Index: head/security/sssd/Makefile =================================================================== --- head/security/sssd/Makefile (revision 353156) +++ head/security/sssd/Makefile (revision 353157) @@ -1,111 +1,117 @@ # Created by: Lukas Slebodnik # $FreeBSD$ PORTNAME= sssd DISTVERSION= 1.9.6 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security MASTER_SITES= https://fedorahosted.org/released/${PORTNAME}/ \ http://mirrors.rit.edu/zi/ MAINTAINER= lukas.slebodnik@intrak.sk COMMENT= System Security Services Daemon LICENSE= GPLv3 LIB_DEPENDS= libpopt.so:${PORTSDIR}/devel/popt \ libtalloc.so:${PORTSDIR}/devel/talloc \ libtevent.so:${PORTSDIR}/devel/tevent \ libtdb.so:${PORTSDIR}/databases/tdb \ libldb.so:${PORTSDIR}/databases/ldb \ libcares.so:${PORTSDIR}/dns/c-ares \ libdbus-1.so:${PORTSDIR}/devel/dbus \ libdhash.so:${PORTSDIR}/devel/ding-libs \ libpcre.so:${PORTSDIR}/devel/pcre \ libunistring.so:${PORTSDIR}/devel/libunistring \ libnss3.so:${PORTSDIR}/security/nss \ libsasl2.so:${PORTSDIR}/security/cyrus-sasl2 \ libkrb5.so:${PORTSDIR}/security/krb5 \ libinotify.so:${PORTSDIR}/devel/libinotify BUILD_DEPENDS= xmlcatalog:${PORTSDIR}/textproc/libxml2 \ docbook-xsl>=1:${PORTSDIR}/textproc/docbook-xsl \ xsltproc:${PORTSDIR}/textproc/libxslt \ xmlcatmgr:${PORTSDIR}/textproc/xmlcatmgr \ krb5>=1.10:${PORTSDIR}/security/krb5 \ nsupdate:${PORTSDIR}/dns/bind99 GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb/ \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ --docdir=${DOCSDIR} --with-pid-path=/var/run \ --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \ --with-unicode-lib=libunistring --with-autofs=no CFLAGS+= -fstack-protector-all PLIST_SUB= PYTHON_VER=${PYTHON_VER} #DEBUG_FLAGS= -g MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" SUB_FILES= pkg-message USE_AUTOTOOLS= autoconf automake aclocal libtool AUTOMAKE_ARGS= --add-missing USE_LDCONFIG= yes USE_PYTHON= yes USE_OPENLDAP= yes USES= gettext gmake iconv pkgconfig USE_RC_SUBR= ${PORTNAME} PORTDATA= * .include .if ${ARCH} == "ia64" || ${ARCH} == "powerpc" || ${ARCH} == "sparc64" BROKEN= Does not link on ia64, powerpc, or sparc64 .endif post-patch: @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c @${REINPLACE_CMD} -e '/#define SIZE_T_MAX ((size_t) -1)/d' \ ${WRKSRC}/src/util/util.h @${REINPLACE_CMD} -e '/pam_misc/d' \ ${WRKSRC}/src/sss_client/pam_test_client.c @${REINPLACE_CMD} -e 's|security/pam_misc.h||g' \ ${WRKSRC}/configure* ${WRKSRC}/src/external/pam.m4 @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \ -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \ -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \ -e '/ETIME/d' \ -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \ ${WRKSRC}/src/sss_client/common.c @${REINPLACE_CMD} -e 's|security/_pam_macros.h|pam_macros.h|g' \ ${WRKSRC}/src/sss_client/sss_pam_macros.h @${REINPLACE_CMD} -e 's|#include ||g' \ -e 's|PAM_BAD_ITEM|PAM_USER_UNKNOWN|g' \ -e 's|security/pam_ext.h|security/pam_appl.h|g' \ -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \ -e 's|pam_vsyslog(pamh,|vsyslog(|g' \ ${WRKSRC}/src/sss_client/pam_sss.c @${REINPLACE_CMD} -e '/..MAKE. ..AM_MAKEFLAGS. install-data-hook/d' \ ${WRKSRC}/Makefile.in @${REINPLACE_CMD} -e 's|libdir)/pkgconfig|prefix)/libdata/pkgconfig|' \ -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ -e 's|install-data-hook|notinstall-data-hook|g' \ -e 's| -lpam_misc||g' \ ${WRKSRC}/Makefile.in ${WRKSRC}/Makefile.am @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ ${WRKSRC}/src/man/*xml @${CP} ${FILESDIR}/pam_macros.h ${WRKSRC}/pam_macros.h @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h post-install: ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf ${STAGEDIR}${ETCDIR}/sssd.conf.sample (cd ${STAGEDIR}${PREFIX}/lib && ${LN} -s nss_sss.so.2 nss_sss.so.1) (cd ${STAGEDIR}${PREFIX}/lib && ${LN} -s pam_sss.so pam_sss.so.5) @${RM} -f ${STAGEDIR}${PREFIX}/lib/ldb/memberof.la + + # clean these up from the install; we create them in rc script start_precmd +.for VARDIRS in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss + @${RMDIR} ${STAGEDIR}/var/${VARDIRS} +.endfor + .include Index: head/security/sssd/files/patch-src__man__pam_sss.8.xml =================================================================== --- head/security/sssd/files/patch-src__man__pam_sss.8.xml (nonexistent) +++ head/security/sssd/files/patch-src__man__pam_sss.8.xml (revision 353157) @@ -0,0 +1,43 @@ +From 1a7794d0e3c9fa47f7b0256518186ce214e93504 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik +Date: Sat, 22 Mar 2014 15:09:34 +0100 +Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml + +--- + src/man/pam_sss.8.xml | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml +index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296bec2d8e739 100644 +--- src/man/pam_sss.8.xml ++++ src/man/pam_sss.8.xml +@@ -37,6 +37,9 @@ + + retry=N + ++ ++ ignore_unknown_user ++ + + + +@@ -103,6 +106,16 @@ + . + + ++ ++ ++ ++ ++ ++ If this option is specified and the user does not ++ exist, the PAM module will return PAM_IGNORE. This causes ++ the PAM framework to ignore this module. ++ ++ + + + +-- +1.8.5.3 + Property changes on: head/security/sssd/files/patch-src__man__pam_sss.8.xml ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Index: head/security/sssd/files/patch-src__sss_client__pam_sss.c =================================================================== --- head/security/sssd/files/patch-src__sss_client__pam_sss.c (revision 353156) +++ head/security/sssd/files/patch-src__sss_client__pam_sss.c (revision 353157) @@ -1,29 +1,68 @@ -From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001 +From 68fcd5f830b6451de5fd9d697fa6602dc3ca9972 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Sat, 27 Jul 2013 15:02:31 +0200 -Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c +Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c --- - src/sss_client/pam_sss.c | 2 ++ - 1 file changed, 2 insertions(+) + src/sss_client/pam_sss.c | 13 +++++++++++++ + 1 file changed, 13 insertions(+) diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c -index 3734c8f..7110d38 100644 +index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe4101d2268f3 100644 --- src/sss_client/pam_sss.c +++ src/sss_client/pam_sss.c -@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) +@@ -52,6 +52,7 @@ + #define FLAGS_USE_FIRST_PASS (1 << 0) + #define FLAGS_FORWARD_PASS (1 << 1) + #define FLAGS_USE_AUTHTOK (1 << 2) ++#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3) + #define PWEXP_FLAG "pam_sss:password_expired_flag" + #define FD_DESTRUCTOR "pam_sss:fd_destructor" +@@ -125,10 +126,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) + static void close_fd(pam_handle_t *pamh, void *ptr, int err) { +#ifdef PAM_DATA_REPLACE if (err & PAM_DATA_REPLACE) { /* Nothing to do */ return; } +#endif /* PAM_DATA_REPLACE */ D(("Closing the fd")); sss_pam_close_fd(); +@@ -1292,6 +1295,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv, + } + } else if (strcmp(*argv, "quiet") == 0) { + *quiet_mode = true; ++ } else if (strcmp(*argv, "ignore_unknown_user") == 0) { ++ *flags |= FLAGS_IGNORE_UNKNOWN_USER; + } else { + logger(pamh, LOG_WARNING, "unknown option: %s", *argv); + } +@@ -1429,6 +1434,9 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + ret = get_pam_items(pamh, &pi); + if (ret != PAM_SUCCESS) { + D(("get items returned error: %s", pam_strerror(pamh,ret))); ++ if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) { ++ ret = PAM_IGNORE; ++ } + return ret; + } + +@@ -1467,6 +1475,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh, + + pam_status = send_and_receive(pamh, &pi, task, quiet_mode); + ++ if (flags & FLAGS_IGNORE_UNKNOWN_USER ++ && pam_status == PAM_USER_UNKNOWN) { ++ pam_status = PAM_IGNORE; ++ } ++ + switch (task) { + case SSS_PAM_AUTHENTICATE: + /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during -- -1.8.0 +1.8.5.3 Index: head/security/sssd/files/sssd.in =================================================================== --- head/security/sssd/files/sssd.in (revision 353156) +++ head/security/sssd/files/sssd.in (revision 353157) @@ -1,32 +1,42 @@ #!/bin/sh # # $FreeBSD$ # # PROVIDE: sssd # REQUIRE: DAEMON # BEFORE: LOGIN # KEYWORD: shutdown # Add the following lines to /etc/rc.conf to enable `sssd': # # sssd_enable="YES" # # See sssd(8) for sssd_flags # . /etc/rc.subr -name="sssd" +name=sssd rcvar=sssd_enable +# read configuration and set defaults +load_rc_config "$name" + +: ${sssd_enable:=NO} +: ${sssd_conf="%%PREFIX%%/etc/sssd/ssd.conf"} +: ${sssd_flags="-f -D"} + command="%%PREFIX%%/sbin/$name" -sssd_flags="-f -D" pidfile="/var/run/$name.pid" -required_files="%%PREFIX%%/etc/$name/$name.conf" +required_files="${sssd_conf}" +start_precmd=sssd_prestart -# read configuration and set defaults -load_rc_config "$name" -: ${sssd_enable="NO"} +sssd_prestart() +{ + for i in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss; do + if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi + done +} run_rc_command "$1"