pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Update nss-pam-ldap from 0.8.13 to 0.9.7.
Module Name: pkgsrc-wip
Committed By: Havard Eidnes <he%uninett.no@localhost>
Pushed By: he
Date: Fri Dec 9 18:16:40 2016 +0100
Changeset: a8958bfc8c8e64cf89f70577843a182db0bf493b
Modified Files:
nss-pam-ldapd/INSTALL.nss
nss-pam-ldapd/Makefile
nss-pam-ldapd/PLIST
nss-pam-ldapd/distinfo
nss-pam-ldapd/patches/patch-compat_getpeercred.c
nss-pam-ldapd/patches/patch-configure.ac
nss-pam-ldapd/patches/patch-nss_bsdnss.c
nss-pam-ldapd/patches/patch-pynslcd_Makefile.in
Added Files:
nss-pam-ldapd/patches/patch-Makefile.am
nss-pam-ldapd/patches/patch-Makefile.in
Log Message:
Update nss-pam-ldap from 0.8.13 to 0.9.7.
(The version sequence apparently goes 0.8.12 -> 0.9.0, with 0.8.13
as a maintenance release.)
Pkgsrc changes:
* Make sure the .so modules are installed unstripped, so that
they can actually be used (need symbol lookup for register functions).
* Replace python interpreter in a couple of installed scripts
* Point nslcd to config file in PKG_SYSCONFDIR, but install example
config in example directory.
Upstream changes:
changes from 0.9.6 to 0.9.7
---------------------------
* check existence of TLS certificate and key files on start-up
* fix password policy expiration handling when password was about to expire
(thanks Mathieu Baeumler for tracking this down)
* fix updating of shadowLastChange attribute when chasing referrals
(thanks Vasilis Tsiligiannis)
* add an pam_authc_ppolicy option to allows completely disabling ppolicy
handling (thanks Mathieu Baeumler)
* fix handling of nss_disable_enumeration (thanks Andrew W Elble for pointing
this out)
* display human readable password expiry messages (thanks Mathieu Baeumler)
* fix error when changing PAM user name (thanks #<9D>#<91>)
* support substring expressions ${var:offset:length} in attribute mapping
(thanks Giovanni Mascellani)
* also honor the ignorecase option in PAM
changes from 0.9.5 to 0.9.6
---------------------------
* fix a race condition in signal handling during start-up that would cause
nslcd to exit if a signal (such as SIGUSR1 that can be sent when network
status changes) is received
* fix signed integer overflow on 32bit systems when using objectSid (thanks
Geoffrey McRae)
* allow longer configuration values (thanks Jed Liu)
* add an nss_getgrent_skipmembers option to disable retrieving group members
to improve performance in specific environments
* add an nss_disable_enumeration option to disable full listing of all users
and groups to improve performance in specific environments (thanks Andrew
Elble)
* implement an innetgr function in the Solaris NSS module
changes from 0.9.4 to 0.9.5
---------------------------
* improve test suite (change IP range)
* handle situation better when server (or firewall) closed the connection
(thanks Tim Harder)
* make daemonising a little more robust and try to log more failures
* fix integer format strings (thanks Jianhai Luan and Patrick McLean)
* documentation updates (thanks Dalibor Pospí#il)
* fix range check for search access (thanks David Binderma)
* fix a bug in the NSS library when encountering IPv6 addresses in
the hosts map (thanks Mark R Bannister)
* allow configuring the name of the NSS and PAM modules (--with-module-name)
* adjust the Linux OOM (Out-Of-Memory) killer score to avoid killing nslcd
(thanks Patrick McLean)
* portability improvements (thanks Tim Rice)
changes from 0.9.3 to 0.9.4
---------------------------
* also handle password policy information on BIND failure (this makes it
possible to distinguish between a wrong password and an expired password)
* fix mapping the member attribute to an empty string
* any buffers that may have held passwords are cleared before the memory is
released
* increase buffer size for passwords to support extremely long passwords
(thanks ushi)
* increase buffer size for DN to support very long names or names with
non-ASCII characters
* log an error in almost all places where a defined buffer is not large
enough to hold the provided data instead of just (sometimes silently)
failing
* logging improvements (start-up problems, login failures)
* small improvement for Solaris
changes from 0.9.2 to 0.9.3
---------------------------
* make the dn2uid cache lifetime configurable with the cache configuration
option
* have the nslcd process only exit after the service is completely available
to avoid race conditions in the init script
* the nslcd daemon now properly daemonises (double fork)
