diff --git a/net/nss-pam-ldapd/Makefile b/net/nss-pam-ldapd/Makefile index 04eec308d426..e747fc56680d 100644 --- a/net/nss-pam-ldapd/Makefile +++ b/net/nss-pam-ldapd/Makefile @@ -1,133 +1,132 @@ PORTNAME= nss-pam-ldapd -PORTVERSION= 0.9.12 -PORTREVISION= 2 +DISTVERSION= 0.9.13 CATEGORIES= net MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/ \ ZI MAINTAINER?= zi@FreeBSD.org COMMENT?= Advanced fork of nss_ldap -WWW= https://arthurdejong.org/nss-pam-ldapd/ +WWW= https://arthurdejong.org/nss-pam-ldapd/ LICENSE= LGPL21 LGPL3 LICENSE_COMB= dual USES= cpe ldap CPE_VENDOR= arthurdejong GNU_CONFIGURE= yes GNU_CONFIGURE_MANPREFIX= ${PREFIX}/share USE_RC_SUBR= nslcd PAM_LDAP_SHMAJOR= 1 NSS_LDAP_SHMAJOR= 1 SUB_FILES+= pkg-message NSLCD_PIDFILE?= /var/run/nslcd.pid NSLCD_VARDIR?= /var/run/nslcd NSLCD_SOCKET?= ${NSLCD_VARDIR}/nslcd.ctl OPTIONS_DEFINE= KERBEROS LCLASS OPTIONS_DEFAULT= KERBEROS LCLASS_EXTRA_PATCHES= ${PATCHDIR}/lclass-patches LCLASS_DESC= Build with loginClass support .if defined(SLAVE_PORT) OPTIONS_DEFINE+= SASL OPTIONS_MULTI= MG1 OPTIONS_MULTI_MG1= PAM NSS PAM_DESC= Build pam_ldap NSS_DESC= Build nss support SASL_DESC= Build sasl support OPTIONS_DEFAULT+= PAM NSS CONFLICTS+= nss-pam-ldapd-[0-9]* .else OPTIONS_MULTI= MG1 OPTIONS_MULTI_MG1= PAM NSS PAM_DESC= Build pam_ldap NSS_DESC= Build nss support OPTIONS_DEFAULT+= PAM NSS CONFLICTS+= nss-pam-ldapd-sasl .endif USERS= nslcd GROUPS= nslcd .include CPPFLAGS+= -I${LOCALBASE}/include LDFLAGS+= -L${LOCALBASE}/lib CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE} \ --with-nslcd-socket=${NSLCD_SOCKET} \ --with-ldap-lib=openldap \ --with-nss-ldap-soname=nss_ldap.so.${NSS_LDAP_SHMAJOR} CONFIG_FILE= "nslcd.conf" CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/${CONFIG_FILE} PLIST_SUB+= CONFIG="${CONFIG_FILE}" \ PAM_LDAP_SHMAJOR="${PAM_LDAP_SHMAJOR}" \ NSS_LDAP_SHMAJOR="${NSS_LDAP_SHMAJOR}" SUB_LIST+= CONFIG_FILE="${PREFIX}/etc/${CONFIG_FILE}" \ NSLCD_PIDFILE="${NSLCD_PIDFILE}" \ NSLCD_VARDIR="${NSLCD_VARDIR}" \ USERS="${USERS}" GROUPS="${GROUPS}" .if empty(PORT_OPTIONS:MKERBEROS) CONFIGURE_ARGS+= --disable-kerberos .endif .if ${PORT_OPTIONS:MSASL} CONFIGURE_ARGS+= --enable-sasl .else CONFIGURE_ARGS+= --disable-sasl .endif .if ${PORT_OPTIONS:MPAM} CONFIGURE_ARGS+= --enable-pam \ --with-pam-seclib-dir=${PREFIX}/lib \ --with-pam-ldap-soname=pam_ldap.so.${PAM_LDAP_SHMAJOR} CONFLICTS+= pam_ldap-1.* PLIST_SUB+= PAM="" .else CONFIGURE_ARGS+= --disable-pam PLIST_SUB+= PAM="@comment " .endif .if ${PORT_OPTIONS:MNSS} CONFIGURE_ARGS+= --enable-nss CONFLICTS+= nss_ldap-1.* PLIST_SUB+= NSS="" SUB_LIST+= NSS_MESSAGE="WARNING: Be sure to set uid and gid configuration parameters to make nslcd run under unprivileged user." .else CONFIGURE_ARGS+= --disable-nss PLIST_SUB+= NSS="@comment " SUB_LIST+= NSS_MESSAGE="" .endif # Won't hook this in to OPTIONS until PADL ports are at least DEPRECATED. # It doesn't do the software any good to run as replacement for the PADL ports # without running the daemon. .if defined(WITHOUT_NSLCD) CONFIGURE_ARGS+= --disable-nslcd PLIST_SUB+= NSLCD="@comment " .else CONFIGURE_ARGS+= --enable-nslcd PLIST_SUB+= NSLCD="" .endif post-extract: @${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in post-configure: ${REINPLACE_CMD} -e 's/^\(CFLAGS.*\) \-O2 \(.*\)$$/\1 -O0 \2/' ${WRKSRC}/nss/Makefile post-install: .if ${PORT_OPTIONS:MNSS} @${LN} -fs nss_ldap.so.