diff --git a/security/sssd2/Makefile b/security/sssd2/Makefile index 1de6974cdec5..f46bf6e8c971 100644 --- a/security/sssd2/Makefile +++ b/security/sssd2/Makefile @@ -1,166 +1,145 @@ PORTNAME= sssd -PORTVERSION= 2.9.6 -PORTREVISION= 6 +PORTVERSION= 2.12.0 CATEGORIES= security PKGNAMESUFFIX= 2 -MAINTAINER= jhixson@FreeBSD.org +MAINTAINER= arrowd@FreeBSD.org COMMENT= System Security Services Daemon WWW= https://sssd.io/ LICENSE= GPLv3+ LICENSE_FILE= ${WRKSRC}/COPYING -CONFLICTS_INSTALL?= sssd* - BUILD_DEPENDS= ${PY_SETUPTOOLS} \ bash:shells/bash \ docbook-xsl>=1:textproc/docbook-xsl \ p11-kit:security/p11-kit \ nsupdate:dns/bind-tools \ xmlcatalog:textproc/libxml2 \ xmlcatmgr:textproc/xmlcatmgr \ xsltproc:textproc/libxslt LIB_DEPENDS= libcares.so:dns/c-ares \ libcurl.so:ftp/curl \ libdbus-1.so:devel/dbus \ libdhash.so:devel/ding-libs \ libfido2.so:security/libfido2 \ libinotify.so:devel/libinotify \ libjansson.so:devel/jansson \ libjose.so:net/jose \ libldb.so:${SAMBA_LDB_PORT:U${SAMBA_PORT}} \ libndr-krb5pac.so:${SAMBA_PORT} \ libndr-nbt.so:${SAMBA_PORT} \ libndr-standard.so:${SAMBA_PORT} \ libndr.so:${SAMBA_PORT} \ libp11-kit.so:security/p11-kit \ libpcre2-8.so:devel/pcre2 \ libpopt.so:devel/popt \ libsamba-util.so:${SAMBA_PORT} \ libsasl2.so:security/cyrus-sasl2 \ libsmbclient.so:${SAMBA_PORT} \ libtalloc.so:${SAMBA_TALLOC_PORT} \ libtdb.so:${SAMBA_TDB_PORT} \ libtevent.so:${SAMBA_TEVENT_PORT} \ libunistring.so:devel/libunistring \ - libuuid.so:misc/libuuid + libuuid.so:misc/libuuid \ + libutf8proc.so:textproc/utf8proc RUN_DEPENDS= adcli:net-mgmt/adcli \ - cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi + cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi \ + nsupdate:dns/bind-tools USES= autoreconf cpe gettext gmake gssapi:flags,mit iconv ldap \ libtool localbase:ldflags pathfix pkgconfig python samba:env \ shebangfix ssl USE_LDCONFIG= yes GNU_CONFIGURE= yes INSTALL_TARGET= install-strip +TEST_TARGET= check + CPE_VENDOR= fedoraproject -CONFIGURE_ARGS= --disable-dependency-tracking \ - --datadir=${DATADIR} \ - --localstatedir=/var \ - --disable-nls \ - --disable-cifs-idmap-plugin \ - --disable-valgrind \ - --disable-systemtap \ +CONFIGURE_ARGS= --disable-cifs-idmap-plugin \ + --disable-linux-caps \ + --without-selinux \ + --without-autofs \ --enable-pammoddir=${PREFIX}/lib \ - --enable-ldb-version-check \ - --enable-pac-responder \ --with-db-path=/var/db/sss/db \ - --with-os=freebsd \ - --with-plugin-path=${LOCALBASE}/lib/sssd \ --with-pubconf-path=/var/db/sss/pubconf \ --with-pid-path=/var/run \ --with-pipe-path=/var/run/sss/pipes \ --with-mcache-path=/var/db/sss/mc \ --with-environment-file=${LOCALBASE}/etc/sssd \ - --with-init-dir=no \ - --with-manpages \ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \ --with-krb5-plugin-path=${LOCALBASE}/lib/krb5/plugins/libkrb5 \ --with-krb5authdata-plugin-path=${LOCALBASE}/lib/krb5/plugins/authdata \ --with-krb5-conf=/etc/krb5.conf \ - --without-python2-bindings \ --with-winbind-plugin-path=${SAMBA_IDMAP_MODULESDIR} \ - --without-selinux \ - --with-gpo-cache-path=/var/db/sss/gpo_cache \ - --without-semanage \ - --with-app-libs=${LOCALBASE}/lib/sssd/modules \ - --without-autofs \ - --with-files-provider \ + --with-gpo-cache-path=/var/db/sss/gpo_cache \ + --with-secrets-db-path=/var/lib/sss/secrets \ --with-passkey \ - --with-samba \ --without-nfsv4-idmapd-plugin \ - --with-secrets-db-path=/var/lib/sss/secrets \ - --with-kcm \ - --with-oidc-child \ --with-ldb-lib-dir=${SAMBA_LDB_MODULESDIR} \ - --with-smb-idmap-interface-version=6 \ - --without-libnl \ - --with-nscd-conf=/etc/nscd.conf \ - --with-python_prefix=${PREFIX} -CONFIGURE_ENV= KRB5_CONFIG="${KRB5CONFIG}" + --with-smb-idmap-interface-version=6 +CONFIGURE_ENV= KRB5_CONFIG="${KRB5CONFIG}" \ + SOFTHSM2_PATH=${LOCALBASE}/lib/softhsm/libsofthsm2.so -CPPFLAGS+= -DRENEWAL_PROG_PATH='\"${LOCALBASE}/sbin/adcli\"' -CFLAGS+= -fstack-protector-all -LIBS+= -linotify -lintl +CPPFLAGS= -DRENEWAL_PROG_PATH='\"${LOCALBASE}/sbin/adcli\"' +LIBS= -lintl PLIST_SUB= PYTHON_VER=${PYTHON_VER} \ SAMBA_IDMAP_MODULESDIR=${SAMBA_IDMAP_MODULESDIR} \ SAMBA_LDB_MODULESDIR=${SAMBA_LDB_MODULESDIR} -MAKE_ENV= MAKELEVEL=0 LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW" -SUB_FILES= pkg-message BINARY_ALIAS= python3=python${PYTHON_VER} -SHEBANG_FILES= sbus_generate.sh.in \ - src/tools/analyzer/sss_analyze \ +SHEBANG_FILES= src/tools/analyzer/sss_analyze \ src/tools/sss_obfuscate \ src/config/SSSDConfigTest.py \ src/tests/*.py \ - src/tests/cwrap/cwrap_test_setup.sh \ - src/tests/whitespace_test \ - src/tests/multihost/data/memcachesize.py \ src/tests/double_semicolon_test \ - scripts/release.sh \ - contrib/git/pre-push \ - contrib/ci/rpm-spec-builddeps \ - contrib/ci/clean \ - contrib/ci/valgrind-condense \ - contrib/ci/run-multihost \ - contrib/ci/run \ - contrib/ci/get-matrix.py \ - contrib/vagrant/bootstrap.sh \ - contrib/fedora/make_srpm.sh + src/tests/multihost/data/memcachesize.py \ + src/tests/whitespace_test \ + contrib/vagrant/bootstrap.sh USE_RC_SUBR= ${PORTNAME} -USE_GITHUB=yes -GH_ACCOUNT=sssd +USE_GITHUB= yes + +OPTIONS_DEFINE= NLS TEST +OPTIONS_SUB= yes + +NLS_CONFIGURE_ENABLE= nls + +TEST_BUILD_DEPENDS= cwrap>0:devel/cwrap \ + ${LOCALBASE}/lib/softhsm/libsofthsm2.so:security/softhsm2 +TEST_LIB_DEPENDS= libcheck.so:devel/check \ + libcmocka.so:sysutils/cmocka + +.include + +.if ${OPSYS} == FreeBSD && ${OSVERSION} >= 1500000 +CPPFLAGS+= -DHAVE_TIMEZONE=1 +.endif post-patch: @${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \ -e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \ - ${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \ ${WRKSRC}/src/man/po/*.po || true @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \ ${WRKSRC}/src/man/*xml || true - @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c post-install: ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \ ${STAGEDIR}${ETCDIR}/sssd.conf.sample - ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d - ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.conf \ - ${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf - ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services - ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.service \ - ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service ${LN} -sf libnss_sss.so.2 ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1 -.include +# Skip whitespace tests, see +# https://github.com/SSSD/sssd/commit/308bacbd22f2f5a483cb2cef098082b5f9625b8d +pre-test: + ${RM} -r ${WRKSRC}/.git + +.include diff --git a/security/sssd2/distinfo b/security/sssd2/distinfo index d2efe5d67d1d..ca0b11b87d5a 100644 --- a/security/sssd2/distinfo +++ b/security/sssd2/distinfo @@ -1,3 +1,3 @@ -TIMESTAMP = 1733536931 -SHA256 (sssd-sssd-2.9.6_GH0.tar.gz) = 8fc927fe9d627fdbe84b701c94a6b7e739127f48289bd466e18260a567f62244 -SIZE (sssd-sssd-2.9.6_GH0.tar.gz) = 6801499 +TIMESTAMP = 1768932724 +SHA256 (sssd-sssd-2.12.0_GH0.tar.gz) = 847b168c755808f77e7d13f3b9685fa7ee417e4a0e94be9734066382bc5c66b8 +SIZE (sssd-sssd-2.12.0_GH0.tar.gz) = 7309942 diff --git a/security/sssd2/files/patch-Makefile.am b/security/sssd2/files/patch-Makefile.am index d24159e25d97..27f20a4040d9 100644 --- a/security/sssd2/files/patch-Makefile.am +++ b/security/sssd2/files/patch-Makefile.am @@ -1,837 +1,19 @@ ---- Makefile.am.orig 2024-06-07 19:27:57 UTC +--- Makefile.am.orig 2026-01-21 16:48:09 UTC +++ Makefile.am -@@ -59,7 +59,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services +@@ -64,7 +64,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services krb5snippetsdir = $(sssddatadir)/krb5-snippets dbuspolicydir = $(datadir)/dbus-1/system.d dbusservicedir = $(datadir)/dbus-1/system-services -sss_statedir = $(localstatedir)/lib/sss +sss_statedir = $(localstatedir)/db/sss runstatedir = @runstatedir@ localedir = @localedir@ nsslibdir = @nsslibdir@ -@@ -642,6 +642,7 @@ SSSD_LIBS = \ - - SSSD_LIBS = \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(TEVENT_LIBS) \ - $(POPT_LIBS) \ - $(LDB_LIBS) \ -@@ -713,6 +714,7 @@ dist_noinst_HEADERS = \ - src/util/sss_ssh.h \ - src/util/sss_ini.h \ - src/util/sss_format.h \ -+ src/util/sss_bsd_errno.h \ - src/util/sss_pam_data.h \ - src/util/refcount.h \ - src/util/file_watch.h \ -@@ -1514,6 +1516,7 @@ sssd_LDADD = \ - $(SSSD_LIBS) \ - $(INOTIFY_LIBS) \ - $(LIBNL_LIBS) \ -+ $(LTLIBINTL) \ - $(KEYUTILS_LIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -1542,6 +1545,7 @@ sssd_nss_LDADD = \ - $(LIBADD_DL) \ - $(TDB_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - libsss_idmap.la \ - libsss_cert.la \ - $(SYSTEMD_DAEMON_LIBS) \ -@@ -1574,6 +1578,7 @@ sssd_pam_LDADD = \ - $(LIBADD_DL) \ - $(TDB_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SELINUX_LIBS) \ - $(PAM_LIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ -@@ -1595,6 +1600,7 @@ sssd_sudo_LDADD = \ - sssd_sudo_LDADD = \ - $(LIBADD_DL) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_iface.la \ -@@ -1610,6 +1616,7 @@ sssd_autofs_LDADD = \ - sssd_autofs_LDADD = \ - $(LIBADD_DL) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_iface.la \ -@@ -1630,6 +1637,7 @@ sssd_ssh_LDADD = \ - sssd_ssh_LDADD = \ - $(LIBADD_DL) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_cert.la \ -@@ -1653,6 +1661,7 @@ sssd_pac_LDADD = \ - $(NDR_KRB5PAC_LIBS) \ - $(TDB_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_idmap.la \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -1731,6 +1740,7 @@ sssd_ifp_LDADD = \ - sssd_ifp_LDADD = \ - $(LIBADD_DL) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_cert.la \ -@@ -1794,6 +1804,7 @@ sssd_kcm_LDADD = \ - $(LIBADD_DL) \ - $(KRB5_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(UUID_LIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -1844,6 +1855,7 @@ sssd_be_LDADD = \ - sssd_be_LDADD = \ - $(LIBADD_DL) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CARES_LIBS) \ - $(PAM_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -1905,6 +1917,7 @@ sss_signal_LDADD = \ - src/tools/common/sss_process.c - $(NULL) - sss_signal_LDADD = \ -+ $(LTLIBINTL) \ - libsss_debug.la \ - $(NULL) - -@@ -2142,6 +2155,7 @@ sysdb_tests_LDADD = \ - $(CHECK_CFLAGS) - sysdb_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2155,6 +2169,7 @@ sysdb_ssh_tests_LDADD = \ - $(CHECK_CFLAGS) - sysdb_ssh_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2167,6 +2182,7 @@ strtonum_tests_LDADD = \ - $(CHECK_CFLAGS) - strtonum_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - libsss_debug.la \ - libsss_test_common.la -@@ -2191,6 +2207,7 @@ krb5_utils_tests_LDADD = \ - $(CHECK_CFLAGS) - krb5_utils_tests_LDADD = \ - $(SSSD_LIBS)\ -+ $(LTLIBINTL) \ - $(CARES_LIBS) \ - $(KRB5_LIBS) \ - $(CHECK_LIBS) \ -@@ -2251,6 +2268,7 @@ resolv_tests_LDADD = \ - -DBUILD_TXT - resolv_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(CARES_LIBS) \ - libsss_debug.la \ -@@ -2264,6 +2282,7 @@ file_watch_tests_LDADD = \ - $(CHECK_CFLAGS) - file_watch_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(INOTIFY_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -2277,6 +2296,7 @@ refcount_tests_LDADD = \ - $(CHECK_CFLAGS) - refcount_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2290,6 +2310,7 @@ fail_over_tests_LDADD = \ - $(CHECK_CFLAGS) - fail_over_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(CARES_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -2321,6 +2342,7 @@ auth_tests_LDADD = \ - $(CHECK_CFLAGS) - auth_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2373,6 +2395,7 @@ util_tests_LDADD = \ - $(NULL) - util_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ -@@ -2385,6 +2408,7 @@ safe_format_tests_LDADD = \ - $(CHECK_CFLAGS) - safe_format_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2397,6 +2421,7 @@ debug_tests_LDADD = \ - $(CHECK_CFLAGS) - debug_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - libsss_debug.la - -@@ -2420,6 +2445,7 @@ ipa_hbac_tests_LDADD = \ - $(CHECK_CFLAGS) - ipa_hbac_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CHECK_LIBS) \ - libsss_test_common.la \ - libipa_hbac.la -@@ -2454,6 +2480,7 @@ responder_socket_access_tests_LDADD = \ - $(LIBADD_DL) \ - $(CHECK_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_test_common.la \ -@@ -2466,6 +2493,7 @@ stress_tests_LDADD = \ - src/tests/stress-tests.c - stress_tests_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la - - krb5_child_test_SOURCES = \ -@@ -2490,6 +2518,7 @@ krb5_child_test_LDADD = \ - $(CHECK_CFLAGS) - krb5_child_test_LDADD = \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(CARES_LIBS) \ - $(KRB5_LIBS) \ - $(CHECK_LIBS) \ -@@ -2507,6 +2536,7 @@ test_ssh_client_LDADD = \ - test_ssh_client_LDADD = \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(NULL) - - test_sbus_message_SOURCES = \ -@@ -2602,6 +2632,7 @@ nss_srv_tests_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_test_common.la \ -@@ -2650,6 +2681,7 @@ pam_srv_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(PAM_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(GSSAPI_KRB5_LIBS) \ -@@ -2693,6 +2725,7 @@ ssh_srv_tests_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_test_common.la \ -@@ -2717,6 +2750,7 @@ responder_get_domains_tests_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_test_common.la \ -@@ -2780,6 +2814,7 @@ test_negcache_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SYSTEMD_DAEMON_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ -@@ -2806,6 +2841,7 @@ test_authtok_LDADD = \ - $(CMOCKA_LIBS) \ - $(DHASH_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - libsss_debug.la \ - $(NULL) -@@ -2821,6 +2857,7 @@ test_prompt_config_LDADD = \ - test_prompt_config_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - libsss_debug.la \ - $(TALLOC_LIBS) \ - $(NULL) -@@ -2845,6 +2882,7 @@ deskprofile_utils_tests_LDADD = \ - deskprofile_utils_tests_CFLAGS = \ - $(AM_CFLAGS) - deskprofile_utils_tests_LDADD = \ -+ $(LTLIBINTL) \ - $(CMOCKA_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2868,6 +2906,7 @@ dyndns_tests_LDADD = \ - $(CARES_LIBS) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la - -@@ -2878,6 +2917,7 @@ domain_resolution_order_tests_LDADD = \ - $(AM_CFLAGS) - domain_resolution_order_tests_LDADD = \ - $(CMOCKA_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la - -@@ -2888,6 +2928,7 @@ fqnames_tests_LDADD = \ - fqnames_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la - -@@ -2907,6 +2948,7 @@ nestedgroups_tests_LDADD = \ - nestedgroups_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(OPENLDAP_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_idmap.la \ -@@ -2940,6 +2982,7 @@ test_ipa_idmap_LDADD = \ - test_ipa_idmap_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - libsss_idmap.la \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la -@@ -2962,6 +3005,7 @@ test_utils_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la - - test_search_bases_SOURCES = \ -@@ -2970,6 +3014,7 @@ test_search_bases_LDADD = \ - $(CMOCKA_LIBS) \ - $(TALLOC_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_ldap_common.la \ - libsss_test_common.la \ - libdlopen_test_providers.la \ -@@ -2984,6 +3029,7 @@ test_ldap_auth_LDADD = \ - test_ldap_auth_LDADD = \ - $(CMOCKA_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - libsss_ldap_common.la \ - libsss_test_common.la \ - libdlopen_test_providers.la \ -@@ -2997,6 +3043,7 @@ test_ldap_id_cleanup_LDADD = \ - test_ldap_id_cleanup_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(TEVENT_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -3014,6 +3061,7 @@ test_sdap_access_LDADD = \ - test_sdap_access_LDADD = \ - $(CMOCKA_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - libsss_ldap_common.la \ - libsss_test_common.la \ - libdlopen_test_providers.la \ -@@ -3033,6 +3081,7 @@ test_sdap_certmap_LDADD = \ - test_sdap_certmap_LDADD = \ - $(CMOCKA_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(POPT_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ -@@ -3044,6 +3093,7 @@ ad_access_filter_tests_LDADD = \ - ad_access_filter_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(TEVENT_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -@@ -3065,6 +3115,7 @@ ad_gpo_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(OPENLDAP_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(NDR_NBT_LIBS) \ - libsss_ldap_common.la \ -@@ -3102,6 +3153,7 @@ ad_common_tests_LDADD = \ - ad_common_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(KEYUTILS_LIBS) \ - $(NDR_NBT_LIBS) \ - $(NDR_KRB5PAC_LIBS) \ -@@ -3124,6 +3176,7 @@ dp_opt_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(TALLOC_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la - -@@ -3156,6 +3209,7 @@ sdap_tests_LDADD = \ - $(TALLOC_LIBS) \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(OPENLDAP_LIBS) \ - libsss_test_common.la \ -@@ -3176,6 +3230,7 @@ ifp_tests_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_test_common.la \ -@@ -3205,6 +3260,7 @@ sss_sifp_tests_LDADD = \ - $(TALLOC_LIBS) \ - $(DHASH_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) - endif # BUILD_LIBSIFP - endif # BUILD_IFP -@@ -3221,6 +3277,7 @@ test_sysdb_views_LDADD = \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3237,6 +3294,7 @@ test_sysdb_ts_cache_LDADD = \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3251,6 +3309,7 @@ test_sysdb_subdomains_LDADD = \ - $(CMOCKA_LIBS) \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ -@@ -3267,6 +3326,8 @@ test_sysdb_certmap_LDADD = \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3282,6 +3343,7 @@ test_sysdb_sudo_LDADD = \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3297,6 +3359,7 @@ test_sysdb_utils_LDADD = \ - $(LDB_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3328,6 +3391,7 @@ test_be_ptask_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3346,6 +3410,8 @@ test_copy_ccache_LDADD = \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ - $(KRB5_LIBS) \ -+ $(LTLIBINTL) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3400,6 +3466,7 @@ test_child_common_LDADD = \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ - $(DHASH_LIBS) \ -+ $(LTLIBINTL) \ - libsss_debug.la \ - libsss_test_common.la \ - $(NULL) -@@ -3419,6 +3486,7 @@ responder_cache_req_tests_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(SYSTEMD_DAEMON_LIBS) \ - libsss_test_common.la \ -@@ -3441,6 +3509,7 @@ test_resolv_fake_LDADD = \ - test_resolv_fake_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(CARES_LIBS) \ - $(DHASH_LIBS) \ -@@ -3464,6 +3533,7 @@ test_fo_srv_LDADD = \ - $(TALLOC_LIBS) \ - $(CARES_LIBS) \ - $(DHASH_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - $(NULL) -@@ -3485,6 +3555,7 @@ test_sdap_initgr_LDADD = \ - $(TEVENT_LIBS) \ - $(LDB_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_ldap_common.la \ - libsss_test_common.la \ - libdlopen_test_providers.la \ -@@ -3504,6 +3575,7 @@ test_ad_subdom_LDADD = \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_ldap_common.la \ - libsss_ad_tests.la \ - libsss_idmap.la \ -@@ -3527,6 +3599,7 @@ test_ipa_subdom_util_LDADD = \ - $(TALLOC_LIBS) \ - $(LDB_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3558,6 +3631,7 @@ test_ipa_subdom_server_LDADD = \ - $(KEYUTILS_LIBS) \ - $(KRB5_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_ldap_common.la \ - libsss_ad_tests.la \ - libsss_test_common.la \ -@@ -3579,6 +3653,7 @@ test_tools_colondb_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(POPT_LIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3595,6 +3670,7 @@ test_krb5_wait_queue_LDADD = \ - $(POPT_LIBS) \ - $(DHASH_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3615,6 +3691,7 @@ test_cert_utils_LDADD = \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ - $(CRYPTO_LIBS) \ -+ $(LTLIBINTL) \ - libsss_debug.la \ - libsss_test_common.la \ - libsss_cert.la \ -@@ -3641,6 +3718,7 @@ test_data_provider_be_LDADD = \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(LIBADD_DL) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - libdlopen_test_providers.la \ - libsss_iface.la \ -@@ -3670,6 +3748,7 @@ test_dp_request_LDADD = \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(LIBADD_DL) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - if BUILD_SYSTEMTAP -@@ -3696,6 +3775,7 @@ test_dp_builtin_LDADD = \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(LIBADD_DL) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3710,6 +3790,7 @@ test_ipa_dn_LDADD = \ - $(TEVENT_LIBS) \ - $(TALLOC_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3723,6 +3804,7 @@ test_iobuf_LDADD = \ - test_iobuf_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(NULL) - - test_confdb_SOURCES = \ -@@ -3737,6 +3819,7 @@ test_confdb_LDADD = \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3757,6 +3840,7 @@ simple_access_tests_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - libdlopen_test_providers.la \ - libsss_iface.la \ -@@ -3774,6 +3858,7 @@ krb5_common_test_LDADD = \ - $(CMOCKA_LIBS) \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ -+ $(LTLIBINTL) \ - libsss_krb5_common.la \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ -@@ -3794,6 +3879,7 @@ test_inotify_LDADD = \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(LIBADD_DL) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3812,6 +3898,7 @@ sss_certmap_test_LDADD = \ - $(TALLOC_LIBS) \ - $(SSS_CERT_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - libsss_certmap.la \ - $(NULL) -@@ -3832,6 +3919,7 @@ test_sssd_krb5_locator_plugin_LDADD = \ - $(POPT_LIBS) \ - $(TALLOC_LIBS) \ - $(KRB5_LIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3883,6 +3971,7 @@ test_passkey_LDADD = \ - test_passkey_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - $(LIBADD_DL) \ - $(PASSKEY_LIBS) \ -@@ -3910,6 +3999,7 @@ test_kcm_marshalling_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - $(NULL) - -@@ -3925,6 +4015,7 @@ test_kcm_queue_LDADD = \ - $(LIBADD_DL) \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_test_common.la \ - libsss_iface.la \ -@@ -3942,6 +4033,7 @@ test_krb5_idp_plugin_LDADD = \ - test_krb5_idp_plugin_LDADD = \ - $(CMOCKA_LIBS) \ - $(JANSSON_LIBS) \ -+ $(LTLIBINTL) \ - $(NULL) - - if BUILD_PASSKEY -@@ -3956,6 +4048,7 @@ test_krb5_passkey_plugin_LDADD = \ - test_krb5_passkey_plugin_LDADD = \ - $(CMOCKA_LIBS) \ - $(JANSSON_LIBS) \ -+ $(LTLIBINTL) \ - $(NULL) - endif # BUILD_PASSKEY - -@@ -3988,6 +4081,7 @@ test_kcm_renewals_LDADD = \ - $(CMOCKA_LIBS) \ - $(SSSD_LIBS) \ - $(SSSD_INTERNAL_LTLIBS) \ -+ $(LTLIBINTL) \ - libsss_test_common.la \ - libsss_iface.la \ - libsss_sbus.la \ -@@ -4029,6 +4123,7 @@ test_sssd_krb5_localauth_plugin_LDADD = \ - test_sssd_krb5_localauth_plugin_LDADD = \ - $(CMOCKA_LIBS) \ - $(KRB5_LIBS) \ -+ $(LTLIBINTL) \ - $(NULL) - endif - -@@ -4085,6 +4180,7 @@ libnss_sss_la_SOURCES = \ +@@ -4067,6 +4067,7 @@ libnss_sss_la_SOURCES = \ nsslib_LTLIBRARIES = libnss_sss.la libnss_sss_la_SOURCES = \ src/sss_client/common.c \ + src/sss_client/bsdnss.c \ src/sss_client/nss_passwd.c \ src/sss_client/nss_group.c \ src/sss_client/nss_netgroup.c \ -@@ -4314,6 +4411,7 @@ libsss_ldap_common_la_LIBADD = \ - $(OPENLDAP_LIBS) \ - $(DHASH_LIBS) \ - $(KRB5_LIBS) \ -+ $(LTLIBINTL) \ - libsss_krb5_common.la \ - libsss_idmap.la \ - libsss_certmap.la \ -@@ -4718,6 +4816,7 @@ ldap_child_LDADD = \ - $(KRB5_CFLAGS) - ldap_child_LDADD = \ - libsss_debug.la \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(POPT_LIBS) \ - $(DHASH_LIBS) \ -@@ -4764,6 +4863,7 @@ gpo_child_LDADD = \ - $(SMBCLIENT_CFLAGS) - gpo_child_LDADD = \ - libsss_debug.la \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(POPT_LIBS) \ - $(DHASH_LIBS) \ -@@ -4780,6 +4880,7 @@ proxy_child_LDADD = \ - proxy_child_LDADD = \ - $(PAM_LIBS) \ - $(SSSD_LIBS) \ -+ $(LTLIBINTL) \ - $(SSSD_INTERNAL_LTLIBS) \ - libsss_iface.la \ - libsss_sbus.la \ -@@ -4807,6 +4908,7 @@ p11_child_LDADD = \ - - p11_child_LDADD = \ - libsss_debug.la \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(DHASH_LIBS) \ - $(POPT_LIBS) \ -@@ -4834,6 +4936,7 @@ passkey_child_LDADD = \ - passkey_child_LDADD = \ - libsss_crypt.la \ - libsss_debug.la \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(DHASH_LIBS) \ - $(POPT_LIBS) \ -@@ -4862,6 +4965,7 @@ oidc_child_LDADD = \ - $(NULL) - oidc_child_LDADD = \ - libsss_debug.la \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(POPT_LIBS) \ - $(JANSSON_LIBS) \ -@@ -4880,6 +4984,7 @@ memberof_la_LIBADD = \ - $(NULL) - memberof_la_LIBADD = \ - libsss_debug.la \ -+ $(LTLIBINTL) \ - $(TALLOC_LIBS) \ - $(LDB_LIBS) \ - $(DHASH_LIBS) \ -@@ -4943,6 +5048,7 @@ sssd_krb5_idp_plugin_la_LIBADD = \ - $(KRB5_LIBS) \ - $(KRAD_LIBS) \ - $(JANSSON_LIBS) \ -+ $(LTLIBINTL) \ - $(NULL) - sssd_krb5_idp_plugin_la_LDFLAGS = \ - -avoid-version \ diff --git a/security/sssd2/files/patch-configure.ac b/security/sssd2/files/patch-configure.ac index d31c643970dd..3f3cecfbfc1d 100644 --- a/security/sssd2/files/patch-configure.ac +++ b/security/sssd2/files/patch-configure.ac @@ -1,11 +1,13 @@ ---- configure.ac.orig 2023-05-05 08:11:07 UTC +Can be removed in FreeBSD 15 + +--- configure.ac.orig 2025-06-24 10:24:24 UTC +++ configure.ac -@@ -46,8 +46,6 @@ AC_CONFIG_HEADER(config.h) - AC_CHECK_HEADERS([stdatomic.h],,AC_MSG_ERROR([C11 atomic types are not supported])) - AC_CONFIG_HEADER(config.h) +@@ -118,6 +118,8 @@ AC_CHECK_FUNC([timegm], [], [AC_MSG_ERROR([timegm() fu + # Check for the timegm() function (not part of POSIX / Open Group specs) + AC_CHECK_FUNC([timegm], [], [AC_MSG_ERROR([timegm() function not found])]) --AC_CHECK_TYPES([errno_t], [], [], [[#include ]]) -- - m4_include([src/build_macros.m4]) - BUILD_WITH_SHARED_BUILD_DIR ++AC_CHECK_FUNCS([clearenv]) ++ + # Check for endian headers + AC_CHECK_HEADERS([endian.h sys/endian.h byteswap.h]) diff --git a/security/sssd2/files/patch-src__confdb__confdb.c b/security/sssd2/files/patch-src__confdb__confdb.c deleted file mode 100644 index 138966638518..000000000000 --- a/security/sssd2/files/patch-src__confdb__confdb.