Index: head/security/sssd/Makefile =================================================================== --- head/security/sssd/Makefile (revision 529823) +++ head/security/sssd/Makefile (revision 529824) @@ -1,112 +1,114 @@ # Created by: Lukas Slebodnik # $FreeBSD$ PORTNAME= sssd PORTVERSION= 1.11.7 -PORTREVISION= 19 +PORTREVISION= 20 CATEGORIES= security MASTER_SITES= https://releases.pagure.org/SSSD/${PORTNAME}/ MAINTAINER= lukas.slebodnik@intrak.sk COMMENT= System Security Services Daemon LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING DEPRECATED= Uses deprecated version of python EXPIRATION_DATE= 2020-09-15 LIB_DEPENDS= libpopt.so:devel/popt \ libtalloc.so:devel/talloc \ libtevent.so:devel/tevent \ libtdb.so:databases/tdb \ libldb.so:databases/ldb14 \ libcares.so:dns/c-ares \ libdbus-1.so:devel/dbus \ libdhash.so:devel/ding-libs \ libpcre.so:devel/pcre \ libunistring.so:devel/libunistring \ libnss3.so:security/nss \ libsasl2.so:security/cyrus-sasl2 \ libinotify.so:devel/libinotify \ libplds4.so:devel/nspr BUILD_DEPENDS= xmlcatalog:textproc/libxml2 \ docbook-xsl>=1:textproc/docbook-xsl \ xsltproc:textproc/libxslt \ xmlcatmgr:textproc/xmlcatmgr \ krb5>=1.10:security/krb5 \ nsupdate:dns/bind-tools +USES= autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \ + python:2.7 shebangfix gssapi:mit + +USE_LDCONFIG= yes +USE_OPENLDAP= yes + GNU_CONFIGURE= yes CONFIGURE_ARGS= --with-selinux=no --with-semanage=no \ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ --with-libnl=no --with-init-dir=no --datadir=${DATADIR} \ --docdir=${DOCSDIR} --with-pid-path=/var/run \ --localstatedir=/var --enable-pammoddir=${PREFIX}/lib \ --with-db-path=/var/db/sss --with-pipe-path=/var/run/sss \ --with-pubconf-path=/var/run/sss --with-mcache-path=/var/db/sss_mc \ --with-unicode-lib=libunistring --with-autofs=no \ --disable-cifs-idmap-plugin --disable-config-lib \ --with-krb5-conf=/etc/krb5.conf CFLAGS+= -fstack-protector-all PLIST_SUB= PYTHON_VER=${PYTHON_VER} #DEBUG_FLAGS= -g MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" SUB_FILES= pkg-message -USE_LDCONFIG= yes -USE_OPENLDAP= yes -USES= autoreconf cpe gettext gmake iconv libtool pathfix pkgconfig \ - python:2.7 shebangfix gssapi:mit INSTALL_TARGET= install-strip CPE_VENDOR= fedoraproject SHEBANG_FILES= src/tools/sss_obfuscate \ src/sbus/sbus_codegen USE_RC_SUBR= ${PORTNAME} PORTDATA= * OPTIONS_DEFINE= DOCS SMB OPTIONS_SUB= yes SMB_DESC= Install IPA and AD providers (requires Samba4) SMB_USES= samba:lib # libndr-krb5pac libndr-nbt libndr libsamba-util SMB_CONFIGURE_WITH= samba post-patch: @${REINPLACE_CMD} -e 's|SIGCLD|SIGCHLD|g' ${WRKSRC}/src/util/signal.c @${REINPLACE_CMD} -e 's|NSS_STATUS_NOTFOUND|NS_NOTFOUND|g' \ -e 's|NSS_STATUS_UNAVAIL|NS_UNAVAIL|g' \ -e 's|NSS_STATUS_TRYAGAIN|NS_TRYAGAIN|g' \ -e '/ETIME/d' \ -e 's|NSS_STATUS_SUCCESS|NS_SUCCESS|g' \ ${WRKSRC}/src/sss_client/common.c @${REINPLACE_CMD} \ -e 's|pam_modutil_getlogin(pamh)|getlogin()|g' \ ${WRKSRC}/src/sss_client/pam_sss.c @${REINPLACE_CMD} \ -e 's|install-data-hook install-dist_initSCRIPTS|install-dist_initSCRIPTS|g' \ -e 's|install-data-hook|notinstall-data-hook|g' \ ${WRKSRC}/Makefile.am @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ ${WRKSRC}/src/man/*xml @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h post-install: ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \ ${STAGEDIR}${ETCDIR}/sssd.conf.sample ${LN} -sf nss_sss.so ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1 # clean these up from the install; we create them in rc script start_precmd .for d in db/sss db/sss_mc log/sssd run/sss/krb5.include.d run/sss/private run/sss @${RMDIR} ${STAGEDIR}/var/${d} .endfor # clean unused man dirs .for i in nl/man1 nl/man5 pt/man1 pt/man5 @${RMDIR} ${STAGEDIR}${PREFIX}/man/${i} .endfor .include Index: head/security/sssd/files/patch-Makefile.am =================================================================== --- head/security/sssd/files/patch-Makefile.am (revision 529823) +++ head/security/sssd/files/patch-Makefile.am (revision 529824) @@ -1,61 +1,68 @@ -diff --git Makefile.am Makefile.am -index fd74d85..4a7e6ae 100644 ---- Makefile.am +--- Makefile.am.orig 2020-03-16 18:30:24 UTC +++ Makefile.am @@ -311,6 +311,7 @@ AM_CPPFLAGS = \ $(LIBNL_CFLAGS) \ $(OPENLDAP_CFLAGS) \ $(GLIB2_CFLAGS) \ + -DHOST_NAME_MAX=_POSIX_HOST_NAME_MAX \ -DLIBDIR=\"$(libdir)\" \ -DVARDIR=\"$(localstatedir)\" \ -DSHLIBEXT=\"$(SHLIBEXT)\" \ @@ -378,6 +379,7 @@ SSSD_LIBS = \ $(DHASH_LIBS) \ $(SSS_CRYPT_LIBS) \ $(OPENLDAP_LIBS) \ + $(LTLIBINTL) \ $(TDB_LIBS) PYTHON_BINDINGS_LIBS = \ @@ -433,6 +435,7 @@ dist_noinst_HEADERS = \ src/util/sss_ssh.h \ src/util/sss_ini.h \ src/util/sss_format.h \ + src/util/sss_bsd_errno.h \ src/util/refcount.h \ src/util/find_uid.h \ src/util/user_info_msg.h \ @@ -1700,9 +1703,10 @@ endif # Client Libraries # #################### -nsslib_LTLIBRARIES = libnss_sss.la -libnss_sss_la_SOURCES = \ +nsslib_LTLIBRARIES = nss_sss.la +nss_sss_la_SOURCES = \ src/sss_client/common.c \ + src/sss_client/bsdnss.c \ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ @@ -1715,9 +1719,9 @@ libnss_sss_la_SOURCES = \ src/sss_client/nss_mc_passwd.c \ src/sss_client/nss_mc_group.c \ src/sss_client/nss_mc.h -libnss_sss_la_LIBADD = \ +nss_sss_la_LIBADD = \ $(CLIENT_LIBS) -libnss_sss_la_LDFLAGS = \ +nss_sss_la_LDFLAGS = \ -module \ -version-info 2:0:0 \ -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports @@ -2086,6 +2090,7 @@ ldap_child_LDADD = \ $(POPT_LIBS) \ $(OPENLDAP_LIBS) \ $(DHASH_LIBS) \ + $(LTLIBINTL) \ $(KRB5_LIBS) proxy_child_SOURCES = \ +@@ -2333,7 +2338,7 @@ else + mkdir -p $(DESTDIR)$(initdir) + endif + +-install-data-hook: ++notinstall-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 Index: head/security/sssd/files/patch-configure.ac =================================================================== --- head/security/sssd/files/patch-configure.ac (revision 529823) +++ head/security/sssd/files/patch-configure.ac (revision 529824) @@ -1,21 +1,20 @@ ---- configure.ac.orig 2013-11-06 18:35:03 UTC +--- configure.ac.orig 2014-09-17 13:01:37 UTC +++ configure.ac -@@ -5,15 +5,15 @@ AC_INIT([sssd], +@@ -5,14 +5,14 @@ AC_INIT([sssd], VERSION_NUMBER, [sssd-devel@lists.fedorahosted.org]) +AC_CONFIG_SRCDIR([BUILD.txt]) +AC_CONFIG_AUX_DIR([build]) + m4_ifdef([AC_USE_SYSTEM_EXTENSIONS], [AC_USE_SYSTEM_EXTENSIONS], [AC_GNU_SOURCE]) CFLAGS="$CFLAGS -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE" - +- -AC_CONFIG_SRCDIR([BUILD.txt]) -AC_CONFIG_AUX_DIR([build]) -- + AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) AM_PROG_CC_C_O - m4_ifdef([AM_PROG_AR], [AM_PROG_AR]) Index: head/security/sssd/files/patch-src__confdb__confdb.c =================================================================== --- head/security/sssd/files/patch-src__confdb__confdb.c (revision 529823) +++ head/security/sssd/files/patch-src__confdb__confdb.c (revision 529824) @@ -1,16 +1,14 @@ -diff --git src/confdb/confdb.c src/confdb/confdb.c -index 19d8884..67720f7 100644 ---- src/confdb/confdb.c +--- src/confdb/confdb.c.orig 2014-09-17 13:01:37 UTC +++ src/confdb/confdb.c @@ -28,6 +28,11 @@ #include "util/strtonum.h" #include "db/sysdb.h" +char *strchrnul(const char *s, int ch) { + char *ret = strchr(s, ch); + return ret == NULL ? discard_const_p(char, s) + strlen(s) : ret; +} + #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ Index: head/security/sssd/files/patch-src__external__inotify.m4 =================================================================== --- head/security/sssd/files/patch-src__external__inotify.m4 (revision 529823) +++ head/security/sssd/files/patch-src__external__inotify.m4 (revision 529824) @@ -1,17 +1,15 @@ -diff --git src/external/inotify.m4 src/external/inotify.m4 -index 9572f6d..2a5a8cf 100644 ---- src/external/inotify.m4 +--- src/external/inotify.m4.orig 2014-09-17 13:01:37 UTC +++ src/external/inotify.m4 @@ -20,10 +20,10 @@ int main () { AS_IF([test x"$inotify_works" != xyes], [AC_CHECK_LIB([inotify], [inotify_init], - [INOTIFY_LIBS="$sss_extra_libdir -linotify" + [INOTIFY_LIBS="-L$sss_extra_libdir -linotify" inotify_works=yes], [inotify_works=no], - [$sss_extra_libdir])] + [-L$sss_extra_libdir])] ) AS_IF([test x"$inotify_works" = xyes], Index: head/security/sssd/files/patch-src__external__krb5.m4 =================================================================== --- head/security/sssd/files/patch-src__external__krb5.m4 (revision 529823) +++ head/security/sssd/files/patch-src__external__krb5.m4 (revision 529824) @@ -1,13 +1,11 @@ -diff --git src/external/krb5.m4 src/external/krb5.m4 -index 861c8c9..978ec03 100644 ---- src/external/krb5.m4 +--- src/external/krb5.m4.orig 2014-09-17 13:01:37 UTC +++ src/external/krb5.m4 @@ -9,7 +9,7 @@ if test x$KRB5_CFLAGS != x; then KRB5_PASSED_CFLAGS=$KRB5_CFLAGS fi -AC_PATH_PROG(KRB5_CONFIG, krb5-config) +AC_PATH_PROG(KRB5_CONFIG, krb5-config, [], [/usr/local/bin:$PATH]) AC_MSG_CHECKING(for