* support mapping the member attribute to an empty string to disable the
functionality to do extra lookups for member DN to member uid translations
* implement deref control handling to request the LDAP server to dereference
group member attribute values to uid values
* support getting built-in groups from Active Directory (thanks Davy Defaud)
* fix for pwdLastSet attribute value handling (thanks Joshua Shire)
* fix a possible crash in the NSS module when retrieving large networks
entries (thanks Lukas Slebodnik)
* correct NSS h_errnop return value to indicate buffer too small (thanks
Nalin Dahyabhai)
* fix a bug with shadow values on 64-bit architectures
* automatically detect DragonFly as using the FreeBSD NSS interface (thanks
Francois Tigeot)
* add a build-time test to see if krb5 is thread-safe
* various minor bug fixes
changes from 0.9.1 to 0.9.2
---------------------------
* increase password value buffer size (by Bersl)
* avoid more broken pipe errors by using a low timeout when aborting reading
requested information from nslcd (thanks John Sullivan)
* only log broken pipe errors in debugging mode
* fix buffer overflow on interrupted read that is hard to trigger (thanks
John Sullivan)
* use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to avoid
clock adjustments errors (thanks John Sullivan)
* extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
calculations
* increase the maximum number of base statements per map to 31
* use larger nslcd send buffers to reduce the number of write operations in
nslcd and consequently the number of reads in the NSS and PAM modules
(thanks John Sullivan)
* also run invalidators after first successful search
* various clean-ups, portability improvements and fixes for compiler warnings
* import configure checks of Python modules
* provide a script for setting up slapd in a test environment, automatically
loaded with the required test data
* add script for evaluating test environment availability
* portability improvements in the test scripts and test environment
changes from 0.9.0 to 0.9.1
---------------------------
* rename the nscd_invalidate option to reconnect_invalidate and allow flushing
the nfsidmap cache with the new option
* implement an -n switch to not daemonise (by Caleb Callaway)
* nslcd will now return partial shadow information to non-root users to avoid
authorisation problems with setgid shadow authentication helpers with some
PAM stacks
* nslcd will now retry failing LDAP connections after receiving SIGUSR1
(SIGUSR1 could be sent after re-establishing a network connection)
* fix the way manual pages are installed in some situations
* the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
installed in {prefix}/share/nslcd-utils
* improve error and help output of the getent.ldap command
* documentation updates
* a number of tests were added and existing tests were extended
* fix for a potential, small memory leak in PAM module regarding temporary
saving of old password
* a large number of bug fixes and improvements in pynslcd
* hide passwords from the pynslcd debug output
* support start_tls, pam_password_prohibit_message, nss_initgroups_ignoreusers
and nss_min_uid in pynslcd
* fix rootpwmodpw handling in pynslcd
* complete a basic PAM implementation in pynslcd (some things such as shadow
attribute checking remain to be implemented)
* clean up the caching functionality in pynslcd (functionality is still
disabled)
changes from 0.8.12 to 0.9.0
----------------------------
* backwards incompatible change to the communications protocol between nslcd
and NSS and PAM modules to use network byte order to be able to work on
mixed endian multiarch systems
* netgroup lookups now makes a distinction between empty netgroups and
non-existing netgroups
* the PAM protocol is now more consistent (cleaner support for password
modification by root, have all request parameters in the same order and
limit the information returned from the call)
* request and handle password policy controls on LDAP authentication
* implement support for nested groups which can be enabled with the
nss_nested_groups option (thanks Steve Hill)
* add a log option to configure log level and logging to plain files
* add an nscd_invalidate option to invalidate the nscd cache after recovering
from LDAP connection problems (to clear any negative cache entries)
* allow trimming expressions with ${foo#bar} syntax in attribute mapping
expressions (thanks Thorsten Glaser)
* pynslcd supports trimming expressions with full shell glob matching
* support password modification in pynslcd
