kiwi/klara-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added sssd-devel + sudo

Browse Source
This commit is contained in:
Xavier Beaudouin
2024-01-24 16:04:46 +01:00
parent c1aebe21f9
commit 6157c579c4
74 changed files with 3286 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

200
security/sssd-devel/Makefile Normal file
View File

@ -0,0 +1,200 @@
PORTNAME= sssd
PORTVERSION= 2.9.2
CATEGORIES= security
PKGNAMESUFFIX= -devel
MAINTAINER= jhixson@FreeBSD.org
COMMENT= System Security Services Daemon
WWW= https://sssd.io/
LICENSE= GPLv3+
LICENSE_FILE= ${WRKSRC}/COPYING
CONFLICTS_INSTALL?= sssd*
BUILD_DEPENDS= bash:shells/bash \
docbook-xsl>=1:textproc/docbook-xsl \
krb5>=1.20:security/krb5 \
p11-kit:security/p11-kit \
samba-nsupdate:dns/samba-nsupdate \
xmlcatalog:textproc/libxml2 \
xmlcatmgr:textproc/xmlcatmgr \
xsltproc:textproc/libxslt
LIB_DIRS+= ${LOCALBASE}/lib ${LOCALBASE}/lib/sasl2
LIB_DEPENDS= libcares.so:dns/c-ares \
libcom_err.so:security/krb5 \
libcurl.so:ftp/curl \
libdbus-1.so:devel/dbus \
libdhash.so:devel/ding-libs \
libfido2.so:security/libfido2 \
libgssapi_krb5.so:security/krb5 \
libinotify.so:devel/libinotify \
libjansson.so:devel/jansson \
libjose.so:net/jose \
libkrb5.so:security/krb5 \
libldb.so:databases/ldb22 \
libndr-krb5pac.so:net/samba416 \
libndr-nbt.so:net/samba416 \
libndr-standard.so:net/samba416 \
libndr.so:net/samba416 \
libnfs.so:net/libnfs \
libnss3.so:security/nss \
libp11-kit.so:security/p11-kit \
libpcre2-posix.so:devel/pcre2 \
libplds4.so:devel/nspr \
libpopt.so:devel/popt \
libsamba-util.so:net/samba416 \
libsasl2.so:security/cyrus-sasl2 \
libsmbclient.so:net/samba416 \
libtalloc.so:devel/talloc \
libtdb.so:databases/tdb \
libtevent.so:devel/tevent \
libunistring.so:devel/libunistring \
libuuid.so:misc/e2fsprogs-libuuid
RUN_DEPENDS= cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi \
sudo>0:security/sudo
USES= autoreconf cpe gettext gmake gssapi:bootstrap,flags,mit iconv ldap \
libtool localbase:ldflags pathfix pkgconfig python:3.9+ shebangfix ssl
USE_LDCONFIG= yes
GNU_CONFIGURE= yes
INSTALL_TARGET= install-strip
CPE_VENDOR= fedoraproject
DEBUG_FLAGS= -g
STRIP=
CONFIGURE_ARGS= --disable-dependency-tracking \
--datadir=${DATADIR} \
--docdir=${DOCSDIR} \
--localstatedir=/var \
--disable-silent-rules \
--disable-nls \
--disable-cifs-idmap-plugin \
--disable-valgrind \
--disable-systemtap \
--enable-pammoddir=${PREFIX}/lib \
--enable-ldb-version-check \
--enable-pac-responder \
--with-db-path=/var/db/sss/db \
--with-os=freebsd \
--with-plugin-path=${LOCALBASE}/lib/sssd \
--with-pubconf-path=/var/db/sss/pubconf \
--with-pid-path=/var/run \
--with-pipe-path=/var/run/sss/pipes \
--with-mcache-path=/var/db/sss/mc \
--with-environment-file=${LOCALBASE}/etc/sssd \
--with-init-dir=no \
--with-manpages \
--with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
--with-krb5-plugin-path=${LOCALBASE}/lib/krb5/plugins/libkrb5 \
--with-krb5authdata-plugin-path=${LOCALBASE}/lib/krb5/plugins/authdata \
--with-krb5-conf=/etc/krb5.conf \
--without-python2-bindings \
--with-winbind-plugin-path=${LOCALBASE}/lib/samba4/modules/idmap \
--without-selinux \
--with-gpo-cache-path=/var/db/sss/gpo_cache \
--without-semanage \
--with-app-libs=${LOCALBASE}/lib/sssd/modules \
--with-sudo \
--with-sudo-lib-path=${LOCALBASE}/lib \
--without-autofs \
--with-files-provider \
--with-passkey \
--with-libsifp \
--without-libsifp \
--with-syslog=syslog \
--with-samba \
--without-nfsv4-idmapd-plugin \
--with-nfs-lib-path=${LOCALBASE}/lib \
--with-secrets-db-path=/var/lib/sss/secrets \
--with-kcm \
--with-oidc-child \
--with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
--with-smb-idmap-interface-version=6 \
--without-libnl \
--with-nscd-conf=/etc/nscd.conf \
--with-python_prefix=${PREFIX} \
--with-unicode-lib=libunistring
CFLAGS+= -fstack-protector-all
CFLAGS+= -I${LOCALBASE}/include/samba4
LIBS+= -L${LOCALBASE}/lib \
-L${LOCALBASE}/lib/samba4/private \
-L${LOCALBASE}/lib/sasl2 \
-linotify -lintl
KRB5_HOME= ${LOCALBASE}
KRB5_CONFIG= ${LOCALBASE}/bin/krb5-config
KRB5_CFLAGS= -I${LOCALBASE}/include
KRB5_LIBS= -L${LOCALBASE}/lib -lkrb5
LDFLAGS+= -lgssapi
LDFLAGS_SL+= -lgssapi
INCLUDES+= -I${LOCALBASE}/include
CONFIGURE_ENV+= INCLUDES="${INCLUDES}" \
LDFLAGS_SL="${LDFLAGS_SL}"
MAKE_ENV= MAKELEVEL=0
PLIST_SUB= PYTHON_VER=${PYTHON_VER}
MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW"
SUB_FILES= pkg-message
BINARY_ALIAS= python3=python${PYTHON_VER}
SHEBANG_FILES= sbus_generate.sh.in \
src/tools/analyzer/sss_analyze \
src/tools/sss_obfuscate \
src/config/SSSDConfigTest.py \
src/tests/python-test.py \
src/tests/pysss-test.py \
src/tests/cwrap/cwrap_test_setup.sh \
src/tests/whitespace_test \
src/tests/pyhbac-test.py \
src/tests/multihost/data/memcachesize.py \
src/tests/double_semicolon_test \
src/tests/pysss_murmur-test.py \
scripts/release.sh \
contrib/git/pre-push \
contrib/ci/rpm-spec-builddeps \
contrib/ci/clean \
contrib/ci/valgrind-condense \
contrib/ci/run-multihost \
contrib/ci/run \
contrib/ci/get-matrix.py \
contrib/vagrant/bootstrap.sh \
contrib/fedora/make_srpm.sh
USE_RC_SUBR= ${PORTNAME}
USE_GITHUB=yes
GH_ACCOUNT=sssd
post-patch:
@${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \
-e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \
${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \
${WRKSRC}/src/man/po/*.po || true
@${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \
-e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \
${WRKSRC}/src/man/*xml || true
@${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h
@${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
post-install:
${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \
${STAGEDIR}${ETCDIR}/sssd.conf.sample
${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d
${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.conf \
${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services
${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.service \
${STAGEDIR}${PREFIX}/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
${LN} -sf libnss_sss.so.2 ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1
.include <bsd.port.mk>

3
security/sssd-devel/distinfo Normal file
View File

@ -0,0 +1,3 @@
TIMESTAMP = 1694241166
SHA256 (sssd-sssd-2.9.2_GH0.tar.gz) = 38d0784a52d9321177e8d568c5884490374d098f21aa098ed419ab6e624a7e71
SIZE (sssd-sssd-2.9.2_GH0.tar.gz) = 6674156

196
security/sssd-devel/files/bsdnss.c Normal file
View File

@ -0,0 +1,196 @@
#include <errno.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <pwd.h>
#include <grp.h>
#include <nss.h>
#include <netdb.h>
extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t,
int *);
extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *,
char *, size_t, int *);
extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *,
size_t, int *);
extern enum nss_status _nss_sss_setgrent(void);
extern enum nss_status _nss_sss_endgrent(void);
extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t,
int *);
extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *,
char *, size_t, int *);
extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *,
size_t, int *);
extern enum nss_status _nss_sss_setpwent(void);
extern enum nss_status _nss_sss_endpwent(void);
extern enum nss_status _nss_sss_gethostbyname_r(const char *name,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop,
int *h_errnop);
extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop,
int *h_errnop);
extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len,
int type,
struct hostent * result,
char *buffer, size_t buflen,
int *errnop, int *h_errnop);
extern enum nss_status _nss_sss_getgroupmembership(const char *uname,
gid_t agroup, gid_t *groups,
int maxgrp, int *grpcnt);
NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
static ns_mtab methods[] = {
{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership },
{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r },
//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r },
//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r },
{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
};
ns_mtab *
nss_module_register(const char *source, unsigned int *mtabsize,
nss_module_unregister_fn *unreg)
{
*mtabsize = sizeof(methods)/sizeof(methods[0]);
*unreg = NULL;
return (methods);
}
int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap)
{
int (*fn)(const char *, gid_t, gid_t *, int, int *);
const char *uname;
gid_t agroup;
gid_t *groups;
int maxgrp;
int *grpcnt;
int errnop = 0;
enum nss_status status;
fn = mdata;
uname = va_arg(ap, const char *);
agroup = va_arg(ap, gid_t);
groups = va_arg(ap, gid_t *);
maxgrp = va_arg(ap, int);
grpcnt = va_arg(ap, int *);
status = fn(uname, agroup, groups, maxgrp, grpcnt);
status = __nss_compat_result(status, errnop);
return (status);
}
int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
{
enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
const char *name;
struct hostent *result;
char buffer[1024];
size_t buflen = 1024;
int errnop;
int h_errnop;
int af;
enum nss_status status;
fn = mdata;
name = va_arg(ap, const char*);
af = va_arg(ap,int);
result = va_arg(ap,struct hostent *);
status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
status = __nss_compat_result(status,errnop);
h_errno = h_errnop;
return (status);
}
int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
{
enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
const char *name;
struct hostent *result;
char buffer[1024];
size_t buflen = 1024;
int errnop;
int h_errnop;
int af;
enum nss_status status;
fn = mdata;
name = va_arg(ap, const char*);
af = va_arg(ap,int);
result = va_arg(ap,struct hostent *);
status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
status = __nss_compat_result(status,errnop);
h_errno = h_errnop;
return (status);
}
int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
{
struct in_addr *addr;
int len;
int type;
struct hostent *result;
char buffer[1024];
size_t buflen = 1024;
int errnop;
int h_errnop;
enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
enum nss_status status;
fn = mdata;
addr = va_arg(ap, struct in_addr*);
len = va_arg(ap,int);
type = va_arg(ap,int);
result = va_arg(ap, struct hostent*);
status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop);
status = __nss_compat_result(status,errnop);
h_errno = h_errnop;
return (status);
}

