diff options
| author | William Grzybowski <wg@FreeBSD.org> | 2013-10-26 19:42:17 +0000 |
|---|---|---|
| committer | William Grzybowski <wg@FreeBSD.org> | 2013-10-26 19:42:17 +0000 |
| commit | 35c7e2debe6255da7b3572ab98479dc7e3cd4d7a (patch) | |
| tree | 399c1810f8eb631ecd03ec2b0bd0d62c2a64d71e /security/sssd/files | |
| parent | 66706e20064eb7a46380715c41d9bbe958b970ab (diff) | |
| download | ports-35c7e2debe6255da7b3572ab98479dc7e3cd4d7a.tar.gz ports-35c7e2debe6255da7b3572ab98479dc7e3cd4d7a.zip | |
Notes
Diffstat (limited to 'security/sssd/files')
40 files changed, 952 insertions, 724 deletions
diff --git a/security/sssd/files/patch-Makefile.am b/security/sssd/files/patch-Makefile.am index 09c82b62d726..505afc5bbdaa 100644 --- a/security/sssd/files/patch-Makefile.am +++ b/security/sssd/files/patch-Makefile.am @@ -1,22 +1,43 @@ ---- ./Makefile.am.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./Makefile.am 2011-10-13 12:13:42.000000000 -0400 -@@ -33,7 +33,7 @@ - systemdunitdir = @systemdunitdir@ - logpath = @logpath@ - pubconfpath = @pubconfpath@ --pkgconfigdir = $(libdir)/pkgconfig -+pkgconfigdir = $(prefix)/libdata/pkgconfig +From 2f2d2045b64edf63bbfb845095dbfaf754dc5ad3 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 01/34] patch-Makefile.am + +--- + Makefile.am | 15 ++++++++------- + 1 file changed, 8 insertions(+), 7 deletions(-) + +diff --git Makefile.am Makefile.am +index f0ee88b..10e1e73 100644 +--- Makefile.am ++++ Makefile.am +@@ -649,7 +649,6 @@ sssd_be_SOURCES = \ + src/providers/data_provider_callbacks.c \ + $(SSSD_FAILOVER_OBJ) + sssd_be_LDADD = \ +- -ldl \ + $(SSSD_LIBS) \ + $(CARES_LIBS) \ + libsss_util.la +@@ -772,7 +771,7 @@ sss_sudo_cli_SOURCES = \ + src/sss_client/sudo/sss_sudo_response.c \ + src/sss_client/sudo_testcli/sudo_testcli.c + sss_sudo_cli_CFLAGS = $(AM_CFLAGS) +-sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) ++sss_sudo_cli_LDFLAGS = $(CLIENT_LIBS) -lintl + endif - AM_CFLAGS = - if WANT_AUX_INFO -@@ -753,21 +753,22 @@ + if BUILD_SSH +@@ -1159,7 +1158,7 @@ noinst_PROGRAMS += autofs_test_client + endif - noinst_PROGRAMS = pam_test_client pam_test_client_SOURCES = src/sss_client/pam_test_client.c -pam_test_client_LDFLAGS = -lpam -lpam_misc +pam_test_client_LDFLAGS = -lpam - #################### + if BUILD_AUTOFS + autofs_test_client_SOURCES = src/sss_client/autofs/autofs_test_client.c \ +@@ -1173,9 +1172,10 @@ endif # Client Libraries # #################### @@ -29,33 +50,32 @@ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ - src/sss_client/sss_cli.h \ - src/sss_client/nss_compat.h +@@ -1187,7 +1187,7 @@ libnss_sss_la_SOURCES = \ + src/sss_client/nss_mc_passwd.c \ + src/sss_client/nss_mc_group.c \ + src/sss_client/nss_mc.h -libnss_sss_la_LDFLAGS = \ +nss_sss_la_LDFLAGS = \ + $(CLIENT_LIBS) \ -module \ -version-info 2:0:0 \ - -Wl,--version-script,$(srcdir)/src/sss_client/sss_nss.exports -@@ -780,6 +781,7 @@ - src/sss_client/sss_pam_macros.h +@@ -1203,6 +1203,7 @@ pam_sss_la_SOURCES = \ pam_sss_la_LDFLAGS = \ + $(CLIENT_LIBS) \ + -lintl \ -lpam \ -module \ -avoid-version \ -@@ -1122,10 +1124,10 @@ +@@ -1727,7 +1728,7 @@ else mkdir -p $(DESTDIR)$(initdir) endif -install-data-hook: -- rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ -- $(DESTDIR)/$(nsslibdir)/libnss_sss.so -- mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 -+notnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotnotinstall-data-hook: -+ rm $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 \ -+ $(DESTDIR)/$(nsslibdir)/nss_sss.so -+ mv $(DESTDIR)/$(nsslibdir)/nss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/nss_sss.so.2 - - uninstall-hook: - if [ -f $(abs_builddir)/src/config/.files ]; then \ ++nopenopeinstall-data-hook: + rm $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 \ + $(DESTDIR)/$(nsslibdir)/libnss_sss.so + mv $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2.0.0 $(DESTDIR)/$(nsslibdir)/libnss_sss.so.2 +-- +1.8.0 + diff --git a/security/sssd/files/patch-configure.ac b/security/sssd/files/patch-configure.ac new file mode 100644 index 000000000000..5b846c2b1650 --- /dev/null +++ b/security/sssd/files/patch-configure.ac @@ -0,0 +1,24 @@ +From 281379e22034335ebcc64b1759564310cad91bce Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 02/34] patch-configure.ac + +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +diff --git configure.ac configure.ac +index 70671ae..0668884 100644 +--- configure.ac ++++ configure.ac +@@ -18,6 +18,7 @@ AM_INIT_AUTOMAKE([-Wall foreign subdir-objects tar-pax]) + AM_PROG_CC_C_O + AC_DISABLE_STATIC + AC_PROG_INSTALL ++AM_PROG_AR + AC_PROG_LIBTOOL + AC_CONFIG_MACRO_DIR([m4]) + AM_GNU_GETTEXT([external]) +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__confdb__confdb.c b/security/sssd/files/patch-src__confdb__confdb.c index 50fd9bbea268..35e7ecf2e036 100644 --- a/security/sssd/files/patch-src__confdb__confdb.c +++ b/security/sssd/files/patch-src__confdb__confdb.c @@ -1,5 +1,16 @@ ---- ./src/confdb/confdb.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/confdb/confdb.c 2011-10-13 12:15:03.000000000 -0400 +From 18614fe436d525826e260e7a0e8334c41bd2ce37 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 03/34] patch-src__confdb__confdb.c + +--- + src/confdb/confdb.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git src/confdb/confdb.c src/confdb/confdb.c +index d70dc36..9ee1f8c 100644 +--- src/confdb/confdb.c ++++ src/confdb/confdb.c @@ -28,6 +28,11 @@ #include "util/strtonum.h" #include "db/sysdb.h" @@ -12,3 +23,6 @@ #define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ if (!var) { \ ret = err; \ +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__lib__idmap__sss_idmap_conv.c b/security/sssd/files/patch-src__lib__idmap__sss_idmap_conv.c new file mode 100644 index 000000000000..2f85f153e39f --- /dev/null +++ b/security/sssd/files/patch-src__lib__idmap__sss_idmap_conv.c @@ -0,0 +1,24 @@ +From 194aa2e2960a2a67f9c0beb771635b8392e6e337 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:25:53 +0200 +Subject: [PATCH 34/34] patch-src__lib__idmap__sss_idmap_conv.c + +--- + src/lib/idmap/sss_idmap_conv.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/lib/idmap/sss_idmap_conv.c src/lib/idmap/sss_idmap_conv.c +index a336042..ac07746 100644 +--- src/lib/idmap/sss_idmap_conv.c ++++ src/lib/idmap/sss_idmap_conv.c +@@ -26,6 +26,7 @@ + #include <stdio.h> + #include <errno.h> + #include <ctype.h> ++#include <sys/endian.h> + + #include "lib/idmap/sss_idmap.h" + #include "lib/idmap/sss_idmap_private.h" +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__monitor__monitor.c b/security/sssd/files/patch-src__monitor__monitor.c index aa86eeb3bca0..13bf2c068e07 100644 --- a/security/sssd/files/patch-src__monitor__monitor.c +++ b/security/sssd/files/patch-src__monitor__monitor.c @@ -1,24 +1,40 @@ ---- ./src/monitor/monitor.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/monitor/monitor.c 2011-10-13 12:15:03.000000000 -0400 -@@ -57,6 +57,10 @@ - - int cmdline_debug_level; +From 628c783aa78c576f10087e3e4812904b90d218b0 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 04/34] patch-src__monitor__monitor.c + +--- + src/monitor/monitor.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git src/monitor/monitor.c src/monitor/monitor.c +index 8612524..3d3cab8 100644 +--- src/monitor/monitor.c ++++ src/monitor/monitor.c +@@ -90,6 +90,11 @@ int cmdline_debug_level; + int cmdline_debug_timestamps; + int cmdline_debug_microseconds; +errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, + struct mt_ctx *ctx, + const char *file, -+ monitor_reconf_fn fn); ++ monitor_reconf_fn fn, ++ bool ignore_missing); struct svc_spy; - struct mt_svc { -@@ -1606,10 +1610,6 @@ + enum mt_svc_type { +@@ -1792,11 +1797,6 @@ done: talloc_free(tmp_ctx); } -errno_t monitor_config_file_fallback(TALLOC_CTX *mem_ctx, - struct mt_ctx *ctx, - const char *file, -- monitor_reconf_fn fn); +- monitor_reconf_fn fn, +- bool ignore_missing); static void rewatch_config_file(struct tevent_context *ev, struct tevent_timer *te, struct timeval t, void *ptr) +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ad__ad_access.c b/security/sssd/files/patch-src__providers__ad__ad_access.c new file mode 100644 index 000000000000..51a4aab5f6a1 --- /dev/null +++ b/security/sssd/files/patch-src__providers__ad__ad_access.c @@ -0,0 +1,24 @@ +From 630e5b96040869f6ce24ac1d10bb370e819795e7 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:04:27 +0200 +Subject: [PATCH 33/34] patch-src__providers__ad__ad_access.c + +--- + src/providers/ad/ad_access.