diff --git a/security/sssd2/Makefile b/security/sssd2/Makefile index c08fc5aad78d..825b1290b5ee 100644 --- a/security/sssd2/Makefile +++ b/security/sssd2/Makefile @@ -1,203 +1,202 @@ PORTNAME= sssd PORTVERSION= 2.9.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= security PKGNAMESUFFIX= -devel MAINTAINER= jhixson@FreeBSD.org COMMENT= System Security Services Daemon WWW= https://sssd.io/ LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING -BROKEN_FreeBSD_15= fails to compile: linker fails to resolve nss symbols CONFLICTS_INSTALL?= sssd* BUILD_DEPENDS= bash:shells/bash \ docbook-xsl>=1:textproc/docbook-xsl \ krb5>=1.20:security/krb5 \ p11-kit:security/p11-kit \ nsupdate:dns/bind-tools \ xmlcatalog:textproc/libxml2 \ xmlcatmgr:textproc/xmlcatmgr \ xsltproc:textproc/libxslt LIB_DIRS+= ${LOCALBASE}/lib ${LOCALBASE}/lib/sasl2 LIB_DEPENDS= libcares.so:dns/c-ares \ libcom_err.so:security/krb5 \ libcurl.so:ftp/curl \ libdbus-1.so:devel/dbus \ libdhash.so:devel/ding-libs \ libfido2.so:security/libfido2 \ libgssapi_krb5.so:security/krb5 \ libinotify.so:devel/libinotify \ libjansson.so:devel/jansson \ libjose.so:net/jose \ libkrb5.so:security/krb5 \ libldb.so:databases/ldb22 \ libndr-krb5pac.so:net/samba416 \ libndr-nbt.so:net/samba416 \ libndr-standard.so:net/samba416 \ libndr.so:net/samba416 \ libnfs.so:net/libnfs \ libnss3.so:security/nss \ libp11-kit.so:security/p11-kit \ libpcre2-posix.so:devel/pcre2 \ libplds4.so:devel/nspr \ libpopt.so:devel/popt \ libsamba-util.so:net/samba416 \ libsasl2.so:security/cyrus-sasl2 \ libsmbclient.so:net/samba416 \ libtalloc.so:devel/talloc \ libtdb.so:databases/tdb \ libtevent.so:devel/tevent \ libunistring.so:devel/libunistring \ libuuid.so:misc/e2fsprogs-libuuid RUN_DEPENDS= cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi \ sudo>0:security/sudo USES= autoreconf cpe gettext gmake gssapi:bootstrap,flags,mit iconv ldap \ libtool localbase:ldflags pathfix pkgconfig python:3.9+ shebangfix ssl USE_LDCONFIG= yes GNU_CONFIGURE= yes INSTALL_TARGET= install-strip CPE_VENDOR= fedoraproject DEBUG_FLAGS= -g STRIP= CONFIGURE_ARGS= --disable-dependency-tracking \ --datadir=${DATADIR} \ --docdir=${DOCSDIR} \ --localstatedir=/var \ --disable-silent-rules \ --disable-nls \ --disable-cifs-idmap-plugin \ --disable-valgrind \ --disable-systemtap \ --enable-pammoddir=${PREFIX}/lib \ --enable-ldb-version-check \ --enable-pac-responder \ --with-db-path=/var/db/sss/db \ --with-os=freebsd \ --with-plugin-path=${LOCALBASE}/lib/sssd \ --with-pubconf-path=/var/db/sss/pubconf \ --with-pid-path=/var/run \ --with-pipe-path=/var/run/sss/pipes \ --with-mcache-path=/var/db/sss/mc \ --with-environment-file=${LOCALBASE}/etc/sssd \ --with-init-dir=no \ --with-manpages \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ --with-krb5-plugin-path=${LOCALBASE}/lib/krb5/plugins/libkrb5 \ --with-krb5authdata-plugin-path=${LOCALBASE}/lib/krb5/plugins/authdata \ --with-krb5-conf=/etc/krb5.conf \ --without-python2-bindings \ --with-winbind-plugin-path=${LOCALBASE}/lib/samba4/modules/idmap \ --without-selinux \ --with-gpo-cache-path=/var/db/sss/gpo_cache \ --without-semanage \ --with-app-libs=${LOCALBASE}/lib/sssd/modules \ --without-autofs \ --with-files-provider \ --with-passkey \ --with-libsifp \ --without-libsifp \ --with-syslog=syslog \ --with-samba \ --without-nfsv4-idmapd-plugin \ --with-nfs-lib-path=${LOCALBASE}/lib \ --with-secrets-db-path=/var/lib/sss/secrets \ --with-kcm \ --with-oidc-child \ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \ --with-smb-idmap-interface-version=6 \ --without-libnl \ --with-nscd-conf=/etc/nscd.conf \ --with-python_prefix=${PREFIX} \ --with-unicode-lib=libunistring CFLAGS+= -fstack-protector-all CFLAGS+= -I${LOCALBASE}/include/samba4 LIBS+= -L${LOCALBASE}/lib \ -L${LOCALBASE}/lib/samba4/private \ -L${LOCALBASE}/lib/sasl2 \ -linotify -lintl KRB5_HOME= ${LOCALBASE} KRB5_CONFIG= ${LOCALBASE}/bin/krb5-config KRB5_CFLAGS= -I${LOCALBASE}/include KRB5_LIBS= -L${LOCALBAse}/lib -lkrb5 -lk5crypto -lcom_err GSSAPI_KRB5_CFLAGS= -I${LOCALBASE}/include GSSAPI_KRB5_LIBS= -L${LOCALBASE}/lib -lgssapi_krb5 -lkrb5 -lk5crypto -lcom_err LDFLAGS+= -lgssapi LDFLAGS_SL+= -lgssapi INCLUDES+= -I${LOCALBASE}/include CONFIGURE_ENV+= INCLUDES="${INCLUDES}" \ LDFLAGS_SL="${LDFLAGS_SL}" MAKE_ENV= MAKELEVEL=0 