871
security/sssd-devel/files/patch-Makefile.am Normal file
View File

@ -0,0 +1,871 @@
--- Makefile.am.orig 2023-06-09 02:31:48 UTC
+++ Makefile.am
@@ -59,7 +59,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services
krb5snippetsdir = $(sssddatadir)/krb5-snippets
dbuspolicydir = $(datadir)/dbus-1/system.d
dbusservicedir = $(datadir)/dbus-1/system-services
-sss_statedir = $(localstatedir)/lib/sss
+sss_statedir = $(localstatedir)/db/sss
runstatedir = @runstatedir@
localedir = @localedir@
nsslibdir = @nsslibdir@
@@ -640,6 +640,7 @@ SSSD_LIBS = \
SSSD_LIBS = \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(TEVENT_LIBS) \
$(POPT_LIBS) \
$(LDB_LIBS) \
@@ -711,6 +712,7 @@ dist_noinst_HEADERS = \
src/util/sss_ssh.h \
src/util/sss_ini.h \
src/util/sss_format.h \
+ src/util/sss_bsd_errno.h \
src/util/sss_pam_data.h \
src/util/refcount.h \
src/util/file_watch.h \
@@ -1512,6 +1514,7 @@ sssd_LDADD = \
$(SSSD_LIBS) \
$(INOTIFY_LIBS) \
$(LIBNL_LIBS) \
+ $(LTLIBINTL) \
$(KEYUTILS_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1540,6 +1543,7 @@ sssd_nss_LDADD = \
$(LIBADD_DL) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
libsss_idmap.la \
libsss_cert.la \
$(SYSTEMD_DAEMON_LIBS) \
@@ -1570,6 +1574,7 @@ sssd_pam_LDADD = \
$(LIBADD_DL) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SELINUX_LIBS) \
$(PAM_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
@@ -1589,8 +1594,10 @@ sssd_sudo_LDADD = \
src/responder/sudo/sudosrv_dp.c \
$(SSSD_RESPONDER_OBJ)
sssd_sudo_LDADD = \
+ $(GSSAPI_KRB5_LIBS) \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
@@ -1606,6 +1613,7 @@ sssd_autofs_LDADD = \
sssd_autofs_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
@@ -1626,6 +1634,7 @@ sssd_ssh_LDADD = \
sssd_ssh_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_cert.la \
@@ -1649,6 +1658,7 @@ sssd_pac_LDADD = \
$(NDR_KRB5PAC_LIBS) \
$(TDB_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_idmap.la \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1727,6 +1737,7 @@ sssd_ifp_LDADD = \
sssd_ifp_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_cert.la \
@@ -1789,6 +1800,7 @@ sssd_kcm_LDADD = \
$(LIBADD_DL) \
$(KRB5_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(UUID_LIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1839,6 +1851,7 @@ sssd_be_LDADD = \
sssd_be_LDADD = \
$(LIBADD_DL) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CARES_LIBS) \
$(PAM_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -1900,6 +1913,7 @@ sss_signal_LDADD = \
src/tools/common/sss_process.c
$(NULL)
sss_signal_LDADD = \
+ $(LTLIBINTL) \
libsss_debug.la \
$(NULL)
@@ -1956,7 +1970,7 @@ sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
src/sss_client/sudo/sss_sudo_response.c \
src/sss_client/sudo_testcli/sudo_testcli.c
sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
-sss_sudo_cli_LDADD = $(CLIENT_LIBS)
+sss_sudo_cli_LDADD = $(GSSAPI_KRB5_LIBS) $(CLIENT_LIBS)
endif
if BUILD_SSH
@@ -2137,6 +2151,7 @@ sysdb_tests_LDADD = \
$(CHECK_CFLAGS)
sysdb_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2150,6 +2165,7 @@ sysdb_ssh_tests_LDADD = \
$(CHECK_CFLAGS)
sysdb_ssh_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2162,6 +2178,7 @@ strtonum_tests_LDADD = \
$(CHECK_CFLAGS)
strtonum_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
libsss_debug.la \
libsss_test_common.la
@@ -2186,6 +2203,7 @@ krb5_utils_tests_LDADD = \
$(CHECK_CFLAGS)
krb5_utils_tests_LDADD = \
$(SSSD_LIBS)\
+ $(LTLIBINTL) \
$(CARES_LIBS) \
$(KRB5_LIBS) \
$(CHECK_LIBS) \
@@ -2246,6 +2264,7 @@ resolv_tests_LDADD = \
-DBUILD_TXT
resolv_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(CARES_LIBS) \
libsss_debug.la \
@@ -2259,6 +2278,7 @@ file_watch_tests_LDADD = \
$(CHECK_CFLAGS)
file_watch_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(INOTIFY_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -2272,6 +2292,7 @@ refcount_tests_LDADD = \
$(CHECK_CFLAGS)
refcount_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2285,6 +2306,7 @@ fail_over_tests_LDADD = \
$(CHECK_CFLAGS)
fail_over_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(CARES_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -2316,6 +2338,7 @@ auth_tests_LDADD = \
$(CHECK_CFLAGS)
auth_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2365,6 +2388,7 @@ util_tests_LDADD = \
$(NULL)
util_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -2377,6 +2401,7 @@ safe_format_tests_LDADD = \
$(CHECK_CFLAGS)
safe_format_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2389,6 +2414,7 @@ debug_tests_LDADD = \
$(CHECK_CFLAGS)
debug_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
libsss_debug.la
@@ -2412,6 +2438,7 @@ ipa_hbac_tests_LDADD = \
$(CHECK_CFLAGS)
ipa_hbac_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CHECK_LIBS) \
libsss_test_common.la \
libipa_hbac.la
@@ -2446,6 +2473,7 @@ responder_socket_access_tests_LDADD = \
$(LIBADD_DL) \
$(CHECK_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2458,6 +2486,7 @@ stress_tests_LDADD = \
src/tests/stress-tests.c
stress_tests_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la
krb5_child_test_SOURCES = \
@@ -2482,6 +2511,7 @@ krb5_child_test_LDADD = \
$(CHECK_CFLAGS)
krb5_child_test_LDADD = \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(CARES_LIBS) \
$(KRB5_LIBS) \
$(CHECK_LIBS) \
@@ -2499,6 +2529,7 @@ test_ssh_client_LDADD = \
test_ssh_client_LDADD = \
$(SSSD_INTERNAL_LTLIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
test_sbus_message_SOURCES = \
@@ -2592,6 +2623,7 @@ nss_srv_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2641,6 +2673,7 @@ pam_srv_tests_LDADD = \
$(CMOCKA_LIBS) \
$(PAM_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
$(GSSAPI_KRB5_LIBS) \
@@ -2681,6 +2714,7 @@ ssh_srv_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2705,6 +2739,7 @@ responder_get_domains_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -2768,6 +2803,7 @@ test_negcache_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SYSTEMD_DAEMON_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -2794,6 +2830,7 @@ test_authtok_LDADD = \
$(CMOCKA_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libsss_debug.la \
$(NULL)
@@ -2809,6 +2846,7 @@ test_prompt_config_LDADD = \
test_prompt_config_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_debug.la \
$(TALLOC_LIBS) \
$(NULL)
@@ -2833,6 +2871,7 @@ deskprofile_utils_tests_LDADD = \
deskprofile_utils_tests_CFLAGS = \
$(AM_CFLAGS)
deskprofile_utils_tests_LDADD = \
+ $(LTLIBINTL) \
$(CMOCKA_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2856,6 +2895,7 @@ dyndns_tests_LDADD = \
$(CARES_LIBS) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2866,6 +2906,7 @@ domain_resolution_order_tests_LDADD = \
$(AM_CFLAGS)
domain_resolution_order_tests_LDADD = \
$(CMOCKA_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2876,6 +2917,7 @@ fqnames_tests_LDADD = \
fqnames_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2895,6 +2937,7 @@ nestedgroups_tests_LDADD = \
nestedgroups_tests_LDADD = \
$(CMOCKA_LIBS) \
$(OPENLDAP_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_idmap.la \
@@ -2926,6 +2969,7 @@ test_ipa_idmap_LDADD = \
test_ipa_idmap_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_idmap.la \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -2948,6 +2992,7 @@ test_utils_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la
test_search_bases_SOURCES = \
@@ -2956,6 +3001,7 @@ test_search_bases_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -2970,6 +3016,7 @@ test_ldap_auth_LDADD = \
test_ldap_auth_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -2983,6 +3030,7 @@ test_ldap_id_cleanup_LDADD = \
test_ldap_id_cleanup_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(TEVENT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -3000,6 +3048,7 @@ test_sdap_access_LDADD = \
test_sdap_access_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -3019,6 +3068,7 @@ test_sdap_certmap_LDADD = \
test_sdap_certmap_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(POPT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -3030,6 +3080,7 @@ ad_access_filter_tests_LDADD = \
ad_access_filter_tests_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(TEVENT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
@@ -3051,6 +3102,7 @@ ad_gpo_tests_LDADD = \
$(CMOCKA_LIBS) \
$(OPENLDAP_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(NDR_NBT_LIBS) \
libsss_ldap_common.la \
@@ -3088,6 +3140,7 @@ ad_common_tests_LDADD = \
ad_common_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(KEYUTILS_LIBS) \
$(NDR_NBT_LIBS) \
$(NDR_KRB5PAC_LIBS) \
@@ -3110,6 +3163,7 @@ dp_opt_tests_LDADD = \
$(CMOCKA_LIBS) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la
@@ -3142,6 +3196,7 @@ sdap_tests_LDADD = \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(OPENLDAP_LIBS) \
libsss_test_common.la \
@@ -3160,6 +3215,7 @@ ifp_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -3189,6 +3245,7 @@ sss_sifp_tests_LDADD = \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS)
endif # BUILD_LIBSIFP
endif # BUILD_IFP
@@ -3205,6 +3262,7 @@ test_sysdb_views_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3221,6 +3279,7 @@ test_sysdb_ts_cache_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3235,6 +3294,7 @@ test_sysdb_subdomains_LDADD = \
$(CMOCKA_LIBS) \
$(LDB_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -3251,6 +3311,7 @@ test_sysdb_certmap_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3266,6 +3327,7 @@ test_sysdb_sudo_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3281,6 +3343,7 @@ test_sysdb_utils_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3296,6 +3359,7 @@ test_sysdb_domain_resolution_order_LDADD = \
$(LDB_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3312,6 +3376,7 @@ test_be_ptask_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3330,6 +3395,7 @@ test_copy_ccache_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3349,6 +3415,7 @@ test_copy_keytab_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3384,6 +3451,7 @@ test_child_common_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
+ $(LTLIBINTL) \
libsss_debug.la \
libsss_test_common.la \
$(NULL)
@@ -3403,6 +3471,7 @@ responder_cache_req_tests_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(SYSTEMD_DAEMON_LIBS) \
libsss_test_common.la \
@@ -3425,6 +3494,7 @@ test_resolv_fake_LDADD = \
test_resolv_fake_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(CARES_LIBS) \
$(DHASH_LIBS) \
@@ -3448,6 +3518,7 @@ test_fo_srv_LDADD = \
$(TALLOC_LIBS) \
$(CARES_LIBS) \
$(DHASH_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
$(NULL)
@@ -3469,6 +3540,7 @@ test_sdap_initgr_LDADD = \
$(TEVENT_LIBS) \
$(LDB_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_test_common.la \
libdlopen_test_providers.la \
@@ -3488,6 +3560,7 @@ test_ad_subdom_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_ad_tests.la \
libsss_idmap.la \
@@ -3511,6 +3584,7 @@ test_ipa_subdom_util_LDADD = \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3542,6 +3616,7 @@ test_ipa_subdom_server_LDADD = \
$(KEYUTILS_LIBS) \
$(KRB5_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_ldap_common.la \
libsss_ad_tests.la \
libsss_test_common.la \
@@ -3563,6 +3638,7 @@ test_tools_colondb_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(POPT_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3579,6 +3655,7 @@ test_krb5_wait_queue_LDADD = \
$(POPT_LIBS) \
$(DHASH_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3599,6 +3676,7 @@ test_cert_utils_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(CRYPTO_LIBS) \
+ $(LTLIBINTL) \
libsss_debug.la \
libsss_test_common.la \
libsss_cert.la \
@@ -3625,6 +3703,7 @@ test_data_provider_be_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libdlopen_test_providers.la \
libsss_iface.la \
@@ -3654,6 +3733,7 @@ test_dp_request_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
if BUILD_SYSTEMTAP
@@ -3680,6 +3760,7 @@ test_dp_builtin_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3694,6 +3775,7 @@ test_ipa_dn_LDADD = \
$(TEVENT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3707,6 +3789,7 @@ test_iobuf_LDADD = \
test_iobuf_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
test_confdb_SOURCES = \
@@ -3721,6 +3804,7 @@ test_confdb_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3741,6 +3825,7 @@ simple_access_tests_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libdlopen_test_providers.la \
libsss_iface.la \
@@ -3758,6 +3843,7 @@ krb5_common_test_LDADD = \
$(CMOCKA_LIBS) \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
+ $(LTLIBINTL) \
libsss_krb5_common.la \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
@@ -3778,6 +3864,7 @@ test_inotify_LDADD = \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3796,6 +3883,7 @@ sss_certmap_test_LDADD = \
$(TALLOC_LIBS) \
$(SSS_CERT_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libsss_certmap.la \
$(NULL)
@@ -3816,6 +3904,7 @@ test_sssd_krb5_locator_plugin_LDADD = \
$(POPT_LIBS) \
$(TALLOC_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3866,6 +3955,7 @@ test_passkey_LDADD = \
test_passkey_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
$(LIBADD_DL) \
$(PASSKEY_LIBS) \
@@ -3893,6 +3983,7 @@ test_kcm_marshalling_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
$(NULL)
@@ -3908,6 +3999,7 @@ test_kcm_queue_LDADD = \
$(LIBADD_DL) \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_test_common.la \
libsss_iface.la \
@@ -3925,6 +4017,7 @@ test_krb5_idp_plugin_LDADD = \
test_krb5_idp_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(JANSSON_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
if BUILD_PASSKEY
@@ -3939,6 +4032,7 @@ test_krb5_passkey_plugin_LDADD = \
test_krb5_passkey_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(JANSSON_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
endif # BUILD_PASSKEY
@@ -3971,6 +4065,7 @@ test_kcm_renewals_LDADD = \
$(CMOCKA_LIBS) \
$(SSSD_LIBS) \
$(SSSD_INTERNAL_LTLIBS) \
+ $(LTLIBINTL) \
libsss_test_common.la \
libsss_iface.la \
libsss_sbus.la \
@@ -4012,6 +4107,7 @@ test_sssd_krb5_localauth_plugin_LDADD = \
test_sssd_krb5_localauth_plugin_LDADD = \
$(CMOCKA_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
endif
@@ -4068,6 +4164,7 @@ libnss_sss_la_SOURCES = \
nsslib_LTLIBRARIES = libnss_sss.la
libnss_sss_la_SOURCES = \
src/sss_client/common.c \
+ src/sss_client/bsdnss.c \
src/sss_client/nss_passwd.c \
src/sss_client/nss_group.c \
src/sss_client/nss_netgroup.c \
@@ -4166,6 +4263,7 @@ libsss_sudo_la_LIBADD = \
src/sss_client/sudo/sss_sudo.h \
src/sss_client/sudo/sss_sudo_private.h
libsss_sudo_la_LIBADD = \
+ $(GSSAPI_KRB5_LIBS) \
$(CLIENT_LIBS)
libsss_sudo_la_LDFLAGS = \
-Wl,--version-script,$(srcdir)/src/sss_client/sss_sudo.exports \
@@ -4297,6 +4395,7 @@ libsss_ldap_common_la_LIBADD = \
$(OPENLDAP_LIBS) \
$(DHASH_LIBS) \
$(KRB5_LIBS) \
+ $(LTLIBINTL) \
libsss_krb5_common.la \
libsss_idmap.la \
libsss_certmap.la \
@@ -4696,6 +4795,7 @@ ldap_child_LDADD = \
$(KRB5_CFLAGS)
ldap_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(DHASH_LIBS) \
@@ -4742,6 +4842,7 @@ gpo_child_LDADD = \
$(SMBCLIENT_CFLAGS)
gpo_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(DHASH_LIBS) \
@@ -4758,6 +4859,7 @@ proxy_child_LDADD = \
proxy_child_LDADD = \
$(PAM_LIBS) \
$(SSSD_LIBS) \
+ $(LTLIBINTL) \
$(SSSD_INTERNAL_LTLIBS) \
libsss_iface.la \
libsss_sbus.la \
@@ -4785,6 +4887,7 @@ p11_child_LDADD = \
p11_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
@@ -4812,6 +4915,7 @@ passkey_child_LDADD = \
passkey_child_LDADD = \
libsss_crypt.la \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(DHASH_LIBS) \
$(POPT_LIBS) \
@@ -4840,6 +4944,7 @@ oidc_child_LDADD = \
$(NULL)
oidc_child_LDADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(POPT_LIBS) \
$(JANSSON_LIBS) \
@@ -4858,6 +4963,7 @@ memberof_la_LIBADD = \
$(NULL)
memberof_la_LIBADD = \
libsss_debug.la \
+ $(LTLIBINTL) \
$(TALLOC_LIBS) \
$(LDB_LIBS) \
$(DHASH_LIBS) \
@@ -4921,6 +5027,7 @@ sssd_krb5_idp_plugin_la_LIBADD = \
$(KRB5_LIBS) \
$(KRAD_LIBS) \
$(JANSSON_LIBS) \
+ $(LTLIBINTL) \
$(NULL)
sssd_krb5_idp_plugin_la_LDFLAGS = \
-avoid-version \

