aboutsummaryrefslogtreecommitdiff
path: root/net/nss-pam-ldapd
diff options
context:
space:
mode:
authorTilman Keskinoz <arved@FreeBSD.org>2011-01-28 11:23:09 +0000
committerTilman Keskinoz <arved@FreeBSD.org>2011-01-28 11:23:09 +0000
commit2b229e9dce033a5146f2161a42628eafc68c9e3b (patch)
treeea170ac0872cfdc243598a17f54eb4b00b4367c6 /net/nss-pam-ldapd
parentc393e5300ffdf6c9e664b39a77193e323d107f78 (diff)
downloadports-2b229e9dce033a5146f2161a42628eafc68c9e3b.tar.gz
ports-2b229e9dce033a5146f2161a42628eafc68c9e3b.zip
Notes
Diffstat (limited to 'net/nss-pam-ldapd')
-rw-r--r--net/nss-pam-ldapd/Makefile38
-rw-r--r--net/nss-pam-ldapd/files/nss_patch.diff295
-rw-r--r--net/nss-pam-ldapd/files/patch-nss_ldap.map4
-rw-r--r--net/nss-pam-ldapd/files/rtld_nss__nslcd.c20
4 files changed, 28 insertions, 329 deletions
diff --git a/net/nss-pam-ldapd/Makefile b/net/nss-pam-ldapd/Makefile
index eded5ac14fc1..495364772243 100644
--- a/net/nss-pam-ldapd/Makefile
+++ b/net/nss-pam-ldapd/Makefile
@@ -25,8 +25,7 @@ NSLCD_PIDFILE?= /var/run/nslcd.pid
NSLCD_SOCKET?= /var/run/nslcd.ctl
OPTIONS= SASL "Enable SASL" off \
- PAM "Build pam_ldap" on \
- NSS_COMPAT "Enable nss_ldap compatibility (DEPRECATED)" off
+ PAM "Build pam_ldap" on
USERS= nslcd
GROUPS= nslcd
@@ -37,6 +36,10 @@ GROUPS= nslcd
IGNORE= problems with nss/libc TLS
.endif
+.if ${OSVERSION} < 800000
+EXTRA_PATCHES+= ${FILESDIR}/rtld_nss__nslcd.c
+.endif
+
CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
LDFLAGS="-L${LOCALBASE}/lib"
@@ -45,20 +48,9 @@ CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE} \
--with-ldap-lib=openldap --disable-kerberos \
--with-nss-ldap-soname=nss_ldap.so.1
-.if defined(WITHOUT_NSS)
-.undef NSS_COMPAT
-.endif
-
-.if defined(WITH_NSS_COMPAT)
-CONFIG_FILE= "nss_ldap.conf"
-CONFIGURE_ARGS+= --enable-nss_compat --disable-configfile-checking --with-ldap-conf-file=${PREFIX}/etc/${CONFIG_FILE}
-EXTRA_PATCHES+= ${FILESDIR}/nss_patch.diff
-PLIST_SUB+= CONFIG=${CONFIG_FILE}
-.else
CONFIG_FILE= "nslcd.conf"
CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/${CONFIG_FILE}
PLIST_SUB+= CONFIG=${CONFIG_FILE}
-.endif
.if defined(WITH_SASL)
WANT_OPENLDAP_SASL= yes
@@ -96,16 +88,10 @@ MAN5+= nslcd.conf.5
MAN8+= nslcd.8
.endif
-.if ${OSVERSION} < 800000
-BROKEN= fails to patch on 7.X
-.endif
-
post-extract:
@${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in
@${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/' ${WRKSRC}/nss/Makefile.in
- @${REINPLACE_CMD} -e 's/^NSS_VERS = .*/NSS_VERS = 1/;s/libnss_ldap\.so/nss_ldap.so/' ${WRKSRC}/nss/Makefile.in
- @${REINPLACE_CMD} -e 's/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF)/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF).sample/' ${WRKSRC}/Makefile.in
- @${REINPLACE_CMD} -e '/^$$(ACLOCAL_M4/,+2d' ${WRKSRC}/Makefile.in
+ #@${REINPLACE_CMD} -e '/^$$(ACLOCAL_M4/,+2d' ${WRKSRC}/Makefile.in
post-configure:
${REINPLACE_CMD} -e 's/^\(CFLAGS.*\) \-O2 \(.*\)$$/\1 -O0 \2/' ${WRKSRC}/nss/Makefile
@@ -114,21 +100,9 @@ post-install:
@${ECHO_MSG}
@${ECHO_MSG} =====================================================================
@${ECHO_MSG}
-.if defined(WITH_NSS_COMPAT)
- @${ECHO_MSG} " NSS_LDAP compatibility ENABLED."