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/providers/ad/ad_access.c src/providers/ad/ad_access.c +index 314cdcf..ca0fb8b 100644 +--- src/providers/ad/ad_access.c ++++ src/providers/ad/ad_access.c +@@ -21,6 +21,7 @@ + */ + + #include <security/pam_modules.h> ++#include <security/pam_appl.h> + #include "src/util/util.h" + #include "src/providers/data_provider.h" + #include "src/providers/dp_backend.h" +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ad__ad_common.c b/security/sssd/files/patch-src__providers__ad__ad_common.c new file mode 100644 index 000000000000..89904f27d498 --- /dev/null +++ b/security/sssd/files/patch-src__providers__ad__ad_common.c @@ -0,0 +1,43 @@ +From 7223f18bd8ea22ed801a115934a2fe8dc0c0cdb8 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:03:49 +0200 +Subject: [PATCH 32/34] patch-src__providers__ad__ad_common.c + +--- + src/providers/ad/ad_common.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/ad/ad_common.c src/providers/ad/ad_common.c +index 8600dab..d628385 100644 +--- src/providers/ad/ad_common.c ++++ src/providers/ad/ad_common.c +@@ -38,7 +38,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + char *server; + char *realm; + char *ad_hostname; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[_POSIX_HOST_NAME_MAX + 1]; + + opts = talloc_zero(mem_ctx, struct ad_options); + if (!opts) return ENOMEM; +@@ -75,7 +75,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + */ + ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME); + if (ad_hostname == NULL) { +- gret = gethostname(hostname, HOST_NAME_MAX); ++ gret = gethostname(hostname, _POSIX_HOST_NAME_MAX); + if (gret != 0) { + ret = errno; + DEBUG(SSSDBG_FATAL_FAILURE, +@@ -83,7 +83,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, + strerror(ret))); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[_POSIX_HOST_NAME_MAX] = '\0'; + DEBUG(SSSDBG_CONF_SETTINGS, + ("Setting ad_hostname to [%s].\n", hostname)); + ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__data_provider_be.c b/security/sssd/files/patch-src__providers__data_provider_be.c index af962a437c96..51d5b27516fc 100644 --- a/security/sssd/files/patch-src__providers__data_provider_be.c +++ b/security/sssd/files/patch-src__providers__data_provider_be.c @@ -1,15 +1,17 @@ ---- ./src/providers/data_provider_be.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/data_provider_be.c 2011-10-13 12:15:03.000000000 -0400 -@@ -512,7 +512,7 @@ - return EIO; - } - -- pd->pam_status = PAM_SYSTEM_ERR; -+ pd->pam_status = PAM_SERVICE_ERR; - pd->domain = talloc_strdup(pd, becli->bectx->domain->name); - if (pd->domain == NULL) { - talloc_free(be_req); -@@ -1013,7 +1013,7 @@ +From f6d110d1f78a78ee957f7fce975d09fc698e0949 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 05/34] patch-src__providers__data_provider_be.c + +--- + src/providers/data_provider_be.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git src/providers/data_provider_be.c src/providers/data_provider_be.c +index 33590ae..1a25959 100644 +--- src/providers/data_provider_be.c ++++ src/providers/data_provider_be.c +@@ -2316,7 +2316,7 @@ static int load_backend_module(struct be_ctx *ctx, if (!handle) { DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n", mod_name, path, dlerror())); @@ -18,7 +20,7 @@ goto done; } -@@ -1033,7 +1033,7 @@ +@@ -2336,7 +2336,7 @@ static int load_backend_module(struct be_ctx *ctx, } else { DEBUG(0, ("Unable to load init fn %s from module %s, error: %s\n", mod_init_fn_name, mod_name, dlerror())); @@ -27,3 +29,6 @@ } goto done; } +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__fail_over.c b/security/sssd/files/patch-src__providers__fail_over.c index 07782702e2b9..b6bd5607d602 100644 --- a/security/sssd/files/patch-src__providers__fail_over.c +++ b/security/sssd/files/patch-src__providers__fail_over.c @@ -1,6 +1,17 @@ ---- ./src/providers/fail_over.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/fail_over.c 2011-10-13 12:15:03.000000000 -0400 -@@ -1191,7 +1191,7 @@ +From 9c10da92d16e5daa9589ca0e3e5f43f399844071 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 06/34] patch-src__providers__fail_over.c + +--- + src/providers/fail_over.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/fail_over.c src/providers/fail_over.c +index e7c4417..120022a 100644 +--- src/providers/fail_over.c ++++ src/providers/fail_over.c +@@ -1320,7 +1320,7 @@ resolve_srv_recv(struct tevent_req *req, struct fo_server **server) *******************************************************************/ struct resolve_get_domain_state { char *fqdn; @@ -9,7 +20,7 @@ }; static void resolve_get_domain_done(struct tevent_req *subreq); -@@ -1211,13 +1211,13 @@ +@@ -1340,13 +1340,13 @@ resolve_get_domain_send(TALLOC_CTX *mem_ctx, return NULL; } @@ -25,3 +36,6 @@ DEBUG(7, ("Host name is: %s\n", state->hostname)); subreq = resolv_gethostbyname_send(state, ev, resolv, +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ipa__ipa_common.c b/security/sssd/files/patch-src__providers__ipa__ipa_common.c index b3ac2f27c938..030549f6aeaa 100644 --- a/security/sssd/files/patch-src__providers__ipa__ipa_common.c +++ b/security/sssd/files/patch-src__providers__ipa__ipa_common.c @@ -1,15 +1,26 @@ ---- ./src/providers/ipa/ipa_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ipa/ipa_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -191,7 +191,7 @@ +From acb17ace2b204146e4b821fd7d5e27de5d8ee588 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 07/34] patch-src__providers__ipa__ipa_common.c + +--- + src/providers/ipa/ipa_common.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.c +index eb384a1..d7d8052 100644 +--- src/providers/ipa/ipa_common.c ++++ src/providers/ipa/ipa_common.c +@@ -47,7 +47,7 @@ int ipa_get_options(TALLOC_CTX *memctx, + char *realm; char *ipa_hostname; int ret; - int i; - char hostname[HOST_NAME_MAX + 1]; + char hostname[_POSIX_HOST_NAME_MAX + 1]; opts = talloc_zero(memctx, struct ipa_options); if (!opts) return ENOMEM; -@@ -220,14 +220,14 @@ +@@ -76,14 +76,14 @@ int ipa_get_options(TALLOC_CTX *memctx, ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME); if (ipa_hostname == NULL) { @@ -26,3 +37,6 @@ DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname)); ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); if (ret != EOK) { +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ipa__ipa_hbac.h b/security/sssd/files/patch-src__providers__ipa__ipa_hbac.h new file mode 100644 index 000000000000..a3cdad6efd28 --- /dev/null +++ b/security/sssd/files/patch-src__providers__ipa__ipa_hbac.h @@ -0,0 +1,24 @@ +From 08d2bd8bcd975f1bbd2ea3671ba42f022779d3a8 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 08/34] patch-src__providers__ipa__ipa_hbac.h + +--- + src/providers/ipa/ipa_hbac.h | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/providers/ipa/ipa_hbac.h src/providers/ipa/ipa_hbac.h +index 02077e3..b1d8efa 100644 +--- src/providers/ipa/ipa_hbac.h ++++ src/providers/ipa/ipa_hbac.h +@@ -39,6 +39,7 @@ + + #include <stdint.h> + #include <stdbool.h> ++#include <time.h> + + /** Result of HBAC evaluation */ + enum hbac_eval_result { +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__krb5__krb5_child.c b/security/sssd/files/patch-src__providers__krb5__krb5_child.c deleted file mode 100644 index 5664e0c4c782..000000000000 --- a/security/sssd/files/patch-src__providers__krb5__krb5_child.c +++ /dev/null @@ -1,377 +0,0 @@ ---- ./src/providers/krb5/krb5_child.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/krb5/krb5_child.c 2011-10-13 12:15:03.000000000 -0400 -@@ -39,6 +39,15 @@ - - #define SSSD_KRB5_CHANGEPW_PRINCIPAL "kadmin/changepw" - -+typedef struct _krb5_ticket_times { -+ krb5_timestamp authtime; /* XXX ? should ktime in KDC_REP == authtime -+ in ticket? otherwise client can't get this */ -+ krb5_timestamp starttime; /* optional in ticket, if not present, -+ use authtime */ -+ krb5_timestamp endtime; -+ krb5_timestamp renew_till; -+} krb5_ticket_times; -+ - struct krb5_child_ctx { - /* opts taken from kinit */ - /* in seconds */ -@@ -100,10 +109,10 @@ - - static krb5_context krb5_error_ctx; - static const char *__krb5_error_msg; --#define KRB5_DEBUG(level, krb5_error) do { \ -- __krb5_error_msg = sss_krb5_get_error_message(krb5_error_ctx, krb5_error); \ -+#define KRB5_DEBUG(level, krb5_error, ctx) do { \ -+ __krb5_error_msg = sss_krb5_get_error_message(ctx, krb5_error); \ - DEBUG(level, ("%d: [%d][%s]\n", __LINE__, krb5_error, __krb5_error_msg)); \ -- sss_krb5_free_error_message(krb5_error_ctx, __krb5_error_msg); \ -+ sss_krb5_free_error_message(ctx, __krb5_error_msg); \ - } while(0); - - static void sss_krb5_expire_callback_func(krb5_context context, void *data, -@@ -267,13 +276,13 @@ - - kerr = krb5_cc_resolve(ctx, tmp_ccname, &tmp_cc); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - - kerr = krb5_cc_initialize(ctx, tmp_cc, princ); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - if (fd != -1) { -@@ -284,7 +293,7 @@ - if (creds == NULL) { - kerr = create_empty_cred(ctx, princ, &l_cred); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - } else { -@@ -293,13 +302,13 @@ - - kerr = krb5_cc_store_cred(ctx, tmp_cc, l_cred); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - - kerr = krb5_cc_close(ctx, tmp_cc); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - tmp_cc = NULL; -@@ -420,7 +429,7 @@ - talloc_zfree(msg); - } - } else { -- krb5_msg = sss_krb5_get_error_message(krb5_error_ctx, kerr); -+ krb5_msg = sss_krb5_get_error_message(kr->ctx, kerr); - if (krb5_msg == NULL) { - DEBUG(1, ("sss_krb5_get_error_message failed.