51
security/sssd-devel/files/patch-configure.ac Normal file
View File

@ -0,0 +1,51 @@
--- configure.ac.orig 2023-05-05 08:11:07 UTC
+++ configure.ac
@@ -46,8 +46,6 @@ AC_CONFIG_HEADER(config.h)
AC_CHECK_HEADERS([stdatomic.h],,AC_MSG_ERROR([C11 atomic types are not supported]))
AC_CONFIG_HEADER(config.h)
-AC_CHECK_TYPES([errno_t], [], [], [[#include <errno.h>]])
-
m4_include([src/build_macros.m4])
BUILD_WITH_SHARED_BUILD_DIR
@@ -67,7 +65,20 @@ AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD"
LIBS=$SAVE_LIBS
AM_CONDITIONAL([HAVE_PTHREAD], [test x"$HAVE_PTHREAD" != "x"])
+saved_CFLAGS="$CFLAGS"
+CFLAGS="-Werror"
+AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([[#include <string.h>]],
+ [[(void)mempcpy(NULL, NULL, 0);]])],
+ [AC_DEFINE([HAVE_MEMPCPY], [1], [mempcpy() available])
+ HAVE_MEMPCPY=1
+ ],
+ [AC_MSG_WARN([mempcpy() not found, will use private implementation])])
+CFLAGS="$saved_CFLAGS"
+
+AM_CONDITIONAL([HAVE_MEMPCPY], [test x"$HAVE_MEMPCPY" != "x"])
+
SAVE_LIBS=$LIBS
LIBS=
AC_LINK_IFELSE(
@@ -223,7 +234,6 @@ m4_include([src/external/libkeyutils.m4])
m4_include([src/external/crypto.m4])
m4_include([src/external/nsupdate.m4])
m4_include([src/external/libkeyutils.m4])
-m4_include([src/external/libkrad.m4])
m4_include([src/external/libnl.m4])
m4_include([src/external/systemd.m4])
m4_include([src/external/pac_responder.m4])
@@ -390,8 +400,8 @@ them please use argument --without-python3-bindings wh
AM_CHECK_PYTHON_HEADERS([],
AC_MSG_ERROR([Could not find python3 headers]))
- AC_SUBST([py3execdir], [$pyexecdir])
- AC_SUBST([python3dir], [$pythondir])
+ AC_SUBST([py3execdir], [$(eval echo $pyexecdir)])
+ AC_SUBST([python3dir], [$(eval echo $pythondir)])
AC_SUBST([PYTHON3_CFLAGS], [$PYTHON_CFLAGS])
AC_SUBST([PYTHON3_LIBS], [$PYTHON_LIBS])
AC_SUBST([PYTHON3_INCLUDES], [$PYTHON_INCLUDES])

19
security/sssd-devel/files/patch-src__confdb__confdb.c Normal file
View File

@ -0,0 +1,19 @@
--- src/confdb/confdb.c.orig 2023-05-05 08:11:07 UTC
+++ src/confdb/confdb.c
@@ -21,6 +21,7 @@
#include "config.h"
+#include <sys/param.h>
#include <ctype.h>
#include "util/util.h"
#include "confdb/confdb.h"
@@ -887,7 +888,7 @@ static char *confdb_get_domain_hostname(TALLOC_CTX *me
struct ldb_result *res,
const char *provider)
{
- char sys[HOST_NAME_MAX + 1] = {'\0'};
+ char sys[MAXHOSTNAMELEN + 1] = {'\0'};
const char *opt = NULL;
int ret;

21
security/sssd-devel/files/patch-src__external__crypto.m4 Normal file
View File

@ -0,0 +1,21 @@
--- src/external/crypto.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/crypto.m4
@@ -1,6 +1,15 @@
-AC_DEFUN([AM_CHECK_LIBCRYPTO],
- [PKG_CHECK_MODULES([CRYPTO],[libcrypto])
- PKG_CHECK_MODULES([SSL],[libssl])
+CRYPTO_CFLAGS="-I/usr/include"
+CRYPTO_LIBS="-L/usr/lib -lcrypto"
+AC_SUBST(CRYPTO_CFLAGS)
+AC_SUBST(CRYPTO_LIBS)
+
+SSL_CFLAGS="-I/usr/include"
+SSL_LIBS="-L/usr/lib -lssl"
+AC_SUBST(SSL_CFLAGS)
+AC_SUBST(SSL_LIBS)
+
+AC_DEFUN([AM_CHECK_LIBCRYPTO], [
+ AC_MSG_RESULT([yes])
])
AC_MSG_CHECKING([whether OpenSSL's x400Address is ASN1_STRING])

15
security/sssd-devel/files/patch-src__external__inotify.m4 Normal file
View File

@ -0,0 +1,15 @@
--- src/external/inotify.m4.orig 2023-06-05 03:56:40 UTC
+++ src/external/inotify.m4
@@ -20,10 +20,10 @@ int main () {
AS_IF([test x"$inotify_works" != xyes],
[AC_CHECK_LIB([inotify],
[inotify_init],
- [INOTIFY_LIBS="$sss_extra_libdir -linotify"
+ [INOTIFY_LIBS="-L$sss_extra_libdir -linotify"
inotify_works=yes],
[inotify_works=no],
- [$sss_extra_libdir])]
+ [-L$sss_extra_libdir])]
)
AS_IF([test x"$inotify_works" = xyes],

13
security/sssd-devel/files/patch-src__external__krb5.m4 Normal file
View File

@ -0,0 +1,13 @@
--- src/external/krb5.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/krb5.m4
@@ -1,5 +1,10 @@
+KRB5_CFLAGS="-I/usr/local/include"
+KRB5_LIBS="-L/usr/local/lib -lkrb5"
+KRB5_CONFIG="/usr/local/bin/krb5-config"
+
AC_SUBST(KRB5_CFLAGS)
AC_SUBST(KRB5_LIBS)
+AC_SUBST(KRB5_CONFIG)
if test x$KRB5_LIBS != x; then
KRB5_PASSED_LIBS=$KRB5_LIBS

8
security/sssd-devel/files/patch-src__external__nsupdate.m4 Normal file
View File

@ -0,0 +1,8 @@
--- src/external/nsupdate.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/nsupdate.m4
@@ -1,4 +1,4 @@
-AC_PATH_PROG(NSUPDATE, nsupdate)
+AC_PATH_PROG(NSUPDATE, samba-nsupdate)
AC_MSG_CHECKING(for executable nsupdate)
if test -x "$NSUPDATE"; then
AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate])

11
security/sssd-devel/files/patch-src__external__pac_responder.m4 Normal file
View File

@ -0,0 +1,11 @@
--- src/external/pac_responder.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/pac_responder.m4
@@ -7,7 +7,7 @@ then
krb5_version_ok=no
if test x$build_pac_responder = xyes
then
- AC_PATH_PROG(KRB5_CONFIG, krb5-config)
+ AC_PATH_PROG(KRB5_CONFIG, /usr/local/bin/krb5-config)
AC_MSG_CHECKING(for supported MIT krb5 version)
KRB5_VERSION="`$KRB5_CONFIG --version`"
case $KRB5_VERSION in

51
security/sssd-devel/files/patch-src__external__platform.m4 Normal file
View File

@ -0,0 +1,51 @@
--- src/external/platform.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/platform.m4
@@ -1,9 +1,10 @@ AC_ARG_WITH([os],
AC_ARG_WITH([os],
- [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo)])]
+ [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo|freebsd)])]
)
osname=""
if test x"$with_os" != x ; then
if test x"$with_os" = xfedora || \
+ test x"$with_os" = xfreebsd || \
test x"$with_os" = xredhat || \
test x"$with_os" = xsuse || \
test x"$with_os" = xgentoo || \
@@ -25,6 +26,8 @@ if test x"$osname" = x ; then
osname="debian"
elif test -f /etc/gentoo-release ; then
osname="gentoo"
+ elif test -f /etc/os-release ; then
+ osname="freebsd"
fi
AC_MSG_NOTICE([Detected operating system type: $osname])
@@ -35,6 +38,7 @@ AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgent
AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse])
AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian])
AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo])
+AM_CONDITIONAL([HAVE_FREEBSD], [test x"$osname" = xfreebsd])
AS_CASE([$osname],
[redhat], [AC_DEFINE_UNQUOTED([HAVE_REDHAT], 1, [Build with redhat config])],
@@ -42,10 +46,18 @@ AS_CASE([$osname],
[suse], [AC_DEFINE_UNQUOTED([HAVE_SUSE], 1, [Build with suse config])],
[gentoo], [AC_DEFINE_UNQUOTED([HAVE_GENTOO], 1, [Build with gentoo config])],
[debian], [AC_DEFINE_UNQUOTED([HAVE_DEBIAN], 1, [Build with debian config])],
+ [freebsd], [AC_DEFINE_UNQUOTED([HAVE_FREEBSD], 1, [Build with freebsd config])],
[AC_MSG_NOTICE([Build with $osname config])])
-AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , ,
+if test x"$osname" = x"freebsd"; then
+ AC_CHECK_MEMBERS([struct xucred.cr_pid, struct xucred.cr_uid, struct xucred.cr_gid], , , [[
+#include <sys/param.h>
+#include <sys/ucred.h>
+]])
+else
+ AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , ,
[[#include <sys/socket.h>]])
+fi
if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \
x"$ac_cv_member_struct_ucred_uid" = xyes -a \