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/confdb/confdb.c.orig 2023-05-05 08:11:07 UTC -+++ src/confdb/confdb.c -@@ -21,6 +21,7 @@ - - #include "config.h" - -+#include - #include - #include "util/util.h" - #include "confdb/confdb.h" -@@ -887,7 +888,7 @@ static char *confdb_get_domain_hostname(TALLOC_CTX *me - struct ldb_result *res, - const char *provider) - { -- char sys[HOST_NAME_MAX + 1] = {'\0'}; -+ char sys[MAXHOSTNAMELEN + 1] = {'\0'}; - const char *opt = NULL; - int ret; - diff --git a/security/sssd2/files/patch-src__external__crypto.m4 b/security/sssd2/files/patch-src__external__crypto.m4 deleted file mode 100644 index 739502c9da13..000000000000 --- a/security/sssd2/files/patch-src__external__crypto.m4 +++ /dev/null @@ -1,21 +0,0 @@ ---- src/external/crypto.m4.orig 2023-05-05 08:11:07 UTC -+++ src/external/crypto.m4 -@@ -1,6 +1,15 @@ --AC_DEFUN([AM_CHECK_LIBCRYPTO], -- [PKG_CHECK_MODULES([CRYPTO],[libcrypto]) -- PKG_CHECK_MODULES([SSL],[libssl]) -+CRYPTO_CFLAGS="-I/usr/include" -+CRYPTO_LIBS="-L/usr/lib -lcrypto" -+AC_SUBST(CRYPTO_CFLAGS) -+AC_SUBST(CRYPTO_LIBS) -+ -+SSL_CFLAGS="-I/usr/include" -+SSL_LIBS="-L/usr/lib -lssl" -+AC_SUBST(SSL_CFLAGS) -+AC_SUBST(SSL_LIBS) -+ -+AC_DEFUN([AM_CHECK_LIBCRYPTO], [ -+ AC_MSG_RESULT([yes]) - ]) - - AC_MSG_CHECKING([whether OpenSSL's x400Address is ASN1_STRING]) diff --git a/security/sssd2/files/patch-src__external__inotify.m4 b/security/sssd2/files/patch-src__external__inotify.m4 deleted file mode 100644 index 2dd08bc16be2..000000000000 --- a/security/sssd2/files/patch-src__external__inotify.m4 +++ /dev/null @@ -1,15 +0,0 @@ ---- src/external/inotify.m4.orig 2023-06-05 03:56:40 UTC -+++ src/external/inotify.m4 -@@ -20,10 +20,10 @@ int main () { - AS_IF([test x"$inotify_works" != xyes], - [AC_CHECK_LIB([inotify], - [inotify_init], -- [INOTIFY_LIBS="$sss_extra_libdir -linotify" -+ [INOTIFY_LIBS="-L$sss_extra_libdir -linotify" - inotify_works=yes], - [inotify_works=no], -- [$sss_extra_libdir])] -+ [-L$sss_extra_libdir])] - ) - - AS_IF([test x"$inotify_works" = xyes], diff --git a/security/sssd2/files/patch-src__external__nsupdate.m4 b/security/sssd2/files/patch-src__external__nsupdate.m4 index d75aeeb5673d..56ec0090e329 100644 --- a/security/sssd2/files/patch-src__external__nsupdate.m4 +++ b/security/sssd2/files/patch-src__external__nsupdate.m4 @@ -1,23 +1,27 @@ +Our bind-tools are compiled without GSSAPI support by default. Until we +make it build with MIT Kerberos from base by default, we have to trick this +configure script into believing that "echo realm | nsupdate" works. + --- src/external/nsupdate.m4.orig 2024-01-12 12:05:40 UTC +++ src/external/nsupdate.m4 @@ -4,13 +4,13 @@ if test -x "$NSUPDATE"; then AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate]) AC_MSG_RESULT(yes) - AC_MSG_CHECKING(for nsupdate 'realm' support') - if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - AC_MSG_ERROR([nsupdate does not support 'realm']) - fi + #AC_MSG_CHECKING(for nsupdate 'realm' support') + #if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then + # AC_MSG_RESULT([yes]) + #else + # AC_MSG_RESULT([no]) + # AC_MSG_ERROR([nsupdate does not support 'realm']) + #fi else AC_MSG_RESULT([no]) diff --git a/security/sssd2/files/patch-src__external__pac_responder.m4 b/security/sssd2/files/patch-src__external__pac_responder.m4 deleted file mode 100644 index d52e249e7ab0..000000000000 --- a/security/sssd2/files/patch-src__external__pac_responder.m4 +++ /dev/null @@ -1,12 +0,0 @@ ---- src/external/pac_responder.m4.orig 2025-08-08 04:17:31.487369000 +0200 -+++ src/external/pac_responder.m4 2025-08-08 04:17:52.437575000 +0200 -@@ -23,7 +23,8 @@ - Kerberos\ 5\ release\ 1.18* | \ - Kerberos\ 5\ release\ 1.19* | \ - Kerberos\ 5\ release\ 1.20* | \ -- Kerberos\ 5\ release\ 1.21*) -+ Kerberos\ 5\ release\ 1.21* | \ -+ Kerberos\ 5\ release\ 1.22*) - krb5_version_ok=yes - AC_MSG_RESULT([yes]) - ;; diff --git a/security/sssd2/files/patch-src__external__platform.m4 b/security/sssd2/files/patch-src__external__platform.m4 deleted file mode 100644 index 2267fcf28b6e..000000000000 --- a/security/sssd2/files/patch-src__external__platform.m4 +++ /dev/null @@ -1,57 +0,0 @@ ---- src/external/platform.m4.orig 2024-12-07 08:35:28.095610000 -0800 -+++ src/external/platform.m4 2024-12-07 08:39:28.615868000 -0800 -@@ -1,9 +1,10 @@ - AC_ARG_WITH([os], -- [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo)])] -+ [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|freebsd|redhat|suse|gentoo)])] - ) - osname="" - if test x"$with_os" != x ; then - if test x"$with_os" = xfedora || \ -+ test x"$with_os" = xfreebsd || \ - test x"$with_os" = xredhat || \ - test x"$with_os" = xsuse || \ - test x"$with_os" = xgentoo || \ -@@ -29,6 +30,8 @@ - . /etc/os-release - if ([[ "${ID}" = "suse" ]]) || ([[ "${ID_LIKE#*suse*}" != "${ID_LIKE}" ]]); then - osname="suse" -+ elif ([[ "${ID}" = "freebsd" ]]) || ([[ "${ID_LIKE#*freebsd*}" != "${ID_LIKE}" ]]); then -+ osname="freebsd" - fi - fi - -@@ -36,6 +39,7 @@ - fi - - AM_CONDITIONAL([HAVE_FEDORA], [test x"$osname" = xfedora]) -+AM_CONDITIONAL([HAVE_FREEBSD], [test x"$osname" = xfreebsd]) - AM_CONDITIONAL([HAVE_REDHAT], [test x"$osname" = xredhat]) - AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse]) - AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian]) -@@ -44,14 +48,23 @@ - AS_CASE([$osname], - [redhat], [AC_DEFINE_UNQUOTED([HAVE_REDHAT], 1, [Build with redhat config])], - [fedora], [AC_DEFINE_UNQUOTED([HAVE_FEDORA], 1, [Build with fedora config])], -+ [freebsd], [AC_DEFINE_UNQUOTED([HAVE_FREEBSD], 1, [Build with freebsd config])], - [suse], [AC_DEFINE_UNQUOTED([HAVE_SUSE], 1, [Build with suse config])], - [gentoo], [AC_DEFINE_UNQUOTED([HAVE_GENTOO], 1, [Build with gentoo config])], - [debian], [AC_DEFINE_UNQUOTED([HAVE_DEBIAN], 1, [Build with debian config])], - [AC_MSG_NOTICE([Build with $osname config])]) - --AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , -- [[#include ]]) -+if test x"$osname" = x"freebsd"; then -+ AC_CHECK_MEMBERS([struct xucred.cr_pid, struct xucred.cr_uid, struct xucred.cr_gid], , , [[ -+#include -+#include -+]]) -+else -+ AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , -+ [[#include ]]) -+fi - -+ - if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \ - x"$ac_cv_member_struct_ucred_uid" = xyes -a \ - x"$ac_cv_member_struct_ucred_gid" = xyes ; then diff --git a/security/sssd2/files/patch-src__external__samba.m4 b/security/sssd2/files/patch-src__external__samba.m4 deleted file mode 100644 index 7e8a8dfc5d40..000000000000 --- a/security/sssd2/files/patch-src__external__samba.m4 +++ /dev/null @@ -1,32 +0,0 @@ ---- src/external/samba.m4.orig 2024-05-16 11:35:27 UTC -+++ src/external/samba.m4 -@@ -63,7 +63,7 @@ --without-samba - AC_MSG_ERROR([Illegal value -$with_smb_idmap_interface_version- for option --with-smb-idmap-interface-version]) - fi - else -- sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/samba -+ sambalibdir="`$PKG_CONFIG --variable=libdir smbclient`"/private - AC_MSG_CHECKING([Samba's idmap library]) - if test -f "${sambalibdir}/libidmap-private-samba.so"; then - IDMAP_SAMBA_LIBS=idmap-private-samba -@@ -166,12 +166,16 @@ AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_group - SAVE_CFLAGS=$CFLAGS - CFLAGS="$CFLAGS $SMBCLIENT_CFLAGS $NDR_NBT_CFLAGS $NDR_KRB5PAC_CFLAGS" - AC_CHECK_MEMBERS([struct PAC_LOGON_INFO.resource_groups], , , -- [[ #include -- #include -+ [[ #include -+ #include -+ #include -+ #include - #include ]]) - AC_CHECK_MEMBERS([struct PAC_UPN_DNS_INFO.ex], , - [AC_MSG_NOTICE([union PAC_UPN_DNS_INFO_EX is not available, PAC checks will be limited])], -- [[ #include -- #include -+ [[ #include -+ #include -+ #include -+ #include - #include ]]) - CFLAGS=$SAVE_CFLAGS diff --git a/security/sssd2/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c b/security/sssd2/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c deleted file mode 100644 index 233dd417d8f5..000000000000 --- a/security/sssd2/files/patch-src__krb5_plugin__common__radius_kdcpreauth.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/krb5_plugin/common/radius_kdcpreauth.c.orig 2023-05-05 08:11:07 UTC -+++ src/krb5_plugin/common/radius_kdcpreauth.c -@@ -18,6 +18,7 @@ - along with this program. If not, see . - */ - -+#include - #include - #include - #include -@@ -414,7 +415,7 @@ sss_radiuskdc_client_init(krb5_context kctx, - struct sss_radiuskdc_config *config) - { - struct sss_radiuskdc_client *client; -- char hostname[HOST_NAME_MAX + 1]; -+ char hostname[MAXHOSTNAMELEN + 1]; - krb5_data data = {0}; - krb5_error_code ret; - diff --git a/security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports b/security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports deleted file mode 100644 index df8fac78ac91..000000000000 --- a/security/sssd2/files/patch-src__lib__certmap__sss_certmap.exports +++ /dev/null @@ -1,10 +0,0 @@ ---- src/lib/certmap/sss_certmap.exports.orig 2024-01-12 12:05:40 UTC -+++ src/lib/certmap/sss_certmap.exports -@@ -2,7 +2,6 @@ SSS_CERTMAP_0.0 { - global: - sss_certmap_init; - sss_certmap_free_ctx; -- sss_certmap_err_msg; - sss_certmap_add_rule; - sss_certmap_match_cert; - sss_certmap_get_search_filter; diff --git a/security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c b/security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c deleted file mode 100644 index c3e821355d7b..000000000000 --- a/security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/lib/winbind_idmap_sss/winbind_idmap_sss.c.orig 2023-05-05 08:11:07 UTC -+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.c -@@ -22,6 +22,8 @@ - along with this program. If not, see . - */ - -+#include -+#include - #include - #include - diff --git a/security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h b/security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h deleted file mode 100644 index 5fc97a38e37e..000000000000 --- a/security/sssd2/files/patch-src__lib__winbind_idmap_sss__winbind_idmap_sss.h +++ /dev/null @@ -1,11 +0,0 @@ ---- src/lib/winbind_idmap_sss/winbind_idmap_sss.h.orig 2023-06-05 04:01:16 UTC -+++ src/lib/winbind_idmap_sss/winbind_idmap_sss.h -@@ -29,6 +29,8 @@ - #include - - #include -+#include -+#include - #include - #include - diff --git a/security/sssd2/files/patch-src__p11_child__p11_child_common.c b/security/sssd2/files/patch-src__p11_child__p11_child_common.c deleted file mode 100644 index 4304a8681ba4..000000000000 --- a/security/sssd2/files/patch-src__p11_child__p11_child_common.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/p11_child/p11_child_common.c.orig 2023-05-05 08:11:07 UTC -+++ src/p11_child/p11_child_common.c -@@ -27,7 +27,6 @@ - #include - #include - #include --#include - - #include "util/util.h" - #include "util/child_common.h" -@@ -305,8 +304,6 @@ int main(int argc, const char *argv[]) - } - - poptFreeContext(pc); -- -- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); - - debug_prg_name = talloc_asprintf(NULL, "p11_child[%d]", getpid()); - if (debug_prg_name == NULL) { diff --git a/security/sssd2/files/patch-src__passkey_child__passkey_child_common.c b/security/sssd2/files/patch-src__passkey_child__passkey_child_common.c deleted file mode 100644 index 0854721e7a80..000000000000 --- a/security/sssd2/files/patch-src__passkey_child__passkey_child_common.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/passkey_child/passkey_child_common.c.orig 2024-01-12 12:05:40 UTC -+++ src/passkey_child/passkey_child_common.c -@@ -23,7 +23,6 @@ - */ - - #include --#include - #include - #include - #include -@@ -272,8 +271,6 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const c - } - - poptFreeContext(pc); -- -- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); - - if (user_verification != NULL) { - if (strcmp(user_verification, "true") == 0) { diff --git a/security/sssd2/files/patch-src__providers__ad__ad_common.c b/security/sssd2/files/patch-src__providers__ad__ad_common.c deleted file mode 100644 index d4813193d1b1..000000000000 --- a/security/sssd2/files/patch-src__providers__ad__ad_common.c +++ /dev/null @@ -1,41 +0,0 @@ ---- src/providers/ad/ad_common.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ad/ad_common.c -@@ -19,6 +19,7 @@ - You should have received a copy of the GNU General Public License - along with this program. If not, see . - */ -+#include - #include - - #include "providers/ad/ad_common.h" -@@ -495,8 +496,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, - char *server; - char *realm; - char *ad_hostname; -- char hostname[HOST_NAME_MAX + 1]; -- char fqdn[HOST_NAME_MAX + 1]; -+ char hostname[MAXHOSTNAMELEN + 1]; -+ char fqdn[MAXHOSTNAMELEN + 1]; - char *case_sensitive_opt; - const char *opt_override; - -@@ -543,7 +544,7 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, - strerror(ret)); - goto done; - } -- hostname[HOST_NAME_MAX] = '\0'; -+ hostname[MAXHOSTNAMELEN] = '\0'; - - if (strchr(hostname, '.') == NULL) { - ret = ad_try_to_get_fqdn(hostname, fqdn, sizeof(fqdn)); -@@ -552,8 +553,8 @@ ad_get_common_options(TALLOC_CTX *mem_ctx, - "The hostname [%s] has been expanded to FQDN [%s]. " - "If sssd should really use the short hostname, please " - "set ad_hostname explicitly.\n", hostname, fqdn); -- strncpy(hostname, fqdn, HOST_NAME_MAX); -- hostname[HOST_NAME_MAX] = '\0'; -+ strncpy(hostname, fqdn, MAXHOSTNAMELEN); -+ hostname[MAXHOSTNAMELEN] = '\0'; - } - } - diff --git a/security/sssd2/files/patch-src__providers__ad__ad_gpo_child.c b/security/sssd2/files/patch-src__providers__ad__ad_gpo_child.c deleted file mode 100644 index 3e5f890b5137..000000000000 --- a/security/sssd2/files/patch-src__providers__ad__ad_gpo_child.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/providers/ad/ad_gpo_child.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ad/ad_gpo_child.c -@@ -26,7 +26,6 @@ - #include - #include - #include --#include - #include - #include - -@@ -699,8 +698,6 @@ main(int argc, const char *argv[]) - } - - poptFreeContext(pc); -- -- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); - - debug_prg_name = talloc_asprintf(NULL, "gpo_child[%d]", getpid()); - if (debug_prg_name == NULL) { diff --git a/security/sssd2/files/patch-src__providers__ad__ad_pac.h b/security/sssd2/files/patch-src__providers__ad__ad_pac.h deleted file mode 100644 index f9de3661d985..000000000000 --- a/security/sssd2/files/patch-src__providers__ad__ad_pac.h +++ /dev/null @@ -1,11 +0,0 @@ ---- src/providers/ad/ad_pac.h.orig 2023-06-05 04:04:46 UTC -+++ src/providers/ad/ad_pac.h -@@ -32,6 +32,8 @@ - #ifdef ldb_val - #error Please make sure to include ad_pac.h before ldb.h - #endif -+#include -+#include - #include - #include - #include diff --git a/security/sssd2/files/patch-src__providers__ad__ad_pac_common.c b/security/sssd2/files/patch-src__providers__ad__ad_pac_common.c deleted file mode 100644 index ab1c08e07e8b..000000000000 --- a/security/sssd2/files/patch-src__providers__ad__ad_pac_common.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/providers/ad/ad_pac_common.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ad/ad_pac_common.c -@@ -20,6 +20,8 @@ - along with this program. If not, see . - */ - -+#include -+#include - - #include "providers/ad/ad_pac.h" - #include "util/util.h" diff --git a/security/sssd2/files/patch-src__providers__data_provider__dp_modules.c b/security/sssd2/files/patch-src__providers__data_provider__dp_modules.c deleted file mode 100644 index 482a8c334c5b..000000000000 --- a/security/sssd2/files/patch-src__providers__data_provider__dp_modules.