working krb5-config) if test -x "$KRB5_CONFIG"; then KRB5_CFLAGS="`$KRB5_CONFIG --cflags`" Index: head/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c =================================================================== --- head/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (revision 529823) +++ head/security/sssd/files/patch-src__providers__krb5__krb5_delayed_online_authentication.c (revision 529824) @@ -1,20 +1,18 @@ -diff --git src/providers/krb5/krb5_delayed_online_authentication.c src/providers/krb5/krb5_delayed_online_authentication.c -index 33b839e..da6ccfc 100644 ---- src/providers/krb5/krb5_delayed_online_authentication.c +--- src/providers/krb5/krb5_delayed_online_authentication.c.orig 2014-09-17 13:01:37 UTC +++ src/providers/krb5/krb5_delayed_online_authentication.c -@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, +@@ -320,6 +320,7 @@ errno_t init_delayed_online_authentication(struct krb5 struct tevent_context *ev) { int ret; +#ifdef __linux__ hash_table_t *tmp_table; ret = get_uid_table(krb5_ctx, &tmp_table); -@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5_ctx *krb5_ctx, +@@ -339,6 +340,7 @@ errno_t init_delayed_online_authentication(struct krb5 "hash_destroy failed [%s].\n", hash_error_string(ret)); return EFAULT; } +#endif /* __linux__ */ krb5_ctx->deferred_auth_ctx = talloc_zero(krb5_ctx, struct deferred_auth_ctx); Index: head/security/sssd/files/patch-src__providers__ldap__ldap_auth.c =================================================================== --- head/security/sssd/files/patch-src__providers__ldap__ldap_auth.c (revision 529823) +++ head/security/sssd/files/patch-src__providers__ldap__ldap_auth.c (revision 529824) @@ -1,113 +1,111 @@ -diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c -index 2aacce0..e019cf7 100644 ---- src/providers/ldap/ldap_auth.c +--- src/providers/ldap/ldap_auth.c.orig 2014-09-17 13:01:37 UTC +++ src/providers/ldap/ldap_auth.c @@ -37,7 +37,6 @@ #include #include -#include #include #include "util/util.h" @@ -56,6 +55,22 @@ enum pwexpire { PWEXPIRE_SHADOW }; +struct spwd +{ + char *sp_namp; /* Login name. */ + char *sp_pwdp; /* Encrypted password. */ + long int sp_lstchg; /* Date of last change. */ + long int sp_min; /* Minimum number of days between changes. */ + long int sp_max; /* Maximum number of days between changes. */ + long int sp_warn; /* Number of days to warn user to change + the password. */ + long int sp_inact; /* Number of days the account may be + inactive. */ + long int sp_expire; /* Number of days since 1970-01-01 until + account expires. */ + unsigned long int sp_flag; /* Reserved. */ +}; + static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, +@@ -109,6 +124,7 @@ static errno_t check_pwexpire_kerberos(const char *exp return EINVAL; } + tzset(); expire_time = mktime(&tm); if (expire_time == -1) { DEBUG(SSSDBG_CRIT_FAILURE, -@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, +@@ -116,12 +132,10 @@ static errno_t check_pwexpire_kerberos(const char *exp return EINVAL; } - tzset(); - expire_time -= timezone; DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], - tzname[1], timezone, daylight, now, expire_time); + "Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%ld] expire_time [%ld].\n", tzname[0], + tzname[1], now, expire_time); if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "Kerberos password expired.\n"); @@ -924,7 +938,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) DEBUG(SSSDBG_OP_FAILURE, "starting password change request for user [%s].\n", pd->user); - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(SSSDBG_OP_FAILURE, -@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) +@@ -1069,7 +1083,7 @@ static void sdap_auth4chpass_done(struct tevent_req *r dp_err = DP_ERR_OFFLINE; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; } done: -@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) +@@ -1131,7 +1145,7 @@ static void sdap_pam_chpass_done(struct tevent_req *re state->sh, state->dn, lastchanged_name); if (subreq == NULL) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *req) +@@ -1152,7 +1166,7 @@ static void sdap_lastchange_done(struct tevent_req *re ret = sdap_modify_shadow_lastchange_recv(req); if (ret != EOK) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } @@ -1193,7 +1207,7 @@ void sdap_pam_auth_handler(struct be_req *breq) goto done; } - pd->pam_status = PAM_SYSTEM_ERR; + pd->pam_status = PAM_SERVICE_ERR; switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: @@ -1291,7 +1305,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; default: - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; dp_err = DP_ERR_FATAL; } Index: head/security/sssd/files/patch-src__providers__ldap__sdap_access.c =================================================================== --- head/security/sssd/files/patch-src__providers__ldap__sdap_access.c (revision 529823) +++ head/security/sssd/files/patch-src__providers__ldap__sdap_access.c (revision 529824) @@ -1,29 +1,27 @@ -diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c -index 880735e..d349dcf 100644 ---- src/providers/ldap/sdap_access.c +--- src/providers/ldap/sdap_access.c.orig 2014-09-17 13:01:37 UTC +++ src/providers/ldap/sdap_access.c -@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str) +@@ -499,6 +499,7 @@ static bool nds_check_expired(const char *exp_time_str return true; } + tzset(); expire_time = mktime(&tm); if (expire_time == -1) { DEBUG(SSSDBG_CRIT_FAILURE, -@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str) +@@ -506,13 +507,11 @@ static bool nds_check_expired(const char *exp_time_str return true; } - tzset(); - expire_time -= timezone; now = time(NULL); DEBUG(SSSDBG_TRACE_ALL, - "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " - "daylight [%d] now [%ld] expire_time [%ld].\n", tzname[0], - tzname[1], timezone, daylight, now, expire_time); + "Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%ld] expire_time [%ld].\n", tzname[0], + tzname[1], now, expire_time); if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); Index: head/security/sssd/files/patch-src__sss_client__common.c =================================================================== --- head/security/sssd/files/patch-src__sss_client__common.c (revision 529823) +++ head/security/sssd/files/patch-src__sss_client__common.c (revision 529824) @@ -1,73 +1,100 @@ -diff --git src/sss_client/common.c src/sss_client/common.c -index ec5c708..5d17eed 100644 ---- src/sss_client/common.c +--- src/sss_client/common.c.orig 2014-09-17 13:01:37 UTC +++ src/sss_client/common.c @@ -25,6 +25,7 @@ #include "config.h" #include +#include #include #include #include @@ -43,6 +44,7 @@ #include #define _(STRING) dgettext (PACKAGE, STRING) #include "sss_cli.h" +#include "util/sss_bsd_errno.h" #if HAVE_PTHREAD #include -@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, +@@ -124,7 +126,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, +@@ -232,7 +233,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: if (pfd.revents & (POLLHUP)) { -@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name +@@ -669,7 +669,6 @@ static enum sss_status sss_cli_check_socket(int *errno *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, +@@ -719,23 +718,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_comm /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { - return NSS_STATUS_NOTFOUND; + return NS_NOTFOUND; } ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + switch (ret) { + case SSS_STATUS_TRYAGAIN: +- return NSS_STATUS_TRYAGAIN; ++ return NS_TRYAGAIN; + case SSS_STATUS_SUCCESS: +- return NSS_STATUS_SUCCESS; ++ return NS_SUCCESS; + case SSS_STATUS_UNAVAIL: + default: +- return NSS_STATUS_UNAVAIL; ++ return NS_UNAVAIL; + } + } + +@@ -750,23 +749,23 @@ int sss_pac_make_request(enum sss_cli_command cmd, + /* avoid looping in the nss daemon */ + envval = getenv("_SSS_LOOPS"); + if (envval && strcmp(envval, "NO") == 0) { +- return NSS_STATUS_NOTFOUND; ++ return NS_NOTFOUND; + } + + ret = sss_cli_check_socket(errnop, SSS_PAC_SOCKET_NAME); if (ret != SSS_STATUS_SUCCESS) { - return NSS_STATUS_UNAVAIL; + return NS_UNAVAIL; } ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); switch (ret) { case SSS_STATUS_TRYAGAIN: - return NSS_STATUS_TRYAGAIN; + return NS_TRYAGAIN; case SSS_STATUS_SUCCESS: - return NSS_STATUS_SUCCESS; + return NS_SUCCESS; case SSS_STATUS_UNAVAIL: default: - return NSS_STATUS_UNAVAIL; + return NS_UNAVAIL; } } Index: head/security/sssd/files/patch-src__sss_client__nss_group.c =================================================================== --- head/security/sssd/files/patch-src__sss_client__nss_group.c (revision 529823) +++ head/security/sssd/files/patch-src__sss_client__nss_group.c (revision 529824) @@ -1,81 +1,79 @@ -diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c -index e6ea54b..b27b671 100644 ---- src/sss_client/nss_group.c +--- src/sss_client/nss_group.c.orig 2014-09-17 13:01:37 UTC +++ src/sss_client/nss_group.c @@ -343,6 +343,76 @@ out: } +#define MIN(a, b)((a) < (b) ? (a) : (b)) + +int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) +{ + int ret, dupc; + + for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { + if (groups[dupc] == gid) + return 1; + } + + ret = 1; + if (*grpcnt < maxgrp) + groups[*grpcnt] = gid; + else + ret = 0; + + (*grpcnt)++; + + return ret; +} + +enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, + gid_t *groups, int maxgrp, + int *grpcnt) +{ + struct sss_cli_req_data rd; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t *rbuf; + uint32_t num_ret; + long int l, max_ret; + int errnop; + + rd.len = strlen(uname) +1; + rd.data = uname; + + sss_nss_lock(); + + nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, + &repbuf, &replen, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + goto done; + } + + /* no results if not found */ + num_ret = ((uint32_t *)repbuf)[0]; + if (num_ret == 0) { + free(repbuf); + nret = NSS_STATUS_NOTFOUND; + goto done; + } + max_ret = num_ret; + + gr_addgid(agroup, groups, maxgrp, grpcnt); + + rbuf = &((uint32_t *)repbuf)[2]; + for (l = 0; l < max_ret; l++) { + gr_addgid(rbuf[l], groups, maxgrp, grpcnt); + } + + free(repbuf); + nret = NSS_STATUS_SUCCESS; + +done: + sss_nss_unlock(); + return nret; +} + enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { Index: head/security/sssd/files/patch-src__sss_client__sss_nss.exports =================================================================== --- head/security/sssd/files/patch-src__sss_client__sss_nss.exports (revision 529823) +++ head/security/sssd/files/patch-src__sss_client__sss_nss.exports (revision 529824) @@ -1,38 +1,35 @@ -diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports -index 1eefea8..8e85a05 100644 ---- src/sss_client/sss_nss.exports +--- src/sss_client/sss_nss.exports.orig 2014-09-17 13:01:37 UTC +++ src/sss_client/sss_nss.exports @@ -3,6 +3,7 @@ EXPORTED { # public functions global: + nss_module_register; _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; -@@ -14,8 +15,25 @@ EXPORTED { +@@ -14,7 +15,24 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; + _nss_sss_getgroupmembership; _nss_sss_initgroups_dyn; - ++ + __nss_compat_getgrnam_r; + __nss_compat_getgrgid_r; + __nss_compat_getgrent_r; + __nss_compat_setgrent; + __nss_compat_endgrent; + + __nss_compat_getpwnam_r; + __nss_compat_getpwuid_r; + __nss_compat_getpwent_r; + __nss_compat_setpwent; + __nss_compat_endpwent; + + __nss_compat_gethostbyname; + __nss_compat_gethostbyname2; + __nss_compat_gethostbyaddr; -+ + #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; - #_nss_sss_getaliasent_r; Index: head/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c =================================================================== --- head/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (revision 529823) +++ head/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c (revision 529824) @@ -1,17 +1,15 @@ -diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c -index 34547d0..6901851 100644 ---- src/util/crypto/libcrypto/crypto_sha512crypt.c +--- src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2014-09-17 13:01:37 UTC +++ src/util/crypto/libcrypto/crypto_sha512crypt.c @@ -28,6 +28,12 @@ #include #include +void * +mempcpy (void *dest, const void *src, size_t n) +{ + return (char *) memcpy (dest, src, n) + n; +} + /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) Index: head/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c =================================================================== --- head/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c (revision 529823) +++ head/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c (revision 529824) @@ -1,17 +1,15 @@ -diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c -index 9fedd5e..90192ac 100644 ---- src/util/crypto/nss/nss_sha512crypt.c +--- src/util/crypto/nss/nss_sha512crypt.c.orig 2014-09-17 13:01:37 UTC +++ src/util/crypto/nss/nss_sha512crypt.c @@ -29,6 +29,12 @@ #include #include +static void * +mempcpy (void *dest, const void *src, size_t n) +{ + return (char *) memcpy (dest, src, n) + n; +} + /* Define our magic string to mark salt for SHA512 "encryption" replacement. */ const char sha512_salt_prefix[] = "$6$"; #define SALT_PREF_SIZE (sizeof(sha512_salt_prefix) - 1) Index: head/security/sssd/files/patch-src__util__find_uid.c =================================================================== --- head/security/sssd/files/patch-src__util__find_uid.c (revision 529823) +++ head/security/sssd/files/patch-src__util__find_uid.c (revision 529824) @@ -1,39 +1,37 @@ -diff --git src/util/find_uid.c src/util/find_uid.c -index 4c8f73a..40f3690 100644 ---- src/util/find_uid.c +--- src/util/find_uid.c.orig 2014-09-17 13:01:37 UTC +++ src/util/find_uid.c -@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) +@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t uint32_t num=0; errno_t error; - ret = snprintf(path, PATHLEN, "/proc/%d/status", pid); + ret = snprintf(path, PATHLEN, "/compat/linux/proc/%d/status", pid); if (ret < 0) { DEBUG(SSSDBG_CRIT_FAILURE, "snprintf failed"); return EINVAL; -@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) +@@ -207,12 +207,12 @@ static errno_t get_active_uid_linux(hash_table_t *tabl struct dirent *dirent; int ret, err; pid_t pid = -1; - uid_t uid; + uid_t uid = -1; hash_key_t key; hash_value_t value; - proc_dir = opendir("/proc"); + proc_dir = opendir("/compat/linux/proc"); if (proc_dir == NULL) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, "Cannot open proc dir.\n"); @@ -287,9 +287,8 @@ done: errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { -#ifdef __linux__ int ret; - +#if 1 ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); Index: head/security/sssd/files/patch-src__util__server.c =================================================================== --- head/security/sssd/files/patch-src__util__server.c (revision 529823) +++ head/security/sssd/files/patch-src__util__server.c (revision 529824) @@ -1,24 +1,22 @@ -diff --git src/util/server.c src/util/server.c -index 343668c..f8a1627 100644 ---- src/util/server.c +--- src/util/server.c.orig 2014-09-17 13:01:37 UTC +++ src/util/server.c @@ -322,12 +322,14 @@ static void setup_signals(void) BlockSignals(false, SIGTERM); CatchSignal(SIGHUP, sig_hup); - #ifndef HAVE_PRCTL - /* If prctl is not defined on the system, try to handle - * some common termination signals gracefully */ - CatchSignal(SIGSEGV, sig_segv_abrt); - CatchSignal(SIGABRT, sig_segv_abrt); + /* If prctl is not defined on the system, try to handle + * some common termination signals gracefully */ + (void) sig_segv_abrt; /* unused */ + /* + CatchSignal(SIGSEGV, sig_segv_abrt); + CatchSignal(SIGABRT, sig_segv_abrt); + */ #endif } Index: head/security/sssd/files/patch-src__util__signal.c =================================================================== --- head/security/sssd/files/patch-src__util__signal.c (revision 529823) +++ head/security/sssd/files/patch-src__util__signal.c (revision 529824) @@ -1,72 +1,71 @@ -diff --git src/util/signal.c src/util/signal.c -index 053457b..bb8f8be 100644 ---- src/util/signal.c +--- src/util/signal.c.orig 2014-09-17 13:01:37 UTC +++ src/util/signal.c @@ -28,45 +28,6 @@ * @brief Signal handling */ -/**************************************************************************** - Catch child exits and reap the child zombie status. -****************************************************************************/ - -static void sig_cld(int signum) -{ - while (waitpid((pid_t)-1,(int *)NULL, WNOHANG) > 0) - ; - - /* - * Turns out it's *really* important not to - * restore the signal handler here if we have real POSIX - * signal handling. If we do, then we get the signal re-delivered - * immediately - hey presto - instant loop ! JRA. - */ - -#if !defined(HAVE_SIGACTION) - CatchSignal(SIGCLD, sig_cld); -#endif -} - -/**************************************************************************** -catch child exits - leave status; -****************************************************************************/ - -static void sig_cld_leave_status(int signum) -{ - /* - * Turns out it's *really* important not to - * restore the signal handler here if we have real POSIX - * signal handling. If we do, then we get the signal re-delivered - * immediately - hey presto - instant loop ! JRA. - */ - -#if !defined(HAVE_SIGACTION) - CatchSignal(SIGCLD, sig_cld_leave_status); -#endif -} - /** Block sigs. **/ -@@ -126,21 +87,3 @@ void (*CatchSignal(int signum,void (*handler)(int )))(int) +@@ -125,22 +86,4 @@ void (*CatchSignal(int signum,void (*handler)(int )))( + /* FIXME: need to handle sigvec and systems with broken signal() */ return signal(signum, handler); #endif - } +-} - -/** - Ignore SIGCLD via whatever means is