PLIST_SUB= PYTHON_VER=${PYTHON_VER} MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" SUB_FILES= pkg-message BINARY_ALIAS= python3=python${PYTHON_VER} SHEBANG_FILES= sbus_generate.sh.in \ src/tools/analyzer/sss_analyze \ src/tools/sss_obfuscate \ src/config/SSSDConfigTest.py \ src/tests/python-test.py \ src/tests/pysss-test.py \ src/tests/cwrap/cwrap_test_setup.sh \ src/tests/whitespace_test \ src/tests/pyhbac-test.py \ src/tests/multihost/data/memcachesize.py \ src/tests/double_semicolon_test \ src/tests/pysss_murmur-test.py \ scripts/release.sh \ contrib/git/pre-push \ contrib/ci/rpm-spec-builddeps \ contrib/ci/clean \ contrib/ci/valgrind-condense \ contrib/ci/run-multihost \ contrib/ci/run \ contrib/ci/get-matrix.py \ contrib/vagrant/bootstrap.sh \ contrib/fedora/make_srpm.sh USE_RC_SUBR= ${PORTNAME} USE_GITHUB=yes GH_ACCOUNT=sssd post-patch: @${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \ -e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \ ${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \ ${WRKSRC}/src/man/po/*.po || true @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ ${WRKSRC}/src/man/*xml || true @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c post-install: ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \ ${STAGEDIR}${ETCDIR}/sssd.conf.sample ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.conf \ ${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.service \ ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service ${LN} -sf libnss_sss.so.2 ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1 .include diff --git a/security/sssd2/files/bsdnss.c b/security/sssd2/files/bsdnss.c index 6a1152100c67..ee0592d3aea9 100644 --- a/security/sssd2/files/bsdnss.c +++ b/security/sssd2/files/bsdnss.c @@ -1,196 +1,198 @@ #include #include #include #include #include #include #include +NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); +NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); + +NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); + extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, size_t, int *); extern enum nss_status _nss_sss_setgrent(void); extern enum nss_status _nss_sss_endgrent(void); extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, size_t, int *); extern enum nss_status _nss_sss_setpwent(void); extern enum nss_status _nss_sss_endpwent(void); extern enum nss_status _nss_sss_gethostbyname_r(const char *name, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len, int type, struct hostent * result, char *buffer, size_t buflen, int *errnop, int *h_errnop); extern enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, gid_t *groups, int maxgrp, int *grpcnt); -NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); -NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); -NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); -NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); -NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); -NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); - -NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); -NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); -NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); -NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); -NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); - -NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); -NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); -NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); - static ns_mtab methods[] = { { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, -{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, { NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, { NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, { NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, { NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, -// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, -//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, -//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, +{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, +{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, +{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, { NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, { NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, { NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, { NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, +{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, + }; ns_mtab * nss_module_register(const char *source, unsigned int *mtabsize, nss_module_unregister_fn *unreg) { *mtabsize = sizeof(methods)/sizeof(methods[0]); *unreg = NULL; return (methods); } int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) { int (*fn)(const char *, gid_t, gid_t *, int, int *); const char *uname; gid_t agroup; gid_t *groups; int maxgrp; int *grpcnt; int errnop = 0; enum nss_status status; fn = mdata; uname = va_arg(ap, const char *); agroup = va_arg(ap, gid_t); groups = va_arg(ap, gid_t *); maxgrp = va_arg(ap, int); grpcnt = va_arg(ap, int *); status = fn(uname, agroup, groups, maxgrp, grpcnt); status = __nss_compat_result(status, errnop); return (status); } int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) { enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); const char *name; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; int af; enum nss_status status; fn = mdata; name = va_arg(ap, const char*); af = va_arg(ap,int); result = va_arg(ap,struct hostent *); status = fn(name, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) { enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); const char *name; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; int af; enum nss_status status; fn = mdata; name = va_arg(ap, const char*); af = va_arg(ap,int); result = va_arg(ap,struct hostent *); status = fn(name, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) { struct in_addr *addr; int len; int type; struct hostent *result; char buffer[1024]; size_t buflen = 1024; int errnop; int h_errnop; enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); enum nss_status status; fn = mdata; addr = va_arg(ap, struct in_addr*); len = va_arg(ap,int); type = va_arg(ap,int); result = va_arg(ap, struct hostent*); status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); status = __nss_compat_result(status,errnop); h_errno = h_errnop; return (status); } diff --git a/security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports b/security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports new file mode 100644 index 000000000000..df8fac78ac91 --- /dev/null +++ b/security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports @@ -0,0 +1,10 @@ +--- src/lib/certmap/sss_certmap.exports.orig 2024-01-12 12:05:40 UTC ++++ src/lib/certmap/sss_certmap.exports +@@ -2,7 +2,6 @@ SSS_CERTMAP_0.0 { + global: + sss_certmap_init; + sss_certmap_free_ctx; +- sss_certmap_err_msg; + sss_certmap_add_rule; + sss_certmap_match_cert; + sss_certmap_get_search_filter; diff --git a/security/sssd2/files/patch-src__sss_client__sss_nss.exports b/security/sssd2/files/patch-src__sss_client__sss_nss.exports index 29f97f8540b4..8fadc74c9bd0 100644 --- a/security/sssd2/files/patch-src__sss_client__sss_nss.exports +++ b/security/sssd2/files/patch-src__sss_client__sss_nss.exports @@ -1,35 +1,35 @@ ---- src/sss_client/sss_nss.exports.orig 2023-06-05 03:42:12 UTC +--- src/sss_client/sss_nss.exports.orig 2024-01-12 12:05:40 UTC +++ src/sss_client/sss_nss.exports @@ -3,6 +3,7 @@ EXPORTED { # public functions global: + nss_module_register; _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; @@ -14,7 +15,24 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; + _nss_sss_getgroupmembership; _nss_sss_initgroups_dyn; + -+ __nss_compat_getgrnam_r; -+ __nss_compat_getgrgid_r; -+ __nss_compat_getgrent_r; -+ __nss_compat_setgrent; -+ __nss_compat_endgrent; ++ #__nss_compat_getgrnam_r; ++ #__nss_compat_getgrgid_r; ++ #__nss_compat_getgrent_r; ++ #__nss_compat_setgrent; ++ #__nss_compat_endgrent; + -+ __nss_compat_getpwnam_r; -+ __nss_compat_getpwuid_r; -+ __nss_compat_getpwent_r; -+ __nss_compat_setpwent; -+ __nss_compat_endpwent; ++ #__nss_compat_getpwnam_r; ++ #__nss_compat_getpwuid_r; ++ #__nss_compat_getpwent_r; ++ #__nss_compat_setpwent; ++ #__nss_compat_endpwent; + -+ __nss_compat_gethostbyname; -+ __nss_compat_gethostbyname2; -+ __nss_compat_gethostbyaddr; ++ #__nss_compat_gethostbyname; ++ #__nss_compat_gethostbyname2; ++ #__nss_compat_gethostbyaddr; #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent;