diff --git a/security/Makefile b/security/Makefile index 6993f1a1dbc3..2d570b70023e 100644 --- a/security/Makefile +++ b/security/Makefile @@ -1,1365 +1,1366 @@ COMMENT = Security tools SUBDIR += 0d1n SUBDIR += 1password-client SUBDIR += 1password-client2 SUBDIR += 1password-client2-beta SUBDIR += 2fa SUBDIR += ADMsmb SUBDIR += ADMsnmp SUBDIR += R-cran-ROAuth SUBDIR += R-cran-askpass SUBDIR += R-cran-credentials SUBDIR += R-cran-digest SUBDIR += R-cran-gitcreds SUBDIR += R-cran-openssl SUBDIR += acme.sh SUBDIR += acmed SUBDIR += acmetool SUBDIR += aescrypt SUBDIR += aespipe SUBDIR += afl++ SUBDIR += afterglow SUBDIR += age SUBDIR += aide SUBDIR += akmos SUBDIR += amavisd-milter SUBDIR += amavisd-new SUBDIR += apache-xml-security-c SUBDIR += apg SUBDIR += apkid SUBDIR += archlinux-keyring SUBDIR += arpCounterattack SUBDIR += arti SUBDIR += asignify SUBDIR += assh SUBDIR += authenticator SUBDIR += authoscope SUBDIR += autossh SUBDIR += aws-c-auth SUBDIR += aws-c-cal SUBDIR += aws-iam-authenticator SUBDIR += aws-vault SUBDIR += axc SUBDIR += barnyard2 SUBDIR += barnyard2-sguil SUBDIR += bastillion SUBDIR += bcrypt SUBDIR += bcwipe SUBDIR += bdes SUBDIR += bearssl SUBDIR += beecrypt SUBDIR += beid SUBDIR += belier SUBDIR += bfbtester SUBDIR += binwalk SUBDIR += boringssl SUBDIR += botan2 SUBDIR += bruteblock SUBDIR += bsdsfv SUBDIR += bsmtrace SUBDIR += bsmtrace3 SUBDIR += bzrtp SUBDIR += ca_root_nss SUBDIR += caesarcipher SUBDIR += caldera SUBDIR += calife SUBDIR += cardpeek SUBDIR += cargo-audit SUBDIR += ccrypt SUBDIR += ccsrch SUBDIR += certmgr SUBDIR += cfs SUBDIR += cfssl SUBDIR += cfv SUBDIR += chaosreader SUBDIR += checkpassword SUBDIR += checkpassword-pam SUBDIR += chkrootkit SUBDIR += chntpw SUBDIR += chroot_safe SUBDIR += chrootuid SUBDIR += ckpass SUBDIR += cksfv SUBDIR += cl-md5 SUBDIR += cl-md5-sbcl SUBDIR += clamassassin SUBDIR += clamav SUBDIR += clamav-lts SUBDIR += clamav-unofficial-sigs SUBDIR += clamd-stream-client SUBDIR += clamfs SUBDIR += clamsmtp SUBDIR += clamtk SUBDIR += cloak SUBDIR += clusterssh SUBDIR += cops SUBDIR += courier-authlib SUBDIR += courier-authlib-base SUBDIR += courierpassd SUBDIR += courierpasswd SUBDIR += courieruserinfo SUBDIR += cowrie SUBDIR += cpfx SUBDIR += cracklib SUBDIR += crackpkcs12 SUBDIR += create-cert SUBDIR += crlfuzz SUBDIR += crowdsec SUBDIR += crowdsec-blocklist-mirror SUBDIR += crowdsec-firewall-bouncer SUBDIR += cryptlib SUBDIR += cryptopp SUBDIR += ct-submit SUBDIR += cvechecker SUBDIR += cvm SUBDIR += cyberchef SUBDIR += cyrus-sasl2 SUBDIR += cyrus-sasl2-gssapi SUBDIR += cyrus-sasl2-ldapdb SUBDIR += cyrus-sasl2-saslauthd SUBDIR += cyrus-sasl2-sql SUBDIR += cyrus-sasl2-srp SUBDIR += d0_blind_id SUBDIR += dehydrated SUBDIR += denyhosts SUBDIR += destroy SUBDIR += diffcode SUBDIR += digestpp SUBDIR += dirbuster SUBDIR += dirmngr SUBDIR += distcache SUBDIR += diswall SUBDIR += doas SUBDIR += dotdotpwn SUBDIR += dropbear SUBDIR += dsniff SUBDIR += dsvpn SUBDIR += duo SUBDIR += duo_openvpn SUBDIR += easy-rsa SUBDIR += enchive SUBDIR += eschalot SUBDIR += expiretable SUBDIR += f-prot SUBDIR += fakebo SUBDIR += fakeident SUBDIR += fakeroot SUBDIR += farmhash SUBDIR += fcheck SUBDIR += fcrackzip SUBDIR += ffuf SUBDIR += fiked SUBDIR += fizz SUBDIR += fl0p SUBDIR += flawfinder SUBDIR += fpc-gnutls SUBDIR += fpc-openssl SUBDIR += fprint_demo SUBDIR += fprintd SUBDIR += fragroute SUBDIR += fragrouter SUBDIR += fswatch SUBDIR += ftimes SUBDIR += fuzz SUBDIR += fwanalog SUBDIR += fwbuilder SUBDIR += fwknop SUBDIR += fwlogwatch SUBDIR += gcr SUBDIR += gef SUBDIR += git-credential-gopass SUBDIR += git-credential-oauth SUBDIR += git-crypt SUBDIR += git-remote-gcrypt SUBDIR += git-secret SUBDIR += gitjacker SUBDIR += globalprotect-openconnect SUBDIR += gnome-keyring SUBDIR += gnome-keyring-sharp SUBDIR += gnome-ssh-askpass SUBDIR += gnupg SUBDIR += gnupg-pkcs11-scd SUBDIR += gnupg1 SUBDIR += gnutls SUBDIR += go-cve-dictionary SUBDIR += gokart SUBDIR += gokey SUBDIR += gonepass SUBDIR += gopass SUBDIR += gorilla SUBDIR += gost-engine SUBDIR += gostsum SUBDIR += gpa SUBDIR += gpg-gui SUBDIR += gpg-tui SUBDIR += gpgdir SUBDIR += gpgme SUBDIR += gpgme-cpp SUBDIR += gpgme-qt SUBDIR += gsa SUBDIR += gsad SUBDIR += gsasl SUBDIR += gstreamer1-plugins-dtls SUBDIR += gtkpasman SUBDIR += gvm SUBDIR += gvm-libs SUBDIR += gvmd SUBDIR += hardening-check SUBDIR += hash SUBDIR += hashcat SUBDIR += heaan SUBDIR += headscale SUBDIR += heimdal SUBDIR += heimdal-devel SUBDIR += helib SUBDIR += hexl SUBDIR += highwayhash SUBDIR += hitch SUBDIR += hockeypuck SUBDIR += honeytrap SUBDIR += honggfuzz SUBDIR += horcrux SUBDIR += howdy SUBDIR += hpenc SUBDIR += hs-cryptol SUBDIR += hydra SUBDIR += hyperhotp SUBDIR += i2p SUBDIR += i2pd SUBDIR += iaikpkcs11wrapper SUBDIR += iddawc SUBDIR += idea SUBDIR += identify SUBDIR += imds-filterd SUBDIR += intel-ipsec-mb SUBDIR += ipfmeta SUBDIR += ipguard SUBDIR += ipsec-tools SUBDIR += ipv6toolkit SUBDIR += isal-kmod SUBDIR += ismtp SUBDIR += isnprober SUBDIR += john SUBDIR += kbfsd SUBDIR += kc SUBDIR += kdbxviewer SUBDIR += keepass SUBDIR += keepass-plugin-keepassrpc SUBDIR += keepassxc SUBDIR += keybase SUBDIR += keychain SUBDIR += keyprint SUBDIR += keysmith SUBDIR += kf5-kdesu SUBDIR += kgpg SUBDIR += kickpass SUBDIR += klee SUBDIR += kleopatra SUBDIR += knock SUBDIR += knocker SUBDIR += kpcli SUBDIR += kpkpass SUBDIR += kpmenu SUBDIR += krb5 SUBDIR += krb5-119 SUBDIR += krb5-120 SUBDIR += krb5-121 SUBDIR += krb5-appl SUBDIR += krb5-devel SUBDIR += kstart SUBDIR += ktls_isa-l_crypto-kmod SUBDIR += kuku SUBDIR += kwalletmanager SUBDIR += l0pht-watch SUBDIR += lasso SUBDIR += lastpass-cli SUBDIR += lego SUBDIR += libargon2 SUBDIR += libassuan SUBDIR += libcryptui SUBDIR += libdecaf SUBDIR += libecc SUBDIR += libfido2 SUBDIR += libfprint SUBDIR += libgcrypt SUBDIR += libgnome-keyring SUBDIR += libgpg-error SUBDIR += libgsasl SUBDIR += libhijack SUBDIR += libident SUBDIR += libkleo SUBDIR += libkpass SUBDIR += libksba SUBDIR += libmcrypt SUBDIR += libnitrokey SUBDIR += libntlm SUBDIR += libomemo SUBDIR += libomemo-c SUBDIR += liboqs SUBDIR += libotr SUBDIR += libotr3 SUBDIR += libp11 SUBDIR += libpki SUBDIR += libprelude SUBDIR += libpreludedb SUBDIR += libpwquality SUBDIR += libressl SUBDIR += libressl-devel SUBDIR += libreswan SUBDIR += libretls SUBDIR += libscep SUBDIR += libscrypt SUBDIR += libsecret SUBDIR += libsectok SUBDIR += libsodium SUBDIR += libssh SUBDIR += libssh2 SUBDIR += libtasn1 SUBDIR += libtomcrypt SUBDIR += libu2f-host SUBDIR += libuecc SUBDIR += libwhisker SUBDIR += libxcrypt SUBDIR += libyubikey SUBDIR += libzrtpcppcore SUBDIR += lime SUBDIR += linux-bitwarden-cli SUBDIR += linux-c7-ca-certificates SUBDIR += linux-c7-cyrus-sasl2 SUBDIR += linux-c7-gnutls SUBDIR += linux-c7-libgcrypt SUBDIR += linux-c7-libgpg-error SUBDIR += linux-c7-libssh2 SUBDIR += linux-c7-libtasn1 SUBDIR += linux-c7-nettle SUBDIR += linux-c7-nss SUBDIR += linux-c7-openssl-devel SUBDIR += linux-c7-p11-kit SUBDIR += linux-c7-trousers SUBDIR += local-php-security-checker SUBDIR += logcheck SUBDIR += lua-argon2 SUBDIR += lua-bcrypt SUBDIR += luasec SUBDIR += lxqt-openssh-askpass SUBDIR += lxqt-sudo SUBDIR += lynis SUBDIR += mac-robber SUBDIR += maia SUBDIR += mailzu SUBDIR += makepasswd SUBDIR += maltrail SUBDIR += masscan SUBDIR += mate-pam-helper SUBDIR += mbedtls SUBDIR += mcrypt SUBDIR += md5deep SUBDIR += medusa SUBDIR += meek SUBDIR += metasploit SUBDIR += mhash SUBDIR += mindterm-binary SUBDIR += minisign SUBDIR += mkp224o SUBDIR += modsecurity3 SUBDIR += modsecurity3-nginx SUBDIR += monkeysphere SUBDIR += munge SUBDIR += n2n SUBDIR += ncrack SUBDIR += ncrypt SUBDIR += nebula SUBDIR += nettle SUBDIR += nextcloud-end_to_end_encryption SUBDIR += nextcloud-passman SUBDIR += nextcloud-twofactor_admin SUBDIR += nextcloud-twofactor_nextcloud_notification SUBDIR += nextcloud-twofactor_webauthn SUBDIR += nflib SUBDIR += ngrok SUBDIR += nikto SUBDIR += nist-kat SUBDIR += nitrokey-app SUBDIR += nmap SUBDIR += nss SUBDIR += nss_compat_ossl SUBDIR += nuclei SUBDIR += nyx SUBDIR += oath-toolkit SUBDIR += obfs4proxy-tor SUBDIR += ocaml-cryptgps SUBDIR += ocaml-cryptokit SUBDIR += ocaml-ssl SUBDIR += oidentd SUBDIR += oinkmaster SUBDIR += olm SUBDIR += onionscan SUBDIR += op SUBDIR += openbsm SUBDIR += openca-ocspd SUBDIR += openconnect SUBDIR += openconnect-freebsd-daemon SUBDIR += openconnect-gui SUBDIR += opencryptoki SUBDIR += openct SUBDIR += openfhe SUBDIR += openfortivpn SUBDIR += openiked SUBDIR += openiked-portable SUBDIR += opensaml SUBDIR += opensc SUBDIR += openssh-askpass SUBDIR += openssh-portable SUBDIR += openssl SUBDIR += openssl-agent SUBDIR += openssl-quictls SUBDIR += openssl-unsafe SUBDIR += openssl30 SUBDIR += openssl31 SUBDIR += openvas SUBDIR += openvpn SUBDIR += openvpn-admin SUBDIR += openvpn-auth-ldap SUBDIR += openvpn-auth-radius SUBDIR += openvpn-auth-script SUBDIR += openvpn-devel SUBDIR += ophcrack SUBDIR += opie SUBDIR += ossec-hids SUBDIR += ossec-hids-agent SUBDIR += ossec-hids-agent-config SUBDIR += ossec-hids-local SUBDIR += ossec-hids-local-config SUBDIR += ossec-hids-server SUBDIR += ossec-hids-server-config SUBDIR += osslsigncode SUBDIR += osv-scanner SUBDIR += otpw SUBDIR += owasp-dependency-check SUBDIR += p11-kit SUBDIR += p5-Alt-Crypt-RSA-BigInt SUBDIR += p5-Apache-Htpasswd SUBDIR += p5-App-Acmeman SUBDIR += p5-App-Genpass SUBDIR += p5-App-TLSMe SUBDIR += p5-Auth-YubikeyDecrypter SUBDIR += p5-AuthCAS SUBDIR += p5-Authen-Bitcard SUBDIR += p5-Authen-Captcha SUBDIR += p5-Authen-CyrusSASL SUBDIR += p5-Authen-DecHpwd SUBDIR += p5-Authen-Htpasswd SUBDIR += p5-Authen-Krb5 SUBDIR += p5-Authen-Krb5-Simple SUBDIR += p5-Authen-Libwrap SUBDIR += p5-Authen-NTLM SUBDIR += p5-Authen-OATH SUBDIR += p5-Authen-PAAS SUBDIR += p5-Authen-PAM SUBDIR += p5-Authen-Passphrase SUBDIR += p5-Authen-PluggableCaptcha SUBDIR += p5-Authen-Radius SUBDIR += p5-Authen-SASL SUBDIR += p5-Authen-SASL-Cyrus SUBDIR += p5-Authen-SASL-SASLprep SUBDIR += p5-Authen-SCRAM SUBDIR += p5-Authen-Simple SUBDIR += p5-Authen-Simple-DBI SUBDIR += p5-Authen-Simple-DBM SUBDIR += p5-Authen-Simple-HTTP SUBDIR += p5-Authen-Simple-Kerberos SUBDIR += p5-Authen-Simple-LDAP SUBDIR += p5-Authen-Simple-Net SUBDIR += p5-Authen-Simple-PAM SUBDIR += p5-Authen-Simple-Passwd SUBDIR += p5-Authen-Simple-RADIUS SUBDIR += p5-Authen-Simple-SMB SUBDIR += p5-Authen-Simple-SSH SUBDIR += p5-Authen-Smb SUBDIR += p5-Authen-TacacsPlus SUBDIR += p5-Authen-Ticket SUBDIR += p5-Authen-TypeKey SUBDIR += p5-Business-PayPal-EWP SUBDIR += p5-Bytes-Random-Secure SUBDIR += p5-Bytes-Random-Secure-Tiny SUBDIR += p5-CACertOrg-CA SUBDIR += p5-CSP SUBDIR += p5-Cisco-Hash SUBDIR += p5-Crypt-Anubis SUBDIR += p5-Crypt-AppleTwoFish SUBDIR += p5-Crypt-Argon2 SUBDIR += p5-Crypt-Bcrypt SUBDIR += p5-Crypt-Blowfish SUBDIR += p5-Crypt-Blowfish_PP SUBDIR += p5-Crypt-CAST5 SUBDIR += p5-Crypt-CAST5_PP SUBDIR += p5-Crypt-CBC SUBDIR += p5-Crypt-CBCeasy SUBDIR += p5-Crypt-CFB SUBDIR += p5-Crypt-Caesar SUBDIR += p5-Crypt-Camellia_PP SUBDIR += p5-Crypt-Chimera SUBDIR += p5-Crypt-CipherSaber SUBDIR += p5-Crypt-Cracklib SUBDIR += p5-Crypt-Ctr SUBDIR += p5-Crypt-Curve25519 SUBDIR += p5-Crypt-DES SUBDIR += p5-Crypt-DES_EDE3 SUBDIR += p5-Crypt-DES_PP SUBDIR += p5-Crypt-DH SUBDIR += p5-Crypt-DSA SUBDIR += p5-Crypt-Dining SUBDIR += p5-Crypt-ECB SUBDIR += p5-Crypt-Eksblowfish SUBDIR += p5-Crypt-Enigma SUBDIR += p5-Crypt-Format SUBDIR += p5-Crypt-GCrypt SUBDIR += p5-Crypt-GOST SUBDIR += p5-Crypt-GOST_PP SUBDIR += p5-Crypt-GPG SUBDIR += p5-Crypt-GeneratePassword SUBDIR += p5-Crypt-GpgME SUBDIR += p5-Crypt-HCE_MD5 SUBDIR += p5-Crypt-HCE_SHA SUBDIR += p5-Crypt-HSXKPasswd SUBDIR += p5-Crypt-IDEA SUBDIR += p5-Crypt-Imail SUBDIR += p5-Crypt-JWT SUBDIR += p5-Crypt-Juniper SUBDIR += p5-Crypt-Khazad SUBDIR += p5-Crypt-LE SUBDIR += p5-Crypt-LibSCEP SUBDIR += p5-Crypt-License SUBDIR += p5-Crypt-Lite SUBDIR += p5-Crypt-Loki97 SUBDIR += p5-Crypt-MySQL SUBDIR += p5-Crypt-NULL SUBDIR += p5-Crypt-OFB SUBDIR += p5-Crypt-OICQ SUBDIR += p5-Crypt-OTP SUBDIR += p5-Crypt-OpenPGP SUBDIR += p5-Crypt-OpenSSL-AES SUBDIR += p5-Crypt-OpenSSL-Bignum SUBDIR += p5-Crypt-OpenSSL-CA SUBDIR += p5-Crypt-OpenSSL-DSA SUBDIR += p5-Crypt-OpenSSL-EC SUBDIR += p5-Crypt-OpenSSL-ECDSA SUBDIR += p5-Crypt-OpenSSL-Guess SUBDIR += p5-Crypt-OpenSSL-PKCS10 SUBDIR += p5-Crypt-OpenSSL-RSA SUBDIR += p5-Crypt-OpenSSL-Random SUBDIR += p5-Crypt-OpenSSL-Verify SUBDIR += p5-Crypt-OpenSSL-X509 SUBDIR += p5-Crypt-PBKDF2 SUBDIR += p5-Crypt-PKCS10 SUBDIR += p5-Crypt-PWSafe3 SUBDIR += p5-Crypt-PassGen SUBDIR += p5-Crypt-Passwd-XS SUBDIR += p5-Crypt-PasswdMD5 SUBDIR += p5-Crypt-Password-Util SUBDIR += p5-Crypt-Perl SUBDIR += p5-Crypt-Primes SUBDIR += p5-Crypt-RC4 SUBDIR += p5-Crypt-RC5 SUBDIR += p5-Crypt-RC6 SUBDIR += p5-Crypt-RHash SUBDIR += p5-Crypt-RIPEMD160 SUBDIR += p5-Crypt-RSA SUBDIR += p5-Crypt-RSA-Parse SUBDIR += p5-Crypt-RSA-Yandex SUBDIR += p5-Crypt-Rabbit SUBDIR += p5-Crypt-RandPasswd SUBDIR += p5-Crypt-Random SUBDIR += p5-Crypt-Random-Seed SUBDIR += p5-Crypt-Random-Source SUBDIR += p5-Crypt-Random-TESHA2 SUBDIR += p5-Crypt-Rijndael SUBDIR += p5-Crypt-Rijndael_PP SUBDIR += p5-Crypt-SKey SUBDIR += p5-Crypt-SMIME SUBDIR += p5-Crypt-SSLeay SUBDIR += p5-Crypt-SSSS SUBDIR += p5-Crypt-Salt SUBDIR += p5-Crypt-SaltedHash SUBDIR += p5-Crypt-Serpent SUBDIR += p5-Crypt-Shark SUBDIR += p5-Crypt-Simple SUBDIR += p5-Crypt-SmbHash SUBDIR += p5-Crypt-Sodium SUBDIR += p5-Crypt-Solitaire SUBDIR += p5-Crypt-TEA SUBDIR += p5-Crypt-T_e_a SUBDIR += p5-Crypt-Tea_JS SUBDIR += p5-Crypt-TripleDES SUBDIR += p5-Crypt-Twofish SUBDIR += p5-Crypt-Twofish2 SUBDIR += p5-Crypt-Twofish_PP SUBDIR += p5-Crypt-URandom SUBDIR += p5-Crypt-UnixCrypt SUBDIR += p5-Crypt-UnixCrypt_XS SUBDIR += p5-Crypt-X509 SUBDIR += p5-Crypt-X509-CRL SUBDIR += p5-Crypt-XTEA SUBDIR += p5-Crypt-xDBM_File SUBDIR += p5-CryptX SUBDIR += p5-Dancer-Plugin-Auth-Extensible SUBDIR += p5-Dancer-Plugin-Auth-Extensible-Provider-Usergroup SUBDIR += p5-Dancer-Plugin-Passphrase SUBDIR += p5-Dancer2-Plugin-Auth-Extensible SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-DBIC SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-Database SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-IMAP SUBDIR += p5-Dancer2-Plugin-Auth-Extensible-Provider-Usergroup SUBDIR += p5-Dancer2-Plugin-Passphrase SUBDIR += p5-Data-Entropy SUBDIR += p5-Data-Password SUBDIR += p5-Digest SUBDIR += p5-Digest-Adler32 SUBDIR += p5-Digest-Bcrypt SUBDIR += p5-Digest-BubbleBabble SUBDIR += p5-Digest-CRC SUBDIR += p5-Digest-Crc32 SUBDIR += p5-Digest-DJB SUBDIR += p5-Digest-DMAC SUBDIR += p5-Digest-EMAC SUBDIR += p5-Digest-Elf SUBDIR += p5-Digest-FNV SUBDIR += p5-Digest-GOST SUBDIR += p5-Digest-HMAC SUBDIR += p5-Digest-Hashcash SUBDIR += p5-Digest-Haval256 SUBDIR += p5-Digest-JHash SUBDIR += p5-Digest-MD2 SUBDIR += p5-Digest-MD4 SUBDIR += p5-Digest-MD5 SUBDIR += p5-Digest-MD5-File SUBDIR += p5-Digest-MD5-M4p SUBDIR += p5-Digest-MD5-Reverse SUBDIR += p5-Digest-ManberHash SUBDIR += p5-Digest-MurmurHash SUBDIR += p5-Digest-Nilsimsa SUBDIR += p5-Digest-Pearson SUBDIR += p5-Digest-Pearson-PurePerl SUBDIR += p5-Digest-Perl-MD4 SUBDIR += p5-Digest-Perl-MD5 SUBDIR += p5-Digest-SHA SUBDIR += p5-Digest-SHA-PurePerl SUBDIR += p5-Digest-SHA1 SUBDIR += p5-Digest-SHA3 SUBDIR += p5-Digest-SV1 SUBDIR += p5-Digest-Tiger SUBDIR += p5-Digest-Whirlpool SUBDIR += p5-File-KeePass SUBDIR += p5-File-KeePass-Agent SUBDIR += p5-File-Scan SUBDIR += p5-File-Scan-ClamAV SUBDIR += p5-Filter-CBC SUBDIR += p5-Filter-Crypto SUBDIR += p5-GD-SecurityImage SUBDIR += p5-GSSAPI SUBDIR += p5-GnuPG SUBDIR += p5-GnuPG-Interface SUBDIR += p5-HTML-Email-Obfuscate SUBDIR += p5-Heimdal-Kadm5 SUBDIR += p5-IO-Async-SSL SUBDIR += p5-IO-Socket-SSL