diff options
| author |   Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 13:49:04 -0700 |
|---|---|---|
| committer | Robin H. Johnson <robbat2@gentoo.org> | 2015-08-08 17:38:18 -0700 |
| commit | 56bd759df1d0c750a065b8c845e93d5dfa6b549d (patch) | |
| tree | 3f91093cdb475e565ae857f1c5a7fd339e2d781e /sys-auth/nss_ldap/files | |
| download | gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.gz gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.tar.bz2 gentoo-56bd759df1d0c750a065b8c845e93d5dfa6b549d.zip | |
proj/gentoo: Initial commit
This commit represents a new era for Gentoo:
Storing the gentoo-x86 tree in Git, as converted from CVS.
This commit is the start of the NEW history.
Any historical data is intended to be grafted onto this point.
Creation process:
1. Take final CVS checkout snapshot
2. Remove ALL ChangeLog* files
3. Transform all Manifests to thin
4. Remove empty Manifests
5. Convert all stale $Header$/$Id$ CVS keywords to non-expanded Git $Id$
5.1. Do not touch files with -kb/-ko keyword flags.
Signed-off-by: Robin H. Johnson <robbat2@gentoo.org>
X-Thanks: Alec Warner <antarus@gentoo.org> - did the GSoC 2006 migration tests
X-Thanks: Robin H. Johnson <robbat2@gentoo.org> - infra guy, herding this project
X-Thanks: Nguyen Thai Ngoc Duy <pclouds@gentoo.org> - Former Gentoo developer, wrote Git features for the migration
X-Thanks: Brian Harring <ferringb@gentoo.org> - wrote much python to improve cvs2svn
X-Thanks: Rich Freeman <rich0@gentoo.org> - validation scripts
X-Thanks: Patrick Lauer <patrick@gentoo.org> - Gentoo dev, running new 2014 work in migration
X-Thanks: Michał Górny <mgorny@gentoo.org> - scripts, QA, nagging
X-Thanks: All of other Gentoo developers - many ideas and lots of paint on the bikeshed
Diffstat (limited to 'sys-auth/nss_ldap/files')
14 files changed, 1743 insertions, 0 deletions
diff --git a/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch new file mode 100644 index 000000000000..1dbd8dc889a1 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-239-tls-security-bug.patch @@ -0,0 +1,42 @@ +--- ldap-nss.c 2004-09-28 03:20:11.000000000 +0100 ++++ ldap-nss.c.new 2005-07-04 01:32:12.000000000 +0100 +@@ -330,6 +330,39 @@ + + timelimit = __session.ls_config->ldc_bind_timelimit; + ++#ifdef HAVE_LDAP_START_TLS_S ++ if (__session.ls_config->ldc_ssl_on == SSL_START_TLS) ++ { ++ int version; ++ ++ if (ldap_get_option ++ (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, ++ &version) == LDAP_OPT_SUCCESS) ++ { ++ if (version < LDAP_VERSION3) ++ { ++ version = LDAP_VERSION3; ++ ldap_set_option (__session.ls_conn, LDAP_OPT_PROTOCOL_VERSION, ++ &version); ++ } ++ } ++ ++ debug ("==> start_tls"); ++ if (ldap_start_tls_s (__session.ls_conn, NULL, NULL) == LDAP_SUCCESS) ++ { ++ debug ("TLS startup succeeded"); ++ } ++ else ++ { ++ debug ("TLS startup failed"); ++ do_close (); ++ debug ("<== do_open"); ++ return NSS_UNAVAIL; ++ } ++ debug ("<== start_tls"); ++ } ++#endif /* HAVE_LDAP_START_TLS_S */ ++ + return do_bind (ld, timelimit, who, cred, with_sasl); + } + #else diff --git a/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch b/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch new file mode 100644 index 000000000000..1e92c9bb6fe5 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-249-sasl-compile.patch @@ -0,0 +1,11 @@ +--- ldap-nss.c~ 2006-02-25 02:43:33.503639826 -0800 ++++ ldap-nss.c 2006-02-25 02:50:51.943806612 -0800 +@@ -72,6 +72,8 @@ + #include <sasl/sasl.h> + #elif defined(HAVE_SASL_H) + #include <sasl.h> ++#elif defined(HAVE_SASL_SASL_H) ++#include <sasl/sasl.h> + #endif + + #ifndef HAVE_SNPRINTF diff --git a/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch new file mode 100644 index 000000000000..285a34e3df4b --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-252-reconnect-timeouts.patch @@ -0,0 +1,65 @@ +This patch changes the default timeouts, so that they are much lower, and do +not cause major delays when booting a system. This is a workaround until the +core /etc/{passwd,group} contain all of the data needed for a system boot. + +Also add a note that 'ssl on' is broken and TLS should be used instead. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap-nss.h nss_ldap-250/ldap-nss.h +--- nss_ldap-250.orig/ldap-nss.h 2006-04-26 18:19:00.000000000 -0700 ++++ nss_ldap-250/ldap-nss.h 2006-06-14 01:58:01.933005492 -0700 +@@ -96,9 +96,9 @@ + * unacceptable, in which case you may wish to adjust + * the constants below. + */ +-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */ +-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */ +-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */ ++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */ ++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */ ++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */ + #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */ + + #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H) +diff -Nuar --exclude '*~' nss_ldap-250.orig/ldap.conf nss_ldap-250/ldap.conf +--- nss_ldap-250.orig/ldap.conf 2006-04-26 18:19:00.000000000 -0700 ++++ nss_ldap-250/ldap.conf 2006-06-14 02:12:02.008444745 -0700 +@@ -283,7 +283,8 @@ + # OpenLDAP SSL mechanism + # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 + #ssl start_tls +-#ssl on ++###ssl on ++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead. + + # OpenLDAP SSL options + # Require and verify server certificate (yes/no) +@@ -315,3 +316,27 @@ + # Override the default Kerberos ticket cache location. + #krb5_ccname FILE:/etc/.ldapcache + ++# Timeout behavior ++# Upstream nss_ldap hard-codes these values: ++#nss_reconnect_tries 5 # number of times to double the sleep time ++#nss_reconnect_sleeptime 4 # initial sleep value ++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at ++#nss_reconnect_maxconntries 2 # how many tries before sleeping ++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the ++# server is not available. ++ ++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values ++# (The hardwired constants in the code are changed to them as well): ++nss_reconnect_tries 4 # number of times to double the sleep time ++nss_reconnect_sleeptime 1 # initial sleep value ++nss_reconnect_maxsleeptime 16 # max sleep value to cap at ++nss_reconnect_maxconntries 2 # how many tries before sleeping ++# This leads to a delay of 15 seconds (1+2+4+8=15) ++ ++# If you are impatient, and know your LDAP server is reliable, fast or local, ++# you may wish to use these values instead: ++#nss_reconnect_tries 1 # number of times to double the sleep time ++#nss_reconnect_sleeptime 1 # initial sleep value ++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at ++#nss_reconnect_maxconntries 3 # how many tries before sleeping ++# This leads to a delay of 1 second. diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch new file mode 100644 index 000000000000..68809bcf1b1b --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-254-nss_getgrent_skipmembers.patch @@ -0,0 +1,226 @@ +diff -c -r nss_ldap-250/ChangeLog nss_ldap-250.1/ChangeLog +*** nss_ldap-250/ChangeLog Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/ChangeLog Wed Aug 16 16:58:57 2006 +*************** +*** 1,6 **** +--- 1,13 ---- + $Id$ + =============================================================== + ++ 250.1 Paul B. Henson <henson@acm.org> ++ ++ * add nss_getgrent_skipmembers parameter to ldap.conf, ++ if enabled will not request member attributes for ++ group lookups, greatly increasing performance in the ++ face of large groups ++ + 250 Luke Howard <lukeh@padl.com> + + * don't use static _nss_ldap_no_members buffer, +diff -c -r nss_ldap-250/ldap-nss.c nss_ldap-250.1/ldap-nss.c +*** nss_ldap-250/ldap-nss.c Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/ldap-nss.c Wed Aug 16 16:51:49 2006 +*************** +*** 