diff options
author | Tilman Keskinoz <arved@FreeBSD.org> | 2011-01-28 11:23:09 +0000 |
---|---|---|
committer | Tilman Keskinoz <arved@FreeBSD.org> | 2011-01-28 11:23:09 +0000 |
commit | 2b229e9dce033a5146f2161a42628eafc68c9e3b (patch) | |
tree | ea170ac0872cfdc243598a17f54eb4b00b4367c6 /net/nss-pam-ldapd | |
parent | c393e5300ffdf6c9e664b39a77193e323d107f78 (diff) | |
download | ports-2b229e9dce033a5146f2161a42628eafc68c9e3b.tar.gz ports-2b229e9dce033a5146f2161a42628eafc68c9e3b.zip |
Notes
Diffstat (limited to 'net/nss-pam-ldapd')
-rw-r--r-- | net/nss-pam-ldapd/Makefile | 38 | ||||
-rw-r--r-- | net/nss-pam-ldapd/files/nss_patch.diff | 295 | ||||
-rw-r--r-- | net/nss-pam-ldapd/files/patch-nss_ldap.map | 4 | ||||
-rw-r--r-- | net/nss-pam-ldapd/files/rtld_nss__nslcd.c | 20 |
4 files changed, 28 insertions, 329 deletions
diff --git a/net/nss-pam-ldapd/Makefile b/net/nss-pam-ldapd/Makefile index eded5ac14fc1..495364772243 100644 --- a/net/nss-pam-ldapd/Makefile +++ b/net/nss-pam-ldapd/Makefile @@ -25,8 +25,7 @@ NSLCD_PIDFILE?= /var/run/nslcd.pid NSLCD_SOCKET?= /var/run/nslcd.ctl OPTIONS= SASL "Enable SASL" off \ - PAM "Build pam_ldap" on \ - NSS_COMPAT "Enable nss_ldap compatibility (DEPRECATED)" off + PAM "Build pam_ldap" on USERS= nslcd GROUPS= nslcd @@ -37,6 +36,10 @@ GROUPS= nslcd IGNORE= problems with nss/libc TLS .endif +.if ${OSVERSION} < 800000 +EXTRA_PATCHES+= ${FILESDIR}/rtld_nss__nslcd.c +.endif + CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \ LDFLAGS="-L${LOCALBASE}/lib" @@ -45,20 +48,9 @@ CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE} \ --with-ldap-lib=openldap --disable-kerberos \ --with-nss-ldap-soname=nss_ldap.so.1 -.if defined(WITHOUT_NSS) -.undef NSS_COMPAT -.endif - -.if defined(WITH_NSS_COMPAT) -CONFIG_FILE= "nss_ldap.conf" -CONFIGURE_ARGS+= --enable-nss_compat --disable-configfile-checking --with-ldap-conf-file=${PREFIX}/etc/${CONFIG_FILE} -EXTRA_PATCHES+= ${FILESDIR}/nss_patch.diff -PLIST_SUB+= CONFIG=${CONFIG_FILE} -.else CONFIG_FILE= "nslcd.conf" CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/${CONFIG_FILE} PLIST_SUB+= CONFIG=${CONFIG_FILE} -.endif .if defined(WITH_SASL) WANT_OPENLDAP_SASL= yes @@ -96,16 +88,10 @@ MAN5+= nslcd.conf.5 MAN8+= nslcd.8 .endif -.if ${OSVERSION} < 800000 -BROKEN= fails to patch on 7.X -.endif - post-extract: @${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in @${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/' ${WRKSRC}/nss/Makefile.in - @${REINPLACE_CMD} -e 's/^NSS_VERS = .*/NSS_VERS = 1/;s/libnss_ldap\.so/nss_ldap.so/' ${WRKSRC}/nss/Makefile.in - @${REINPLACE_CMD} -e 's/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF)/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF).sample/' ${WRKSRC}/Makefile.in - @${REINPLACE_CMD} -e '/^$$(ACLOCAL_M4/,+2d' ${WRKSRC}/Makefile.in + #@${REINPLACE_CMD} -e '/^$$(ACLOCAL_M4/,+2d' ${WRKSRC}/Makefile.in post-configure: ${REINPLACE_CMD} -e 's/^\(CFLAGS.*\) \-O2 \(.*\)$$/\1 -O0 \2/' ${WRKSRC}/nss/Makefile @@ -114,21 +100,9 @@ post-install: @${ECHO_MSG} @${ECHO_MSG} ===================================================================== @${ECHO_MSG} -.if defined(WITH_NSS_COMPAT) - @${ECHO_MSG} " NSS_LDAP compatibility ENABLED." - @${ECHO_MSG} " It is DEPRECATED now and will be removed." - @${ECHO_MSG} @${ECHO_MSG} " LDAP configuration: ${PREFIX}/etc/${CONFIG_FILE}" - @${ECHO_MSG} " Secret file: ${PREFIX}/etc/nss_ldap.secret" @${ECHO_MSG} " Sample configuration: ${PREFIX}/etc/${CONFIG_FILE}.sample" @${ECHO_MSG} - @${ECHO_MSG} " Check if you need to adjust reconnect_* parameters" - @${ECHO_MSG} " WARNING: nss_ldapd will use ONLY rootbinddn to access LDAP data" -.else - @${ECHO_MSG} " LDAP configuration: ${PREFIX}/etc/${CONFIG_FILE}" - @${ECHO_MSG} " Sample configuration: ${PREFIX}/etc/${CONFIG_FILE}.sample" - @${ECHO_MSG} -.endif .if !defined(WITHOUT_NSS) @${ECHO_MSG} " WARNING: Be sure to set uid and gid configuration parameters" @${ECHO_MSG} " WARNING: to make nslcd run under unprivileged user" diff --git a/net/nss-pam-ldapd/files/nss_patch.diff b/net/nss-pam-ldapd/files/nss_patch.diff deleted file mode 100644 index b5b6b0e6ce78..000000000000 --- a/net/nss-pam-ldapd/files/nss_patch.diff +++ /dev/null @@ -1,295 +0,0 @@ ---- configure.ac.orig 2009-10-17 20:09:01.000000000 +0400 -+++ configure.ac 2009-12-20 19:58:24.000000000 +0300 -@@ -160,6 +160,20 @@ - AC_DEFINE(ENABLE_CONFIGFILE_CHECKING,1,[Whether to check configfile options.]) - fi - -+# check whether nss_compat options should be checked -+AC_MSG_CHECKING([whether to check nss_compat option]) -+AC_ARG_ENABLE(nss_compat_checking, -+ AS_HELP_STRING([--enable-nss_compat], -+ [check nss_compat option [[default=no]]]), -+ [nss_compat_checking=$enableval], -+ [nss_compat_checking="no"]) -+AC_MSG_RESULT($nss_compat_checking) -+if test "x$nss_compat_checking" = "xyes" -+then -+ AC_CHECK_HEADERS([libgen.h], [], [AC_MSG_ERROR([libgen.h is required for nss_compat])]) -+ AC_DEFINE(ENABLE_NSS_COMPAT,1,[Whether to check nss_compat options.]) -+fi -+ - # check the name of the configuration file - AC_ARG_WITH(ldap-conf-file, - AS_HELP_STRING([--with-ldap-conf-file=PATH], ---- nslcd/cfg.c.orig 2009-10-05 21:47:47.000000000 +0400 -+++ nslcd/cfg.c 2009-12-20 18:10:37.000000000 +0300 -@@ -33,6 +33,9 @@ - #include <sys/types.h> - #include <sys/stat.h> - #include <unistd.h> -+#ifdef ENABLE_NSS_COMPAT -+#include <libgen.h> -+#endif - #include <errno.h> - #include <netdb.h> - #include <sys/socket.h> -@@ -665,6 +668,25 @@ - int rc; - char *value; - #endif -+#ifdef ENABLE_NSS_COMPAT -+ /* get secret password */ -+ snprintf(linebuf, sizeof(linebuf), "%s/nss_ldap.secret", dirname(filename)); -+ if ((fp=fopen(linebuf,"r"))==NULL) -+ { -+ log_log(LOG_ERR,"cannot open secret file (%s): %s",linebuf,strerror(errno)); -+ /* exit(EXIT_FAILURE); */ -+ } -+ else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL) -+ { -+ i=strlen(linebuf); -+ if (i>0) -+ linebuf[i-1]='\0'; -+ cfg->ldc_bindpw=strdup(linebuf); -+ } -+ if (fp!=NULL) -+ fclose(fp); -+#endif -+ - /* open config file */ - if ((fp=fopen(filename,"r"))==NULL) - { -@@ -733,13 +755,20 @@ - get_int(filename,lnr,keyword,&line,&cfg->ldc_version); - get_eol(filename,lnr,keyword,&line); - } -+#ifdef ENABLE_NSS_COMPAT -+ else if (strcasecmp(keyword,"rootbinddn")==0) -+#else - else if (strcasecmp(keyword,"binddn")==0) -+#endif - { - get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn); - } - else if (strcasecmp(keyword,"bindpw")==0) - { -- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); -+#ifdef ENABLE_NSS_COMPAT -+ if (cfg->ldc_bindpw == NULL) -+#endif -+ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw); - } - /* SASL authentication options */ - else if (strcasecmp(keyword,"sasl_authcid")==0) ---- config.h.in.orig 2009-12-20 17:49:41.000000000 +0300 -+++ config.h.in 2009-12-20 17:41:46.000000000 +0300 -@@ -3,6 +3,9 @@ - /* Whether to check configfile options. */ - #undef ENABLE_CONFIGFILE_CHECKING - -+/* Whether to check nss_compat options. */ -+#undef ENABLE_NSS_COMPAT -+ - /* Define to 1 if you have the <aliases.h> header file. */ - #undef HAVE_ALIASES_H - ---- configure.orig 2010-02-27 09:17:45.000000000 -0600 -+++ configure 2010-04-29 07:28:11.044647697 -0500 -@@ -738,6 +738,7 @@ - enable_sasl - enable_kerberos - enable_configfile_checking -+enable_nss_compat - with_ldap_conf_file - with_bindpw_file - with_nslcd_pidfile -@@ -1386,6 +1387,7 @@ - --disable-kerberos disable Kerberos