author: William Grzybowski <wg@FreeBSD.org> 2014-06-12 14:35:01 +0000
committer: William Grzybowski <wg@FreeBSD.org> 2014-06-12 14:35:01 +0000
commit: ecd905d2bdf5a38d23f9f449c6b9ff8b00518061 (patch)
tree: 602c95665e22577314f4ac91c4e8f39c069e9343 /security/sssd
parent: efcd879e04195076e626c538d857d101e291244c (diff)
3 files changed, 46 insertions, 21 deletions
diff --git a/security/sssd/Makefile b/security/sssd/Makefile
index 1f4fb158f314..1f89ec18abd7 100644
--- a/security/sssd/Makefile
+++ b/security/sssd/Makefile
@@ -3,7 +3,7 @@
 
 PORTNAME=	sssd
 DISTVERSION=	1.9.6
-PORTREVISION=	4
+PORTREVISION=	5
 CATEGORIES=	security
 MASTER_SITES=   https://fedorahosted.org/released/${PORTNAME}/ \
 		http://mirrors.rit.edu/zi/
diff --git a/security/sssd/files/patch-src__man__pam_sss.8.xml b/security/sssd/files/patch-src__man__pam_sss.8.xml
index 9e59aa020075..0b890c8f7c65 100644
--- a/security/sssd/files/patch-src__man__pam_sss.8.xml
+++ b/security/sssd/files/patch-src__man__pam_sss.8.xml
@@ -1,27 +1,30 @@
-From 1a7794d0e3c9fa47f7b0256518186ce214e93504 Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Sat, 22 Mar 2014 15:09:34 +0100
+From 4f866ccca80bb8ed4013bc8ed48ab9ae2b9587ff Mon Sep 17 00:00:00 2001
+From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
+Date: Tue, 3 Jun 2014 22:10:50 +0200
 Subject: [PATCH 1/2] patch-src__man__pam_sss.8.xml
 
 ---
- src/man/pam_sss.8.xml | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
+ src/man/pam_sss.8.xml | 27 +++++++++++++++++++++++++++
+ 1 file changed, 27 insertions(+)
 
 diff --git src/man/pam_sss.8.xml src/man/pam_sss.8.xml
-index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296bec2d8e739 100644
+index 72b497ab34a520d21964824080c7f276b26706f4..69678dac5874067fc95ec47f72ed894854c5d569 100644
 --- src/man/pam_sss.8.xml
 +++ src/man/pam_sss.8.xml
-@@ -37,6 +37,9 @@
+@@ -37,6 +37,12 @@
              <arg choice='opt'>
                  <replaceable>retry=N</replaceable>
              </arg>
 +            <arg choice='opt'>
 +                <replaceable>ignore_unknown_user</replaceable>
 +            </arg>
++            <arg choice='opt'>
++                <replaceable>ignore_authinfo_unavail</replaceable>
++            </arg>
          </cmdsynopsis>
      </refsynopsisdiv>
  
-@@ -103,6 +106,16 @@
+@@ -103,6 +109,27 @@
                      <option>PasswordAuthentication</option>.</para>
                  </listitem>
              </varlistentry>
@@ -35,9 +38,20 @@ index 72b497ab34a520d21964824080c7f276b26706f4..5b4e456e2b0b7469a233d7bd98d296be
 +                    the PAM framework to ignore this module.</para>
 +                </listitem>
 +            </varlistentry>
++            <varlistentry>
++                <term>
++                    <option>ignore_authinfo_unavail</option>
++                </term>
++                <listitem>
++                    <para>
++                    Specifies  that  the  PAM module should return PAM_IGNORE
++                    if it cannot contact the SSSD daemon. This causes
++                    the PAM framework to ignore this module.</para>
++                </listitem>
++            </varlistentry>
          </variablelist>
      </refsect1>
  
 -- 
-1.8.5.3
+1.9.3
 
diff --git a/security/sssd/files/patch-src__sss_client__pam_sss.c b/security/sssd/files/patch-src__sss_client__pam_sss.c
index a1bf2821429d..0c4a03d6022e 100644
--- a/security/sssd/files/patch-src__sss_client__pam_sss.c
+++ b/security/sssd/files/patch-src__sss_client__pam_sss.c
@@ -1,25 +1,26 @@
-From 68fcd5f830b6451de5fd9d697fa6602dc3ca9972 Mon Sep 17 00:00:00 2001
+From 18bce9f12311c6e7a7fe4350150120a98b3ec106 Mon Sep 17 00:00:00 2001
 From: Lukas Slebodnik <lukas.slebodnik@intrak.sk>
-Date: Sat, 27 Jul 2013 15:02:31 +0200
+Date: Wed, 6 Nov 2013 22:01:21 +0100
 Subject: [PATCH 2/2] patch-src__sss_client__pam_sss.c
 
