.so lib/sssd/modules/libwbclient.so.0 lib/sssd/modules/libwbclient.so.0.14.0 lib/sssd/modules/sssd_krb5_localauth_plugin.so libdata/pkgconfig/ipa_hbac.pc libdata/pkgconfig/sss_certmap.pc libdata/pkgconfig/sss_idmap.pc libdata/pkgconfig/sss_nss_idmap.pc libdata/pkgconfig/sss_simpleifp.pc libdata/pkgconfig/wbclient_sssd.pc libexec/sssd/krb5_child libexec/sssd/ldap_child libexec/sssd/p11_child libexec/sssd/proxy_child libexec/sssd/sss_signal libexec/sssd/sssd_be libexec/sssd/sssd_ifp libexec/sssd/sssd_nss libexec/sssd/sssd_pam libexec/sssd/sssd_ssh libexec/sssd/sssd_sudo sbin/sss_cache sbin/sss_debuglevel sbin/sss_groupadd sbin/sss_groupdel sbin/sss_groupmod sbin/sss_groupshow sbin/sss_obfuscate sbin/sss_override sbin/sss_seed sbin/sss_useradd sbin/sss_userdel sbin/sss_usermod sbin/sssctl sbin/sssd share/man/de/man1/sss_ssh_knownhostsproxy.1.gz share/man/de/man5/sssd-ifp.5.gz share/man/de/man5/sssd-krb5.5.gz share/man/de/man5/sssd-ldap.5.gz share/man/de/man5/sssd-simple.5.gz share/man/de/man5/sssd-sudo.5.gz share/man/de/man8/sss_groupadd.8.gz share/man/de/man8/sss_groupdel.8.gz share/man/de/man8/sss_groupmod.8.gz share/man/de/man8/sss_groupshow.8.gz share/man/de/man8/sss_obfuscate.8.gz share/man/de/man8/sss_seed.8.gz share/man/de/man8/sss_useradd.8.gz share/man/de/man8/sss_userdel.8.gz share/man/de/man8/sss_usermod.8.gz share/man/de/man8/sssd.8.gz share/man/es/man5/sssd-ldap.5.gz -share/man/es/man5/sssd.conf.5.gz share/man/es/man5/sssd-simple.5.gz share/man/es/man5/sssd-sudo.5.gz +share/man/es/man5/sssd.conf.5.gz share/man/es/man8/pam_sss.8.gz share/man/es/man8/sss_groupadd.8.gz share/man/es/man8/sss_groupdel.8.gz share/man/es/man8/sss_groupmod.8.gz share/man/es/man8/sss_groupshow.8.gz share/man/es/man8/sss_obfuscate.8.gz share/man/es/man8/sss_seed.8.gz share/man/es/man8/sss_useradd.8.gz share/man/es/man8/sss_userdel.8.gz share/man/es/man8/sss_usermod.8.gz share/man/es/man8/sssd.8.gz share/man/es/man8/sssd_krb5_locator_plugin.8.gz share/man/fr/man1/sss_ssh_knownhostsproxy.1.gz share/man/fr/man5/sssd-krb5.5.gz share/man/fr/man5/sssd-ldap.5.gz share/man/fr/man5/sssd-simple.5.gz share/man/fr/man5/sssd-sudo.5.gz share/man/fr/man8/sss_groupadd.8.gz share/man/fr/man8/sss_groupdel.8.gz share/man/fr/man8/sss_groupmod.8.gz share/man/fr/man8/sss_groupshow.8.gz share/man/fr/man8/sss_obfuscate.8.gz share/man/fr/man8/sss_seed.8.gz share/man/fr/man8/sss_useradd.8.gz share/man/fr/man8/sss_userdel.8.gz share/man/fr/man8/sss_usermod.8.gz share/man/fr/man8/sssd.8.gz share/man/ja/man1/sss_ssh_knownhostsproxy.1.gz share/man/ja/man5/sssd-simple.5.gz share/man/ja/man8/sss_groupadd.8.gz share/man/ja/man8/sss_groupdel.8.gz share/man/ja/man8/sss_groupmod.8.gz share/man/ja/man8/sss_groupshow.8.gz share/man/ja/man8/sss_obfuscate.8.gz share/man/ja/man8/sss_useradd.8.gz share/man/ja/man8/sss_userdel.8.gz share/man/ja/man8/sss_usermod.8.gz share/man/ja/man8/sssd.8.gz share/man/man1/sss_ssh_authorizedkeys.1.gz share/man/man1/sss_ssh_knownhostsproxy.1.gz share/man/man5/sss-certmap.5.gz share/man/man5/sssd-files.5.gz share/man/man5/sssd-ifp.5.gz share/man/man5/sssd-krb5.5.gz share/man/man5/sssd-ldap.5.gz share/man/man5/sssd-session-recording.5.gz share/man/man5/sssd-simple.5.gz share/man/man5/sssd-sudo.5.gz share/man/man5/sssd.conf.5.gz