support [[default=enabled]] - --disable-configfile-checking - check configfile options [[default=enabled]] -+ --enable-nss_compat check nss_compat option [[default=disabled]] - - Optional Packages: - --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] -@@ -4782,6 +4784,181 @@ - - fi - -+# check whether nss_compat options should be checked -+{ $as_echo "$as_me:$LINENO: checking whether to check nss_compat option" >&5 -+$as_echo_n "checking whether to check nss_compat option... " >&6; } -+# Check whether --enable-nss_compat was given. -+if test "${enable_nss_compat+set}" = set; then -+ enableval=$enable_nss_compat; nss_compat=$enableval -+else -+ nss_compat="no" -+fi -+ -+{ $as_echo "$as_me:$LINENO: result: $nss_compat" >&5 -+$as_echo "$nss_compat" >&6; } -+if test "x$nss_compat" = "xyes" -+then -+ -+for ac_header in libgen.h -+do -+as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` -+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then -+ { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -+$as_echo_n "checking for $ac_header... " >&6; } -+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then -+ $as_echo_n "(cached) " >&6 -+fi -+ac_res=`eval 'as_val=${'$as_ac_Header'} -+ $as_echo "$as_val"'` -+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+else -+ # Is the header compilable? -+{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5 -+$as_echo_n "checking $ac_header usability... " >&6; } -+cat >conftest.$ac_ext <<_ACEOF -+/* confdefs.h. */ -+_ACEOF -+cat confdefs.h >>conftest.$ac_ext -+cat >>conftest.$ac_ext <<_ACEOF -+/* end confdefs.h. */ -+$ac_includes_default -+#include <$ac_header> -+_ACEOF -+rm -f conftest.$ac_objext -+if { (ac_try="$ac_compile" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -+$as_echo "$ac_try_echo") >&5 -+ (eval "$ac_compile") 2>conftest.er1 -+ ac_status=$? -+ grep -v '^ *+' conftest.er1 >conftest.err -+ rm -f conftest.er1 -+ cat conftest.err >&5 -+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } && { -+ test -z "$ac_c_werror_flag" || -+ test ! -s conftest.err -+ } && test -s conftest.$ac_objext; then -+ ac_header_compiler=yes -+else -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_header_compiler=no -+fi -+ -+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext -+{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5 -+$as_echo "$ac_header_compiler" >&6; } -+ -+# Is the header present? -+{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5 -+$as_echo_n "checking $ac_header presence... " >&6; } -+cat >conftest.$ac_ext <<_ACEOF -+/* confdefs.h. */ -+_ACEOF -+cat confdefs.h >>conftest.$ac_ext -+cat >>conftest.$ac_ext <<_ACEOF -+/* end confdefs.h. */ -+#include <$ac_header> -+_ACEOF -+if { (ac_try="$ac_cpp conftest.$ac_ext" -+case "(($ac_try" in -+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; -+ *) ac_try_echo=$ac_try;; -+esac -+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\"" -+$as_echo "$ac_try_echo") >&5 -+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1 -+ ac_status=$? -+ grep -v '^ *+' conftest.er1 >conftest.err -+ rm -f conftest.er1 -+ cat conftest.err >&5 -+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5 -+ (exit $ac_status); } >/dev/null && { -+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || -+ test ! -s conftest.err -+ }; then -+ ac_header_preproc=yes -+else -+ $as_echo "$as_me: failed program was:" >&5 -+sed 's/^/| /' conftest.$ac_ext >&5 -+ -+ ac_header_preproc=no -+fi -+ -+rm -f conftest.err conftest.