* support children search scope for systems that have it
* add a getent.ldap utility to perform nslcd queries bypassing the libc NSS
stack
* implement functionality for changing user information and provide a
chsh.ldap utility to allow users to change their login shell
* remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
tls_checkpeer options which have been replaced long ago
* allow names with one character in default validnames option and allow
parentheses (taken from Fedora packages)
* fall back to updating the lastChange attribute with the normal LDAP
connection
* dump full nslcd configuration at debug level on start-up
* export an _nss_ldap_version symbol in the NSS module to make finding version
mismatches easier (the NSS module version is logged from nslcd)
* documentation improvements
* update the coding style for the C source code to follow a more modern and
commonly used coding convention
* some parts of the code were refactored or rewritten to take into account the
changes within the software (e.g. configuration file handling, reduction in
the number of system calls for normal communication)
* numerous smaller fixes
* portability and robustness improvements to the tests
* implement lookup_netgroup and lookup_shadow test commands for systems that
cannot use getent to query these
* guess the value for --with-pam-seclib-dir configure option if it is not
specified
* temporary disable the caching functionality of pynslcd
* usability improvements in the pynslcd implementation
* various fixes for Solaris
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=a8958bfc8c8e64cf89f70577843a182db0bf493b
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
nss-pam-ldapd/INSTALL.nss | 4 +-
nss-pam-ldapd/Makefile | 15 +-
nss-pam-ldapd/PLIST | 32 +++-
nss-pam-ldapd/distinfo | 17 ++-
nss-pam-ldapd/patches/patch-Makefile.am | 27 ++++
nss-pam-ldapd/patches/patch-Makefile.in | 27 ++++
nss-pam-ldapd/patches/patch-compat_getpeercred.c | 49 ++----
nss-pam-ldapd/patches/patch-configure.ac | 44 +++---
nss-pam-ldapd/patches/patch-nss_bsdnss.c | 183 ++++++++++++-----------
nss-pam-ldapd/patches/patch-pynslcd_Makefile.in | 10 +-
10 files changed, 243 insertions(+), 165 deletions(-)
diffs:
diff --git a/nss-pam-ldapd/INSTALL.nss b/nss-pam-ldapd/INSTALL.nss
index 9d2f43a..87c6e31 100644
--- a/nss-pam-ldapd/INSTALL.nss
+++ b/nss-pam-ldapd/INSTALL.nss
@@ -2,5 +2,7 @@
case ${STAGE} in
POST-INSTALL)
- ${LN} -sf ${PREFIX}/lib/nss_ldap.so.0 /usr/lib ;;
+ ${LN} -sf ${PREFIX}/lib/nss_ldap.so.0 /usr/lib
+ ${LN} -sf ${PREFIX}/lib/security/pam_ldap.so /usr/lib/security
+ ;;
esac
diff --git a/nss-pam-ldapd/Makefile b/nss-pam-ldapd/Makefile
index a05510a..7310a31 100644
--- a/nss-pam-ldapd/Makefile
+++ b/nss-pam-ldapd/Makefile
@@ -1,10 +1,10 @@
# $NetBSD: Makefile,v 1.2 2012/12/13 18:20:29 ftigeot Exp $
-DISTNAME= nss-pam-ldapd-0.8.13
+DISTNAME= nss-pam-ldapd-0.9.7
CATEGORIES= databases
MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/
-MAINTAINER= ftigeot%wolfpond.org@localhost
+MAINTAINER= pkgsrc-users%NetBSD.org@localhost
HOMEPAGE= http://arthurdejong.org/nss-pam-ldapd/
COMMENT= LDAP client for nsswitch
LICENSE= gnu-lgpl-v2
@@ -23,7 +23,7 @@ PKG_GROUPS_VARS+= NSLCD_GROUP
USE_TOOLS+= autoconf
GNU_CONFIGURE= yes
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
-CONFIGURE_ARGS+= --with-ldap-conf-file=${EGDIR}/nslcd.conf
+CONFIGURE_ARGS+= --with-ldap-conf-file=${PKG_SYSCONFDIR}/nslcd.conf
CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE}
CONFIGURE_ARGS+= --with-nslcd-socket=${NSLCD_SOCKET}
CONFIGURE_ARGS+= --with-ldap-lib=openldap
@@ -33,6 +33,12 @@ CONFIGURE_ARGS+= --with-pam-seclib-dir=${PREFIX}/lib/security
CONFIGURE_ARGS+= --with-nss-flavour=freebsd
.endif
+REPLACE_PYTHON+= utils/chsh.py
+REPLACE_PYTHON+= utils/getent.py
+
+# Don't stip the .so objects, they will then be useless
+# e.g. because nss_module_register can't be looked up
+INSTALL_UNSTRIPPED= yes
FILES_SUBST+= PIDFILE=${NSLCD_PIDFILE}
@@ -46,7 +52,7 @@ NSLCD_PIDFILE?= ${VARDIR}/nslcd.pid
NSLCD_SOCKET?= ${VARDIR}/socket
BUILD_DEFS+= VARBASE NSLCD_PIDFILE NSLCD_SOCKET
-INSTALL_MAKE_FLAGS+= NSLCD_CONF_PATH=${EGDIR}/nslcd.conf
+INSTALL_MAKE_FLAGS+= NSLCD_CONF_PATH=${PKG_SYSCONFDIR}/nslcd.conf
# Install FreeBSD's nss_compat.c and later patch it
pre-patch:
@@ -107,5 +113,6 @@ SUBST_FILES.usergroup= nslcd.conf
SUBST_SED.usergroup= -e 's/^uid nslcd/uid ${NSLCD_USER}/'
SUBST_SED.usergroup+= -e 's/^gid nslcd/gid ${NSLCD_GROUP}/'
+.include "../../lang/python/application.mk"