necessary for this OS. -**/ - -void CatchChild(void) -{ - CatchSignal(SIGCLD, sig_cld); -} - -/** - Catch SIGCLD but leave the child around so it's status can be reaped. -**/ - -void CatchChildLeaveStatus(void) -{ - CatchSignal(SIGCLD, sig_cld_leave_status); --} + } Index: head/security/sssd/files/patch-src__util__sss_ldap.c =================================================================== --- head/security/sssd/files/patch-src__util__sss_ldap.c (revision 529823) +++ head/security/sssd/files/patch-src__util__sss_ldap.c (revision 529824) @@ -1,23 +1,21 @@ -diff --git src/util/sss_ldap.c src/util/sss_ldap.c -index dd63b4b..0764622 100644 ---- src/util/sss_ldap.c +--- src/util/sss_ldap.c.orig 2014-09-17 13:01:37 UTC +++ src/util/sss_ldap.c -@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, +@@ -206,6 +206,9 @@ static void sdap_async_sys_connect_done(struct tevent_ errno = 0; ret = connect(state->fd, (struct sockaddr *) &state->addr, state->addr_len); + if (errno == EISCONN) { + ret = EOK; + } if (ret != EOK) { ret = errno; if (ret == EINPROGRESS || ret == EINTR) { -@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, +@@ -346,7 +349,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ "Using file descriptor [%d] for LDAP connection.\n", state->sd); subreq = sdap_async_sys_connect_send(state, ev, state->sd, - (struct sockaddr *) addr, addr_len); + (struct sockaddr *) addr, sizeof(struct sockaddr)); if (subreq == NULL) { ret = ENOMEM; DEBUG(SSSDBG_CRIT_FAILURE, "sdap_async_sys_connect_send failed.\n"); Index: head/security/sssd/files/patch-src__util__util.h =================================================================== --- head/security/sssd/files/patch-src__util__util.h (revision 529823) +++ head/security/sssd/files/patch-src__util__util.h (revision 529824) @@ -1,20 +1,18 @@ -diff --git src/util/util.h src/util/util.h -index 7a66846..5e63275 100644 ---- src/util/util.h +--- src/util/util.h.orig 2014-09-17 13:01:37 UTC +++ src/util/util.h @@ -227,8 +227,6 @@ void sig_term(int sig); #include void BlockSignals(bool block, int signum); void (*CatchSignal(int signum,void (*handler)(int )))(int); -void CatchChild(void); -void CatchChildLeaveStatus(void); /* from memory.c */ typedef int (void_destructor_fn_t)(void *); @@ -542,5 +540,6 @@ char * sss_replace_space(TALLOC_CTX *mem_ctx, char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx, const char *orig_name, const char replace_char); +#include "util/sss_bsd_errno.h" #endif /* __SSSD_UTIL_H__ */ Index: head/security/sssd/pkg-plist =================================================================== --- head/security/sssd/pkg-plist (revision 529823) +++ head/security/sssd/pkg-plist (revision 529824) @@ -1,196 +1,194 @@ bin/sss_ssh_authorizedkeys bin/sss_ssh_knownhostsproxy etc/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf %%ETCDIR%%/sssd.conf.sample include/ipa_hbac.h include/sss_idmap.h include/sss_nss_idmap.h -%%SMB%%lib/krb5/plugins/authdata/sssd_pac_plugin.so lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so lib/libipa_hbac.so lib/libipa_hbac.so.0 lib/libipa_hbac.so.0.0.1 lib/libsss_idmap.so lib/libsss_idmap.so.0 lib/libsss_idmap.so.0.4.0 lib/libsss_nss_idmap.so lib/libsss_nss_idmap.so.0 lib/libsss_nss_idmap.so.0.0.1 lib/libsss_sudo.so lib/nss_sss.so lib/nss_sss.so.1 lib/nss_sss.so.2 lib/nss_sss.so.2.0.0 lib/pam_sss.so %%PYTHON_SITELIBDIR%%/SSSDConfig-1.11.7-py%%PYTHON_VER%%.egg-info %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.py %%PYTHON_SITELIBDIR%%/SSSDConfig/sssd_upgrade_config.pyc %%PYTHON_SITELIBDIR%%/pyhbac.so %%PYTHON_SITELIBDIR%%/pysss.so %%PYTHON_SITELIBDIR%%/pysss_murmur.so %%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so lib/shared-modules/ldb/memberof.so %%SMB%%lib/sssd/libsss_ad.so lib/sssd/libsss_child.so lib/sssd/libsss_crypt.so lib/sssd/libsss_debug.so %%SMB%%lib/sssd/libsss_ipa.so lib/sssd/libsss_krb5.so lib/sssd/libsss_krb5_common.so lib/sssd/libsss_ldap.so lib/sssd/libsss_ldap_common.so lib/sssd/libsss_proxy.so lib/sssd/libsss_simple.so lib/sssd/libsss_util.so libdata/pkgconfig/ipa_hbac.pc libdata/pkgconfig/sss_idmap.pc libdata/pkgconfig/sss_nss_idmap.pc libexec/sssd/krb5_child libexec/sssd/ldap_child libexec/sssd/proxy_child libexec/sssd/sss_signal libexec/sssd/sssd_be libexec/sssd/sssd_ifp libexec/sssd/sssd_nss -%%SMB%%libexec/sssd/sssd_pac libexec/sssd/sssd_pam libexec/sssd/sssd_ssh libexec/sssd/sssd_sudo man/es/man1/sss_ssh_authorizedkeys.1.gz