- @${ECHO_MSG} " It is DEPRECATED now and will be removed."
- @${ECHO_MSG}
@${ECHO_MSG} " LDAP configuration: ${PREFIX}/etc/${CONFIG_FILE}"
- @${ECHO_MSG} " Secret file: ${PREFIX}/etc/nss_ldap.secret"
@${ECHO_MSG} " Sample configuration: ${PREFIX}/etc/${CONFIG_FILE}.sample"
@${ECHO_MSG}
- @${ECHO_MSG} " Check if you need to adjust reconnect_* parameters"
- @${ECHO_MSG} " WARNING: nss_ldapd will use ONLY rootbinddn to access LDAP data"
-.else
- @${ECHO_MSG} " LDAP configuration: ${PREFIX}/etc/${CONFIG_FILE}"
- @${ECHO_MSG} " Sample configuration: ${PREFIX}/etc/${CONFIG_FILE}.sample"
- @${ECHO_MSG}
-.endif
.if !defined(WITHOUT_NSS)
@${ECHO_MSG} " WARNING: Be sure to set uid and gid configuration parameters"
@${ECHO_MSG} " WARNING: to make nslcd run under unprivileged user"
diff --git a/net/nss-pam-ldapd/files/nss_patch.diff b/net/nss-pam-ldapd/files/nss_patch.diff
deleted file mode 100644
index b5b6b0e6ce78..000000000000
--- a/net/nss-pam-ldapd/files/nss_patch.diff
+++ /dev/null
@@ -1,295 +0,0 @@
---- configure.ac.orig 2009-10-17 20:09:01.000000000 +0400
-+++ configure.ac 2009-12-20 19:58:24.000000000 +0300
-@@ -160,6 +160,20 @@
- AC_DEFINE(ENABLE_CONFIGFILE_CHECKING,1,[Whether to check configfile options.])
- fi
-
-+# check whether nss_compat options should be checked
-+AC_MSG_CHECKING([whether to check nss_compat option])
-+AC_ARG_ENABLE(nss_compat_checking,
-+ AS_HELP_STRING([--enable-nss_compat],
-+ [check nss_compat option [[default=no]]]),
-+ [nss_compat_checking=$enableval],
-+ [nss_compat_checking="no"])
-+AC_MSG_RESULT($nss_compat_checking)
-+if test "x$nss_compat_checking" = "xyes"
-+then
-+ AC_CHECK_HEADERS([libgen.h], [], [AC_MSG_ERROR([libgen.h is required for nss_compat])])
-+ AC_DEFINE(ENABLE_NSS_COMPAT,1,[Whether to check nss_compat options.])