1258,1264 **** + + cfg = __config; + +! _nss_ldap_init_attributes (cfg->ldc_attrtab); + _nss_ldap_init_filters (); + + #ifdef HAVE_LDAP_SET_OPTION +--- 1258,1264 ---- + + cfg = __config; + +! _nss_ldap_init_attributes (cfg->ldc_attrtab, cfg->ldc_getgrent_skipmembers); + _nss_ldap_init_filters (); + + #ifdef HAVE_LDAP_SET_OPTION +diff -c -r nss_ldap-250/ldap-nss.h nss_ldap-250.1/ldap-nss.h +*** nss_ldap-250/ldap-nss.h Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/ldap-nss.h Wed Aug 16 16:51:59 2006 +*************** +*** 390,395 **** +--- 390,396 ---- + time_t ldc_mtime; + + char **ldc_initgroups_ignoreusers; ++ int ldc_getgrent_skipmembers; + }; + + typedef struct ldap_config ldap_config_t; +diff -c -r nss_ldap-250/ldap-schema.c nss_ldap-250.1/ldap-schema.c +*** nss_ldap-250/ldap-schema.c Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/ldap-schema.c Wed Aug 16 16:54:52 2006 +*************** +*** 273,279 **** + + static void init_pwd_attributes (const char ***pwd_attrs); + static void init_sp_attributes (const char ***sp_attrs); +! static void init_grp_attributes (const char ***grp_attrs); + static void init_hosts_attributes (const char ***hosts_attrs); + static void init_services_attributes (const char ***services_attrs); + static void init_network_attributes (const char ***network_attrs); +--- 273,279 ---- + + static void init_pwd_attributes (const char ***pwd_attrs); + static void init_sp_attributes (const char ***sp_attrs); +! static void init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers); + static void init_hosts_attributes (const char ***hosts_attrs); + static void init_services_attributes (const char ***services_attrs); + static void init_network_attributes (const char ***network_attrs); +*************** +*** 289,299 **** + * attribute table initialization routines + */ + void +! _nss_ldap_init_attributes (const char ***attrtab) + { + init_pwd_attributes (&attrtab[LM_PASSWD]); + init_sp_attributes (&attrtab[LM_SHADOW]); +! init_grp_attributes (&attrtab[LM_GROUP]); + init_hosts_attributes (&attrtab[LM_HOSTS]); + init_services_attributes (&attrtab[LM_SERVICES]); + init_network_attributes (&attrtab[LM_NETWORKS]); +--- 289,299 ---- + * attribute table initialization routines + */ + void +! _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers) + { + init_pwd_attributes (&attrtab[LM_PASSWD]); + init_sp_attributes (&attrtab[LM_SHADOW]); +! init_grp_attributes (&attrtab[LM_GROUP], ldc_getgrent_skipmembers); + init_hosts_attributes (&attrtab[LM_HOSTS]); + init_services_attributes (&attrtab[LM_SERVICES]); + init_network_attributes (&attrtab[LM_NETWORKS]); +*************** +*** 357,363 **** + } + + static void +! init_grp_attributes (const char ***grp_attrs) + { + int i = 0; + static const char *__grp_attrs[ATTRTAB_SIZE + 1]; +--- 357,363 ---- + } + + static void +! init_grp_attributes (const char ***grp_attrs, int ldc_getgrent_skipmembers) + { + int i = 0; + static const char *__grp_attrs[ATTRTAB_SIZE + 1]; +*************** +*** 366,374 **** + + (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn); + (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword); +! (*grp_attrs)[i++] = (char *) AT (memberUid); +! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) +! (*grp_attrs)[i++] = (char *) AT (uniqueMember); + (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber); + (*grp_attrs)[i] = NULL; + } +--- 366,377 ---- + + (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, cn); + (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, userPassword); +! if (!ldc_getgrent_skipmembers) +! { +! (*grp_attrs)[i++] = (char *) AT (memberUid); +! if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_RFC2307BIS)) +! (*grp_attrs)[i++] = (char *) AT (uniqueMember); +! } + (*grp_attrs)[i++] = (char *) ATM (LM_GROUP, gidNumber); + (*grp_attrs)[i] = NULL; + } +diff -c -r nss_ldap-250/ldap-schema.h nss_ldap-250.1/ldap-schema.h +*** nss_ldap-250/ldap-schema.h Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/ldap-schema.h Wed Aug 16 16:54:07 2006 +*************** +*** 30,36 **** + * function to initialize global lookup filters. + */ + void _nss_ldap_init_filters (); +! void _nss_ldap_init_attributes (const char ***attrtab); + + /** + * make filters formerly declared in ldap-*.h globally available. +--- 30,36 ---- + * function to initialize global lookup filters. + */ + void _nss_ldap_init_filters (); +! void _nss_ldap_init_attributes (const char ***attrtab, int ldc_getgrent_skipmembers); + + /** + * make filters formerly declared in ldap-*.h globally available. +diff -c -r nss_ldap-250/nss_ldap.5 nss_ldap-250.1/nss_ldap.5 +*** nss_ldap-250/nss_ldap.5 Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/nss_ldap.5 Wed Aug 16 17:07:19 2006 +*************** +*** 445,450 **** +--- 445,458 ---- + to return NSS_STATUS_NOTFOUND if called with a listed users as + its argument. + .TP ++ .B nss_getgrent_skipmembers <yes|no> ++ Specifies whether or not to populate the members list in ++ the group structure for group lookups. If very large groups ++ are present, enabling this option will greatly increase ++ perforance, at the cost of some lost functionality. You should ++ verify no local applications rely on this information before ++ enabling this on a production system. ++ .TP + .B nss_srv_domain <domain> + This option determines the DNS domain used for performing SRV + lookups. +diff -c -r nss_ldap-250/util.c nss_ldap-250.1/util.c +*** nss_ldap-250/util.c Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/util.c Wed Aug 16 16:52:55 2006 +*************** +*** 660,665 **** +--- 660,666 ---- + result->ldc_reconnect_maxsleeptime = LDAP_NSS_MAXSLEEPTIME; + result->ldc_reconnect_maxconntries = LDAP_NSS_MAXCONNTRIES; + result->ldc_initgroups_ignoreusers = NULL; ++ result->ldc_getgrent_skipmembers = 0; + + for (i = 0; i <= LM_NONE; i++) + { +*************** +*** 1137,1142 **** +--- 1138,1156 ---- + break; + } + } ++ else if (!strcasecmp (k, NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS)) ++ { ++ if (!strcasecmp (v, "on") || !strcasecmp (v, "yes") ++ || !strcasecmp (v, "true")) ++ { ++ result->ldc_getgrent_skipmembers = 1; ++ } ++ else if (!strcasecmp (v, "off") || !strcasecmp (v, "no") ++ || !strcasecmp (v, "false")) ++ { ++ result->ldc_getgrent_skipmembers = 0; ++ } ++ } + else if (!strcasecmp (k, NSS_LDAP_KEY_CONNECT_POLICY)) + { + if (!strcasecmp (v, "oneshot")) +diff -c -r nss_ldap-250/util.h nss_ldap-250.1/util.h +*** nss_ldap-250/util.h Wed Apr 26 18:19:00 2006 +--- nss_ldap-250.1/util.h Wed Aug 16 16:49:52 2006 +*************** +*** 83,88 **** +--- 83,89 ---- + #define NSS_LDAP_KEY_PAGESIZE "pagesize" + #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups" + #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers" ++ #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers" + + /* more reconnect policy fine-tuning */ + #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries" diff --git a/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch b/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch new file mode 100644 index 000000000000..e832c2f0d218 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-254-soname.patch @@ -0,0 +1,12 @@ +Set the soname which glibc expects us to have. +--- nss_ldap-254/configure.in 2007-02-26 16:40:53.000000000 -0500 ++++ nss_ldap-254/configure.in 2007-02-26 16:40:47.000000000 -0500 +@@ -92,7 +92,7 @@ + nss_ldap_so_LDFLAGS="-b -dynamic -G `cat exports.hpux`" + CPPFLAGS="$CPPFLAGS -I. -DHPUX" + TARGET_OS=HPUX ;; +-linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;; ++linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux -Wl,-soname=libnss_ldap.so.2" ;; + *) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;; + esac + diff --git a/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch new file mode 100644 index 