.include "../../databases/openldap-client/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
diff --git a/nss-pam-ldapd/PLIST b/nss-pam-ldapd/PLIST
index 8553159..556f35f 100644
--- a/nss-pam-ldapd/PLIST
+++ b/nss-pam-ldapd/PLIST
@@ -1,9 +1,33 @@
-@comment $NetBSD: PLIST,v 1.2 2012/12/13 18:20:29 ftigeot Exp $
-lib/${NSS_LDAP_SONAME}
-lib/security/${PAM_LDAP_SONAME}
+@comment $NetBSD$
+bin/chsh.ldap
+bin/getent.ldap
+lib/nss_ldap.so.0
+lib/security/pam_ldap.so
+man/man1/chsh.ldap.1
+man/man1/getent.ldap.1
man/man5/nslcd.conf.5
man/man8/nslcd.8
man/man8/pam_ldap.8
sbin/nslcd
share/examples/nss-pam-ldapd/nslcd.conf
-share/examples/rc.d/nslcd
+share/nslcd-utils/chsh.py
+share/nslcd-utils/chsh.pyc
+share/nslcd-utils/chsh.pyo
+share/nslcd-utils/cmdline.py
+share/nslcd-utils/cmdline.pyc
+share/nslcd-utils/cmdline.pyo
+share/nslcd-utils/constants.py
+share/nslcd-utils/constants.pyc
+share/nslcd-utils/constants.pyo
+share/nslcd-utils/getent.py
+share/nslcd-utils/getent.pyc
+share/nslcd-utils/getent.pyo
+share/nslcd-utils/nslcd.py
+share/nslcd-utils/nslcd.pyc
+share/nslcd-utils/nslcd.pyo
+share/nslcd-utils/shells.py
+share/nslcd-utils/shells.pyc
+share/nslcd-utils/shells.pyo
+share/nslcd-utils/users.py
+share/nslcd-utils/users.pyc
+share/nslcd-utils/users.pyo
diff --git a/nss-pam-ldapd/distinfo b/nss-pam-ldapd/distinfo
index 3f017dc..c8ba3f7 100644
--- a/nss-pam-ldapd/distinfo
+++ b/nss-pam-ldapd/distinfo
@@ -1,11 +1,14 @@
$NetBSD: distinfo,v 1.1 2012/12/11 20:21:43 ftigeot Exp $
-SHA1 (nss-pam-ldapd-0.8.13.tar.gz) = 0567cfea104defabeacd88a3a3200b311b8071ec
-RMD160 (nss-pam-ldapd-0.8.13.tar.gz) = 74d2f7aad5961a6657119aaf7b12d87e28949bb0
-Size (nss-pam-ldapd-0.8.13.tar.gz) = 487295 bytes
-SHA1 (patch-compat_getpeercred.c) = b0469e0698e4cdd4cd82df5d215ffbaa2f8e614a
+SHA1 (nss-pam-ldapd-0.9.7.tar.gz) = 66bd9024d2dfa46097aa75cf144ff2b894073659
+RMD160 (nss-pam-ldapd-0.9.7.tar.gz) = 57a364d2fe0c8e88ab71a07b830ccd1ac97bdc14
+SHA512 (nss-pam-ldapd-0.9.7.tar.gz) = 2117262f41c4fc54987f9f663ed71126100420ecff391cc280e98d7864094db201a81a4ebf7e5634436982092be3c751971d8aee53e39c42a8572ab57b561284
+Size (nss-pam-ldapd-0.9.7.tar.gz) = 762743 bytes
+SHA1 (patch-Makefile.am) = 4ced568a0c1bf824be6dfaf3672dfcd33da6297c
+SHA1 (patch-Makefile.in) = 2deea5a0fff3ed05c0989210e5df783530d23ab1
+SHA1 (patch-compat_getpeercred.c) = cebcfb38f09d829ae3ab8640fd8ee7dbdb43672a
SHA1 (patch-compat_nss_compat.c) = 22857c0a0d7f6ae068982373f34448330e1b5840
SHA1 (patch-compat_nss_compat.h) = f31b2b1c43a9ccc6617fd283d62db7a0abd889c6
-SHA1 (patch-configure.ac) = 51db0b8f0670f103265df0988832caac5a034d60
-SHA1 (patch-nss_bsdnss.c) = 0a05447f224ed8cea64a09b24fc1d13acf345195
-SHA1 (patch-pynslcd_Makefile.in) = 36a3a45e78115436aa7305e46b1368f9e5762d7d
+SHA1 (patch-configure.ac) = 8300ed640f8ab8810b44807678eb8aac177ed95e
+SHA1 (patch-nss_bsdnss.c) = baf451c893a76d81b88e2563dbacba7ce24bde3b
+SHA1 (patch-pynslcd_Makefile.in) = 61f5f0e1c9e059e410fba1e28e914324381ebbf2
diff --git a/nss-pam-ldapd/patches/patch-Makefile.am b/nss-pam-ldapd/patches/patch-Makefile.am
new file mode 100644
index 0000000..5fc5167
--- /dev/null
+++ b/nss-pam-ldapd/patches/patch-Makefile.am
@@ -0,0 +1,27 @@
+$NetBSD$
+
+Install nslcd.conf in the example directory;
+pkgsrc handles making a copy in the pkgsrc config directory.
+
+--- Makefile.am.orig 2016-08-14 19:50:01.000000000 +0000
++++ Makefile.am
+@@ -52,14 +52,12 @@ NSLCD_CONF_PATH = @NSLCD_CONF_PATH@
+ install-data-local: install-nslcd_conf
+ uninstall-local: uninstall-nslcd_conf
+
+-# install a default configuration file if it is not already there
++# install an example config file for pkgsrc
++# pkgsrc handles making a copy in $(NSLCD_CONF_PATH)
+ install-nslcd_conf:
+- @if [ -f $(DESTDIR)$(NSLCD_CONF_PATH) ]; then \
+- echo "$(DESTDIR)$(NSLCD_CONF_PATH) already exists, install will not overwrite"; \
+- else \
+- $(mkinstalldirs) `dirname $(DESTDIR)$(NSLCD_CONF_PATH)`; \
+- $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH); \
+- fi
++ $(mkinstalldirs) $(DESTDIR)/$(PREFIX)/share/examples/nss-pam-ldapd
++ $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)/$(PREFIX)/share/examples/nss-pam-ldapd
++
+ uninstall-nslcd_conf:
+ -rm -f $(DESTDIR)$(NSLCD_CONF_PATH)
+
diff --git a/nss-pam-ldapd/patches/patch-Makefile.in b/nss-pam-ldapd/patches/patch-Makefile.in
new file mode 100644
index 0000000..981d9d8
--- /dev/null
+++ b/nss-pam-ldapd/patches/patch-Makefile.in
@@ -0,0 +1,27 @@
+$NetBSD$
+
+Install nslcd.conf in the example directory;
+pkgsrc handles making a copy in the pkgsrc config directory.