\n")); - return NULL; -@@ -429,7 +438,7 @@ - ret = pam_add_response(kr->pd, SSS_PAM_SYSTEM_INFO, - strlen(krb5_msg) + 1, - (const uint8_t *) krb5_msg); -- sss_krb5_free_error_message(krb5_error_ctx, krb5_msg); -+ sss_krb5_free_error_message(kr->ctx, krb5_msg); - } - if (ret != EOK) { - DEBUG(1, ("pam_add_response failed.\n")); -@@ -527,7 +536,7 @@ - break; - } - -- kerr = krb5_free_keytab_entry_contents(kr->ctx, &entry); -+ kerr = krb5_kt_free_entry(kr->ctx, &entry); - if (kerr != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -575,7 +584,7 @@ - if (krb5_kt_close(kr->ctx, keytab) != 0) { - DEBUG(1, ("krb5_kt_close failed")); - } -- if (krb5_free_keytab_entry_contents(kr->ctx, &entry) != 0) { -+ if (krb5_kt_free_entry(kr->ctx, &entry) != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } - if (principal != NULL) { -@@ -605,13 +614,13 @@ - kerr = krb5_get_init_creds_keytab(ctx, &creds, princ, keytab, 0, NULL, - &options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - return kerr; - } - - kerr = create_ccache_file(ctx, princ, ccname, &creds); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, ctx); - goto done; - } - kerr = 0; -@@ -633,21 +642,21 @@ - sss_krb5_expire_callback_func, - kr); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - DEBUG(1, ("Failed to set expire callback, continue without.\n")); - } - kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, - password, sss_krb5_prompter, kr, 0, - NULL, kr->options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - return kerr; - } - - if (kr->validate) { - kerr = validate_tgt(kr); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - return kerr; - } - -@@ -668,7 +677,7 @@ - - kerr = create_ccache_file(kr->ctx, kr->princ, kr->ccname, kr->creds); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - -@@ -692,7 +701,7 @@ - krb5_error_code kerr = 0; - char *pass_str = NULL; - char *newpass_str = NULL; -- int pam_status = PAM_SYSTEM_ERR; -+ int pam_status = PAM_SERVICE_ERR; - int result_code = -1; - krb5_data result_code_string; - krb5_data result_string; -@@ -734,7 +743,7 @@ - changepw_princ, - kr->options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - if (kerr == KRB5_KDC_UNREACH) { - pam_status = PAM_AUTHINFO_UNAVAIL; - } -@@ -773,7 +782,7 @@ - - if (kerr != 0 || result_code != 0) { - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - } else { - kerr = KRB5KRB_ERR_GENERIC; - } -@@ -825,7 +834,7 @@ - memset(kr->pd->newauthtok, 0, kr->pd->newauthtok_size); - - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - if (kerr == KRB5_KDC_UNREACH) { - pam_status = PAM_AUTHINFO_UNAVAIL; - } -@@ -846,7 +855,7 @@ - krb5_error_code kerr = 0; - char *pass_str = NULL; - char *changepw_princ = NULL; -- int pam_status = PAM_SYSTEM_ERR; -+ int pam_status = PAM_SERVICE_ERR; - - if (kr->pd->authtok_type != SSS_AUTHTOK_TYPE_PASSWORD) { - pam_status = PAM_CRED_INSUFFICIENT; -@@ -881,7 +890,7 @@ - kr->options, - NULL, NULL); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - DEBUG(1, ("Failed to unset expire callback, continue ...\n")); - } - kerr = krb5_get_init_creds_password(kr->ctx, kr->creds, kr->princ, -@@ -899,7 +908,7 @@ - memset(kr->pd->authtok, 0, kr->pd->authtok_size); - - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - switch (kerr) { - case KRB5_KDC_UNREACH: - pam_status = PAM_AUTHINFO_UNAVAIL; -@@ -911,7 +920,7 @@ - pam_status = PAM_CRED_ERR; - break; - default: -- pam_status = PAM_SYSTEM_ERR; -+ pam_status = PAM_SERVICE_ERR; - } - } - -@@ -981,13 +990,13 @@ - - kerr = krb5_cc_resolve(kr->ctx, ccname, &ccache); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - - kerr = krb5_get_renewed_creds(kr->ctx, kr->creds, kr->princ, ccache, NULL); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - if (kerr == KRB5_KDC_UNREACH) { - status = PAM_AUTHINFO_UNAVAIL; - } -@@ -997,7 +1006,7 @@ - if (kr->validate) { - kerr = validate_tgt(kr); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - -@@ -1019,13 +1028,13 @@ - - kerr = krb5_cc_initialize(kr->ctx, ccache, kr->princ); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - - kerr = krb5_cc_store_cred(kr->ctx, ccache, kr->creds); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto done; - } - -@@ -1059,8 +1068,8 @@ - - ret = create_ccache_file(kr->ctx, kr->princ, kr->ccname, NULL); - if (ret != 0) { -- KRB5_DEBUG(1, ret); -- pam_status = PAM_SYSTEM_ERR; -+ KRB5_DEBUG(1, ret, kr->ctx); -+ pam_status = PAM_SERVICE_ERR; - } - - ret = sendresponse(fd, ret, pam_status, kr); -@@ -1375,19 +1384,20 @@ - - kerr = krb5_init_context(&kr->ctx); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ /* FIXME: This sucks */ -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - - kerr = krb5_parse_name(kr->ctx, kr->upn, &kr->princ); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - - kerr = krb5_unparse_name(kr->ctx, kr->princ, &kr->name); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - -@@ -1400,18 +1410,18 @@ - - kerr = sss_krb5_get_init_creds_opt_alloc(kr->ctx, &kr->options); - if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - - /* A prompter is used to catch messages about when a password will - * expired. The library shall not use the prompter to ask for a new password - * but shall return KRB5KDC_ERR_KEY_EXP. */ -- krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); -- if (kerr != 0) { -- KRB5_DEBUG(1, kerr); -- goto failed; -- } -+ // krb5_get_init_creds_opt_set_change_password_prompt(kr->options, 0); -+ // if (kerr != 0) { -+ // KRB5_DEBUG(1, kerr, kr->ctx); -+ // goto failed; -+ // } - - lifetime_str = getenv(SSSD_KRB5_RENEWABLE_LIFETIME); - if (lifetime_str == NULL) { -@@ -1422,7 +1432,7 @@ - if (kerr != 0) { - DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", - lifetime_str)); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - krb5_get_init_creds_opt_set_renew_life(kr->options, lifetime); -@@ -1437,7 +1447,7 @@ - if (kerr != 0) { - DEBUG(1, ("krb5_string_to_deltat failed for [%s].\n", - lifetime_str)); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - krb5_get_init_creds_opt_set_tkt_life(kr->options, lifetime); -@@ -1486,7 +1496,7 @@ - kr, &kr->fast_ccname); - if (kerr != 0) { - DEBUG(1, ("check_fast_ccache failed.\n")); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - -@@ -1496,7 +1506,7 @@ - if (kerr != 0) { - DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_ccache_name " - "failed.\n")); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - -@@ -1507,7 +1517,7 @@ - if (kerr != 0) { - DEBUG(1, ("sss_krb5_get_init_creds_opt_set_fast_flags " - "failed.\n")); -- KRB5_DEBUG(1, kerr); -+ KRB5_DEBUG(1, kerr, kr->ctx); - goto failed; - } - } diff --git a/security/sssd/files/patch-src__providers__krb5__krb5_utils.c b/security/sssd/files/patch-src__providers__krb5__krb5_utils.c deleted file mode 100644 index 60a59e873a67..000000000000 --- a/security/sssd/files/patch-src__providers__krb5__krb5_utils.c +++ /dev/null @@ -1,17 +0,0 @@ ---- ./src/providers/krb5/krb5_utils.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/krb5/krb5_utils.c 2011-10-13 12:15:03.000000000 -0400 -@@ -435,10 +435,10 @@ - } - - server_name = talloc_asprintf(NULL, "krbtgt/%.*s@%.*s", -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data, -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data); -+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), -+ krb5_princ_realm(ctx, client_princ), -+ krb5_realm_length(krb5_princ_realm(ctx, client_princ)), -+ krb5_princ_realm(ctx, client_princ)); - if (server_name == NULL) { - kerr = KRB5_CC_NOMEM; - DEBUG(1, ("talloc_asprintf failed.\n")); diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c index 6e035e808891..ce4f10a2605c 100644 --- a/security/sssd/files/patch-src__providers__ldap__ldap_auth.c +++ b/security/sssd/files/patch-src__providers__ldap__ldap_auth.c @@ -1,5 +1,16 @@ ---- ./src/providers/ldap/ldap_auth.