32
security/sssd-devel/files/patch-src__external__samba.m4 Normal file
View File

@ -0,0 +1,32 @@
--- src/external/samba.m4.orig 2023-05-05 08:11:07 UTC
+++ src/external/samba.m4
@@ -64,7 +64,7 @@ --without-samba
else
AC_MSG_CHECKING([Samba's idmap plugin interface version])
- sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/samba
+ sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/private
SAVE_CFLAGS=$CFLAGS
SAVE_LIBS=$LIBS
CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS"
@@ -157,12 +157,16 @@ AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_group
SAVE_CFLAGS=$CFLAGS
CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS"
AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_groups], , ,
- [[ #include <ndr.h>
- #include <gen_ndr/krb5pac.h>
+ [[ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <time.h>
+ #include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
AC_CHECK_MEMBERS([struct PAC_UPN_DNS_INFO.ex], ,
[AC_MSG_NOTICE([union PAC_UPN_DNS_INFO_EX is not available, PAC checks will be limited])],
- [[ #include <ndr.h>
- #include <gen_ndr/krb5pac.h>
+ [[ #include <sys/types.h>
+ #include <sys/time.h>
+ #include <time.h>
+ #include <ndr.h>
#include <gen_ndr/krb5pac.h>]])
CFLAGS=$SAVE_CFLAGS

19
security/sssd-devel/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c Normal file
View File

@ -0,0 +1,19 @@
--- src/krb5_plugin/common/radius_kdcpreauth.c.orig 2023-05-05 08:11:07 UTC
+++ src/krb5_plugin/common/radius_kdcpreauth.c
@@ -18,6 +18,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <errno.h>
#include <stdbool.h>
#include <stdlib.h>
@@ -414,7 +415,7 @@ sss_radiuskdc_client_init(krb5_context kctx,
struct sss_radiuskdc_config *config)
{
struct sss_radiuskdc_client *client;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
krb5_data data = {0};
krb5_error_code ret;

11
security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c Normal file
View File

@ -0,0 +1,11 @@
--- src/lib/winbind_idmap_sss/winbind_idmap_sss.c.orig 2023-05-05 08:11:07 UTC
+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.c
@@ -22,6 +22,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <sys/time.h>
#include <string.h>
#include <errno.h>

11
security/sssd-devel/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h Normal file
View File

@ -0,0 +1,11 @@
--- src/lib/winbind_idmap_sss/winbind_idmap_sss.h.orig 2023-06-05 04:01:16 UTC
+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h
@@ -29,6 +29,8 @@
#include <stdbool.h>
#include <core/ntstatus.h>
+#include <unistd.h>
+#include <time.h>
#include <ndr.h>
#include <gen_ndr/security.h>

19
security/sssd-devel/files/patch-src__p11_child__p11_child_common.c Normal file
View File

@ -0,0 +1,19 @@
--- src/p11_child/p11_child_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/p11_child/p11_child_common.c
@@ -27,7 +27,6 @@
#include <stdlib.h>
#include <string.h>
#include <popt.h>
-#include <sys/prctl.h>
#include "util/util.h"
#include "util/child_common.h"
@@ -305,8 +304,6 @@ int main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "p11_child[%d]", getpid());
if (debug_prg_name == NULL) {

19
security/sssd-devel/files/patch-src__passkey_child__passkey_child_common.c Normal file
View File

@ -0,0 +1,19 @@
--- src/passkey_child/passkey_child_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/passkey_child/passkey_child_common.c
@@ -23,7 +23,6 @@
*/
#include <popt.h>
-#include <sys/prctl.h>
#include <fido/param.h>
#include <openssl/err.h>
#include <openssl/pem.h>
@@ -269,8 +268,6 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const c
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
if (user_verification != NULL) {
if (strcmp(user_verification, "true") == 0) {

41
security/sssd-devel/files/patch-src__providers__ad__ad_common.c Normal file
View File

@ -0,0 +1,41 @@
--- src/providers/ad/ad_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ad/ad_common.c
@@ -19,6 +19,7 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <ctype.h>
#include "providers/ad/ad_common.h"
@@ -495,8 +496,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
char *server;
char *realm;
char *ad_hostname;
- char hostname[HOST_NAME_MAX + 1];
- char fqdn[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
+ char fqdn[MAXHOSTNAMELEN + 1];
char *case_sensitive_opt;
const char *opt_override;
@@ -543,7 +544,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
strerror(ret));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
if (strchr(hostname, '.') == NULL) {
ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn));
@@ -552,8 +553,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx,
"The hostname [%s] has been expanded to FQDN [%s]. "
"If sssd should really use the short hostname, please "
"set ad_hostname explicitly.\n", hostname, fqdn);
- strncpy(hostname, fqdn, HOST_NAME_MAX);
- hostname[HOST_NAME_MAX] = '\0';
+ strncpy(hostname, fqdn, MAXHOSTNAMELEN);
+ hostname[MAXHOSTNAMELEN] = '\0';
}
}

19
security/sssd-devel/files/patch-src__providers__ad__ad_gpo_child.c Normal file
View File

@ -0,0 +1,19 @@
--- src/providers/ad/ad_gpo_child.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ad/ad_gpo_child.c
@@ -26,7 +26,6 @@
#include <ctype.h>
#include <unistd.h>
#include <popt.h>
-#include <sys/prctl.h>
#include <libsmbclient.h>
#include <security/pam_modules.h>
@@ -699,8 +698,6 @@ main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "gpo_child[%d]", getpid());
if (debug_prg_name == NULL) {

11
security/sssd-devel/files/patch-src__providers__ad__ad_pac.h Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/ad/ad_pac.h.orig 2023-06-05 04:04:46 UTC
+++ src/providers/ad/ad_pac.h
@@ -32,6 +32,8 @@
#ifdef ldb_val
#error Please make sure to include ad_pac.h before ldb.h
#endif
+#include <unistd.h>
+#include <time.h>
#include <ndr.h>
#include <gen_ndr/krb5pac.h>
#include <gen_ndr/ndr_krb5pac.h>

11
security/sssd-devel/files/patch-src__providers__ad__ad_pac_common.c Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/ad/ad_pac_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ad/ad_pac_common.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <sys/time.h>
#include "providers/ad/ad_pac.h"
#include "util/util.h"

10
security/sssd-devel/files/patch-src__providers__data_provider__dp_modules.c Normal file
View File

@ -0,0 +1,10 @@
--- src/providers/data_provider/dp_modules.c.orig 2023-05-25 06:34:10 UTC
+++ src/providers/data_provider/dp_modules.c
@@ -23,6 +23,7 @@
#include "providers/data_provider/dp.h"
#include "providers/data_provider/dp_private.h"
#include "providers/backend.h"
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
/* There can be at most the same number of different modules loaded at

10
security/sssd-devel/files/patch-src__providers__data_provider__dp_targets.c Normal file
View File

@ -0,0 +1,10 @@
--- src/providers/data_provider/dp_targets.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/data_provider/dp_targets.c
@@ -26,6 +26,7 @@
#include "providers/data_provider/dp_private.h"
#include "providers/data_provider/dp_builtin.h"
#include "providers/backend.h"
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
#define DP_TARGET_INIT_FN "sssm_%s_%s_init"

11
security/sssd-devel/files/patch-src__providers__data_provider_be.c Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/data_provider_be.c.orig 2023-05-25 06:24:25 UTC
+++ src/providers/data_provider_be.c
@@ -25,6 +25,8 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
#include <sys/un.h>
#include <string.h>
#include <sys/time.h>

28
security/sssd-devel/files/patch-src__providers__data_provider_fo.c Normal file
View File

@ -0,0 +1,28 @@
--- src/providers/data_provider_fo.c.orig 2023-05-25 06:28:15 UTC
+++ src/providers/data_provider_fo.c
@@ -19,6 +19,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <netdb.h>
#include <arpa/inet.h>
#include "providers/backend.h"
@@ -237,7 +238,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx
const char *hostname)
{
struct fo_resolve_srv_dns_ctx *srv_ctx = NULL;
- char resolved_hostname[HOST_NAME_MAX + 1];
+ char resolved_hostname[MAXHOSTNAMELEN + 1];
errno_t ret;
if (hostname == NULL) {
@@ -248,7 +249,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx
"gethostname() failed: [%d]: %s\n", ret, strerror(ret));
return ret;
}
- resolved_hostname[HOST_NAME_MAX] = '\0';
+ resolved_hostname[MAXHOSTNAMELEN] = '\0';
hostname = resolved_hostname;
}

88
security/sssd-devel/files/patch-src__providers__files__files_ops.c Normal file
View File

@ -0,0 +1,88 @@
--- src/providers/files/files_ops.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/files/files_ops.c
@@ -53,8 +53,11 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx,
struct passwd *pwd_iter = NULL;
struct passwd *pwd = NULL;
struct passwd **users = NULL;
+ struct passwd *pbuf = NULL;
FILE *pwd_handle = NULL;
size_t n_users = 0;
+ char *buf = NULL;
+ unsigned int bufsize = 1024;
pwd_handle = fopen(passwd_file, "r");
if (pwd_handle == NULL) {
@@ -72,7 +75,19 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx,
goto done;
}
- while ((pwd_iter = fgetpwent(pwd_handle)) != NULL) {
+ buf = talloc_zero_array(mem_ctx, char, bufsize);
+ if (buf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ pbuf = talloc_zero(mem_ctx, struct passwd);
+ if (pbuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ while (getpwent_r(pbuf, buf, (size_t)bufsize, &pwd_iter) == 0 && pwd_iter != NULL) {
/* FIXME - we might want to support paging of sorts to avoid allocating
* all users atop a memory context or only return users that differ from
* the local storage as a diff to minimize memory spikes
@@ -126,6 +141,9 @@ done:
users[n_users] = NULL;
*_users = users;
done:
+ talloc_free(pbuf);
+ talloc_free(buf);
+
if (ret != EOK) {
talloc_free(users);
}
@@ -150,8 +168,11 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx,
struct group *grp_iter = NULL;
struct group *grp = NULL;
struct group **groups = NULL;
+ struct group *pbuf = NULL;
size_t n_groups = 0;
FILE *grp_handle = NULL;
+ char *buf = NULL;
+ unsigned int bufsize = 1024;
grp_handle = fopen(group_file, "r");
if (grp_handle == NULL) {
@@ -169,7 +190,19 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx,
goto done;
}
- while ((grp_iter = fgetgrent(grp_handle)) != NULL) {
+ buf = talloc_zero_array(mem_ctx, char, bufsize);
+ if (buf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ pbuf = talloc_zero(mem_ctx, struct group);
+ if (pbuf == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ while (getgrent_r(pbuf, buf, (size_t)bufsize, &grp_iter) == 0 && grp_iter != NULL) {
DEBUG(SSSDBG_TRACE_LIBS,
"Group found (%s, %"SPRIgid")\n",
grp_iter->gr_name, grp_iter->gr_gid);
@@ -230,6 +263,9 @@ done:
groups[n_groups] = NULL;
*_groups = groups;
done:
+ talloc_free(pbuf);
+ talloc_free(buf);
+
if (ret != EOK) {
talloc_free(groups);
}

28
security/sssd-devel/files/patch-src__providers__ipa__ipa_common.c Normal file
View File

@ -0,0 +1,28 @@
--- src/providers/ipa/ipa_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ipa/ipa_common.c
@@ -22,6 +22,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/inet.h>
@@ -51,7 +52,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
char *realm;
char *ipa_hostname;
int ret;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
opts = talloc_zero(memctx, struct ipa_options);
if (!opts) return ENOMEM;
@@ -88,7 +89,7 @@ int ipa_get_options(TALLOC_CTX *memctx,
strerror(ret));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
if (ret != EOK) {

11
security/sssd-devel/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c Normal file
View File

@ -0,0 +1,11 @@
--- src/providers/ipa/ipa_deskprofile_rules_util.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ipa/ipa_deskprofile_rules_util.c
@@ -20,6 +20,8 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <signal.h>
#include "providers/ipa/ipa_deskprofile_rules_util.h"
#include "providers/ipa/ipa_deskprofile_private.h"
#include "providers/ipa/ipa_rules_common.h"

19
security/sssd-devel/files/patch-src__providers__krb5__krb5_child.c Normal file
View File

@ -0,0 +1,19 @@
--- src/providers/krb5/krb5_child.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/krb5/krb5_child.c
@@ -28,7 +28,6 @@
#include <fcntl.h>
#include <ctype.h>
#include <popt.h>
-#include <sys/prctl.h>
#include <security/pam_modules.h>
@@ -4070,8 +4069,6 @@ int main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "krb5_child[%d]", getpid());
if (!debug_prg_name) {

46
security/sssd-devel/files/patch-src__providers__ldap__ldap_auth.c Normal file
View File

