kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix again

Browse Source
This commit is contained in:
Charlie Root
2024-05-30 11:53:28 +02:00
parent b9efabee8a
commit 2f48f28d81
70 changed files with 0 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

198
security/sssd2/files/bsdnss.c Normal file
View File

@ -0,0 +1,198 @@
#include <errno.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <pwd.h>
#include <grp.h>
#include <nss.h>
#include <netdb.h>
NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership);
extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t,
int *);
extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *,
char *, size_t, int *);
extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *,
size_t, int *);
extern enum nss_status _nss_sss_setgrent(void);
extern enum nss_status _nss_sss_endgrent(void);
extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t,
int *);
extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *,
char *, size_t, int *);
extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *,
size_t, int *);
extern enum nss_status _nss_sss_setpwent(void);
extern enum nss_status _nss_sss_endpwent(void);
extern enum nss_status _nss_sss_gethostbyname_r(const char *name,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop,
int *h_errnop);
extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop,
int *h_errnop);
extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len,
int type,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop, int *h_errnop);
extern enum nss_status _nss_sss_getgroupmembership(const char *uname,
gid_t agroup, gid_t *groups,
int maxgrp, int *grpcnt);
static ns_mtab methods[] = {
{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r },
{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r },
{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r },
{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership },
};
ns_mtab *
nss_module_register(const char *source, unsigned int *mtabsize,
nss_module_unregister_fn *unreg)
{
*mtabsize = sizeof(methods)/sizeof(methods[0]);
*unreg = NULL;
return (methods);
}
int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap)
{
int (*fn)(const char *, gid_t, gid_t *, int, int *);
const char *uname;
gid_t agroup;
gid_t *groups;
int maxgrp;
int *grpcnt;
int errnop = 0;
enum nss_status status;
fn = mdata;
uname = va_arg(ap, const char *);
agroup = va_arg(ap, gid_t);
groups = va_arg(ap, gid_t *);
maxgrp = va_arg(ap, int);
grpcnt = va_arg(ap, int *);
status = fn(uname, agroup, groups, maxgrp, grpcnt);
status = __nss_compat_result(status, errnop);
return (status);
}
int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
{
enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
const char *name;
struct hostent *result;
char buffer[1024];
size_t buflen = 1024;
int errnop;
int h_errnop;
int af;
enum nss_status status;
fn = mdata;
name = va_arg(ap, const char*);
af = va_arg(ap,int);
result = va_arg(ap,struct hostent *);
status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
status = __nss_compat_result(status,errnop);
h_errno = h_errnop;
return (status);
}
int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
{
enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
const char *name;
struct hostent *result;
char buffer[1024];
size_t buflen = 1024;
int errnop;
int h_errnop;
int af;
enum nss_status status;
fn = mdata;
name = va_arg(ap, const char*);
af = va_arg(ap,int);
result = va_arg(ap,struct hostent *);
status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
status = __nss_compat_result(status,errnop);
h_errno = h_errnop;
return (status);
}
int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
{
struct in_addr *addr;
int len;
int type;
struct hostent *result;
char buffer[1024];
size_t buflen = 1024;
int errnop;
int h_errnop;
enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
enum nss_status status;
fn = mdata;
addr = va_arg(ap, struct in_addr*);
len = va_arg(ap,int);
type = va_arg(ap,int);
result = va_arg(ap, struct hostent*);
status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop);
status = __nss_compat_result(status,errnop);
h_errno = h_errnop;
return (status);
}