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_auth.c 2011-10-13 12:15:03.000000000 -0400 +From ad4b85556ddea5d5d2d6bcc5f00a8492b0b15c46 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 09/34] patch-src__providers__ldap__ldap_auth.c + +--- + src/providers/ldap/ldap_auth.c | 60 ++++++++++++++++++++++++++---------------- + 1 file changed, 37 insertions(+), 23 deletions(-) + +diff --git src/providers/ldap/ldap_auth.c src/providers/ldap/ldap_auth.c +index b0dd30c..6b1ad83 100644 +--- src/providers/ldap/ldap_auth.c ++++ src/providers/ldap/ldap_auth.c @@ -37,7 +37,6 @@ #include <sys/time.h> #include <strings.h> @@ -8,15 +19,7 @@ #include <security/pam_modules.h> #include "util/util.h" -@@ -46,6 +45,7 @@ - #include "providers/ldap/ldap_common.h" - #include "providers/ldap/sdap_async.h" - -+ - /* MIT Kerberos has the same hardcoded warning interval of 7 days. Due to the - * fact that using the expiration time of a Kerberos password with LDAP - * authentication is presumably a rare case a separate config option is not -@@ -59,6 +59,22 @@ +@@ -56,6 +55,22 @@ enum pwexpire { PWEXPIRE_SHADOW }; @@ -39,7 +42,7 @@ static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; -@@ -111,17 +127,16 @@ +@@ -110,17 +125,16 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, return EINVAL; } @@ -61,7 +64,7 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("Kerberos password expired.\n")); -@@ -742,7 +757,7 @@ +@@ -762,7 +776,7 @@ void sdap_pam_chpass_handler(struct be_req *breq) DEBUG(2, ("starting password change request for user [%s].\n", pd->user)); @@ -70,7 +73,7 @@ if (pd->cmd != SSS_PAM_CHAUTHTOK && pd->cmd != SSS_PAM_CHAUTHTOK_PRELIM) { DEBUG(2, ("chpass target was called by wrong pam command.\n")); -@@ -799,7 +814,7 @@ +@@ -821,7 +835,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret) { @@ -79,7 +82,7 @@ goto done; } -@@ -819,7 +834,7 @@ +@@ -841,7 +855,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); @@ -88,8 +91,8 @@ goto done; } break; -@@ -828,14 +843,14 @@ - &result); +@@ -850,14 +864,14 @@ static void sdap_auth4chpass_done(struct tevent_req *req) + state->breq->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; @@ -105,7 +108,7 @@ goto done; } break; -@@ -844,7 +859,7 @@ +@@ -866,7 +880,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); @@ -114,7 +117,7 @@ goto done; } } -@@ -884,7 +899,7 @@ +@@ -906,7 +920,7 @@ static void sdap_auth4chpass_done(struct tevent_req *req) dp_err = DP_ERR_OFFLINE; break; default: @@ -123,16 +126,34 @@ } done: -@@ -905,7 +920,7 @@ +@@ -929,7 +943,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) ret = sdap_exop_modify_passwd_recv(req, state, &result, &user_error_message); talloc_zfree(req); - if (ret) { + if (ret && ret != EIO) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + +@@ -970,7 +984,7 @@ static void sdap_pam_chpass_done(struct tevent_req *req) + state->dn, + lastchanged_name); + if (subreq == NULL) { +- state->pd->pam_status = PAM_SYSTEM_ERR; ++ state->pd->pam_status = PAM_SERVICE_ERR; + goto done; + } + +@@ -991,7 +1005,7 @@ static void sdap_lastchange_done(struct tevent_req *req) + + ret = sdap_modify_shadow_lastchange_recv(req); + if (ret != EOK) { - state->pd->pam_status = PAM_SYSTEM_ERR; + state->pd->pam_status = PAM_SERVICE_ERR; goto done; } -@@ -964,7 +979,7 @@ +@@ -1032,7 +1046,7 @@ void sdap_pam_auth_handler(struct be_req *breq) goto done; } @@ -141,7 +162,7 @@ switch (pd->cmd) { case SSS_PAM_AUTHENTICATE: -@@ -1021,7 +1036,7 @@ +@@ -1090,7 +1104,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) &pw_expire_type, &pw_expire_data); talloc_zfree(req); if (ret != EOK) { @@ -150,7 +171,7 @@ dp_err = DP_ERR_FATAL; goto done; } -@@ -1033,7 +1048,7 @@ +@@ -1102,7 +1116,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd, &result); if (ret != EOK) { DEBUG(1, ("check_pwexpire_shadow failed.\n")); @@ -159,8 +180,8 @@ goto done; } break; -@@ -1042,7 +1057,7 @@ - state->pd, &result); +@@ -1112,7 +1126,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) + be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_kerberos failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; @@ -168,8 +189,8 @@ goto done; } break; -@@ -1050,7 +1065,7 @@ - ret = check_pwexpire_ldap(state->pd, pw_expire_data, &result); +@@ -1121,7 +1135,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) + be_ctx->domain->pwd_expiration_warning); if (ret != EOK) { DEBUG(1, ("check_pwexpire_ldap failed.\n")); - state->pd->pam_status = PAM_SYSTEM_ERR; @@ -177,7 +198,7 @@ goto done; } break; -@@ -1058,7 +1073,7 @@ +@@ -1129,7 +1143,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) break; default: DEBUG(1, ("Unknow pasword expiration type.\n")); @@ -186,7 +207,7 @@ goto done; } } -@@ -1080,7 +1095,7 @@ +@@ -1151,7 +1165,7 @@ static void sdap_pam_auth_done(struct tevent_req *req) state->pd->pam_status = PAM_NEW_AUTHTOK_REQD; break; default: @@ -195,3 +216,6 @@ dp_err = DP_ERR_FATAL; } +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_child.c b/security/sssd/files/patch-src__providers__ldap__ldap_child.c index f4ad031850f7..4fee65214a83 100644 --- a/security/sssd/files/patch-src__providers__ldap__ldap_child.c +++ b/security/sssd/files/patch-src__providers__ldap__ldap_child.c @@ -1,6 +1,17 @@ ---- ./src/providers/ldap/ldap_child.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_child.c 2011-10-13 12:15:03.000000000 -0400 -@@ -165,7 +165,7 @@ +From 144bf96dbd929248159bf932c1d3b5bccf451bee Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 10/34] patch-src__providers__ldap__ldap_child.c + +--- + src/providers/ldap/ldap_child.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/providers/ldap/ldap_child.c src/providers/ldap/ldap_child.c +index f35d946..9a45cf5 100644 +--- src/providers/ldap/ldap_child.c ++++ src/providers/ldap/ldap_child.c +@@ -206,7 +206,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx, } realm_name = talloc_strdup(memctx, default_realm); @@ -9,35 +20,6 @@ if (!realm_name) { krberr = KRB5KRB_ERR_GENERIC; goto done; -@@ -279,20 +279,20 @@ - goto done; - } - -- krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); -- if (krberr) { -- DEBUG(2, ("Failed to get KDC time offset: %s\n", -- sss_krb5_get_error_message(context, krberr))); -- kdc_time_offset = 0; -- } else { -- if (kdc_time_offset_usec > 0) { -- kdc_time_offset++; -- } -- } -+ // krberr = krb5_get_time_offsets(context, &kdc_time_offset, &kdc_time_offset_usec); -+ // if (krberr) { -+ // DEBUG(2, ("Failed to get KDC time offset: %s\n", -+ // sss_krb5_get_error_message(context, krberr))); -+ // kdc_time_offset = 0; -+ // } else { -+ // if (kdc_time_offset_usec > 0) { -+ // kdc_time_offset++; -+ // } -+ // } - - krberr = 0; - *ccname_out = ccname; -- *expire_time_out = my_creds.times.endtime - kdc_time_offset; -+ *expire_time_out = my_creds.times.endtime; - - done: - if (keytab) krb5_kt_close(context, keytab); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ldap__ldap_common.c b/security/sssd/files/patch-src__providers__ldap__ldap_common.c index 400b33e6a3bc..18e180313ec2 100644 --- a/security/sssd/files/patch-src__providers__ldap__ldap_common.c +++ b/security/sssd/files/patch-src__providers__ldap__ldap_common.c @@ -1,6 +1,17 @@ ---- ./src/providers/ldap/ldap_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/ldap_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -749,7 +749,7 @@ +From 5becc163a7101c94c84c4b7e330b62eb137c3bd7 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 11/34] patch-src__providers__ldap__ldap_common.c + +--- + src/providers/ldap/ldap_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.c +index f8b921a..84e51ae 100644 +--- src/providers/ldap/ldap_common.c ++++ src/providers/ldap/ldap_common.c +@@ -1109,7 +1109,7 @@ sdap_gssapi_get_default_realm(TALLOC_CTX *mem_ctx) } realm = talloc_strdup(mem_ctx, krb5_realm); @@ -9,3 +20,6 @@ if (!realm) { DEBUG(0, ("Out of memory\n")); goto done; +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_access.c b/security/sssd/files/patch-src__providers__ldap__sdap_access.c index d27caf17ee99..dc782c5e19b6 100644 --- a/security/sssd/files/patch-src__providers__ldap__sdap_access.c +++ b/security/sssd/files/patch-src__providers__ldap__sdap_access.c @@ -1,5 +1,16 @@ ---- ./src/providers/ldap/sdap_access.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/ldap/sdap_access.c 2011-10-13 12:15:03.000000000 -0400 +From cebca2806d06fce5a5c610a39044a5a4039f71ef Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 12/34] patch-src__providers__ldap__sdap_access.c + +--- + src/providers/ldap/sdap_access.c | 43 +++++++++++++++++++--------------------- + 1 file changed, 20 insertions(+), 23 deletions(-) + +diff --git src/providers/ldap/sdap_access.c src/providers/ldap/sdap_access.c +index b198e04..37eae45 100644 +--- src/providers/ldap/sdap_access.c ++++ src/providers/ldap/sdap_access.c @@ -22,9 +22,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -10,7 +21,7 @@ #include <sys/param.h> #include <security/pam_modules.h> #include <talloc.h> -@@ -119,7 +117,7 @@ +@@ -109,7 +107,7 @@ void sdap_pam_access_handler(struct be_req *breq) pd); if (req == NULL) { DEBUG(1, ("Unable to start sdap_access request\n")); @@ -19,16 +30,16 @@ return; } -@@ -157,7 +155,7 @@ +@@ -149,7 +147,7 @@ sdap_access_send(TALLOC_CTX *mem_ctx, - state->be_ctx = be_ctx; + state->be_req = be_req; state->pd = pd; - state->pam_status = PAM_SYSTEM_ERR; + state->pam_status = PAM_SERVICE_ERR; state->ev = ev; state->access_ctx = access_ctx; state->current_rule = 0; -@@ -502,18 +500,17 @@ +@@ -502,18 +500,17 @@ static bool nds_check_expired(const char *exp_time_str) return true; } @@ -51,7 +62,7 @@ if (difftime(now, expire_time) > 0.0) { DEBUG(4, ("NDS account expired.