@ -0,0 +1,46 @@
--- src/providers/ldap/ldap_auth.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/ldap_auth.c
@@ -37,7 +37,6 @@
#include <sys/time.h>
#include <strings.h>
-#include <shadow.h>
#include <security/pam_modules.h>
#include "util/util.h"
@@ -51,6 +50,22 @@
#define LDAP_PWEXPIRE_WARNING_TIME 0
+struct spwd
+{
+ char *sp_namp; /* Login name. */
+ char *sp_pwdp; /* Encrypted password. */
+ long int sp_lstchg; /* Date of last change. */
+ long int sp_min; /* Minimum number of days between changes. */
+ long int sp_max; /* Maximum number of days between changes. */
+ long int sp_warn; /* Number of days to warn user to change
+ the password. */
+ long int sp_inact; /* Number of days the account may be
+ inactive. */
+ long int sp_expire; /* Number of days since 1970-01-01 until
+ account expires. */
+ unsigned long int sp_flag; /* Reserved. */
+};
+
static errno_t add_expired_warning(struct pam_data *pd, long exp_time)
{
int ret;
@@ -96,9 +111,9 @@ static errno_t check_pwexpire_kerberos(const char *exp
}
DEBUG(SSSDBG_TRACE_ALL,
- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n",
- tzname[0], tzname[1], timezone, daylight, now, expire_time);
+ "Time info: tzname[0] [%s] tzname[1] [%s] "
+ "now [%"SPRItime"] expire_time [%"SPRItime"].\n",
+ tzname[0], tzname[1], now, expire_time);
if (expire_time == 0) {
/* Used by the MIT LDAP KDB plugin to indicate "never" */

42
security/sssd-devel/files/patch-src__providers__ldap__ldap_child.c Normal file
View File

@ -0,0 +1,42 @@
--- src/providers/ldap/ldap_child.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/ldap_child.c
@@ -23,11 +23,11 @@
*/
#include <sys/types.h>
+#include <sys/param.h>
#include <unistd.h>
#include <sys/stat.h>
#include <signal.h>
#include <popt.h>
-#include <sys/prctl.h>
#include "util/util.h"
#include "util/sss_krb5.h"
@@ -337,7 +337,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_
full_princ = talloc_strdup(tmp_ctx, princ_str);
}
} else {
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
ret = gethostname(hostname, sizeof(hostname));
if (ret == -1) {
@@ -346,7 +346,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_
errno, strerror(errno));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname);
@@ -660,8 +660,6 @@ int main(int argc, const char *argv[])
}
poptFreeContext(pc);
-
- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1);
debug_prg_name = talloc_asprintf(NULL, "ldap_child[%d]", getpid());
if (!debug_prg_name) {

41
security/sssd-devel/files/patch-src__providers__ldap__sdap_access.c Normal file
View File

@ -0,0 +1,41 @@
--- src/providers/ldap/sdap_access.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/sdap_access.c
@@ -24,6 +24,7 @@
#include "config.h"
+#include <sys/param.h>
#include <time.h>
#include <security/pam_modules.h>
#include <talloc.h>
@@ -568,9 +569,9 @@ bool nds_check_expired(const char *exp_time_str)
now = time(NULL);
DEBUG(SSSDBG_TRACE_ALL,
- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] "
- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n",
- tzname[0], tzname[1], timezone, daylight, now, expire_time);
+ "Time info: tzname[0] [%s] tzname[1] [%s] "
+ "now [%"SPRItime"] expire_time [%"SPRItime"].\n",
+ tzname[0], tzname[1], now, expire_time);
if (difftime(now, expire_time) > 0.0) {
DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n");
@@ -1286,7 +1287,7 @@ static errno_t sdap_access_host(struct ldb_message *us
{
errno_t ret;
struct ldb_message_element *el;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
struct addrinfo *res = NULL;
struct addrinfo hints;
@@ -1301,7 +1302,7 @@ static errno_t sdap_access_host(struct ldb_message *us
"Unable to get system hostname. Access denied\n");
return ERR_ACCESS_DENIED;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
/* Canonicalize the hostname */
memset(&hints, 0, sizeof(struct addrinfo));

28
security/sssd-devel/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c Normal file
View File

@ -0,0 +1,28 @@
--- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/ldap/sdap_async_sudo_hostinfo.c
@@ -18,6 +18,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <errno.h>
#include <tevent.h>
#include <talloc.h>
@@ -357,7 +358,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send
struct tevent_req *subreq = NULL;
struct sdap_sudo_get_hostnames_state *state = NULL;
char *dot = NULL;
- char hostname[HOST_NAME_MAX + 1];
+ char hostname[MAXHOSTNAMELEN + 1];
int ret;
req = tevent_req_create(mem_ctx, &state,
@@ -387,7 +388,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send
"[%d]: %s\n", ret, strerror(ret));
goto done;
}
- hostname[HOST_NAME_MAX] = '\0';
+ hostname[MAXHOSTNAMELEN] = '\0';
state->hostnames[0] = talloc_strdup(state->hostnames, hostname);
if (state->hostnames[0] == NULL) {

29
security/sssd-devel/files/patch-src__providers__proxy__proxy_child.c Normal file
View File

@ -0,0 +1,29 @@
--- src/providers/proxy/proxy_child.c.orig 2023-05-05 08:11:07 UTC
+++ src/providers/proxy/proxy_child.c
@@ -30,6 +30,7 @@
#include <sys/stat.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <stdlib.h>
#include <string.h>
#include <sys/time.h>
#include <errno.h>
@@ -469,6 +470,18 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, cons
return EOK;
}
+
+
+#if (defined(__FreeBSD__) && (__FreeBSD__ < 14))
+extern char **environ;
+
+static int
+clearenv(void)
+{
+ *environ = NULL;
+ return 0;
+}
+#endif
int main(int argc, const char *argv[])
{

28
security/sssd-devel/files/patch-src__resolv__async_resolv_utils.c Normal file
View File

@ -0,0 +1,28 @@
--- src/resolv/async_resolv_utils.c.orig 2023-05-05 08:11:07 UTC
+++ src/resolv/async_resolv_utils.c
@@ -18,6 +18,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/param.h>
#include <string.h>
#include <talloc.h>
#include <tevent.h>
@@ -45,7 +46,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
struct resolv_get_domain_state *state = NULL;
struct tevent_req *req = NULL;
struct tevent_req *subreq = NULL;
- char system_hostname[HOST_NAME_MAX + 1];
+ char system_hostname[MAXHOSTNAMELEN + 1];
errno_t ret;
req = tevent_req_create(mem_ctx, &state,
@@ -64,7 +65,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx,
ret, strerror(ret));
goto immediately;
}
- system_hostname[HOST_NAME_MAX] = '\0';
+ system_hostname[MAXHOSTNAMELEN] = '\0';
hostname = system_hostname;
}

10
security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c
@@ -23,6 +23,7 @@
#include <talloc.h>
#include <ldb.h>
#include <arpa/inet.h>
+#include <sys/socket.h>
#include "db/sysdb.h"
#include "db/sysdb_iphosts.h"

10
security/sssd-devel/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c
@@ -23,6 +23,7 @@
#include <talloc.h>
#include <ldb.h>
#include <arpa/inet.h>
+#include <sys/socket.h>
#include "db/sysdb.h"
#include "db/sysdb_ipnetworks.h"

10
security/sssd-devel/files/patch-src__responder__common__responder_common.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/responder_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/responder_common.c
@@ -33,6 +33,7 @@
#include <popt.h>
#include <dbus/dbus.h>
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
#include "util/strtonum.h"
#include "db/sysdb.h"

10
security/sssd-devel/files/patch-src__responder__common__responder_packet.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/common/responder_packet.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/common/responder_packet.c
@@ -25,6 +25,7 @@
#include <errno.h>
#include <talloc.h>
+#include "util/sss_bsd_errno.h"
#include "util/util.h"
#include "responder/common/responder_packet.h"

23
security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c Normal file
View File

@ -0,0 +1,23 @@
--- src/responder/kcm/kcmsrv_ccache_secdb.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/kcm/kcmsrv_ccache_secdb.c
@@ -21,6 +21,9 @@
#include "config.h"
+#include <sys/param.h>
+#include <sys/ucred.h>
+
#include <talloc.h>
#include <stdio.h>
@@ -877,8 +880,8 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX *
continue;
}
- cli_cred.ucred.uid = pwd->pw_uid;
- cli_cred.ucred.gid = pwd->pw_gid;
+ cli_cred.ucred.cr_uid = pwd->pw_uid;
+ cli_cred.ucred.cr_gid = pwd->pw_gid;
ret = key_by_uuid(tmp_ctx, secdb->sctx, &cli_cred, uuid, &secdb_key);
if (ret != EOK) {

15
security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_cmd.c Normal file
View File

@ -0,0 +1,15 @@
--- src/responder/kcm/kcmsrv_cmd.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/kcm/kcmsrv_cmd.c
@@ -20,10 +20,12 @@
*/
#include <sys/uio.h>
+#include <sys/endian.h>
#include <krb5/krb5.h>
#include "config.h"
#include "util/util.h"
+#include "util/sss_bsd_errno.h"
#include "responder/common/responder.h"
#include "responder/kcm/kcmsrv_pvt.h"
#include "responder/kcm/kcmsrv_ops.h"

10
security/sssd-devel/files/patch-src__responder__kcm__kcmsrv_ops.c Normal file
View File

@ -0,0 +1,10 @@
--- src/responder/kcm/kcmsrv_ops.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/kcm/kcmsrv_ops.c
@@ -21,6 +21,7 @@
#include "config.h"
+#include <sys/endian.h>
#include <krb5/krb5.h>
#include <dhash.h>

27
security/sssd-devel/files/patch-src__responder__nss__nsssrv_mmap_cache.c Normal file
View File

@ -0,0 +1,27 @@
--- src/responder/nss/nsssrv_mmap_cache.c.orig 2023-05-05 08:11:07 UTC
+++ src/responder/nss/nsssrv_mmap_cache.c
@@ -23,6 +23,7 @@
#include "util/crypto/sss_crypto.h"
#include "confdb/confdb.h"
#include <sys/mman.h>
+#include <unistd.h>
#include <fcntl.h>
#include "util/mmap_cache.h"
#include "sss_client/idmap/sss_nss_idmap.h"
@@ -1402,8 +1403,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const
/* Attempt allocation several times, in case of EINTR */
for (int i = 0; i < POSIX_FALLOCATE_ATTEMPTS; i++) {
ret = posix_fallocate(mc_ctx->fd, 0, mc_ctx->mmap_size);
- if (ret != EINTR)
- break;
+ if (ret != EINTR && ret == EINVAL) {
+ /* posix_fallocate doesn't work on ZFS */
+ ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size);
+ if (ret != 0) {
+ break;
+ }
+ } else if (ret != EINTR)
+ break;
}
if (ret) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate file %s: %d(%s)\n",

11
security/sssd-devel/files/patch-src__sbus__sbus_errors.c Normal file
View File

@ -0,0 +1,11 @@
--- src/sbus/sbus_errors.c.orig 2023-05-05 08:11:07 UTC
+++ src/sbus/sbus_errors.c
@@ -53,7 +53,7 @@ static const struct {
{ DBUS_ERROR_LIMITS_EXCEEDED, ERANGE},
{ DBUS_ERROR_ACCESS_DENIED, EPERM},
{ DBUS_ERROR_AUTH_FAILED, EACCES},
- { DBUS_ERROR_NO_NETWORK, ENONET},
+ { DBUS_ERROR_NO_NETWORK, EHOSTDOWN},
{ DBUS_ERROR_DISCONNECTED, ERR_OFFLINE},
{ DBUS_ERROR_INVALID_ARGS, EINVAL},

29
security/sssd-devel/files/patch-src__sss_client__common.c Normal file
View File

@ -0,0 +1,29 @@
--- src/sss_client/common.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/common.c
@@ -156,7 +156,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c
*errnop = error;
break;
case 0:
- *errnop = ETIME;
+ *errnop = ETIMEDOUT;
break;
case 1:
if (pfd.revents & (POLLERR | POLLHUP)) {
@@ -268,7 +268,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c
*errnop = error;
break;
case 0:
- *errnop = ETIME;
+ *errnop = ETIMEDOUT;
break;
case 1:
if (pfd.revents & (POLLHUP)) {
@@ -731,7 +731,7 @@ static enum sss_status sss_cli_check_socket(int *errno
*errnop = error;
break;
case 0:
- *errnop = ETIME;
+ *errnop = ETIMEDOUT;
break;
case 1:
if (pfd.revents & (POLLERR | POLLHUP)) {

78
security/sssd-devel/files/patch-src__sss_client__nss_group.c Normal file
View File