-+fi
-+
- # check the name of the configuration file
- AC_ARG_WITH(ldap-conf-file,
- AS_HELP_STRING([--with-ldap-conf-file=PATH],
---- nslcd/cfg.c.orig 2009-10-05 21:47:47.000000000 +0400
-+++ nslcd/cfg.c 2009-12-20 18:10:37.000000000 +0300
-@@ -33,6 +33,9 @@
- #include <sys/types.h>
- #include <sys/stat.h>
- #include <unistd.h>
-+#ifdef ENABLE_NSS_COMPAT
-+#include <libgen.h>
-+#endif
- #include <errno.h>
- #include <netdb.h>
- #include <sys/socket.h>
-@@ -665,6 +668,25 @@
- int rc;
- char *value;
- #endif
-+#ifdef ENABLE_NSS_COMPAT
-+ /* get secret password */
-+ snprintf(linebuf, sizeof(linebuf), "%s/nss_ldap.secret", dirname(filename));
-+ if ((fp=fopen(linebuf,"r"))==NULL)
-+ {
-+ log_log(LOG_ERR,"cannot open secret file (%s): %s",linebuf,strerror(errno));
-+ /* exit(EXIT_FAILURE); */
-+ }
-+ else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL)
-+ {
-+ i=strlen(linebuf);
-+ if (i>0)
-+ linebuf[i-1]='\0';
-+ cfg->ldc_bindpw=strdup(linebuf);
-+ }
-+ if (fp!=NULL)
-+ fclose(fp);
-+#endif
-+
- /* open config file */
- if ((fp=fopen(filename,"r"))==NULL)
- {
-@@ -733,13 +755,20 @@
- get_int(filename,lnr,keyword,&line,&cfg->ldc_version);
- get_eol(filename,lnr,keyword,&line);
- }
-+#ifdef ENABLE_NSS_COMPAT
-+ else if (strcasecmp(keyword,"rootbinddn")==0)
-+#else
- else if (strcasecmp(keyword,"binddn")==0)
-+#endif
- {
- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn);
- }
- else if (strcasecmp(keyword,"bindpw")==0)
- {
-- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
-+#ifdef ENABLE_NSS_COMPAT
-+ if (cfg->ldc_bindpw == NULL)
-+#endif
-+ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
- }
- /* SASL authentication options */
- else if (strcasecmp(keyword,"sasl_authcid")==0)
---- config.h.in.orig 2009-12-20 17:49:41.000000000 +0300
-+++ config.h.in 2009-12-20 17:41:46.000000000 +0300
-@@ -3,6 +3,9 @@
- /* Whether to check configfile options. */
- #undef ENABLE_CONFIGFILE_CHECKING
-
-+/* Whether to check nss_compat options. */
-+#undef ENABLE_NSS_COMPAT
-+
- /* Define to 1 if you have the <aliases.h> header file. */
- #undef HAVE_ALIASES_H
-
---- configure.orig 2010-02-27 09:17:45.000000000 -0600
-+++ configure 2010-04-29 07:28:11.044647697 -0500
-@@ -738,6 +738,7 @@
- enable_sasl
- enable_kerberos
- enable_configfile_checking
-+enable_nss_compat
- with_ldap_conf_file
- with_bindpw_file
- with_nslcd_pidfile
-@@ -1386,6 +1387,7 @@
- --disable-kerberos disable Kerberos support [[default=enabled]]
- --disable-configfile-checking
- check configfile options [[default=enabled]]
-+ --enable-nss_compat check nss_compat option [[default=disabled]]
-
- Optional Packages:
- --with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
-@@ -4782,6 +4784,181 @@
-
- fi
-
-+# check whether nss_compat options should be checked
-+{ $as_echo "$as_me:$LINENO: checking whether to check nss_compat option" >&5
-+$as_echo_n "checking whether to check nss_compat option... " >&6; }
-+# Check whether --enable-nss_compat was given.
-+if test "${enable_nss_compat+set}" = set; then
-+ enableval=$enable_nss_compat; nss_compat=$enableval
-+else
-+ nss_compat="no"
-+fi
-+
-+{ $as_echo "$as_me:$LINENO: result: $nss_compat" >&5
-+$as_echo "$nss_compat" >&6; }
-+if test "x$nss_compat" = "xyes"
-+then
-+
-+for ac_header in libgen.h
-+do
-+as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
-+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-+ { $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
-+$as_echo_n "checking for $ac_header... " >&6; }
-+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-+ $as_echo_n "(cached) " >&6
-+fi
-+ac_res=`eval 'as_val=${'$as_ac_Header'}
-+ $as_echo "$as_val"'`
-+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-+$as_echo "$ac_res" >&6; }
-+else
-+ # Is the header compilable?