man/es/man1/sss_ssh_knownhostsproxy.1.gz man/es/man5/sssd-ldap.5.gz man/es/man5/sssd-simple.5.gz man/es/man5/sssd-sudo.5.gz man/es/man5/sssd.conf.5.gz man/es/man8/pam_sss.8.gz man/es/man8/sss_cache.8.gz man/es/man8/sss_debuglevel.8.gz man/es/man8/sss_groupadd.8.gz man/es/man8/sss_groupdel.8.gz man/es/man8/sss_groupmod.8.gz man/es/man8/sss_groupshow.8.gz man/es/man8/sss_obfuscate.8.gz man/es/man8/sss_seed.8.gz man/es/man8/sss_useradd.8.gz man/es/man8/sss_userdel.8.gz man/es/man8/sss_usermod.8.gz man/es/man8/sssd.8.gz man/es/man8/sssd_krb5_locator_plugin.8.gz man/fr/man1/sss_ssh_authorizedkeys.1.gz man/fr/man1/sss_ssh_knownhostsproxy.1.gz man/fr/man5/sssd-ad.5.gz man/fr/man5/sssd-krb5.5.gz man/fr/man5/sssd-ldap.5.gz man/fr/man5/sssd-simple.5.gz man/fr/man5/sssd-sudo.5.gz man/fr/man5/sssd.conf.5.gz man/fr/man8/pam_sss.8.gz man/fr/man8/sss_cache.8.gz man/fr/man8/sss_debuglevel.8.gz man/fr/man8/sss_groupadd.8.gz man/fr/man8/sss_groupdel.8.gz man/fr/man8/sss_groupmod.8.gz man/fr/man8/sss_groupshow.8.gz man/fr/man8/sss_obfuscate.8.gz man/fr/man8/sss_seed.8.gz man/fr/man8/sss_useradd.8.gz man/fr/man8/sss_userdel.8.gz man/fr/man8/sss_usermod.8.gz man/fr/man8/sssd.8.gz man/fr/man8/sssd_krb5_locator_plugin.8.gz man/ja/man1/sss_ssh_authorizedkeys.1.gz man/ja/man1/sss_ssh_knownhostsproxy.1.gz man/ja/man5/sssd-krb5.5.gz man/ja/man5/sssd-ldap.5.gz man/ja/man5/sssd-simple.5.gz man/ja/man5/sssd.conf.5.gz man/ja/man8/pam_sss.8.gz man/ja/man8/sss_cache.8.gz man/ja/man8/sss_debuglevel.8.gz man/ja/man8/sss_groupadd.8.gz man/ja/man8/sss_groupdel.8.gz man/ja/man8/sss_groupmod.8.gz man/ja/man8/sss_groupshow.8.gz man/ja/man8/sss_obfuscate.8.gz man/ja/man8/sss_useradd.8.gz man/ja/man8/sss_userdel.8.gz man/ja/man8/sss_usermod.8.gz man/ja/man8/sssd.8.gz man/ja/man8/sssd_krb5_locator_plugin.8.gz man/man1/sss_ssh_authorizedkeys.1.gz man/man1/sss_ssh_knownhostsproxy.1.gz man/man5/sssd-ad.5.gz man/man5/sssd-ifp.5.gz man/man5/sssd-ipa.5.gz man/man5/sssd-krb5.5.gz man/man5/sssd-ldap.5.gz man/man5/sssd-simple.5.gz man/man5/sssd-sudo.5.gz man/man5/sssd.conf.5.gz man/man8/pam_sss.8.gz man/man8/sss_cache.8.gz man/man8/sss_debuglevel.8.gz man/man8/sss_groupadd.8.gz man/man8/sss_groupdel.8.gz man/man8/sss_groupmod.8.gz man/man8/sss_groupshow.8.gz man/man8/sss_obfuscate.8.gz man/man8/sss_seed.8.gz man/man8/sss_useradd.8.gz man/man8/sss_userdel.8.gz man/man8/sss_usermod.8.gz man/man8/sssd.8.gz man/man8/sssd_krb5_locator_plugin.8.gz man/nl/man8/sss_groupmod.8.gz man/pt/man8/sss_groupdel.8.gz man/pt/man8/sss_groupmod.8.gz man/uk/man1/sss_ssh_authorizedkeys.1.gz man/uk/man1/sss_ssh_knownhostsproxy.1.gz man/uk/man5/sssd-ad.5.gz man/uk/man5/sssd-ifp.5.gz man/uk/man5/sssd-krb5.5.gz man/uk/man5/sssd-ldap.5.gz man/uk/man5/sssd-simple.5.gz man/uk/man5/sssd-sudo.5.gz man/uk/man5/sssd.conf.5.gz man/uk/man8/pam_sss.8.gz man/uk/man8/sss_cache.8.gz man/uk/man8/sss_debuglevel.8.gz man/uk/man8/sss_groupadd.8.gz man/uk/man8/sss_groupdel.8.gz man/uk/man8/sss_groupmod.8.gz man/uk/man8/sss_groupshow.8.gz man/uk/man8/sss_obfuscate.8.gz man/uk/man8/sss_seed.8.gz man/uk/man8/sss_useradd.8.gz man/uk/man8/sss_userdel.8.gz man/uk/man8/sss_usermod.8.gz man/uk/man8/sssd.8.gz man/uk/man8/sssd_krb5_locator_plugin.8.gz sbin/sss_cache sbin/sss_debuglevel sbin/sss_groupadd sbin/sss_groupdel sbin/sss_groupmod sbin/sss_groupshow sbin/sss_obfuscate sbin/sss_seed sbin/sss_useradd sbin/sss_userdel sbin/sss_usermod sbin/sssd @dir lib/ldb @dir lib/sssd/modules %%PORTDOCS%%@dir %%DOCSDIR%%/doc %%PORTDOCS%%@dir %%DOCSDIR%%/hbac_doc %%PORTDOCS%%@dir %%DOCSDIR%%/idmap_doc %%PORTDOCS%%@dir %%DOCSDIR%%/libsss_sudo_doc %%PORTDOCS%%@dir %%DOCSDIR%%/nss_idmap_doc -@unexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi -@unexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi -@unexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi -@unexec if [ -d /var/run/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/run/sss`` to remove any additional files."; fi +@postexec if [ -d %%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf %%ETCDIR%%`` to remove any configuration files."; fi +@postexec if [ -d /var/db/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss`` to remove any additional files."; fi +@postexec if [ -d /var/db/sss_mc ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/db/sss_mc`` to remove any additional files."; fi +@postexec if [ -d /var/run/sss ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf /var/run/sss`` to remove any additional files."; fi