@ -0,0 +1,78 @@
--- src/sss_client/nss_group.c.orig 2023-06-05 03:48:03 UTC
+++ src/sss_client/nss_group.c
@@ -403,6 +403,75 @@ out:
return nret;
}
+#define MIN(a, b)((a) < (b) ? (a) : (b))
+
+int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt)
+{
+ int ret, dupc;
+
+ for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) {
+ if (groups[dupc] == gid)
+ return 1;
+ }
+
+ ret = 1;
+ if (*grpcnt < maxgrp)
+ groups[*grpcnt] = gid;
+ else
+ ret = 0;
+
+ (*grpcnt)++;
+
+ return ret;
+}
+
+enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup,
+ gid_t *groups, int maxgrp,
+ int *grpcnt)
+{
+ struct sss_cli_req_data rd;
+ uint8_t *repbuf;
+ size_t replen;
+ enum nss_status nret;
+ uint32_t *rbuf;
+ uint32_t num_ret;
+ long int l, max_ret;
+ int errnop;
+
+ rd.len = strlen(uname) +1;
+ rd.data = uname;
+
+ sss_nss_lock();
+
+ nret = sss_nss_make_request(SSS_NSS_INITGR, &rd,
+ &repbuf, &replen, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ goto done;
+ }
+
+ /* no results if not found */
+ num_ret = ((uint32_t *)repbuf)[0];
+ if (num_ret == 0) {
+ free(repbuf);
+ nret = NSS_STATUS_NOTFOUND;
+ goto done;
+ }
+ max_ret = num_ret;
+
+ gr_addgid(agroup, groups, maxgrp, grpcnt);
+
+ rbuf = &((uint32_t *)repbuf)[2];
+ for (l = 0; l < max_ret; l++) {
+ gr_addgid(rbuf[l], groups, maxgrp, grpcnt);
+ }
+
+ free(repbuf);
+ nret = NSS_STATUS_SUCCESS;
+
+done:
+ sss_nss_unlock();
+ return nret;
+}
enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result,
char *buffer, size_t buflen, int *errnop)

12
security/sssd-devel/files/patch-src__sss_client__nss_hosts.c Normal file
View File

@ -0,0 +1,12 @@
--- src/sss_client/nss_hosts.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/nss_hosts.c
@@ -22,6 +22,9 @@
#include "config.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <nss.h>
#include <netdb.h>
#include <resolv.h>

12
security/sssd-devel/files/patch-src__sss_client__nss_ipnetworks.c Normal file
View File

@ -0,0 +1,12 @@
--- src/sss_client/nss_ipnetworks.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/nss_ipnetworks.c
@@ -22,6 +22,9 @@
#include "config.h"
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
#include <nss.h>
#include <netdb.h>
#include <resolv.h>

11
security/sssd-devel/files/patch-src__sss_client__pam_sss.c Normal file
View File

@ -0,0 +1,11 @@
--- src/sss_client/pam_sss.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/pam_sss.c
@@ -1422,7 +1422,7 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t
pi->cli_pid = getpid();
- pi->login_name = pam_modutil_getlogin(pamh);
+ pi->login_name = getlogin();
if (pi->login_name == NULL) pi->login_name="";
pi->domain_name = NULL;

19
security/sssd-devel/files/patch-src__sss_client__pam_sss_gss.c Normal file
View File

@ -0,0 +1,19 @@
--- src/sss_client/pam_sss_gss.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/pam_sss_gss.c
@@ -22,7 +22,7 @@
#include <stddef.h>
#include <stdbool.h>
#include <security/pam_modules.h>
-#include <security/pam_ext.h>
+#include <security/pam_appl.h>
#include <gssapi.h>
#include <gssapi/gssapi_ext.h>
#include <gssapi/gssapi_generic.h>
@@ -46,7 +46,6 @@ bool debug_enabled;
#define ERROR(pamh, fmt, ...) do { \
if (debug_enabled) { \
pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \
- pam_syslog(pamh, LOG_ERR, fmt, ## __VA_ARGS__); \
} \
} while (0)

35
security/sssd-devel/files/patch-src__sss_client__sss_nss.exports Normal file
View File

@ -0,0 +1,35 @@
--- src/sss_client/sss_nss.exports.orig 2023-06-05 03:42:12 UTC
+++ src/sss_client/sss_nss.exports
@@ -3,6 +3,7 @@ EXPORTED {
# public functions
global:
+ nss_module_register;
_nss_sss_getpwnam_r;
_nss_sss_getpwuid_r;
_nss_sss_setpwent;
@@ -14,7 +15,24 @@ EXPORTED {
_nss_sss_setgrent;
_nss_sss_getgrent_r;
_nss_sss_endgrent;
+ _nss_sss_getgroupmembership;
_nss_sss_initgroups_dyn;
+
+ __nss_compat_getgrnam_r;
+ __nss_compat_getgrgid_r;
+ __nss_compat_getgrent_r;
+ __nss_compat_setgrent;
+ __nss_compat_endgrent;
+
+ __nss_compat_getpwnam_r;
+ __nss_compat_getpwuid_r;
+ __nss_compat_getpwent_r;
+ __nss_compat_setpwent;
+ __nss_compat_endpwent;
+
+ __nss_compat_gethostbyname;
+ __nss_compat_gethostbyname2;
+ __nss_compat_gethostbyaddr;
#_nss_sss_getaliasbyname_r;
#_nss_sss_setaliasent;

19
security/sssd-devel/files/patch-src__sss_client__sss_pac_responder_client.c Normal file
View File

@ -0,0 +1,19 @@
--- src/sss_client/sss_pac_responder_client.c.orig 2023-05-05 08:11:07 UTC
+++ src/sss_client/sss_pac_responder_client.c
@@ -23,6 +23,7 @@
#include <unistd.h>
#include <sys/types.h>
#include <errno.h>
+#include <pthread_np.h>
#include <sys/syscall.h>
@@ -97,7 +98,7 @@ static void *pac_client(void *arg)
size_t c;
fprintf(stderr, "[%"SPRItime"][%d][%ld][%s] started\n",
- time(NULL), getpid(), syscall(SYS_gettid), (char *) arg);
+ time(NULL), getpid(), pthread_getthreadid_np(), (char *) arg);
for (c = 0; c < 1000; c++) {
/* sss_pac_make_request() does not protect the client's file
* descriptor to the PAC responder. With this one thread will miss a

21
security/sssd-devel/files/patch-src__util__child_common.c Normal file
View File

@ -0,0 +1,21 @@
--- src/util/child_common.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/child_common.c
@@ -28,7 +28,6 @@
#include <tevent.h>
#include <sys/wait.h>
#include <errno.h>
-#include <sys/prctl.h>
#include "util/util.h"
#include "util/find_uid.h"
@@ -792,8 +791,8 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx,
goto fail;
}
- argv[--argc] = talloc_asprintf(argv, "--dumpable=%d",
- prctl(PR_GET_DUMPABLE));
+ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", 0);
+
if (argv[argc] == NULL) {
ret = ENOMEM;
goto fail;

28
security/sssd-devel/files/patch-src__util__nss_dl_load.c Normal file
View File

@ -0,0 +1,28 @@
--- src/util/nss_dl_load.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/nss_dl_load.c
@@ -24,6 +24,7 @@
#include "util/util_errors.h"
#include "util/debug.h"
#include "nss_dl_load.h"
+#include "util/sss_bsd_errno.h"
#define NSS_FN_NAME "_nss_%s_%s"
@@ -36,7 +37,7 @@ static void *proxy_dlsym(void *handle,
char *funcname;
void *funcptr;
- funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name);
+ funcname = talloc_asprintf(NULL, "%s", name);
if (funcname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
return NULL;
@@ -56,7 +57,7 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops,
char *libpath;
size_t i;
- libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname);
+ libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname);
if (libpath == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
return ENOMEM;

53
security/sssd-devel/files/patch-src__util__server.c Normal file
View File

@ -0,0 +1,53 @@
--- src/util/server.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/server.c
@@ -30,17 +30,12 @@
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
-#include <sys/prctl.h>
#include <ldb.h>
#include "util/util.h"
#include "confdb/confdb.h"
#include "util/sss_chain_id.h"
#include "util/sss_chain_id_tevent.h"
-#ifdef HAVE_PRCTL
-#include <sys/prctl.h>
-#endif
-
static TALLOC_CTX *autofree_ctx;
static void server_atexit(void)
@@ -317,10 +312,13 @@ static void setup_signals(void)
BlockSignals(false, SIGTERM);
#ifndef HAVE_PRCTL
- /* If prctl is not defined on the system, try to handle
- * some common termination signals gracefully */
+ /* If prctl is not defined on the system, try to handle
+ * some common termination signals gracefully */
+ (void) sig_segv_abrt; /* unused */
+ /*
CatchSignal(SIGSEGV, sig_segv_abrt);
CatchSignal(SIGABRT, sig_segv_abrt);
+ */
#endif
}
@@ -747,6 +745,8 @@ int server_setup(const char *name, bool is_responder,
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to determine "CONFDB_MONITOR_DUMPABLE"\n");
return ret;
}
+
+#ifdef HAVE_PRCTL
ret = prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0);
if (ret != 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set PR_SET_DUMPABLE\n");
@@ -754,6 +754,7 @@ int server_setup(const char *name, bool is_responder,
} else if (!dumpable) {
DEBUG(SSSDBG_IMPORTANT_INFO, "Core dumps are disabled!\n");
}
+#endif
sss_chain_id_setup(ctx->event_ctx);

11
security/sssd-devel/files/patch-src__util__sss_krb5.c Normal file
View File

@ -0,0 +1,11 @@
--- src/util/sss_krb5.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/sss_krb5.c
@@ -17,6 +17,8 @@
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include <sys/types.h>
+#include <sys/endian.h>
#include <ctype.h>
#include <stdio.h>
#include <errno.h>

10
security/sssd-devel/files/patch-src__util__sss_pam_data.h Normal file
View File

@ -0,0 +1,10 @@
--- src/util/sss_pam_data.h.orig 2023-05-05 08:11:07 UTC
+++ src/util/sss_pam_data.h
@@ -24,6 +24,7 @@
#include "config.h"
#include <stdbool.h>
#include <stdint.h>
+#include <string.h>
#ifdef USE_KEYRING
#include <sys/types.h>
#include <keyutils.h>

30
security/sssd-devel/files/patch-src__util__sss_sockets.c Normal file
View File

@ -0,0 +1,30 @@
--- src/util/sss_sockets.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/sss_sockets.c
@@ -144,18 +144,6 @@ errno_t set_fd_common_opts(int fd, int timeout)
"setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
strerror(ret));
}
-
- if (domain != AF_UNIX && type == SOCK_STREAM) {
- milli = timeout * 1000; /* timeout in milliseconds */
- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
- sizeof(milli));
- if (ret != 0) {
- ret = errno;
- DEBUG(SSSDBG_FUNC_DATA,
- "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
- strerror(ret));
- }
- }
}
return EOK;
@@ -258,7 +246,7 @@ static void sssd_async_connect_done(struct tevent_cont
talloc_zfree(fde);
- if (ret == EOK) {
+ if (ret == EOK || ret == EISCONN) {
tevent_req_done(req);
} else {
ret = errno;

19
security/sssd-devel/files/patch-src__util__util.c Normal file
View File

@ -0,0 +1,19 @@
--- src/util/util.c.orig 2023-05-05 08:11:07 UTC
+++ src/util/util.c
@@ -763,6 +763,16 @@ errno_t sss_fd_nonblocking(int fd)
return EOK;
}
+int flb_timezone(void)
+{
+ struct tm tm;
+ time_t t = 0;
+ tzset();
+ localtime_r(&t, &tm);
+ return -(tm.tm_gmtoff);
+}
+#define timezone (flb_timezone())
+
/* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime)
* to unix time (seconds since epoch). Use UTC time zone.
*/

20
security/sssd-devel/files/patch-src__util__util_creds.h Normal file
View File

@ -0,0 +1,20 @@
--- src/util/util_creds.h.orig 2023-05-05 08:11:07 UTC
+++ src/util/util_creds.h
@@ -73,6 +73,17 @@ struct cli_creds {
#define cli_creds_get_uid(x) (x->ucred.uid)
#define cli_creds_get_gid(x) (x->ucred.gid)
+#elif HAVE_FREEBSD
+#include <sys/param.h>
+#include <sys/ucred.h>
+struct cli_creds {
+ struct xucred ucred;
+ SELINUX_CTX selinux_ctx;
+};
+
+#define cli_creds_get_uid(x) (x->ucred.cr_uid)
+#define cli_creds_get_gid(x) (x->ucred.cr_gid)
+
#else /* not HAVE_UCRED */
struct cli_creds {
SELINUX_CTX selinux_ctx;

10
security/sssd-devel/files/patch-src_tests_cmocka_test__authtok.c Normal file
View File

@ -0,0 +1,10 @@
--- src/tests/cmocka/test_authtok.c.orig 2023-05-05 08:11:07 UTC
+++ src/tests/cmocka/test_authtok.c
@@ -28,6 +28,7 @@
#include "tests/cmocka/common_mock.h"
#include "util/authtok.h"
+#include "util/sss_endian.h"
struct test_state {