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/providers/data_provider/dp_modules.c.orig 2023-05-25 06:34:10 UTC -+++ src/providers/data_provider/dp_modules.c -@@ -23,6 +23,7 @@ - #include "providers/data_provider/dp.h" - #include "providers/data_provider/dp_private.h" - #include "providers/backend.h" -+#include "util/sss_bsd_errno.h" - #include "util/util.h" - - /* There can be at most the same number of different modules loaded at diff --git a/security/sssd2/files/patch-src__providers__data_provider__dp_targets.c b/security/sssd2/files/patch-src__providers__data_provider__dp_targets.c deleted file mode 100644 index 2a83b5070e9d..000000000000 --- a/security/sssd2/files/patch-src__providers__data_provider__dp_targets.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/providers/data_provider/dp_targets.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/data_provider/dp_targets.c -@@ -26,6 +26,7 @@ - #include "providers/data_provider/dp_private.h" - #include "providers/data_provider/dp_builtin.h" - #include "providers/backend.h" -+#include "util/sss_bsd_errno.h" - #include "util/util.h" - - #define DP_TARGET_INIT_FN "sssm_%s_%s_init" diff --git a/security/sssd2/files/patch-src__providers__data_provider_be.c b/security/sssd2/files/patch-src__providers__data_provider_be.c deleted file mode 100644 index 527186d6fc73..000000000000 --- a/security/sssd2/files/patch-src__providers__data_provider_be.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/providers/data_provider_be.c.orig 2023-05-25 06:24:25 UTC -+++ src/providers/data_provider_be.c -@@ -25,6 +25,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include diff --git a/security/sssd2/files/patch-src__providers__data_provider_fo.c b/security/sssd2/files/patch-src__providers__data_provider_fo.c deleted file mode 100644 index 4e4dc0d1da9f..000000000000 --- a/security/sssd2/files/patch-src__providers__data_provider_fo.c +++ /dev/null @@ -1,28 +0,0 @@ ---- src/providers/data_provider_fo.c.orig 2023-05-25 06:28:15 UTC -+++ src/providers/data_provider_fo.c -@@ -19,6 +19,7 @@ - along with this program. If not, see . - */ - -+#include - #include - #include - #include "providers/backend.h" -@@ -237,7 +238,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx - const char *hostname) - { - struct fo_resolve_srv_dns_ctx *srv_ctx = NULL; -- char resolved_hostname[HOST_NAME_MAX + 1]; -+ char resolved_hostname[MAXHOSTNAMELEN + 1]; - errno_t ret; - - if (hostname == NULL) { -@@ -248,7 +249,7 @@ errno_t be_fo_set_dns_srv_lookup_plugin(struct be_ctx - "gethostname() failed: [%d]: %s\n", ret, strerror(ret)); - return ret; - } -- resolved_hostname[HOST_NAME_MAX] = '\0'; -+ resolved_hostname[MAXHOSTNAMELEN] = '\0'; - hostname = resolved_hostname; - } - diff --git a/security/sssd2/files/patch-src__providers__files__files_ops.c b/security/sssd2/files/patch-src__providers__files__files_ops.c deleted file mode 100644 index f53f65264139..000000000000 --- a/security/sssd2/files/patch-src__providers__files__files_ops.c +++ /dev/null @@ -1,88 +0,0 @@ ---- src/providers/files/files_ops.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/files/files_ops.c -@@ -53,8 +53,11 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx, - struct passwd *pwd_iter = NULL; - struct passwd *pwd = NULL; - struct passwd **users = NULL; -+ struct passwd *pbuf = NULL; - FILE *pwd_handle = NULL; - size_t n_users = 0; -+ char *buf = NULL; -+ unsigned int bufsize = 1024; - - pwd_handle = fopen(passwd_file, "r"); - if (pwd_handle == NULL) { -@@ -72,7 +75,19 @@ static errno_t enum_files_users(TALLOC_CTX *mem_ctx, - goto done; - } - -- while ((pwd_iter = fgetpwent(pwd_handle)) != NULL) { -+ buf = talloc_zero_array(mem_ctx, char, bufsize); -+ if (buf == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ pbuf = talloc_zero(mem_ctx, struct passwd); -+ if (pbuf == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ while (getpwent_r(pbuf, buf, (size_t)bufsize, &pwd_iter) == 0 && pwd_iter != NULL) { - /* FIXME - we might want to support paging of sorts to avoid allocating - * all users atop a memory context or only return users that differ from - * the local storage as a diff to minimize memory spikes -@@ -126,6 +141,9 @@ done: - users[n_users] = NULL; - *_users = users; - done: -+ talloc_free(pbuf); -+ talloc_free(buf); -+ - if (ret != EOK) { - talloc_free(users); - } -@@ -150,8 +168,11 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx, - struct group *grp_iter = NULL; - struct group *grp = NULL; - struct group **groups = NULL; -+ struct group *pbuf = NULL; - size_t n_groups = 0; - FILE *grp_handle = NULL; -+ char *buf = NULL; -+ unsigned int bufsize = 1024; - - grp_handle = fopen(group_file, "r"); - if (grp_handle == NULL) { -@@ -169,7 +190,19 @@ static errno_t enum_files_groups(TALLOC_CTX *mem_ctx, - goto done; - } - -- while ((grp_iter = fgetgrent(grp_handle)) != NULL) { -+ buf = talloc_zero_array(mem_ctx, char, bufsize); -+ if (buf == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ pbuf = talloc_zero(mem_ctx, struct group); -+ if (pbuf == NULL) { -+ ret = ENOMEM; -+ goto done; -+ } -+ -+ while (getgrent_r(pbuf, buf, (size_t)bufsize, &grp_iter) == 0 && grp_iter != NULL) { - DEBUG(SSSDBG_TRACE_LIBS, - "Group found (%s, %"SPRIgid")\n", - grp_iter->gr_name, grp_iter->gr_gid); -@@ -230,6 +263,9 @@ done: - groups[n_groups] = NULL; - *_groups = groups; - done: -+ talloc_free(pbuf); -+ talloc_free(buf); -+ - if (ret != EOK) { - talloc_free(groups); - } diff --git a/security/sssd2/files/patch-src__providers__ipa__ipa_common.c b/security/sssd2/files/patch-src__providers__ipa__ipa_common.c deleted file mode 100644 index 31de8587948c..000000000000 --- a/security/sssd2/files/patch-src__providers__ipa__ipa_common.c +++ /dev/null @@ -1,28 +0,0 @@ ---- src/providers/ipa/ipa_common.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ipa/ipa_common.c -@@ -22,6 +22,7 @@ - along with this program. If not, see . - */ - -+#include - #include - #include - #include -@@ -51,7 +52,7 @@ int ipa_get_options(TALLOC_CTX *memctx, - char *realm; - char *ipa_hostname; - int ret; -- char hostname[HOST_NAME_MAX + 1]; -+ char hostname[MAXHOSTNAMELEN + 1]; - - opts = talloc_zero(memctx, struct ipa_options); - if (!opts) return ENOMEM; -@@ -88,7 +89,7 @@ int ipa_get_options(TALLOC_CTX *memctx, - strerror(ret)); - goto done; - } -- hostname[HOST_NAME_MAX] = '\0'; -+ hostname[MAXHOSTNAMELEN] = '\0'; - DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname); - ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname); - if (ret != EOK) { diff --git a/security/sssd2/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c b/security/sssd2/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c deleted file mode 100644 index 8d29abb6c670..000000000000 --- a/security/sssd2/files/patch-src__providers__ipa__ipa_deskprofile_rules_util.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/providers/ipa/ipa_deskprofile_rules_util.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ipa/ipa_deskprofile_rules_util.c -@@ -20,6 +20,8 @@ - along with this program. If not, see . - */ - -+#include -+#include - #include "providers/ipa/ipa_deskprofile_rules_util.h" - #include "providers/ipa/ipa_deskprofile_private.h" - #include "providers/ipa/ipa_rules_common.h" diff --git a/security/sssd2/files/patch-src__providers__krb5__krb5_child.c b/security/sssd2/files/patch-src__providers__krb5__krb5_child.c deleted file mode 100644 index a4b4cc9e1660..000000000000 --- a/security/sssd2/files/patch-src__providers__krb5__krb5_child.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/providers/krb5/krb5_child.c.orig 2024-01-12 12:05:40 UTC -+++ src/providers/krb5/krb5_child.c -@@ -28,7 +28,6 @@ - #include - #include - #include --#include - - #include - -@@ -4090,8 +4089,6 @@ int main(int argc, const char *argv[]) - } - - poptFreeContext(pc); -- -- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); - - debug_prg_name = talloc_asprintf(NULL, "krb5_child[%d]", getpid()); - if (!debug_prg_name) { diff --git a/security/sssd2/files/patch-src__providers__ldap__ldap_auth.c b/security/sssd2/files/patch-src__providers__ldap__ldap_auth.c deleted file mode 100644 index 5fd7eeabc816..000000000000 --- a/security/sssd2/files/patch-src__providers__ldap__ldap_auth.c +++ /dev/null @@ -1,46 +0,0 @@ ---- src/providers/ldap/ldap_auth.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ldap/ldap_auth.c -@@ -37,7 +37,6 @@ - #include - #include - --#include - #include - - #include "util/util.h" -@@ -51,6 +50,22 @@ - - #define LDAP_PWEXPIRE_WARNING_TIME 0 - -+struct spwd -+{ -+ char *sp_namp; /* Login name. */ -+ char *sp_pwdp; /* Encrypted password. */ -+ long int sp_lstchg; /* Date of last change. */ -+ long int sp_min; /* Minimum number of days between changes. */ -+ long int sp_max; /* Maximum number of days between changes. */ -+ long int sp_warn; /* Number of days to warn user to change -+ the password. */ -+ long int sp_inact; /* Number of days the account may be -+ inactive. */ -+ long int sp_expire; /* Number of days since 1970-01-01 until -+ account expires. */ -+ unsigned long int sp_flag; /* Reserved. */ -+}; -+ - static errno_t add_expired_warning(struct pam_data *pd, long exp_time) - { - int ret; -@@ -96,9 +111,9 @@ static errno_t check_pwexpire_kerberos(const char *exp - } - - DEBUG(SSSDBG_TRACE_ALL, -- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " -- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n", -- tzname[0], tzname[1], timezone, daylight, now, expire_time); -+ "Time info: tzname[0] [%s] tzname[1] [%s] " -+ "now [%"SPRItime"] expire_time [%"SPRItime"].\n", -+ tzname[0], tzname[1], now, expire_time); - - if (expire_time == 0) { - /* Used by the MIT LDAP KDB plugin to indicate "never" */ diff --git a/security/sssd2/files/patch-src__providers__ldap__ldap_child.c b/security/sssd2/files/patch-src__providers__ldap__ldap_child.c deleted file mode 100644 index 62d313f97392..000000000000 --- a/security/sssd2/files/patch-src__providers__ldap__ldap_child.c +++ /dev/null @@ -1,42 +0,0 @@ ---- src/providers/ldap/ldap_child.c.orig 2024-01-12 12:05:40 UTC -+++ src/providers/ldap/ldap_child.c -@@ -23,11 +23,11 @@ - */ - - #include -+#include - #include - #include - #include - #include --#include - - #include "util/util.h" - #include "util/sss_krb5.h" -@@ -338,7 +338,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_ - full_princ = talloc_strdup(tmp_ctx, princ_str); - } - } else { -- char hostname[HOST_NAME_MAX + 1]; -+ char hostname[MAXHOSTNAMELEN + 1]; - - ret = gethostname(hostname, sizeof(hostname)); - if (ret == -1) { -@@ -347,7 +347,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_ - errno, strerror(errno)); - goto done; - } -- hostname[HOST_NAME_MAX] = '\0'; -+ hostname[MAXHOSTNAMELEN] = '\0'; - - DEBUG(SSSDBG_TRACE_LIBS, "got hostname: [%s]\n", hostname); - -@@ -661,8 +661,6 @@ int main(int argc, const char *argv[]) - } - - poptFreeContext(pc); -- -- prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); - - debug_prg_name = talloc_asprintf(NULL, "ldap_child[%d]", getpid()); - if (!debug_prg_name) { diff --git a/security/sssd2/files/patch-src__providers__ldap__sdap_access.c b/security/sssd2/files/patch-src__providers__ldap__sdap_access.c deleted file mode 100644 index 2469db8a69d6..000000000000 --- a/security/sssd2/files/patch-src__providers__ldap__sdap_access.c +++ /dev/null @@ -1,41 +0,0 @@ ---- src/providers/ldap/sdap_access.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ldap/sdap_access.c -@@ -24,6 +24,7 @@ - - #include "config.h" - -+#include - #include - #include - #include -@@ -568,9 +569,9 @@ bool nds_check_expired(const char *exp_time_str) - - now = time(NULL); - DEBUG(SSSDBG_TRACE_ALL, -- "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " -- "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n", -- tzname[0], tzname[1], timezone, daylight, now, expire_time); -+ "Time info: tzname[0] [%s] tzname[1] [%s] " -+ "now [%"SPRItime"] expire_time [%"SPRItime"].\n", -+ tzname[0], tzname[1], now, expire_time); - - if (difftime(now, expire_time) > 0.0) { - DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); -@@ -1286,7 +1287,7 @@ static errno_t sdap_access_host(struct ldb_message *us - { - errno_t ret; - struct ldb_message_element *el; -- char hostname[HOST_NAME_MAX + 1]; -+ char hostname[MAXHOSTNAMELEN + 1]; - struct addrinfo *res = NULL; - struct addrinfo hints; - -@@ -1301,7 +1302,7 @@ static errno_t sdap_access_host(struct ldb_message *us - "Unable to get system hostname. Access denied\n"); - return ERR_ACCESS_DENIED; - } -- hostname[HOST_NAME_MAX] = '\0'; -+ hostname[MAXHOSTNAMELEN] = '\0'; - - /* Canonicalize the hostname */ - memset(&hints, 0, sizeof(struct addrinfo)); diff --git a/security/sssd2/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c b/security/sssd2/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c deleted file mode 100644 index b305369d3aaf..000000000000 --- a/security/sssd2/files/patch-src__providers__ldap__sdap_async_sudo_hostinfo.c +++ /dev/null @@ -1,28 +0,0 @@ ---- src/providers/ldap/sdap_async_sudo_hostinfo.c.orig 2023-05-05 08:11:07 UTC -+++ src/providers/ldap/sdap_async_sudo_hostinfo.c -@@ -18,6 +18,7 @@ - along with this program. If not, see . - */ - -+#include - #include - #include - #include -@@ -357,7 +358,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send - struct tevent_req *subreq = NULL; - struct sdap_sudo_get_hostnames_state *state = NULL; - char *dot = NULL; -- char hostname[HOST_NAME_MAX + 1]; -+ char hostname[MAXHOSTNAMELEN + 1]; - int ret; - - req = tevent_req_create(mem_ctx, &state, -@@ -387,7 +388,7 @@ static struct tevent_req *sdap_sudo_get_hostnames_send - "[%d]: %s\n", ret, strerror(ret)); - goto done; - } -- hostname[HOST_NAME_MAX] = '\0'; -+ hostname[MAXHOSTNAMELEN] = '\0'; - - state->hostnames[0] = talloc_strdup(state->hostnames, hostname); - if (state->hostnames[0] == NULL) { diff --git a/security/sssd2/files/patch-src__providers__proxy__proxy_child.c b/security/sssd2/files/patch-src__providers__proxy__proxy_child.c index adafcdd35676..7116fadaf2e2 100644 --- a/security/sssd2/files/patch-src__providers__proxy__proxy_child.c +++ b/security/sssd2/files/patch-src__providers__proxy__proxy_child.c @@ -1,29 +1,29 @@ ---- src/providers/proxy/proxy_child.c.orig 2023-05-05 08:11:07 UTC +--- src/providers/proxy/proxy_child.c.orig 2026-01-14 15:01:42 UTC +++ src/providers/proxy/proxy_child.