857
security/sssd2/files/patch-Makefile.am Normal file
View File

@ -0,0 +1,857 @@
--- Makefile.am.orig 2024-02-12 00:15:58 UTC
+++ Makefile.am
@@ -59,7 +59,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services
krb5snippetsdir = $(sssddatadir)/krb5-snippets
dbuspolicydir = $(datadir)/dbus-1/system.d
dbusservicedir = $(datadir)/dbus-1/system-services
-sss_statedir = $(localstatedir)/lib/sss
+sss_statedir = $(localstatedir)/db/sss
runstatedir = @runstatedir@
localedir = @localedir@
nsslibdir = @nsslibdir@
@@ -642,6 +642,7 @@ SSSD_LIBS = \
SSSD_LIBS = \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(TEVENT_LIBS) \
$(POPT_LIBS) \
$(LDB_LIBS) \
@@ -713,6 +714,7 @@ dist_noinst_HEADERS = \
src/util/sss_ssh.h \
src/util/sss_ini.h \
src/util/sss_format.h \
+ src/util/sss_bsd_errno.h \
src/util/sss_pam_data.h \
src/util/refcount.h \
src/util/file_watch.h \
@@ -1514,6 +1516,7 @@ sssd_LDADD = \
$(SSSD_LIBS) \
$(INOTIFY_LIBS) \
$(LIBNL_LIBS) \
+ $(LTLIBINTL) \
$(KEYUTILS_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1542,6 +1545,7 @@ sssd_nss_LDADD = \
$(LIBADD_DL) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
libsss_idmap.la \
libsss_cert.la \
$(SYSTEMD_DAEMON_LIBS) \
@@ -1574,6 +1578,7 @@ sssd_pam_LDADD = \
$(LIBADD_DL) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SELINUX_LIBS) \
$(PAM_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
@@ -1593,8 +1598,10 @@ sssd_sudo_LDADD = \
src/responder/sudo/sudosrv_dp.c \
$(SSSD_RESPONDER_OBJ)
sssd_sudo_LDADD = \
+ $(GSSAPI_KRB5_LIBS) \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
@@ -1610,6 +1617,7 @@ sssd_autofs_LDADD = \
sssd_autofs_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
@@ -1630,6 +1638,7 @@ sssd_ssh_LDADD = \
sssd_ssh_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_cert.la \
@@ -1653,6 +1662,7 @@ sssd_pac_LDADD = \
$(NDR_KRB5PAC_LIBS) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_idmap.la \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1731,6 +1741,7 @@ sssd_ifp_LDADD = \
sssd_ifp_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_cert.la \
@@ -1794,6 +1805,7 @@ sssd_kcm_LDADD = \
$(LIBADD_DL) \
$(KRB5_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(UUID_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1844,6 +1856,7 @@ sssd_be_LDADD = \
sssd_be_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CARES_LIBS) \
$(PAM_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1905,6 +1918,7 @@ sss_signal_LDADD = \
src/tools/common/sss_process.c
$(NULL)
sss_signal_LDADD = \
+ $(LTLIBINTL) \
libsss_debug.la \
$(NULL)
@@ -1961,7 +1975,7 @@ sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
src/sss_client/sudo/sss_sudo_response.c \
src/sss_client/sudo_testcli/sudo_testcli.c
sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
-sss_sudo_cli_LDADD = $(CLIENT_LIBS)
+sss_sudo_cli_LDADD = $(GSSAPI_KRB5_LIBS) $(CLIENT_LIBS)
endif
if BUILD_SSH
@@ -2142,6 +2156,7 @@ sysdb_tests_LDADD = \
$(CHECK_CFLAGS)
sysdb_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2155,6 +2170,7 @@ sysdb_ssh_tests_LDADD = \
$(CHECK_CFLAGS)
sysdb_ssh_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2167,6 +2183,7 @@ strtonum_tests_LDADD = \
$(CHECK_CFLAGS)
strtonum_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
libsss_debug.la \
libsss_test_common.la
@@ -2191,6 +2208,7 @@ krb5_utils_tests_LDADD = \
$(CHECK_CFLAGS)
krb5_utils_tests_LDADD = \
$(SSSD_LIBS)\
+ $(LTLIBINTL) \
$(CARES_LIBS) \
$(KRB5_LIBS) \
$(CHECK_LIBS) \
@@ -2251,6 +2269,7 @@ resolv_tests_LDADD = \
-DBUILD_TXT
resolv_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(CARES_LIBS) \
libsss_debug.la \
@@ -2264,6 +2283,7 @@ file_watch_tests_LDADD = \
$(CHECK_CFLAGS)
file_watch_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(INOTIFY_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -2277,6 +2297,7 @@ refcount_tests_LDADD = \
$(CHECK_CFLAGS)
refcount_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2290,6 +2311,7 @@ fail_over_tests_LDADD = \
$(CHECK_CFLAGS)
fail_over_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(CARES_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -2321,6 +2343,7 @@ auth_tests_LDADD = \
$(CHECK_CFLAGS)
auth_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2373,6 +2396,7 @@ util_tests_LDADD = \
$(NULL)
util_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -2385,6 +2409,7 @@ safe_format_tests_LDADD = \
$(CHECK_CFLAGS)
safe_format_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2397,6 +2422,7 @@ debug_tests_LDADD = \
$(CHECK_CFLAGS)
debug_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
libsss_debug.la
@@ -2420,6 +2446,7 @@ ipa_hbac_tests_LDADD = \
$(CHECK_CFLAGS)
ipa_hbac_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
libsss_test_common.la \
libipa_hbac.la
@@ -2454,6 +2481,7 @@ responder_socket_access_tests_LDADD = \
$(LIBADD_DL) \
$(CHECK_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2466,6 +2494,7 @@ stress_tests_LDADD = \
src/tests/stress-tests.c
stress_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la
krb5_child_test_SOURCES = \
@@ -2490,6 +2519,7 @@ krb5_child_test_LDADD = \
$(CHECK_CFLAGS)
krb5_child_test_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CARES_LIBS) \
$(KRB5_LIBS) \
$(CHECK_LIBS) \
@@ -2507,6 +2537,7 @@ test_ssh_client_LDADD = \
test_ssh_client_LDADD = \
$(SSSD_INTERNAL_LTLIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
test_sbus_message_SOURCES = \
@@ -2602,6 +2633,7 @@ nss_srv_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2650,6 +2682,7 @@ pam_srv_tests_LDADD = \
$(CMOCKA_LIBS) \
$(PAM_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(GSSAPI_KRB5_LIBS) \
@@ -2693,6 +2726,7 @@ ssh_srv_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2717,6 +2751,7 @@ responder_get_domains_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2780,6 +2815,7 @@ test_negcache_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -2806,6 +2842,7 @@ test_authtok_LDADD = \
$(CMOCKA_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libsss_debug.la \
$(NULL)
@@ -2821,6 +2858,7 @@ test_prompt_config_LDADD = \
test_prompt_config_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_debug.la \
$(TALLOC_LIBS) \
$(NULL)
@@ -2845,6 +2883,7 @@ deskprofile_utils_tests_LDADD = \
deskprofile_utils_tests_CFLAGS = \
$(AM_CFLAGS)
deskprofile_utils_tests_LDADD = \
+ $(LTLIBINTL) \
$(CMOCKA_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2868,6 +2907,7 @@ dyndns_tests_LDADD = \
$(CARES_LIBS) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2878,6 +2918,7 @@ domain_resolution_order_tests_LDADD = \
$(AM_CFLAGS)
domain_resolution_order_tests_LDADD = \
$(CMOCKA_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2888,6 +2929,7 @@ fqnames_tests_LDADD = \
fqnames_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2907,6 +2949,7 @@ nestedgroups_tests_LDADD = \
nestedgroups_tests_LDADD = \
$(CMOCKA_LIBS) \
$(OPENLDAP_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_idmap.la \
@@ -2940,6 +2983,7 @@ test_ipa_idmap_LDADD = \
test_ipa_idmap_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_idmap.la \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2962,6 +3006,7 @@ test_utils_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la
test_search_bases_SOURCES = \
@@ -2970,6 +3015,7 @@ test_search_bases_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -2984,6 +3030,7 @@ test_ldap_auth_LDADD = \
test_ldap_auth_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -2997,6 +3044,7 @@ test_ldap_id_cleanup_LDADD = \
test_ldap_id_cleanup_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(TEVENT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -3014,6 +3062,7 @@ test_sdap_access_LDADD = \
test_sdap_access_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -3033,6 +3082,7 @@ test_sdap_certmap_LDADD = \
test_sdap_certmap_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(POPT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -3044,6 +3094,7 @@ ad_access_filter_tests_LDADD = \
ad_access_filter_tests_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(TEVENT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -3065,6 +3116,7 @@ ad_gpo_tests_LDADD = \
$(CMOCKA_LIBS) \
$(OPENLDAP_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(NDR_NBT_LIBS) \
libsss_ldap_common.la \
@@ -3102,6 +3154,7 @@ ad_common_tests_LDADD = \
ad_common_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(KEYUTILS_LIBS) \
$(NDR_NBT_LIBS) \
$(NDR_KRB5PAC_LIBS) \
@@ -3124,6 +3177,7 @@ dp_opt_tests_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -3156,6 +3210,7 @@ sdap_tests_LDADD = \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(OPENLDAP_LIBS) \
libsss_test_common.la \
@@ -3176,6 +3231,7 @@ ifp_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -3205,6 +3261,7 @@ sss_sifp_tests_LDADD = \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS)
endif # BUILD_LIBSIFP
endif # BUILD_IFP
@@ -3221,6 +3278,7 @@ test_sysdb_views_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3237,6 +3295,7 @@ test_sysdb_ts_cache_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3251,6 +3310,7 @@ test_sysdb_subdomains_LDADD = \
$(CMOCKA_LIBS) \
$(LDB_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -3267,6 +3327,8 @@ test_sysdb_certmap_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3282,6 +3344,7 @@ test_sysdb_sudo_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3297,6 +3360,7 @@ test_sysdb_utils_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3328,6 +3392,7 @@ test_be_ptask_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3346,6 +3411,8 @@ test_copy_ccache_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3400,6 +3467,7 @@ test_child_common_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
+ $(LTLIBINTL) \
libsss_debug.la \
libsss_test_common.la \
$(NULL)
@@ -3419,6 +3487,7 @@ responder_cache_req_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -3441,6 +3510,7 @@ test_resolv_fake_LDADD = \
test_resolv_fake_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(CARES_LIBS) \
$(DHASH_LIBS) \
@@ -3464,6 +3534,7 @@ test_fo_srv_LDADD = \
$(TALLOC_LIBS) \
$(CARES_LIBS) \
$(DHASH_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3485,6 +3556,7 @@ test_sdap_initgr_LDADD = \
$(TEVENT_LIBS) \
$(LDB_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -3504,6 +3576,7 @@ test_ad_subdom_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_ad_tests.la \
libsss_idmap.la \
@@ -3527,6 +3600,7 @@ test_ipa_subdom_util_LDADD = \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3558,6 +3632,7 @@ test_ipa_subdom_server_LDADD = \
$(KEYUTILS_LIBS) \
$(KRB5_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_ad_tests.la \
libsss_test_common.la \
@@ -3579,6 +3654,7 @@ test_tools_colondb_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3595,6 +3671,7 @@ test_krb5_wait_queue_LDADD = \
$(POPT_LIBS) \
$(DHASH_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3615,6 +3692,7 @@ test_cert_utils_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(CRYPTO_LIBS) \
+ $(LTLIBINTL) \
libsss_debug.la \
libsss_test_common.la \
libsss_cert.la \
@@ -3641,6 +3719,7 @@ test_data_provider_be_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libdlopen_test_providers.la \
libsss_iface.la \
@@ -3670,6 +3749,7 @@ test_dp_request_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
if BUILD_SYSTEMTAP
@@ -3696,6 +3776,7 @@ test_dp_builtin_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3710,6 +3791,7 @@ test_ipa_dn_LDADD = \
$(TEVENT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3723,6 +3805,7 @@ test_iobuf_LDADD = \
test_iobuf_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
test_confdb_SOURCES = \
@@ -3737,6 +3820,7 @@ test_confdb_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3757,6 +3841,7 @@ simple_access_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libdlopen_test_providers.la \
libsss_iface.la \
@@ -3774,6 +3859,7 @@ krb5_common_test_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
libsss_krb5_common.la \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -3794,6 +3880,7 @@ test_inotify_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3812,6 +3899,7 @@ sss_certmap_test_LDADD = \
$(TALLOC_LIBS) \
$(SSS_CERT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libsss_certmap.la \
$(NULL)
@@ -3832,6 +3920,7 @@ test_sssd_krb5_locator_plugin_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3883,6 +3972,7 @@ test_passkey_LDADD = \
test_passkey_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
$(PASSKEY_LIBS) \
@@ -3910,6 +4000,7 @@ test_kcm_marshalling_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3925,6 +4016,7 @@ test_kcm_queue_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
libsss_iface.la \
@@ -3942,6 +4034,7 @@ test_krb5_idp_plugin_LDADD = \
test_krb5_idp_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(JANSSON_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
if BUILD_PASSKEY
@@ -3956,6 +4049,7 @@ test_krb5_passkey_plugin_LDADD = \
test_krb5_passkey_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(JANSSON_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
endif # BUILD_PASSKEY
@@ -3988,6 +4082,7 @@ test_kcm_renewals_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libsss_iface.la \
libsss_sbus.la \
@@ -4029,6 +4124,7 @@ test_sssd_krb5_localauth_plugin_LDADD = \
test_sssd_krb5_localauth_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
endif
@@ -4085,6 +4181,7 @@ libnss_sss_la_SOURCES = \
nsslib_LTLIBRARIES = libnss_sss.la
libnss_sss_la_SOURCES = \
src/sss_client/common.c \
+ src/sss_client/bsdnss.c \
src/sss_client/nss_passwd.c \
src/sss_client/nss_group.c \
src/sss_client/nss_netgroup.c \
@@ -4183,6 +4280,7 @@ libsss_sudo_la_LIBADD = \
src/sss_client/sudo/sss_sudo.h \
src/sss_client/sudo/sss_sudo_private.h
libsss_sudo_la_LIBADD = \
+ $(GSSAPI_KRB5_LIBS) \
$(CLIENT_LIBS)
libsss_sudo_la_LDFLAGS = \
-Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \
@@ -4314,6 +4412,7 @@ libsss_ldap_common_la_LIBADD = \
$(OPENLDAP_LIBS) \
$(DHASH_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
libsss_krb5_common.la \
libsss_idmap.la \
libsss_certmap.la \
@@ -4718,6 +4817,7 @@ ldap_child_LDADD = \
$(KRB5_CFLAGS)
ldap_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(DHASH_LIBS) \
@@ -4764,6 +4864,7 @@ gpo_child_LDADD = \
$(SMBCLIENT_CFLAGS)
gpo_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(DHASH_LIBS) \
@@ -4780,6 +4881,7 @@ proxy_child_LDADD = \
proxy_child_LDADD = \
$(PAM_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
libsss_sbus.la \
@@ -4807,6 +4909,7 @@ p11_child_LDADD = \
p11_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
@@ -4834,6 +4937,7 @@ passkey_child_LDADD = \
passkey_child_LDADD = \
libsss_crypt.la \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
@@ -4862,6 +4966,7 @@ oidc_child_LDADD = \
$(NULL)
oidc_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(JANSSON_LIBS) \
@@ -4880,6 +4985,7 @@ memberof_la_LIBADD = \
$(NULL)
memberof_la_LIBADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
$(DHASH_LIBS) \
@@ -4943,6 +5049,7 @@ sssd_krb5_idp_plugin_la_LIBADD = \
$(KRB5_LIBS) \
$(KRAD_LIBS) \
$(JANSSON_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
sssd_krb5_idp_plugin_la_LDFLAGS = \
-avoid-version \