\n")); -@@ -663,7 +660,7 @@ +@@ -662,7 +659,7 @@ static struct tevent_req *sdap_account_expired_send(TALLOC_CTX *mem_ctx, return NULL; } @@ -60,7 +71,7 @@ expire = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic, SDAP_ACCOUNT_EXPIRE_POLICY); -@@ -747,7 +744,7 @@ +@@ -746,7 +743,7 @@ static void sdap_account_expired_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -69,17 +80,17 @@ tevent_req_error(req, ret); return; } -@@ -807,7 +804,7 @@ +@@ -806,7 +803,7 @@ static struct tevent_req *sdap_access_filter_send(TALLOC_CTX *mem_ctx, state->filter = NULL; - state->be_ctx = be_ctx; + state->be_req = be_req; state->username = username; - state->pam_status = PAM_SYSTEM_ERR; + state->pam_status = PAM_SERVICE_ERR; state->sdap_ctx = access_ctx->id_ctx; state->ev = ev; state->access_ctx = access_ctx; -@@ -953,7 +950,7 @@ - SDAP_SEARCH_TIMEOUT)); +@@ -953,7 +950,7 @@ static void sdap_access_filter_connect_done(struct tevent_req *subreq) + false); if (subreq == NULL) { DEBUG(1, ("Could not start LDAP communication\n")); - state->pam_status = PAM_SYSTEM_ERR; @@ -87,7 +98,7 @@ tevent_req_error(req, EIO); return; } -@@ -984,13 +981,13 @@ +@@ -984,13 +981,13 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) if (ret == EOK) { return; } @@ -103,7 +114,7 @@ } goto done; -@@ -1009,7 +1006,7 @@ +@@ -1009,7 +1006,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) else if (results == NULL) { DEBUG(1, ("num_results > 0, but results is NULL\n")); ret = EIO; @@ -112,7 +123,7 @@ goto done; } else if (num_results > 1) { -@@ -1018,7 +1015,7 @@ +@@ -1018,7 +1015,7 @@ static void sdap_access_filter_get_access_done(struct tevent_req *subreq) */ DEBUG(1, ("Received multiple replies\n")); ret = EIO; @@ -121,7 +132,7 @@ goto done; } else { /* Ok, we got a single reply */ -@@ -1106,7 +1103,7 @@ +@@ -1104,7 +1101,7 @@ static void sdap_access_filter_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -130,7 +141,7 @@ tevent_req_error(req, ret); return; } -@@ -1247,7 +1244,7 @@ +@@ -1244,7 +1241,7 @@ static void sdap_access_service_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -139,7 +150,7 @@ tevent_req_error(req, ret); return; } -@@ -1274,7 +1271,7 @@ +@@ -1269,7 +1266,7 @@ static struct tevent_req *sdap_access_host_send( struct ldb_message_element *el; unsigned int i; char *host; @@ -148,7 +159,7 @@ req = tevent_req_create(mem_ctx, &state, struct sdap_access_host_ctx); if (!req) { -@@ -1370,7 +1367,7 @@ +@@ -1365,7 +1362,7 @@ static void sdap_access_host_done(struct tevent_req *subreq) talloc_zfree(subreq); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -157,7 +168,7 @@ tevent_req_error(req, ret); return; } -@@ -1395,7 +1392,7 @@ +@@ -1391,7 +1388,7 @@ sdap_access_recv(struct tevent_req *req, int *pam_status) static void sdap_access_done(struct tevent_req *req) { errno_t ret; @@ -166,7 +177,7 @@ struct be_req *breq = tevent_req_callback_data(req, struct be_req); -@@ -1403,7 +1400,7 @@ +@@ -1399,7 +1396,7 @@ static void sdap_access_done(struct tevent_req *req) talloc_zfree(req); if (ret != EOK) { DEBUG(1, ("Error retrieving access check result.\n")); @@ -175,3 +186,6 @@ } sdap_access_reply(breq, pam_status); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c new file mode 100644 index 000000000000..8c28a8a791ea --- /dev/null +++ b/security/sssd/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c @@ -0,0 +1,42 @@ +From 58d918d01b03a3332b3e9da917a45b4b7ef7a427 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:01:26 +0200 +Subject: [PATCH 30/34] patch-src__providers__ldap__sdap_async_sudo_hostinfo.c + +--- + src/providers/ldap/sdap_async_sudo_hostinfo.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git src/providers/ldap/sdap_async_sudo_hostinfo.c src/providers/ldap/sdap_async_sudo_hostinfo.c +index 0a695cd..108b4c2 100644 +--- src/providers/ldap/sdap_async_sudo_hostinfo.c ++++ src/providers/ldap/sdap_async_sudo_hostinfo.c +@@ -371,7 +371,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, + struct tevent_req *subreq = NULL; + struct sdap_sudo_get_hostnames_state *state = NULL; + char *dot = NULL; +- char hostname[HOST_NAME_MAX + 1]; ++ char hostname[_POSIX_HOST_NAME_MAX + 1]; + int resolv_timeout; + int ret; + +@@ -395,14 +395,14 @@ static struct tevent_req *sdap_sudo_get_hostnames_send(TALLOC_CTX *mem_ctx, + /* get hostname */ + + errno = 0; +- ret = gethostname(hostname, HOST_NAME_MAX); ++ ret = gethostname(hostname, _POSIX_HOST_NAME_MAX); + if (ret != EOK) { + ret = errno; + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve machine hostname " + "[%d]: %s\n", ret, strerror(ret))); + goto done; + } +- hostname[HOST_NAME_MAX] = '\0'; ++ hostname[_POSIX_HOST_NAME_MAX] = '\0'; + + state->hostnames[0] = talloc_strdup(state->hostnames, hostname); + if (state->hostnames[0] == NULL) { +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__providers__proxy__proxy_init.c b/security/sssd/files/patch-src__providers__proxy__proxy_init.c index cbd6a6f2237b..fb672747a7c6 100644 --- a/security/sssd/files/patch-src__providers__proxy__proxy_init.c +++ b/security/sssd/files/patch-src__providers__proxy__proxy_init.c @@ -1,6 +1,17 @@ ---- ./src/providers/proxy/proxy_init.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/providers/proxy/proxy_init.c 2011-10-13 12:15:03.000000000 -0400 -@@ -124,7 +124,7 @@ +From 6d9c90d8cd4dedbc0f3642e9fc8287eb34504e1a Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 13/34] patch-src__providers__proxy__proxy_init.c + +--- + src/providers/proxy/proxy_init.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git src/providers/proxy/proxy_init.c src/providers/proxy/proxy_init.c +index de4d7b6..99b464a 100644 +--- src/providers/proxy/proxy_init.c ++++ src/providers/proxy/proxy_init.c +@@ -123,7 +123,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, if (!ctx->handle) { DEBUG(0, ("Unable to load %s module with path, error: %s\n", libpath, dlerror())); @@ -9,7 +20,7 @@ goto done; } -@@ -132,7 +132,7 @@ +@@ -131,7 +131,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getpwnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -18,7 +29,7 @@ goto done; } -@@ -140,14 +140,14 @@ +@@ -139,14 +139,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getpwuid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -35,7 +46,7 @@ goto done; } -@@ -155,14 +155,14 @@ +@@ -154,14 +154,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getpwent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -52,7 +63,7 @@ goto done; } -@@ -170,7 +170,7 @@ +@@ -169,7 +169,7 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getgrnam_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -61,7 +72,7 @@ goto done; } -@@ -178,14 +178,14 @@ +@@ -177,14 +177,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getgrgid_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -78,7 +89,7 @@ goto done; } -@@ -193,14 +193,14 @@ +@@ -192,14 +192,14 @@ int sssm_proxy_id_init(struct be_ctx *bectx, libname); if (!ctx->ops.getgrent_r) { DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror())); @@ -95,3 +106,6 @@ goto done; } +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__resolv__async_resolv.c b/security/sssd/files/patch-src__resolv__async_resolv.c index ab308eb302c4..eb5396bb8dca 100644 --- a/security/sssd/files/patch-src__resolv__async_resolv.c +++ b/security/sssd/files/patch-src__resolv__async_resolv.c @@ -1,6 +1,17 @@ ---- ./src/resolv/async_resolv.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/resolv/async_resolv.c 2011-10-13 12:15:03.000000000 -0400 -@@ -1073,7 +1073,6 @@ +From 5434161320c86634512ac70e1d49c63375a71dc4 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 14/34] patch-src__resolv__async_resolv.c + +--- + src/resolv/async_resolv.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git src/resolv/async_resolv.c src/resolv/async_resolv.c +index 268d266..1bb84e5 100644 +--- src/resolv/async_resolv.c ++++ src/resolv/async_resolv.c +@@ -1203,7 +1203,6 @@ resolv_is_address(const char *name) hints.ai_flags = AI_NUMERICHOST; /* No network lookups */ ret = getaddrinfo(name, NULL, &hints, &res); @@ -8,7 +19,7 @@ if (ret != 0) { if (ret == -2) { DEBUG(9, ("[%s] does not look like an IP address\n", name)); -@@ -1081,6 +1080,8 @@ +@@ -1211,6 +1210,8 @@ resolv_is_address(const char *name) DEBUG(2, ("getaddrinfo failed [%d]: %s\n", ret, gai_strerror(ret))); } @@ -17,3 +28,6 @@ } return ret == 0; +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__responder__common__responder_common.c b/security/sssd/files/patch-src__responder__common__responder_common.c index 9a60b2b5aa47..c18ef760eb0c 100644 --- a/security/sssd/files/patch-src__responder__common__responder_common.c +++ b/security/sssd/files/patch-src__responder__common__responder_common.c @@ -1,6 +1,17 @@ ---- ./src/responder/common/responder_common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -195,7 +195,7 @@ +From b668ec58a5d60c65e24c3b123ab7589fb28c3e83 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 15/34] patch-src__responder__common__responder_common.c + +--- + src/responder/common/responder_common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/responder/common/responder_common.c src/responder/common/responder_common.c +index c5d7577..965a870 100644 +--- src/responder/common/responder_common.c ++++ src/responder/common/responder_common.c +@@ -308,7 +308,7 @@ static void client_recv(struct cli_ctx *cctx) talloc_free(cctx); break; @@ -9,3 +20,6 @@ DEBUG(5, ("Client disconnected!