27
security/sssd-devel/files/pkg-message.in Normal file
View File

@ -0,0 +1,27 @@
[
{ type: install
message: <<EOM
================================================================================
Copy %%PREFIX%%/etc/sssd/sssd.conf.sample to %%PREFIX%%/etc/sssd/sssd.conf
and edit %%PREFIX%%/etc/sssd/sssd.conf (see man sssd.conf for details)
To load sssd at startup, add sssd_enable="YES" to /etc/rc.conf
To enable pam integration, add a line similar to the following to
/etc/pam.d/system:
login auth sufficient %%PREFIX%%/lib/pam_sss.so
To enable NSS integration, update /etc/nsswitch.conf as follows:
group: sss files
passwd: sss files
For additional details, please see the man pages for pam.conf and nsswitch.conf
An sssd HOWTO is also available:
https://fedorahosted.org/sssd/wiki/HOWTO_Configure_1_0_2
================================================================================
EOM
}
]

58
security/sssd-devel/files/sss_bsd_errno.h Normal file
View File

@ -0,0 +1,58 @@
/*
SSSD
Authors:
Lukas Slebodnik <lslebodn@redhat.com>
Copyright (C) 2013 Red Hat
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef SSS_BSD_ERRNO_H_
#define SSS_BSD_ERRNO_H_
#include <errno.h>
#define BSD_ERR_MASK (0xB5DE <<16)
#ifndef EUCLEAN
#define EUCLEAN (BSD_ERR_MASK | 117)
#endif
#ifndef EMEDIUMTYPE
#define EMEDIUMTYPE (BSD_ERR_MASK | 124)
#endif
#ifndef EOWNERDEAD
#define EOWNERDEAD (BSD_ERR_MASK | 130)
#endif
#ifndef ECONNRESET
#define ECONNRESET (BSD_ERR_MASK | 104)
#endif
#ifndef ETIMEDOUT
#define ETIMEDOUT (BSD_ERR_MASK | 110)
#endif
#ifndef ENODATA
#define ENODATA (BSD_ERR_MASK | 61)
#endif
#ifndef ETIME
#define ETIME (BSD_ERR_MASK | 62)
#endif
#ifndef ELIBACC
#define ELIBACC (BSD_ERR_MASK | 79)
#endif
#ifndef ELIBBAD
#define ELIBBAD (BSD_ERR_MASK | 80)
#endif
#endif /* SSS_BSD_ERRNO_H_ */

40
security/sssd-devel/files/sssd.in Normal file
View File

@ -0,0 +1,40 @@
#!/bin/sh
# PROVIDE: sssd
# REQUIRE: DAEMON
# BEFORE: LOGIN
# KEYWORD: shutdown
# Add the following lines to /etc/rc.conf to enable `sssd':
#
# sssd_enable="YES"
#
# See sssd(8) for sssd_flags
#
. /etc/rc.subr
name=sssd
rcvar=sssd_enable
# read configuration and set defaults
load_rc_config "$name"
: ${sssd_enable:=NO}
: ${sssd_conf="%%PREFIX%%/etc/sssd/sssd.conf"}
: ${sssd_flags="-D"}
command="%%PREFIX%%/sbin/$name"
pidfile="/var/run/$name.pid"
required_files="${sssd_conf}"
start_precmd=sssd_prestart
sssd_prestart()
{
for i in db/sss/db db/sss/gpo_cache db/sss/keytabs db/sss/mc db/sss/pubconf/krb5.include.d/ db/sss/secrets log/sssd run/sss/pipes/private; do
if [ ! -d var/${i} ]; then mkdir -p /var/${i}; fi
done
}
run_rc_command "$1"

7
security/sssd-devel/pkg-descr Normal file
View File

@ -0,0 +1,7 @@
This project provides a set of daemons to manage access to remote
directories and authentication mechanisms, it provides an NSS and
PAM interface toward the system and a pluggable backend system to
connect to multiple different account sources. It is also the
basis to provide client auditing and policy services for projects
like FreeIPA. sssd also features caching, which can allow for
offline use to assist laptop users.

170
security/sssd-devel/pkg-plist Normal file
View File

@ -0,0 +1,170 @@
bin/sss_ssh_authorizedkeys
bin/sss_ssh_knownhostsproxy
etc/pam.d/sssd-shadowutils
%%ETCDIR%%/sssd.conf.sample
include/ipa_hbac.h
include/sss_certmap.h
include/sss_idmap.h
include/sss_nss_idmap.h
lib/krb5/plugins/authdata/sssd_pac_plugin.so
lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so
lib/libipa_hbac.so
lib/libipa_hbac.so.0
lib/libipa_hbac.so.0.1.0
lib/libnss_sss.so.2
lib/libsss_certmap.so
lib/libsss_certmap.so.0
lib/libsss_certmap.so.0.2.0
lib/libsss_idmap.so
lib/libsss_idmap.so.0
lib/libsss_idmap.so.0.5.1
lib/libsss_nss_idmap.so
lib/libsss_nss_idmap.so.0
lib/libsss_nss_idmap.so.0.6.0
lib/libsss_sudo.so
lib/nss_sss.so.1
lib/pam_sss.so
lib/pam_sss_gss.so
%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.2-py%%PYTHON_VER%%.egg-info/PKG-INFO
%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.2-py%%PYTHON_VER%%.egg-info/SOURCES.txt
%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.2-py%%PYTHON_VER%%.egg-info/dependency_links.txt
%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.2-py%%PYTHON_VER%%.egg-info/top_level.txt
%%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py
%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__%%PYTHON_EXT_SUFFIX%%.pyc
%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf%%PYTHON_EXT_SUFFIX%%.pyc
%%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/sssdoptions%%PYTHON_EXT_SUFFIX%%.pyc
%%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py
%%PYTHON_SITELIBDIR%%/SSSDConfig/sssdoptions.py
%%PYTHON_SITELIBDIR%%/pyhbac.so
%%PYTHON_SITELIBDIR%%/pysss.so
%%PYTHON_SITELIBDIR%%/pysss_murmur.so
%%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so
%%PYTHON_SITELIBDIR%%/sssd/__init__.py
%%PYTHON_SITELIBDIR%%/sssd/modules/__init__.py
%%PYTHON_SITELIBDIR%%/sssd/modules/request.py
%%PYTHON_SITELIBDIR%%/sssd/parser.py
%%PYTHON_SITELIBDIR%%/sssd/source_files.py
%%PYTHON_SITELIBDIR%%/sssd/source_journald.py
%%PYTHON_SITELIBDIR%%/sssd/source_reader.py
%%PYTHON_SITELIBDIR%%/sssd/sss_analyze.py
lib/samba4/modules/idmap/sss.so
lib/shared-modules/ldb/memberof.so
lib/sssd/conf/sssd.conf
lib/sssd/libifp_iface.so
lib/sssd/libifp_iface_sync.so
lib/sssd/libsss_ad.so
lib/sssd/libsss_cert.so
lib/sssd/libsss_child.so
lib/sssd/libsss_crypt.so
lib/sssd/libsss_debug.so
lib/sssd/libsss_files.so
lib/sssd/libsss_iface.so
lib/sssd/libsss_iface_sync.so
lib/sssd/libsss_ipa.so
lib/sssd/libsss_krb5.so
lib/sssd/libsss_krb5_common.so
lib/sssd/libsss_ldap.so
lib/sssd/libsss_ldap_common.so
lib/sssd/libsss_proxy.so
lib/sssd/libsss_sbus.so
lib/sssd/libsss_sbus_sync.so
lib/sssd/libsss_semanage.so
lib/sssd/libsss_simple.so
lib/sssd/libsss_util.so
lib/sssd/modules/sssd_krb5_idp_plugin.so
lib/sssd/modules/sssd_krb5_localauth_plugin.so
lib/sssd/modules/sssd_krb5_passkey_plugin.so
libdata/pkgconfig/ipa_hbac.pc
libdata/pkgconfig/sss_certmap.pc
libdata/pkgconfig/sss_idmap.pc
libdata/pkgconfig/sss_nss_idmap.pc
libexec/sssd/gpo_child
libexec/sssd/krb5_child
libexec/sssd/ldap_child
libexec/sssd/oidc_child
libexec/sssd/p11_child
libexec/sssd/passkey_child
libexec/sssd/proxy_child
libexec/sssd/sss_analyze
libexec/sssd/sss_signal
libexec/sssd/sssd_be
libexec/sssd/sssd_ifp
libexec/sssd/sssd_kcm
libexec/sssd/sssd_nss
libexec/sssd/sssd_pac
libexec/sssd/sssd_pam
libexec/sssd/sssd_ssh
libexec/sssd/sssd_sudo
man/man1/sss_ssh_authorizedkeys.1.gz
man/man1/sss_ssh_knownhostsproxy.1.gz
man/man5/sss-certmap.5.gz
man/man5/sssd-ad.5.gz
man/man5/sssd-files.5.gz
man/man5/sssd-ifp.5.gz
man/man5/sssd-ipa.5.gz
man/man5/sssd-krb5.5.gz
man/man5/sssd-ldap-attributes.5.gz
man/man5/sssd-ldap.5.gz
man/man5/sssd-session-recording.5.gz
man/man5/sssd-simple.5.gz
man/man5/sssd-sudo.5.gz
man/man5/sssd.conf.5.gz
man/man8/idmap_sss.8.gz
man/man8/pam_sss.8.gz
man/man8/pam_sss_gss.8.gz
man/man8/sss_cache.8.gz
man/man8/sss_debuglevel.8.gz
man/man8/sss_obfuscate.8.gz
man/man8/sss_override.8.gz
man/man8/sss_seed.8.gz
man/man8/sssctl.8.gz
man/man8/sssd-kcm.8.gz
man/man8/sssd.8.gz
man/man8/sssd_krb5_localauth_plugin.8.gz
man/man8/sssd_krb5_locator_plugin.8.gz
sbin/sss_cache
sbin/sss_debuglevel
sbin/sss_obfuscate
sbin/sss_override
sbin/sss_seed
sbin/sssctl
sbin/sssd
share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%%DATADIR%%/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
%%DATADIR%%/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
%%DATADIR%%/sssd-kcm/kcm_default_ccache
%%DATADIR%%/sssd/cfg_rules.ini
%%DATADIR%%/sssd/krb5-snippets/enable_sssd_conf_dir
%%DATADIR%%/sssd/krb5-snippets/sssd_enable_idp
%%DATADIR%%/sssd/krb5-snippets/sssd_enable_passkey
%%DATADIR%%/sssd/sssd.api.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-ad.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-files.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-ipa.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-krb5.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-ldap.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-proxy.conf
%%DATADIR%%/sssd/sssd.api.d/sssd-simple.conf
@dir %%ETCDIR%%/conf.d
@dir %%ETCDIR%%/pki
@dir lib/ldb
@dir %%DOCSDIR%%/doc
@dir %%DOCSDIR%%/hbac_doc
@dir %%DOCSDIR%%/idmap_doc
@dir %%DOCSDIR%%/nss_idmap_doc
@dir /var/db/sss/db
@dir /var/db/sss/deskprofile
@dir /var/db/sss/gpo_cache
@dir /var/db/sss/keytabs
@dir /var/db/sss/mc
@dir /var/db/sss/pubconf/krb5.include.d
@dir /var/db/sss/pubconf
@dir /var/db/sss
@dir /var/lib/sss/secrets
@dir /var/lib/sss
@dir /var/lib
@dir /var/log/sssd
@dir /var/run/sss/pipes/private
@dir /var/run/sss/pipes
@dir /var/run/sss