51
security/sssd2/files/patch-configure.ac Normal file
View File

@ -0,0 +1,51 @@
--- configure.ac.orig 2023-05-05 08:11:07 UTC
+++ configure.ac
@@ -46,8 +46,6 @@ AC_CONFIG_HEADER(config.h)
AC_CHECK_HEADERS([stdatomic.h],,AC_MSG_ERROR([C11 atomic types are not supported]))
AC_CONFIG_HEADER(config.h)
-AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
-
m4_include([src/build_macros.m4])
BUILD_WITH_SHARED_BUILD_DIR
@@ -67,7 +65,20 @@ AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD"
LIBS=$SAVE_LIBS
AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
+saved_CFLAGS="$CFLAGS"
+CFLAGS="-Werror"
+AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[#include <string.h>]],
+ [[(void)mempcpy(NULL, NULL, 0);]])],
+ [AC_DEFINE([HAVE_MEMPCPY], [1], [mempcpy() available])
+ HAVE_MEMPCPY=1
+ ],
+ [AC_MSG_WARN([mempcpy() not found, will use private implementation])])
+CFLAGS="$saved_CFLAGS"
+
+AM_CONDITIONAL([HAVE_MEMPCPY], [test x"$HAVE_MEMPCPY" != "x"])
+
SAVE_LIBS=$LIBS
LIBS=
AC_LINK_IFELSE(
@@ -223,7 +234,6 @@ m4_include([src/external/libkeyutils.m4])
m4_include([src/external/crypto.m4])
m4_include([src/external/nsupdate.m4])
m4_include([src/external/libkeyutils.m4])
-m4_include([src/external/libkrad.m4])
m4_include([src/external/libnl.m4])
m4_include([src/external/systemd.m4])
m4_include([src/external/pac_responder.m4])
@@ -390,8 +400,8 @@ them please use argument --without-python3-bindings wh
AM_CHECK_PYTHON_HEADERS([],
AC_MSG_ERROR([Could not find python3 headers]))
- AC_SUBST([py3execdir], [$pyexecdir])
- AC_SUBST([python3dir], [$pythondir])
+ AC_SUBST([py3execdir], [$(eval echo $pyexecdir)])
+ AC_SUBST([python3dir], [$(eval echo $pythondir)])
AC_SUBST([PYTHON3_CFLAGS], [$PYTHON_CFLAGS])
AC_SUBST([PYTHON3_LIBS], [$PYTHON_LIBS])
AC_SUBST([PYTHON3_INCLUDES], [$PYTHON_INCLUDES])

19
security/sssd2/files/patch-src__confdb__confdb.c Normal file
View File

@ -0,0 +1,19 @@
--- src/confdb/confdb.c.orig 2023-05-05 08:11:07 UTC
+++ src/confdb/confdb.c
@@ -21,6 +21,7 @@
#include "config.h"
+#include <sys/param.h>
#include <ctype.h>
#include "util/util.h"
#include "confdb/confdb.h"
@@ -887,7 +888,7 @@ static char *confdb_get_domain_hostname(TALLOC_CTX *me
struct ldb_result *res,
const char *provider)
{
- char sys[HOST_NAME_MAX + 1] = {'\0'};
+ char sys[MAXHOSTNAMELEN + 1] = {'\0'};
const char *opt = NULL;
int ret;

21
security/sssd2/files/patch-src__external__crypto.m4 Normal file
View File

@ -0,0 +1,21 @@
--- src/external/crypto.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/crypto.m4
@@ -1,6 +1,15 @@
-AC_DEFUN([AM_CHECK_LIBCRYPTO],
- [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
- PKG_CHECK_MODULES([SSL],[libssl])
+CRYPTO_CFLAGS="-I/usr/include"
+CRYPTO_LIBS="-L/usr/lib -lcrypto"
+AC_SUBST(CRYPTO_CFLAGS)
+AC_SUBST(CRYPTO_LIBS)
+
+SSL_CFLAGS="-I/usr/include"
+SSL_LIBS="-L/usr/lib -lssl"
+AC_SUBST(SSL_CFLAGS)
+AC_SUBST(SSL_LIBS)
+
+AC_DEFUN([AM_CHECK_LIBCRYPTO], [
+ AC_MSG_RESULT([yes])
])
AC_MSG_CHECKING([whether OpenSSL's x400Address is ASN1_STRING])

15
security/sssd2/files/patch-src__external__inotify.m4 Normal file
View File

@ -0,0 +1,15 @@
--- src/external/inotify.m4.orig 2023-06-05 03:56:40 UTC
+++ src/external/inotify.m4
@@ -20,10 +20,10 @@ int main () {
AS_IF([test x"$inotify_works" != xyes],
[AC_CHECK_LIB([inotify],
[inotify_init],
- [INOTIFY_LIBS="$sss_extra_libdir -linotify"
+ [INOTIFY_LIBS="-L$sss_extra_libdir -linotify"
inotify_works=yes],
[inotify_works=no],
- [$sss_extra_libdir])]
+ [-L$sss_extra_libdir])]
)
AS_IF([test x"$inotify_works" = xyes],

13
security/sssd2/files/patch-src__external__krb5.m4 Normal file
View File

@ -0,0 +1,13 @@
--- src/external/krb5.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/krb5.m4
@@ -1,5 +1,10 @@
+KRB5_CFLAGS="-I/usr/local/include"
+KRB5_LIBS="-L/usr/local/lib -lkrb5"
+KRB5_CONFIG="/usr/local/bin/krb5-config"
+
AC_SUBST(KRB5_CFLAGS)
AC_SUBST(KRB5_LIBS)
+AC_SUBST(KRB5_CONFIG)
if test x$KRB5_LIBS != x; then
KRB5_PASSED_LIBS=$KRB5_LIBS

23
security/sssd2/files/patch-src__external__nsupdate.m4 Normal file
View File

@ -0,0 +1,23 @@
--- src/external/nsupdate.m4.orig 2024-01-12 12:05:40 UTC
+++ src/external/nsupdate.m4
@@ -4,13 +4,13 @@ if test -x "$NSUPDATE"; then
AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate])
AC_MSG_RESULT(yes)
- AC_MSG_CHECKING(for nsupdate 'realm' support')
- if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then
- AC_MSG_RESULT([yes])
- else
- AC_MSG_RESULT([no])
- AC_MSG_ERROR([nsupdate does not support 'realm'])
- fi
+ #AC_MSG_CHECKING(for nsupdate 'realm' support')
+ #if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then
+ # AC_MSG_RESULT([yes])
+ #else
+ # AC_MSG_RESULT([no])
+ # AC_MSG_ERROR([nsupdate does not support 'realm'])
+ #fi
else
AC_MSG_RESULT([no])