\n")); talloc_free(cctx); break; +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__responder__common__responder_dp.c b/security/sssd/files/patch-src__responder__common__responder_dp.c index a8c08ff19374..021e7ef91ff3 100644 --- a/security/sssd/files/patch-src__responder__common__responder_dp.c +++ b/security/sssd/files/patch-src__responder__common__responder_dp.c @@ -1,15 +1,17 @@ ---- ./src/responder/common/responder_dp.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_dp.c 2011-10-13 12:15:03.000000000 -0400 -@@ -210,7 +210,7 @@ - &sdp_req->err_min, - &sdp_req->err_msg); - if (ret != EOK) { -- if (ret == ETIME) { -+ if (ret == ETIMEDOUT) { - sdp_req->err_maj = DP_ERR_TIMEOUT; - sdp_req->err_min = ret; - sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); -@@ -569,7 +569,7 @@ +From e98e59d8a6958ac1dc87b53f71aa9f51251b4568 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 16/34] patch-src__responder__common__responder_dp.c + +--- + src/responder/common/responder_dp.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git src/responder/common/responder_dp.c src/responder/common/responder_dp.c +index d15ca4d..3cb406a 100644 +--- src/responder/common/responder_dp.c ++++ src/responder/common/responder_dp.c +@@ -213,7 +213,7 @@ static int sss_dp_get_reply(DBusPendingCall *pending, case DBUS_MESSAGE_TYPE_ERROR: if (strcmp(dbus_message_get_error_name(reply), DBUS_ERROR_NO_REPLY) == 0) { @@ -18,3 +20,15 @@ goto done; } DEBUG(0,("The Data Provider returned an error [%s]\n", +@@ -734,7 +734,7 @@ static void sss_dp_internal_get_done(DBusPendingCall *pending, void *ptr) + &sdp_req->dp_ret, + &sdp_req->err_msg); + if (ret != EOK) { +- if (ret == ETIME) { ++ if (ret == ETIMEDOUT) { + sdp_req->dp_err = DP_ERR_TIMEOUT; + sdp_req->dp_ret = ret; + sdp_req->err_msg = talloc_strdup(sdp_req, "Request timed out"); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__responder__common__responder_packet.c b/security/sssd/files/patch-src__responder__common__responder_packet.c index 30cf77c17248..cbe5cc4d69ed 100644 --- a/security/sssd/files/patch-src__responder__common__responder_packet.c +++ b/security/sssd/files/patch-src__responder__common__responder_packet.c @@ -1,6 +1,17 @@ ---- ./src/responder/common/responder_packet.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/responder/common/responder_packet.c 2011-10-13 12:15:03.000000000 -0400 -@@ -192,7 +192,7 @@ +From dd2d4ee745852a6d059b07966d1728b10c1240ff Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 17/34] patch-src__responder__common__responder_packet.c + +--- + src/responder/common/responder_packet.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git src/responder/common/responder_packet.c src/responder/common/responder_packet.c +index 5132d95..09b8d6d 100644 +--- src/responder/common/responder_packet.c ++++ src/responder/common/responder_packet.c +@@ -192,7 +192,7 @@ int sss_packet_recv(struct sss_packet *packet, int fd) } if (rb == 0) { @@ -9,3 +20,6 @@ } if (*packet->len > packet->memsize) { +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__sss_client__common.c b/security/sssd/files/patch-src__sss_client__common.c index b5afcd3a3c99..bb7beed38179 100644 --- a/security/sssd/files/patch-src__sss_client__common.c +++ b/security/sssd/files/patch-src__sss_client__common.c @@ -1,6 +1,17 @@ ---- ./src/sss_client/common.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/common.c 2011-10-13 12:15:03.000000000 -0400 -@@ -26,6 +26,7 @@ +From f40ad7e39f68345f3bfec169556463c1a13706e0 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 18/34] patch-src__sss_client__common.c + +--- + src/sss_client/common.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git src/sss_client/common.c src/sss_client/common.c +index 6639ae1..d0b5c6d 100644 +--- src/sss_client/common.c ++++ src/sss_client/common.c +@@ -25,6 +25,7 @@ #include "config.h" #include <nss.h> @@ -8,7 +19,18 @@ #include <security/pam_modules.h> #include <errno.h> #include <sys/types.h> -@@ -111,7 +112,6 @@ +@@ -61,6 +62,10 @@ + #define SSS_DEFAULT_WRITE_FLAGS 0 + #endif + ++#ifndef EOWNERDEAD ++#define EOWNERDEAD 130 ++#endif ++ + /* common functions */ + + int sss_cli_sd = -1; /* the sss client socket descriptor */ +@@ -124,7 +129,6 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, *errnop = error; break; case 0: @@ -16,15 +38,15 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -216,7 +216,6 @@ +@@ -232,7 +236,6 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, *errnop = error; break; case 0: - *errnop = ETIME; break; case 1: - if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -638,7 +637,6 @@ + if (pfd.revents & (POLLHUP)) { +@@ -669,7 +672,6 @@ static enum sss_status sss_cli_check_socket(int *errnop, const char *socket_name *errnop = error; break; case 0: @@ -32,7 +54,7 @@ break; case 1: if (pfd.revents & (POLLERR | POLLHUP | POLLNVAL)) { -@@ -688,23 +686,23 @@ +@@ -719,23 +721,23 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd, /* avoid looping in the nss daemon */ envval = getenv("_SSS_LOOPS"); if (envval && strcmp(envval, "NO") == 0) { @@ -61,3 +83,15 @@ } } +@@ -984,7 +986,7 @@ errno_t sss_strnlen(const char *str, size_t maxlen, size_t *len) + *len = 0; + while (*len < maxlen) { + if (str[*len] == '\0') break; +- len++; ++ ++*len; + } + #endif + +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__sss_client__nss_group.c b/security/sssd/files/patch-src__sss_client__nss_group.c index 5ba574b5b2d5..9cf5f5f0e7d0 100644 --- a/security/sssd/files/patch-src__sss_client__nss_group.c +++ b/security/sssd/files/patch-src__sss_client__nss_group.c @@ -1,6 +1,17 @@ ---- ./src/sss_client/nss_group.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/nss_group.c 2011-10-13 12:15:03.000000000 -0400 -@@ -248,6 +248,77 @@ +From 36ea9e6d18578237b9e7ffef382788736eab49f5 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 19/34] patch-src__sss_client__nss_group.c + +--- + src/sss_client/nss_group.c | 71 ++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 71 insertions(+) + +diff --git src/sss_client/nss_group.c src/sss_client/nss_group.c +index e6ea54b..88cd1ab 100644 +--- src/sss_client/nss_group.c ++++ src/sss_client/nss_group.c +@@ -343,6 +343,77 @@ out: } @@ -78,3 +89,6 @@ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) { +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__sss_client__pam_sss.c b/security/sssd/files/patch-src__sss_client__pam_sss.c new file mode 100644 index 000000000000..45370623ca74 --- /dev/null +++ b/security/sssd/files/patch-src__sss_client__pam_sss.c @@ -0,0 +1,29 @@ +From 86816db5982df0c1b0c5f5722e23111c62ff362e Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 15:02:31 +0200 +Subject: [PATCH 31/34] patch-src__sss_client__pam_sss.c + +--- + src/sss_client/pam_sss.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c +index 3734c8f..7110d38 100644 +--- src/sss_client/pam_sss.c ++++ src/sss_client/pam_sss.c +@@ -125,10 +125,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err) + + static void close_fd(pam_handle_t *pamh, void *ptr, int err) + { ++#ifdef PAM_DATA_REPLACE + if (err & PAM_DATA_REPLACE) { + /* Nothing to do */ + return; + } ++#endif /* PAM_DATA_REPLACE */ + + D(("Closing the fd")); + sss_pam_close_fd(); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__sss_client__pam_test_client.c b/security/sssd/files/patch-src__sss_client__pam_test_client.c index 106919e56436..bfaa50bdaffa 100644 --- a/security/sssd/files/patch-src__sss_client__pam_test_client.c +++ b/security/sssd/files/patch-src__sss_client__pam_test_client.c @@ -1,5 +1,16 @@ ---- ./src/sss_client/pam_test_client.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/pam_test_client.c 2011-10-13 12:15:03.000000000 -0400 +From d15b99c87c08f17eef814f431a4a58ed4a3ba9b6 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 20/34] patch-src__sss_client__pam_test_client.c + +--- + src/sss_client/pam_test_client.