-+{ $as_echo "$as_me:$LINENO: checking $ac_header usability" >&5
-+$as_echo_n "checking $ac_header usability... " >&6; }
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+$ac_includes_default
-+#include <$ac_header>
-+_ACEOF
-+rm -f conftest.$ac_objext
-+if { (ac_try="$ac_compile"
-+case "(($ac_try" in
-+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-+ *) ac_try_echo=$ac_try;;
-+esac
-+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-+$as_echo "$ac_try_echo") >&5
-+ (eval "$ac_compile") 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } && {
-+ test -z "$ac_c_werror_flag" ||
-+ test ! -s conftest.err
-+ } && test -s conftest.$ac_objext; then
-+ ac_header_compiler=yes
-+else
-+ $as_echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ ac_header_compiler=no
-+fi
-+
-+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
-+{ $as_echo "$as_me:$LINENO: result: $ac_header_compiler" >&5
-+$as_echo "$ac_header_compiler" >&6; }
-+
-+# Is the header present?
-+{ $as_echo "$as_me:$LINENO: checking $ac_header presence" >&5
-+$as_echo_n "checking $ac_header presence... " >&6; }
-+cat >conftest.$ac_ext <<_ACEOF
-+/* confdefs.h. */
-+_ACEOF
-+cat confdefs.h >>conftest.$ac_ext
-+cat >>conftest.$ac_ext <<_ACEOF
-+/* end confdefs.h. */
-+#include <$ac_header>
-+_ACEOF
-+if { (ac_try="$ac_cpp conftest.$ac_ext"
-+case "(($ac_try" in
-+ *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
-+ *) ac_try_echo=$ac_try;;
-+esac
-+eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
-+$as_echo "$ac_try_echo") >&5
-+ (eval "$ac_cpp conftest.$ac_ext") 2>conftest.er1
-+ ac_status=$?
-+ grep -v '^ *+' conftest.er1 >conftest.err
-+ rm -f conftest.er1
-+ cat conftest.err >&5
-+ $as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
-+ (exit $ac_status); } >/dev/null && {
-+ test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
-+ test ! -s conftest.err
-+ }; then
-+ ac_header_preproc=yes
-+else
-+ $as_echo "$as_me: failed program was:" >&5
-+sed 's/^/| /' conftest.$ac_ext >&5
-+
-+ ac_header_preproc=no
-+fi
-+
-+rm -f conftest.err conftest.$ac_ext
-+{ $as_echo "$as_me:$LINENO: result: $ac_header_preproc" >&5
-+$as_echo "$ac_header_preproc" >&6; }
-+
-+# So? What about this header?
-+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in
-+ yes:no: )
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&5
-+$as_echo "$as_me: WARNING: $ac_header: accepted by the compiler, rejected by the preprocessor!" >&2;}
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the compiler's result" >&5
-+$as_echo "$as_me: WARNING: $ac_header: proceeding with the compiler's result" >&2;}
-+ ac_header_preproc=yes
-+ ;;
-+ no:yes:* )
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: present but cannot be compiled" >&5
-+$as_echo "$as_me: WARNING: $ac_header: present but cannot be compiled" >&2;}
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: check for missing prerequisite headers?" >&5
-+$as_echo "$as_me: WARNING: $ac_header: check for missing prerequisite headers?" >&2;}
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: see the Autoconf documentation" >&5
-+$as_echo "$as_me: WARNING: $ac_header: see the Autoconf documentation" >&2;}
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&5