11
security/sssd2/files/patch-src__external__pac_responder.m4 Normal file
View File

@ -0,0 +1,11 @@
--- src/external/pac_responder.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/pac_responder.m4
@@ -7,7 +7,7 @@ then
krb5_version_ok=no
if test x$build_pac_responder = xyes
then
- AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+ AC_PATH_PROG(KRB5_CONFIG, /usr/local/bin/krb5-config)
AC_MSG_CHECKING(for supported MIT krb5 version)
KRB5_VERSION="`$KRB5_CONFIG --version`"
case $KRB5_VERSION in

51
security/sssd2/files/patch-src__external__platform.m4 Normal file
View File

@ -0,0 +1,51 @@
--- src/external/platform.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/platform.m4
@@ -1,9 +1,10 @@ AC_ARG_WITH([os],
AC_ARG_WITH([os],
- [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo)])]
+ [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo|freebsd)])]
)
osname=""
if test x"$with_os" != x ; then
if test x"$with_os" = xfedora || \
+ test x"$with_os" = xfreebsd || \
test x"$with_os" = xredhat || \
test x"$with_os" = xsuse || \
test x"$with_os" = xgentoo || \
@@ -25,6 +26,8 @@ if test x"$osname" = x ; then
osname="debian"
elif test -f /etc/gentoo-release ; then
osname="gentoo"
+ elif test -f /etc/os-release ; then
+ osname="freebsd"
fi
AC_MSG_NOTICE([Detected operating system type: $osname])
@@ -35,6 +38,7 @@ AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgent
AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse])
AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian])
AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo])
+AM_CONDITIONAL([HAVE_FREEBSD], [test x"$osname" = xfreebsd])
AS_CASE([$osname],
[redhat], [AC_DEFINE_UNQUOTED([HAVE_REDHAT], 1, [Build with redhat config])],
@@ -42,10 +46,18 @@ AS_CASE([$osname],
[suse], [AC_DEFINE_UNQUOTED([HAVE_SUSE], 1, [Build with suse config])],
[gentoo], [AC_DEFINE_UNQUOTED([HAVE_GENTOO], 1, [Build with gentoo config])],
[debian], [AC_DEFINE_UNQUOTED([HAVE_DEBIAN], 1, [Build with debian config])],
+ [freebsd], [AC_DEFINE_UNQUOTED([HAVE_FREEBSD], 1, [Build with freebsd config])],
[AC_MSG_NOTICE([Build with $osname config])])
-AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , ,
+if test x"$osname" = x"freebsd"; then
+ AC_CHECK_MEMBERS([struct xucred.cr_pid, struct xucred.cr_uid, struct xucred.cr_gid], , , [[
+#include <sys/param.h>
+#include <sys/ucred.h>
+]])
+else
+ AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , ,
[[#include <sys/socket.h>]])
+fi
if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \
x"$ac_cv_member_struct_ucred_uid" = xyes -a \

32
security/sssd2/files/patch-src__external__samba.m4 Normal file
View File

@ -0,0 +1,32 @@
--- src/external/samba.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/samba.m4
@@ -64,7 +64,7 @@ --without-samba
else
AC_MSG_CHECKING([Samba's idmap plugin interface version])
- sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/samba
+ sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/private
SAVE_CFLAGS=$CFLAGS
SAVE_LIBS=$LIBS
CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS"
@@ -157,12 +157,16 @@ AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_group
SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS"
AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_groups], , ,
- [[ #include <ndr.h>
- #include <gen_ndr/krb5pac.h>
+ [[ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <time.h>
+ #include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
AC_CHECK_MEMBERS([struct PAC_UPN_DNS_INFO.ex], ,
[AC_MSG_NOTICE([union PAC_UPN_DNS_INFO_EX is not available, PAC checks will be limited])],
- [[ #include <ndr.h>
- #include <gen_ndr/krb5pac.h>
+ [[ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <time.h>
+ #include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
CFLAGS=$SAVE_CFLAGS

19
security/sssd2/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c Normal file
View File

@ -0,0 +1,19 @@
--- src/krb5_plugin/common/radius_kdcpreauth.c.orig 2023-05-05 08:11:07 UTC
+++ src/krb5_plugin/common/radius_kdcpreauth.c
@@ -18,6 +18,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <errno.h>
#include <stdbool.h>
#include <stdlib.h>
@@ -414,7 +415,7 @@ sss_radiuskdc_client_init(krb5_context kctx,
struct sss_radiuskdc_config *config)
{
struct sss_radiuskdc_client *client;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
krb5_data data = {0};
krb5_error_code ret;

10
security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports Normal file
View File

@ -0,0 +1,10 @@
--- src/lib/certmap/sss_certmap.exports.orig 2024-01-12 12:05:40 UTC
+++ src/lib/certmap/sss_certmap.exports
@@ -2,7 +2,6 @@ SSS_CERTMAP_0.0 {
global:
sss_certmap_init;
sss_certmap_free_ctx;
- sss_certmap_err_msg;
sss_certmap_add_rule;
sss_certmap_match_cert;
sss_certmap_get_search_filter;

11
security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c Normal file
View File

@ -0,0 +1,11 @@
--- src/lib/winbind_idmap_sss/winbind_idmap_sss.c.orig 2023-05-05 08:11:07 UTC
+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.c
@@ -22,6 +22,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <sys/time.h>
#include <string.h>
#include <errno.h>

11
security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h Normal file
View File

@ -0,0 +1,11 @@
--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h.orig 2023-06-05 04:01:16 UTC
+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h
@@ -29,6 +29,8 @@
#include <stdbool.h>
#include <core/ntstatus.h>
+#include <unistd.h>
+#include <time.h>
#include <ndr.h>
#include <gen_ndr/security.h>

19
security/sssd2/files/patch-src__p11_child__p11_child_common.c Normal file
View File

@ -0,0 +1,19 @@
--- src/p11_child/p11_child_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/p11_child/p11_child_common.c
@@ -27,7 +27,6 @@
#include <stdlib.h>
#include <string.h>
#include <popt.h>
-#include <sys/prctl.h>
#include "util/util.h"
#include "util/child_common.h"
@@ -305,8 +304,6 @@ int main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "p11_child[%d]", getpid());
if (debug_prg_name == NULL) {

19
security/sssd2/files/patch-src__passkey_child__passkey_child_common.c Normal file
View File

@ -0,0 +1,19 @@
--- src/passkey_child/passkey_child_common.c.orig 2024-01-12 12:05:40 UTC
+++ src/passkey_child/passkey_child_common.c
@@ -23,7 +23,6 @@
*/
#include <popt.h>
-#include <sys/prctl.h>
#include <fido/param.h>
#include <openssl/err.h>
#include <openssl/pem.h>
@@ -272,8 +271,6 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const c
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
if (user_verification != NULL) {
if (strcmp(user_verification, "true") == 0) {

41
security/sssd2/files/patch-src__providers__ad__ad_common.c Normal file
View File

@ -0,0 +1,41 @@
--- src/providers/ad/ad_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ad/ad_common.c
@@ -19,6 +19,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <ctype.h>
#include "providers/ad/ad_common.h"
@@ -495,8 +496,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
char *server;
char *realm;
char *ad_hostname;
- char hostname[HOST_NAME_MAX + 1];
- char fqdn[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
+ char fqdn[MAXHOSTNAMELEN + 1];
char *case_sensitive_opt;
const char *opt_override;
@@ -543,7 +544,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
strerror(ret));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
if (strchr(hostname, '.') == NULL) {
ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn));
@@ -552,8 +553,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
"The hostname [%s] has been expanded to FQDN [%s]. "
"If sssd should really use the short hostname, please "
"set ad_hostname explicitly.\n", hostname, fqdn);
- strncpy(hostname, fqdn, HOST_NAME_MAX);
- hostname[HOST_NAME_MAX] = '\0';
+ strncpy(hostname, fqdn, MAXHOSTNAMELEN);
+ hostname[MAXHOSTNAMELEN] = '\0';
}
}

19
security/sssd2/files/patch-src__providers__ad__ad_gpo_child.c Normal file
View File

@ -0,0 +1,19 @@
--- src/providers/ad/ad_gpo_child.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ad/ad_gpo_child.c
@@ -26,7 +26,6 @@
#include <ctype.h>
#include <unistd.h>
#include <popt.h>
-#include <sys/prctl.h>
#include <libsmbclient.h>
#include <security/pam_modules.h>
@@ -699,8 +698,6 @@ main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "gpo_child[%d]", getpid());
if (debug_prg_name == NULL) {