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git src/sss_client/pam_test_client.c src/sss_client/pam_test_client.c +index ef424e7..d8cf36c 100644 +--- src/sss_client/pam_test_client.c ++++ src/sss_client/pam_test_client.c @@ -24,12 +24,13 @@ #include <stdio.h> @@ -16,3 +27,6 @@ NULL }; +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__sss_client__sss_nss.exports b/security/sssd/files/patch-src__sss_client__sss_nss.exports index 8ee95e4e0873..c9649d7784a7 100644 --- a/security/sssd/files/patch-src__sss_client__sss_nss.exports +++ b/security/sssd/files/patch-src__sss_client__sss_nss.exports @@ -1,6 +1,17 @@ ---- ./src/sss_client/sss_nss.exports.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/sss_client/sss_nss.exports 2011-10-13 12:13:42.000000000 -0400 -@@ -3,6 +3,7 @@ +From d7dcd7c8796efbecd4e41931080d7d28f72f9ee1 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:11 +0200 +Subject: [PATCH 21/34] patch-src__sss_client__sss_nss.exports + +--- + src/sss_client/sss_nss.exports | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git src/sss_client/sss_nss.exports src/sss_client/sss_nss.exports +index 1eefea8..8e85a05 100644 +--- src/sss_client/sss_nss.exports ++++ src/sss_client/sss_nss.exports +@@ -3,6 +3,7 @@ EXPORTED { # public functions global: @@ -8,7 +19,7 @@ _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; -@@ -14,8 +15,25 @@ +@@ -14,8 +15,25 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; @@ -34,3 +45,6 @@ #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; #_nss_sss_getaliasent_r; +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c b/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c index ce04ffd86db6..247c32109c27 100644 --- a/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c +++ b/security/sssd/files/patch-src__util__crypto__libcrypto__crypto_sha512crypt.c @@ -1,20 +1,54 @@ ---- ./src/util/crypto/libcrypto/crypto_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/crypto/libcrypto/crypto_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 -@@ -265,7 +265,7 @@ - goto done; - } +From 557ea27d9f1a8f86dc769ea6c174055992ebf803 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 22/34] patch-src__util__crypto__libcrypto__crypto_sha512crypt.c + +--- + src/util/crypto/libcrypto/crypto_sha512crypt.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git src/util/crypto/libcrypto/crypto_sha512crypt.c src/util/crypto/libcrypto/crypto_sha512crypt.c +index f4c3e0d..ed77fa6 100644 +--- src/util/crypto/libcrypto/crypto_sha512crypt.c ++++ src/util/crypto/libcrypto/crypto_sha512crypt.c +@@ -10,9 +10,7 @@ + /* SHA512-based Unix crypt implementation. + Released into the Public Domain by Ulrich Drepper <drepper@redhat.com>. */ + +-#include "config.h" +- +-#include <endian.h> ++#include <sys/endian.h> + #include <errno.h> + #include <limits.h> + #include <stdbool.h> +@@ -41,6 +39,8 @@ const char sha512_rounds_prefix[] = "rounds="; + #define ROUNDS_MIN 1000 + #define ROUNDS_MAX 999999999 -- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); -+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); - buflen -= SALT_PREF_SIZE; ++#define __stpncpy(x, y, z) stpncpy(x, y, z) ++ + /* Table with characters for base64 transformation. */ + const char b64t[64] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +@@ -198,7 +198,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; + } + memcpy(cp, temp_result, cnt); - if (rounds_custom) { -@@ -283,7 +283,7 @@ - ret = ERANGE; - goto done; +@@ -219,7 +219,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } -- cp = __stpncpy(cp, salt, salt_len); -+ cp = stpncpy(cp, salt, salt_len); - *cp++ = '$'; - buflen -= salt_len + 1; + memcpy(cp, temp_result, cnt); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c b/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c index 12631e967506..e0b4523cdedc 100644 --- a/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c +++ b/security/sssd/files/patch-src__util__crypto__nss__nss_sha512crypt.c @@ -1,5 +1,16 @@ ---- ./src/util/crypto/nss/nss_sha512crypt.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/crypto/nss/nss_sha512crypt.c 2011-10-13 12:15:03.000000000 -0400 +From f5fbf2eee46f33a4614f0553403c8590ca04bb59 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 23/34] patch-src__util__crypto__nss__nss_sha512crypt.c + +--- + src/util/crypto/nss/nss_sha512crypt.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git src/util/crypto/nss/nss_sha512crypt.c src/util/crypto/nss/nss_sha512crypt.c +index 76eb8a6..db7582d 100644 +--- src/util/crypto/nss/nss_sha512crypt.c ++++ src/util/crypto/nss/nss_sha512crypt.c @@ -10,7 +10,7 @@ #include "config.h" @@ -9,21 +20,33 @@ #include <errno.h> #include <limits.h> #include <stdbool.h> -@@ -267,7 +267,7 @@ - goto done; - } +@@ -42,6 +42,8 @@ const char sha512_rounds_prefix[] = "rounds="; + #define ROUNDS_MIN 1000 + #define ROUNDS_MAX 999999999 -- cp = __stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); -+ cp = stpncpy(buffer, sha512_salt_prefix, SALT_PREF_SIZE); - buflen -= SALT_PREF_SIZE; ++#define __stpncpy(x, y, z) stpncpy(x, y, z) ++ + /* Table with characters for base64 transformation. */ + const char b64t[64] = + "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; +@@ -205,7 +207,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence P. */ + cp = p_bytes = alloca(key_len); + for (cnt = key_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; + } + memcpy(cp, temp_result, cnt); - if (rounds_custom) { -@@ -285,7 +285,7 @@ - ret = ERANGE; - goto done; +@@ -223,7 +225,7 @@ static int sha512_crypt_r(const char *key, + /* Create byte sequence S. */ + cp = s_bytes = alloca(salt_len); + for (cnt = salt_len; cnt >= 64; cnt -= 64) { +- cp = mempcpy(cp, temp_result, 64); ++ cp = (char *) memcpy(cp, temp_result, 64) + 64; } -- cp = __stpncpy(cp, salt, salt_len); -+ cp = stpncpy(cp, salt, salt_len); - *cp++ = '$'; - buflen -= salt_len + 1; + memcpy(cp, temp_result, cnt); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__find_uid.c b/security/sssd/files/patch-src__util__find_uid.c index 1b518d45a885..aea7803302fc 100644 --- a/security/sssd/files/patch-src__util__find_uid.c +++ b/security/sssd/files/patch-src__util__find_uid.c @@ -1,6 +1,17 @@ ---- ./src/util/find_uid.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/find_uid.c 2011-10-13 12:15:03.000000000 -0400 -@@ -67,7 +67,7 @@ +From 0b1b319b34db96e2088c1f71d51ce95f819ccce8 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 24/34] patch-src__util__find_uid.c + +--- + src/util/find_uid.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git src/util/find_uid.c src/util/find_uid.c +index d34a4ab..b309b19 100644 +--- src/util/find_uid.c ++++ src/util/find_uid.c +@@ -67,7 +67,7 @@ static errno_t get_uid_from_pid(const pid_t pid, uid_t *uid) uint32_t num=0; errno_t error; @@ -9,7 +20,7 @@ if (ret < 0) { DEBUG(1, ("snprintf failed")); return EINVAL; -@@ -204,7 +204,7 @@ +@@ -206,7 +206,7 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) hash_key_t key; hash_value_t value; @@ -18,7 +29,7 @@ if (proc_dir == NULL) { ret = errno; DEBUG(1, ("Cannot open proc dir.\n")); -@@ -278,9 +278,8 @@ +@@ -280,9 +280,8 @@ done: errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) { @@ -29,3 +40,6 @@ ret = hash_create_ex(INITIAL_TABLE_SIZE, table, 0, 0, 0, 0, hash_talloc, hash_talloc_free, mem_ctx, NULL, NULL); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__murmurhash3.c b/security/sssd/files/patch-src__util__murmurhash3.c new file mode 100644 index 000000000000..aed45c78b2fe --- /dev/null +++ b/security/sssd/files/patch-src__util__murmurhash3.c @@ -0,0 +1,27 @@ +From 1295f600b3e94e02d8c5181b1b156325619c449f Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 25/34] patch-src__util__murmurhash3.c + +--- + src/util/murmurhash3.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git src/util/murmurhash3.c src/util/murmurhash3.c +index 80e52ed..341505c 100644 +--- src/util/murmurhash3.c ++++ src/util/murmurhash3.c +@@ -8,9 +8,8 @@ + + #include <stdlib.h> + #include <stdint.h> +-#include <endian.h> ++#include <sys/endian.h> + #include <string.h> +-#include <byteswap.h> + + /* support RHEL5 lack of definitions */ + #ifndef le32toh +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__server.c b/security/sssd/files/patch-src__util__server.c index 8d37670929f0..acf6afd3c455 100644 --- a/security/sssd/files/patch-src__util__server.c +++ b/security/sssd/files/patch-src__util__server.c @@ -1,22 +1,35 @@ ---- ./src/util/server.