+
+--- Makefile.in.orig 2016-08-14 19:50:30.000000000 +0000
++++ Makefile.in
+@@ -860,14 +860,12 @@ uninstall-am: uninstall-local
+ install-data-local: install-nslcd_conf
+ uninstall-local: uninstall-nslcd_conf
+
+-# install a default configuration file if it is not already there
++# install an example config file for pkgsrc
++# pkgsrc handles making a copy in $(NSLCD_CONF_PATH)
+ install-nslcd_conf:
+- @if [ -f $(DESTDIR)$(NSLCD_CONF_PATH) ]; then \
+- echo "$(DESTDIR)$(NSLCD_CONF_PATH) already exists, install will not overwrite"; \
+- else \
+- $(mkinstalldirs) `dirname $(DESTDIR)$(NSLCD_CONF_PATH)`; \
+- $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH); \
+- fi
++ $(mkinstalldirs) $(DESTDIR)/$(PREFIX)/share/examples/nss-pam-ldapd
++ $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)/$(PREFIX)/share/examples/nss-pam-ldapd
++
+ uninstall-nslcd_conf:
+ -rm -f $(DESTDIR)$(NSLCD_CONF_PATH)
+
diff --git a/nss-pam-ldapd/patches/patch-compat_getpeercred.c b/nss-pam-ldapd/patches/patch-compat_getpeercred.c
index c0c701e..b371a8a 100644
--- a/nss-pam-ldapd/patches/patch-compat_getpeercred.c
+++ b/nss-pam-ldapd/patches/patch-compat_getpeercred.c
@@ -1,39 +1,22 @@
$NetBSD$
-Support getsockopt(LOCAL_PEEREID) call.
-The emulation using getpeereid() is completely broken.
+The emulation using getpeereid() is completely broken, fix it.
---- compat/getpeercred.c.orig 2011-10-12 22:55:25.000000000 +0200
-+++ compat/getpeercred.c 2013-12-06 12:02:46.000000000 +0100
-@@ -75,6 +75,17 @@
- if (gid!=NULL) *gid=cred.cr_gid;
- if (pid!=NULL) *pid=(pid_t)-1;
- return 0;
-+#elif defined(LOCAL_PEEREID)
-+ socklen_t l;
-+ struct unpcbid pcbid;
-+ l=(socklen_t)sizeof(struct unpcbid);
-+ if (getsockopt(sock,0,LOCAL_PEEREID,&pcbid,&l) < 0)
-+ return -1; /* errno already set */
-+ /* return the data */
-+ if (uid!=NULL) *uid=pcbid.unp_euid;
-+ if (gid!=NULL) *gid=pcbid.unp_egid;
-+ if (pid!=NULL) *pid=pcbid.unp_pid;
-+ return 0;
- #elif defined(HAVE_GETPEERUCRED)
- ucred_t *cred=NULL;
- if (getpeerucred(sock,&cred))
-@@ -90,12 +101,10 @@
- uid_t tuid;
- gid_t tgid;
- if (uid==NULL) uid=&tuid;
-- if (gid==NULL) gid=&tguid;
-+ if (gid==NULL) gid=&tgid;
- if (getpeereid(sock,uid,gid))
+--- compat/getpeercred.c.orig 2016-06-09 06:30:23.000000000 +0000
++++ compat/getpeercred.c
+@@ -101,14 +101,10 @@ int getpeercred(int sock, uid_t *uid, gi
+ if (uid == NULL)
+ uid = &tuid;
+ if (gid == NULL)
+- gid = &tguid;
++ gid = &tgid;
+ if (getpeereid(sock, uid, gid))
return -1;
/* return the data */
-- if (uid!=NULL) *uid=cred.uid;
-- if (gid!=NULL) *gid=cred.gid;
- if (pid!=NULL) *pid=-1; /* we return a -1 pid because we have no usable pid */
+- if (uid != NULL)
+- *uid = cred.uid;
+- if (gid != NULL)
+- *gid = cred.gid;
+ if (pid != NULL)
+ *pid = -1; /* we return a -1 pid because we have no usable pid */
return 0;
- #else
diff --git a/nss-pam-ldapd/patches/patch-configure.ac b/nss-pam-ldapd/patches/patch-configure.ac
index 03cacce..d848f76 100644
--- a/nss-pam-ldapd/patches/patch-configure.ac
+++ b/nss-pam-ldapd/patches/patch-configure.ac
@@ -1,24 +1,24 @@
-$NetBSD: patch-configure.ac,v 1.1 2012/12/13 18:20:29 ftigeot Exp $
+$NetBSD$
-DragonFly uses the same libc interface as FreeBSD.