11
security/sssd2/files/patch-src__providers__ad__ad_pac.h Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/ad/ad_pac.h.orig 2023-06-05 04:04:46 UTC
+++ src/providers/ad/ad_pac.h
@@ -32,6 +32,8 @@
#ifdef ldb_val
#error Please make sure to include ad_pac.h before ldb.h
#endif
+#include <unistd.h>
+#include <time.h>
#include <ndr.h>
#include <gen_ndr/krb5pac.h>
#include <gen_ndr/ndr_krb5pac.h>

11
security/sssd2/files/patch-src__providers__ad__ad_pac_common.c Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/ad/ad_pac_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ad/ad_pac_common.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <sys/time.h>
#include "providers/ad/ad_pac.h"
#include "util/util.h"

10
security/sssd2/files/patch-src__providers__data_provider__dp_modules.c Normal file
View File

@ -0,0 +1,10 @@
--- src/providers/data_provider/dp_modules.c.orig 2023-05-25 06:34:10 UTC
+++ src/providers/data_provider/dp_modules.c
@@ -23,6 +23,7 @@
#include "providers/data_provider/dp.h"
#include "providers/data_provider/dp_private.h"
#include "providers/backend.h"
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
/* There can be at most the same number of different modules loaded at

10
security/sssd2/files/patch-src__providers__data_provider__dp_targets.c Normal file
View File

@ -0,0 +1,10 @@
--- src/providers/data_provider/dp_targets.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/data_provider/dp_targets.c
@@ -26,6 +26,7 @@
#include "providers/data_provider/dp_private.h"
#include "providers/data_provider/dp_builtin.h"
#include "providers/backend.h"
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
#define DP_TARGET_INIT_FN "sssm_%s_%s_init"

11
security/sssd2/files/patch-src__providers__data_provider_be.c Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/data_provider_be.c.orig 2023-05-25 06:24:25 UTC
+++ src/providers/data_provider_be.c
@@ -25,6 +25,8 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
#include <sys/un.h>
#include <string.h>
#include <sys/time.h>

28
security/sssd2/files/patch-src__providers__data_provider_fo.c Normal file
View File

@ -0,0 +1,28 @@
--- src/providers/data_provider_fo.c.orig 2023-05-25 06:28:15 UTC
+++ src/providers/data_provider_fo.c
@@ -19,6 +19,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <netdb.h>
#include <arpa/inet.h>
#include "providers/backend.h"
@@ -237,7 +238,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx
const char *hostname)
{
struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
- char resolved_hostname[HOST_NAME_MAX + 1];
+ char resolved_hostname[MAXHOSTNAMELEN + 1];
errno_t ret;
if (hostname == NULL) {
@@ -248,7 +249,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx
"gethostname() failed: [%d]: %s\n", ret, strerror(ret));
return ret;
}
- resolved_hostname[HOST_NAME_MAX] = '\0';
+ resolved_hostname[MAXHOSTNAMELEN] = '\0';
hostname = resolved_hostname;
}

88
security/sssd2/files/patch-src__providers__files__files_ops.c Normal file
View File

@ -0,0 +1,88 @@
--- src/providers/files/files_ops.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/files/files_ops.c
@@ -53,8 +53,11 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx,
struct passwd *pwd_iter = NULL;
struct passwd *pwd = NULL;
struct passwd **users = NULL;
+ struct passwd *pbuf = NULL;
FILE *pwd_handle = NULL;
size_t n_users = 0;
+ char *buf = NULL;
+ unsigned int bufsize = 1024;
pwd_handle = fopen(passwd_file, "r");
if (pwd_handle == NULL) {
@@ -72,7 +75,19 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx,
goto done;
}
- while ((pwd_iter = fgetpwent(pwd_handle)) != NULL) {
+ buf = talloc_zero_array(mem_ctx, char, bufsize);
+ if (buf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ pbuf = talloc_zero(mem_ctx, struct passwd);
+ if (pbuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ while (getpwent_r(pbuf, buf, (size_t)bufsize, &pwd_iter) == 0 && pwd_iter != NULL) {
/* FIXME - we might want to support paging of sorts to avoid allocating
* all users atop a memory context or only return users that differ from
* the local storage as a diff to minimize memory spikes
@@ -126,6 +141,9 @@ done:
users[n_users] = NULL;
*_users = users;
done:
+ talloc_free(pbuf);
+ talloc_free(buf);
+
if (ret != EOK) {
talloc_free(users);
}
@@ -150,8 +168,11 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx,
struct group *grp_iter = NULL;
struct group *grp = NULL;
struct group **groups = NULL;
+ struct group *pbuf = NULL;
size_t n_groups = 0;
FILE *grp_handle = NULL;
+ char *buf = NULL;
+ unsigned int bufsize = 1024;
grp_handle = fopen(group_file, "r");
if (grp_handle == NULL) {
@@ -169,7 +190,19 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx,
goto done;
}
- while ((grp_iter = fgetgrent(grp_handle)) != NULL) {
+ buf = talloc_zero_array(mem_ctx, char, bufsize);
+ if (buf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ pbuf = talloc_zero(mem_ctx, struct group);
+ if (pbuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ while (getgrent_r(pbuf, buf, (size_t)bufsize, &grp_iter) == 0 && grp_iter != NULL) {
DEBUG(SSSDBG_TRACE_LIBS,
"Group found (%s, %"SPRIgid")\n",
grp_iter->gr_name, grp_iter->gr_gid);
@@ -230,6 +263,9 @@ done:
groups[n_groups] = NULL;
*_groups = groups;
done:
+ talloc_free(pbuf);
+ talloc_free(buf);
+
if (ret != EOK) {
talloc_free(groups);
}

28
security/sssd2/files/patch-src__providers__ipa__ipa_common.c Normal file
View File

@ -0,0 +1,28 @@
--- src/providers/ipa/ipa_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ipa/ipa_common.c
@@ -22,6 +22,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/inet.h>
@@ -51,7 +52,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
char *realm;
char *ipa_hostname;
int ret;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
opts = talloc_zero(memctx, struct ipa_options);
if (!opts) return ENOMEM;
@@ -88,7 +89,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
strerror(ret));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
if (ret != EOK) {

11
security/sssd2/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/ipa/ipa_deskprofile_rules_util.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ipa/ipa_deskprofile_rules_util.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <signal.h>
#include "providers/ipa/ipa_deskprofile_rules_util.h"
#include "providers/ipa/ipa_deskprofile_private.h"
#include "providers/ipa/ipa_rules_common.h"

19
security/sssd2/files/patch-src__providers__krb5__krb5_child.c Normal file
View File

@ -0,0 +1,19 @@
--- src/providers/krb5/krb5_child.c.orig 2024-01-12 12:05:40 UTC
+++ src/providers/krb5/krb5_child.c
@@ -28,7 +28,6 @@
#include <fcntl.h>
#include <ctype.h>
#include <popt.h>
-#include <sys/prctl.h>
#include <security/pam_modules.h>
@@ -4090,8 +4089,6 @@ int main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "krb5_child[%d]", getpid());
if (!debug_prg_name) {

46
security/sssd2/files/patch-src__providers__ldap__ldap_auth.c Normal file
View File

@ -0,0 +1,46 @@
--- src/providers/ldap/ldap_auth.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@
#include <sys/time.h>
#include <strings.h>
-#include <shadow.h>
#include <security/pam_modules.h>
#include "util/util.h"
@@ -51,6 +50,22 @@
#define LDAP_PWEXPIRE_WARNING_TIME 0
+struct spwd
+{
+ char *sp_namp; /* Login name. */
+ char *sp_pwdp; /* Encrypted password. */
+ long int sp_lstchg; /* Date of last change. */
+ long int sp_min; /* Minimum number of days between changes. */
+ long int sp_max; /* Maximum number of days between changes. */
+ long int sp_warn; /* Number of days to warn user to change
+ the password. */
+ long int sp_inact; /* Number of days the account may be
+ inactive. */
+ long int sp_expire; /* Number of days since 1970-01-01 until
+ account expires. */
+ unsigned long int sp_flag; /* Reserved. */
+};
+
static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
{
int ret;
@@ -96,9 +111,9 @@ static errno_t check_pwexpire_kerberos(const char *exp
}
DEBUG(SSSDBG_TRACE_ALL,
- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n",
- tzname[0], tzname[1], timezone, daylight, now, expire_time);
+ "Time info: tzname[0] [%s] tzname[1] [%s] "
+ "now [%"SPRItime"] expire_time [%"SPRItime"].\n",
+ tzname[0], tzname[1], now, expire_time);
if (expire_time == 0) {
/* Used by the MIT LDAP KDB plugin to indicate "never" */

42
security/sssd2/files/patch-src__providers__ldap__ldap_child.c Normal file
View File