-+$as_echo "$as_me: WARNING: $ac_header: section \"Present But Cannot Be Compiled\"" >&2;}
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: proceeding with the preprocessor's result" >&5
-+$as_echo "$as_me: WARNING: $ac_header: proceeding with the preprocessor's result" >&2;}
-+ { $as_echo "$as_me:$LINENO: WARNING: $ac_header: in the future, the compiler will take precedence" >&5
-+$as_echo "$as_me: WARNING: $ac_header: in the future, the compiler will take precedence" >&2;}
-+ ( cat <<\_ASBOX
-+## -------------------------------------- ##
-+## Report this to arthur@arthurdejong.org ##
-+## -------------------------------------- ##
-+_ASBOX
-+ ) | sed "s/^/$as_me: WARNING: /" >&2
-+ ;;
-+esac
-+{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
-+$as_echo_n "checking for $ac_header... " >&6; }
-+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
-+ $as_echo_n "(cached) " >&6
-+else
-+ eval "$as_ac_Header=\$ac_header_preproc"
-+fi
-+ac_res=`eval 'as_val=${'$as_ac_Header'}
-+ $as_echo "$as_val"'`
-+ { $as_echo "$as_me:$LINENO: result: $ac_res" >&5
-+$as_echo "$ac_res" >&6; }
-+
-+fi
-+if test `eval 'as_val=${'$as_ac_Header'}
-+ $as_echo "$as_val"'` = yes; then
-+ cat >>confdefs.h <<_ACEOF
-+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
-+_ACEOF
-+
-+else
-+ { { $as_echo "$as_me:$LINENO: error: libgen.h is required for nss_compat" >&5
-+$as_echo "$as_me: error: libgen.h is required for nss_compat" >&2;}
-+ { (exit 1); exit 1; }; }
-+fi
-+
-+done
-+
-+
-+cat >>confdefs.h <<\_ACEOF
-+#define ENABLE_NSS_COMPAT 1
-+_ACEOF
-+
-+fi
-+
- # check the name of the configuration file
-
- # Check whether --with-ldap-conf-file was given.
diff --git a/net/nss-pam-ldapd/files/patch-nss_ldap.map b/net/nss-pam-ldapd/files/patch-nss_ldap.map
index acaa2fb83bf4..ecc7e438270a 100644
--- a/net/nss-pam-ldapd/files/patch-nss_ldap.map
+++ b/net/nss-pam-ldapd/files/patch-nss_ldap.map
@@ -1,5 +1,5 @@
---- nss/nss_ldap.map.orig 2010-06-15 23:53:21.000000000 +0400
-+++ nss/nss_ldap.map 2010-07-06 22:57:53.000000000 +0400
+--- ./nss/nss_ldap.map.orig 2010-09-24 07:07:18.000000000 +0000
++++ ./nss/nss_ldap.map 2010-12-16 13:13:25.000000000 +0000
@@ -81,6 +78,27 @@
_nss_ldap_getspent_r;
_nss_ldap_endspent;
diff --git a/net/nss-pam-ldapd/files/rtld_nss__nslcd.c b/net/nss-pam-ldapd/files/rtld_nss__nslcd.c
new file mode 100644
index 000000000000..d2864f3776ef
--- /dev/null
+++ b/net/nss-pam-ldapd/files/rtld_nss__nslcd.c
@@ -0,0 +1,20 @@
+--- nslcd/nslcd.c.orig 2011-01-09 13:45:07.000000000 +0300
++++ nslcd/nslcd.c 2011-01-09 13:45:55.000000000 +0300
+@@ -574,7 +574,7 @@
+ char *error;
+ int *enable_flag;
+ /* try to load the NSS module */
+- handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY|RTLD_NODELETE);
++ handle=dlopen(NSS_LDAP_SONAME,RTLD_LAZY);
+ if (handle==NULL)
+ {
+ log_log(LOG_WARNING,"Warning: LDAP NSS module not loaded: %s",dlerror());
+@@ -593,7 +593,7 @@
+ if (__nss_configure_lookup("hosts","files dns"))
+ log_log(LOG_ERR,"unable to override hosts lookup method: %s",strerror(errno));
+ #endif /* HAVE___NSS_CONFIGURE_LOOKUP */
+- dlclose(handle);
++ /* Do not dlclose() to keep reference count > 0 instead of RTLD_NODELETE */
+ return;
+ }
+ /* disable nss_ldap */