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include #include -@@ -469,6 +470,18 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, cons +@@ -456,6 +457,18 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, cons return EOK; } + + +#if (defined(__FreeBSD__) && (__FreeBSD__ < 14)) +extern char **environ; + +static int +clearenv(void) +{ + *environ = NULL; + return 0; +} +#endif int main(int argc, const char *argv[]) { diff --git a/security/sssd2/files/patch-src__resolv__async_resolv_utils.c b/security/sssd2/files/patch-src__resolv__async_resolv_utils.c deleted file mode 100644 index 12587842f8ce..000000000000 --- a/security/sssd2/files/patch-src__resolv__async_resolv_utils.c +++ /dev/null @@ -1,28 +0,0 @@ ---- src/resolv/async_resolv_utils.c.orig 2023-05-05 08:11:07 UTC -+++ src/resolv/async_resolv_utils.c -@@ -18,6 +18,7 @@ - along with this program. If not, see . - */ - -+#include - #include - #include - #include -@@ -45,7 +46,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx, - struct resolv_get_domain_state *state = NULL; - struct tevent_req *req = NULL; - struct tevent_req *subreq = NULL; -- char system_hostname[HOST_NAME_MAX + 1]; -+ char system_hostname[MAXHOSTNAMELEN + 1]; - errno_t ret; - - req = tevent_req_create(mem_ctx, &state, -@@ -64,7 +65,7 @@ resolv_get_domain_send(TALLOC_CTX *mem_ctx, - ret, strerror(ret)); - goto immediately; - } -- system_hostname[HOST_NAME_MAX] = '\0'; -+ system_hostname[MAXHOSTNAMELEN] = '\0'; - hostname = system_hostname; - } - diff --git a/security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c b/security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c deleted file mode 100644 index 9354c7f1e9b7..000000000000 --- a/security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_host_by_addr.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c.orig 2023-05-05 08:11:07 UTC -+++ src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - #include "db/sysdb.h" - #include "db/sysdb_iphosts.h" diff --git a/security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c b/security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c deleted file mode 100644 index 4dd2c8bf8452..000000000000 --- a/security/sssd2/files/patch-src__responder__common__cache_req__plugins__cache_req_ip_network_by_addr.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c.orig 2023-05-05 08:11:07 UTC -+++ src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - #include "db/sysdb.h" - #include "db/sysdb_ipnetworks.h" diff --git a/security/sssd2/files/patch-src__responder__common__responder_common.c b/security/sssd2/files/patch-src__responder__common__responder_common.c deleted file mode 100644 index 9fd169f000cd..000000000000 --- a/security/sssd2/files/patch-src__responder__common__responder_common.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/responder/common/responder_common.c.orig 2023-05-05 08:11:07 UTC -+++ src/responder/common/responder_common.c -@@ -33,6 +33,7 @@ - #include - #include - -+#include "util/sss_bsd_errno.h" - #include "util/util.h" - #include "util/strtonum.h" - #include "db/sysdb.h" diff --git a/security/sssd2/files/patch-src__responder__common__responder_packet.c b/security/sssd2/files/patch-src__responder__common__responder_packet.c deleted file mode 100644 index 464724ba2e87..000000000000 --- a/security/sssd2/files/patch-src__responder__common__responder_packet.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/responder/common/responder_packet.c.orig 2023-05-05 08:11:07 UTC -+++ src/responder/common/responder_packet.c -@@ -25,6 +25,7 @@ - #include - #include - -+#include "util/sss_bsd_errno.h" - #include "util/util.h" - #include "responder/common/responder_packet.h" - diff --git a/security/sssd2/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c b/security/sssd2/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c deleted file mode 100644 index 95f5f0bf764e..000000000000 --- a/security/sssd2/files/patch-src__responder__kcm__kcmsrv_ccache_secdb.c +++ /dev/null @@ -1,23 +0,0 @@ ---- src/responder/kcm/kcmsrv_ccache_secdb.c.orig 2024-01-12 12:05:40 UTC -+++ src/responder/kcm/kcmsrv_ccache_secdb.c -@@ -21,6 +21,9 @@ - - #include "config.h" - -+#include -+#include -+ - #include - #include - -@@ -871,8 +874,8 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX * - continue; - } - -- cli_cred.ucred.uid = pwd->pw_uid; -- cli_cred.ucred.gid = pwd->pw_gid; -+ cli_cred.ucred.cr_uid = pwd->pw_uid; -+ cli_cred.ucred.cr_gid = pwd->pw_gid; - - ret = key_by_uuid(tmp_ctx, secdb->sctx, &cli_cred, uuid, &secdb_key); - if (ret != EOK) { diff --git a/security/sssd2/files/patch-src__responder__kcm__kcmsrv_cmd.c b/security/sssd2/files/patch-src__responder__kcm__kcmsrv_cmd.c deleted file mode 100644 index 3ec6e7f08ac2..000000000000 --- a/security/sssd2/files/patch-src__responder__kcm__kcmsrv_cmd.c +++ /dev/null @@ -1,15 +0,0 @@ ---- src/responder/kcm/kcmsrv_cmd.c.orig 2023-05-05 08:11:07 UTC -+++ src/responder/kcm/kcmsrv_cmd.c -@@ -20,10 +20,12 @@ - */ - - #include -+#include - #include - - #include "config.h" - #include "util/util.h" -+#include "util/sss_bsd_errno.h" - #include "responder/common/responder.h" - #include "responder/kcm/kcmsrv_pvt.h" - #include "responder/kcm/kcmsrv_ops.h" diff --git a/security/sssd2/files/patch-src__responder__kcm__kcmsrv_ops.c b/security/sssd2/files/patch-src__responder__kcm__kcmsrv_ops.c deleted file mode 100644 index 332c86980118..000000000000 --- a/security/sssd2/files/patch-src__responder__kcm__kcmsrv_ops.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/responder/kcm/kcmsrv_ops.c.orig 2023-05-05 08:11:07 UTC -+++ src/responder/kcm/kcmsrv_ops.c -@@ -21,6 +21,7 @@ - - #include "config.h" - -+#include - #include - #include - diff --git a/security/sssd2/files/patch-src__responder__nss__nsssrv_mmap_cache.c b/security/sssd2/files/patch-src__responder__nss__nsssrv_mmap_cache.c deleted file mode 100644 index 31ea4cd969b2..000000000000 --- a/security/sssd2/files/patch-src__responder__nss__nsssrv_mmap_cache.c +++ /dev/null @@ -1,27 +0,0 @@ ---- src/responder/nss/nsssrv_mmap_cache.c.orig 2024-01-12 12:05:40 UTC -+++ src/responder/nss/nsssrv_mmap_cache.c -@@ -23,6 +23,7 @@ - #include "util/crypto/sss_crypto.h" - #include "confdb/confdb.h" - #include -+#include - #include - #include "util/mmap_cache.h" - #include "sss_client/idmap/sss_nss_idmap.h" -@@ -1474,8 +1475,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const - /* Attempt allocation several times, in case of EINTR */ - for (int i = 0; i < POSIX_FALLOCATE_ATTEMPTS; i++) { - ret = posix_fallocate(mc_ctx->fd, 0, mc_ctx->mmap_size); -- if (ret != EINTR) -- break; -+ if (ret != EINTR && ret == EINVAL) { -+ /* posix_fallocate doesn't work on ZFS */ -+ ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size); -+ if (ret != 0) { -+ break; -+ } -+ } else if (ret != EINTR) -+ break; - } - if (ret) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate file %s: %d(%s)\n", diff --git a/security/sssd2/files/patch-src__sbus__sbus_errors.c b/security/sssd2/files/patch-src__sbus__sbus_errors.c deleted file mode 100644 index a5b721c0e9b0..000000000000 --- a/security/sssd2/files/patch-src__sbus__sbus_errors.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/sbus/sbus_errors.c.orig 2023-05-05 08:11:07 UTC -+++ src/sbus/sbus_errors.c -@@ -53,7 +53,7 @@ static const struct { - { DBUS_ERROR_LIMITS_EXCEEDED, ERANGE}, - { DBUS_ERROR_ACCESS_DENIED, EPERM}, - { DBUS_ERROR_AUTH_FAILED, EACCES}, -- { DBUS_ERROR_NO_NETWORK, ENONET}, -+ { DBUS_ERROR_NO_NETWORK, EHOSTDOWN}, - { DBUS_ERROR_DISCONNECTED, ERR_OFFLINE}, - { DBUS_ERROR_INVALID_ARGS, EINVAL}, - diff --git a/security/sssd2/files/patch-src__sss_client__common.c b/security/sssd2/files/patch-src__sss_client__common.c deleted file mode 100644 index fe1b56881cef..000000000000 --- a/security/sssd2/files/patch-src__sss_client__common.c +++ /dev/null @@ -1,29 +0,0 @@ ---- src/sss_client/common.c.orig 2024-01-12 12:05:40 UTC -+++ src/sss_client/common.c -@@ -170,7 +170,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_c - *errnop = error; - break; - case 0: -- *errnop = ETIME; -+ *errnop = ETIMEDOUT; - break; - case 1: - if (pfd.revents & (POLLERR | POLLHUP)) { -@@ -282,7 +282,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_c - *errnop = error; - break; - case 0: -- *errnop = ETIME; -+ *errnop = ETIMEDOUT; - break; - case 1: - if (pfd.revents & (POLLHUP)) { -@@ -781,7 +781,7 @@ static enum sss_status sss_cli_check_socket(int *errno - *errnop = error; - break; - case 0: -- *errnop = ETIME; -+ *errnop = ETIMEDOUT; - break; - case 1: - if (pfd.revents & (POLLERR | POLLHUP)) { diff --git a/security/sssd2/files/patch-src__sss_client__nss_group.c b/security/sssd2/files/patch-src__sss_client__nss_group.c index bf7724ad8f4a..e5545a999db0 100644 --- a/security/sssd2/files/patch-src__sss_client__nss_group.c +++ b/security/sssd2/files/patch-src__sss_client__nss_group.c @@ -1,78 +1,78 @@ ---- src/sss_client/nss_group.c.orig 2023-06-05 03:48:03 UTC +--- src/sss_client/nss_group.c.orig 2025-05-07 09:36:03 UTC +++ src/sss_client/nss_group.c -@@ -403,6 +403,75 @@ out: +@@ -411,6 +411,75 @@ out: return nret; } +#define MIN(a, b)((a) < (b) ? (a) : (b)) + +int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) +{ + int ret, dupc; + + for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { + if (groups[dupc] == gid) + return 1; + } + + ret = 1; + if (*grpcnt < maxgrp) + groups[*grpcnt] = gid; + else + ret = 0; + + (*grpcnt)++; + + return ret; +} + +enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, + gid_t *groups, int maxgrp, + int *grpcnt) +{ + struct sss_cli_req_data rd; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t *rbuf; + uint32_t num_ret; + long int l, max_ret; + int errnop; + + rd.len = strlen(uname) +1; + rd.data = uname; + + sss_nss_lock(); + + nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, + &repbuf, &replen, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + goto done; + } + + /* no results if not found */ + num_ret = ((uint32_t *)repbuf)[0]; + if (num_ret == 0) { + free(repbuf); + nret = NSS_STATUS_NOTFOUND; + goto done; + } + max_ret = num_ret; + + gr_addgid(agroup, groups, maxgrp, grpcnt); + + rbuf = &((uint32_t *)repbuf)[2]; + for (l = 0; l < max_ret; l++) { + gr_addgid(rbuf[l], groups, maxgrp, grpcnt); + } + + free(repbuf); + nret = NSS_STATUS_SUCCESS; + +done: + sss_nss_unlock(); + return nret; +} enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) diff --git a/security/sssd2/files/patch-src__sss_client__nss_hosts.c b/security/sssd2/files/patch-src__sss_client__nss_hosts.c deleted file mode 100644 index 2067ddab6d35..000000000000 --- a/security/sssd2/files/patch-src__sss_client__nss_hosts.c +++ /dev/null @@ -1,12 +0,0 @@ ---- src/sss_client/nss_hosts.c.orig 2023-05-05 08:11:07 UTC -+++ src/sss_client/nss_hosts.c -@@ -22,6 +22,9 @@ - - #include "config.h" - -+#include -+#include -+#include - #include - #include - #include diff --git a/security/sssd2/files/patch-src__sss_client__nss_ipnetworks.c b/security/sssd2/files/patch-src__sss_client__nss_ipnetworks.c deleted file mode 100644 index f8ea2ab02944..000000000000 --- a/security/sssd2/files/patch-src__sss_client__nss_ipnetworks.c +++ /dev/null @@ -1,12 +0,0 @@ ---- src/sss_client/nss_ipnetworks.c.orig 2023-05-05 08:11:07 UTC -+++ src/sss_client/nss_ipnetworks.c -@@ -22,6 +22,9 @@ - - #include "config.h" - -+#include -+#include -+#include - #include - #include - #include diff --git a/security/sssd2/files/patch-src__sss_client__pam_sss.c b/security/sssd2/files/patch-src__sss_client__pam_sss.c deleted file mode 100644 index 35b39859499d..000000000000 --- a/security/sssd2/files/patch-src__sss_client__pam_sss.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/sss_client/pam_sss.c.orig 2024-01-12 12:05:40 UTC -+++ src/sss_client/pam_sss.c -@@ -1444,7 +1444,7 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t - - pi->cli_pid = getpid(); - -- pi->login_name = pam_modutil_getlogin(pamh); -+ pi->login_name = getlogin(); - if (pi->login_name == NULL) pi->login_name=""; - - pi->domain_name = NULL; diff --git a/security/sssd2/files/patch-src__sss_client__pam_sss_gss.c b/security/sssd2/files/patch-src__sss_client__pam_sss_gss.c deleted file mode 100644 index f4721aee3f5a..000000000000 --- a/security/sssd2/files/patch-src__sss_client__pam_sss_gss.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/sss_client/pam_sss_gss.c.orig 2023-05-05 08:11:07 UTC -+++ src/sss_client/pam_sss_gss.c -@@ -22,7 +22,7 @@ - #include - #include - #include --#include -+#include - #include - #include - #include -@@ -46,7 +46,6 @@ bool debug_enabled; - #define ERROR(pamh, fmt, ...) do { \ - if (debug_enabled) { \ - pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \ -- pam_syslog(pamh, LOG_ERR, fmt, ## __VA_ARGS__); \ - } \ - } while (0) - diff --git a/security/sssd2/files/patch-src__sss_client__sss_pac_responder_client.c b/security/sssd2/files/patch-src__sss_client__sss_pac_responder_client.c deleted file mode 100644 index 048eb430f9dd..000000000000 --- a/security/sssd2/files/patch-src__sss_client__sss_pac_responder_client.