@ -0,0 +1,42 @@
--- src/providers/ldap/ldap_child.c.orig 2024-01-12 12:05:40 UTC
+++ src/providers/ldap/ldap_child.c
@@ -23,11 +23,11 @@
*/
#include <sys/types.h>
+#include <sys/param.h>
#include <unistd.h>
#include <sys/stat.h>
#include <signal.h>
#include <popt.h>
-#include <sys/prctl.h>
#include "util/util.h"
#include "util/sss_krb5.h"
@@ -338,7 +338,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_
full_princ = talloc_strdup(tmp_ctx, princ_str);
}
} else {
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
ret = gethostname(hostname, sizeof(hostname));
if (ret == -1) {
@@ -347,7 +347,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_
errno, strerror(errno));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
@@ -661,8 +661,6 @@ int main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "ldap_child[%d]", getpid());
if (!debug_prg_name) {

41
security/sssd2/files/patch-src__providers__ldap__sdap_access.c Normal file
View File

@ -0,0 +1,41 @@
--- src/providers/ldap/sdap_access.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/sdap_access.c
@@ -24,6 +24,7 @@
#include "config.h"
+#include <sys/param.h>
#include <time.h>
#include <security/pam_modules.h>
#include <talloc.h>
@@ -568,9 +569,9 @@ bool nds_check_expired(const char *exp_time_str)
now = time(NULL);
DEBUG(SSSDBG_TRACE_ALL,
- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n",
- tzname[0], tzname[1], timezone, daylight, now, expire_time);
+ "Time info: tzname[0] [%s] tzname[1] [%s] "
+ "now [%"SPRItime"] expire_time [%"SPRItime"].\n",
+ tzname[0], tzname[1], now, expire_time);
if (difftime(now, expire_time) > 0.0) {
DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
@@ -1286,7 +1287,7 @@ static errno_t sdap_access_host(struct ldb_message *us
{
errno_t ret;
struct ldb_message_element *el;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
struct addrinfo *res = NULL;
struct addrinfo hints;
@@ -1301,7 +1302,7 @@ static errno_t sdap_access_host(struct ldb_message *us
"Unable to get system hostname. Access denied\n");
return ERR_ACCESS_DENIED;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
/* Canonicalize the hostname */
memset(&hints, 0, sizeof(struct addrinfo));

28
security/sssd2/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c Normal file
View File

@ -0,0 +1,28 @@
--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
@@ -18,6 +18,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <errno.h>
#include <tevent.h>
#include <talloc.h>
@@ -357,7 +358,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send
struct tevent_req *subreq = NULL;
struct sdap_sudo_get_hostnames_state *state = NULL;
char *dot = NULL;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
int ret;
req = tevent_req_create(mem_ctx, &state,
@@ -387,7 +388,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send
"[%d]: %s\n", ret, strerror(ret));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
if (state->hostnames[0] == NULL) {

29
security/sssd2/files/patch-src__providers__proxy__proxy_child.c Normal file
View File

@ -0,0 +1,29 @@
--- src/providers/proxy/proxy_child.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/proxy/proxy_child.c
@@ -30,6 +30,7 @@
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <errno.h>
@@ -469,6 +470,18 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, cons
return EOK;
}
+
+
+#if (defined(__FreeBSD__) && (__FreeBSD__ < 14))
+extern char **environ;
+
+static int
+clearenv(void)
+{
+ *environ = NULL;
+ return 0;
+}
+#endif
int main(int argc, const char *argv[])
{

28
security/sssd2/files/patch-src__resolv__async_resolv_utils.c Normal file
View File

@ -0,0 +1,28 @@
--- src/resolv/async_resolv_utils.c.orig 2023-05-05 08:11:07 UTC
+++ src/resolv/async_resolv_utils.c
@@ -18,6 +18,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <string.h>
#include <talloc.h>
#include <tevent.h>
@@ -45,7 +46,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
struct resolv_get_domain_state *state = NULL;
struct tevent_req *req = NULL;
struct tevent_req *subreq = NULL;
- char system_hostname[HOST_NAME_MAX + 1];
+ char system_hostname[MAXHOSTNAMELEN + 1];
errno_t ret;
req = tevent_req_create(mem_ctx, &state,
@@ -64,7 +65,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
ret, strerror(ret));
goto immediately;
}
- system_hostname[HOST_NAME_MAX] = '\0';
+ system_hostname[MAXHOSTNAMELEN] = '\0';
hostname = system_hostname;
}

10
security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c
@@ -23,6 +23,7 @@
#include <talloc.h>
#include <ldb.h>
#include <arpa/inet.h>
+#include <sys/socket.h>
#include "db/sysdb.h"
#include "db/sysdb_iphosts.h"

10
security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c
@@ -23,6 +23,7 @@
#include <talloc.h>
#include <ldb.h>
#include <arpa/inet.h>
+#include <sys/socket.h>
#include "db/sysdb.h"
#include "db/sysdb_ipnetworks.h"

10
security/sssd2/files/patch-src__responder__common__responder_common.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/responder_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/responder_common.c
@@ -33,6 +33,7 @@
#include <popt.h>
#include <dbus/dbus.h>
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
#include "util/strtonum.h"
#include "db/sysdb.h"

10
security/sssd2/files/patch-src__responder__common__responder_packet.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/responder_packet.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/responder_packet.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include <talloc.h>
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
#include "responder/common/responder_packet.h"

23
security/sssd2/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c Normal file
View File

@ -0,0 +1,23 @@
--- src/responder/kcm/kcmsrv_ccache_secdb.c.orig 2024-01-12 12:05:40 UTC
+++ src/responder/kcm/kcmsrv_ccache_secdb.c
@@ -21,6 +21,9 @@
#include "config.h"
+#include <sys/param.h>
+#include <sys/ucred.h>
+
#include <talloc.h>
#include <stdio.h>
@@ -871,8 +874,8 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX *
continue;
}
- cli_cred.ucred.uid = pwd->pw_uid;
- cli_cred.ucred.gid = pwd->pw_gid;
+ cli_cred.ucred.cr_uid = pwd->pw_uid;
+ cli_cred.ucred.cr_gid = pwd->pw_gid;
ret = key_by_uuid(tmp_ctx, secdb->sctx, &cli_cred, uuid, &secdb_key);
if (ret != EOK) {

15
security/sssd2/files/patch-src__responder__kcm__kcmsrv_cmd.c Normal file
View File

@ -0,0 +1,15 @@
--- src/responder/kcm/kcmsrv_cmd.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/kcm/kcmsrv_cmd.c
@@ -20,10 +20,12 @@
*/
#include <sys/uio.h>
+#include <sys/endian.h>
#include <krb5/krb5.h>
#include "config.h"
#include "util/util.h"
+#include "util/sss_bsd_errno.h"
#include "responder/common/responder.h"
#include "responder/kcm/kcmsrv_pvt.h"
#include "responder/kcm/kcmsrv_ops.h"

10
security/sssd2/files/patch-src__responder__kcm__kcmsrv_ops.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/kcm/kcmsrv_ops.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/kcm/kcmsrv_ops.c
@@ -21,6 +21,7 @@
#include "config.h"
+#include <sys/endian.h>
#include <krb5/krb5.h>
#include <dhash.h>

27
security/sssd2/files/patch-src__responder__nss__nsssrv_mmap_cache.c Normal file
View File

@ -0,0 +1,27 @@
--- src/responder/nss/nsssrv_mmap_cache.c.orig 2024-01-12 12:05:40 UTC
+++ src/responder/nss/nsssrv_mmap_cache.c
@@ -23,6 +23,7 @@
#include "util/crypto/sss_crypto.h"
#include "confdb/confdb.h"
#include <sys/mman.h>
+#include <unistd.h>
#include <fcntl.h>
#include "util/mmap_cache.h"
#include "sss_client/idmap/sss_nss_idmap.h"
@@ -1474,8 +1475,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const
/* Attempt allocation several times, in case of EINTR */
for (int i = 0; i < POSIX_FALLOCATE_ATTEMPTS; i++) {
ret = posix_fallocate(mc_ctx->fd, 0, mc_ctx->mmap_size);
- if (ret != EINTR)
- break;
+ if (ret != EINTR && ret == EINVAL) {
+ /* posix_fallocate doesn't work on ZFS */
+ ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size);
+ if (ret != 0) {
+ break;
+ }
+ } else if (ret != EINTR)
+ break;
}
if (ret) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate file %s: %d(%s)\n",

11
security/sssd2/files/patch-src__sbus__sbus_errors.c Normal file
View File

@ -0,0 +1,11 @@
--- src/sbus/sbus_errors.c.orig 2023-05-05 08:11:07 UTC
+++ src/sbus/sbus_errors.c
@@ -53,7 +53,7 @@ static const struct {
{ DBUS_ERROR_LIMITS_EXCEEDED, ERANGE},
{ DBUS_ERROR_ACCESS_DENIED, EPERM},
{ DBUS_ERROR_AUTH_FAILED, EACCES},
- { DBUS_ERROR_NO_NETWORK, ENONET},
+ { DBUS_ERROR_NO_NETWORK, EHOSTDOWN},
{ DBUS_ERROR_DISCONNECTED, ERR_OFFLINE},
{ DBUS_ERROR_INVALID_ARGS, EINVAL},