 ---
- src/sss_client/pam_sss.c | 13 +++++++++++++
- 1 file changed, 13 insertions(+)
+ src/sss_client/pam_sss.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
 
 diff --git src/sss_client/pam_sss.c src/sss_client/pam_sss.c
-index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe4101d2268f3 100644
+index 5fd276ccba15da1f689b1939a02288dda7a09d89..e35552f7e612d3e68f957845998a8105437af301 100644
 --- src/sss_client/pam_sss.c
 +++ src/sss_client/pam_sss.c
-@@ -52,6 +52,7 @@
+@@ -52,6 +52,8 @@
  #define FLAGS_USE_FIRST_PASS (1 << 0)
  #define FLAGS_FORWARD_PASS   (1 << 1)
  #define FLAGS_USE_AUTHTOK    (1 << 2)
 +#define FLAGS_IGNORE_UNKNOWN_USER (1 << 3)
++#define FLAGS_IGNORE_AUTHINFO_UNAVAIL (1 << 4)
  
  #define PWEXP_FLAG "pam_sss:password_expired_flag"
  #define FD_DESTRUCTOR "pam_sss:fd_destructor"
-@@ -125,10 +126,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
+@@ -125,10 +127,12 @@ static void free_exp_data(pam_handle_t *pamh, void *ptr, int err)
  
  static void close_fd(pam_handle_t *pamh, void *ptr, int err)
  {
@@ -32,26 +33,32 @@ index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe410
  
      D(("Closing the fd"));
      sss_pam_close_fd();
-@@ -1292,6 +1295,8 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
+@@ -1292,6 +1296,10 @@ static void eval_argv(pam_handle_t *pamh, int argc, const char **argv,
              }
          } else if (strcmp(*argv, "quiet") == 0) {
              *quiet_mode = true;
 +        } else if (strcmp(*argv, "ignore_unknown_user") == 0) {
 +            *flags |= FLAGS_IGNORE_UNKNOWN_USER;
++        } else if (strcmp(*argv, "ignore_authinfo_unavail") == 0) {
++            *flags |= FLAGS_IGNORE_AUTHINFO_UNAVAIL;
          } else {
              logger(pamh, LOG_WARNING, "unknown option: %s", *argv);
          }
-@@ -1429,6 +1434,9 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+@@ -1429,6 +1437,13 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
      ret = get_pam_items(pamh, &pi);
      if (ret != PAM_SUCCESS) {
          D(("get items returned error: %s", pam_strerror(pamh,ret)));
 +        if (flags & FLAGS_IGNORE_UNKNOWN_USER && ret == PAM_USER_UNKNOWN) {
 +            ret = PAM_IGNORE;
 +        }
++        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
++                && ret == PAM_AUTHINFO_UNAVAIL) {
++            ret = PAM_IGNORE;
++        }
          return ret;
      }
  
-@@ -1467,6 +1475,11 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+@@ -1467,6 +1482,15 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
  
          pam_status = send_and_receive(pamh, &pi, task, quiet_mode);
  
@@ -59,10 +66,14 @@ index 5fd276ccba15da1f689b1939a02288dda7a09d89..4cb976cf28eba5c14168a91eb23fe410
 +                && pam_status == PAM_USER_UNKNOWN) {
 +            pam_status = PAM_IGNORE;
 +        }
++        if (flags & FLAGS_IGNORE_AUTHINFO_UNAVAIL
++                && pam_status == PAM_AUTHINFO_UNAVAIL) {
++            pam_status = PAM_IGNORE;
++        }
 +
          switch (task) {
              case SSS_PAM_AUTHENTICATE:
                  /* We allow sssd to send the return code PAM_NEW_AUTHTOK_REQD during
 -- 
-1.8.5.3
+1.9.3
author	William Grzybowski <wg@FreeBSD.org>	2014-06-12 14:35:01 +0000
committer	William Grzybowski <wg@FreeBSD.org>	2014-06-12 14:35:01 +0000
commit	ecd905d2bdf5a38d23f9f449c6b9ff8b00518061 (patch)
tree	602c95665e22577314f4ac91c4e8f39c069e9343 /security/sssd
parent	efcd879e04195076e626c538d857d101e291244c (diff)