+Avoid test ==
---- configure.ac.orig 2012-11-18 20:02:03.000000000 +0000
-+++ configure.ac
-@@ -235,7 +235,7 @@ if test "x$NSS_LDAP_SONAME" = "xauto"
- then
- case "$target_os" in
- solaris*) NSS_LDAP_SONAME="nss_ldap.so.1" ;;
-- freebsd*) NSS_LDAP_SONAME="nss_ldap.so.1" ;;
-+ freebsd*|dragonfly*) NSS_LDAP_SONAME="nss_ldap.so.1" ;;
- *) NSS_LDAP_SONAME="libnss_ldap.so.2" ;;
- esac
- fi
-@@ -435,7 +435,7 @@ then
- # do the guessing game
- case "$target_os" in
- solaris*) with_nss_flavour=solaris ;;
-- freebsd*) with_nss_flavour=freebsd ;;
-+ freebsd*|dragonfly*) with_nss_flavour=freebsd ;;
- *) with_nss_flavour=glibc ;;
- esac
- fi
+--- configure.ac.orig 2016-08-14 21:50:01.000000000 +0200
++++ configure.ac 2016-12-09 13:20:41.000000000 +0100
+@@ -821,7 +821,7 @@
+ AC_CHECK_FUNCS(krb5_is_thread_safe)
+
+ # see if krb5 is thread safe
+- if test "x$ac_cv_func_krb5_is_thread_safe" == "xyes"
++ if test "x$ac_cv_func_krb5_is_thread_safe" = "xyes"
+ then
+ AC_CACHE_CHECK(
+ [krb5 thread safety],
+@@ -836,7 +836,7 @@
+ [nslcd_cv_krb5_is_thread_safe=yes],
+ [nslcd_cv_krb5_is_thread_safe=no],
+ [nslcd_cv_krb5_is_thread_safe=unknown])])
+- if test "x$nslcd_cv_krb5_is_thread_safe" == "xno"
++ if test "x$nslcd_cv_krb5_is_thread_safe" = "xno"
+ then
+ AC_MSG_WARN([krb5 is NOT thread safe])
+ fi
diff --git a/nss-pam-ldapd/patches/patch-nss_bsdnss.c b/nss-pam-ldapd/patches/patch-nss_bsdnss.c
index 911ab7e..d7420d1 100644
--- a/nss-pam-ldapd/patches/patch-nss_bsdnss.c
+++ b/nss-pam-ldapd/patches/patch-nss_bsdnss.c
@@ -5,7 +5,7 @@ It also need non-_r variants.
--- nss/bsdnss.c.orig 2012-05-18 15:34:22.000000000 +0200
+++ nss/bsdnss.c 2013-12-03 17:18:50.000000000 +0100
-@@ -40,108 +40,106 @@
+@@ -40,111 +40,110 @@
NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
@@ -30,53 +30,57 @@ It also need non-_r variants.
-NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
- static ns_mtab methods[]={
- { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
- { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
- { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
-+ { NSDB_GROUP, "getgrent", __nss_compat_getgrent, _nss_ldap_getgrent_r },
- { NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
- { NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
+ static ns_mtab methods[] = {
+ { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, (void *)NSS_NAME(getgrnam_r) },
+ { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, (void *)NSS_NAME(getgrgid_r) },
+ { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, (void *)NSS_NAME(getgrent_r) },
++ { NSDB_GROUP, "getgrent", __nss_compat_getgrent, (void *)NSS_NAME(getgrent_r) },
+ { NSDB_GROUP, "setgrent", __nss_compat_setgrent, (void *)NSS_NAME(setgrent) },
+ { NSDB_GROUP, "endgrent", __nss_compat_endgrent, (void *)NSS_NAME(endgrent) },
- { NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
-+ { NSDB_GROUP, "getgrnam", __nss_compat_getgrnam, _nss_ldap_getgrnam_r },
-+ { NSDB_GROUP, "getgrgid", __nss_compat_getgrgid, _nss_ldap_getgrgid_r },
++ { NSDB_GROUP, "getgrnam", __nss_compat_getgrnam, (void *)NSS_NAME(getgrnam_r) },
++ { NSDB_GROUP, "getgrgid", __nss_compat_getgrgid, (void *)NSS_NAME(getgrgid_r) },
+ { NSDB_GROUP, "getgroupmembership", __netbsd_getgroupmembership, NULL },
- { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
- { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
- { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
-+ { NSDB_PASSWD, "getpwent", __nss_compat_getpwent, _nss_ldap_getpwent_r },
- { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
- { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
-+ { NSDB_PASSWD, "getpwnam", __nss_compat_getpwnam, _nss_ldap_getpwnam_r },
-+ { NSDB_PASSWD, "getpwuid", __nss_compat_getpwuid, _nss_ldap_getpwuid_r },
+ { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, (void *)NSS_NAME(getpwnam_r) },
+ { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, (void *)NSS_NAME(getpwuid_r) },
+ { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, (void *)NSS_NAME(getpwent_r) },
++ { NSDB_PASSWD, "getpwent", __nss_compat_getpwent, (void *)NSS_NAME(getpwent_r) },
+ { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, (void *)NSS_NAME(setpwent) },
+ { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, (void *)NSS_NAME(endpwent) },
++ { NSDB_PASSWD, "getpwnam", __nss_compat_getpwnam, (void *)NSS_NAME(getpwnam_r) },
++ { NSDB_PASSWD, "getpwuid", __nss_compat_getpwuid, (void *)NSS_NAME(getpwuid_r) },
- { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
- { NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
-- { NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
+ { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, (void *)NSS_NAME(gethostbyname_r) },
+ { NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, (void *)NSS_NAME(gethostbyaddr_r) },
+- { NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, (void *)NSS_NAME(gethostbyname2_r) },
- { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
- { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
- { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
-+ { NSDB_GROUP_COMPAT, "getgrent", __nss_compat_getgrent, _nss_ldap_getgrent_r },
- { NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
- { NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
-+ { NSDB_GROUP_COMPAT, "getgrnam", __nss_compat_getgrnam, _nss_ldap_getgrnam_r },
-+ { NSDB_GROUP_COMPAT, "getgrgid", __nss_compat_getgrgid, _nss_ldap_getgrgid_r },
+ { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, (void *)NSS_NAME(getgrnam_r) },
+ { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, (void *)NSS_NAME(getgrgid_r) },
+ { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, (void *)NSS_NAME(getgrent_r) },
++ { NSDB_GROUP_COMPAT, "getgrent", __nss_compat_getgrent, (void *)NSS_NAME(getgrent_r) },
+ { NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, (void *)NSS_NAME(setgrent) },
+ { NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, (void *)NSS_NAME(endgrent) },
++ { NSDB_GROUP_COMPAT, "getgrnam", __nss_compat_getgrnam, (void *)NSS_NAME(getgrnam_r) },
++ { NSDB_GROUP_COMPAT, "getgrgid", __nss_compat_getgrgid, (void *)NSS_NAME(getgrgid_r) },
- { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
- { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
- { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
-+ { NSDB_PASSWD_COMPAT, "getpwent", __nss_compat_getpwent, _nss_ldap_getpwent_r },
- { NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
- { NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
-+ { NSDB_PASSWD_COMPAT, "getpwnam", __nss_compat_getpwnam, _nss_ldap_getpwnam_r },
-+ { NSDB_PASSWD_COMPAT, "getpwuid", __nss_compat_getpwuid, _nss_ldap_getpwuid_r },
+ { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, (void *)NSS_NAME(getpwnam_r) },
+ { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, (void *)NSS_NAME(getpwuid_r) },
+ { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, (void *)NSS_NAME(getpwent_r) },
++ { NSDB_PASSWD_COMPAT, "getpwent", __nss_compat_getpwent, (void *)NSS_NAME(getpwent_r) },
+ { NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, (void *)NSS_NAME(setpwent) },
+ { NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, (void *)NSS_NAME(endpwent) },
++ { NSDB_PASSWD_COMPAT, "getpwnam", __nss_compat_getpwnam, (void *)NSS_NAME(getpwnam_r) },
++ { NSDB_PASSWD_COMPAT, "getpwuid", __nss_compat_getpwuid, (void *)NSS_NAME(getpwuid_r) },
++
};
--int __nss_compat_gethostbyname(void *retval,void *mdata,va_list ap)
+ typedef nss_status_t (*gethbn_t)(const char *, struct hostent *, char *, size_t, int *, int *);
+ typedef nss_status_t (*gethba_t)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
+
+-int __nss_compat_gethostbyname(void UNUSED(*retval), void *mdata, va_list ap)
-{
-- nss_status_t (*fn)(const char *,struct hostent *,char *,size_t,int *,int *);
+- gethbn_t fn;
- const char *name;
- struct hostent *result;
- char buffer[BUFFER_SIZE];
@@ -84,23 +88,23 @@ It also need non-_r variants.
- int h_errnop;
- int af;
- nss_status_t status;
-- fn=mdata;
-- name=va_arg(ap,const char*);
-- af=va_arg(ap,int);
-- result=va_arg(ap,struct hostent *);
-- status=fn(name,result,buffer,sizeof(buffer),&errnop,&h_errnop);
-- status=__nss_compat_result(status,errnop);
-- h_errno=h_errnop;
-- return (status);
+- fn = (gethbn_t)mdata;
+- name = va_arg(ap, const char *);
+- af = va_arg(ap, int);
+- result = va_arg(ap, struct hostent *);
+- status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
+- status = __nss_compat_result(status, errnop);
+- h_errno = h_errnop;
+- return status;
-}
+#ifdef __NetBSD__
+#include <compat/nss_compat.c>
+#endif
--int __nss_compat_gethostbyname2(void *retval,void *mdata,va_list ap)
-+int __nss_compat_gethostbyname(void *cbrv,void *cbdata,va_list ap)
+-int __nss_compat_gethostbyname2(void UNUSED(*retval), void *mdata, va_list ap)
++int __nss_compat_gethostbyname(void UNUSED(*cbrv), void *cbdata, va_list ap)
{
- nss_status_t (*fn)(const char *,struct hostent *,char *,size_t,int *,int *);
+ gethbn_t fn;
const char *name;
- struct hostent *result;
+ int namelen;
@@ -109,22 +113,23 @@ It also need non-_r variants.
int h_errnop;
int af;
nss_status_t status;
-- fn=mdata;
-+ fn=cbdata;
- name=va_arg(ap,const char*);
+- fn = (gethbn_t)mdata;
++ fn = (gethbn_t)cbdata;
+ name = va_arg(ap, const char *);
+ namelen=va_arg(ap,int);
- af=va_arg(ap,int);
-- result=va_arg(ap,struct hostent *);
-- status=fn(name,result,buffer,sizeof(buffer),&errnop,&h_errnop);
-+ status=fn(name,(struct hostent *)cbrv,buffer,sizeof(buffer),&errnop,&h_errnop);
- status=__nss_compat_result(status,errnop);
- h_errno=h_errnop;
- return (status);
+ af = va_arg(ap, int);
+- result = va_arg(ap, struct hostent *);
+- status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++ status = fn(name, (struct hostent *)cbrv, buffer, sizeof(buffer), &errnop, &h_errnop);
+ status = __nss_compat_result(status, errnop);
+ h_errno = h_errnop;
+ return status;
}
--int __nss_compat_gethostbyaddr(void *retval,void *mdata,va_list ap)
-+int __nss_compat_gethostbyaddr(void *cbrv,void *cbdata,va_list ap)
+-int __nss_compat_gethostbyaddr(void UNUSED(*retval), void *mdata, va_list ap)
++int __nss_compat_gethostbyaddr(void UNUSED(*cbrv), void *cbdata, va_list ap)
{
+ gethba_t fn;
struct in_addr *addr;
- int len;
- int type;
@@ -134,27 +139,27 @@ It also need non-_r variants.