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/sss_client/sss_pac_responder_client.c.orig 2023-05-05 08:11:07 UTC -+++ src/sss_client/sss_pac_responder_client.c -@@ -23,6 +23,7 @@ - #include - #include - #include -+#include - - #include - -@@ -97,7 +98,7 @@ static void *pac_client(void *arg) - size_t c; - - fprintf(stderr, "[%"SPRItime"][%d][%ld][%s] started\n", -- time(NULL), getpid(), syscall(SYS_gettid), (char *) arg); -+ time(NULL), getpid(), pthread_getthreadid_np(), (char *) arg); - for (c = 0; c < 1000; c++) { - /* sss_pac_make_request() does not protect the client's file - * descriptor to the PAC responder. With this one thread will miss a diff --git a/security/sssd2/files/patch-src__util__child_common.c b/security/sssd2/files/patch-src__util__child_common.c deleted file mode 100644 index d27163112a1b..000000000000 --- a/security/sssd2/files/patch-src__util__child_common.c +++ /dev/null @@ -1,21 +0,0 @@ ---- src/util/child_common.c.orig 2024-01-12 12:05:40 UTC -+++ src/util/child_common.c -@@ -28,7 +28,6 @@ - #include - #include - #include --#include - - #include "util/util.h" - #include "util/find_uid.h" -@@ -806,8 +805,8 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, - goto fail; - } - -- argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", -- prctl(PR_GET_DUMPABLE)); -+ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", 0); -+ - if (argv[argc] == NULL) { - ret = ENOMEM; - goto fail; diff --git a/security/sssd2/files/patch-src__util__find_uid.c b/security/sssd2/files/patch-src__util__find_uid.c deleted file mode 100644 index 9892baab0f4c..000000000000 --- a/security/sssd2/files/patch-src__util__find_uid.c +++ /dev/null @@ -1,125 +0,0 @@ ---- src/util/find_uid.c.orig 2024-05-16 11:35:27 UTC -+++ src/util/find_uid.c -@@ -36,6 +36,10 @@ - #include - #include - #include -+#ifdef __FreeBSD__ -+#include -+#include -+#endif - - #include "util/find_uid.h" - #include "util/util.h" -@@ -325,9 +329,86 @@ done: - return ret; - } - --errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) -+#ifdef __FreeBSD__ -+static errno_t get_active_uid_freebsd(hash_table_t *table, uid_t uid) - { -+ struct kinfo_proc *kp; -+ hash_key_t key; -+ hash_value_t value; -+ size_t sz; -+ int err, mib[3]; -+ -+ mib[0] = CTL_KERN; -+ mib[1] = KERN_PROC; -+ mib[2] = KERN_PROC_PROC; -+ -+ sz = 0; -+ err = sysctl(mib, 3, NULL, &sz, NULL, 0); -+ if (err) { -+ err = errno; -+ DEBUG(SSSDBG_CRIT_FAILURE, "sysctl failed.\n"); -+ return err; -+ } -+ sz *= 2; -+ -+ kp = talloc_size(NULL, sz); -+ if (kp == NULL) { -+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); -+ return ENOMEM; -+ } -+ -+ err = sysctl(mib, 3, kp, &sz, NULL, 0); -+ if (err) { -+ err = errno; -+ DEBUG(SSSDBG_CRIT_FAILURE, "sysctl failed.\n"); -+ talloc_free(kp); -+ return err; -+ } -+ -+ err = table != NULL ? 0 : ENOENT; -+ for (size_t i = 0; i < sz / sizeof(struct kinfo_proc); i++) { -+ if (kp[i].ki_pid == 0) { -+ continue; -+ } -+ -+ if (table != NULL) { -+ key.type = HASH_KEY_ULONG; -+ key.ul = (unsigned long) kp[i].ki_ruid; -+ value.type = HASH_VALUE_ULONG; -+ value.ul = (unsigned long) kp[i].ki_ruid; -+ -+ err = hash_enter(table, &key, &value); -+ if (err != HASH_SUCCESS) { -+ DEBUG(SSSDBG_CRIT_FAILURE, -+ "cannot add to table [%s]\n", hash_error_string(err)); -+ err = ENOMEM; -+ break; -+ } -+ } else { -+ if (kp[i].ki_ruid == uid) { -+ err = EOK; -+ break; -+ } -+ } -+ } -+ talloc_free(kp); -+ return err; -+} -+#endif /* __FreeBSD__ */ -+ -+static errno_t get_active_uid(hash_table_t *table, uid_t uid) -+{ - #ifdef __linux__ -+ return get_active_uid_linux(table, uid); -+#elif defined(__FreeBSD__) -+ return get_active_uid_freebsd(table, uid); -+#else -+ return ENOSYS; -+#endif -+} -+ -+errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) -+{ - int ret; - - ret = hash_create_ex(0, table, 0, 0, 0, 0, -@@ -339,10 +420,7 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_ - return ENOMEM; - } - -- return get_active_uid_linux(*table, 0); --#else -- return ENOSYS; --#endif -+ return get_active_uid(*table, 0); - } - - errno_t check_if_uid_is_active(uid_t uid, bool *result) -@@ -365,9 +443,9 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result - /* fall back to the old method */ - #endif - -- ret = get_active_uid_linux(NULL, uid); -+ ret = get_active_uid(NULL, uid); - if (ret != EOK && ret != ENOENT) { -- DEBUG(SSSDBG_CRIT_FAILURE, "get_active_uid_linux() failed.\n"); -+ DEBUG(SSSDBG_CRIT_FAILURE, "get_active_uid() failed.\n"); - return ret; - } - diff --git a/security/sssd2/files/patch-src__util__nss_dl_load.c b/security/sssd2/files/patch-src__util__nss_dl_load.c deleted file mode 100644 index a3d9496d5b85..000000000000 --- a/security/sssd2/files/patch-src__util__nss_dl_load.c +++ /dev/null @@ -1,28 +0,0 @@ ---- src/util/nss_dl_load.c.orig 2023-05-05 08:11:07 UTC -+++ src/util/nss_dl_load.c -@@ -24,6 +24,7 @@ - #include "util/util_errors.h" - #include "util/debug.h" - #include "nss_dl_load.h" -+#include "util/sss_bsd_errno.h" - - - #define NSS_FN_NAME "_nss_%s_%s" -@@ -36,7 +37,7 @@ static void *proxy_dlsym(void *handle, - char *funcname; - void *funcptr; - -- funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name); -+ funcname = talloc_asprintf(NULL, "%s", name); - if (funcname == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); - return NULL; -@@ -56,7 +57,7 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, - char *libpath; - size_t i; - -- libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname); -+ libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname); - if (libpath == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); - return ENOMEM; diff --git a/security/sssd2/files/patch-src__util__server.c b/security/sssd2/files/patch-src__util__server.c deleted file mode 100644 index b8901158149c..000000000000 --- a/security/sssd2/files/patch-src__util__server.c +++ /dev/null @@ -1,53 +0,0 @@ ---- src/util/server.c.orig 2024-01-12 12:05:40 UTC -+++ src/util/server.c -@@ -30,17 +30,12 @@ - #include - #include - #include --#include - #include - #include "util/util.h" - #include "confdb/confdb.h" - #include "util/sss_chain_id.h" - #include "util/sss_chain_id_tevent.h" - --#ifdef HAVE_PRCTL --#include --#endif -- - static TALLOC_CTX *autofree_ctx; - - static void server_atexit(void) -@@ -317,10 +312,13 @@ static void setup_signals(void) - BlockSignals(false, SIGTERM); - - #ifndef HAVE_PRCTL -- /* If prctl is not defined on the system, try to handle -- * some common termination signals gracefully */ -+ /* If prctl is not defined on the system, try to handle -+ * some common termination signals gracefully */ -+ (void) sig_segv_abrt; /* unused */ -+ /* - CatchSignal(SIGSEGV, sig_segv_abrt); - CatchSignal(SIGABRT, sig_segv_abrt); -+ */ - #endif - - } -@@ -749,6 +747,8 @@ int server_setup(const char *name, bool is_responder, - DEBUG(SSSDBG_FATAL_FAILURE, "Failed to determine "CONFDB_MONITOR_DUMPABLE"\n"); - return ret; - } -+ -+#ifdef HAVE_PRCTL - ret = prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0); - if (ret != 0) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set PR_SET_DUMPABLE\n"); -@@ -756,6 +756,7 @@ int server_setup(const char *name, bool is_responder, - } else if (!dumpable) { - DEBUG(SSSDBG_IMPORTANT_INFO, "Core dumps are disabled!\n"); - } -+#endif - - sss_chain_id_setup(ctx->event_ctx); - diff --git a/security/sssd2/files/patch-src__util__sss_krb5.c b/security/sssd2/files/patch-src__util__sss_krb5.c deleted file mode 100644 index fdf463bdad02..000000000000 --- a/security/sssd2/files/patch-src__util__sss_krb5.c +++ /dev/null @@ -1,11 +0,0 @@ ---- src/util/sss_krb5.c.orig 2023-05-05 08:11:07 UTC -+++ src/util/sss_krb5.c -@@ -17,6 +17,8 @@ - You should have received a copy of the GNU General Public License - along with this program. If not, see . - */ -+#include -+#include - #include - #include - #include diff --git a/security/sssd2/files/patch-src__util__sss_pam_data.h b/security/sssd2/files/patch-src__util__sss_pam_data.h deleted file mode 100644 index d915f987ea78..000000000000 --- a/security/sssd2/files/patch-src__util__sss_pam_data.h +++ /dev/null @@ -1,10 +0,0 @@ ---- src/util/sss_pam_data.h.orig 2023-05-05 08:11:07 UTC -+++ src/util/sss_pam_data.h -@@ -24,6 +24,7 @@ - #include "config.h" - #include - #include -+#include - #ifdef USE_KEYRING - #include - #include diff --git a/security/sssd2/files/patch-src__util__sss_sockets.c b/security/sssd2/files/patch-src__util__sss_sockets.c index 39b90227f06a..d56aef6ca56a 100644 --- a/security/sssd2/files/patch-src__util__sss_sockets.c +++ b/security/sssd2/files/patch-src__util__sss_sockets.c @@ -1,30 +1,11 @@ ---- src/util/sss_sockets.c.orig 2023-05-05 08:11:07 UTC +--- src/util/sss_sockets.c.orig 2025-05-07 09:36:03 UTC +++ src/util/sss_sockets.c -@@ -144,18 +144,6 @@ errno_t set_fd_common_opts(int fd, int timeout) - "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret, - strerror(ret)); - } -- -- if (domain != AF_UNIX && type == SOCK_STREAM) { -- milli = timeout * 1000; /* timeout in milliseconds */ -- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, -- sizeof(milli)); -- if (ret != 0) { -- ret = errno; -- DEBUG(SSSDBG_FUNC_DATA, -- "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, -- strerror(ret)); -- } -- } - } - - return EOK; -@@ -258,7 +246,7 @@ static void sssd_async_connect_done(struct tevent_cont +@@ -260,7 +260,7 @@ static void sssd_async_connect_done(struct tevent_cont talloc_zfree(fde); - if (ret == EOK) { + if (ret == EOK || ret == EISCONN) { tevent_req_done(req); } else { ret = errno; diff --git a/security/sssd2/files/patch-src__util__util.c b/security/sssd2/files/patch-src__util__util.c deleted file mode 100644 index 31a50f2879eb..000000000000 --- a/security/sssd2/files/patch-src__util__util.c +++ /dev/null @@ -1,19 +0,0 @@ ---- src/util/util.c.orig 2024-01-12 12:05:40 UTC -+++ src/util/util.c -@@ -786,6 +786,16 @@ errno_t sss_fd_nonblocking(int fd) - return EOK; - } - -+int flb_timezone(void) -+{ -+ struct tm tm; -+ time_t t = 0; -+ tzset(); -+ localtime_r(&t, &tm); -+ return -(tm.tm_gmtoff); -+} -+#define timezone (flb_timezone()) -+ - /* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime) - * to unix time (seconds since epoch). Use UTC time zone. - */ diff --git a/security/sssd2/files/patch-src__util__util_creds.h b/security/sssd2/files/patch-src__util__util_creds.h deleted file mode 100644 index 5fbec01ffe22..000000000000 --- a/security/sssd2/files/patch-src__util__util_creds.h +++ /dev/null @@ -1,20 +0,0 @@ ---- src/util/util_creds.h.orig 2023-05-05 08:11:07 UTC -+++ src/util/util_creds.h -@@ -73,6 +73,17 @@ struct cli_creds { - #define cli_creds_get_uid(x) (x->ucred.uid) - #define cli_creds_get_gid(x) (x->ucred.gid) - -+#elif HAVE_FREEBSD -+#include -+#include -+struct cli_creds { -+ struct xucred ucred; -+ SELINUX_CTX selinux_ctx; -+}; -+ -+#define cli_creds_get_uid(x) (x->ucred.cr_uid) -+#define cli_creds_get_gid(x) (x->ucred.cr_gid) -+ - #else /* not HAVE_UCRED */ - struct cli_creds { - SELINUX_CTX selinux_ctx; diff --git a/security/sssd2/files/patch-src_config_cfg__rules.ini b/security/sssd2/files/patch-src_config_cfg__rules.ini new file mode 100644 index 000000000000..a395525dfe9a --- /dev/null +++ b/security/sssd2/files/patch-src_config_cfg__rules.ini @@ -0,0 +1,472 @@ +We have to repeat the whole rule block, because our libc does not support +operator | in basic regexps. +See https://github.com/SSSD/sssd/pull/8227#issuecomment-3567972723 + +--- src/config/cfg_rules.ini.orig 2026-01-14 15:01:42 UTC ++++ src/config/cfg_rules.ini +@@ -340,7 +340,464 @@ validator = ini_allowed_options + + [rule/allowed_domain_options] + validator = ini_allowed_options +-section_re = ^\(domain\|application\)/[^/]\{1,\}$ ++section_re = ^domain/[^/]\{1,\}$ ++ ++option = debug ++option = debug_level ++option = debug_timestamps ++option = debug_microseconds ++option = debug_backtrace_enabled ++option = command ++option = fd_limit ++option = client_idle_timeout ++option = description ++ ++#Available provider types ++option = id_provider ++option = auth_provider ++option = access_provider ++option = chpass_provider ++option = sudo_provider ++option = autofs_provider ++option = hostid_provider ++option = subdomains_provider ++option = selinux_provider ++option = session_provider ++option = resolver_provider ++ ++# Options available to all domains ++option = enabled ++option = domain_type ++option = min_id ++option = max_id ++option = timeout ++option = enumerate ++option = offline_timeout ++option = offline_timeout_max ++option = offline_timeout_random_offset ++option = cache_credentials ++option = cache_credentials_minimal_first_factor_length ++option = use_fully_qualified_names ++option = ignore_group_members ++option = entry_cache_timeout ++option = lookup_family_order ++option = account_cache_expiration ++option = pwd_expiration_warning ++option = filter_users ++option = filter_groups ++option = dns_resolver_server_timeout ++option = dns_resolver_op_timeout ++option = dns_resolver_timeout ++option = dns_resolver_use_search_list ++option = dns_discovery_domain ++option = failover_primary_timeout ++option = override_gid ++option = case_sensitive ++option = override_homedir ++option = fallback_homedir ++option = homedir_substring ++option = override_shell ++option = default_shell ++option = description ++option = realmd_tags ++option = subdomain_refresh_interval ++option = subdomain_refresh_interval_offset ++option = subdomain_inherit ++option = subdomain_homedir ++option = cached_auth_timeout ++option = wildcard_limit ++option = full_name_format ++option = re_expression ++option = auto_private_groups ++option = pam_gssapi_services ++option = pam_gssapi_check_upn ++option = pam_gssapi_indicators_map ++option = local_auth_policy ++ ++#Entry cache timeouts ++option = entry_cache_user_timeout ++option = entry_cache_group_timeout ++option = entry_cache_netgroup_timeout ++option = entry_cache_service_timeout ++option = entry_cache_autofs_timeout ++option = entry_cache_sudo_timeout ++option = entry_cache_ssh_host_timeout ++option = entry_cache_computer_timeout ++option = entry_cache_resolver_timeout ++option = refresh_expired_interval ++option = refresh_expired_interval_offset ++ ++# Dynamic DNS updates ++option = dyndns_update ++option = dyndns_update_per_family ++option = dyndns_ttl ++option = dyndns_iface ++option = dyndns_address ++option = dyndns_refresh_interval ++option = dyndns_refresh_interval_offset ++option = dyndns_update_ptr ++option = dyndns_force_tcp ++option = dyndns_auth ++option = dyndns_auth_ptr ++option = dyndns_server ++option = dyndns_dot_cacert ++option = dyndns_dot_cert ++option = dyndns_dot_key ++ ++# proxy provider specific options ++option = proxy_lib_name ++option = proxy_resolver_lib_name ++option = proxy_fast_alias ++option = proxy_pam_target ++option = proxy_max_children ++ ++# simple access provider specific options ++option = simple_allow_users ++option = simple_deny_users ++option = simple_allow_groups ++option = simple_deny_groups ++ ++# AD provider specific options ++option = ad_access_filter ++option = ad_backup_server ++option = ad_domain ++option = ad_enable_dns_sites ++option = ad_enabled_domains ++option = ad_enable_gc ++option = ad_gpo_access_control ++option = ad_gpo_implicit_deny ++option = ad_gpo_ignore_unreadable ++option = ad_gpo_cache_timeout ++option = ad_gpo_default_right ++option = ad_gpo_map_batch ++option = ad_gpo_map_deny ++option = ad_gpo_map_interactive ++option = ad_gpo_map_network ++option = ad_gpo_map_permit ++option = ad_gpo_map_remote_interactive ++option = ad_gpo_map_service ++option = ad_hostname ++option = ad_machine_account_password_renewal_opts ++option = ad_maximum_machine_account_password_age ++option = ad_server ++option = ad_site ++option = ad_update_samba_machine_account_password ++option = ad_use_ldaps ++ ++# IPA provider specific options ++option = ipa_access_order ++option = ipa_anchor_uuid ++option = ipa_automount_location ++option = ipa_backup_server ++option = ipa_deskprofile_refresh ++option = ipa_deskprofile_request_interval ++option = ipa_deskprofile_search_base ++option = ipa_subid_ranges_search_base ++option = ipa_domain ++option = ipa_group_override_object_class ++option = ipa_hbac_refresh ++option = ipa_hbac_search_base ++option = ipa_hbac_support_srchost ++option = ipa_host_fqdn ++option = ipa_hostgroup_memberof ++option = ipa_hostgroup_member ++option = ipa_hostgroup_name ++option = ipa_hostgroup_objectclass ++option = ipa_hostgroup_uuid ++option = ipa_host_member_of ++option = ipa_host_name ++option = ipa_hostname ++option = ipa_host_object_class ++option = ipa_host_search_base ++option = ipa_host_serverhostname ++option = ipa_host_ssh_public_key ++option = ipa_host_uuid ++option = ipa_master_domain_search_base ++option = ipa_netgroup_domain ++option = ipa_netgroup_member_ext_host ++option = ipa_netgroup_member_host ++option = ipa_netgroup_member_of ++option = ipa_netgroup_member ++option = ipa_netgroup_member_user ++option = ipa_netgroup_name ++option = ipa_netgroup_object_class ++option = ipa_netgroup_uuid ++option = ipa_override_object_class ++option = ipa_ranges_search_base ++option = ipa_selinux_refresh ++option = ipa_selinux_usermap_enabled ++option = ipa_selinux_usermap_host_category ++option = ipa_selinux_usermap_member_host ++option = ipa_selinux_usermap_member_user ++option = ipa_selinux_usermap_name ++option = ipa_selinux_usermap_object_class ++option = ipa_selinux_usermap_see_also ++option = ipa_selinux_usermap_selinux_user ++option = ipa_selinux_usermap_user_category ++option = ipa_selinux_usermap_uuid ++option = ipa_server_mode ++option = ipa_server ++option = ipa_subdomains_search_base ++option = ipa_sudocmdgroup_entry_usn ++option = ipa_sudocmdgroup_member ++option = ipa_sudocmdgroup_name ++option = ipa_sudocmdgroup_object_class ++option = ipa_sudocmdgroup_uuid ++option = ipa_sudocmd_memberof ++option = ipa_sudocmd_object_class ++option = ipa_sudocmd_sudoCmd ++option = ipa_sudocmd_uuid ++option = ipa_sudorule_allowcmd ++option = ipa_sudorule_cmdcategory ++option = ipa_sudorule_denycmd ++option = ipa_sudorule_enabled_flag ++option = ipa_sudorule_entry_usn ++option = ipa_sudorule_externaluser ++option = ipa_sudorule_hostcategory ++option = ipa_sudorule_host ++option = ipa_sudorule_name ++option = ipa_sudorule_notafter ++option = ipa_sudorule_notbefore ++option = ipa_sudorule_object_class ++option = ipa_sudorule_option ++option = ipa_sudorule_runasextgroup ++option = ipa_sudorule_runasextusergroup ++option = ipa_sudorule_runasextuser ++option = ipa_sudorule_runasgroupcategory ++option = ipa_sudorule_runasgroup ++option = ipa_sudorule_runasusercategory ++option = ipa_sudorule_sudoorder ++option = ipa_sudorule_usercategory ++option = ipa_sudorule_user ++option = ipa_sudorule_uuid ++option = ipa_user_override_object_class ++option = ipa_view_class ++option = ipa_view_name ++option = ipa_views_search_base ++ ++# krb5 provider specific options ++option = krb5_auth_timeout ++option = krb5_backup_kpasswd ++option = krb5_backup_server ++option = krb5_canonicalize ++option = krb5_ccachedir ++option = krb5_ccname_template ++option = krb5_confd_path ++option = krb5_fast_principal ++option = krb5_fast_use_anonymous_pkinit ++option = krb5_kdcinfo_lookahead ++option = krb5_kdcip ++option = krb5_keytab ++option = krb5_kpasswd ++option = krb5_lifetime ++option = krb5_map_user ++option = krb5_realm ++option = krb5_renewable_lifetime ++option = krb5_renew_interval ++option = krb5_server ++option = krb5_store_password_if_offline ++option = krb5_use_enterprise_principal ++option = krb5_use_subdomain_realm ++option = krb5_use_fast ++option = krb5_use_kdcinfo ++option = krb5_validate ++ ++# ldap provider specific options ++option = ldap_access_filter ++option = ldap_access_order ++option = ldap_account_expire_policy ++option = ldap_autofs_entry_key ++option = ldap_autofs_entry_object_class ++option = ldap_autofs_entry_value ++option = ldap_autofs_map_master_name ++option = ldap_autofs_map_name ++option = ldap_autofs_map_object_class ++option = ldap_autofs_search_base ++option = ldap_backup_uri ++option = ldap_chpass_backup_uri ++option = ldap_chpass_dns_service_name ++option = ldap_chpass_update_last_change ++option = ldap_chpass_uri ++option = ldap_connection_expire_timeout ++option = ldap_connection_expire_offset ++option = ldap_connection_idle_timeout ++option = ldap_default_authtok ++option = ldap_default_authtok_type ++option = ldap_default_bind_dn ++option = ldap_deref ++option = ldap_deref_threshold ++option = ldap_ignore_unreadable_references ++option = ldap_disable_paging ++option = ldap_disable_range_retrieval ++option = ldap_dns_service_name ++option = ldap_entry_usn ++option = ldap_enumeration_refresh_timeout ++option = ldap_enumeration_refresh_offset ++option = ldap_enumeration_search_timeout ++option = ldap_force_upper_case_realm ++option = ldap_group_entry_usn ++option = ldap_group_external_member ++option = ldap_group_gid_number ++option = ldap_group_member ++option = ldap_group_modify_timestamp ++option = ldap_group_name ++option = ldap_group_nesting_level ++option = ldap_group_object_class ++option = ldap_group_objectsid ++option = ldap_group_search_base ++option = ldap_group_search_filter ++option = ldap_group_search_scope ++option = ldap_group_type ++option = ldap_group_uuid ++option = ldap_idmap_autorid_compat ++option = ldap_idmap_default_domain_sid ++option = ldap_idmap_default_domain ++option = ldap_idmap_helper_table_size ++option = ldap_id_mapping ++option = ldap_idmap_range_max ++option = ldap_idmap_range_min ++option = ldap_idmap_range_size ++option = ldap_id_use_start_tls ++option = ldap_krb5_init_creds ++option = ldap_krb5_keytab ++option = ldap_krb5_ticket_lifetime ++option = ldap_library_debug_level ++option = ldap_max_id ++option = ldap_min_id ++option = ldap_netgroup_member ++option = ldap_netgroup_modify_timestamp ++option = ldap_netgroup_name ++option = ldap_netgroup_object_class ++option = ldap_netgroup_search_base ++option = ldap_netgroup_triple ++option = ldap_network_timeout ++option = ldap_ns_account_lock ++option = ldap_offline_timeout ++option = ldap_opt_timeout ++option = ldap_page_size ++option = ldap_purge_cache_timeout ++option = ldap_purge_cache_offset ++option = ldap_pwd_attribute ++option = ldap_pwdlockout_dn ++option = ldap_pwd_policy ++option = ldap_read_rootdse ++option = ldap_referrals ++option = ldap_rfc2307_fallback_to_local_users ++option = ldap_rootdse_last_usn ++option = ldap_sasl_authid ++option = ldap_sasl_canonicalize ++option = ldap_sasl_mech ++option = ldap_sasl_minssf ++option = ldap_sasl_maxssf ++option = ldap_sasl_realm ++option = ldap_schema ++option = ldap_pwmodify_mode ++option = ldap_search_base ++option = ldap_search_timeout ++option = ldap_service_entry_usn ++option = ldap_service_name ++option = ldap_service_object_class ++option = ldap_service_port ++option = ldap_service_proto ++option = ldap_service_search_base ++option = ldap_sudo_full_refresh_interval ++option = ldap_sudo_hostnames ++option = ldap_sudo_include_netgroups ++option = ldap_sudo_include_regexp ++option = ldap_sudo_ip ++option = ldap_sudorule_command ++option = ldap_sudorule_host ++option = ldap_sudorule_name ++option = ldap_sudorule_notafter ++option = ldap_sudorule_notbefore ++option = ldap_sudorule_object_class ++option = ldap_sudorule_option ++option = ldap_sudorule_order ++option = ldap_sudorule_runasgroup ++option = ldap_sudorule_runas ++option = ldap_sudorule_runasuser ++option = ldap_sudorule_user ++option = ldap_sudo_search_base ++option = ldap_sudo_smart_refresh_interval ++option = ldap_sudo_random_offset ++option = ldap_sudo_use_host_filter ++option = ldap_tls_cacertdir ++option = ldap_tls_cacert ++option = ldap_tls_cert ++option = ldap_tls_cipher_suite ++option = ldap_tls_key ++option = ldap_tls_reqcert ++option = ldap_uri ++option = ldap_use_ppolicy ++option = ldap_ppolicy_pwd_change_threshold ++option = ldap_user_ad_account_expires ++option = ldap_user_ad_user_account_control ++option = ldap_user_authorized_host ++option = ldap_user_authorized_rhost ++option = ldap_user_authorized_service ++option = ldap_user_auth_type ++option = ldap_user_certificate ++option = ldap_user_email ++option = ldap_user_entry_usn ++option = ldap_user_extra_attrs ++option = ldap_user_fullname ++option = ldap_user_gecos ++option = ldap_user_gid_number ++option = ldap_user_home_directory ++option = ldap_user_krb_last_pwd_change ++option = ldap_user_krb_password_expiration ++option = ldap_user_member_of ++option = ldap_user_modify_timestamp ++option = ldap_user_name ++option = ldap_user_nds_login_allowed_time_map ++option = ldap_user_nds_login_disabled ++option = ldap_user_nds_login_expiration_time ++option = ldap_user_object_class ++option = ldap_user_objectsid ++option = ldap_user_passkey ++option = ldap_user_primary_group ++option = ldap_user_principal ++option = ldap_user_search_base ++option = ldap_user_search_filter ++option = ldap_user_search_scope ++option = ldap_user_shadow_expire ++option = ldap_user_shadow_flag ++option = ldap_user_shadow_inactive ++option = ldap_user_shadow_last_change ++option = ldap_user_shadow_max ++option = ldap_user_shadow_min ++option = ldap_user_shadow_warning ++option = ldap_user_shell ++option = ldap_user_ssh_public_key ++option = ldap_user_uid_number ++option = ldap_user_uuid ++option = ldap_use_tokengroups ++option = ldap_host_object_class ++option = ldap_host_name ++option = ldap_host_fqdn ++option = ldap_host_serverhostname ++option = ldap_host_member_of ++option = ldap_host_search_base ++option = ldap_host_ssh_public_key ++option = ldap_host_uuid ++option = ldap_iphost_search_base ++option = ldap_iphost_object_class ++option = ldap_iphost_name ++option = ldap_iphost_number ++option = ldap_iphost_entry_usn ++option = ldap_ipnetwork_search_base ++option = ldap_ipnetwork_object_class ++option = ldap_ipnetwork_name ++option = ldap_ipnetwork_number ++option = ldap_ipnetwork_entry_usn ++option = ldap_subid_ranges_search_base ++ ++# For application domains ++option = inherit_from ++ ++[rule/allowed_domain_options] ++validator = ini_allowed_options ++section_re = ^application/[^/]\{1,\}$ + + option = debug + option = debug_level diff --git a/security/sssd2/files/patch-src_external_platform.m4 b/security/sssd2/files/patch-src_external_platform.m4 new file mode 100644 index 000000000000..f4d606ec201e --- /dev/null +++ b/security/sssd2/files/patch-src_external_platform.m4 @@ -0,0 +1,12 @@ +--- src/external/platform.m4.orig 2026-01-21 16:56:16 UTC ++++ src/external/platform.m4 +@@ -18,7 +18,9 @@ if test x"$osname" = x ; then + elif test -f /etc/gentoo-release ; then + osname="gentoo" + elif test -f /etc/os-release ; then ++ _old_version="$VERSION" + . /etc/os-release ++ VERSION="$_old_version" + if ([[ "${ID}" = "suse" ]]) || ([[ "${ID_LIKE#*suse*}" != "${ID_LIKE}" ]]); then + osname="suse" + fi diff --git a/security/sssd2/files/patch-src_providers_ldap_ldap__auth.c b/security/sssd2/files/patch-src_providers_ldap_ldap__auth.c new file mode 100644 index 000000000000..b2dad5f3b4fb --- /dev/null +++ b/security/sssd2/files/patch-src_providers_ldap_ldap__auth.c @@ -0,0 +1,14 @@ +Can be removed in FreeBSD 15 + +--- src/providers/ldap/ldap_auth.c.orig 2025-06-24 10:24:24 UTC ++++ src/providers/ldap/ldap_auth.c +@@ -100,6 +100,9 @@ static errno_t check_pwexpire_kerberos(const char *exp + time_t expire_time; + int expiration_warning; + int ret = ERR_INTERNAL; ++#ifndef HAVE_TIMEZONE ++ long daylight = 0; ++#endif + + ret = sss_utc_to_time_t(expire_date, "%Y%m%d%H%M%SZ", + &expire_time); diff --git a/security/sssd2/files/patch-src_providers_ldap_sdap__access.c