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/server.c 2011-10-13 12:15:03.000000000 -0400 -@@ -296,14 +296,15 @@ - BlockSignals(false, SIGTERM); +From 43f9d669315d710d8479b259e33d1f16afcba1d2 Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 26/34] patch-src__util__server.c + +--- + src/util/server.c | 11 ++++++----- + 1 file changed, 6 insertions(+), 5 deletions(-) + +diff --git src/util/server.c src/util/server.c +index b3073fc..2def1f6 100644 +--- src/util/server.c ++++ src/util/server.c +@@ -321,12 +321,13 @@ static void setup_signals(void) + BlockSignals(false, SIGTERM); - CatchSignal(SIGHUP, sig_hup); + CatchSignal(SIGHUP, sig_hup); - #ifndef HAVE_PRCTL - /* If prctl is not defined on the system, try to handle - * some common termination signals gracefully */ -- CatchSignal(SIGSEGV, sig_segv_abrt); -- CatchSignal(SIGABRT, sig_segv_abrt); -+ /* -+ CatchSignal(SIGSEGV, sig_segv_abrt); -+ CatchSignal(SIGABRT, sig_segv_abrt); -+ */ +- /* If prctl is not defined on the system, try to handle +- * some common termination signals gracefully */ +- CatchSignal(SIGSEGV, sig_segv_abrt); +- CatchSignal(SIGABRT, sig_segv_abrt); ++ /* If prctl is not defined on the system, try to handle ++ * some common termination signals gracefully */ ++ /* ++ CatchSignal(SIGSEGV, sig_segv_abrt); ++ CatchSignal(SIGABRT, sig_segv_abrt); ++ */ #endif -- -+ - } - /* + } +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__sss_krb5.c b/security/sssd/files/patch-src__util__sss_krb5.c deleted file mode 100644 index d0403d313f4d..000000000000 --- a/security/sssd/files/patch-src__util__sss_krb5.c +++ /dev/null @@ -1,58 +0,0 @@ ---- ./src/util/sss_krb5.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_krb5.c 2011-10-13 12:15:03.000000000 -0400 -@@ -165,8 +165,8 @@ - - if (_realm) { - *_realm = talloc_asprintf(mem_ctx, "%.*s", -- krb5_princ_realm(ctx, client_princ)->length, -- krb5_princ_realm(ctx, client_princ)->data); -+ krb5_realm_length(krb5_princ_realm(krb_ctx, client_princ)), -+ krb5_princ_realm(krb_ctx, client_princ)); - if (!*_realm) { - DEBUG(1, ("talloc_asprintf failed")); - if (_principal) talloc_zfree(*_principal); -@@ -243,7 +243,7 @@ - } - - realm_name = talloc_strdup(tmp_ctx, default_realm); -- krb5_free_default_realm(context, default_realm); -+ free(default_realm); - if (!realm_name) { - ret = ENOMEM; - goto done; -@@ -322,7 +322,7 @@ - found = true; - } - free(kt_principal); -- krberr = krb5_free_keytab_entry_contents(context, &entry); -+ krberr = krb5_kt_free_entry(context, &entry); - if (krberr) { - /* This should never happen. The API docs for this function - * specify only success for this function -@@ -466,7 +466,7 @@ - break; - } - -- kerr = krb5_free_keytab_entry_contents(ctx, &entry); -+ kerr = krb5_kt_free_entry(ctx, &entry); - if (kerr != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -504,7 +504,7 @@ - kerr = 0; - - done: -- kerr_d = krb5_free_keytab_entry_contents(ctx, &entry); -+ kerr_d = krb5_kt_free_entry(ctx, &entry); - if (kerr_d != 0) { - DEBUG(1, ("Failed to free keytab entry.\n")); - } -@@ -540,7 +540,7 @@ - void KRB5_CALLCONV sss_krb5_free_error_message(krb5_context ctx, const char *s) - { - #ifdef HAVE_KRB5_GET_ERROR_MESSAGE -- krb5_free_error_message(ctx, s); -+ free(s); - #else - free(s); - #endif diff --git a/security/sssd/files/patch-src__util__sss_krb5.h b/security/sssd/files/patch-src__util__sss_krb5.h deleted file mode 100644 index 2e028c3c4bd6..000000000000 --- a/security/sssd/files/patch-src__util__sss_krb5.h +++ /dev/null @@ -1,11 +0,0 @@ ---- ./src/util/sss_krb5.h.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_krb5.h 2011-10-13 12:15:09.000000000 -0400 -@@ -34,6 +34,8 @@ - - #include "util/util.h" - -+#define KRB5_CALLCONV -+ - const char * KRB5_CALLCONV sss_krb5_get_error_message (krb5_context, - krb5_error_code); - diff --git a/security/sssd/files/patch-src__util__sss_ldap.c b/security/sssd/files/patch-src__util__sss_ldap.c index 290a931692e3..513e205ca1d6 100644 --- a/security/sssd/files/patch-src__util__sss_ldap.c +++ b/security/sssd/files/patch-src__util__sss_ldap.c @@ -1,6 +1,27 @@ ---- ./src/util/sss_ldap.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/sss_ldap.c 2011-10-13 12:15:03.000000000 -0400 -@@ -267,7 +267,7 @@ +From 074dd84d5ed0e5d2b48d2aeb1b92e51507516c2d Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 16:08:12 +0200 +Subject: [PATCH 27/34] patch-src__util__sss_ldap.c + +--- + src/util/sss_ldap.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git src/util/sss_ldap.c src/util/sss_ldap.c +index 060aacf..a2cc82a 100644 +--- src/util/sss_ldap.c ++++ src/util/sss_ldap.c +@@ -208,6 +208,9 @@ static void sdap_async_sys_connect_done(struct tevent_context *ev, + errno = 0; + ret = connect(state->fd, (struct sockaddr *) &state->addr, + state->addr_len); ++ if (errno == EISCONN) { ++ ret = EOK; ++ } + if (ret != EOK) { + ret = errno; + if (ret == EINPROGRESS || ret == EINTR) { +@@ -268,7 +271,7 @@ static errno_t set_fd_flags_and_opts(int fd) strerror(ret))); } @@ -9,7 +30,7 @@ if (ret != 0) { ret = errno; DEBUG(5, ("setsockopt TCP_NODELAY failed.[%d][%s].\n", ret, -@@ -340,7 +340,7 @@ +@@ -341,7 +344,7 @@ struct tevent_req *sss_ldap_init_send(TALLOC_CTX *mem_ctx, DEBUG(9, ("Using file descriptor [%d] for LDAP connection.\n", state->sd)); subreq = sdap_async_sys_connect_send(state, ev, state->sd, @@ -18,3 +39,6 @@ if (subreq == NULL) { ret = ENOMEM; DEBUG(1, ("sdap_async_sys_connect_send failed.\n")); +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__util.c b/security/sssd/files/patch-src__util__util.c index f421e6da53fd..55f7df46f46d 100644 --- a/security/sssd/files/patch-src__util__util.c +++ b/security/sssd/files/patch-src__util__util.c @@ -1,5 +1,16 @@ ---- ./src/util/util.c.orig 2011-08-29 11:39:05.000000000 -0400 -+++ ./src/util/util.c 2011-10-13 12:15:03.000000000 -0400 +From a6a31d9de9d15c1e4627f2a7cfb8cb83a6d3e99a Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 4 May 2013 17:08:09 +0200 +Subject: [PATCH 28/34] patch-src__util__util.c + +--- + src/util/util.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git src/util/util.c src/util/util.c +index ab98077..e279a2e 100644 +--- src/util/util.c ++++ src/util/util.c @@ -18,6 +18,7 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -7,4 +18,7 @@ +#include <sys/socket.h> #include <ctype.h> #include <netdb.h> - + #include <poll.h> +-- +1.8.0 + diff --git a/security/sssd/files/patch-src__util__util.h b/security/sssd/files/patch-src__util__util.h new file mode 100644 index 000000000000..774f5239ba4f --- /dev/null +++ b/security/sssd/files/patch-src__util__util.h @@ -0,0 +1,48 @@ +From 4fb9ecea7fca68a58515e1552dfdb408ae28baeb Mon Sep 17 00:00:00 2001 +From: Lukas Slebodnik <lukas.slebodnik@intrak.sk> +Date: Sat, 27 Jul 2013 14:59:04 +0200 +Subject: [PATCH 29/34] patch-src__util__util.h + +--- + src/util/util.h | 25 +++++++------------------ + 1 file changed, 7 insertions(+), 18 deletions(-) + +diff --git src/util/util.h src/util/util.h +index 1f7c6c3..82988eb 100644 +--- src/util/util.h ++++ src/util/util.h +@@ -567,24 +567,13 @@ struct sss_domain_info *copy_subdomain(TALLOC_CTX *mem_ctx, + errno_t sss_br_lock_file(int fd, size_t start, size_t len, + int num_tries, useconds_t wait); + +-/* Endianness-compatibility for systems running older versions of glibc */ +- +-#ifndef le32toh +-#include <byteswap.h> +- +-/* Copied from endian.h on glibc 2.15 */ +-#ifdef __USE_BSD +-/* Conversion interfaces. */ +-# if __BYTE_ORDER == __LITTLE_ENDIAN +-# define le32toh(x) (x) +-# define htole32(x) (x) +-# else +-# define le32toh(x) __bswap_32 (x) +-# define htole32(x) __bswap_32 (x) +-# endif +-#endif /* __USE_BSD */ +- +-#endif /* le32toh */ ++#define BSD_ERR_MASK (0xB5DE <<16) ++#ifndef EUCLEAN ++#define EUCLEAN (BSD_ERR_MASK | 117) ++#endif ++#ifndef EMEDIUMTYPE ++#define EMEDIUMTYPE (BSD_ERR_MASK | 124) ++#endif + + #ifdef HAVE_PAC_RESPONDER + #define BUILD_WITH_PAC_RESPONDER true +-- +1.8.0 + diff --git a/security/sssd/files/pkg-message.in b/security/sssd/files/pkg-message.in new file mode 100644 index 000000000000..1b06ff5ba86b --- /dev/null +++ b/security/sssd/files/pkg-message.in @@ -0,0 +1,21 @@ +================================================================================ +Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf +and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details) + +To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf + +To enable pam integration, add a line similar to the following to +/etc/pam.d/system: + +login auth sufficient %%PREFIX%%/lib/pam_sss.so + +To enable NSS integration, update /etc/nsswitch.conf as follows: + +group: sss files +passwd: sss files + +For additional details, please see the man pages for pam.conf and nsswitch.conf + +An sssd HOWTO is also available: +https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2 +================================================================================ diff --git a/security/sssd/files/sssd.in b/security/sssd/files/sssd.in index 9123c92f9db7..219060bda833 100644 --- a/security/sssd/files/sssd.in +++ b/security/sssd/files/sssd.in @@ -21,7 +21,7 @@ name="sssd" rcvar=sssd_enable command="%%PREFIX%%/sbin/$name" -sssd_flags="-D" +sssd_flags="-f -D" pidfile="/var/run/$name.pid" required_files="%%PREFIX%%/etc/$name/$name.conf" |