share/man/man8/idmap_sss.8.gz share/man/man8/pam_sss.8.gz share/man/man8/sss_cache.8.gz share/man/man8/sss_debuglevel.8.gz share/man/man8/sss_groupadd.8.gz share/man/man8/sss_groupdel.8.gz share/man/man8/sss_groupmod.8.gz share/man/man8/sss_groupshow.8.gz share/man/man8/sss_obfuscate.8.gz share/man/man8/sss_override.8.gz share/man/man8/sss_seed.8.gz share/man/man8/sss_useradd.8.gz share/man/man8/sss_userdel.8.gz share/man/man8/sss_usermod.8.gz share/man/man8/sssctl.8.gz share/man/man8/sssd.8.gz share/man/man8/sssd_krb5_locator_plugin.8.gz share/man/nl/man8/sss_groupmod.8.gz share/man/pt/man8/sss_groupdel.8.gz share/man/pt/man8/sss_groupmod.8.gz -share/man/sv/man5/sssd.conf.5.gz +share/man/sv/man5/sss-certmap.5.gz share/man/sv/man5/sssd-ad.5.gz share/man/sv/man5/sssd-ifp.5.gz share/man/sv/man5/sssd-ipa.5.gz share/man/sv/man5/sssd-krb5.5.gz share/man/sv/man5/sssd-ldap.5.gz share/man/sv/man5/sssd-simple.5.gz share/man/sv/man5/sssd-sudo.5.gz -share/man/sv/man5/sss-certmap.5.gz +share/man/sv/man5/sssd.conf.5.gz share/man/sv/man8/pam_sss.8.gz share/man/sv/man8/sss_cache.8.gz share/man/sv/man8/sss_debuglevel.8.gz share/man/sv/man8/sss_groupadd.8.gz share/man/sv/man8/sss_groupdel.8.gz share/man/sv/man8/sss_groupmod.8.gz share/man/sv/man8/sss_groupshow.8.gz share/man/sv/man8/sss_obfuscate.8.gz share/man/sv/man8/sss_override.8.gz share/man/sv/man8/sss_seed.8.gz share/man/sv/man8/sss_useradd.8.gz share/man/sv/man8/sss_userdel.8.gz share/man/sv/man8/sss_usermod.8.gz share/man/sv/man8/sssd.8.gz share/man/sv/man8/sssd_krb5_locator_plugin.8.gz share/man/uk/man1/sss_ssh_authorizedkeys.1.gz share/man/uk/man1/sss_ssh_knownhostsproxy.1.gz share/man/uk/man5/sss-certmap.5.gz share/man/uk/man5/sss_rpcidmapd.5.gz share/man/uk/man5/sssd-ad.5.gz share/man/uk/man5/sssd-files.5.gz share/man/uk/man5/sssd-ifp.5.gz share/man/uk/man5/sssd-ipa.5.gz share/man/uk/man5/sssd-krb5.5.gz share/man/uk/man5/sssd-ldap.5.gz share/man/uk/man5/sssd-secrets.5.gz share/man/uk/man5/sssd-session-recording.5.gz share/man/uk/man5/sssd-simple.5.gz share/man/uk/man5/sssd-sudo.5.gz share/man/uk/man5/sssd-systemtap.5.gz share/man/uk/man5/sssd.conf.5.gz share/man/uk/man8/idmap_sss.8.gz share/man/uk/man8/pam_sss.8.gz share/man/uk/man8/sss_cache.8.gz share/man/uk/man8/sss_debuglevel.8.gz share/man/uk/man8/sss_groupadd.8.gz share/man/uk/man8/sss_groupdel.8.gz share/man/uk/man8/sss_groupmod.8.gz share/man/uk/man8/sss_groupshow.8.gz share/man/uk/man8/sss_obfuscate.8.gz share/man/uk/man8/sss_override.8.gz share/man/uk/man8/sss_seed.8.gz share/man/uk/man8/sss_useradd.8.gz share/man/uk/man8/sss_userdel.8.gz share/man/uk/man8/sss_usermod.8.gz share/man/uk/man8/sssctl.8.gz share/man/uk/man8/sssd-kcm.8.gz share/man/uk/man8/sssd.8.gz share/man/uk/man8/sssd_krb5_locator_plugin.8.gz @dir %%ETCDIR%%/conf.d @dir %%ETCDIR%%/pki @dir lib/ldb %%PORTDOCS%%@dir %%DOCSDIR%%/doc %%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc %%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc %%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc %%PORTDOCS%%@dir %%DOCSDIR%%/sss_simpleifp_doc @dir /var/db/sss/db @dir /var/db/sss/deskprofile @dir /var/db/sss/gpo_cache @dir /var/db/sss/keytabs @dir /var/db/sss/mc @dir /var/db/sss/pubconf/krb5.include.d @dir /var/db/sss/pubconf @dir /var/db/sss @dir /var/log/sssd @dir /var/run/sss/pipes/private @dir /var/run/sss/pipes @dir /var/run/sss diff --git a/security/sssd2/files/bsdnss.c b/security/sssd2/files/bsdnss.c index ee0592d3aea9..21484bdca1f5 100644 --- a/security/sssd2/files/bsdnss.c +++ b/security/sssd2/files/bsdnss.c @@ -1,198 +1,215 @@ #include #include #include #include #include #include #include NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_setgrent(void); extern enum nss_status _nss_sss_endgrent(void); extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_setpwent(void); extern enum nss_status _nss_sss_endpwent(void); extern enum nss_status _nss_sss_gethostbyname_r(const char *name, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len, int type, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, int maxgrp, int *grpcnt); +NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); +NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); + static ns_mtab methods[] = { { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, { NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, { NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, { NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, { NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, { NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, { NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, { NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, { NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, { NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, }; ns_mtab * nss_module_register(const char *source, unsigned int *mtabsize, nss_module_unregister_fn *unreg) { *mtabsize = sizeof(methods)/sizeof(methods[0]); *unreg = NULL; return (methods); } int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) { int (*fn)(const char *, gid_t, gid_t *, int, int *); const char *uname; gid_t agroup; gid_t *groups; int maxgrp; int *grpcnt; int errnop = 0; enum nss_status status; fn = mdata; uname = va_arg(ap, const char *); agroup = va_arg(ap, gid_t); groups = va_arg(ap, gid_t *); maxgrp = va_arg(ap, int); grpcnt = va_arg(ap, int *); status = fn(uname, agroup, groups, maxgrp, grpcnt); status = __nss_compat_result(status, errnop); return (status); } int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) { enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); const char *name; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; int af; enum nss_status status; fn = mdata; name = va_arg(ap, const char*); af = va_arg(ap,int); result = va_arg(ap,struct hostent *); status = fn(name, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) { enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); const char *name; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; int af; enum nss_status status; fn = mdata; name = va_arg(ap, const char*); af = va_arg(ap,int); result = va_arg(ap,struct hostent *); status = fn(name, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) { struct in_addr *addr; int len; int type; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); enum nss_status status; fn = mdata; addr = va_arg(ap, struct in_addr*); len = va_arg(ap,int); type = va_arg(ap,int); result = va_arg(ap, struct hostent*); status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); }