b/security/sssd2/files/patch-src_providers_ldap_sdap__access.c new file mode 100644 index 000000000000..86bed2419c09 --- /dev/null +++ b/security/sssd2/files/patch-src_providers_ldap_sdap__access.c @@ -0,0 +1,14 @@ +Can be removed in FreeBSD 15 + +--- src/providers/ldap/sdap_access.c.orig 2025-06-24 10:24:24 UTC ++++ src/providers/ldap/sdap_access.c +@@ -551,6 +551,9 @@ bool nds_check_expired(const char *exp_time_str) + time_t expire_time; + time_t now; + errno_t ret; ++#ifndef HAVE_TIMEZONE ++ long daylight = 0; ++#endif + + if (exp_time_str == NULL) { + DEBUG(SSSDBG_TRACE_ALL, diff --git a/security/sssd2/files/patch-src_responder_common_responder__common.c b/security/sssd2/files/patch-src_responder_common_responder__common.c new file mode 100644 index 000000000000..5d847dfc6809 --- /dev/null +++ b/security/sssd2/files/patch-src_responder_common_responder__common.c @@ -0,0 +1,11 @@ +--- src/responder/common/responder_common.c.orig 2026-01-14 15:01:42 UTC ++++ src/responder/common/responder_common.c +@@ -108,7 +108,7 @@ static errno_t get_client_cred(struct cli_ctx *cctx) + char cmd_line[255] = { 0 }; + int proc_fd; + +- ret = getsockopt(cctx->cfd, SOL_SOCKET, SSS_PEERCRED_SOCKET_OPTION, &cctx->creds->ucred, ++ ret = getsockopt(cctx->cfd, SOL_LOCAL, SSS_PEERCRED_SOCKET_OPTION, &cctx->creds->ucred, + &client_cred_len); + if (ret != EOK) { + talloc_zfree(cctx->creds); diff --git a/security/sssd2/files/patch-src_responder_nss_nsssrv__mmap__cache.c b/security/sssd2/files/patch-src_responder_nss_nsssrv__mmap__cache.c new file mode 100644 index 000000000000..f81c37811b19 --- /dev/null +++ b/security/sssd2/files/patch-src_responder_nss_nsssrv__mmap__cache.c @@ -0,0 +1,25 @@ +Older FreeBSD versions return EINVAL for posix_fallocate called on ZFS + +--- src/responder/nss/nsssrv_mmap_cache.c.orig 2026-01-14 15:01:42 UTC ++++ src/responder/nss/nsssrv_mmap_cache.c +@@ -19,6 +19,8 @@ + along with this program. If not, see . + */ + ++#include ++ + #include "util/util.h" + #include "util/crypto/sss_crypto.h" + #include "confdb/confdb.h" +@@ -1452,7 +1454,11 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const + /* Copy-on-write file systems such as ZFS and Btrfs can't + * really support the posix_fallocate operation. + * Fall back to ftruncate() in this case */ ++#if __FreeBSD_version <= 1500000 ++ if (ret == ENOSYS || ret == EOPNOTSUPP || ret == EINVAL) { ++#else + if (ret == ENOSYS || ret == EOPNOTSUPP) { ++#endif + ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size); + if (ret == -1) { + ret = errno; diff --git a/security/sssd2/files/patch-src_responder_pam_pamsrv.c b/security/sssd2/files/patch-src_responder_pam_pamsrv.c new file mode 100644 index 000000000000..7132e0e9ff8d --- /dev/null +++ b/security/sssd2/files/patch-src_responder_pam_pamsrv.c @@ -0,0 +1,16 @@ +Can be removed in FreeBSD 14 + +--- src/responder/pam/pamsrv.c.orig 2026-01-14 15:01:42 UTC ++++ src/responder/pam/pamsrv.c +@@ -484,7 +484,11 @@ int main(int argc, const char *argv[]) + */ + sss_getenv(NULL, "LISTEN_PID", NULL, &env_listen_pid); + sss_getenv(NULL, "LISTEN_FDS", NULL, &env_listen_fds); ++#ifdef HAVE_CLEARENV + ret = clearenv(); ++#else ++ ret = 0; ++#endif + if (ret != 0) { + fprintf(stderr, "Failed to clear env.\n"); + return 1; diff --git a/security/sssd2/files/patch-src_tests_cmocka_test__authtok.c b/security/sssd2/files/patch-src_tests_cmocka_test__authtok.c deleted file mode 100644 index 74dd25f945d4..000000000000 --- a/security/sssd2/files/patch-src_tests_cmocka_test__authtok.c +++ /dev/null @@ -1,10 +0,0 @@ ---- src/tests/cmocka/test_authtok.c.orig 2023-05-05 08:11:07 UTC -+++ src/tests/cmocka/test_authtok.c -@@ -28,6 +28,7 @@ - #include "tests/cmocka/common_mock.h" - - #include "util/authtok.h" -+#include "util/sss_endian.h" - - - struct test_state { diff --git a/security/sssd2/files/patch-src_util_util.c b/security/sssd2/files/patch-src_util_util.c new file mode 100644 index 000000000000..1a3d4141c8f3 --- /dev/null +++ b/security/sssd2/files/patch-src_util_util.c @@ -0,0 +1,15 @@ +Can be removed in FreeBSD 15 + +--- src/util/util.c.orig 2026-01-14 15:01:42 UTC ++++ src/util/util.c +@@ -831,8 +831,10 @@ errno_t sss_utc_to_time_t(const char *str, const char + return EINVAL; + } + ++#ifdef HAVE_TIMEZONE + tzset(); + ut -= timezone; ++#endif + *_unix_time = ut; + return EOK; + } diff --git a/security/sssd2/files/pkg-message.in b/security/sssd2/files/pkg-message.in deleted file mode 100644 index 7e20c0c872d2..000000000000 --- a/security/sssd2/files/pkg-message.in +++ /dev/null @@ -1,27 +0,0 @@ -[ -{ type: install - message: < - - Copyright (C) 2013 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef SSS_BSD_ERRNO_H_ -#define SSS_BSD_ERRNO_H_ - -#include - -#define BSD_ERR_MASK (0xB5DE <<16) - -#ifndef EUCLEAN -#define EUCLEAN (BSD_ERR_MASK | 117) -#endif -#ifndef EMEDIUMTYPE -#define EMEDIUMTYPE (BSD_ERR_MASK | 124) -#endif -#ifndef EOWNERDEAD -#define EOWNERDEAD (BSD_ERR_MASK | 130) -#endif -#ifndef ECONNRESET -#define ECONNRESET (BSD_ERR_MASK | 104) -#endif -#ifndef ETIMEDOUT -#define ETIMEDOUT (BSD_ERR_MASK | 110) -#endif -#ifndef ENODATA -#define ENODATA (BSD_ERR_MASK | 61) -#endif -#ifndef ETIME -#define ETIME (BSD_ERR_MASK | 62) -#endif -#ifndef ELIBACC -#define ELIBACC (BSD_ERR_MASK | 79) -#endif -#ifndef ELIBBAD -#define ELIBBAD (BSD_ERR_MASK | 80) -#endif - -#endif /* SSS_BSD_ERRNO_H_ */ diff --git a/security/sssd2/pkg-plist b/security/sssd2/pkg-plist index 08b8e3eae7dd..242b53ca4a73 100644 --- a/security/sssd2/pkg-plist +++ b/security/sssd2/pkg-plist @@ -1,166 +1,197 @@ bin/sss_ssh_authorizedkeys +bin/sss_ssh_knownhosts bin/sss_ssh_knownhostsproxy etc/pam.d/sssd-shadowutils +@comment etc/rc.d/init.d/sssd %%ETCDIR%%/sssd.conf.sample include/ipa_hbac.h include/sss_certmap.h include/sss_idmap.h include/sss_nss_idmap.h lib/krb5/plugins/authdata/sssd_pac_plugin.so lib/krb5/plugins/libkrb5/sssd_krb5_locator_plugin.so lib/libipa_hbac.so lib/libipa_hbac.so.0 lib/libipa_hbac.so.0.1.0 lib/libnss_sss.so.2 lib/libsss_certmap.so lib/libsss_certmap.so.0 lib/libsss_certmap.so.0.2.0 lib/libsss_idmap.so lib/libsss_idmap.so.0 -lib/libsss_idmap.so.0.5.1 +lib/libsss_idmap.so.0.6.0 lib/libsss_nss_idmap.so lib/libsss_nss_idmap.so.0 -lib/libsss_nss_idmap.so.0.6.0 +lib/libsss_nss_idmap.so.0.6.1 lib/libsss_sudo.so lib/nss_sss.so.1 lib/pam_sss.so lib/pam_sss_gss.so -%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.6-py%%PYTHON_VER%%.egg-info/PKG-INFO -%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.6-py%%PYTHON_VER%%.egg-info/SOURCES.txt -%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.6-py%%PYTHON_VER%%.egg-info/dependency_links.txt -%%PYTHON_SITELIBDIR%%/SSSDConfig-2.9.6-py%%PYTHON_VER%%.egg-info/top_level.txt +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.12.0-py%%PYTHON_VER%%.egg-info/PKG-INFO +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.12.0-py%%PYTHON_VER%%.egg-info/SOURCES.txt +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.12.0-py%%PYTHON_VER%%.egg-info/dependency_links.txt +%%PYTHON_SITELIBDIR%%/SSSDConfig-2.12.0-py%%PYTHON_VER%%.egg-info/top_level.txt %%PYTHON_SITELIBDIR%%/SSSDConfig/__init__.py %%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/__init__%%PYTHON_TAG%%.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/ipachangeconf%%PYTHON_TAG%%.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/__pycache__/sssdoptions%%PYTHON_TAG%%.pyc %%PYTHON_SITELIBDIR%%/SSSDConfig/ipachangeconf.py %%PYTHON_SITELIBDIR%%/SSSDConfig/sssdoptions.py %%PYTHON_SITELIBDIR%%/pyhbac.so %%PYTHON_SITELIBDIR%%/pysss.so %%PYTHON_SITELIBDIR%%/pysss_murmur.so %%PYTHON_SITELIBDIR%%/pysss_nss_idmap.so %%PYTHON_SITELIBDIR%%/sssd/__init__.py %%PYTHON_SITELIBDIR%%/sssd/modules/__init__.py +%%PYTHON_SITELIBDIR%%/sssd/modules/error.py %%PYTHON_SITELIBDIR%%/sssd/modules/request.py %%PYTHON_SITELIBDIR%%/sssd/parser.py %%PYTHON_SITELIBDIR%%/sssd/source_files.py %%PYTHON_SITELIBDIR%%/sssd/source_journald.py %%PYTHON_SITELIBDIR%%/sssd/source_reader.py %%PYTHON_SITELIBDIR%%/sssd/sss_analyze.py +%%PYTHON_SITELIBDIR%%/sssd/util.py %%SAMBA_IDMAP_MODULESDIR%%/sss.so %%SAMBA_LDB_MODULESDIR%%/memberof.so lib/sssd/conf/sssd.conf lib/sssd/libifp_iface.so lib/sssd/libifp_iface_sync.so lib/sssd/libsss_ad.so lib/sssd/libsss_cert.so lib/sssd/libsss_child.so lib/sssd/libsss_crypt.so lib/sssd/libsss_debug.so -lib/sssd/libsss_files.so +lib/sssd/libsss_idp.so lib/sssd/libsss_iface.so lib/sssd/libsss_iface_sync.so lib/sssd/libsss_ipa.so lib/sssd/libsss_krb5.so lib/sssd/libsss_krb5_common.so lib/sssd/libsss_ldap.so lib/sssd/libsss_ldap_common.so lib/sssd/libsss_proxy.so lib/sssd/libsss_sbus.so lib/sssd/libsss_sbus_sync.so -lib/sssd/libsss_semanage.so lib/sssd/libsss_simple.so lib/sssd/libsss_util.so lib/sssd/modules/sssd_krb5_idp_plugin.so lib/sssd/modules/sssd_krb5_localauth_plugin.so lib/sssd/modules/sssd_krb5_passkey_plugin.so libdata/pkgconfig/ipa_hbac.pc libdata/pkgconfig/sss_certmap.pc libdata/pkgconfig/sss_idmap.pc libdata/pkgconfig/sss_nss_idmap.pc libexec/sssd/gpo_child libexec/sssd/krb5_child libexec/sssd/ldap_child libexec/sssd/oidc_child libexec/sssd/p11_child libexec/sssd/passkey_child libexec/sssd/proxy_child libexec/sssd/sss_analyze libexec/sssd/sss_signal libexec/sssd/sssd_be libexec/sssd/sssd_ifp libexec/sssd/sssd_kcm libexec/sssd/sssd_nss libexec/sssd/sssd_pac libexec/sssd/sssd_pam libexec/sssd/sssd_ssh libexec/sssd/sssd_sudo sbin/sss_cache sbin/sss_debuglevel sbin/sss_obfuscate sbin/sss_override sbin/sss_seed sbin/sssctl sbin/sssd share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf +%%NLS%%share/locale/bg/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/ca/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/cs/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/de/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/es/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/eu/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/fi/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/fr/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/hu/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/id/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/it/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/ja/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/ka/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/ko/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/nb/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/nl/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/pl/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/pt/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/pt_BR/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/ru/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/sv/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/tg/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/tr/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/uk/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/zh_CN/LC_MESSAGES/sssd.mo +%%NLS%%share/locale/zh_TW/LC_MESSAGES/sssd.mo share/man/man1/sss_ssh_authorizedkeys.1.gz -share/man/man1/sss_ssh_knownhostsproxy.1.gz +share/man/man1/sss_ssh_knownhosts.1.gz share/man/man5/sss-certmap.5.gz share/man/man5/sssd-ad.5.gz -share/man/man5/sssd-files.5.gz +share/man/man5/sssd-idp.5.gz share/man/man5/sssd-ifp.5.gz share/man/man5/sssd-ipa.5.gz share/man/man5/sssd-krb5.5.gz share/man/man5/sssd-ldap-attributes.5.gz share/man/man5/sssd-ldap.5.gz share/man/man5/sssd-session-recording.5.gz share/man/man5/sssd-simple.5.gz share/man/man5/sssd-sudo.5.gz share/man/man5/sssd.conf.5.gz share/man/man8/idmap_sss.8.gz share/man/man8/pam_sss.8.gz share/man/man8/pam_sss_gss.8.gz share/man/man8/sss_cache.8.gz share/man/man8/sss_debuglevel.8.gz share/man/man8/sss_obfuscate.8.gz share/man/man8/sss_override.8.gz share/man/man8/sss_seed.8.gz share/man/man8/sssctl.8.gz share/man/man8/sssd-kcm.8.gz share/man/man8/sssd.8.gz share/man/man8/sssd_krb5_localauth_plugin.8.gz share/man/man8/sssd_krb5_locator_plugin.8.gz -%%DATADIR%%/dbus-1/system-services/org.freedesktop.sssd.infopipe.service -%%DATADIR%%/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf -%%DATADIR%%/sssd-kcm/kcm_default_ccache -%%DATADIR%%/sssd/cfg_rules.ini -%%DATADIR%%/sssd/krb5-snippets/enable_sssd_conf_dir -%%DATADIR%%/sssd/krb5-snippets/sssd_enable_idp -%%DATADIR%%/sssd/krb5-snippets/sssd_enable_passkey -%%DATADIR%%/sssd/sssd.api.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-ad.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-files.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-ipa.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-krb5.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-ldap.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-proxy.conf -%%DATADIR%%/sssd/sssd.api.d/sssd-simple.conf +share/sssd-kcm/kcm_default_ccache +%%DATADIR%%/cfg_rules.ini +%%DATADIR%%/krb5-snippets/enable_sssd_conf_dir +%%DATADIR%%/krb5-snippets/sssd_enable_idp +%%DATADIR%%/krb5-snippets/sssd_enable_passkey +%%DATADIR%%/sssd.api.conf +%%DATADIR%%/sssd.api.d/sssd-ad.conf +%%DATADIR%%/sssd.api.d/sssd-ipa.conf +%%DATADIR%%/sssd.api.d/sssd-krb5.conf +%%DATADIR%%/sssd.api.d/sssd-ldap.conf +%%DATADIR%%/sssd.api.d/sssd-proxy.conf +%%DATADIR%%/sssd.api.d/sssd-simple.conf @dir %%ETCDIR%%/conf.d @dir %%ETCDIR%%/pki @dir lib/ldb +@dir %%DOCSDIR%%/doc +@dir %%DOCSDIR%%/hbac_doc +@dir %%DOCSDIR%%/idmap_doc +@dir %%DOCSDIR%%/nss_idmap_doc @dir /var/db/sss/db @dir /var/db/sss/deskprofile @dir /var/db/sss/gpo_cache @dir /var/db/sss/keytabs @dir /var/db/sss/mc @dir /var/db/sss/pubconf/krb5.include.d @dir /var/db/sss/pubconf @dir /var/db/sss @dir /var/lib/sss/secrets @dir /var/lib/sss @dir /var/lib @dir /var/log/sssd @dir /var/run/sss/pipes/private @dir /var/run/sss/pipes @dir /var/run/sss +@dir /var/run/sssd