$ac_ext -+{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5 -+$as_echo "$ac_header_preproc" >&6; } -+ -+# So? What about this header? -+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in -+ yes:no: ) -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5 -+$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;} -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5 -+$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;} -+ ac_header_preproc=yes -+ ;; -+ no:yes:* ) -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5 -+$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;} -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5 -+$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;} -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5 -+$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;} -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5 -+$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;} -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5 -+$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;} -+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5 -+$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;} -+ ( cat <<\_ASBOX -+## -------------------------------------- ## -+## Report this to arthur@arthurdejong.org ## -+## -------------------------------------- ## -+_ASBOX -+ ) | sed "s/^/$as_me: WARNING: /" >&2 -+ ;; -+esac -+{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5 -+$as_echo_n "checking for $ac_header... " >&6; } -+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then -+ $as_echo_n "(cached) " >&6 -+else -+ eval "$as_ac_Header=\$ac_header_preproc" -+fi -+ac_res=`eval 'as_val=${'$as_ac_Header'} -+ $as_echo "$as_val"'` -+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5 -+$as_echo "$ac_res" >&6; } -+ -+fi -+if test `eval 'as_val=${'$as_ac_Header'} -+ $as_echo "$as_val"'` = yes; then -+ cat >>confdefs.h <<_ACEOF -+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 -+_ACEOF -+ -+else -+ { { $as_echo "$as_me:$LINENO: error: libgen.h is required for nss_compat" >&5 -+$as_echo "$as_me: error: libgen.h is required for nss_compat" >&2;} -+ { (exit 1); exit 1; }; } -+fi -+ -+done -+ -+ -+cat >>confdefs.h <<\_ACEOF -+#define ENABLE_NSS_COMPAT 1 -+_ACEOF -+ -+fi -+ - # check the name of the configuration file - - # Check whether --with-ldap-conf-file was given. diff --git a/net/nss-pam-ldapd/files/patch-nss_ldap.map b/net/nss-pam-ldapd/files/patch-nss_ldap.map index acaa2fb83bf4..ecc7e438270a 100644 --- a/net/nss-pam-ldapd/files/patch-nss_ldap.map +++ b/net/nss-pam-ldapd/files/patch-nss_ldap.map @@ -1,5 +1,5 @@ ---- nss/nss_ldap.map.orig 2010-06-15 23:53:21.000000000 +0400 -+++ nss/nss_ldap.map 2010-07-06 22:57:53.000000000 +0400 +--- ./nss/nss_ldap.map.orig 2010-09-24 07:07:18.000000000 +0000 ++++ ./nss/nss_ldap.map 2010-12-16 13:13:25.000000000 +0000 @@ -81,6 +78,27 @@ _nss_ldap_getspent_r; _nss_ldap_endspent; diff --git a/net/nss-pam-ldapd/files/rtld_nss__nslcd.c b/net/nss-pam-ldapd/files/rtld_nss__nslcd.c new file mode 100644 index 000000000000..d2864f3776ef --- /dev/null +++ b/net/nss-pam-ldapd/files/rtld_nss__nslcd.c @@ -0,0 +1,20 @@ +--- nslcd/nslcd.c.orig 2011-01-09 13:45:07.000000000 +0300 ++++ nslcd/nslcd.c 2011-01-09 13:45:55.000000000 +0300 +@@ -574,7 +574,7 @@ + char *error; + int *enable_flag; + /* try to load the NSS module */ +- handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY|RTLD_NODELETE); ++ handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY); + if (handle==NULL) + { + log_log(LOG_WARNING,"Warning: LDAP NSS module not loaded: %s",dlerror()); +@@ -593,7 +593,7 @@ + if (__nss_configure_lookup("hosts","files dns")) + log_log(LOG_ERR,"unable to override hosts lookup method: %s",strerror(errno)); + #endif /* HAVE___NSS_CONFIGURE_LOOKUP */ +- dlclose(handle); ++ /* Do not dlclose() to keep reference count > 0 instead of RTLD_NODELETE */ + return; + } + /* disable nss_ldap */ |