148
security/sudo/Makefile Normal file
View File

@ -0,0 +1,148 @@
PORTNAME= sudo
PORTVERSION= 1.9.15p5
PORTREVISION= 2
CATEGORIES= security
MASTER_SITES= SUDO
MAINTAINER= garga@FreeBSD.org
COMMENT= Allow others to run commands as root
WWW= https://www.sudo.ws/
LICENSE= sudo
LICENSE_NAME= Sudo license
LICENSE_FILE= ${WRKSRC}/LICENSE.md
LICENSE_PERMS= dist-mirror dist-sell pkg-mirror pkg-sell auto-accept
USES= cpe libtool pkgconfig
CPE_VENDOR= todd_miller
USE_LDCONFIG= yes
GNU_CONFIGURE= yes
GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share
CONFIGURE_ARGS= --mandir=${PREFIX}/share/man \
--sysconfdir=${PREFIX}/etc \
--with-env-editor \
--with-ignore-dot \
--with-logfac=${LOGFAC} \
--with-logincap \
--with-long-otp-prompt \
--with-rundir=/var/run/sudo \
--with-tty-tickets
LDFLAGS+= -lgcc
PORTSCOUT= ignore:1
OPTIONS_DEFINE= AUDIT DISABLE_AUTH DISABLE_ROOT_SUDO DOCS EXAMPLES \
INSULTS LDAP NLS NOARGS_SHELL OPIE PAM PYTHON SSL SSSD
OPTIONS_DEFAULT= AUDIT PAM SSL
OPTIONS_RADIO= KERBEROS
OPTIONS_RADIO_KERBEROS= GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
OPTIONS_SUB= yes
AUDIT_DESC= Enable BSM audit support
DISABLE_AUTH_DESC= Do not require authentication by default
DISABLE_ROOT_SUDO_DESC= Do not allow root to run sudo
INSULTS_DESC= Enable insults on failures
KERBEROS_DESC= Enable Kerberos 5 authentication (no PAM support)
NOARGS_SHELL_DESC= Run a shell if no arguments are given
OPIE_DESC= Enable one-time passwords (no PAM support)
PYTHON_DESC= Enable python plugin support
SSL_DESC= Use OpenSSL TLS and SHA2 functions
SSSD_DESC= Enable SSSD backend support
AUDIT_CONFIGURE_WITH= bsm-audit
DISABLE_AUTH_CONFIGURE_ON= --disable-authentication
DISABLE_ROOT_SUDO_CONFIGURE_ON= --disable-root-sudo
GSSAPI_BASE_USES= gssapi
GSSAPI_BASE_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_HEIMDAL_USES= gssapi:heimdal
GSSAPI_HEIMDAL_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
GSSAPI_MIT_USES= gssapi:mit
GSSAPI_MIT_CONFIGURE_ON= --with-kerb5=${GSSAPIBASEDIR} ${GSSAPI_CONFIGURE_ARGS}
INSULTS_CONFIGURE_ON= --with-insults --with-all-insults
LDAP_USES= ldap
LDAP_CONFIGURE_ON= --with-ldap=${PREFIX} \
--with-ldap-conf-file=${PREFIX}/etc/${SUDO_LDAP_CONF}
NLS_USES= gettext
NLS_CONFIGURE_ENABLE= nls
NLS_CFLAGS= -I${LOCALBASE}/include
NLS_LDFLAGS= -L${LOCALBASE}/lib -lintl
NOARGS_SHELL_CONFIGURE_ENABLE= noargs-shell
OPIE_CONFIGURE_ON= --with-opie
PAM_PREVENTS= OPIE GSSAPI_BASE GSSAPI_HEIMDAL GSSAPI_MIT
PAM_PREVENTS_MSG= PAM cannot be combined with any other authentication plugin
PAM_CONFIGURE_ON= --with-pam
PYTHON_USES= python
PYTHON_CONFIGURE_ENABLE=python
SSL_USES= ssl
SSL_CONFIGURE_ON= --enable-openssl=${OPENSSLBASE}
SSSD_PREVENTS= GSSAPI_HEIMDAL
SSSD_PREVENTS_MSG= sssd requires MIT kerberos and it conflicts with heimdal
SSSD_RUN_DEPENDS= sssd:security/sssd
SSSD_CONFIGURE_ON= --with-sssd
LOGFAC?= authpriv
SUDO_LDAP_CONF?= ldap.conf
# This is intentionally not an option.
# SUDO_SECURE_PATH is a PATH string that will override the user's PATH.
# ex: make SUDO_SECURE_PATH="/sbin:/bin:/usr/sbin:/usr/bin"
.if defined(SUDO_SECURE_PATH)
CONFIGURE_ARGS+= --with-secure-path="${SUDO_SECURE_PATH}"
.endif
# This is intentionally not an option.
# SUDO_KERB5_INSTANCE is an optional instance string that will be appended
# to kerberos principals when to perform authentication. Common choices
# are "admin" and "sudo".
.if defined(SUDO_KERB5_INSTANCE)
CONFIGURE_ARGS+= --enable-kerb5-instance="${SUDO_KERB5_INSTANCE}"
.endif
.include <bsd.port.options.mk>
.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1400072
. if ${PORT_OPTIONS:MOPIE}
BUILD_DEPENDS+= opie>0:security/opie
RUN_DEPENDS+= opie>0:security/opie
. endif
.endif
.if ${ARCH} == "arm"
CONFIGURE_ARGS+= --disable-pie
.endif
post-patch:
@${REINPLACE_CMD} -E '/install-(binaries|noexec):/,/^$$/ \
s/\$$\(INSTALL\)/& ${STRIP}/;s/-b\~/-b ~/' \
${WRKSRC}/src/Makefile.in
post-install:
${INSTALL_DATA} ${FILESDIR}/pam.conf ${STAGEDIR}${PREFIX}/etc/pam.d/sudo.default
${MV} ${STAGEDIR}${PREFIX}/etc/sudo.conf ${STAGEDIR}${PREFIX}/etc/sudo.conf.sample
${MV} ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf ${STAGEDIR}${PREFIX}/etc/sudo_logsrvd.conf.sample
${RM} ${STAGEDIR}${PREFIX}/etc/sudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/cvtsudoers
${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/sudoreplay
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/sudo_intercept.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_logsrvd
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/sudo_sendlog
${STRIP_CMD} ${STAGEDIR}${PREFIX}/sbin/visudo
.for f in audit_json.so group_file.so libsudo_util.so sudoers.so system_group.so
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/${f}
.endfor
post-install-PYTHON-on:
${STRIP_CMD} ${STAGEDIR}${PREFIX}/libexec/sudo/python_plugin.so
.include <bsd.port.mk>

3
security/sudo/distinfo Normal file
View File

@ -0,0 +1,3 @@
TIMESTAMP = 1704004530
SHA256 (sudo-1.9.15p5.tar.gz) = 558d10b9a1991fb3b9fa7fa7b07ec4405b7aefb5b3cb0b0871dbc81e3a88e558
SIZE (sudo-1.9.15p5.tar.gz) = 5306611

16
security/sudo/files/pam.conf Normal file
View File

@ -0,0 +1,16 @@
# PAM configuration for the "sudo" service
#
# auth
auth include system
# account
account include system
# session
# XXX: pam_lastlog (used in system) causes users to appear as though
# they are no longer logged in in system logs.
session required pam_permit.so
# password
password include system

27
security/sudo/files/patch-plugins__sudoers__sudoers.in Normal file
View File

@ -0,0 +1,27 @@
--- plugins/sudoers/sudoers.in.orig 2021-12-04 23:28:43 UTC
+++ plugins/sudoers/sudoers.in
@@ -32,6 +32,14 @@
##
## Defaults specification
##
+## Uncomment if needed to preserve environmental variables related to the
+## FreeBSD pkg utility and fetch.
+# Defaults env_keep += "PKG_CACHEDIR PKG_DBDIR FTP_PASSIVE_MODE"
+##
+## Additionally uncomment if needed to preserve environmental variables
+## related to portupgrade
+# Defaults env_keep += "PORTSDIR PORTS_INDEX PORTS_DBDIR PACKAGES PKGTOOLS_CONF"
+##
## You may wish to keep some of the following environment variables
## when running commands via sudo.
##
@@ -91,6 +99,9 @@ root ALL=(ALL:ALL) ALL
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL:ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
+
+## Uncomment to show on password prompt which users' password is being expected
+# Defaults passprompt="%p's password:"
## Read drop-in files from @sysconfdir@/sudoers.d
@includedir @sysconfdir@/sudoers.d

28
security/sudo/files/patch-scripts_install-sh Normal file
View File

@ -0,0 +1,28 @@
--- scripts/install-sh.orig 2017-01-14 04:30:15 UTC
+++ scripts/install-sh
@@ -171,12 +171,6 @@ if ${DIRMODE} ; then
if [ ! -d "${DEST}" ] ; then
${MKDIR} "${DEST}" || exit 1
fi
- if ${CHOWNIT} ; then
- ${CHOWN} "${OWNER}" "${DEST}" || exit 1
- fi
- if ${CHGROUPIT} ; then
- ${CHGRP} "${GROUP}" "${DEST}" || exit 1
- fi
if ${CHMODIT} ; then
${CHMOD} "${MODE}" "${DEST}" || exit 1
fi
@@ -226,12 +220,6 @@ fi
## Strip and set the owner/mode.
if ${STRIPIT} ; then
${STRIP} "${DEST}" || exit 1
-fi
-if ${CHOWNIT} ; then
- ${CHOWN} "${OWNER}" "${DEST}" || exit 1
-fi
-if ${CHGROUPIT} ; then
- ${CHGRP} "${GROUP}" "${DEST}" || exit 1
fi
if ${CHMODIT} ; then
${CHMOD} "${MODE}" "${DEST}" || exit 1

6
security/sudo/pkg-descr Normal file
View File

@ -0,0 +1,6 @@
This is the CU version of sudo.
Sudo is a program designed to allow a sysadmin to give limited root
privileges to users and log root activity. The basic philosophy is to
give as few privileges as possible but still allow people to get their
work done.

142
security/sudo/pkg-plist Normal file
View File

@ -0,0 +1,142 @@
bin/cvtsudoers
bin/sudo
bin/sudoedit
bin/sudoreplay
@sample etc/pam.d/sudo.default etc/pam.d/sudo
@sample etc/sudo.conf.sample
@sample etc/sudo_logsrvd.conf.sample
@sample etc/sudoers.dist etc/sudoers
include/sudo_plugin.h
libexec/sudo/audit_json.so
libexec/sudo/group_file.so
libexec/sudo/libsudo_util.so
libexec/sudo/libsudo_util.so.0
libexec/sudo/libsudo_util.so.0.0.0
%%PYTHON%%libexec/sudo/python_plugin.so
libexec/sudo/sudo_intercept.so
libexec/sudo/sudo_noexec.so
libexec/sudo/sudoers.so
libexec/sudo/system_group.so
share/man/man1/cvtsudoers.1.gz
share/man/man5/sudo.conf.5.gz
share/man/man5/sudo_logsrv.proto.5.gz
share/man/man5/sudo_logsrvd.conf.5.gz
share/man/man5/sudo_plugin.5.gz
%%PYTHON%%share/man/man5/sudo_plugin_python.5.gz
share/man/man5/sudoers.5.gz
share/man/man5/sudoers_timestamp.5.gz
%%LDAP%%share/man/man5/sudoers.ldap.5.gz
share/man/man8/sudo.8.gz
share/man/man8/sudo_logsrvd.8.gz
share/man/man8/sudo_sendlog.8.gz
share/man/man8/sudoedit.8.gz
share/man/man8/sudoreplay.8.gz
share/man/man8/visudo.8.gz
sbin/visudo
sbin/sudo_logsrvd
sbin/sudo_sendlog
%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTING.md
%%PORTDOCS%%%%DOCSDIR%%/CONTRIBUTORS.md
%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
%%PORTDOCS%%%%DOCSDIR%%/HISTORY.md
%%PORTDOCS%%%%DOCSDIR%%/LICENSE.md
%%PORTDOCS%%%%DOCSDIR%%/NEWS
%%PORTDOCS%%%%DOCSDIR%%/README.md
%%PORTDOCS%%%%DOCSDIR%%/SECURITY.md
%%PORTDOCS%%%%DOCSDIR%%/TROUBLESHOOTING.md
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE.md
%%LDAP%%%%PORTDOCS%%%%DOCSDIR%%/README.LDAP.md
%%LDAP%%%%PORTDOCS%%%%DOCSDIR%%/schema.ActiveDirectory
%%LDAP%%%%PORTDOCS%%%%DOCSDIR%%/schema.OpenLDAP
%%LDAP%%%%PORTDOCS%%%%DOCSDIR%%/schema.iPlanet
%%LDAP%%%%PORTDOCS%%%%DOCSDIR%%/schema.olcSudo
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/cvtsudoers.conf
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/pam.conf
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/sudo.conf
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/sudo_logsrvd.conf
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/sudoers
%%PORTEXAMPLES%%%%EXAMPLESDIR%%/syslog.conf
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_approval_plugin.py
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_audit_plugin.py
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_conversation.py
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_debugging.py
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_group_plugin.py
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_io_plugin.py
%%PYTHON%%%%PORTEXAMPLES%%%%EXAMPLESDIR%%/example_policy_plugin.py
%%NLS%%share/locale/ast/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ast/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/ca/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ca/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/cs/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/cs/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/da/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/da/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/de/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/de/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/el/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/eo/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/eo/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/es/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/es/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/eu/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/eu/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/fa/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/fi/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/fi/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/fr/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/fr/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/fur/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/fur/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/gl/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/hr/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/hr/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/hu/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/hu/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/id/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/it/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/it/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/ja/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ja/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/ka/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ka/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/ko/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ko/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/lt/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/nb/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/nb/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/nl/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/nl/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/nn/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/pl/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/pl/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/pt/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/pt/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/pt_BR/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/pt_BR/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/ro/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ro/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/ru/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/ru/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/sk/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/sk/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/sl/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/sl/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/sq/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/sr/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/sr/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/sv/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/sv/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/tr/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/tr/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/uk/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/uk/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/vi/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/vi/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/zh_CN/LC_MESSAGES/sudoers.mo
%%NLS%%share/locale/zh_TW/LC_MESSAGES/sudo.mo
%%NLS%%share/locale/zh_TW/LC_MESSAGES/sudoers.mo
@dir etc/sudoers.d
@dir /var/db/sudo/lectured
@dir /var/db/sudo
@dir /var/run/sudo