000000000000..d2f8efeec751 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch @@ -0,0 +1,92 @@ +Gentoo-Bug: 155492 +Original-Author: Heath Caldwell <hncaldwell@csupomona.edu> +Rediffed-by: Robin H. Johnson <robbat2@gentoo.org> + +--- nss_ldap-257.orig/ChangeLog 2007-09-18 15:02:59.997686000 -0700 ++++ nss_ldap-257/ChangeLog 2007-09-18 15:04:07.925113592 -0700 +@@ -3,2 +3,7 @@ + ++257.1 Heath Caldwell <hncaldwell@csupomona.edu> ++ ++ * add configurable maximum group depth with new ++ configuration file option called nss_max_group_depth ++ + 257 Luke Howard <lukeh@padl.com> +--- nss_ldap-257.orig/ldap-grp.c 2007-08-02 21:51:09.000000000 -0700 ++++ nss_ldap-257/ldap-grp.c 2007-09-18 15:03:23.734619150 -0700 +@@ -308,7 +308,7 @@ + uniquemember_attrs[0] = uniquemember_attr; + uniquemember_attrs[1] = NULL; + +- if (*depth > LDAP_NSS_MAXGR_DEPTH) ++ if (*depth > _nss_ldap_max_group_depth) + { + return NSS_NOTFOUND; + } +@@ -844,7 +844,7 @@ + const char *gidnumber_attrs[2]; + int erange; + +- if (lia->depth > LDAP_NSS_MAXGR_DEPTH) ++ if (lia->depth > _nss_ldap_max_group_depth) + return NSS_NOTFOUND; + + if (_nss_ldap_namelist_find (lia->known_groups, dn)) +@@ -890,7 +890,7 @@ + size_t memberCount, i; + int erange; + +- if (lia->depth > LDAP_NSS_MAXGR_DEPTH) ++ if (lia->depth > _nss_ldap_max_group_depth) + return NSS_NOTFOUND; + + for (memberCount = 0; membersOf[memberCount] != NULL; memberCount++) +--- nss_ldap-257.orig/ldap-nss.h 2007-09-18 15:02:59.997686000 -0700 ++++ nss_ldap-257/ldap-nss.h 2007-09-18 15:03:23.734619150 -0700 +@@ -105,7 +105,8 @@ + #define LDAP_NSS_MAXNETGR_DEPTH 16 /* maximum depth of netgroup nesting for innetgr() */ + #endif /* HAVE_NSSWITCH_H */ + +-#define LDAP_NSS_MAXGR_DEPTH 16 /* maximum depth of group nesting for getgrent()/initgroups() */ ++#define LDAP_NSS_MAXGR_DEPTH 16 /* default maximum depth of group nesting for getgrent()/initgroups() */ ++extern int _nss_ldap_max_group_depth; /* global variable to hold maximum group depth */ + + #if LDAP_NSS_NGROUPS > 64 + #define LDAP_NSS_BUFLEN_GROUP (NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX))) +--- nss_ldap-257.orig/nss_ldap.5 2007-09-18 15:03:00.001020000 -0700 ++++ nss_ldap-257/nss_ldap.5 2007-09-18 15:05:42.779508238 -0700 +@@ -453,6 +453,10 @@ + verify no local applications rely on this information before + enabling this on a production system. + .TP ++.B nss_max_group_depth <value> ++Specifies the maximum depth to which nested groups are queried. ++A value of 0 effectively disables querying for nested groups. ++.TP + .B nss_srv_domain <domain> + This option determines the DNS domain used for performing SRV + lookups. +--- nss_ldap-257.orig/util.c 2007-09-18 15:03:00.001020000 -0700 ++++ nss_ldap-257/util.c 2007-09-18 15:04:35.032083555 -0700 +@@ -62,2 +62,5 @@ + ++/* Initialize global maximum group depth to default. */ ++int _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH; ++ + static NSS_STATUS do_getrdnvalue (const char *dn, +@@ -805,2 +808,5 @@ + ++ /* Reset global maximum group depth to default. */ ++ _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH; ++ + while (fgets (b, sizeof (b), fp) != NULL) +--- nss_ldap-257.orig/util.h 2007-09-18 15:03:00.001020000 -0700 ++++ nss_ldap-257/util.h 2007-09-18 15:05:11.295822638 -0700 +@@ -84,6 +84,7 @@ + #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups" + #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers" + #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers" ++#define NSS_LDAP_KEY_MAX_GROUP_DEPTH "nss_max_group_depth" + + /* more reconnect policy fine-tuning */ + #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries" diff --git a/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch b/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch new file mode 100644 index 000000000000..cec5517e741c --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-257.2-gssapi-headers.patch @@ -0,0 +1,65 @@ +http://bugs.gentoo.org/show_bug.cgi?id=165638 +http://bugzilla.padl.com/show_bug.cgi?id=308 + +Make nss_ldap compile with gssapi/gssapi.h even if there is no +gssapi/gssapi_krb5.h present. This seems to be needed to compile against +heimdal. Extended header checks and modified preprocessor logic a bit. + +2007-02-07 Martin von Gagern <Martin.vGagern@gmx.net> + +diff -ruN nss_ldap-257.2.orig/config.h.in nss_ldap-257.2/config.h.in +--- nss_ldap-257.2.orig/config.h.in 2007-10-24 14:22:55.000000000 +0200 ++++ nss_ldap-257.2/config.h.in 2007-10-24 14:25:15.000000000 +0200 +@@ -87,6 +87,9 @@ + /* Define to 1 if you have the <gssapi/gssapi_krb5.h> header file. */ + #undef HAVE_GSSAPI_GSSAPI_KRB5_H + ++/* Define to 1 if you have the <gssapi/gssapi.h> header file. */ ++#undef HAVE_GSSAPI_GSSAPI_H ++ + /* Define to 1 if you have the <gssapi.h> header file. */ + #undef HAVE_GSSAPI_H + +diff -ruN nss_ldap-257.2.orig/configure nss_ldap-257.2/configure +--- nss_ldap-257.2.orig/configure 2007-10-24 14:22:55.000000000 +0200 ++++ nss_ldap-257.2/configure 2007-10-24 14:25:49.000000000 +0200 +@@ -8409,7 +8409,7 @@ + + + +-for ac_header in gssapi/gssapi_krb5.h gssapi.h ++for ac_header in gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h + do + as_ac_Header=`echo "ac_cv_header_$ac_header" | $as_tr_sh` + if eval "test \"\${$as_ac_Header+set}\" = set"; then +diff -ruN nss_ldap-257.2.orig/configure.in nss_ldap-257.2/configure.in +--- nss_ldap-257.2.orig/configure.in 2007-10-24 14:22:55.000000000 +0200 ++++ nss_ldap-257.2/configure.in 2007-10-24 14:26:26.000000000 +0200 +@@ -182,7 +182,7 @@ + AC_CHECK_HEADERS(strings.h) + AC_CHECK_HEADERS(gssldap.h) + AC_CHECK_HEADERS(gsssasl.h) +-AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi.h) ++AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h) + AC_CHECK_HEADERS(krb5.h) + + AC_CHECK_LIB(resolv, main) +diff -ruN nss_ldap-257.2.orig/ldap-nss.c nss_ldap-257.2/ldap-nss.c +--- nss_ldap-257.2.orig/ldap-nss.c 2007-10-24 14:22:55.000000000 +0200 ++++ nss_ldap-257.2/ldap-nss.c 2007-10-24 14:27:32.000000000 +0200 +@@ -82,10 +82,14 @@ + #endif + #ifdef HAVE_GSSAPI_H + #include <gssapi.h> +-#elif defined(HAVE_GSSAPI_GSSAPI_KRB5_H) ++#else ++#ifdef HAVE_GSSAPI_GSSAPI_H + #include <gssapi/gssapi.h> ++#endif ++#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H + #include <gssapi/gssapi_krb5.h> + #endif ++#endif + #ifdef CONFIGURE_KRB5_CCNAME + #include <krb5.h> + #endif diff --git a/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch b/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch new file mode 100644 index 000000000000..7671574da4da --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-264-disable-automagic.patch @@ -0,0 +1,109 @@ +Explicitly provide a way to disable Kerberos/SASL/SSL usage in nss_ldap, so +that you can build non-kerberos versions on systems with Kerberos installed +WITHOUT it linking due to presence. + +Signed-off-by: Robin H. Johnson <robbat2@gentoo.org> + +diff -Nuar nss_ldap-264.orig/configure.in nss_ldap-264/configure.in +--- nss_ldap-264.orig/configure.in 2009-07-28 10:35:27.599965878 -0700 ++++ nss_ldap-264/configure.in 2009-07-28 10:36:00.620375469 -0700 +@@ -10,6 +10,21 @@ + AC_PROG_INSTALL + + dnl ++dnl Turn on/off SSL ++dnl ++AC_ARG_ENABLE(ssl, [ --enable-ssl enable SSL code ], [AC_DEFINE([WANT_SSL], [1], [Define if SSL is wanted])]) ++ ++dnl ++dnl Turn on/off Kerberos ++dnl ++AC_ARG_ENABLE(krb, [ --enable-krb enable Kerberos code ], [AC_DEFINE([WANT_KRB], [1], [Define if Kerberos is wanted])]) ++ ++dnl ++dnl Turn on/off SASL ++dnl ++AC_ARG_ENABLE(sasl, [ --enable-sasl enable Kerberos code ], [AC_DEFINE([WANT_SASL], [1], [Define if SASL is wanted])]) ++ ++dnl + dnl --enable-rfc2307bis is now deprecated; if this option is set, + dnl then RFC2307bis support will be enabled by default. However + dnl it can now always be enabled at runtime with the nss_schema +@@ -178,12 +193,18 @@ + AC_CHECK_HEADERS(sys/un.h) + AC_CHECK_HEADERS(libc-lock.h) + AC_CHECK_HEADERS(bits/libc-lock.h) +-AC_CHECK_HEADERS(sasl.h sasl/sasl.h) ++if test "$enable_sasl" \!