29
security/sssd2/files/patch-src__sss_client__common.c Normal file
View File

@ -0,0 +1,29 @@
--- src/sss_client/common.c.orig 2024-01-12 12:05:40 UTC
+++ src/sss_client/common.c
@@ -170,7 +170,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c
*errnop = error;
break;
case 0:
- *errnop = ETIME;
+ *errnop = ETIMEDOUT;
break;
case 1:
if (pfd.revents & (POLLERR | POLLHUP)) {
@@ -282,7 +282,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c
*errnop = error;
break;
case 0:
- *errnop = ETIME;
+ *errnop = ETIMEDOUT;
break;
case 1:
if (pfd.revents & (POLLHUP)) {
@@ -781,7 +781,7 @@ static enum sss_status sss_cli_check_socket(int *errno
*errnop = error;
break;
case 0:
- *errnop = ETIME;
+ *errnop = ETIMEDOUT;
break;
case 1:
if (pfd.revents & (POLLERR | POLLHUP)) {

78
security/sssd2/files/patch-src__sss_client__nss_group.c Normal file
View File

@ -0,0 +1,78 @@
--- src/sss_client/nss_group.c.orig 2023-06-05 03:48:03 UTC
+++ src/sss_client/nss_group.c
@@ -403,6 +403,75 @@ out:
return nret;
}
+#define MIN(a, b)((a) < (b) ? (a) : (b))
+
+int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt)
+{
+ int ret, dupc;
+
+ for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) {
+ if (groups[dupc] == gid)
+ return 1;
+ }
+
+ ret = 1;
+ if (*grpcnt < maxgrp)
+ groups[*grpcnt] = gid;
+ else
+ ret = 0;
+
+ (*grpcnt)++;
+
+ return ret;
+}
+
+enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup,
+ gid_t *groups, int maxgrp,
+ int *grpcnt)
+{
+ struct sss_cli_req_data rd;
+ uint8_t *repbuf;
+ size_t replen;
+ enum nss_status nret;
+ uint32_t *rbuf;
+ uint32_t num_ret;
+ long int l, max_ret;
+ int errnop;
+
+ rd.len = strlen(uname) +1;
+ rd.data = uname;
+
+ sss_nss_lock();
+
+ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd,
+ &repbuf, &replen, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ goto done;
+ }
+
+ /* no results if not found */
+ num_ret = ((uint32_t *)repbuf)[0];
+ if (num_ret == 0) {
+ free(repbuf);
+ nret = NSS_STATUS_NOTFOUND;
+ goto done;
+ }
+ max_ret = num_ret;
+
+ gr_addgid(agroup, groups, maxgrp, grpcnt);
+
+ rbuf = &((uint32_t *)repbuf)[2];
+ for (l = 0; l < max_ret; l++) {
+ gr_addgid(rbuf[l], groups, maxgrp, grpcnt);
+ }
+
+ free(repbuf);
+ nret = NSS_STATUS_SUCCESS;
+
+done:
+ sss_nss_unlock();
+ return nret;
+}
enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
char *buffer, size_t buflen, int *errnop)

12
security/sssd2/files/patch-src__sss_client__nss_hosts.c Normal file
View File

@ -0,0 +1,12 @@
--- src/sss_client/nss_hosts.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/nss_hosts.c
@@ -22,6 +22,9 @@
#include "config.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <nss.h>
#include <netdb.h>
#include <resolv.h>

12
security/sssd2/files/patch-src__sss_client__nss_ipnetworks.c Normal file
View File

@ -0,0 +1,12 @@
--- src/sss_client/nss_ipnetworks.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/nss_ipnetworks.c
@@ -22,6 +22,9 @@
#include "config.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <nss.h>
#include <netdb.h>
#include <resolv.h>

11
security/sssd2/files/patch-src__sss_client__pam_sss.c Normal file
View File

@ -0,0 +1,11 @@
--- src/sss_client/pam_sss.c.orig 2024-01-12 12:05:40 UTC
+++ src/sss_client/pam_sss.c
@@ -1444,7 +1444,7 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t
pi->cli_pid = getpid();
- pi->login_name = pam_modutil_getlogin(pamh);
+ pi->login_name = getlogin();
if (pi->login_name == NULL) pi->login_name="";
pi->domain_name = NULL;

19
security/sssd2/files/patch-src__sss_client__pam_sss_gss.c Normal file
View File

@ -0,0 +1,19 @@
--- src/sss_client/pam_sss_gss.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/pam_sss_gss.c
@@ -22,7 +22,7 @@
#include <stddef.h>
#include <stdbool.h>
#include <security/pam_modules.h>
-#include <security/pam_ext.h>
+#include <security/pam_appl.h>
#include <gssapi.h>
#include <gssapi/gssapi_ext.h>
#include <gssapi/gssapi_generic.h>
@@ -46,7 +46,6 @@ bool debug_enabled;
#define ERROR(pamh, fmt, ...) do { \
if (debug_enabled) { \
pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \
- pam_syslog(pamh, LOG_ERR, fmt, ## __VA_ARGS__); \
} \
} while (0)

35
security/sssd2/files/patch-src__sss_client__sss_nss.exports Normal file
View File

@ -0,0 +1,35 @@
--- src/sss_client/sss_nss.exports.orig 2024-01-12 12:05:40 UTC
+++ src/sss_client/sss_nss.exports
@@ -3,6 +3,7 @@ EXPORTED {
# public functions
global:
+ nss_module_register;
_nss_sss_getpwnam_r;
_nss_sss_getpwuid_r;
_nss_sss_setpwent;
@@ -14,7 +15,24 @@ EXPORTED {
_nss_sss_setgrent;
_nss_sss_getgrent_r;
_nss_sss_endgrent;
+ _nss_sss_getgroupmembership;
_nss_sss_initgroups_dyn;
+
+ #__nss_compat_getgrnam_r;
+ #__nss_compat_getgrgid_r;
+ #__nss_compat_getgrent_r;
+ #__nss_compat_setgrent;
+ #__nss_compat_endgrent;
+
+ #__nss_compat_getpwnam_r;
+ #__nss_compat_getpwuid_r;
+ #__nss_compat_getpwent_r;
+ #__nss_compat_setpwent;
+ #__nss_compat_endpwent;
+
+ #__nss_compat_gethostbyname;
+ #__nss_compat_gethostbyname2;
+ #__nss_compat_gethostbyaddr;
#_nss_sss_getaliasbyname_r;
#_nss_sss_setaliasent;

19
security/sssd2/files/patch-src__sss_client__sss_pac_responder_client.c Normal file
View File

@ -0,0 +1,19 @@
--- src/sss_client/sss_pac_responder_client.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/sss_pac_responder_client.c
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <sys/types.h>
#include <errno.h>
+#include <pthread_np.h>
#include <sys/syscall.h>
@@ -97,7 +98,7 @@ static void *pac_client(void *arg)
size_t c;
fprintf(stderr, "[%"SPRItime"][%d][%ld][%s] started\n",
- time(NULL), getpid(), syscall(SYS_gettid), (char *) arg);
+ time(NULL), getpid(), pthread_getthreadid_np(), (char *) arg);
for (c = 0; c < 1000; c++) {
/* sss_pac_make_request() does not protect the client's file
* descriptor to the PAC responder. With this one thread will miss a

21
security/sssd2/files/patch-src__util__child_common.c Normal file
View File

@ -0,0 +1,21 @@
--- src/util/child_common.c.orig 2024-01-12 12:05:40 UTC
+++ src/util/child_common.c
@@ -28,7 +28,6 @@
#include <tevent.h>
#include <sys/wait.h>
#include <errno.h>
-#include <sys/prctl.h>
#include "util/util.h"
#include "util/find_uid.h"
@@ -806,8 +805,8 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
goto fail;
}
- argv[--argc] = talloc_asprintf(argv, "--dumpable=%d",
- prctl(PR_GET_DUMPABLE));
+ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", 0);
+
if (argv[argc] == NULL) {
ret = ENOMEM;
goto fail;

28
security/sssd2/files/patch-src__util__nss_dl_load.c Normal file
View File

@ -0,0 +1,28 @@
--- src/util/nss_dl_load.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/nss_dl_load.c
@@ -24,6 +24,7 @@
#include "util/util_errors.h"
#include "util/debug.h"
#include "nss_dl_load.h"
+#include "util/sss_bsd_errno.h"
#define NSS_FN_NAME "_nss_%s_%s"
@@ -36,7 +37,7 @@ static void *proxy_dlsym(void *handle,
char *funcname;
void *funcptr;
- funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name);
+ funcname = talloc_asprintf(NULL, "%s", name);
if (funcname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
return NULL;
@@ -56,7 +57,7 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops,
char *libpath;
size_t i;
- libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname);
+ libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname);
if (libpath == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
return ENOMEM;