${NSS_LDAP_SHMAJOR} ${STAGEDIR}${PREFIX}/lib/nss_ldap.so .endif .if ${PORT_OPTIONS:MPAM} @${LN} -fs pam_ldap.so.${PAM_LDAP_SHMAJOR} ${STAGEDIR}${PREFIX}/lib/pam_ldap.so .endif .include diff --git a/net/nss-pam-ldapd/distinfo b/net/nss-pam-ldapd/distinfo index a276aed8191e..059ae1c23683 100644 --- a/net/nss-pam-ldapd/distinfo +++ b/net/nss-pam-ldapd/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1649433966 -SHA256 (nss-pam-ldapd-0.9.12.tar.gz) = c6d661e74693cbf531a790631ca93b73f291fb23cc39465b09deb8da2bfb0e14 -SIZE (nss-pam-ldapd-0.9.12.tar.gz) = 791983 +TIMESTAMP = 1744377192 +SHA256 (nss-pam-ldapd-0.9.13.tar.gz) = e01784e17cb533bb66bd0601e205e785263445c3c2df7a6f90232ab4131c716d +SIZE (nss-pam-ldapd-0.9.13.tar.gz) = 808355 diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c index b326d1830662..9227b3f718ca 100644 --- a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c +++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c @@ -1,18 +1,18 @@ ---- nslcd/attmap.c.orig 2019-11-02 16:23:45.000000000 +0100 -+++ nslcd/attmap.c 2023-05-29 19:22:02.233300000 +0200 -@@ -176,6 +176,7 @@ +--- nslcd/attmap.c.orig 2025-02-09 14:17:17 UTC ++++ nslcd/attmap.c +@@ -176,6 +176,7 @@ const char **attmap_get_var(enum ldap_map_selector map if (strcasecmp(name, "gecos") == 0) return &attmap_passwd_gecos; if (strcasecmp(name, "homeDirectory") == 0) return &attmap_passwd_homeDirectory; if (strcasecmp(name, "loginShell") == 0) return &attmap_passwd_loginShell; + if (strcasecmp(name, "loginClass") ==0) return &attmap_passwd_loginClass; } else if (map == LM_PROTOCOLS) { -@@ -230,6 +231,7 @@ +@@ -230,6 +231,7 @@ const char *attmap_set_mapping(const char **var, const (var != &attmap_shadow_shadowWarning) && (var != &attmap_shadow_shadowInactive) && (var != &attmap_shadow_shadowExpire) && + (var != &attmap_passwd_loginClass) && (var != &attmap_shadow_shadowFlag)) return NULL; /* the member attribute may only be set to an empty string */ diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h index 7100e2924193..fd6692d77031 100644 --- a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h +++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h @@ -1,10 +1,10 @@ ---- nslcd/attmap.h.orig 2021-11-15 20:40:49.000000000 +0100 -+++ nslcd/attmap.h 2023-05-29 19:22:02.233912000 +0200 -@@ -67,6 +67,7 @@ +--- nslcd/attmap.h.orig 2023-06-17 15:32:13 UTC ++++ nslcd/attmap.h +@@ -67,6 +67,7 @@ extern const char *attmap_shadow_shadowFlag; extern const char *attmap_shadow_shadowInactive; extern const char *attmap_shadow_shadowExpire; extern const char *attmap_shadow_shadowFlag; +extern const char *attmap_passwd_loginClass; /* return a reference to the map specific base variable */ const char **base_get_var(enum ldap_map_selector map); diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c index 1689f2afec2a..4bbca20e0d40 100644 --- a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c +++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c @@ -1,43 +1,43 @@ ---- nslcd/passwd.c.orig 2021-11-15 20:40:49.000000000 +0100 -+++ nslcd/passwd.c 2023-05-29 19:22:02.234797000 +0200 -@@ -63,6 +63,7 @@ +--- nslcd/passwd.c.orig 2025-02-09 14:17:17 UTC ++++ nslcd/passwd.c +@@ -63,6 +63,7 @@ const char *attmap_passwd_loginShell = "loginShell" const char *attmap_passwd_gecos = "\"${gecos:-$cn}\""; const char *attmap_passwd_homeDirectory = "homeDirectory"; const