SUBDIR += p5-MD5 SUBDIR += p5-Mcrypt SUBDIR += p5-Module-Signature SUBDIR += p5-Net-Daemon-SSL SUBDIR += p5-Net-OpenID-Common SUBDIR += p5-Net-OpenID-JanRain SUBDIR += p5-Net-OpenID-Server SUBDIR += p5-Net-Radius-Server SUBDIR += p5-Net-SAML2 SUBDIR += p5-Net-SSH-AuthorizedKeysFile SUBDIR += p5-Net-SSL-ExpireDate SUBDIR += p5-Net-SSLGlue SUBDIR += p5-Net-SSLeay SUBDIR += p5-Net-Server-Mail-ESMTP-AUTH SUBDIR += p5-Net-SinFP SUBDIR += p5-Nmap-Parser SUBDIR += p5-Nmap-Scanner SUBDIR += p5-OpenCA-CRL SUBDIR += p5-OpenCA-CRR SUBDIR += p5-OpenCA-REQ SUBDIR += p5-OpenCA-X509 SUBDIR += p5-PBKDF2-Tiny SUBDIR += p5-PGP SUBDIR += p5-PGP-Sign SUBDIR += p5-POE-Component-SSLify SUBDIR += p5-POE-Filter-SSL SUBDIR += p5-Parse-Snort SUBDIR += p5-PerlCryptLib SUBDIR += p5-Protocol-ACME SUBDIR += p5-SAVI-Perl SUBDIR += p5-SHA SUBDIR += p5-Safe-Hole SUBDIR += p5-Session-Token SUBDIR += p5-Snort-Rule SUBDIR += p5-String-MkPasswd SUBDIR += p5-Sudo SUBDIR += p5-Text-Password-Pronounceable SUBDIR += p5-Tie-EncryptedHash SUBDIR += p5-Tree-Authz SUBDIR += p5-URN-OASIS-SAML2 SUBDIR += p5-Unix-Passwd-File SUBDIR += p5-Unix-setuid SUBDIR += p5-Yahoo-BBAuth SUBDIR += p5-dicewaregen SUBDIR += p5-openxpki SUBDIR += p5-openxpki-i18n SUBDIR += p5-plog SUBDIR += palisade SUBDIR += pam-modules SUBDIR += pam-mysql SUBDIR += pam-pgsql SUBDIR += pam_fprint SUBDIR += pam_google_authenticator SUBDIR += pam_helper SUBDIR += pam_howdy SUBDIR += pam_jail SUBDIR += pam_kde SUBDIR += pam_krb5 SUBDIR += pam_krb5-rh SUBDIR += pam_ldap SUBDIR += pam_mkhomedir SUBDIR += pam_ocra SUBDIR += pam_p11 SUBDIR += pam_pkcs11 SUBDIR += pam_pwdfile SUBDIR += pam_require SUBDIR += pam_rssh SUBDIR += pam_script SUBDIR += pam_search_list SUBDIR += pam_ssh_agent_auth SUBDIR += pam_u2f SUBDIR += pam_yubico SUBDIR += pamtester SUBDIR += paperkey SUBDIR += passh SUBDIR += passivedns SUBDIR += pbc SUBDIR += pcsc-tools SUBDIR += pdfcrack SUBDIR += pear-Auth SUBDIR += pear-Auth_HTTP SUBDIR += pear-Auth_PrefManager SUBDIR += pear-Auth_SASL SUBDIR += pear-Auth_SASL2 SUBDIR += pear-Crypt_Blowfish SUBDIR += pear-Crypt_CBC SUBDIR += pear-Crypt_CHAP SUBDIR += pear-Crypt_DiffieHellman SUBDIR += pear-Crypt_GPG SUBDIR += pear-Crypt_HMAC2 SUBDIR += pear-Crypt_MicroID SUBDIR += pear-Crypt_RC4 SUBDIR += pear-Crypt_RSA SUBDIR += pear-Crypt_XXTEA SUBDIR += pear-File_HtAccess SUBDIR += pear-File_Passwd SUBDIR += pear-File_SMBPasswd SUBDIR += pear-HTML_Crypt SUBDIR += pear-Horde_Auth SUBDIR += pear-Horde_Crypt SUBDIR += pear-Horde_Crypt_Blowfish SUBDIR += pear-Horde_Group SUBDIR += pear-Horde_Oauth SUBDIR += pear-Horde_Perms SUBDIR += pear-Horde_Secret SUBDIR += pear-Horde_Share SUBDIR += pear-LiveUser SUBDIR += pear-LiveUser_Admin SUBDIR += pear-Net_Portscan SUBDIR += pear-Text_Password SUBDIR += pecl-crypto SUBDIR += pecl-gnupg SUBDIR += pecl-krb5 SUBDIR += pecl-libsodium SUBDIR += pecl-mcrypt SUBDIR += pecl-pam SUBDIR += pecl-pkcs11 SUBDIR += pecl-scrypt SUBDIR += pecl-ssh2 SUBDIR += peda SUBDIR += pev SUBDIR += pgpdump SUBDIR += pgpgpg SUBDIR += pgpin SUBDIR += php80-filter SUBDIR += php80-sodium SUBDIR += php81-filter SUBDIR += php81-sodium SUBDIR += php82-filter SUBDIR += php82-sodium SUBDIR += php83-filter SUBDIR += php83-sodium SUBDIR += picocrypt SUBDIR += picosha2 SUBDIR += pidgin-encryption SUBDIR += pidgin-otr SUBDIR += pinentry SUBDIR += pinentry-curses SUBDIR += pinentry-efl SUBDIR += pinentry-fltk SUBDIR += pinentry-gnome SUBDIR += pinentry-gtk2 SUBDIR += pinentry-qt5 SUBDIR += pinentry-tty SUBDIR += pixiewps SUBDIR += pkcrack SUBDIR += pkcs11-dump SUBDIR += pkcs11-gateway SUBDIR += pkcs11-helper SUBDIR += pkcs11-tools SUBDIR += pkesh SUBDIR += pks SUBDIR += plasma5-kscreenlocker SUBDIR += plasma5-ksshaskpass SUBDIR += plasma5-kwallet-pam SUBDIR += please SUBDIR += poly1305aes SUBDIR += proftpd-mod_clamav SUBDIR += proxycheck SUBDIR += proxytunnel SUBDIR += pssh SUBDIR += pulledpork SUBDIR += pure-sfv SUBDIR += putty SUBDIR += putty-nogtk SUBDIR += pvk SUBDIR += pwauth SUBDIR += pwman SUBDIR += pwned-check SUBDIR += py-RestrictedPython SUBDIR += py-SecretStorage SUBDIR += py-YubiOTP SUBDIR += py-acme SUBDIR += py-acme-tiny SUBDIR += py-ailment SUBDIR += py-aiohttp-security SUBDIR += py-angr SUBDIR += py-argon2-cffi SUBDIR += py-argon2-cffi-bindings SUBDIR += py-artifacts SUBDIR += py-asyncssh SUBDIR += py-authlib SUBDIR += py-azure-keyvault-certificates SUBDIR += py-azure-keyvault-keys SUBDIR += py-azure-keyvault-secrets SUBDIR += py-badkeys SUBDIR += py-base58 SUBDIR += py-bcrypt SUBDIR += py-bitbox02 SUBDIR += py-btchip-python SUBDIR += py-cerealizer SUBDIR += py-cert-human SUBDIR += py-certbot SUBDIR += py-certbot-apache SUBDIR += py-certbot-dns-cloudflare SUBDIR += py-certbot-dns-cpanel SUBDIR += py-certbot-dns-digitalocean SUBDIR += py-certbot-dns-dnsimple SUBDIR += py-certbot-dns-dnsmadeeasy SUBDIR += py-certbot-dns-gandi SUBDIR += py-certbot-dns-gehirn SUBDIR += py-certbot-dns-google SUBDIR += py-certbot-dns-linode SUBDIR += py-certbot-dns-luadns SUBDIR += py-certbot-dns-nsone SUBDIR += py-certbot-dns-ovh SUBDIR += py-certbot-dns-powerdns SUBDIR += py-certbot-dns-rfc2136 SUBDIR += py-certbot-dns-route53 SUBDIR += py-certbot-dns-sakuracloud SUBDIR += py-certbot-dns-standalone SUBDIR += py-certbot-nginx SUBDIR += py-certifi SUBDIR += py-certstream SUBDIR += py-ckcc-protocol SUBDIR += py-coincurve SUBDIR += py-cpe SUBDIR += py-cryptography SUBDIR += py-cryptography-vectors SUBDIR += py-ctypescrypto SUBDIR += py-cybox SUBDIR += py-detect-secrets SUBDIR += py-dfdatetime SUBDIR += py-dfvfs SUBDIR += py-dfwinreg SUBDIR += py-dirhash SUBDIR += py-django-auth-kerberos SUBDIR += py-docker-pycreds SUBDIR += py-ecdsa SUBDIR += py-ed25519ll SUBDIR += py-exscript SUBDIR += py-fail2ban SUBDIR += py-fido2 SUBDIR += py-first-server SUBDIR += py-flask-bcrypt SUBDIR += py-flask-httpauth SUBDIR += py-flask-kerberos SUBDIR += py-flask-saml SUBDIR += py-gixy SUBDIR += py-gnupg SUBDIR += py-gnutls SUBDIR += py-google-auth SUBDIR += py-google-auth-httplib2 SUBDIR += py-google-auth-oauthlib SUBDIR += py-gpgme SUBDIR += py-gpsoauth SUBDIR += py-gssapi SUBDIR += py-gvm-tools SUBDIR += py-hkdf SUBDIR += py-htpasswd SUBDIR += py-iris-check-module SUBDIR += py-iris-client SUBDIR += py-iris-evtx-module SUBDIR += py-iris-intelowl-module SUBDIR += py-iris-misp-module SUBDIR += py-iris-module-interface SUBDIR += py-iris-vt-module SUBDIR += py-iris-webhooks-module SUBDIR += py-itsdangerous SUBDIR += py-josepy SUBDIR += py-keepkey SUBDIR += py-kerberos SUBDIR += py-keyring SUBDIR += py-keyrings.alt SUBDIR += py-krb5 SUBDIR += py-libnacl SUBDIR += py-m2crypto SUBDIR += py-maec SUBDIR += py-merkletools SUBDIR += py-mixbox SUBDIR += py-mnemonic SUBDIR += py-msoffcrypto-tool SUBDIR += py-muacrypt SUBDIR += py-nassl SUBDIR += py-netbox-secrets SUBDIR += py-netbox-secretstore SUBDIR += py-netmiko SUBDIR += py-noiseprotocol SUBDIR += py-notus-scanner SUBDIR += py-ntlm-auth SUBDIR += py-oauth2client SUBDIR += py-oauthlib SUBDIR += py-onlykey SUBDIR += py-openssl SUBDIR += py-oscrypto SUBDIR += py-ospd-openvas SUBDIR += py-paramiko SUBDIR += py-pass-audit SUBDIR += py-pass-git-helper SUBDIR += py-passlib SUBDIR += py-pbkdf2 SUBDIR += py-pem SUBDIR += py-pgpdump SUBDIR += py-pgpy SUBDIR += py-plaso SUBDIR += py-potr SUBDIR += py-pwntools SUBDIR += py-pyaes SUBDIR += py-pyaff4 SUBDIR += py-pyaxo SUBDIR += py-pyblake2 SUBDIR += py-pyclamd SUBDIR += py-pycryptodome SUBDIR += py-pycryptodome-test-vectors SUBDIR += py-pycryptodomex SUBDIR += py-pyelliptic SUBDIR += py-pyhanko SUBDIR += py-pyhanko-certvalidator SUBDIR += py-pylibacl SUBDIR += py-pymacaroons SUBDIR += py-pynacl SUBDIR += py-pyotp SUBDIR += py-pyotp2289 SUBDIR += py-pysaml2 SUBDIR += py-pysaml24 SUBDIR += py-pysaml26 SUBDIR += py-pyscard SUBDIR += py-pysha3 SUBDIR += py-pysodium SUBDIR += py-pyspnego SUBDIR += py-python-axolotl SUBDIR += py-python-axolotl-curve25519 SUBDIR += py-python-gnupg SUBDIR += py-python-gvm SUBDIR += py-python-jose SUBDIR += py-python-nss SUBDIR += py-python-openid SUBDIR += py-python-pam SUBDIR += py-python-pkcs11 SUBDIR += py-python-registry SUBDIR += py-python3-openid SUBDIR += py-python3-saml SUBDIR += py-pyvex SUBDIR += py-pywinrm SUBDIR += py-requests-credssp SUBDIR += py-requests-kerberos SUBDIR += py-ropgadget SUBDIR += py-ropper SUBDIR += py-rsa SUBDIR += py-safe SUBDIR += py-scp SUBDIR += py-scramp SUBDIR += py-scrypt SUBDIR += py-secure SUBDIR += py-securesystemslib SUBDIR += py-service_identity SUBDIR += py-signedjson SUBDIR += py-social-auth-core SUBDIR += py-spake2 SUBDIR += py-ssh-audit SUBDIR += py-sshpubkeys SUBDIR += py-sslyze SUBDIR += py-stem SUBDIR += py-stix SUBDIR += py-stix2 SUBDIR += py-stix2-patterns SUBDIR += py-taxii2-client SUBDIR += py-tinyaes SUBDIR += py-tls-parser SUBDIR += py-tlslite SUBDIR += py-tlslite-ng SUBDIR += py-trezor SUBDIR += py-trustme SUBDIR += py-tuf SUBDIR += py-txtorcon SUBDIR += py-uhashring SUBDIR += py-vici SUBDIR += py-virustotal-api SUBDIR += py-volatility3 SUBDIR += py-vpn-slice SUBDIR += py-vulndb SUBDIR += py-webauthn SUBDIR += py-xkcdpass SUBDIR += py-xmlsec SUBDIR += py-yara SUBDIR += py-yara-python-dex SUBDIR += py-yubikey-manager SUBDIR += py-zkg SUBDIR += py-zope.password SUBDIR += py-zxcvbn SUBDIR += pygost SUBDIR += qtkeychain SUBDIR += quantis-kmod SUBDIR += racoon2 SUBDIR += ratproxy SUBDIR += rats SUBDIR += rcracki_mt SUBDIR += reop SUBDIR += rhash SUBDIR += rhonabwy SUBDIR += ridl SUBDIR += rifiuti2 SUBDIR += rkhunter SUBDIR += rndpassw SUBDIR += rnp SUBDIR += rotate SUBDIR += rubygem-acme-client SUBDIR += rubygem-aes_key_wrap SUBDIR += rubygem-airbrussh SUBDIR += rubygem-android_key_attestation SUBDIR += rubygem-attr_encrypted SUBDIR += rubygem-bcrypt SUBDIR += rubygem-bcrypt-ruby SUBDIR += rubygem-bcrypt_pbkdf SUBDIR += rubygem-cose SUBDIR += rubygem-cvss-suite SUBDIR += rubygem-declarative_policy SUBDIR += rubygem-devise-two-factor SUBDIR += rubygem-devise-two-factor-rails5 SUBDIR += rubygem-devise-two-factor-rails61 SUBDIR += rubygem-devise-two-factor-rails70 SUBDIR += rubygem-devise_pam_authenticatable2 SUBDIR += rubygem-devise_pam_authenticatable2-rails61 SUBDIR += rubygem-digest SUBDIR += rubygem-digest-crc SUBDIR += rubygem-doorkeeper SUBDIR += rubygem-doorkeeper-openid_connect SUBDIR += rubygem-doorkeeper-rails5 SUBDIR += rubygem-doorkeeper-rails50 SUBDIR += rubygem-doorkeeper-rails61 SUBDIR += rubygem-duo_api SUBDIR += rubygem-ed25519 SUBDIR += rubygem-encryptor SUBDIR += rubygem-ezcrypto SUBDIR += rubygem-googleauth SUBDIR += rubygem-gpgme SUBDIR += rubygem-gpgr SUBDIR += rubygem-gssapi SUBDIR += rubygem-haiti-hash SUBDIR += rubygem-hkdf SUBDIR += rubygem-hkdf0 SUBDIR += rubygem-hrr_rb_ssh SUBDIR += rubygem-hrr_rb_ssh-ed25519 SUBDIR += rubygem-lockbox SUBDIR += rubygem-metasploit-aggregator SUBDIR += rubygem-metasploit-concern SUBDIR += rubygem-metasploit-credential SUBDIR += rubygem-metasploit-model SUBDIR += rubygem-metasploit-payloads SUBDIR += rubygem-metasploit_data_models SUBDIR += rubygem-metasploit_payloads-mettle SUBDIR += rubygem-nessus_rest SUBDIR += rubygem-net-scp SUBDIR += rubygem-net-scp1 SUBDIR += rubygem-net-sftp SUBDIR += rubygem-net-sftp2 SUBDIR += rubygem-net-ssh SUBDIR += rubygem-net-ssh-gateway SUBDIR += rubygem-net-ssh-krb SUBDIR += rubygem-net-ssh-multi SUBDIR += rubygem-net-ssh5 SUBDIR += rubygem-net-ssh6 SUBDIR += rubygem-net-telnet SUBDIR += rubygem-nexpose SUBDIR += rubygem-nmap-parser SUBDIR += rubygem-omniauth SUBDIR += rubygem-omniauth-alicloud SUBDIR += rubygem-omniauth-atlassian-oauth2 SUBDIR += rubygem-omniauth-bitbucket SUBDIR += rubygem-omniauth-cas SUBDIR += rubygem-omniauth-dingtalk-oauth2 SUBDIR += rubygem-omniauth-gitlab SUBDIR += rubygem-omniauth-jwt SUBDIR += rubygem-omniauth-multipassword SUBDIR += rubygem-omniauth-oauth2-generic SUBDIR += rubygem-omniauth-rails_csrf_protection SUBDIR += rubygem-omniauth-saml SUBDIR += rubygem-omniauth-saml1 SUBDIR += rubygem-omniauth-shibboleth SUBDIR += rubygem-omniauth-shibboleth-redux SUBDIR += rubygem-omniauth1 SUBDIR += rubygem-openssl SUBDIR += rubygem-openssl-ccm SUBDIR += rubygem-openssl-cmac SUBDIR += rubygem-openssl-signature_algorithm SUBDIR += rubygem-openssl2 SUBDIR += rubygem-openvas-omp SUBDIR += rubygem-origami SUBDIR += rubygem-pbkdf2-ruby SUBDIR += rubygem-pundit SUBDIR += rubygem-pundit61 SUBDIR += rubygem-pyu-ruby-sasl SUBDIR += rubygem-rack-oauth2 SUBDIR += rubygem-rack-oauth21 SUBDIR += rubygem-rasn1 SUBDIR += rubygem-razorback-scriptNugget SUBDIR += rubygem-rbnacl SUBDIR += rubygem-rbnacl-libsodium SUBDIR += rubygem-recog SUBDIR += rubygem-rex-arch SUBDIR += rubygem-rex-bin_tools SUBDIR += rubygem-rex-core SUBDIR += rubygem-rex-encoder SUBDIR += rubygem-rex-exploitation SUBDIR += rubygem-rex-java SUBDIR += rubygem-rex-mime SUBDIR += rubygem-rex-nop SUBDIR += rubygem-rex-ole SUBDIR += rubygem-rex-powershell SUBDIR += rubygem-rex-random_identifier SUBDIR += rubygem-rex-registry SUBDIR += rubygem-rex-rop_builder SUBDIR += rubygem-rex-socket SUBDIR += rubygem-rex-sslscan SUBDIR += rubygem-rex-struct2 SUBDIR += rubygem-rex-text SUBDIR += rubygem-rex-zip SUBDIR += rubygem-roauth SUBDIR += rubygem-rpam2 SUBDIR += rubygem-ruby-hmac SUBDIR += rubygem-ruby-rc4 SUBDIR += rubygem-ruby-saml SUBDIR += rubygem-safety_net_attestation SUBDIR += rubygem-scrypt SUBDIR += rubygem-securecompare SUBDIR += rubygem-securerandom SUBDIR += rubygem-signet SUBDIR += rubygem-six SUBDIR += rubygem-ssh_data SUBDIR += rubygem-sshkey SUBDIR += rubygem-sshkit SUBDIR += rubygem-sslshake SUBDIR += rubygem-ssrf_filter SUBDIR += rubygem-timfel-krb5 SUBDIR += rubygem-tpm-key_attestation SUBDIR += rubygem-twitter_oauth SUBDIR += rubygem-unix-crypt SUBDIR += rubygem-vault SUBDIR += rubygem-webauthn SUBDIR += rubygem-webpush SUBDIR += rustscan SUBDIR += s2n-tls SUBDIR += safesh SUBDIR += samhain SUBDIR += samhain-client SUBDIR += samhain-server SUBDIR += sancp SUBDIR += sasp SUBDIR += scanlogd SUBDIR += scrypt SUBDIR += seahorse SUBDIR += seal SUBDIR += seccure SUBDIR += seclists SUBDIR += secpanel SUBDIR += sectok SUBDIR += secure_delete SUBDIR += sedutil SUBDIR += sequoia SUBDIR += sequoia-sq SUBDIR += setaudit SUBDIR += sha1collisiondetection SUBDIR += sha2wordlist SUBDIR += shibboleth-idp SUBDIR += shibboleth-sp SUBDIR += sig2dot SUBDIR += signify SUBDIR += signing-party SUBDIR += silktools SUBDIR += sks SUBDIR += smurflog SUBDIR += sniffglue SUBDIR += snoopy SUBDIR += snort SUBDIR += snort-rep SUBDIR += snort2pfcd SUBDIR += snort3 SUBDIR += snortsam SUBDIR += snortsnarf SUBDIR += snowflake-tor SUBDIR += snuffleupagus SUBDIR += softether SUBDIR += softether-devel SUBDIR += softether5 SUBDIR += softhsm2 SUBDIR += solana SUBDIR += sops SUBDIR += spass SUBDIR += spass-qt5 SUBDIR += spectre-meltdown-checker SUBDIR += spm SUBDIR += sqlmap SUBDIR += sqlninja SUBDIR += srm SUBDIR += ssb SUBDIR += ssdeep SUBDIR += ssh-import-id SUBDIR += ssh-multiadd SUBDIR += ssh-tools SUBDIR += ssh-vault SUBDIR += sshguard SUBDIR += sshpass SUBDIR += ssl-admin SUBDIR += ssllabs-scan SUBDIR += sslproxy SUBDIR += sslscan SUBDIR += sslsplit SUBDIR += sssd + SUBDIR += sssd-devel SUBDIR += ssss SUBDIR += sst SUBDIR += starttls SUBDIR += steghide SUBDIR += stegify SUBDIR += step-certificates SUBDIR += step-cli SUBDIR += stoken SUBDIR += strongswan SUBDIR += stunnel SUBDIR += subversion-gnome-keyring SUBDIR += sudo SUBDIR += sudoscript SUBDIR += super SUBDIR += suricata SUBDIR += swatchdog SUBDIR += tailscale SUBDIR += tang SUBDIR += tclsasl SUBDIR += tcpcrypt SUBDIR += teleport SUBDIR += testssl.sh SUBDIR += tfhe SUBDIR += tfsec SUBDIR += theonionbox SUBDIR += tinc SUBDIR += tinc-devel SUBDIR += tinyca SUBDIR += tls-check SUBDIR += tlsc SUBDIR += tor SUBDIR += tor-devel SUBDIR += totp-cli SUBDIR += tpm-quote-tools SUBDIR += tpm-tools SUBDIR += tpm2-abrmd SUBDIR += tpm2-tools SUBDIR += tpm2-tss SUBDIR += transcrypt SUBDIR += trezord SUBDIR += tripwire SUBDIR += trousers SUBDIR += tthsum SUBDIR += u2f-devd SUBDIR += uacme SUBDIR += ubuntu-keyring SUBDIR += unhide SUBDIR += unix-selfauth-helper SUBDIR += vanguards-tor SUBDIR += vault SUBDIR += vaultwarden SUBDIR += veracrypt SUBDIR += vigenere SUBDIR += vlock SUBDIR += vm-to-tor SUBDIR += vouch-proxy SUBDIR += vpnc SUBDIR += vuls SUBDIR += vuxml SUBDIR += vxquery SUBDIR += wapiti SUBDIR += wazuh-agent SUBDIR += wazuh-dashboard SUBDIR += wazuh-indexer SUBDIR += wazuh-manager SUBDIR += wazuh-server SUBDIR += webfwlog SUBDIR += webtunnel-tor SUBDIR += weggli SUBDIR += whatweb SUBDIR += wipe SUBDIR += wolfssh SUBDIR += wolfssl SUBDIR += wpa_supplicant SUBDIR += wpa_supplicant-devel SUBDIR += wpa_supplicant29 SUBDIR += xca SUBDIR += xinetd SUBDIR += xml-security SUBDIR += xmlsec1 SUBDIR += xorsearch SUBDIR += xray-core SUBDIR += yafic SUBDIR += yapet SUBDIR += yara SUBDIR += yersinia SUBDIR += ykclient SUBDIR += ykpers SUBDIR += ylva SUBDIR += yubico-piv-tool SUBDIR += yubikey-agent SUBDIR += yubikey-manager-qt SUBDIR += yubikey-personalization-gui SUBDIR += yubioath-desktop SUBDIR += zaproxy SUBDIR += zeek SUBDIR += zeronet SUBDIR += zlint SUBDIR += zzuf .include diff --git a/security/sssd-devel/Makefile b/security/sssd-devel/Makefile new file mode 100644 index 000000000000..af2b53a01fa0 --- /dev/null +++ b/security/sssd-devel/Makefile @@ -0,0 +1,206 @@ +PORTNAME= sssd +PORTVERSION= 2.9.0 +CATEGORIES= security +PKGNAMESUFFIX= -devel + +MAINTAINER= jhixson@FreeBSD.org +COMMENT= System Security Services Daemon +WWW= https://sssd.io/ + +LICENSE= GPLv3+ +LICENSE_FILE= ${WRKSRC}/COPYING + +CONFLICTS_INSTALL?