char buffer[BUFFER_SIZE];
int errnop;
int h_errnop;
- nss_status_t (*fn)(struct in_addr *,int,int,struct hostent *,char *,size_t,int *,int *);
nss_status_t status;
-- fn=mdata;
-+ fn=cbdata;
- addr=va_arg(ap,struct in_addr*);
-- len=va_arg(ap,int);
-- type=va_arg(ap,int);
-- result=va_arg(ap,struct hostent*);
-- status=fn(addr,len,type,result,buffer,sizeof(buffer),&errnop,&h_errnop);
-+ addrlen=va_arg(ap,int);
-+ af=va_arg(ap,int);
-+ status=fn(addr,addrlen,af,(struct hostent *)cbrv,buffer,sizeof(buffer),&errnop,&h_errnop);
- status=__nss_compat_result(status,errnop);
- h_errno=h_errnop;
- return (status);
-@@ -165,22 +163,26 @@
+- fn = (gethba_t)mdata;
++ fn = (gethba_t)cbdata;
+ addr = va_arg(ap, struct in_addr *);
+- len = va_arg(ap, int);
+- type = va_arg(ap, int);
+- result = va_arg(ap, struct hostent *);
+- status = fn(addr, len, type, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++ addrlen = va_arg(ap, int);
++ af = va_arg(ap, int);
++ status = fn(addr, addrlen, af, (struct hostent *)cbrv, buffer, sizeof(buffer), &errnop, &h_errnop);
+ status = __nss_compat_result(status, errnop);
+ h_errno = h_errnop;
+ return status;
+@@ -168,23 +167,27 @@ static int __gr_addgid(gid_t gid, gid_t
return ret;
}
--int __freebsd_getgroupmembership(void *retval,void *mdata,va_list ap)
-+int __netbsd_getgroupmembership(void *cbrv,void *cbdata,va_list ap)
+-int __freebsd_getgroupmembership(void UNUSED(*retval), void UNUSED(*mdata_),
++int __netbsd_getgroupmembership(void UNUSED(*cbrv), void UNUSED(*cbdata),
+ va_list ap)
{
int err;
nss_status_t s;
@@ -163,17 +168,17 @@ It also need non-_r variants.
+ int *retval;
const char *user;
gid_t *groups;
- int maxgrp,*grpcnt;
+ int maxgrp, *grpcnt;
int i;
- long int lstart,lsize;
+ long int lstart, lsize;
+ (void)cbdata;
-+ retval=va_arg(ap,int *);
- user=va_arg(ap,const char *);
- group=va_arg(ap,gid_t);
- groups=va_arg(ap,gid_t *);
- maxgrp=va_arg(ap,int);
- grpcnt=va_arg(ap,int *);
++ retval = va_arg(ap, int *);
+ user = va_arg(ap, const char *);
+ group = va_arg(ap, gid_t);
+ groups = va_arg(ap, gid_t *);
+ maxgrp = va_arg(ap, int);
+ grpcnt = va_arg(ap, int *);
+ (void)retval;
- tmpgroups=malloc(maxgrp*sizeof(gid_t));
- if (tmpgroups==NULL)
+ tmpgroups = malloc(maxgrp * sizeof(gid_t));
+ if (tmpgroups == NULL)
return NSS_STATUS_UNAVAIL;
diff --git a/nss-pam-ldapd/patches/patch-pynslcd_Makefile.in b/nss-pam-ldapd/patches/patch-pynslcd_Makefile.in
index ef12d94..a5f2fbd 100644
--- a/nss-pam-ldapd/patches/patch-pynslcd_Makefile.in
+++ b/nss-pam-ldapd/patches/patch-pynslcd_Makefile.in
@@ -2,14 +2,14 @@ $NetBSD$
Install pynslcd's files into $libdir/pynslcd, not $datadir/pynslcd since .pyc/.pyo files are binary
---- pynslcd/Makefile.in.orig 2013-05-05 14:04:06.000000000 +0200
-+++ pynslcd/Makefile.in 2013-11-29 16:33:48.000000000 +0100
-@@ -249,7 +249,7 @@
+--- pynslcd/Makefile.in.orig 2016-08-14 19:50:30.000000000 +0000
++++ pynslcd/Makefile.in
+@@ -311,7 +311,7 @@ target_vendor = @target_vendor@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
-pynslcddir = $(datadir)/pynslcd
+pynslcddir = $(libdir)/pynslcd
pynslcd_PYTHON = pynslcd.py attmap.py cache.py cfg.py common.py expr.py \
- mypidfile.py tio.py \
- alias.py ether.py group.py host.py netgroup.py network.py \
+ mypidfile.py invalidator.py search.py tio.py \
+ config.py alias.py ether.py group.py host.py netgroup.py \
Home |
Main Index |
Thread Index |
Old Index