53
security/sssd2/files/patch-src__util__server.c Normal file
View File

@ -0,0 +1,53 @@
--- src/util/server.c.orig 2024-01-12 12:05:40 UTC
+++ src/util/server.c
@@ -30,17 +30,12 @@
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
-#include <sys/prctl.h>
#include <ldb.h>
#include "util/util.h"
#include "confdb/confdb.h"
#include "util/sss_chain_id.h"
#include "util/sss_chain_id_tevent.h"
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
-
static TALLOC_CTX *autofree_ctx;
static void server_atexit(void)
@@ -317,10 +312,13 @@ static void setup_signals(void)
BlockSignals(false, SIGTERM);
#ifndef HAVE_PRCTL
- /* If prctl is not defined on the system, try to handle
- * some common termination signals gracefully */
+ /* If prctl is not defined on the system, try to handle
+ * some common termination signals gracefully */
+ (void) sig_segv_abrt; /* unused */
+ /*
CatchSignal(SIGSEGV, sig_segv_abrt);
CatchSignal(SIGABRT, sig_segv_abrt);
+ */
#endif
}
@@ -749,6 +747,8 @@ int server_setup(const char *name, bool is_responder,
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to determine "CONFDB_MONITOR_DUMPABLE"\n");
return ret;
}
+
+#ifdef HAVE_PRCTL
ret = prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set PR_SET_DUMPABLE\n");
@@ -756,6 +756,7 @@ int server_setup(const char *name, bool is_responder,
} else if (!dumpable) {
DEBUG(SSSDBG_IMPORTANT_INFO, "Core dumps are disabled!\n");
}
+#endif
sss_chain_id_setup(ctx->event_ctx);

11
security/sssd2/files/patch-src__util__sss_krb5.c Normal file
View File

@ -0,0 +1,11 @@
--- src/util/sss_krb5.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/sss_krb5.c
@@ -17,6 +17,8 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <sys/endian.h>
#include <ctype.h>
#include <stdio.h>
#include <errno.h>

10
security/sssd2/files/patch-src__util__sss_pam_data.h Normal file
View File

@ -0,0 +1,10 @@
--- src/util/sss_pam_data.h.orig 2023-05-05 08:11:07 UTC
+++ src/util/sss_pam_data.h
@@ -24,6 +24,7 @@
#include "config.h"
#include <stdbool.h>
#include <stdint.h>
+#include <string.h>
#ifdef USE_KEYRING
#include <sys/types.h>
#include <keyutils.h>

30
security/sssd2/files/patch-src__util__sss_sockets.c Normal file
View File

@ -0,0 +1,30 @@
--- src/util/sss_sockets.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/sss_sockets.c
@@ -144,18 +144,6 @@ errno_t set_fd_common_opts(int fd, int timeout)
"setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
strerror(ret));
}
-
- if (domain != AF_UNIX && type == SOCK_STREAM) {
- milli = timeout * 1000; /* timeout in milliseconds */
- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
- sizeof(milli));
- if (ret != 0) {
- ret = errno;
- DEBUG(SSSDBG_FUNC_DATA,
- "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
- strerror(ret));
- }
- }
}
return EOK;
@@ -258,7 +246,7 @@ static void sssd_async_connect_done(struct tevent_cont
talloc_zfree(fde);
- if (ret == EOK) {
+ if (ret == EOK || ret == EISCONN) {
tevent_req_done(req);
} else {
ret = errno;

19
security/sssd2/files/patch-src__util__util.c Normal file
View File

@ -0,0 +1,19 @@
--- src/util/util.c.orig 2024-01-12 12:05:40 UTC
+++ src/util/util.c
@@ -786,6 +786,16 @@ errno_t sss_fd_nonblocking(int fd)
return EOK;
}
+int flb_timezone(void)
+{
+ struct tm tm;
+ time_t t = 0;
+ tzset();
+ localtime_r(&t, &tm);
+ return -(tm.tm_gmtoff);
+}
+#define timezone (flb_timezone())
+
/* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime)
* to unix time (seconds since epoch). Use UTC time zone.
*/

20
security/sssd2/files/patch-src__util__util_creds.h Normal file
View File

@ -0,0 +1,20 @@
--- src/util/util_creds.h.orig 2023-05-05 08:11:07 UTC
+++ src/util/util_creds.h
@@ -73,6 +73,17 @@ struct cli_creds {
#define cli_creds_get_uid(x) (x->ucred.uid)
#define cli_creds_get_gid(x) (x->ucred.gid)
+#elif HAVE_FREEBSD
+#include <sys/param.h>
+#include <sys/ucred.h>
+struct cli_creds {
+ struct xucred ucred;
+ SELINUX_CTX selinux_ctx;
+};
+
+#define cli_creds_get_uid(x) (x->ucred.cr_uid)
+#define cli_creds_get_gid(x) (x->ucred.cr_gid)
+
#else /* not HAVE_UCRED */
struct cli_creds {
SELINUX_CTX selinux_ctx;

10
security/sssd2/files/patch-src_tests_cmocka_test__authtok.c Normal file
View File

@ -0,0 +1,10 @@
--- src/tests/cmocka/test_authtok.c.orig 2023-05-05 08:11:07 UTC
+++ src/tests/cmocka/test_authtok.c
@@ -28,6 +28,7 @@
#include "tests/cmocka/common_mock.h"
#include "util/authtok.h"
+#include "util/sss_endian.h"
struct test_state {

27
security/sssd2/files/pkg-message.in Normal file
View File

@ -0,0 +1,27 @@
[
{ type: install
message: <<EOM
================================================================================
Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf
and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details)
To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf
To enable pam integration, add a line similar to the following to
/etc/pam.d/system:
login auth sufficient %%PREFIX%%/lib/pam_sss.so
To enable NSS integration, update /etc/nsswitch.conf as follows:
group: sss files
passwd: sss files
For additional details, please see the man pages for pam.conf and nsswitch.conf
An sssd HOWTO is also available:
https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2
================================================================================
EOM
}
]

58
security/sssd2/files/sss_bsd_errno.h Normal file
View File

@ -0,0 +1,58 @@
/*
SSSD
Authors:
Lukas Slebodnik <lslebodn@redhat.com>
Copyright (C) 2013 Red Hat
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SSS_BSD_ERRNO_H_
#define SSS_BSD_ERRNO_H_
#include <errno.h>
#define BSD_ERR_MASK (0xB5DE <<16)
#ifndef EUCLEAN
#define EUCLEAN (BSD_ERR_MASK | 117)
#endif
#ifndef EMEDIUMTYPE
#define EMEDIUMTYPE (BSD_ERR_MASK | 124)
#endif
#ifndef EOWNERDEAD
#define EOWNERDEAD (BSD_ERR_MASK | 130)
#endif
#ifndef ECONNRESET
#define ECONNRESET (BSD_ERR_MASK | 104)
#endif
#ifndef ETIMEDOUT
#define ETIMEDOUT (BSD_ERR_MASK | 110)
#endif
#ifndef ENODATA
#define ENODATA (BSD_ERR_MASK | 61)
#endif
#ifndef ETIME
#define ETIME (BSD_ERR_MASK | 62)
#endif
#ifndef ELIBACC
#define ELIBACC (BSD_ERR_MASK | 79)
#endif
#ifndef ELIBBAD
#define ELIBBAD (BSD_ERR_MASK | 80)
#endif
#endif /* SSS_BSD_ERRNO_H_ */

40
security/sssd2/files/sssd.in Normal file
View File

@ -0,0 +1,40 @@
#!/bin/sh
# PROVIDE: sssd
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable `sssd':
#
# sssd_enable="YES"
#
# See sssd(8) for sssd_flags
#
. /etc/rc.subr
name=sssd
rcvar=sssd_enable
# read configuration and set defaults
load_rc_config "$name"
: ${sssd_enable:=NO}
: ${sssd_conf="%%PREFIX%%/etc/sssd/sssd.conf"}
: ${sssd_flags="-D"}
command="%%PREFIX%%/sbin/$name"
pidfile="/var/run/$name.pid"
required_files="${sssd_conf}"
start_precmd=sssd_prestart
sssd_prestart()
{
for i in db/sss/db db/sss/gpo_cache db/sss/keytabs db/sss/mc db/sss/pubconf/krb5.include.d/ db/sss/secrets log/sssd run/sss/pipes/private; do
if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi
done
}
run_rc_command "$1"