= sssd* + +BUILD_DEPENDS= bash:shells/bash \ + docbook-xsl>=1:textproc/docbook-xsl \ + krb5>=1.20:security/krb5 \ + p11-kit:security/p11-kit \ + samba-nsupdate:dns/samba-nsupdate \ + xmlcatalog:textproc/libxml2 \ + xmlcatmgr:textproc/xmlcatmgr \ + xsltproc:textproc/libxslt + +LIB_DIRS+= ${LOCALBASE}/lib ${LOCALBASE}/lib/sasl2 +LIB_DEPENDS= libcares.so:dns/c-ares \ + libcom_err.so:security/krb5 \ + libcurl.so:ftp/curl \ + libdbus-1.so:devel/dbus \ + libdhash.so:devel/ding-libs \ + libfido2.so:security/libfido2 \ + libgssapi_krb5.so:security/krb5 \ + libinotify.so:devel/libinotify \ + libjansson.so:devel/jansson \ + libjose.so:net/jose \ + libkrb5.so:security/krb5 \ + libldb.so:databases/ldb22 \ + libndr-krb5pac.so:net/samba416 \ + libndr-nbt.so:net/samba416 \ + libndr-standard.so:net/samba416 \ + libndr.so:net/samba416 \ + libnfs.so:net/libnfs \ + libnss3.so:security/nss \ + libp11-kit.so:security/p11-kit \ + libpcre2-posix.so:devel/pcre2 \ + libplds4.so:devel/nspr \ + libpopt.so:devel/popt \ + libsamba-util.so:net/samba416 \ + libsasl2.so:security/cyrus-sasl2 \ + libsmbclient.so:net/samba416 \ + libtalloc.so:devel/talloc \ + libtdb.so:databases/tdb \ + libtevent.so:devel/tevent \ + libunistring.so:devel/libunistring \ + libuuid.so:misc/e2fsprogs-libuuid + +RUN_DEPENDS= cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi \ + sudo>0:security/sudo + +.include +.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300076 +IGNORE=SSSD is only supported on FreeBSD 13.1 and above +.endif + +USES= autoreconf cpe gettext gmake gssapi:bootstrap,flags,mit iconv ldap \ + libtool pathfix pkgconfig python:3.9+ shebangfix ssl + +USE_LDCONFIG= yes +GNU_CONFIGURE= yes + +INSTALL_TARGET= install-strip +CPE_VENDOR= fedoraproject + +DEBUG_FLAGS= -g +STRIP= + +CONFIGURE_ARGS= --disable-dependency-tracking \ + --datadir=${DATADIR} \ + --docdir=${DOCSDIR} \ + --localstatedir=/var \ + --disable-silent-rules \ + --disable-nls \ + --disable-cifs-idmap-plugin \ + --disable-valgrind \ + --disable-systemtap \ + --enable-pammoddir=${PREFIX}/lib \ + --enable-ldb-version-check \ + --enable-pac-responder \ + --with-db-path=/var/db/sss/db \ + --with-os=freebsd \ + --with-plugin-path=${LOCALBASE}/lib/sssd \ + --with-pubconf-path=/var/db/sss/pubconf \ + --with-pid-path=/var/run \ + --with-pipe-path=/var/run/sss/pipes \ + --with-mcache-path=/var/db/sss/mc \ + --with-environment-file=${LOCALBASE}/etc/sssd \ + --with-init-dir=no \ + --with-manpages \ + --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ + --with-krb5-plugin-path=${LOCALBASE}/lib/krb5/plugins/libkrb5 \ + --with-krb5authdata-plugin-path=${LOCALBASE}/lib/krb5/plugins/authdata \ + --with-krb5-conf=/etc/krb5.conf \ + --without-python2-bindings \ + --with-winbind-plugin-path=${LOCALBASE}/lib/samba4/modules/idmap \ + --without-selinux \ + --with-gpo-cache-path=/var/db/sss/gpo_cache \ + --without-semanage \ + --with-app-libs=${LOCALBASE}/lib/sssd/modules \ + --with-sudo \ + --with-sudo-lib-path=${LOCALBASE}/lib \ + --without-autofs \ + --with-files-provider \ + --with-passkey \ + --with-libsifp \ + --without-libsifp \ + --with-syslog=syslog \ + --with-samba \ + --without-nfsv4-idmapd-plugin \ + --with-nfs-lib-path=${LOCALBASE}/lib \ + --with-secrets-db-path=/var/lib/sss/secrets \ + --with-kcm \ + --with-oidc-child \ + --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ + --with-smb-idmap-interface-version=6 \ + --without-libnl \ + --with-nscd-conf=/etc/nscd.conf \ + --with-python_prefix=${PREFIX} \ + --with-unicode-lib=libunistring + +CFLAGS+= -fstack-protector-all +CFLAGS+= -I${LOCALBASE}/include -I${LOCALBASE}/include/samba4 + +LIBS+= -L${LOCALBASE}/lib \ + -L${LOCALBASE}/lib/samba4/private \ + -L${LOCALBASE}/lib/sasl2 \ + -linotify -lintl + +KRB5_HOME= ${LOCALBASE} +KRB5_CONFIG= ${LOCALBASE}/bin/krb5-config +KRB5_CFLAGS= -I${LOCALBASE}/include +KRB5_LIBS= -L${LOCALBASE}/lib -lkrb5 + +LDFLAGS+= -lgssapi +LDFLAGS_SL+= -lgssapi + +LDFLAGS+= -L${LOCALBASE}/lib +INCLUDES+= -I${LOCALBASE}/include +CONFIGURE_ENV+= INCLUDES="${INCLUDES}" \ + LDFLAGS_SL="${LDFLAGS_SL}" +MAKE_ENV= MAKELEVEL=0 + +PLIST_SUB= PYTHON_VER=${PYTHON_VER} +MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" +SUB_FILES= pkg-message + +BINARY_ALIAS= python3=python${PYTHON_VER} +SHEBANG_FILES= sbus_generate.sh.in \ + src/tools/analyzer/sss_analyze \ + src/tools/sss_obfuscate \ + src/config/SSSDConfigTest.py \ + src/tests/python-test.py \ + src/tests/pysss-test.py \ + src/tests/cwrap/cwrap_test_setup.sh \ + src/tests/whitespace_test \ + src/tests/pyhbac-test.py \ + src/tests/multihost/data/memcachesize.py \ + src/tests/double_semicolon_test \ + src/tests/pysss_murmur-test.py \ + scripts/release.sh \ + contrib/git/pre-push \ + contrib/ci/rpm-spec-builddeps \ + contrib/ci/clean \ + contrib/ci/valgrind-condense \ + contrib/ci/run-multihost \ + contrib/ci/run \ + contrib/ci/get-matrix.py \ + contrib/vagrant/bootstrap.sh \ + contrib/fedora/make_srpm.sh + +USE_RC_SUBR= ${PORTNAME} + +USE_GITHUB=yes +GH_ACCOUNT=sssd + +post-patch: + @${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \ + -e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \ + ${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \ + ${WRKSRC}/src/man/po/*.po || true + @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ + -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ + ${WRKSRC}/src/man/*xml || true + @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h + @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c + +post-install: + ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \ + ${STAGEDIR}${ETCDIR}/sssd.conf.sample + ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d + ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.conf \ + ${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf + ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services + ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.service \ + ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service + ${LN} -sf libnss_sss.so.2 ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1 + +.include diff --git a/security/sssd-devel/distinfo b/security/sssd-devel/distinfo new file mode 100644 index 000000000000..a1b047b93845 --- /dev/null +++ b/security/sssd-devel/distinfo @@ -0,0 +1,3 @@ +TIMESTAMP = 1684527117 +SHA256 (sssd-sssd-2.9.0_GH0.tar.gz) = 6dcf9b0d76ffde6031cb5f836574072c1a1ca31e7b1d5a4da8c0c4b636f1340a +SIZE (sssd-sssd-2.9.0_GH0.tar.gz) = 6631690 diff --git a/security/sssd-devel/files/bsdnss.c b/security/sssd-devel/files/bsdnss.c new file mode 100644 index 000000000000..6a1152100c67 --- /dev/null +++ b/security/sssd-devel/files/bsdnss.c @@ -0,0 +1,196 @@ +#include +#include +#include +#include +#include +#include +#include + +extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, + int *); +extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, + char *, size_t, int *); +extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, + size_t, int *); +extern enum nss_status _nss_sss_setgrent(void); +extern enum nss_status _nss_sss_endgrent(void); + +extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, + int *); +extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, + char *, size_t, int *); +extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, + size_t, int *); +extern enum nss_status _nss_sss_setpwent(void); +extern enum nss_status _nss_sss_endpwent(void); + +extern enum nss_status _nss_sss_gethostbyname_r(const char *name, + struct hostent * result, + char *buffer, size_t buflen, + int *errnop, + int *h_errnop); + +extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, + struct hostent * result, + char *buffer, size_t buflen, + int *errnop, + int *h_errnop); +extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len, + int type, + struct hostent * result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); + +extern enum nss_status _nss_sss_getgroupmembership(const char *uname, + gid_t agroup, gid_t *groups, + int maxgrp, int *grpcnt); + +NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); +NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); + +static ns_mtab methods[] = { +{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, +{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, +{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, +{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, +{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, +{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, + +{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, +{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, +{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, +{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, +{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, + +// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, +//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, +//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, + +{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, +{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, +{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, +{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, +{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, + +{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, +{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, +{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, +{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, +{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, + +}; + + +ns_mtab * +nss_module_register(const char *source, unsigned int *mtabsize, + nss_module_unregister_fn *unreg) +{ + *mtabsize = sizeof(methods)/sizeof(methods[0]); + *unreg = NULL; + return (methods); +} + +int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) +{ + int (*fn)(const char *, gid_t, gid_t *, int, int *); + + const char *uname; + gid_t agroup; + gid_t *groups; + int maxgrp; + int *grpcnt; + int errnop = 0; + enum nss_status status; + + fn = mdata; + uname = va_arg(ap, const char *); + agroup = va_arg(ap, gid_t); + groups = va_arg(ap, gid_t *); + maxgrp = va_arg(ap, int); + grpcnt = va_arg(ap, int *); + status = fn(uname, agroup, groups, maxgrp, grpcnt); + status = __nss_compat_result(status, errnop); + return (status); +} + +int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) +{ + enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); + const char *name; + struct hostent *result; + char buffer[1024]; + size_t buflen = 1024; + int errnop; + int h_errnop; + int af; + enum nss_status status; + + fn = mdata; + name = va_arg(ap, const char*); + af = va_arg(ap,int); + result = va_arg(ap,struct hostent *); + status = fn(name, result, buffer, buflen, &errnop, &h_errnop); + status = __nss_compat_result(status,errnop); + h_errno = h_errnop; + return (status); +} + +int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) +{ + enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); + const char *name; + struct hostent *result; + char buffer[1024]; + size_t buflen = 1024; + int errnop; + int h_errnop; + int af; + enum nss_status status; + + fn = mdata; + name = va_arg(ap, const char*); + af = va_arg(ap,int); + result = va_arg(ap,struct hostent *); + status = fn(name, result, buffer, buflen, &errnop, &h_errnop); + status = __nss_compat_result(status,errnop); + h_errno = h_errnop; + return (status); +} + +int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) +{ + struct in_addr *addr; + int len; + int type; + struct hostent *result; + char buffer[1024]; + size_t buflen = 1024; + int errnop; + int h_errnop; + enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); + enum nss_status status; + + fn = mdata; + addr = va_arg(ap, struct in_addr*); + len = va_arg(ap,int); + type = va_arg(ap,int); + result = va_arg(ap, struct hostent*); + status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); + status = __nss_compat_result(status,errnop); + h_errno = h_errnop; + return (status); +} diff --git a/security/sssd-devel/files/patch-Makefile.am b/security/sssd-devel/files/patch-Makefile.am new file mode 100644 index 000000000000..36b53712ce10 --- /dev/null +++ b/security/sssd-devel/files/patch-Makefile.am @@ -0,0 +1,871 @@ +--- Makefile.am.orig 2023-06-09 02:31:48 UTC ++++ Makefile.am +@@ -59,7 +59,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services + krb5snippetsdir = $(sssddatadir)/krb5-snippets + dbuspolicydir = $(datadir)/dbus-1/system.d + dbusservicedir = $(datadir)/dbus-1/system-services +-sss_statedir = $(localstatedir)/lib/sss ++sss_statedir = $(localstatedir)/db/sss + runstatedir = @runstatedir@ + localedir = @localedir@ + nsslibdir = @nsslibdir@ +@@ -640,6 +640,7 @@ SSSD_LIBS = \ + + SSSD_LIBS = \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(TEVENT_LIBS) \ + $(POPT_LIBS) \ + $(LDB_LIBS) \ +@@ -711,6 +712,7 @@ dist_noinst_HEADERS = \ + src/util/sss_ssh.h \ + src/util/sss_ini.h \ + src/util/sss_format.h \ ++ src/util/sss_bsd_errno.h \ + src/util/sss_pam_data.h \ + src/util/refcount.h \ + src/util/file_watch.h \ +@@ -1512,6 +1514,7 @@ sssd_LDADD = \ + $(SSSD_LIBS) \ + $(INOTIFY_LIBS) \ + $(LIBNL_LIBS) \ ++ $(LTLIBINTL) \ + $(KEYUTILS_LIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -1540,6 +1543,7 @@ sssd_nss_LDADD = \ + $(LIBADD_DL) \ + $(TDB_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + libsss_idmap.la \ + libsss_cert.la \ + $(SYSTEMD_DAEMON_LIBS) \ +@@ -1570,6 +1574,7 @@ sssd_pam_LDADD = \ + $(LIBADD_DL) \ + $(TDB_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SELINUX_LIBS) \ + $(PAM_LIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ +@@ -1589,8 +1594,10 @@ sssd_sudo_LDADD = \ + src/responder/sudo/sudosrv_dp.c \ + $(SSSD_RESPONDER_OBJ) + sssd_sudo_LDADD = \ ++ $(GSSAPI_KRB5_LIBS) \ + $(LIBADD_DL) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_iface.la \ +@@ -1606,6 +1613,7 @@ sssd_autofs_LDADD = \ + sssd_autofs_LDADD = \ + $(LIBADD_DL) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_iface.la \ +@@ -1626,6 +1634,7 @@ sssd_ssh_LDADD = \ + sssd_ssh_LDADD = \ + $(LIBADD_DL) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_cert.la \ +@@ -1649,6 +1658,7 @@ sssd_pac_LDADD = \ + $(NDR_KRB5PAC_LIBS) \ + $(TDB_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_idmap.la \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -1727,6 +1737,7 @@ sssd_ifp_LDADD = \ + sssd_ifp_LDADD = \ + $(LIBADD_DL) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_cert.la \ +@@ -1789,6 +1800,7 @@ sssd_kcm_LDADD = \ + $(LIBADD_DL) \ + $(KRB5_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(UUID_LIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -1839,6 +1851,7 @@ sssd_be_LDADD = \ + sssd_be_LDADD = \ + $(LIBADD_DL) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CARES_LIBS) \ + $(PAM_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -1900,6 +1913,7 @@ sss_signal_LDADD = \ + src/tools/common/sss_process.c + $(NULL) + sss_signal_LDADD = \ ++ $(LTLIBINTL) \ + libsss_debug.la \ + $(NULL) + +@@ -1956,7 +1970,7 @@ sss_sudo_cli_CFLAGS = $(AM_CFLAGS) + src/sss_client/sudo/sss_sudo_response.c \ + src/sss_client/sudo_testcli/sudo_testcli.c + sss_sudo_cli_CFLAGS = $(AM_CFLAGS) +-sss_sudo_cli_LDADD = $(CLIENT_LIBS) ++sss_sudo_cli_LDADD = $(GSSAPI_KRB5_LIBS) $(CLIENT_LIBS) + endif + + if BUILD_SSH +@@ -2137,6 +2151,7 @@ sysdb_tests_LDADD = \ + $(CHECK_CFLAGS) + sysdb_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2150,6 +2165,7 @@ sysdb_ssh_tests_LDADD = \ + $(CHECK_CFLAGS) + sysdb_ssh_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2162,6 +2178,7 @@ strtonum_tests_LDADD = \ + $(CHECK_CFLAGS) + strtonum_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + libsss_debug.la \ + libsss_test_common.la +@@ -2186,6 +2203,7 @@ krb5_utils_tests_LDADD = \ + $(CHECK_CFLAGS) + krb5_utils_tests_LDADD = \ + $(SSSD_LIBS)\ ++ $(LTLIBINTL) \ + $(CARES_LIBS) \ + $(KRB5_LIBS) \ + $(CHECK_LIBS) \ +@@ -2246,6 +2264,7 @@ resolv_tests_LDADD = \ + -DBUILD_TXT + resolv_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(CARES_LIBS) \ + libsss_debug.la \ +@@ -2259,6 +2278,7 @@ file_watch_tests_LDADD = \ + $(CHECK_CFLAGS) + file_watch_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(INOTIFY_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -2272,6 +2292,7 @@ refcount_tests_LDADD = \ + $(CHECK_CFLAGS) + refcount_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2285,6 +2306,7 @@ fail_over_tests_LDADD = \ + $(CHECK_CFLAGS) + fail_over_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(CARES_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -2316,6 +2338,7 @@ auth_tests_LDADD = \ + $(CHECK_CFLAGS) + auth_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2365,6 +2388,7 @@ util_tests_LDADD = \ + $(NULL) + util_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ +@@ -2377,6 +2401,7 @@ safe_format_tests_LDADD = \ + $(CHECK_CFLAGS) + safe_format_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2389,6 +2414,7 @@ debug_tests_LDADD = \ + $(CHECK_CFLAGS) + debug_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + libsss_debug.la + +@@ -2412,6 +2438,7 @@ ipa_hbac_tests_LDADD = \ + $(CHECK_CFLAGS) + ipa_hbac_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CHECK_LIBS) \ + libsss_test_common.la \ + libipa_hbac.la +@@ -2446,6 +2473,7 @@ responder_socket_access_tests_LDADD = \ + $(LIBADD_DL) \ + $(CHECK_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_test_common.la \ +@@ -2458,6 +2486,7 @@ stress_tests_LDADD = \ + src/tests/stress-tests.c + stress_tests_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la + + krb5_child_test_SOURCES = \ +@@ -2482,6 +2511,7 @@ krb5_child_test_LDADD = \ + $(CHECK_CFLAGS) + krb5_child_test_LDADD = \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(CARES_LIBS) \ + $(KRB5_LIBS) \ + $(CHECK_LIBS) \ +@@ -2499,6 +2529,7 @@ test_ssh_client_LDADD = \ + test_ssh_client_LDADD = \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(NULL) + + test_sbus_message_SOURCES = \ +@@ -2592,6 +2623,7 @@ nss_srv_tests_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_test_common.la \ +@@ -2641,6 +2673,7 @@ pam_srv_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(PAM_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(GSSAPI_KRB5_LIBS) \ +@@ -2681,6 +2714,7 @@ ssh_srv_tests_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_test_common.la \ +@@ -2705,6 +2739,7 @@ responder_get_domains_tests_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_test_common.la \ +@@ -2768,6 +2803,7 @@ test_negcache_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SYSTEMD_DAEMON_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ +@@ -2794,6 +2830,7 @@ test_authtok_LDADD = \ + $(CMOCKA_LIBS) \ + $(DHASH_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + libsss_debug.la \ + $(NULL) +@@ -2809,6 +2846,7 @@ test_prompt_config_LDADD = \ + test_prompt_config_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + libsss_debug.la \ + $(TALLOC_LIBS) \ + $(NULL) +@@ -2833,6 +2871,7 @@ deskprofile_utils_tests_LDADD = \ + deskprofile_utils_tests_CFLAGS = \ + $(AM_CFLAGS) + deskprofile_utils_tests_LDADD = \ ++ $(LTLIBINTL) \ + $(CMOCKA_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2856,6 +2895,7 @@ dyndns_tests_LDADD = \ + $(CARES_LIBS) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la + +@@ -2866,6 +2906,7 @@ domain_resolution_order_tests_LDADD = \ + $(AM_CFLAGS) + domain_resolution_order_tests_LDADD = \ + $(CMOCKA_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la + +@@ -2876,6 +2917,7 @@ fqnames_tests_LDADD = \ + fqnames_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la + +@@ -2895,6 +2937,7 @@ nestedgroups_tests_LDADD = \ + nestedgroups_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(OPENLDAP_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_idmap.la \ +@@ -2926,6 +2969,7 @@ test_ipa_idmap_LDADD = \ + test_ipa_idmap_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + libsss_idmap.la \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la +@@ -2948,6 +2992,7 @@ test_utils_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la + + test_search_bases_SOURCES = \ +@@ -2956,6 +3001,7 @@ test_search_bases_LDADD = \ + $(CMOCKA_LIBS) \ + $(TALLOC_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_ldap_common.la \ + libsss_test_common.la \ + libdlopen_test_providers.la \ +@@ -2970,6 +3016,7 @@ test_ldap_auth_LDADD = \ + test_ldap_auth_LDADD = \ + $(CMOCKA_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + libsss_ldap_common.la \ + libsss_test_common.la \ + libdlopen_test_providers.la \ +@@ -2983,6 +3030,7 @@ test_ldap_id_cleanup_LDADD = \ + test_ldap_id_cleanup_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(TEVENT_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -3000,6 +3048,7 @@ test_sdap_access_LDADD = \ + test_sdap_access_LDADD = \ + $(CMOCKA_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + libsss_ldap_common.la \ + libsss_test_common.la \ + libdlopen_test_providers.la \ +@@ -3019,6 +3068,7 @@ test_sdap_certmap_LDADD = \ + test_sdap_certmap_LDADD = \ + $(CMOCKA_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(POPT_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ +@@ -3030,6 +3080,7 @@ ad_access_filter_tests_LDADD = \ + ad_access_filter_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(TEVENT_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ +@@ -3051,6 +3102,7 @@ ad_gpo_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(OPENLDAP_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(NDR_NBT_LIBS) \ + libsss_ldap_common.la \ +@@ -3088,6 +3140,7 @@ ad_common_tests_LDADD = \ + ad_common_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(KEYUTILS_LIBS) \ + $(NDR_NBT_LIBS) \ + $(NDR_KRB5PAC_LIBS) \ +@@ -3110,6 +3163,7 @@ dp_opt_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(TALLOC_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la + +@@ -3142,6 +3196,7 @@ sdap_tests_LDADD = \ + $(TALLOC_LIBS) \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(OPENLDAP_LIBS) \ + libsss_test_common.la \ +@@ -3160,6 +3215,7 @@ ifp_tests_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_test_common.la \ +@@ -3189,6 +3245,7 @@ sss_sifp_tests_LDADD = \ + $(TALLOC_LIBS) \ + $(DHASH_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) + endif # BUILD_LIBSIFP + endif # BUILD_IFP +@@ -3205,6 +3262,7 @@ test_sysdb_views_LDADD = \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3221,6 +3279,7 @@ test_sysdb_ts_cache_LDADD = \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3235,6 +3294,7 @@ test_sysdb_subdomains_LDADD = \ + $(CMOCKA_LIBS) \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ +@@ -3251,6 +3311,7 @@ test_sysdb_certmap_LDADD = \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3266,6 +3327,7 @@ test_sysdb_sudo_LDADD = \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3281,6 +3343,7 @@ test_sysdb_utils_LDADD = \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3296,6 +3359,7 @@ test_sysdb_domain_resolution_order_LDADD = \ + $(LDB_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3312,6 +3376,7 @@ test_be_ptask_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3330,6 +3395,7 @@ test_copy_ccache_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(KRB5_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3349,6 +3415,7 @@ test_copy_keytab_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(KRB5_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3384,6 +3451,7 @@ test_child_common_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(DHASH_LIBS) \ ++ $(LTLIBINTL) \ + libsss_debug.la \ + libsss_test_common.la \ + $(NULL) +@@ -3403,6 +3471,7 @@ responder_cache_req_tests_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(SYSTEMD_DAEMON_LIBS) \ + libsss_test_common.la \ +@@ -3425,6 +3494,7 @@ test_resolv_fake_LDADD = \ + test_resolv_fake_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(CARES_LIBS) \ + $(DHASH_LIBS) \ +@@ -3448,6 +3518,7 @@ test_fo_srv_LDADD = \ + $(TALLOC_LIBS) \ + $(CARES_LIBS) \ + $(DHASH_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + $(NULL) +@@ -3469,6 +3540,7 @@ test_sdap_initgr_LDADD = \ + $(TEVENT_LIBS) \ + $(LDB_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_ldap_common.la \ + libsss_test_common.la \ + libdlopen_test_providers.la \ +@@ -3488,6 +3560,7 @@ test_ad_subdom_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_ldap_common.la \ + libsss_ad_tests.la \ + libsss_idmap.la \ +@@ -3511,6 +3584,7 @@ test_ipa_subdom_util_LDADD = \ + $(TALLOC_LIBS) \ + $(LDB_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3542,6 +3616,7 @@ test_ipa_subdom_server_LDADD = \ + $(KEYUTILS_LIBS) \ + $(KRB5_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_ldap_common.la \ + libsss_ad_tests.la \ + libsss_test_common.la \ +@@ -3563,6 +3638,7 @@ test_tools_colondb_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(POPT_LIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3579,6 +3655,7 @@ test_krb5_wait_queue_LDADD = \ + $(POPT_LIBS) \ + $(DHASH_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3599,6 +3676,7 @@ test_cert_utils_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(CRYPTO_LIBS) \ ++ $(LTLIBINTL) \ + libsss_debug.la \ + libsss_test_common.la \ + libsss_cert.la \ +@@ -3625,6 +3703,7 @@ test_data_provider_be_LDADD = \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(LIBADD_DL) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + libdlopen_test_providers.la \ + libsss_iface.la \ +@@ -3654,6 +3733,7 @@ test_dp_request_LDADD = \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(LIBADD_DL) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + if BUILD_SYSTEMTAP +@@ -3680,6 +3760,7 @@ test_dp_builtin_LDADD = \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(LIBADD_DL) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3694,6 +3775,7 @@ test_ipa_dn_LDADD = \ + $(TEVENT_LIBS) \ + $(TALLOC_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3707,6 +3789,7 @@ test_iobuf_LDADD = \ + test_iobuf_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(NULL) + + test_confdb_SOURCES = \ +@@ -3721,6 +3804,7 @@ test_confdb_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3741,6 +3825,7 @@ simple_access_tests_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + libdlopen_test_providers.la \ + libsss_iface.la \ +@@ -3758,6 +3843,7 @@ krb5_common_test_LDADD = \ + $(CMOCKA_LIBS) \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ ++ $(LTLIBINTL) \ + libsss_krb5_common.la \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ +@@ -3778,6 +3864,7 @@ test_inotify_LDADD = \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(LIBADD_DL) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3796,6 +3883,7 @@ sss_certmap_test_LDADD = \ + $(TALLOC_LIBS) \ + $(SSS_CERT_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + libsss_certmap.la \ + $(NULL) +@@ -3816,6 +3904,7 @@ test_sssd_krb5_locator_plugin_LDADD = \ + $(POPT_LIBS) \ + $(TALLOC_LIBS) \ + $(KRB5_LIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3866,6 +3955,7 @@ test_passkey_LDADD = \ + test_passkey_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + $(LIBADD_DL) \ + $(PASSKEY_LIBS) \ +@@ -3893,6 +3983,7 @@ test_kcm_marshalling_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + $(NULL) + +@@ -3908,6 +3999,7 @@ test_kcm_queue_LDADD = \ + $(LIBADD_DL) \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_test_common.la \ + libsss_iface.la \ +@@ -3925,6 +4017,7 @@ test_krb5_idp_plugin_LDADD = \ + test_krb5_idp_plugin_LDADD = \ + $(CMOCKA_LIBS) \ + $(JANSSON_LIBS) \ ++ $(LTLIBINTL) \ + $(NULL) + + if BUILD_PASSKEY +@@ -3939,6 +4032,7 @@ test_krb5_passkey_plugin_LDADD = \ + test_krb5_passkey_plugin_LDADD = \ + $(CMOCKA_LIBS) \ + $(JANSSON_LIBS) \ ++ $(LTLIBINTL) \ + $(NULL) + endif # BUILD_PASSKEY + +@@ -3971,6 +4065,7 @@ test_kcm_renewals_LDADD = \ + $(CMOCKA_LIBS) \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) \ ++ $(LTLIBINTL) \ + libsss_test_common.la \ + libsss_iface.la \ + libsss_sbus.la \ +@@ -4012,6 +4107,7 @@ test_sssd_krb5_localauth_plugin_LDADD = \ + test_sssd_krb5_localauth_plugin_LDADD = \ + $(CMOCKA_LIBS) \ + $(KRB5_LIBS) \ ++ $(LTLIBINTL) \ + $(NULL) + endif + +@@ -4068,6 +4164,7 @@ libnss_sss_la_SOURCES = \ + nsslib_LTLIBRARIES = libnss_sss.la + libnss_sss_la_SOURCES = \ + src/sss_client/common.c \ ++ src/sss_client/bsdnss.c \ + src/sss_client/nss_passwd.c \ + src/sss_client/nss_group.c \ + src/sss_client/nss_netgroup.c \ +@@ -4166,6 +4263,7 @@ libsss_sudo_la_LIBADD = \ + src/sss_client/sudo/sss_sudo.h \ + src/sss_client/sudo/sss_sudo_private.h + libsss_sudo_la_LIBADD = \ ++ $(GSSAPI_KRB5_LIBS) \ + $(CLIENT_LIBS) + libsss_sudo_la_LDFLAGS = \ + -Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \ +@@ -4297,6 +4395,7 @@ libsss_ldap_common_la_LIBADD = \ + $(OPENLDAP_LIBS) \ + $(DHASH_LIBS) \ + $(KRB5_LIBS) \ ++ $(LTLIBINTL) \ + libsss_krb5_common.la \ + libsss_idmap.la \ + libsss_certmap.la \ +@@ -4696,6 +4795,7 @@ ldap_child_LDADD = \ + $(KRB5_CFLAGS) + ldap_child_LDADD = \ + libsss_debug.la \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(POPT_LIBS) \ + $(DHASH_LIBS) \ +@@ -4742,6 +4842,7 @@ gpo_child_LDADD = \ + $(SMBCLIENT_CFLAGS) + gpo_child_LDADD = \ + libsss_debug.la \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(POPT_LIBS) \ + $(DHASH_LIBS) \ +@@ -4758,6 +4859,7 @@ proxy_child_LDADD = \ + proxy_child_LDADD = \ + $(PAM_LIBS) \ + $(SSSD_LIBS) \ ++ $(LTLIBINTL) \ + $(SSSD_INTERNAL_LTLIBS) \ + libsss_iface.la \ + libsss_sbus.la \ +@@ -4785,6 +4887,7 @@ p11_child_LDADD = \ + + p11_child_LDADD = \ + libsss_debug.la \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(DHASH_LIBS) \ + $(POPT_LIBS) \ +@@ -4812,6 +4915,7 @@ passkey_child_LDADD = \ + passkey_child_LDADD = \ + libsss_crypt.la \ + libsss_debug.la \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(DHASH_LIBS) \ + $(POPT_LIBS) \ +@@ -4840,6 +4944,7 @@ oidc_child_LDADD = \ + $(NULL) + oidc_child_LDADD = \ + libsss_debug.la \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(POPT_LIBS) \ + $(JANSSON_LIBS) \ +@@ -4858,6 +4963,7 @@ memberof_la_LIBADD = \ + $(NULL) + memberof_la_LIBADD = \ + libsss_debug.la \ ++ $(LTLIBINTL) \ + $(TALLOC_LIBS) \ + $(LDB_LIBS) \ + $(DHASH_LIBS) \ +@@ -4921,6 +5027,7 @@ sssd_krb5_idp_plugin_la_LIBADD = \ + $(KRB5_LIBS) \ + $(KRAD_LIBS) \ + $(JANSSON_LIBS) \ ++ $(LTLIBINTL) \ + $(NULL) + sssd_krb5_idp_plugin_la_LDFLAGS = \ + -avoid-version \ diff --git a/security/sssd-devel/files/patch-configure.ac b/security/sssd-devel/files/patch-configure.ac new file mode 100644 index 000000000000..e0f0edfceff9 --- /dev/null +++ b/security/sssd-devel/files/patch-configure.ac @@ -0,0 +1,51 @@ +--- configure.ac.orig 2023-05-05 08:11:07 UTC ++++ configure.ac +@@ -46,8 +46,6 @@ AC_CONFIG_HEADER(config.h) + AC_CHECK_HEADERS([stdatomic.h],,AC_MSG_ERROR([C11 atomic types are not supported])) + AC_CONFIG_HEADER(config.h) + +-AC_CHECK_TYPES([errno_t], [], [], [[#include ]]) +- + m4_include([src/build_macros.m4]) + BUILD_WITH_SHARED_BUILD_DIR + +@@ -67,7 +65,20 @@ AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" + LIBS=$SAVE_LIBS + AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"]) + ++saved_CFLAGS="$CFLAGS" ++CFLAGS="-Werror" ++AC_COMPILE_IFELSE( ++ [AC_LANG_PROGRAM([[#include ]], ++ [[(void)mempcpy(NULL, NULL, 0);]])], ++ [AC_DEFINE([HAVE_MEMPCPY], [1], [mempcpy() available]) ++ HAVE_MEMPCPY=1 ++ ], ++ [AC_MSG_WARN([mempcpy() not found, will use private implementation])]) + ++CFLAGS="$saved_CFLAGS" ++ ++AM_CONDITIONAL([HAVE_MEMPCPY], [test x"$HAVE_MEMPCPY" != "x"]) ++ + SAVE_LIBS=$LIBS + LIBS= + AC_LINK_IFELSE( +@@ -223,7 +234,6 @@ m4_include([src/external/libkeyutils.m4]) + m4_include([src/external/crypto.m4]) + m4_include([src/external/nsupdate.m4]) + m4_include([src/external/libkeyutils.m4]) +-m4_include([src/external/libkrad.m4]) + m4_include([src/external/libnl.m4]) + m4_include([src/external/systemd.m4]) + m4_include([src/external/pac_responder.m4]) +@@ -390,8 +400,8 @@ them please use argument --without-python3-bindings wh + AM_CHECK_PYTHON_HEADERS([], + AC_MSG_ERROR([Could not find python3 headers])) + +- AC_SUBST([py3execdir], [$pyexecdir]) +- AC_SUBST([python3dir], [$pythondir]) ++ AC_SUBST([py3execdir], [$(eval echo $pyexecdir)]) ++ AC_SUBST([python3dir], [$(eval echo $pythondir)]) + AC_SUBST([PYTHON3_CFLAGS], [$PYTHON_CFLAGS]) + AC_SUBST([PYTHON3_LIBS], [$PYTHON_LIBS]) + AC_SUBST([PYTHON3_INCLUDES], [$PYTHON_INCLUDES]) diff --git a/security/sssd-devel/files/patch-src__confdb__confdb.c b/security/sssd-devel/files/patch-src__confdb__confdb.c new file mode 100644 index 000000000000..138966638518 --- /dev/null +++ b/security/sssd-devel/files/patch-src__confdb__confdb.c @@ -0,0 +1,19 @@ +--- src/confdb/confdb.c.orig 2023-05-05 08:11:07 UTC ++++ src/confdb/confdb.c +@@ -21,6 +21,7 @@ + + #include "config.h" + ++#include + #include + #include "util/util.h" + #include "confdb/confdb.h" +@@ -887,7 +888,7 @@ static char *confdb_get_domain_hostname(TALLOC_CTX *me + struct ldb_result *res, + const char *provider) + { +- char sys[HOST_NAME_MAX + 1] = {'\0'}; ++ char sys[MAXHOSTNAMELEN + 1] = {'\0'}; + const char *opt = NULL; + int ret; + diff --git a/security/sssd-devel/files/patch-src__external__crypto.m4 b/security/sssd-devel/files/patch-src__external__crypto.m4 new file mode 100644 index 000000000000..739502c9da13 --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__crypto.m4 @@ -0,0 +1,21 @@ +--- src/external/crypto.m4.orig 2023-05-05 08:11:07 UTC ++++ src/external/crypto.m4 +@@ -1,6 +1,15 @@ +-AC_DEFUN([AM_CHECK_LIBCRYPTO], +- [PKG_CHECK_MODULES([CRYPTO],[libcrypto]) +- PKG_CHECK_MODULES([SSL],[libssl]) ++CRYPTO_CFLAGS="-I/usr/include" ++CRYPTO_LIBS="-L/usr/lib -lcrypto" ++AC_SUBST(CRYPTO_CFLAGS) ++AC_SUBST(CRYPTO_LIBS) ++ ++SSL_CFLAGS="-I/usr/include" ++SSL_LIBS="-L/usr/lib -lssl" ++AC_SUBST(SSL_CFLAGS) ++AC_SUBST(SSL_LIBS) ++ ++AC_DEFUN([AM_CHECK_LIBCRYPTO], [ ++ AC_MSG_RESULT([yes]) + ]) + + AC_MSG_CHECKING([whether OpenSSL's x400Address is ASN1_STRING]) diff --git a/security/sssd-devel/files/patch-src__external__inotify.m4 b/security/sssd-devel/files/patch-src__external__inotify.m4 new file mode 100644 index 000000000000..2dd08bc16be2 --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__inotify.m4 @@ -0,0 +1,15 @@ +--- src/external/inotify.m4.orig 2023-06-05 03:56:40 UTC ++++ src/external/inotify.m4 +@@ -20,10 +20,10 @@ int main () { + AS_IF([test x"$inotify_works" != xyes], + [AC_CHECK_LIB([inotify], + [inotify_init], +- [INOTIFY_LIBS="$sss_extra_libdir -linotify" ++ [INOTIFY_LIBS="-L$sss_extra_libdir -linotify" + inotify_works=yes], + [inotify_works=no], +- [$sss_extra_libdir])] ++ [-L$sss_extra_libdir])] + ) + + AS_IF([test x"$inotify_works" = xyes], diff --git a/security/sssd-devel/files/patch-src__external__krb5.m4 b/security/sssd-devel/files/patch-src__external__krb5.m4 new file mode 100644 index 000000000000..691efaa0dc98 --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__krb5.m4 @@ -0,0 +1,13 @@ +--- src/external/krb5.m4.orig 2023-05-05 08:11:07 UTC ++++ src/external/krb5.m4 +@@ -1,5 +1,10 @@ ++KRB5_CFLAGS="-I/usr/local/include" ++KRB5_LIBS="-L/usr/local/lib -lkrb5" ++KRB5_CONFIG="/usr/local/bin/krb5-config" ++ + AC_SUBST(KRB5_CFLAGS) + AC_SUBST(KRB5_LIBS) ++AC_SUBST(KRB5_CONFIG) + + if test x$KRB5_LIBS != x; then + KRB5_PASSED_LIBS=$KRB5_LIBS diff --git a/security/sssd-devel/files/patch-src__external__nsupdate.m4 b/security/sssd-devel/files/patch-src__external__nsupdate.m4 new file mode 100644 index 000000000000..abb443532e3e --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__nsupdate.m4 @@ -0,0 +1,8 @@ +--- src/external/nsupdate.m4.orig 2023-05-05 08:11:07 UTC ++++ src/external/nsupdate.m4 +@@ -1,4 +1,4 @@ +-AC_PATH_PROG(NSUPDATE, nsupdate) ++AC_PATH_PROG(NSUPDATE, samba-nsupdate) + AC_MSG_CHECKING(for executable nsupdate) + if test -x "$NSUPDATE"; then + AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate]) diff --git a/security/sssd-devel/files/patch-src__external__pac_responder.m4 b/security/sssd-devel/files/patch-src__external__pac_responder.m4 new file mode 100644 index 000000000000..afc79c1002d2 --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__pac_responder.m4 @@ -0,0 +1,21 @@ +--- src/external/pac_responder.m4.orig 2023-05-05 08:11:07 UTC ++++ src/external/pac_responder.m4 +@@ -7,7 +7,7 @@ then + krb5_version_ok=no + if test x$build_pac_responder = xyes + then +- AC_PATH_PROG(KRB5_CONFIG, krb5-config) ++ AC_PATH_PROG(KRB5_CONFIG, /usr/local/bin/krb5-config) + AC_MSG_CHECKING(for supported MIT krb5 version) + KRB5_VERSION="`$KRB5_CONFIG --version`" + case $KRB5_VERSION in +@@ -22,7 +22,8 @@ then + Kerberos\ 5\ release\ 1.17* | \ + Kerberos\ 5\ release\ 1.18* | \ + Kerberos\ 5\ release\ 1.19* | \ +- Kerberos\ 5\ release\ 1.20*) ++ Kerberos\ 5\ release\ 1.20* | \ ++ Kerberos\ 5\ release\ 1.21*) + krb5_version_ok=yes + AC_MSG_RESULT([yes]) + ;; diff --git a/security/sssd-devel/files/patch-src__external__platform.m4 b/security/sssd-devel/files/patch-src__external__platform.m4 new file mode 100644 index 000000000000..30caaaaf51ae --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__platform.m4 @@ -0,0 +1,51 @@ +--- src/external/platform.m4.orig 2023-05-05 08:11:07 UTC ++++ src/external/platform.m4 +@@ -1,9 +1,10 @@ AC_ARG_WITH([os], + AC_ARG_WITH([os], +- [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo)])] ++ [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo|freebsd)])] + ) + osname="" + if test x"$with_os" != x ; then + if test x"$with_os" = xfedora || \ ++ test x"$with_os" = xfreebsd || \ + test x"$with_os" = xredhat || \ + test x"$with_os" = xsuse || \ + test x"$with_os" = xgentoo || \ +@@ -25,6 +26,8 @@ if test x"$osname" = x ; then + osname="debian" + elif test -f /etc/gentoo-release ; then + osname="gentoo" ++ elif test -f /etc/os-release ; then ++ osname="freebsd" + fi + + AC_MSG_NOTICE([Detected operating system type: $osname]) +@@ -35,6 +38,7 @@ AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgent + AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse]) + AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian]) + AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo]) ++AM_CONDITIONAL([HAVE_FREEBSD], [test x"$osname" = xfreebsd]) + + AS_CASE([$osname], + [redhat], [AC_DEFINE_UNQUOTED([HAVE_REDHAT], 1, [Build with redhat config])], +@@ -42,10 +46,18 @@ AS_CASE([$osname], + [suse], [AC_DEFINE_UNQUOTED([HAVE_SUSE], 1, [Build with suse config])], + [gentoo], [AC_DEFINE_UNQUOTED([HAVE_GENTOO], 1, [Build with gentoo config])], + [debian], [AC_DEFINE_UNQUOTED([HAVE_DEBIAN], 1, [Build with debian config])], ++ [freebsd], [AC_DEFINE_UNQUOTED([HAVE_FREEBSD], 1, [Build with freebsd config])], + [AC_MSG_NOTICE([Build with $osname config])]) + +-AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , ++if test x"$osname" = x"freebsd"; then ++ AC_CHECK_MEMBERS([struct xucred.cr_pid, struct xucred.cr_uid, struct xucred.cr_gid], , , [[ ++#include ++#include ++]]) ++else ++ AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , + [[#include ]]) ++fi + + if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \ + x"$ac_cv_member_struct_ucred_uid" = xyes -a \ diff --git a/security/sssd-devel/files/patch-src__external__samba.m4 b/security/sssd-devel/files/patch-src__external__samba.m4 new file mode 100644 index 000000000000..7c6b25138b58 --- /dev/null +++ b/security/sssd-devel/files/patch-src__external__samba.m4 @@ -0,0 +1,32 @@ +--- src/external/samba.m4.orig 2023-05-05 08:11:07 UTC ++++ src/external/samba.m4 +@@ -64,7 +64,7 @@ --without-samba + else + + AC_MSG_CHECKING([Samba's idmap plugin interface version]) +- sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/samba ++ sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/private + SAVE_CFLAGS=$CFLAGS + SAVE_LIBS=$LIBS + CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS" +@@ -157,12 +157,16 @@ AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_group + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS" + AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_groups], , , +- [[ #include +- #include ++ [[ #include ++ #include ++ #include ++ #include + #include ]]) + AC_CHECK_MEMBERS([struct PAC_UPN_DNS_INFO.ex], , + [AC_MSG_NOTICE([union PAC_UPN_DNS_INFO_EX is not available, PAC checks will be limited])], +- [[ #include +- #include ++ [[ #include ++ #include ++ #include ++ #include + #include ]]) + CFLAGS=$SAVE_CFLAGS diff --git a/security/sssd-devel/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c b/security/sssd-devel/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c new file mode 100644 index 000000000000..233dd417d8f5 --- /dev/null +++ b/security/sssd-devel/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c @@ -0,0 +1,19 @@ +--- src/krb5_plugin/common/radius_kdcpreauth.c.orig 2023-05-05 08:11:07 UTC ++++ src/krb5_plugin/common/radius_kdcpreauth.c +@@ -18,6 +18,7 @@ + along with this program. If not, see . + */ + ++#include + #include + #include + #include +@@ -414,7 +415,7 @@ sss_radiuskdc_client_init(krb5_context kctx, + struct sss_radiuskdc_config *config) + { + struct sss_radiuskdc_client *client; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[MAXHOSTNAMELEN + 1]; + krb5_data data = {0}; + krb5_error_code ret; + diff --git a/security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c b/security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c new file mode 100644 index 000000000000..c3e821355d7b --- /dev/null +++ b/security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c @@ -0,0 +1,11 @@ +--- src/lib/winbind_idmap_sss/winbind_idmap_sss.c.orig 2023-05-05 08:11:07 UTC ++++ src/lib/winbind_idmap_sss/winbind_idmap_sss.c +@@ -22,6 +22,8 @@ + along with this program. If not, see . + */ + ++#include ++#include + #include + #include + diff --git a/security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h b/security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h new file mode 100644 index 000000000000..5fc97a38e37e --- /dev/null +++ b/security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h @@ -0,0 +1,11 @@ +--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h.orig 2023-06-05 04:01:16 UTC ++++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h +@@ -29,6 +29,8 @@ + #include + + #include ++#include ++#include + #include + #include + diff --git a/security/sssd-devel/files/patch-src__p11_child__p11_child_common.c b/security/sssd-devel/files/patch-src__p11_child__p11_child_common.c new file mode 100644 index 000000000000..4304a8681ba4 --- /dev/null +++ b/security/sssd-devel/files/patch-src__p11_child__p11_child_common.c @@ -0,0 +1,19 @@ +--- src/p11_child/p11_child_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/p11_child/p11_child_common.c +@@ -27,7 +27,6 @@ + #include + #include + #include +-#include + + #include "util/util.h" + #include "util/child_common.h" +@@ -305,8 +304,6 @@ int main(int argc, const char *argv[]) + } + + poptFreeContext(pc); +- +- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); + + debug_prg_name = talloc_asprintf(NULL, "p11_child[%d]", getpid()); + if (debug_prg_name == NULL) { diff --git a/security/sssd-devel/files/patch-src__passkey_child__passkey_child_common.c b/security/sssd-devel/files/patch-src__passkey_child__passkey_child_common.c new file mode 100644 index 000000000000..02e75e346146 --- /dev/null +++ b/security/sssd-devel/files/patch-src__passkey_child__passkey_child_common.c @@ -0,0 +1,19 @@ +--- src/passkey_child/passkey_child_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/passkey_child/passkey_child_common.c +@@ -23,7 +23,6 @@ + */ + + #include +-#include + #include + #include + #include +@@ -269,8 +268,6 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const c + } + + poptFreeContext(pc); +- +- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); + + if (user_verification != NULL) { + if (strcmp(user_verification, "true") == 0) { diff --git a/security/sssd-devel/files/patch-src__providers__ad__ad_common.c b/security/sssd-devel/files/patch-src__providers__ad__ad_common.c new file mode 100644 index 000000000000..d4813193d1b1 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ad__ad_common.c @@ -0,0 +1,41 @@ +--- src/providers/ad/ad_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ad/ad_common.c +@@ -19,6 +19,7 @@ + You should have received a copy of the GNU General Public License + along with this program. If not, see . + */ ++#include + #include + + #include "providers/ad/ad_common.h" +@@ -495,8 +496,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + char *server; + char *realm; + char *ad_hostname; +- char hostname[HOST_NAME_MAX + 1]; +- char fqdn[HOST_NAME_MAX + 1]; ++ char hostname[MAXHOSTNAMELEN + 1]; ++ char fqdn[MAXHOSTNAMELEN + 1]; + char *case_sensitive_opt; + const char *opt_override; + +@@ -543,7 +544,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + strerror(ret)); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[MAXHOSTNAMELEN] = '\0'; + + if (strchr(hostname, '.') == NULL) { + ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn)); +@@ -552,8 +553,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + "The hostname [%s] has been expanded to FQDN [%s]. " + "If sssd should really use the short hostname, please " + "set ad_hostname explicitly.\n", hostname, fqdn); +- strncpy(hostname, fqdn, HOST_NAME_MAX); +- hostname[HOST_NAME_MAX] = '\0'; ++ strncpy(hostname, fqdn, MAXHOSTNAMELEN); ++ hostname[MAXHOSTNAMELEN] = '\0'; + } + } + diff --git a/security/sssd-devel/files/patch-src__providers__ad__ad_gpo_child.c b/security/sssd-devel/files/patch-src__providers__ad__ad_gpo_child.c new file mode 100644 index 000000000000..3e5f890b5137 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ad__ad_gpo_child.c @@ -0,0 +1,19 @@ +--- src/providers/ad/ad_gpo_child.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ad/ad_gpo_child.c +@@ -26,7 +26,6 @@ + #include + #include + #include +-#include + #include + #include + +@@ -699,8 +698,6 @@ main(int argc, const char *argv[]) + } + + poptFreeContext(pc); +- +- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); + + debug_prg_name = talloc_asprintf(NULL, "gpo_child[%d]", getpid()); + if (debug_prg_name == NULL) { diff --git a/security/sssd-devel/files/patch-src__providers__ad__ad_pac.h b/security/sssd-devel/files/patch-src__providers__ad__ad_pac.h new file mode 100644 index 000000000000..f9de3661d985 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ad__ad_pac.h @@ -0,0 +1,11 @@ +--- src/providers/ad/ad_pac.h.orig 2023-06-05 04:04:46 UTC ++++ src/providers/ad/ad_pac.h +@@ -32,6 +32,8 @@ + #ifdef ldb_val + #error Please make sure to include ad_pac.h before ldb.h + #endif ++#include ++#include + #include + #include + #include diff --git a/security/sssd-devel/files/patch-src__providers__ad__ad_pac_common.c b/security/sssd-devel/files/patch-src__providers__ad__ad_pac_common.c new file mode 100644 index 000000000000..ab1c08e07e8b --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ad__ad_pac_common.c @@ -0,0 +1,11 @@ +--- src/providers/ad/ad_pac_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ad/ad_pac_common.c +@@ -20,6 +20,8 @@ + along with this program. If not, see . + */ + ++#include ++#include + + #include "providers/ad/ad_pac.h" + #include "util/util.h" diff --git a/security/sssd-devel/files/patch-src__providers__data_provider__dp_modules.c b/security/sssd-devel/files/patch-src__providers__data_provider__dp_modules.c new file mode 100644 index 000000000000..482a8c334c5b --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__data_provider__dp_modules.c @@ -0,0 +1,10 @@ +--- src/providers/data_provider/dp_modules.c.orig 2023-05-25 06:34:10 UTC ++++ src/providers/data_provider/dp_modules.c +@@ -23,6 +23,7 @@ + #include "providers/data_provider/dp.h" + #include "providers/data_provider/dp_private.h" + #include "providers/backend.h" ++#include "util/sss_bsd_errno.h" + #include "util/util.h" + + /* There can be at most the same number of different modules loaded at diff --git a/security/sssd-devel/files/patch-src__providers__data_provider__dp_targets.c b/security/sssd-devel/files/patch-src__providers__data_provider__dp_targets.c new file mode 100644 index 000000000000..2a83b5070e9d --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__data_provider__dp_targets.c @@ -0,0 +1,10 @@ +--- src/providers/data_provider/dp_targets.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/data_provider/dp_targets.c +@@ -26,6 +26,7 @@ + #include "providers/data_provider/dp_private.h" + #include "providers/data_provider/dp_builtin.h" + #include "providers/backend.h" ++#include "util/sss_bsd_errno.h" + #include "util/util.h" + + #define DP_TARGET_INIT_FN "sssm_%s_%s_init" diff --git a/security/sssd-devel/files/patch-src__providers__data_provider_be.c b/security/sssd-devel/files/patch-src__providers__data_provider_be.c new file mode 100644 index 000000000000..527186d6fc73 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__data_provider_be.c @@ -0,0 +1,11 @@ +--- src/providers/data_provider_be.c.orig 2023-05-25 06:24:25 UTC ++++ src/providers/data_provider_be.c +@@ -25,6 +25,8 @@ + #include + #include + #include ++#include ++#include + #include + #include + #include diff --git a/security/sssd-devel/files/patch-src__providers__data_provider_fo.c b/security/sssd-devel/files/patch-src__providers__data_provider_fo.c new file mode 100644 index 000000000000..4e4dc0d1da9f --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__data_provider_fo.c @@ -0,0 +1,28 @@ +--- src/providers/data_provider_fo.c.orig 2023-05-25 06:28:15 UTC ++++ src/providers/data_provider_fo.c +@@ -19,6 +19,7 @@ + along with this program. If not, see . + */ + ++#include + #include + #include + #include "providers/backend.h" +@@ -237,7 +238,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx + const char *hostname) + { + struct fo_resolve_srv_dns_ctx *srv_ctx = NULL; +- char resolved_hostname[HOST_NAME_MAX + 1]; ++ char resolved_hostname[MAXHOSTNAMELEN + 1]; + errno_t ret; + + if (hostname == NULL) { +@@ -248,7 +249,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx + "gethostname() failed: [%d]: %s\n", ret, strerror(ret)); + return ret; + } +- resolved_hostname[HOST_NAME_MAX] = '\0'; ++ resolved_hostname[MAXHOSTNAMELEN] = '\0'; + hostname = resolved_hostname; + } + diff --git a/security/sssd-devel/files/patch-src__providers__files__files_ops.c b/security/sssd-devel/files/patch-src__providers__files__files_ops.c new file mode 100644 index 000000000000..f53f65264139 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__files__files_ops.c @@ -0,0 +1,88 @@ +--- src/providers/files/files_ops.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/files/files_ops.c +@@ -53,8 +53,11 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx, + struct passwd *pwd_iter = NULL; + struct passwd *pwd = NULL; + struct passwd **users = NULL; ++ struct passwd *pbuf = NULL; + FILE *pwd_handle = NULL; + size_t n_users = 0; ++ char *buf = NULL; ++ unsigned int bufsize = 1024; + + pwd_handle = fopen(passwd_file, "r"); + if (pwd_handle == NULL) { +@@ -72,7 +75,19 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx, + goto done; + } + +- while ((pwd_iter = fgetpwent(pwd_handle)) != NULL) { ++ buf = talloc_zero_array(mem_ctx, char, bufsize); ++ if (buf == NULL) { ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ pbuf = talloc_zero(mem_ctx, struct passwd); ++ if (pbuf == NULL) { ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ while (getpwent_r(pbuf, buf, (size_t)bufsize, &pwd_iter) == 0 && pwd_iter != NULL) { + /* FIXME - we might want to support paging of sorts to avoid allocating + * all users atop a memory context or only return users that differ from + * the local storage as a diff to minimize memory spikes +@@ -126,6 +141,9 @@ done: + users[n_users] = NULL; + *_users = users; + done: ++ talloc_free(pbuf); ++ talloc_free(buf); ++ + if (ret != EOK) { + talloc_free(users); + } +@@ -150,8 +168,11 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx, + struct group *grp_iter = NULL; + struct group *grp = NULL; + struct group **groups = NULL; ++ struct group *pbuf = NULL; + size_t n_groups = 0; + FILE *grp_handle = NULL; ++ char *buf = NULL; ++ unsigned int bufsize = 1024; + + grp_handle = fopen(group_file, "r"); + if (grp_handle == NULL) { +@@ -169,7 +190,19 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx, + goto done; + } + +- while ((grp_iter = fgetgrent(grp_handle)) != NULL) { ++ buf = talloc_zero_array(mem_ctx, char, bufsize); ++ if (buf == NULL) { ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ pbuf = talloc_zero(mem_ctx, struct group); ++ if (pbuf == NULL) { ++ ret = ENOMEM; ++ goto done; ++ } ++ ++ while (getgrent_r(pbuf, buf, (size_t)bufsize, &grp_iter) == 0 && grp_iter != NULL) { + DEBUG(SSSDBG_TRACE_LIBS, + "Group found (%s, %"SPRIgid")\n", + grp_iter->gr_name, grp_iter->gr_gid); +@@ -230,6 +263,9 @@ done: + groups[n_groups] = NULL; + *_groups = groups; + done: ++ talloc_free(pbuf); ++ talloc_free(buf); ++ + if (ret != EOK) { + talloc_free(groups); + } diff --git a/security/sssd-devel/files/patch-src__providers__ipa__ipa_common.c b/security/sssd-devel/files/patch-src__providers__ipa__ipa_common.c new file mode 100644 index 000000000000..31de8587948c --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ipa__ipa_common.c @@ -0,0 +1,28 @@ +--- src/providers/ipa/ipa_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ipa/ipa_common.c +@@ -22,6 +22,7 @@ + along with this program. If not, see . + */ + ++#include + #include + #include + #include +@@ -51,7 +52,7 @@ int ipa_get_options(TALLOC_CTX *memctx, + char *realm; + char *ipa_hostname; + int ret; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[MAXHOSTNAMELEN + 1]; + + opts = talloc_zero(memctx, struct ipa_options); + if (!opts) return ENOMEM; +@@ -88,7 +89,7 @@ int ipa_get_options(TALLOC_CTX *memctx, + strerror(ret)); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[MAXHOSTNAMELEN] = '\0'; + DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); + ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); + if (ret != EOK) { diff --git a/security/sssd-devel/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c b/security/sssd-devel/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c new file mode 100644 index 000000000000..8d29abb6c670 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c @@ -0,0 +1,11 @@ +--- src/providers/ipa/ipa_deskprofile_rules_util.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ipa/ipa_deskprofile_rules_util.c +@@ -20,6 +20,8 @@ + along with this program. If not, see . + */ + ++#include ++#include + #include "providers/ipa/ipa_deskprofile_rules_util.h" + #include "providers/ipa/ipa_deskprofile_private.h" + #include "providers/ipa/ipa_rules_common.h" diff --git a/security/sssd-devel/files/patch-src__providers__krb5__krb5_child.c b/security/sssd-devel/files/patch-src__providers__krb5__krb5_child.c new file mode 100644 index 000000000000..d1aff8da6e2e --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__krb5__krb5_child.c @@ -0,0 +1,19 @@ +--- src/providers/krb5/krb5_child.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/krb5/krb5_child.c +@@ -28,7 +28,6 @@ + #include + #include + #include +-#include + + #include + +@@ -4070,8 +4069,6 @@ int main(int argc, const char *argv[]) + } + + poptFreeContext(pc); +- +- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); + + debug_prg_name = talloc_asprintf(NULL, "krb5_child[%d]", getpid()); + if (!debug_prg_name) { diff --git a/security/sssd-devel/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd-devel/files/patch-src__providers__ldap__ldap_auth.c new file mode 100644 index 000000000000..5fd7eeabc816 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ldap__ldap_auth.c @@ -0,0 +1,46 @@ +--- src/providers/ldap/ldap_auth.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ldap/ldap_auth.c +@@ -37,7 +37,6 @@ + #include + #include + +-#include + #include + + #include "util/util.h" +@@ -51,6 +50,22 @@ + + #define LDAP_PWEXPIRE_WARNING_TIME 0 + ++struct spwd ++{ ++ char *sp_namp; /* Login name. */ ++ char *sp_pwdp; /* Encrypted password. */ ++ long int sp_lstchg; /* Date of last change. */ ++ long int sp_min; /* Minimum number of days between changes. */ ++ long int sp_max; /* Maximum number of days between changes. */ ++ long int sp_warn; /* Number of days to warn user to change ++ the password. */ ++ long int sp_inact; /* Number of days the account may be ++ inactive. */ ++ long int sp_expire; /* Number of days since 1970-01-01 until ++ account expires. */ ++ unsigned long int sp_flag; /* Reserved. */ ++}; ++ + static errno_t add_expired_warning(struct pam_data *pd, long exp_time) + { + int ret; +@@ -96,9 +111,9 @@ static errno_t check_pwexpire_kerberos(const char *exp + } + + DEBUG(SSSDBG_TRACE_ALL, +- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " +- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n", +- tzname[0], tzname[1], timezone, daylight, now, expire_time); ++ "Time info: tzname[0] [%s] tzname[1] [%s] " ++ "now [%"SPRItime"] expire_time [%"SPRItime"].\n", ++ tzname[0], tzname[1], now, expire_time); + + if (expire_time == 0) { + /* Used by the MIT LDAP KDB plugin to indicate "never" */ diff --git a/security/sssd-devel/files/patch-src__providers__ldap__ldap_child.c b/security/sssd-devel/files/patch-src__providers__ldap__ldap_child.c new file mode 100644 index 000000000000..332d742661fc --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ldap__ldap_child.c @@ -0,0 +1,42 @@ +--- src/providers/ldap/ldap_child.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ldap/ldap_child.c +@@ -23,11 +23,11 @@ + */ + + #include ++#include + #include + #include + #include + #include +-#include + + #include "util/util.h" + #include "util/sss_krb5.h" +@@ -337,7 +337,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_ + full_princ = talloc_strdup(tmp_ctx, princ_str); + } + } else { +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[MAXHOSTNAMELEN + 1]; + + ret = gethostname(hostname, sizeof(hostname)); + if (ret == -1) { +@@ -346,7 +346,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_ + errno, strerror(errno)); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[MAXHOSTNAMELEN] = '\0'; + + DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname); + +@@ -660,8 +660,6 @@ int main(int argc, const char *argv[]) + } + + poptFreeContext(pc); +- +- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); + + debug_prg_name = talloc_asprintf(NULL, "ldap_child[%d]", getpid()); + if (!debug_prg_name) { diff --git a/security/sssd-devel/files/patch-src__providers__ldap__sdap_access.c b/security/sssd-devel/files/patch-src__providers__ldap__sdap_access.c new file mode 100644 index 000000000000..2469db8a69d6 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ldap__sdap_access.c @@ -0,0 +1,41 @@ +--- src/providers/ldap/sdap_access.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ldap/sdap_access.c +@@ -24,6 +24,7 @@ + + #include "config.h" + ++#include + #include + #include + #include +@@ -568,9 +569,9 @@ bool nds_check_expired(const char *exp_time_str) + + now = time(NULL); + DEBUG(SSSDBG_TRACE_ALL, +- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " +- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n", +- tzname[0], tzname[1], timezone, daylight, now, expire_time); ++ "Time info: tzname[0] [%s] tzname[1] [%s] " ++ "now [%"SPRItime"] expire_time [%"SPRItime"].\n", ++ tzname[0], tzname[1], now, expire_time); + + if (difftime(now, expire_time) > 0.0) { + DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); +@@ -1286,7 +1287,7 @@ static errno_t sdap_access_host(struct ldb_message *us + { + errno_t ret; + struct ldb_message_element *el; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[MAXHOSTNAMELEN + 1]; + struct addrinfo *res = NULL; + struct addrinfo hints; + +@@ -1301,7 +1302,7 @@ static errno_t sdap_access_host(struct ldb_message *us + "Unable to get system hostname. Access denied\n"); + return ERR_ACCESS_DENIED; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[MAXHOSTNAMELEN] = '\0'; + + /* Canonicalize the hostname */ + memset(&hints, 0, sizeof(struct addrinfo)); diff --git a/security/sssd-devel/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c b/security/sssd-devel/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c new file mode 100644 index 000000000000..b305369d3aaf --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c @@ -0,0 +1,28 @@ +--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/ldap/sdap_async_sudo_hostinfo.c +@@ -18,6 +18,7 @@ + along with this program. If not, see . + */ + ++#include + #include + #include + #include +@@ -357,7 +358,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send + struct tevent_req *subreq = NULL; + struct sdap_sudo_get_hostnames_state *state = NULL; + char *dot = NULL; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[MAXHOSTNAMELEN + 1]; + int ret; + + req = tevent_req_create(mem_ctx, &state, +@@ -387,7 +388,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send + "[%d]: %s\n", ret, strerror(ret)); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[MAXHOSTNAMELEN] = '\0'; + + state->hostnames[0] = talloc_strdup(state->hostnames, hostname); + if (state->hostnames[0] == NULL) { diff --git a/security/sssd-devel/files/patch-src__providers__proxy__proxy_child.c b/security/sssd-devel/files/patch-src__providers__proxy__proxy_child.c new file mode 100644 index 000000000000..adafcdd35676 --- /dev/null +++ b/security/sssd-devel/files/patch-src__providers__proxy__proxy_child.c @@ -0,0 +1,29 @@ +--- src/providers/proxy/proxy_child.c.orig 2023-05-05 08:11:07 UTC ++++ src/providers/proxy/proxy_child.c +@@ -30,6 +30,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -469,6 +470,18 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, cons + + return EOK; + } ++ ++ ++#if (defined(__FreeBSD__) && (__FreeBSD__ < 14)) ++extern char **environ; ++ ++static int ++clearenv(void) ++{ ++ *environ = NULL; ++ return 0; ++} ++#endif + + int main(int argc, const char *argv[]) + { diff --git a/security/sssd-devel/files/patch-src__resolv__async_resolv_utils.c b/security/sssd-devel/files/patch-src__resolv__async_resolv_utils.c new file mode 100644 index 000000000000..12587842f8ce --- /dev/null +++ b/security/sssd-devel/files/patch-src__resolv__async_resolv_utils.c @@ -0,0 +1,28 @@ +--- src/resolv/async_resolv_utils.c.orig 2023-05-05 08:11:07 UTC ++++ src/resolv/async_resolv_utils.c +@@ -18,6 +18,7 @@ + along with this program. If not, see . + */ + ++#include + #include + #include + #include +@@ -45,7 +46,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx, + struct resolv_get_domain_state *state = NULL; + struct tevent_req *req = NULL; + struct tevent_req *subreq = NULL; +- char system_hostname[HOST_NAME_MAX + 1]; ++ char system_hostname[MAXHOSTNAMELEN + 1]; + errno_t ret; + + req = tevent_req_create(mem_ctx, &state, +@@ -64,7 +65,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx, + ret, strerror(ret)); + goto immediately; + } +- system_hostname[HOST_NAME_MAX] = '\0'; ++ system_hostname[MAXHOSTNAMELEN] = '\0'; + hostname = system_hostname; + } + diff --git a/security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c b/security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c new file mode 100644 index 000000000000..9354c7f1e9b7 --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c @@ -0,0 +1,10 @@ +--- src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include "db/sysdb.h" + #include "db/sysdb_iphosts.h" diff --git a/security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c b/security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c new file mode 100644 index 000000000000..4dd2c8bf8452 --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c @@ -0,0 +1,10 @@ +--- src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include "db/sysdb.h" + #include "db/sysdb_ipnetworks.h" diff --git a/security/sssd-devel/files/patch-src__responder__common__responder_common.c b/security/sssd-devel/files/patch-src__responder__common__responder_common.c new file mode 100644 index 000000000000..9fd169f000cd --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__common__responder_common.c @@ -0,0 +1,10 @@ +--- src/responder/common/responder_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/common/responder_common.c +@@ -33,6 +33,7 @@ + #include + #include + ++#include "util/sss_bsd_errno.h" + #include "util/util.h" + #include "util/strtonum.h" + #include "db/sysdb.h" diff --git a/security/sssd-devel/files/patch-src__responder__common__responder_packet.c b/security/sssd-devel/files/patch-src__responder__common__responder_packet.c new file mode 100644 index 000000000000..464724ba2e87 --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__common__responder_packet.c @@ -0,0 +1,10 @@ +--- src/responder/common/responder_packet.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/common/responder_packet.c +@@ -25,6 +25,7 @@ + #include + #include + ++#include "util/sss_bsd_errno.h" + #include "util/util.h" + #include "responder/common/responder_packet.h" + diff --git a/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c b/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c new file mode 100644 index 000000000000..aef9e33a63ab --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c @@ -0,0 +1,23 @@ +--- src/responder/kcm/kcmsrv_ccache_secdb.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/kcm/kcmsrv_ccache_secdb.c +@@ -21,6 +21,9 @@ + + #include "config.h" + ++#include ++#include ++ + #include + #include + +@@ -877,8 +880,8 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX * + continue; + } + +- cli_cred.ucred.uid = pwd->pw_uid; +- cli_cred.ucred.gid = pwd->pw_gid; ++ cli_cred.ucred.cr_uid = pwd->pw_uid; ++ cli_cred.ucred.cr_gid = pwd->pw_gid; + + ret = key_by_uuid(tmp_ctx, secdb->sctx, &cli_cred, uuid, &secdb_key); + if (ret != EOK) { diff --git a/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_cmd.c b/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_cmd.c new file mode 100644 index 000000000000..3ec6e7f08ac2 --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_cmd.c @@ -0,0 +1,15 @@ +--- src/responder/kcm/kcmsrv_cmd.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/kcm/kcmsrv_cmd.c +@@ -20,10 +20,12 @@ + */ + + #include ++#include + #include + + #include "config.h" + #include "util/util.h" ++#include "util/sss_bsd_errno.h" + #include "responder/common/responder.h" + #include "responder/kcm/kcmsrv_pvt.h" + #include "responder/kcm/kcmsrv_ops.h" diff --git a/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ops.c b/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ops.c new file mode 100644 index 000000000000..332c86980118 --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ops.c @@ -0,0 +1,10 @@ +--- src/responder/kcm/kcmsrv_ops.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/kcm/kcmsrv_ops.c +@@ -21,6 +21,7 @@ + + #include "config.h" + ++#include + #include + #include + diff --git a/security/sssd-devel/files/patch-src__responder__nss__nsssrv_mmap_cache.c b/security/sssd-devel/files/patch-src__responder__nss__nsssrv_mmap_cache.c new file mode 100644 index 000000000000..d8a2d5f26509 --- /dev/null +++ b/security/sssd-devel/files/patch-src__responder__nss__nsssrv_mmap_cache.c @@ -0,0 +1,27 @@ +--- src/responder/nss/nsssrv_mmap_cache.c.orig 2023-05-05 08:11:07 UTC ++++ src/responder/nss/nsssrv_mmap_cache.c +@@ -23,6 +23,7 @@ + #include "util/crypto/sss_crypto.h" + #include "confdb/confdb.h" + #include ++#include + #include + #include "util/mmap_cache.h" + #include "sss_client/idmap/sss_nss_idmap.h" +@@ -1402,8 +1403,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const + /* Attempt allocation several times, in case of EINTR */ + for (int i = 0; i < POSIX_FALLOCATE_ATTEMPTS; i++) { + ret = posix_fallocate(mc_ctx->fd, 0, mc_ctx->mmap_size); +- if (ret != EINTR) +- break; ++ if (ret != EINTR && ret == EINVAL) { ++ /* posix_fallocate doesn't work on ZFS */ ++ ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size); ++ if (ret != 0) { ++ break; ++ } ++ } else if (ret != EINTR) ++ break; + } + if (ret) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate file %s: %d(%s)\n", diff --git a/security/sssd-devel/files/patch-src__sbus__sbus_errors.c b/security/sssd-devel/files/patch-src__sbus__sbus_errors.c new file mode 100644 index 000000000000..a5b721c0e9b0 --- /dev/null +++ b/security/sssd-devel/files/patch-src__sbus__sbus_errors.c @@ -0,0 +1,11 @@ +--- src/sbus/sbus_errors.c.orig 2023-05-05 08:11:07 UTC ++++ src/sbus/sbus_errors.c +@@ -53,7 +53,7 @@ static const struct { + { DBUS_ERROR_LIMITS_EXCEEDED, ERANGE}, + { DBUS_ERROR_ACCESS_DENIED, EPERM}, + { DBUS_ERROR_AUTH_FAILED, EACCES}, +- { DBUS_ERROR_NO_NETWORK, ENONET}, ++ { DBUS_ERROR_NO_NETWORK, EHOSTDOWN}, + { DBUS_ERROR_DISCONNECTED, ERR_OFFLINE}, + { DBUS_ERROR_INVALID_ARGS, EINVAL}, + diff --git a/security/sssd-devel/files/patch-src__sss_client__common.c b/security/sssd-devel/files/patch-src__sss_client__common.c new file mode 100644 index 000000000000..1a209347fe68 --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__common.c @@ -0,0 +1,29 @@ +--- src/sss_client/common.c.orig 2023-05-05 08:11:07 UTC ++++ src/sss_client/common.c +@@ -156,7 +156,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c + *errnop = error; + break; + case 0: +- *errnop = ETIME; ++ *errnop = ETIMEDOUT; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP)) { +@@ -268,7 +268,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c + *errnop = error; + break; + case 0: +- *errnop = ETIME; ++ *errnop = ETIMEDOUT; + break; + case 1: + if (pfd.revents & (POLLHUP)) { +@@ -731,7 +731,7 @@ static enum sss_status sss_cli_check_socket(int *errno + *errnop = error; + break; + case 0: +- *errnop = ETIME; ++ *errnop = ETIMEDOUT; + break; + case 1: + if (pfd.revents & (POLLERR | POLLHUP)) { diff --git a/security/sssd-devel/files/patch-src__sss_client__nss_group.c b/security/sssd-devel/files/patch-src__sss_client__nss_group.c new file mode 100644 index 000000000000..bf7724ad8f4a --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__nss_group.c @@ -0,0 +1,78 @@ +--- src/sss_client/nss_group.c.orig 2023-06-05 03:48:03 UTC ++++ src/sss_client/nss_group.c +@@ -403,6 +403,75 @@ out: + return nret; + } + ++#define MIN(a, b)((a) < (b) ? (a) : (b)) ++ ++int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) ++{ ++ int ret, dupc; ++ ++ for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { ++ if (groups[dupc] == gid) ++ return 1; ++ } ++ ++ ret = 1; ++ if (*grpcnt < maxgrp) ++ groups[*grpcnt] = gid; ++ else ++ ret = 0; ++ ++ (*grpcnt)++; ++ ++ return ret; ++} ++ ++enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, ++ gid_t *groups, int maxgrp, ++ int *grpcnt) ++{ ++ struct sss_cli_req_data rd; ++ uint8_t *repbuf; ++ size_t replen; ++ enum nss_status nret; ++ uint32_t *rbuf; ++ uint32_t num_ret; ++ long int l, max_ret; ++ int errnop; ++ ++ rd.len = strlen(uname) +1; ++ rd.data = uname; ++ ++ sss_nss_lock(); ++ ++ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, ++ &repbuf, &replen, &errnop); ++ if (nret != NSS_STATUS_SUCCESS) { ++ goto done; ++ } ++ ++ /* no results if not found */ ++ num_ret = ((uint32_t *)repbuf)[0]; ++ if (num_ret == 0) { ++ free(repbuf); ++ nret = NSS_STATUS_NOTFOUND; ++ goto done; ++ } ++ max_ret = num_ret; ++ ++ gr_addgid(agroup, groups, maxgrp, grpcnt); ++ ++ rbuf = &((uint32_t *)repbuf)[2]; ++ for (l = 0; l < max_ret; l++) { ++ gr_addgid(rbuf[l], groups, maxgrp, grpcnt); ++ } ++ ++ free(repbuf); ++ nret = NSS_STATUS_SUCCESS; ++ ++done: ++ sss_nss_unlock(); ++ return nret; ++} + + enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, + char *buffer, size_t buflen, int *errnop) diff --git a/security/sssd-devel/files/patch-src__sss_client__nss_hosts.c b/security/sssd-devel/files/patch-src__sss_client__nss_hosts.c new file mode 100644 index 000000000000..2067ddab6d35 --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__nss_hosts.c @@ -0,0 +1,12 @@ +--- src/sss_client/nss_hosts.c.orig 2023-05-05 08:11:07 UTC ++++ src/sss_client/nss_hosts.c +@@ -22,6 +22,9 @@ + + #include "config.h" + ++#include ++#include ++#include + #include + #include + #include diff --git a/security/sssd-devel/files/patch-src__sss_client__nss_ipnetworks.c b/security/sssd-devel/files/patch-src__sss_client__nss_ipnetworks.c new file mode 100644 index 000000000000..f8ea2ab02944 --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__nss_ipnetworks.c @@ -0,0 +1,12 @@ +--- src/sss_client/nss_ipnetworks.c.orig 2023-05-05 08:11:07 UTC ++++ src/sss_client/nss_ipnetworks.c +@@ -22,6 +22,9 @@ + + #include "config.h" + ++#include ++#include ++#include + #include + #include + #include diff --git a/security/sssd-devel/files/patch-src__sss_client__pam_sss.c b/security/sssd-devel/files/patch-src__sss_client__pam_sss.c new file mode 100644 index 000000000000..eea95fbb5052 --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__pam_sss.c @@ -0,0 +1,11 @@ +--- src/sss_client/pam_sss.c.orig 2023-05-05 08:11:07 UTC ++++ src/sss_client/pam_sss.c +@@ -1422,7 +1422,7 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t + + pi->cli_pid = getpid(); + +- pi->login_name = pam_modutil_getlogin(pamh); ++ pi->login_name = getlogin(); + if (pi->login_name == NULL) pi->login_name=""; + + pi->domain_name = NULL; diff --git a/security/sssd-devel/files/patch-src__sss_client__pam_sss_gss.c b/security/sssd-devel/files/patch-src__sss_client__pam_sss_gss.c new file mode 100644 index 000000000000..f4721aee3f5a --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__pam_sss_gss.c @@ -0,0 +1,19 @@ +--- src/sss_client/pam_sss_gss.c.orig 2023-05-05 08:11:07 UTC ++++ src/sss_client/pam_sss_gss.c +@@ -22,7 +22,7 @@ + #include + #include + #include +-#include ++#include + #include + #include + #include +@@ -46,7 +46,6 @@ bool debug_enabled; + #define ERROR(pamh, fmt, ...) do { \ + if (debug_enabled) { \ + pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \ +- pam_syslog(pamh, LOG_ERR, fmt, ## __VA_ARGS__); \ + } \ + } while (0) + diff --git a/security/sssd-devel/files/patch-src__sss_client__sss_nss.exports b/security/sssd-devel/files/patch-src__sss_client__sss_nss.exports new file mode 100644 index 000000000000..29f97f8540b4 --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__sss_nss.exports @@ -0,0 +1,35 @@ +--- src/sss_client/sss_nss.exports.orig 2023-06-05 03:42:12 UTC ++++ src/sss_client/sss_nss.exports +@@ -3,6 +3,7 @@ EXPORTED { + # public functions + global: + ++ nss_module_register; + _nss_sss_getpwnam_r; + _nss_sss_getpwuid_r; + _nss_sss_setpwent; +@@ -14,7 +15,24 @@ EXPORTED { + _nss_sss_setgrent; + _nss_sss_getgrent_r; + _nss_sss_endgrent; ++ _nss_sss_getgroupmembership; + _nss_sss_initgroups_dyn; ++ ++ __nss_compat_getgrnam_r; ++ __nss_compat_getgrgid_r; ++ __nss_compat_getgrent_r; ++ __nss_compat_setgrent; ++ __nss_compat_endgrent; ++ ++ __nss_compat_getpwnam_r; ++ __nss_compat_getpwuid_r; ++ __nss_compat_getpwent_r; ++ __nss_compat_setpwent; ++ __nss_compat_endpwent; ++ ++ __nss_compat_gethostbyname; ++ __nss_compat_gethostbyname2; ++ __nss_compat_gethostbyaddr; + + #_nss_sss_getaliasbyname_r; + #_nss_sss_setaliasent; diff --git a/security/sssd-devel/files/patch-src__sss_client__sss_pac_responder_client.c b/security/sssd-devel/files/patch-src__sss_client__sss_pac_responder_client.c new file mode 100644 index 000000000000..048eb430f9dd --- /dev/null +++ b/security/sssd-devel/files/patch-src__sss_client__sss_pac_responder_client.c @@ -0,0 +1,19 @@ +--- src/sss_client/sss_pac_responder_client.c.orig 2023-05-05 08:11:07 UTC ++++ src/sss_client/sss_pac_responder_client.c +@@ -23,6 +23,7 @@ + #include + #include + #include ++#include + + #include + +@@ -97,7 +98,7 @@ static void *pac_client(void *arg) + size_t c; + + fprintf(stderr, "[%"SPRItime"][%d][%ld][%s] started\n", +- time(NULL), getpid(), syscall(SYS_gettid), (char *) arg); ++ time(NULL), getpid(), pthread_getthreadid_np(), (char *) arg); + for (c = 0; c < 1000; c++) { + /* sss_pac_make_request() does not protect the client's file + * descriptor to the PAC responder. With this one thread will miss a diff --git a/security/sssd-devel/files/patch-src__util__child_common.c b/security/sssd-devel/files/patch-src__util__child_common.c new file mode 100644 index 000000000000..55241535abec --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__child_common.c @@ -0,0 +1,21 @@ +--- src/util/child_common.c.orig 2023-05-05 08:11:07 UTC ++++ src/util/child_common.c +@@ -28,7 +28,6 @@ + #include + #include + #include +-#include + + #include "util/util.h" + #include "util/find_uid.h" +@@ -792,8 +791,8 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, + goto fail; + } + +- argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", +- prctl(PR_GET_DUMPABLE)); ++ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", 0); ++ + if (argv[argc] == NULL) { + ret = ENOMEM; + goto fail; diff --git a/security/sssd-devel/files/patch-src__util__nss_dl_load.c b/security/sssd-devel/files/patch-src__util__nss_dl_load.c new file mode 100644 index 000000000000..a3d9496d5b85 --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__nss_dl_load.c @@ -0,0 +1,28 @@ +--- src/util/nss_dl_load.c.orig 2023-05-05 08:11:07 UTC ++++ src/util/nss_dl_load.c +@@ -24,6 +24,7 @@ + #include "util/util_errors.h" + #include "util/debug.h" + #include "nss_dl_load.h" ++#include "util/sss_bsd_errno.h" + + + #define NSS_FN_NAME "_nss_%s_%s" +@@ -36,7 +37,7 @@ static void *proxy_dlsym(void *handle, + char *funcname; + void *funcptr; + +- funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name); ++ funcname = talloc_asprintf(NULL, "%s", name); + if (funcname == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); + return NULL; +@@ -56,7 +57,7 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, + char *libpath; + size_t i; + +- libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname); ++ libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname); + if (libpath == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); + return ENOMEM; diff --git a/security/sssd-devel/files/patch-src__util__server.c b/security/sssd-devel/files/patch-src__util__server.c new file mode 100644 index 000000000000..4f2e0ee84542 --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__server.c @@ -0,0 +1,53 @@ +--- src/util/server.c.orig 2023-05-05 08:11:07 UTC ++++ src/util/server.c +@@ -30,17 +30,12 @@ + #include + #include + #include +-#include + #include + #include "util/util.h" + #include "confdb/confdb.h" + #include "util/sss_chain_id.h" + #include "util/sss_chain_id_tevent.h" + +-#ifdef HAVE_PRCTL +-#include +-#endif +- + static TALLOC_CTX *autofree_ctx; + + static void server_atexit(void) +@@ -317,10 +312,13 @@ static void setup_signals(void) + BlockSignals(false, SIGTERM); + + #ifndef HAVE_PRCTL +- /* If prctl is not defined on the system, try to handle +- * some common termination signals gracefully */ ++ /* If prctl is not defined on the system, try to handle ++ * some common termination signals gracefully */ ++ (void) sig_segv_abrt; /* unused */ ++ /* + CatchSignal(SIGSEGV, sig_segv_abrt); + CatchSignal(SIGABRT, sig_segv_abrt); ++ */ + #endif + + } +@@ -747,6 +745,8 @@ int server_setup(const char *name, bool is_responder, + DEBUG(SSSDBG_FATAL_FAILURE, "Failed to determine "CONFDB_MONITOR_DUMPABLE"\n"); + return ret; + } ++ ++#ifdef HAVE_PRCTL + ret = prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0); + if (ret != 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set PR_SET_DUMPABLE\n"); +@@ -754,6 +754,7 @@ int server_setup(const char *name, bool is_responder, + } else if (!dumpable) { + DEBUG(SSSDBG_IMPORTANT_INFO, "Core dumps are disabled!\n"); + } ++#endif + + sss_chain_id_setup(ctx->event_ctx); + diff --git a/security/sssd-devel/files/patch-src__util__sss_krb5.c b/security/sssd-devel/files/patch-src__util__sss_krb5.c new file mode 100644 index 000000000000..fdf463bdad02 --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__sss_krb5.c @@ -0,0 +1,11 @@ +--- src/util/sss_krb5.c.orig 2023-05-05 08:11:07 UTC ++++ src/util/sss_krb5.c +@@ -17,6 +17,8 @@ + You should have received a copy of the GNU General Public License + along with this program. If not, see . + */ ++#include ++#include + #include + #include + #include diff --git a/security/sssd-devel/files/patch-src__util__sss_pam_data.h b/security/sssd-devel/files/patch-src__util__sss_pam_data.h new file mode 100644 index 000000000000..d915f987ea78 --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__sss_pam_data.h @@ -0,0 +1,10 @@ +--- src/util/sss_pam_data.h.orig 2023-05-05 08:11:07 UTC ++++ src/util/sss_pam_data.h +@@ -24,6 +24,7 @@ + #include "config.h" + #include + #include ++#include + #ifdef USE_KEYRING + #include + #include diff --git a/security/sssd-devel/files/patch-src__util__sss_sockets.c b/security/sssd-devel/files/patch-src__util__sss_sockets.c new file mode 100644 index 000000000000..39b90227f06a --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__sss_sockets.c @@ -0,0 +1,30 @@ +--- src/util/sss_sockets.c.orig 2023-05-05 08:11:07 UTC ++++ src/util/sss_sockets.c +@@ -144,18 +144,6 @@ errno_t set_fd_common_opts(int fd, int timeout) + "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret, + strerror(ret)); + } +- +- if (domain != AF_UNIX && type == SOCK_STREAM) { +- milli = timeout * 1000; /* timeout in milliseconds */ +- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, +- sizeof(milli)); +- if (ret != 0) { +- ret = errno; +- DEBUG(SSSDBG_FUNC_DATA, +- "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, +- strerror(ret)); +- } +- } + } + + return EOK; +@@ -258,7 +246,7 @@ static void sssd_async_connect_done(struct tevent_cont + + talloc_zfree(fde); + +- if (ret == EOK) { ++ if (ret == EOK || ret == EISCONN) { + tevent_req_done(req); + } else { + ret = errno; diff --git a/security/sssd-devel/files/patch-src__util__util.c b/security/sssd-devel/files/patch-src__util__util.c new file mode 100644 index 000000000000..1b99481ea1c8 --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__util.c @@ -0,0 +1,19 @@ +--- src/util/util.c.orig 2023-05-05 08:11:07 UTC ++++ src/util/util.c +@@ -763,6 +763,16 @@ errno_t sss_fd_nonblocking(int fd) + return EOK; + } + ++int flb_timezone(void) ++{ ++ struct tm tm; ++ time_t t = 0; ++ tzset(); ++ localtime_r(&t, &tm); ++ return -(tm.tm_gmtoff); ++} ++#define timezone (flb_timezone()) ++ + /* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime) + * to unix time (seconds since epoch). Use UTC time zone. + */ diff --git a/security/sssd-devel/files/patch-src__util__util_creds.h b/security/sssd-devel/files/patch-src__util__util_creds.h new file mode 100644 index 000000000000..5fbec01ffe22 --- /dev/null +++ b/security/sssd-devel/files/patch-src__util__util_creds.h @@ -0,0 +1,20 @@ +--- src/util/util_creds.h.orig 2023-05-05 08:11:07 UTC ++++ src/util/util_creds.h +@@ -73,6 +73,17 @@ struct cli_creds { + #define cli_creds_get_uid(x) (x->ucred.uid) + #define cli_creds_get_gid(x) (x->ucred.gid) + ++#elif HAVE_FREEBSD ++#include ++#include ++struct cli_creds { ++ struct xucred ucred; ++ SELINUX_CTX selinux_ctx; ++}; ++ ++#define cli_creds_get_uid(x) (x->ucred.cr_uid) ++#define cli_creds_get_gid(x) (x->ucred.cr_gid) ++ + #else /* not HAVE_UCRED */ + struct cli_creds { + SELINUX_CTX selinux_ctx; diff --git a/security/sssd-devel/files/patch-src_tests_cmocka_test__authtok.c b/security/sssd-devel/files/patch-src_tests_cmocka_test__authtok.c new file mode 100644 index 000000000000..74dd25f945d4 --- /dev/null +++ b/security/sssd-devel/files/patch-src_tests_cmocka_test__authtok.c @@ -0,0 +1,10 @@ +--- src/tests/cmocka/test_authtok.c.orig 2023-05-05 08:11:07 UTC ++++ src/tests/cmocka/test_authtok.c +@@ -28,6 +28,7 @@ + #include "tests/cmocka/common_mock.h" + + #include "util/authtok.h" ++#include "util/sss_endian.h" + + + struct test_state { diff --git a/security/sssd-devel/files/pkg-message.in b/security/sssd-devel/files/pkg-message.in new file mode 100644 index 000000000000..7e20c0c872d2 --- /dev/null +++ b/security/sssd-devel/files/pkg-message.in @@ -0,0 +1,27 @@ +[ +{ type: install + message: < + + Copyright (C) 2013 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef SSS_BSD_ERRNO_H_ +#define SSS_BSD_ERRNO_H_ + +#include + +#define BSD_ERR_MASK (0xB5DE <<16) + +#ifndef EUCLEAN +#define EUCLEAN (BSD_ERR_MASK | 117) +#endif +#ifndef EMEDIUMTYPE +#define EMEDIUMTYPE (BSD_ERR_MASK | 124) +#endif +#ifndef EOWNERDEAD +#define EOWNERDEAD (BSD_ERR_MASK | 130) +#endif +#ifndef ECONNRESET +#define ECONNRESET (BSD_ERR_MASK | 104) +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT (BSD_ERR_MASK | 110) +#endif +#ifndef ENODATA +#define ENODATA (BSD_ERR_MASK | 61) +#endif +#ifndef ETIME +#define ETIME (BSD_ERR_MASK | 62) +#endif +#ifndef ELIBACC +#define ELIBACC (BSD_ERR_MASK | 79) +#endif +#ifndef ELIBBAD +#define ELIBBAD (BSD_ERR_MASK | 80) +#endif + +#endif /* SSS_BSD_ERRNO_H_ */ diff --git a/security/sssd-devel/files/sssd.in b/security/sssd-devel/files/sssd.in new file mode 100644 index 000000000000..4afded5b21d9 --- /dev/null +++ b/security/sssd-devel/files/sssd.in @@ -0,0 +1,40 @@ +#!/bin/sh + +# PROVIDE: sssd +# REQUIRE: DAEMON +# BEFORE: LOGIN +# KEYWORD: shutdown + +# Add the following lines to /etc/rc.conf to enable `sssd': +# +# sssd_enable="YES" +# +# See sssd(8) for sssd_flags +# + +. /etc/rc.subr + +name=sssd +rcvar=sssd_enable + +# read configuration and set defaults +load_rc_config "$name" + +: ${sssd_enable:=NO} +: ${sssd_conf="%%PREFIX%%/etc/sssd/sssd.conf"} +: ${sssd_flags="-D"} + +command="%%PREFIX%%/sbin/$name" +pidfile="/var/run/$name.pid" +required_files="${sssd_conf}" +start_precmd=sssd_prestart + +sssd_prestart() +{ + + for i in db/sss/db db/sss/gpo_cache db/sss/keytabs db/sss/mc db/sss/pubconf/krb5.include.d/ db/sss/secrets log/sssd run/sss/pipes/private; do + if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi + done +} + +run_rc_command "$1" diff --git a/security/sssd-devel/pkg-descr b/security/sssd-devel/pkg-descr new file mode 100644 index 000000000000..1c1539f84dd2 --- /dev/null +++ b/security/sssd-devel/pkg-descr @@ -0,0 +1,7 @@ +This project provides a set of daemons to manage access to remote +directories and authentication mechanisms, it provides an NSS and +PAM interface toward the system and a pluggable backend system to +connect to multiple different account sources. It is also the +basis to provide client auditing and policy services for projects +like FreeIPA. sssd also features caching, which can allow for +offline use to assist laptop users. diff --git a/security/sssd-devel/pkg-plist b/security/sssd-devel/pkg-plist new file mode 100644 index 000000000000..08194bf706ee --- /dev/null +++ b/security/sssd-devel/pkg-plist @@ -0,0 +1,170 @@ +bin/sss_ssh_authorizedkeys +bin/sss_ssh_knownhostsproxy +etc/pam.d/sssd-shadowutils +%%ETCDIR%%/sssd.conf.sample +include/ipa_hbac.h +include/sss_certmap.h +include/sss_idmap.h +include/sss_nss_idmap.h +lib/krb5/plugins/authdata/sssd_pac_plugin.so +lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so +lib/libipa_hbac.so +lib/libipa_hbac.so.0 +lib/libipa_hbac.so.0.1.0 +lib/libnss_sss.so.2 +lib/libsss_certmap.so +lib/libsss_certmap.so.0 +lib/libsss_certmap.so.0.2.0 +lib/libsss_idmap.so +lib/libsss_idmap.so.0 +lib/libsss_idmap.so.0.5.1 +lib/libsss_nss_idmap.so +lib/libsss_nss_idmap.so.0 +lib/libsss_nss_idmap.so.0.6.0 +lib/libsss_sudo.so +lib/nss_sss.so.1 +lib/pam_sss.so +lib/pam_sss_gss.so +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.0-py%%PYTHON_VER%%.egg-info/PKG-INFO +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.0-py%%PYTHON_VER%%.egg-info/SOURCES.txt +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.0-py%%PYTHON_VER%%.egg-info/dependency_links.txt +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.0-py%%PYTHON_VER%%.egg-info/top_level.txt +%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py +%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__%%PYTHON_EXT_SUFFIX%%.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf%%PYTHON_EXT_SUFFIX%%.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/sssdoptions%%PYTHON_EXT_SUFFIX%%.pyc +%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py +%%PYTHON_SITELIBDIR%%/SSSDConfig/sssdoptions.py +%%PYTHON_SITELIBDIR%%/pyhbac.so +%%PYTHON_SITELIBDIR%%/pysss.so +%%PYTHON_SITELIBDIR%%/pysss_murmur.so +%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so +%%PYTHON_SITELIBDIR%%/sssd/__init__.py +%%PYTHON_SITELIBDIR%%/sssd/modules/__init__.py +%%PYTHON_SITELIBDIR%%/sssd/modules/request.py +%%PYTHON_SITELIBDIR%%/sssd/parser.py +%%PYTHON_SITELIBDIR%%/sssd/source_files.py +%%PYTHON_SITELIBDIR%%/sssd/source_journald.py +%%PYTHON_SITELIBDIR%%/sssd/source_reader.py +%%PYTHON_SITELIBDIR%%/sssd/sss_analyze.py +lib/samba4/modules/idmap/sss.so +lib/shared-modules/ldb/memberof.so +lib/sssd/conf/sssd.conf +lib/sssd/libifp_iface.so +lib/sssd/libifp_iface_sync.so +lib/sssd/libsss_ad.so +lib/sssd/libsss_cert.so +lib/sssd/libsss_child.so +lib/sssd/libsss_crypt.so +lib/sssd/libsss_debug.so +lib/sssd/libsss_files.so +lib/sssd/libsss_iface.so +lib/sssd/libsss_iface_sync.so +lib/sssd/libsss_ipa.so +lib/sssd/libsss_krb5.so +lib/sssd/libsss_krb5_common.so +lib/sssd/libsss_ldap.so +lib/sssd/libsss_ldap_common.so +lib/sssd/libsss_proxy.so +lib/sssd/libsss_sbus.so +lib/sssd/libsss_sbus_sync.so +lib/sssd/libsss_semanage.so +lib/sssd/libsss_simple.so +lib/sssd/libsss_util.so +lib/sssd/modules/sssd_krb5_idp_plugin.so +lib/sssd/modules/sssd_krb5_localauth_plugin.so +lib/sssd/modules/sssd_krb5_passkey_plugin.so +libdata/pkgconfig/ipa_hbac.pc +libdata/pkgconfig/sss_certmap.pc +libdata/pkgconfig/sss_idmap.pc +libdata/pkgconfig/sss_nss_idmap.pc +libexec/sssd/gpo_child +libexec/sssd/krb5_child +libexec/sssd/ldap_child +libexec/sssd/oidc_child +libexec/sssd/p11_child +libexec/sssd/passkey_child +libexec/sssd/proxy_child +libexec/sssd/sss_analyze +libexec/sssd/sss_signal +libexec/sssd/sssd_be +libexec/sssd/sssd_ifp +libexec/sssd/sssd_kcm +libexec/sssd/sssd_nss +libexec/sssd/sssd_pac +libexec/sssd/sssd_pam +libexec/sssd/sssd_ssh +libexec/sssd/sssd_sudo +man/man1/sss_ssh_authorizedkeys.1.gz +man/man1/sss_ssh_knownhostsproxy.1.gz +man/man5/sss-certmap.5.gz +man/man5/sssd-ad.5.gz +man/man5/sssd-files.5.gz +man/man5/sssd-ifp.5.gz +man/man5/sssd-ipa.5.gz +man/man5/sssd-krb5.5.gz +man/man5/sssd-ldap-attributes.5.gz +man/man5/sssd-ldap.5.gz +man/man5/sssd-session-recording.5.gz +man/man5/sssd-simple.5.gz +man/man5/sssd-sudo.5.gz +man/man5/sssd.conf.5.gz +man/man8/idmap_sss.8.gz +man/man8/pam_sss.8.gz +man/man8/pam_sss_gss.8.gz +man/man8/sss_cache.8.gz +man/man8/sss_debuglevel.8.gz +man/man8/sss_obfuscate.8.gz +man/man8/sss_override.8.gz +man/man8/sss_seed.8.gz +man/man8/sssctl.8.gz +man/man8/sssd-kcm.8.gz +man/man8/sssd.8.gz +man/man8/sssd_krb5_localauth_plugin.8.gz +man/man8/sssd_krb5_locator_plugin.8.gz +sbin/sss_cache +sbin/sss_debuglevel +sbin/sss_obfuscate +sbin/sss_override +sbin/sss_seed +sbin/sssctl +sbin/sssd +share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service +share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%%DATADIR%%/dbus-1/system-services/org.freedesktop.sssd.infopipe.service +%%DATADIR%%/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%%DATADIR%%/sssd-kcm/kcm_default_ccache +%%DATADIR%%/sssd/cfg_rules.ini +%%DATADIR%%/sssd/krb5-snippets/enable_sssd_conf_dir +%%DATADIR%%/sssd/krb5-snippets/sssd_enable_idp +%%DATADIR%%/sssd/krb5-snippets/sssd_enable_passkey +%%DATADIR%%/sssd/sssd.api.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-ad.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-files.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-ipa.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-krb5.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-ldap.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-proxy.conf +%%DATADIR%%/sssd/sssd.api.d/sssd-simple.conf +@dir %%ETCDIR%%/conf.d +@dir %%ETCDIR%%/pki +@dir lib/ldb +@dir %%DOCSDIR%%/doc +@dir %%DOCSDIR%%/hbac_doc +@dir %%DOCSDIR%%/idmap_doc +@dir %%DOCSDIR%%/nss_idmap_doc +@dir /var/db/sss/db +@dir /var/db/sss/deskprofile +@dir /var/db/sss/gpo_cache +@dir /var/db/sss/keytabs +@dir /var/db/sss/mc +@dir /var/db/sss/pubconf/krb5.include.d +@dir /var/db/sss/pubconf +@dir /var/db/sss +@dir /var/lib/sss/secrets +@dir /var/lib/sss +@dir /var/lib +@dir /var/log/sssd +@dir /var/run/sss/pipes/private +@dir /var/run/sss/pipes +@dir /var/run/sss