char *attmap_passwd_loginShell = "loginShell"; +const char *attmap_passwd_loginClass = "loginClass"; /* special properties for objectSid-based searches (these are already LDAP-escaped strings) */ -@@ -150,6 +151,7 @@ +@@ -150,6 +151,7 @@ void passwd_init(void) attmap_add_attributes(set, attmap_passwd_gecos); attmap_add_attributes(set, attmap_passwd_homeDirectory); attmap_add_attributes(set, attmap_passwd_loginShell); + attmap_add_attributes(set, attmap_passwd_loginClass); passwd_attrs = set_tolist(set); if (passwd_attrs == NULL) { -@@ -428,6 +430,7 @@ +@@ -436,6 +438,7 @@ static int write_passwd(TFILE *fp, MYLDAP_ENTRY *entry char gecos[1024]; char homedir[256]; char shell[64]; + char lclass[256]; char passbuffer[BUFLEN_PASSWORDHASH]; int i, j; /* get the usernames for this entry */ -@@ -541,6 +544,8 @@ +@@ -549,6 +552,8 @@ static int write_passwd(TFILE *fp, MYLDAP_ENTRY *entry myldap_get_dn(entry), attmap_passwd_homeDirectory); /* get the shell for this entry */ attmap_get_value(entry, attmap_passwd_loginShell, shell, sizeof(shell)); + /* get the login class for this entry */ + attmap_get_value(entry, attmap_passwd_loginClass, lclass, sizeof(lclass)); /* write the entries */ for (i = 0; usernames[i] != NULL; i++) { -@@ -565,6 +570,7 @@ +@@ -573,6 +578,7 @@ static int write_passwd(TFILE *fp, MYLDAP_ENTRY *entry WRITE_STRING(fp, gecos); WRITE_STRING(fp, homedir); WRITE_STRING(fp, shell); + WRITE_STRING(fp, lclass); } } } diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c b/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c index cad4bfffda85..77c9eb0b8f32 100644 --- a/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c +++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c @@ -1,13 +1,13 @@ ---- nss/passwd.c.orig 2019-11-02 16:23:46.000000000 +0100 -+++ nss/passwd.c 2023-05-29 19:22:02.235416000 +0200 -@@ -45,8 +45,8 @@ +--- nss/passwd.c.orig 2021-01-17 13:59:24 UTC ++++ nss/passwd.c +@@ -45,8 +45,8 @@ static nss_status_t read_passwd(TFILE *fp, struct pass READ_BUF_STRING(fp, result->pw_dir); READ_BUF_STRING(fp, result->pw_shell); #ifdef HAVE_STRUCT_PASSWD_PW_CLASS - /* set the user access class to an empty string */ - result->pw_class = result->pw_name + strlen(result->pw_name); + /* set the user access class to an empty string only if empty */ + READ_BUF_STRING(fp, result->pw_class); #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */ return NSS_STATUS_SUCCESS; } diff --git a/net/nss-pam-ldapd/files/patch-Makefile.in b/net/nss-pam-ldapd/files/patch-Makefile.in index c145d8e3a87c..f84afc72e27e 100644 --- a/net/nss-pam-ldapd/files/patch-Makefile.in +++ b/net/nss-pam-ldapd/files/patch-Makefile.in @@ -1,11 +1,11 @@ ---- Makefile.in.orig 2016-10-03 20:44:13 UTC +--- Makefile.in.orig 2025-04-11 13:22:51 UTC +++ Makefile.in -@@ -866,7 +866,7 @@ install-nslcd_conf: +@@ -883,7 +883,7 @@ install-nslcd_conf: echo "$(DESTDIR)$(NSLCD_CONF_PATH) already exists, install will not overwrite"; \ else \ $(mkinstalldirs) `dirname $(DESTDIR)$(NSLCD_CONF_PATH)`; \ - $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH); \ + $(INSTALL) -m 600 $(srcdir)/nslcd.conf $(DESTDIR)$(NSLCD_CONF_PATH).sample; \ fi uninstall-nslcd_conf: -rm -f $(DESTDIR)$(NSLCD_CONF_PATH) diff --git a/net/nss-pam-ldapd/files/patch-config.h.in b/net/nss-pam-ldapd/files/patch-config.h.in index e9ab0c2bf48b..a066ba722614 100644 --- a/net/nss-pam-ldapd/files/patch-config.h.in +++ b/net/nss-pam-ldapd/files/patch-config.h.in @@ -1,12 +1,12 @@ ---- config.h.in.orig 2022-10-10 21:16:40 UTC +--- config.h.in.orig 2025-02-09 15:13:15 UTC +++ config.h.in -@@ -30,6 +30,9 @@ - /* Define to 1 if you have the `clearenv' function. */ - #undef HAVE_CLEARENV +@@ -33,6 +33,9 @@ + /* Define to 1 if you have the 'closefrom' function. */ + #undef HAVE_CLOSEFROM +/* Define to 1 if you have the `closefrom' function. */ +#undef HAVE_CLOSEFROM + /* Define to 1 if you have the header file. */ #undef HAVE_CTYPE_H diff --git a/net/nss-pam-ldapd/files/patch-configure b/net/nss-pam-ldapd/files/patch-configure index d97e0366b1af..28c785b06c29 100644 --- a/net/nss-pam-ldapd/files/patch-configure +++ b/net/nss-pam-ldapd/files/patch-configure @@ -1,16 +1,16 @@ ---- configure.orig 2021-11-20 13:07:41 UTC +--- configure.orig 2025-02-09 15:13:16 UTC +++ configure -@@ -9684,6 +9684,13 @@ then : +@@ -9959,6 +9959,13 @@ fi fi + ac_fn_c_check_func "$LINENO" "closefrom" "ac_cv_func_closefrom" +if test "x$ac_cv_func_closefrom" = xyes +then : + printf "%s\n" "#define HAVE_CLOSEFROM 1" >>confdefs.h + +fi + # replace some functions if they are not on the system ac_fn_c_check_func "$LINENO" "getopt_long" "ac_cv_func_getopt_long" diff --git a/net/nss-pam-ldapd/files/patch-nslcd_daemonize.c b/net/nss-pam-ldapd/files/patch-nslcd_daemonize.c deleted file mode 100644 index 8a8901baaa80..000000000000 --- a/net/nss-pam-ldapd/files/patch-nslcd_daemonize.c +++ /dev/null @@ -1,33 +0,0 @@ ---- nslcd/daemonize.c.orig 2022-10-11 18:31:44 UTC -+++ nslcd/daemonize.c -@@ -1,7 +1,7 @@ - /* - daemoninze.c - functions for properly daemonising an application - -- Copyright (C) 2014-2015 Arthur de Jong -+ Copyright (C) 2014-2022 Arthur de Jong - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public -@@ -43,15 +43,19 @@ void daemonize_closefds(void) - - void daemonize_closefds(void) - { -- int i; - /* close all file descriptors (except stdin/out/err) */ -+#ifdef HAVE_CLOSEFROM -+ closefrom(3); -+#else -+ int i; - i = sysconf(_SC_OPEN_MAX) - 1; - /* if the system does not have OPEN_MAX just close the first 32 and - hope we closed enough */ - if (i < 0) - i = 32; -- for (; i > 3; i--) -+ for (; i > 2; i--) - close(i); -+#endif - } - - void daemonize_redirect_stdio(void) diff --git a/net/nss-pam-ldapd/files/patch-nslcd_invalidator.c b/net/nss-pam-ldapd/files/patch-nslcd_invalidator.c deleted file mode 100644 index c4bfe8ffe3e7..000000000000 --- a/net/nss-pam-ldapd/files/patch-nslcd_invalidator.c +++ /dev/null @@ -1,29 +0,0 @@ ---- nslcd/invalidator.c.orig 2021-11-15 19:40:49 UTC -+++ nslcd/invalidator.c -@@ -1,7 +1,7 @@ - /* - invalidator.c - functions for invalidating external caches - -- Copyright (C) 2013-2014 Arthur de Jong -+ Copyright (C) 2013-2022 Arthur de Jong - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public -@@ -97,6 +97,9 @@ static void exec_invalidate(const char *db) - { - case 0: /* we are the child */ - /* close all file descriptors */ -+#ifdef HAVE_CLOSEFROM -+ closefrom(0); -+#else - i = sysconf(_SC_OPEN_MAX) - 1; - /* if the system does not have OPEN_MAX just close the first 32 and - hope we have closed enough */ -@@ -104,6 +107,7 @@ static void exec_invalidate(const char *db) - i = 32; - for (; i >= 0; i--) - close(i); -+#endif - /* execute command */ - #ifdef HAVE_EXECVPE - execvpe(argv[0], argv, newenviron);