= "no"; then ++ AC_CHECK_HEADERS(sasl.h sasl/sasl.h) ++fi + AC_CHECK_HEADERS(strings.h) +-AC_CHECK_HEADERS(gssldap.h) +-AC_CHECK_HEADERS(gsssasl.h) +-AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h) +-AC_CHECK_HEADERS(krb5.h) ++if test "$enable_krb" \!= "no"; then ++ AC_CHECK_HEADERS(gssldap.h) ++ if test "$enable_sasl" \!= "no"; then ++ AC_CHECK_HEADERS(gsssasl.h) ++ fi ++ AC_CHECK_HEADERS(gssapi/gssapi_krb5.h gssapi/gssapi.h gssapi.h) ++ AC_CHECK_HEADERS(krb5.h) ++fi + + AC_CHECK_LIB(resolv, main) + AC_CHECK_LIB(nsl, main) +@@ -286,19 +307,25 @@ + AC_CHECK_LIB(dl, dlopen,[LIBS="-ldl $LIBS"],,$LIBS) + dnl AC_CHECK_LIB(db, main,[LIBS="-ldb $LIBS"],,$LIBS) + +-AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS) +-if test -z "$found_gssapi_lib"; then +- AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS) ++if test "$enable_krb" \!= "no"; then ++ AC_CHECK_LIB(gssapi, gss_krb5_ccache_name,[LIBS="-lgssapi $LIBS" found_gssapi_lib=yes],,$LIBS) ++ if test -z "$found_gssapi_lib"; then ++ AC_CHECK_LIB(gssapi_krb5, gss_krb5_ccache_name,[LIBS="-lgssapi_krb5 $LIBS"],,$LIBS) ++ fi + fi + + dnl Following checks probably not strictly necessary. + dnl AC_CHECK_LIB(crypto, main,[LIBS="-lcrypto $LIBS"],,$LIBS) + dnl AC_CHECK_LIB(ssl, main,[LIBS="-lssl $LIBS"],,$LIBS) + AC_CHECK_LIB(com_err, main,[LIBS="-lcom_err $LIBS"],,$LIBS) +-dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS) +-AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS) +-dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS) +-AC_CHECK_LIB(sasl2, sasl_client_init) ++if test "$enable_krb" \!= "no"; then ++ dnl AC_CHECK_LIB(k5crypto, main,[LIBS="-lk5crypto $LIBS"],,$LIBS) ++ AC_CHECK_LIB(krb5, main,[LIBS="-lkrb5 $LIBS"],,$LIBS) ++ dnl AC_CHECK_LIB(krb4, main,[LIBS="-lkrb4 $LIBS"],,$LIBS) ++fi ++if test "$enable_sasl" \!= "no"; then ++ AC_CHECK_LIB(sasl2, sasl_client_init) ++fi + + if test -z "$found_ldap_lib" -a \( $with_ldap_lib = auto -o $with_ldap_lib = umich -o $with_ldap_lib = openldap \); then + AC_CHECK_LIB(lber, main) +@@ -331,13 +358,17 @@ + AC_CHECK_LIB(pthread, main) + fi + +-AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS) ++if test "$enable_krb" \!= "no"; then ++ AC_CHECK_LIB(gssldap, ldap_gss_bind,[LIBS="-lgssldap $LIBS"],,$LIBS) ++fi + +-AC_CHECK_FUNCS(sasl_auxprop_request) + AC_CHECK_FUNCS(ldap_init ldap_get_lderrno ldap_parse_result ldap_memfree ldap_controls_free) + AC_CHECK_FUNCS(ldap_ld_free ldap_explode_rdn ldap_set_option ldap_get_option) +-AC_CHECK_FUNCS(ldap_sasl_interactive_bind_s ldap_initialize ldap_search_ext) ++AC_CHECK_FUNCS(ldap_initialize ldap_search_ext) + AC_CHECK_FUNCS(ldap_create_control ldap_create_page_control ldap_parse_page_control) ++if test "$enable_sasl" \!= "no"; then ++ AC_CHECK_FUNCS(sasl_auxprop_request ldap_sasl_interactive_bind_s) ++fi + if test "$enable_ssl" \!= "no"; then + AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls) + fi diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch b/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch new file mode 100644 index 000000000000..1ae1171f88e5 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-265-fbsd.patch @@ -0,0 +1,432 @@ +--- Makefile.am.orig 2009-11-06 05:28:08.000000000 -0500 ++++ Makefile.am 2010-01-12 23:24:17.000000000 -0500 +@@ -9,8 +9,12 @@ + if AIX + INST_GID=system + else ++if FreeBSD ++INST_GID=wheel ++else + INST_GID=root + endif ++endif + + EXTRA_DIST = CVSVersionInfo.txt ChangeLog \ + AUTHORS ANNOUNCE NEWS INSTALL README LICENSE.OpenLDAP COPYING\ +@@ -23,7 +27,7 @@ + ldap-alias.c ldap-service.c ldap-schema.c ldap-ethers.c \ + ldap-bp.c ldap-automount.c util.c ltf.c snprintf.c resolve.c \ + dnsconfig.c irs-nss.c pagectrl.c ldap-sldap.c ldap-init-krb5-cache.c \ +- vers.c ++ vers.c bsdnss.c + + nss_ldap_so_LDFLAGS = @nss_ldap_so_LDFLAGS@ + +@@ -103,11 +107,10 @@ + $(mkinstalldirs) $(DESTDIR)$(dir $(NSS_LDAP_PATH_CONF)); \ + $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/ldap.conf $(DESTDIR)$(NSS_LDAP_PATH_CONF); \ + fi +- $(INSTALL_DATA) -o $(INST_UID) -g $(INST_GID) $(srcdir)/nsswitch.ldap $(DESTDIR)$(sysconfdir)/nsswitch.ldap; + + uninstall-local: + @$(NORMAL_UNINSTALL) + + vers.c: $(top_srcdir)/CVSVersionInfo.txt +- CVSVERSIONDIR=$(top_srcdir) ./vers_string -v ++ $(top_srcdir)/vers_string -v + + +--- configure.in.orig 2007-10-29 06:30:12.000000000 -0700 ++++ configure.in 2008-09-26 20:38:20.000000000 -0700 +@@ -97,11 +97,15 @@ + linux*) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic -Wl,--version-script,\$(srcdir)/exports.linux" ;; + *) nss_ldap_so_LDFLAGS="-shared -Wl,-Bdynamic" ;; + esac ++case "$target_os" in ++freebsd*) TARGET_OS=FreeBSD ;; ++esac + + AM_CONDITIONAL(GCC, test "$GCC" = "yes") + AM_CONDITIONAL(GLIBC, test "$target_os" = "linux" -o "$target_os" = "linux-gnu") + AM_CONDITIONAL(AIX, test "$TARGET_OS" = AIX) + AM_CONDITIONAL(HPUX, test "$TARGET_OS" = HPUX) ++AM_CONDITIONAL(FreeBSD, test "$TARGET_OS" = FreeBSD) + + AM_CONDITIONAL(USE_NATIVE_LINKER, test -n "$nss_ldap_so_LD") + +@@ -153,7 +157,6 @@ + aix*) AC_CHECK_HEADERS(irs.h usersec.h) ;; + hpux*) AC_CHECK_HEADERS(nsswitch.h) ;; + *) AC_CHECK_HEADERS(nss.h) +- AC_CHECK_HEADERS(nsswitch.h) + AC_CHECK_HEADERS(irs.h) ;; + esac + AC_CHECK_HEADERS(thread.h) +@@ -232,7 +235,6 @@ + AC_CHECK_FUNCS(gethostbyname) + AC_CHECK_FUNCS(nsdispatch) + AC_CHECK_LIB(pthread_nonshared, main) +-AC_CHECK_FUNCS(pthread_atfork) + AC_CHECK_FUNCS(pthread_once) + AC_CHECK_FUNCS(ether_aton) + AC_CHECK_FUNCS(ether_ntoa) + +--- ldap-ethers.c.orig 2009-11-06 10:28:08.000000000 +0000 ++++ ldap-ethers.c 2009-12-23 17:01:14.000000000 +0000 +@@ -217,9 +217,9 @@ + } + + snprintf(fullmac, sizeof(fullmac), "%02x:%02x:%02x:%02x:%02x:%02x", +- addr->ether_addr_octet[0], addr->ether_addr_octet[1], +- addr->ether_addr_octet[2], addr->ether_addr_octet[3], +- addr->ether_addr_octet[4], addr->ether_addr_octet[5]); ++ addr->octet[0], addr->octet[1], ++ addr->octet[2], addr->octet[3], ++ addr->octet[4], addr->octet[5]); + + LA_INIT(a); + LA_STRING(a) = ether_ntoa(addr); +@@ -343,14 +343,14 @@ + if (i != 6) + return NULL; + for (i = 0; i < 6; i++) +- ep.ether_addr_octet[i] = t[i]; ++ ep.octet[i] = t[i]; + + return &ep; + } + #endif /* !HAVE_ETHER_ATON */ + + #ifndef HAVE_ETHER_NTOA +-#define EI(i) (unsigned int)(e->ether_addr_octet[(i)]) ++#define EI(i) (unsigned int)(e->octet[(i)]) + static char *ether_ntoa (const struct ether_addr *e) + { + static char s[18]; + +--- ldap-ethers.h.orig 2009-11-06 10:28:08.000000000 +0000 ++++ ldap-ethers.h 2009-12-23 17:02:06.000000000 +0000 +@@ -32,7 +32,7 @@ + + #ifndef HAVE_STRUCT_ETHER_ADDR + struct ether_addr { +- u_char ether_addr_octet[6]; ++ u_char octet[6]; + }; + #endif + +--- ldap-nss.c.orig Sat May 27 16:23:40 2006 ++++ ldap-nss.c Sat May 27 16:23:52 2006 +@@ -69,7 +69,7 @@ + #endif + + /* Try to handle systems with both SASL libraries installed */ +-#if defined(HAVE_SASL_SASL_H) && defined(HAVE_SASL_AUXPROP_REQUEST) ++#if defined(HAVE_SASL_SASL_H) + #include <sasl/sasl.h> + #elif defined(HAVE_SASL_H) + #include <sasl.h> + +--- ldap-pwd.c.orig 2008-10-30 21:50:15.000000000 +0100 ++++ ldap-pwd.c 2008-12-06 00:37:30.216966282 +0100 +@@ -21,7 +21,10 @@ + static char rcsId[] = + "$Id$"; + ++#include <sys/types.h> ++#include <unistd.h> + #include "config.h" ++ + + #ifdef HAVE_PORT_BEFORE_H + #include <port_before.h> +@@ -90,9 +93,13 @@ + size_t tmplen; + char *tmp; + +- if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS) +- { ++/* if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS) ++ * { ++ */ + /* don't include password for shadowAccount */ ++ if (geteuid() != 0) ++ { ++ /* don't include password for non-root users */ + if (buflen < 3) + return NSS_TRYAGAIN; + +@@ -163,6 +170,15 @@ + } ++ ++#ifdef HAVE_LOGIN_CLASSES ++ stat = ++ _nss_ldap_assign_attrval (e, AT (loginClass), &pw->pw_class, &buffer, ++ &buflen); ++ if (stat != NSS_SUCCESS) ++ (void) _nss_ldap_assign_emptystring (&pw->pw_class, &buffer, &buflen); ++#endif ++ + + stat = + _nss_ldap_assign_attrval (e, AT (homeDirectory), &pw->pw_dir, &buffer, + &buflen); + if (stat != NSS_SUCCESS) + +--- ldap-schema.c 2009-08-29 09:21:43.000000000 -0400 ++++ ldap-schema.c 2009-08-28 12:09:52.000000000 -0400 +@@ -334,6 +334,9 @@ + #ifdef HAVE_PASSWD_PW_EXPIRE + (*pwd_attrs)[i++] = AT (shadowExpire); + #endif /* HAVE_PASSWD_PW_EXPIRE */ ++#ifdef HAVE_LOGIN_CLASSES ++ (*pwd_attrs)[i++] = AT (loginClass); ++#endif + (*pwd_attrs)[i] = NULL; + } + +--- ldap-schema.h 2009-08-29 09:21:43.000000000 -0400 ++++ ldap-schema.h 2009-08-29 06:37:18.000000000 -0400 +@@ -24,7 +24,7 @@ + #define _LDAP_NSS_LDAP_LDAP_SCHEMA_H + + /* max number of attributes per object class */ +-#define ATTRTAB_SIZE 15 ++#define ATTRTAB_SIZE 16 + + /** + * function to initialize global lookup filters. +@@ -153,6 +153,10 @@ + #define AT_gecos "gecos" + #define AT_homeDirectory "homeDirectory" + ++#ifdef HAVE_LOGIN_CLASSES ++/* FreeBSD extension -Jacob Myers <jacob@whotokspaz.org> */ ++#define AT_loginClass "loginClass" ++#endif + /* + * ( nisSchema.2.1 NAME 'shadowAccount' SUP top AUXILIARY + * DESC 'Additional attributes for shadow passwords' + +--- /dev/null 2013-04-13 01:27:01.290932001 +0200 ++++ bsdnss.c 2013-04-14 03:17:47.794195349 +0200 +@@ -0,0 +1,219 @@ ++#include <errno.h> ++#include <stdlib.h> ++#include <sys/param.h> ++#include <netinet/in.h> ++#include <pwd.h> ++#include <grp.h> ++#include <nss.h> ++#include <nsswitch.h> ++#include <netdb.h> ++ ++extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t, ++ int *); ++extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *, ++ char *, size_t, int *); ++extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *, ++ size_t, int *); ++extern enum nss_status _nss_ldap_setgrent(void); ++extern enum nss_status _nss_ldap_endgrent(void); ++extern enum nss_status _nss_ldap_initgroups_dyn(const char *, gid_t, long int *, ++ long int *, gid_t **, long int, int *); ++ ++extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t, ++ int *); ++extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *, ++ char *, size_t, int *); ++extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *, ++ size_t, int *); ++extern enum nss_status _nss_ldap_setpwent(void); ++extern enum nss_status _nss_ldap_endpwent(void); ++ ++extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result, ++ char *buffer, size_t buflen, int *errnop, ++ int *h_errnop); ++ ++extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result, ++ char *buffer, size_t buflen, int *errnop, ++ int *h_errnop); ++extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type, ++ struct hostent * result, char *buffer, ++ size_t buflen, int *errnop, int *h_errnop); ++ ++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); ++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); ++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); ++NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); ++NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); ++static NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership); ++ ++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); ++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); ++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); ++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); ++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); ++ ++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); ++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); ++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); ++ ++static ns_mtab methods[] = { ++{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r }, ++{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r }, ++{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r }, ++{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent }, ++{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent }, ++{ NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL }, ++ ++{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r }, ++{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r }, ++{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r }, ++{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent }, ++{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent }, ++ ++{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r }, ++{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r }, ++{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r }, ++ ++{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r }, ++{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r }, ++{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r }, ++{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent }, ++{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent }, ++ ++{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r }, ++{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r }, ++{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r }, ++{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent }, ++{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent }, ++ ++}; ++ ++ ++ns_mtab * ++nss_module_register(const char *source, unsigned int *mtabsize, ++ nss_module_unregister_fn *unreg) ++{ ++ *mtabsize = sizeof(methods)/sizeof(methods[0]); ++ *unreg = NULL; ++ return (methods); ++} ++ ++int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) ++{ ++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); ++ const char *name; ++ struct hostent *result; ++ char buffer[1024]; ++ size_t buflen = 1024; ++ int errnop; ++ int h_errnop; ++ int af; ++ enum nss_status status; ++ fn = mdata; ++ name = va_arg(ap, const char*); ++ af = va_arg(ap,int); ++ result = va_arg(ap,struct hostent *); ++ status = fn(name, result, buffer, buflen, &errnop, &h_errnop); ++ status = __nss_compat_result(status,errnop); ++ h_errno = h_errnop; ++ return (status); ++} ++ ++int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) ++{ ++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); ++ const char *name; ++ struct hostent *result; ++ char buffer[1024]; ++ size_t buflen = 1024; ++ int errnop; ++ int h_errnop; ++ int af; ++ enum nss_status status; ++ fn = mdata; ++ name = va_arg(ap, const char*); ++ af = va_arg(ap,int); ++ result = va_arg(ap,struct hostent *); ++ status = fn(name, result, buffer, buflen, &errnop, &h_errnop); ++ status = __nss_compat_result(status,errnop); ++ h_errno = h_errnop; ++ return (status); ++} ++ ++int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) ++{ ++ struct in_addr *addr; ++ int len; ++ int type; ++ struct hostent *result; ++ char buffer[1024]; ++ size_t buflen = 1024; ++ int errnop; ++ int h_errnop; ++ enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); ++ enum nss_status status; ++ fn = mdata; ++ addr = va_arg(ap, struct in_addr*); ++ len = va_arg(ap,int); ++ type = va_arg(ap,int); ++ result = va_arg(ap, struct hostent*); ++ status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); ++ status = __nss_compat_result(status,errnop); ++ h_errno = h_errnop; ++ return (status); ++} ++ ++static int ++__gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *groupc) ++{ ++ int ret, dupc; ++ ++ /* skip duplicates */ ++ for (dupc = 0; dupc < MIN(maxgrp, *groupc); dupc++) { ++ if (groups[dupc] == gid) ++ return 1; ++ } ++ ++ ret = 1; ++ if (*groupc < maxgrp) /* add this gid */ ++ groups[*groupc] = gid; ++ else ++ ret = 0; ++ (*groupc)++; ++ return ret; ++} ++ ++static int __freebsd_getgroupmembership(void *retval, void *mdata, va_list ap) ++{ ++ int err; ++ enum nss_status s; ++ const char *user = va_arg(ap, const char *); ++ gid_t group = va_arg(ap, gid_t); ++ gid_t *groups = va_arg(ap, gid_t *); ++ int limit = va_arg(ap, int); ++ int *size = va_arg(ap, int*); ++ gid_t *tmpgroups; ++ long int lstart, lsize; ++ int i; ++ ++ tmpgroups = malloc(limit * sizeof(gid_t)); ++ if (tmpgroups == NULL) ++ return NS_TRYAGAIN; ++ ++ /* insert primary membership */ ++ __gr_addgid(group, groups, limit, size); ++ ++ lstart = 0; ++ lsize = limit; ++ s = _nss_ldap_initgroups_dyn(user, group, &lstart, &lsize, ++ &tmpgroups, 0, &err); ++ if (s == NSS_STATUS_SUCCESS) { ++ for (i = 0; i < lstart; i++) ++ __gr_addgid(tmpgroups[i], groups, limit, size); ++ s = NSS_STATUS_NOTFOUND; ++ } ++ ++ free(tmpgroups); ++ ++ return __nss_compat_result(s, err); ++} diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch b/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch new file mode 100644 index 000000000000..daf507ad594a --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-265-installdir.patch @@ -0,0 +1,35 @@ +Index: nss_ldap-265/Makefile.am +=================================================================== +--- nss_ldap-265.orig/Makefile.am ++++ nss_ldap-265/Makefile.am +@@ -38,17 +38,13 @@ NSS_LDAP_LDFLAGS = @NSS_LDAP_LDFLAGS@ + DEFS = @DEFS@ + #INCLUDES = -I$(top_builddir) -I$(srcdir) + +-if GCC +-MULTI_OS_DIRECTORY=$(shell $(CC) $(CFLAGS) -print-multi-os-directory) +-else + MULTI_OS_DIRECTORY=. +-endif + + if GLIBC +-LIBC_VERS = $(shell ls /lib/$(MULTI_OS_DIRECTORY)/libc-*.so | tail -n 1 | sed -e 's|.*libc-\(.*\)\.so|\1|') ++LIBC_VERS = $(shell ls @GENTOO_PORTAGE_EPREFIX@/lib/$(MULTI_OS_DIRECTORY)/libc-*.so | tail -n 1 | sed -e 's|.*libc-\(.*\)\.so|\1|') + NSS_LDAP_LIBC_VERSIONED = libnss_ldap-$(LIBC_VERS).so + +-NSS_VERS = $(shell ls /lib/$(MULTI_OS_DIRECTORY)/libnss_files.so.? | tail -n 1 | sed -e 's|.*libnss_files\.so\.\(.*\)|\1|') ++NSS_VERS = $(shell ls @GENTOO_PORTAGE_EPREFIX@/lib/$(MULTI_OS_DIRECTORY)/libnss_files.so.? | tail -n 1 | sed -e 's|.*libnss_files\.so\.\(.*\)|\1|') + NSS_LDAP_NSS_VERSIONED = libnss_ldap.so.$(NSS_VERS) + endif + +@@ -83,8 +79,8 @@ if GLIBC + $(mkinstalldirs) $(DESTDIR)$(libdir) + $(INSTALL_PROGRAM) -o $(INST_UID) -g $(INST_GID) nss_ldap.so $(DESTDIR)$(libdir)/$(NSS_LDAP_LIBC_VERSIONED) + (cd $(DESTDIR)$(libdir); ln -sf $(NSS_LDAP_LIBC_VERSIONED) $(NSS_LDAP_NSS_VERSIONED)) +- $(mkinstalldirs) $(DESTDIR)/usr$(libdir) +- (cd $(DESTDIR)/usr$(libdir); ln -sf ../..$(libdir)/$(NSS_LDAP_NSS_VERSIONED) .) ++ $(mkinstalldirs) $(DESTDIR)$(libdir:/lib=/usr/lib) ++ (cd $(DESTDIR)/$(libdir:/lib=/usr/lib); ln -sf ../../lib/$(NSS_LDAP_NSS_VERSIONED) .) + else + $(mkinstalldirs) $(DESTDIR)$(libdir) + if HPUX diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch b/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch new file mode 100644 index 000000000000..6730dc986dd1 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-265-missing-entries-oneshot.patch @@ -0,0 +1,101 @@ +Distinguish between contexts that are somewhat persistent and one-offs +which are used to fulfill part of a larger request. + +diff -up nss_ldap-253/ldap-grp.c nss_ldap-253/ldap-grp.c +--- nss_ldap-253/ldap-grp.c 2009-05-08 13:30:43.000000000 -0400 ++++ nss_ldap-253/ldap-grp.c 2009-05-08 13:34:41.000000000 -0400 +@@ -857,7 +857,7 @@ ng_chase (const char *dn, ldap_initgroup + LA_STRING (a) = dn; + LA_TYPE (a) = LA_TYPE_STRING; + +- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) ++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) + { + return NSS_UNAVAIL; + } +@@ -930,7 +930,7 @@ ng_chase_backlink (const char ** members + LA_STRING_LIST (a) = filteredMembersOf; + LA_TYPE (a) = LA_TYPE_STRING_LIST_OR; + +- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) ++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) + { + free (filteredMembersOf); + return NSS_UNAVAIL; +diff -up nss_ldap-253/ldap-netgrp.c nss_ldap-253/ldap-netgrp.c +--- nss_ldap-253/ldap-netgrp.c 2009-05-08 13:31:35.000000000 -0400 ++++ nss_ldap-253/ldap-netgrp.c 2009-05-08 13:33:14.000000000 -0400 +@@ -691,7 +691,7 @@ do_innetgr_nested (ldap_innetgr_args_t * + LA_TYPE (a) = LA_TYPE_STRING; + LA_STRING (a) = nested; /* memberNisNetgroup */ + +- if (_nss_ldap_ent_context_init_locked (&ctx) == NULL) ++ if (_nss_ldap_ent_context_init_internal_locked (&ctx) == NULL) + { + debug ("<== do_innetgr_nested: failed to initialize context"); + return NSS_UNAVAIL; +diff -up nss_ldap-253/ldap-nss.c nss_ldap-253/ldap-nss.c +--- nss_ldap-253/ldap-nss.c 2009-05-08 13:27:17.000000000 -0400 ++++ nss_ldap-253/ldap-nss.c 2009-05-08 14:05:51.000000000 -0400 +@@ -1961,6 +1961,7 @@ _nss_ldap_ent_context_init_locked (ent_c + debug ("<== _nss_ldap_ent_context_init_locked"); + return NULL; + } ++ ctx->ec_internal = 0; + *pctx = ctx; + } + else +@@ -1990,6 +1991,15 @@ _nss_ldap_ent_context_init_locked (ent_c + + return ctx; + } ++ent_context_t * ++_nss_ldap_ent_context_init_internal_locked (ent_context_t ** pctx) ++{ ++ ent_context_t *ctx; ++ ctx = _nss_ldap_ent_context_init_locked (pctx); ++ if (ctx != NULL) ++ ctx->ec_internal = 1; ++ return ctx; ++} + + /* + * Clears a given context; we require the caller +@@ -2031,7 +2041,8 @@ _nss_ldap_ent_context_release (ent_conte + + LS_INIT (ctx->ec_state); + +- if (_nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT)) ++ if (!ctx->ec_internal && ++ _nss_ldap_test_config_flag (NSS_LDAP_FLAGS_CONNECT_POLICY_ONESHOT)) + { + do_close (); + } +diff -up nss_ldap-253/ldap-nss.h nss_ldap-253/ldap-nss.h +--- nss_ldap-253/ldap-nss.h 2009-05-08 13:35:47.000000000 -0400 ++++ nss_ldap-253/ldap-nss.h 2009-05-08 13:52:25.000000000 -0400 +@@ -560,6 +560,8 @@ struct ent_context + ldap_state_t ec_state; /* eg. for services */ + int ec_msgid; /* message ID */ + LDAPMessage *ec_res; /* result chain */ ++ int ec_internal; /* this context is just a part of a larger ++ * query for information */ + ldap_service_search_descriptor_t *ec_sd; /* current sd */ + struct berval *ec_cookie; /* cookie for paged searches */ + }; +@@ -744,6 +746,15 @@ ent_context_t *_nss_ldap_ent_context_ini + ent_context_t *_nss_ldap_ent_context_init_locked (ent_context_t **); + + /* ++ * _nss_ldap_ent_context_init_internal_locked() has the same ++ * behaviour, except it marks the context as one that's being ++ * used to fetch additional data used in answering a request, i.e. ++ * that this isn't the "main" context ++ */ ++ ++ent_context_t *_nss_ldap_ent_context_init_internal_locked (ent_context_t **); ++ ++/* + * _nss_ldap_ent_context_release() is used to manually free a context + */ + void _nss_ldap_ent_context_release (ent_context_t *); diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch b/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch new file mode 100644 index 000000000000..622ee5845e44 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-265-pthread.patch @@ -0,0 +1,481 @@ +Index: ldap-nss.c +=================================================================== +--- ldap-nss.c.orig ++++ ldap-nss.c +@@ -142,7 +142,7 @@ static void (*__sigpipe_handler) (int) = + */ + static ldap_session_t __session = { NULL, NULL, 0, LS_UNINITIALIZED }; + +-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) + static pthread_once_t __once = PTHREAD_ONCE_INIT; + #endif + +@@ -150,7 +150,7 @@ static pthread_once_t __once = PTHREAD_O + static FILE *__debugfile; + #endif /* LBER_OPT_LOG_PRINT_FILE */ + +-#ifndef HAVE_PTHREAD_ATFORK ++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) + /* + * Process ID that opened the session. + */ +@@ -162,7 +162,7 @@ static uid_t __euid = -1; + static int __ssl_initialized = 0; + #endif /* HAVE_LDAPSSL_CLIENT_INIT */ + +-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) + /* + * Prepare for fork(); lock mutex. + */ +@@ -513,7 +513,7 @@ _nss_ldap_default_constr (nss_ldap_backe + } + #endif /* HAVE_NSSWITCH_H */ + +-#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#if defined(HAVE_PTHREAD_ATFORK) || defined(HAVE___LIBC_ONCE) + static void + do_atfork_prepare (void) + { +@@ -547,7 +547,7 @@ do_atfork_setup (void) + #ifdef HAVE_PTHREAD_ATFORK + (void) pthread_atfork (do_atfork_prepare, do_atfork_parent, + do_atfork_child); +-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#elif defined(HAVE___LIBC_ATFORK) + (void) __libc_atfork (do_atfork_prepare, do_atfork_parent, do_atfork_child); + #endif + +@@ -1096,7 +1096,7 @@ static NSS_STATUS + do_init (void) + { + ldap_config_t *cfg; +-#ifndef HAVE_PTHREAD_ATFORK ++#if !defined(HAVE_PTHREAD_ATFORK) || !defined(HAVE___LIBC_ONCE) + pid_t pid; + #endif + uid_t euid; +@@ -1113,7 +1113,7 @@ do_init (void) + } + + #ifndef HAVE_PTHREAD_ATFORK +-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#if defined(HAVE___LIBC_ONCE) + /* + * This bogosity is necessary because Linux uses different + * PIDs for different threads (like IRIX, which we don't +@@ -1145,7 +1145,7 @@ do_init (void) + pid = -1; /* linked against libpthreads, don't care */ + #else + pid = getpid (); +-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ ++#endif /* HAVE___LIBC_ONCE */ + #endif /* HAVE_PTHREAD_ATFORK */ + + euid = geteuid (); +@@ -1155,7 +1155,7 @@ do_init (void) + syslog (LOG_DEBUG, + "nss_ldap: __session.ls_state=%d, __session.ls_conn=%p, __euid=%i, euid=%i", + __session.ls_state, __session.ls_conn, __euid, euid); +-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#elif defined(HAVE___LIBC_ONCE) + syslog (LOG_DEBUG, + "nss_ldap: libpthreads=%s, __session.ls_state=%d, __session.ls_conn=%p, __pid=%i, pid=%i, __euid=%i, euid=%i", + ((__pthread_once == NULL || __pthread_atfork == NULL) ? "FALSE" : "TRUE"), +@@ -1179,11 +1179,11 @@ do_init (void) + } + else + #ifndef HAVE_PTHREAD_ATFORK +-#if defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#if defined(HAVE___LIBC_ONCE) + if ((__pthread_once == NULL || __pthread_atfork == NULL) && __pid != pid) + #else + if (__pid != pid) +-#endif /* HAVE_LIBC_LOCK_H || HAVE_BITS_LIBC_LOCK_H */ ++#endif /* HAVE___LIBC_ONCE */ + { + do_close_no_unbind (); + } +@@ -1244,9 +1244,9 @@ do_init (void) + debug ("<== do_init (pthread_once failed)"); + return NSS_UNAVAIL; + } +-#elif defined(HAVE_PTHREAD_ATFORK) && ( defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ) ++#elif defined(HAVE_PTHREAD_ATFORK) && defined(HAVE___LIBC_ONCE) + __libc_once (__once, do_atfork_setup); +-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#elif defined(HAVE___LIBC_ONCE) + /* + * Only install the pthread_atfork() handlers i + * we are linked against libpthreads. Otherwise, +Index: ldap-nss.h +=================================================================== +--- ldap-nss.h.orig ++++ ldap-nss.h +@@ -670,7 +670,7 @@ extern int __multi_threaded; + #define NSS_LDAP_LOCK(m) mutex_lock(&m) + #define NSS_LDAP_UNLOCK(m) mutex_unlock(&m) + #define NSS_LDAP_DEFINE_LOCK(m) static mutex_t m = DEFAULTMUTEX +-#elif defined(HAVE_LIBC_LOCK_H) || defined(HAVE_BITS_LIBC_LOCK_H) ++#elif defined(HAVE___LIBC_LOCK_LOCK) && defined(HAVE___LIBC_LOCK_UNLOCK) + #define NSS_LDAP_LOCK(m) __libc_lock_lock(m) + #define NSS_LDAP_UNLOCK(m) __libc_lock_unlock(m) + #define NSS_LDAP_DEFINE_LOCK(m) static pthread_mutex_t m = PTHREAD_MUTEX_INITIALIZER +Index: configure.in +=================================================================== +--- configure.in.orig ++++ configure.in +@@ -1,6 +1,7 @@ + AC_INIT(ldap-nss.c) + AC_CANONICAL_SYSTEM + AC_PREFIX_DEFAULT() ++AC_CONFIG_MACRO_DIR([m4]) + + AM_INIT_AUTOMAKE(nss_ldap, 265) + AM_CONFIG_HEADER(config.h) +@@ -229,11 +230,18 @@ fi + AC_CHECK_FUNCS(snprintf) + AC_CHECK_FUNCS(gethostbyname) + AC_CHECK_FUNCS(nsdispatch) ++AC_CHECK_FUNCS(ether_aton) ++AC_CHECK_FUNCS(ether_ntoa) ++ ++AX_PTHREAD ++LIBS="$PTHREAD_LIBS $LIBS" ++CFLAGS="$CFLAGS $PTHREAD_CFLAGS" ++CC="$PTHREAD_CC" ++ + AC_CHECK_LIB(pthread_nonshared, main) + AC_CHECK_FUNCS(pthread_atfork) + AC_CHECK_FUNCS(pthread_once) +-AC_CHECK_FUNCS(ether_aton) +-AC_CHECK_FUNCS(ether_ntoa) ++AC_CHECK_FUNCS(__libc_once __libc_atfork __libc_lock_lock __libc_lock_unlock) + + AC_MSG_CHECKING(for struct ether_addr) + AC_TRY_COMPILE([#include <sys/types.h> +Index: m4/ax_pthread.m4 +=================================================================== +--- /dev/null ++++ m4/ax_pthread.m4 +@@ -0,0 +1,309 @@ ++# =========================================================================== ++# http://www.gnu.org/software/autoconf-archive/ax_pthread.html ++# =========================================================================== ++# ++# SYNOPSIS ++# ++# AX_PTHREAD([ACTION-IF-FOUND[, ACTION-IF-NOT-FOUND]]) ++# ++# DESCRIPTION ++# ++# This macro figures out how to build C programs using POSIX threads. It ++# sets the PTHREAD_LIBS output variable to the threads library and linker ++# flags, and the PTHREAD_CFLAGS output variable to any special C compiler ++# flags that are needed. (The user can also force certain compiler ++# flags/libs to be tested by setting these environment variables.) ++# ++# Also sets PTHREAD_CC to any special C compiler that is needed for ++# multi-threaded programs (defaults to the value of CC otherwise). (This ++# is necessary on AIX to use the special cc_r compiler alias.) ++# ++# NOTE: You are assumed to not only compile your program with these flags, ++# but also link it with them as well. e.g. you should link with ++# $PTHREAD_CC $CFLAGS $PTHREAD_CFLAGS $LDFLAGS ... $PTHREAD_LIBS $LIBS ++# ++# If you are only building threads programs, you may wish to use these ++# variables in your default LIBS, CFLAGS, and CC: ++# ++# LIBS="$PTHREAD_LIBS $LIBS" ++# CFLAGS="$CFLAGS $PTHREAD_CFLAGS" ++# CC="$PTHREAD_CC" ++# ++# In addition, if the PTHREAD_CREATE_JOINABLE thread-attribute constant ++# has a nonstandard name, defines PTHREAD_CREATE_JOINABLE to that name ++# (e.g. PTHREAD_CREATE_UNDETACHED on AIX). ++# ++# Also HAVE_PTHREAD_PRIO_INHERIT is defined if pthread is found and the ++# PTHREAD_PRIO_INHERIT symbol is defined when compiling with ++# PTHREAD_CFLAGS. ++# ++# ACTION-IF-FOUND is a list of shell commands to run if a threads library ++# is found, and ACTION-IF-NOT-FOUND is a list of commands to run it if it ++# is not found. If ACTION-IF-FOUND is not specified, the default action ++# will define HAVE_PTHREAD. ++# ++# Please let the authors know if this macro fails on any platform, or if ++# you have any other suggestions or comments. This macro was based on work ++# by SGJ on autoconf scripts for FFTW (http://www.fftw.org/) (with help ++# from M. Frigo), as well as ac_pthread and hb_pthread macros posted by ++# Alejandro Forero Cuervo to the autoconf macro repository. We are also ++# grateful for the helpful feedback of numerous users. ++# ++# Updated for Autoconf 2.68 by Daniel Richard G. ++# ++# LICENSE ++# ++# Copyright (c) 2008 Steven G. Johnson <stevenj@alum.mit.edu> ++# Copyright (c) 2011 Daniel Richard G. <skunk@iSKUNK.ORG> ++# ++# This program is free software: you can redistribute it and/or modify it ++# under the terms of the GNU General Public License as published by the ++# Free Software Foundation, either version 3 of the License, or (at your ++# option) any later version. ++# ++# This program is distributed in the hope that it will be useful, but ++# WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General ++# Public License for more details. ++# ++# You should have received a copy of the GNU General Public License along ++# with this program. If not, see <http://www.gnu.org/licenses/>. ++# ++# As a special exception, the respective Autoconf Macro's copyright owner ++# gives unlimited permission to copy, distribute and modify the configure ++# scripts that are the output of Autoconf when processing the Macro. You ++# need not follow the terms of the GNU General Public License when using ++# or distributing such scripts, even though portions of the text of the ++# Macro appear in them. The GNU General Public License (GPL) does govern ++# all other use of the material that constitutes the Autoconf Macro. ++# ++# This special exception to the GPL applies to versions of the Autoconf ++# Macro released by the Autoconf Archive. When you make and distribute a ++# modified version of the Autoconf Macro, you may extend this special ++# exception to the GPL to apply to your modified version as well. ++ ++#serial 18 ++ ++AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) ++AC_DEFUN([AX_PTHREAD], [ ++AC_REQUIRE([AC_CANONICAL_HOST]) ++AC_LANG_PUSH([C]) ++ax_pthread_ok=no ++ ++# We used to check for pthread.h first, but this fails if pthread.h ++# requires special compiler flags (e.g. on True64 or Sequent). ++# It gets checked for in the link test anyway. ++ ++# First of all, check if the user has set any of the PTHREAD_LIBS, ++# etcetera environment variables, and if threads linking works using ++# them: ++if test x"$PTHREAD_LIBS$PTHREAD_CFLAGS" != x; then ++ save_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" ++ save_LIBS="$LIBS" ++ LIBS="$PTHREAD_LIBS $LIBS" ++ AC_MSG_CHECKING([for pthread_join in LIBS=$PTHREAD_LIBS with CFLAGS=$PTHREAD_CFLAGS]) ++ AC_TRY_LINK_FUNC(pthread_join, ax_pthread_ok=yes) ++ AC_MSG_RESULT($ax_pthread_ok) ++ if test x"$ax_pthread_ok" = xno; then ++ PTHREAD_LIBS="" ++ PTHREAD_CFLAGS="" ++ fi ++ LIBS="$save_LIBS" ++ CFLAGS="$save_CFLAGS" ++fi ++ ++# We must check for the threads library under a number of different ++# names; the ordering is very important because some systems ++# (e.g. DEC) have both -lpthread and -lpthreads, where one of the ++# libraries is broken (non-POSIX). ++ ++# Create a list of thread flags to try. Items starting with a "-" are ++# C compiler flags, and other items are library names, except for "none" ++# which indicates that we try without any flags at all, and "pthread-config" ++# which is a program returning the flags for the Pth emulation library. ++ ++ax_pthread_flags="pthreads none -Kthread -kthread lthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" ++ ++# The ordering *is* (sometimes) important. Some notes on the ++# individual items follow: ++ ++# pthreads: AIX (must check this before -lpthread) ++# none: in case threads are in libc; should be tried before -Kthread and ++# other compiler flags to prevent continual compiler warnings ++# -Kthread: Sequent (threads in libc, but -Kthread needed for pthread.h) ++# -kthread: FreeBSD kernel threads (preferred to -pthread since SMP-able) ++# lthread: LinuxThreads port on FreeBSD (also preferred to -pthread) ++# -pthread: Linux/gcc (kernel threads), BSD/gcc (userland threads) ++# -pthreads: Solaris/gcc ++# -mthreads: Mingw32/gcc, Lynx/gcc ++# -mt: Sun Workshop C (may only link SunOS threads [-lthread], but it ++# doesn't hurt to check since this sometimes defines pthreads too; ++# also defines -D_REENTRANT) ++# ... -mt is also the pthreads flag for HP/aCC ++# pthread: Linux, etcetera ++# --thread-safe: KAI C++ ++# pthread-config: use pthread-config program (for GNU Pth library) ++ ++case ${host_os} in ++ solaris*) ++ ++ # On Solaris (at least, for some versions), libc contains stubbed ++ # (non-functional) versions of the pthreads routines, so link-based ++ # tests will erroneously succeed. (We need to link with -pthreads/-mt/ ++ # -lpthread.) (The stubs are missing pthread_cleanup_push, or rather ++ # a function called by this macro, so we could check for that, but ++ # who knows whether they'll stub that too in a future libc.) So, ++ # we'll just look for -pthreads and -lpthread first: ++ ++ ax_pthread_flags="-pthreads pthread -mt -pthread $ax_pthread_flags" ++ ;; ++ ++ darwin*) ++ ax_pthread_flags="-pthread $ax_pthread_flags" ++ ;; ++esac ++ ++if test x"$ax_pthread_ok" = xno; then ++for flag in $ax_pthread_flags; do ++ ++ case $flag in ++ none) ++ AC_MSG_CHECKING([whether pthreads work without any flags]) ++ ;; ++ ++ -*) ++ AC_MSG_CHECKING([whether pthreads work with $flag]) ++ PTHREAD_CFLAGS="$flag" ++ ;; ++ ++ pthread-config) ++ AC_CHECK_PROG(ax_pthread_config, pthread-config, yes, no) ++ if test x"$ax_pthread_config" = xno; then continue; fi ++ PTHREAD_CFLAGS="`pthread-config --cflags`" ++ PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ++ ;; ++ ++ *) ++ AC_MSG_CHECKING([for the pthreads library -l$flag]) ++ PTHREAD_LIBS="-l$flag" ++ ;; ++ esac ++ ++ save_LIBS="$LIBS" ++ save_CFLAGS="$CFLAGS" ++ LIBS="$PTHREAD_LIBS $LIBS" ++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" ++ ++ # Check for various functions. We must include pthread.h, ++ # since some functions may be macros. (On the Sequent, we ++ # need a special flag -Kthread to make this header compile.) ++ # We check for pthread_join because it is in -lpthread on IRIX ++ # while pthread_create is in libc. We check for pthread_attr_init ++ # due to DEC craziness with -lpthreads. We check for ++ # pthread_cleanup_push because it is one of the few pthread ++ # functions on Solaris that doesn't have a non-functional libc stub. ++ # We try pthread_create on general principles. ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h> ++ static void routine(void *a) { a = 0; } ++ static void *start_routine(void *a) { return a; }], ++ [pthread_t th; pthread_attr_t attr; ++ pthread_create(&th, 0, start_routine, 0); ++ pthread_join(th, 0); ++ pthread_attr_init(&attr); ++ pthread_cleanup_push(routine, 0); ++ pthread_cleanup_pop(0) /* ; */])], ++ [ax_pthread_ok=yes], ++ []) ++ ++ LIBS="$save_LIBS" ++ CFLAGS="$save_CFLAGS" ++ ++ AC_MSG_RESULT($ax_pthread_ok) ++ if test "x$ax_pthread_ok" = xyes; then ++ break; ++ fi ++ ++ PTHREAD_LIBS="" ++ PTHREAD_CFLAGS="" ++done ++fi ++ ++# Various other checks: ++if test "x$ax_pthread_ok" = xyes; then ++ save_LIBS="$LIBS" ++ LIBS="$PTHREAD_LIBS $LIBS" ++ save_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" ++ ++ # Detect AIX lossage: JOINABLE attribute is called UNDETACHED. ++ AC_MSG_CHECKING([for joinable pthread attribute]) ++ attr_name=unknown ++ for attr in PTHREAD_CREATE_JOINABLE PTHREAD_CREATE_UNDETACHED; do ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pthread.h>], ++ [int attr = $attr; return attr /* ; */])], ++ [attr_name=$attr; break], ++ []) ++ done ++ AC_MSG_RESULT($attr_name) ++ if test "$attr_name" != PTHREAD_CREATE_JOINABLE; then ++ AC_DEFINE_UNQUOTED(PTHREAD_CREATE_JOINABLE, $attr_name, ++ [Define to necessary symbol if this constant ++ uses a non-standard name on your system.]) ++ fi ++ ++ AC_MSG_CHECKING([if more special flags are required for pthreads]) ++ flag=no ++ case ${host_os} in ++ aix* | freebsd* | darwin*) flag="-D_THREAD_SAFE";; ++ osf* | hpux*) flag="-D_REENTRANT";; ++ solaris*) ++ if test "$GCC" = "yes"; then ++ flag="-D_REENTRANT" ++ else ++ flag="-mt -D_REENTRANT" ++ fi ++ ;; ++ esac ++ AC_MSG_RESULT(${flag}) ++ if test "x$flag" != xno; then ++ PTHREAD_CFLAGS="$flag $PTHREAD_CFLAGS" ++ fi ++ ++ AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], ++ ax_cv_PTHREAD_PRIO_INHERIT, [ ++ AC_LINK_IFELSE([ ++ AC_LANG_PROGRAM([[#include <pthread.h>]], [[int i = PTHREAD_PRIO_INHERIT;]])], ++ [ax_cv_PTHREAD_PRIO_INHERIT=yes], ++ [ax_cv_PTHREAD_PRIO_INHERIT=no]) ++ ]) ++ AS_IF([test "x$ax_cv_PTHREAD_PRIO_INHERIT" = "xyes"], ++ AC_DEFINE([HAVE_PTHREAD_PRIO_INHERIT], 1, [Have PTHREAD_PRIO_INHERIT.])) ++ ++ LIBS="$save_LIBS" ++ CFLAGS="$save_CFLAGS" ++ ++ # More AIX lossage: must compile with xlc_r or cc_r ++ if test x"$GCC" != xyes; then ++ AC_CHECK_PROGS(PTHREAD_CC, xlc_r cc_r, ${CC}) ++ else ++ PTHREAD_CC=$CC ++ fi ++else ++ PTHREAD_CC="$CC" ++fi ++ ++AC_SUBST(PTHREAD_LIBS) ++AC_SUBST(PTHREAD_CFLAGS) ++AC_SUBST(PTHREAD_CC) ++ ++# Finally, execute ACTION-IF-FOUND/ACTION-IF-NOT-FOUND: ++if test x"$ax_pthread_ok" = xyes; then ++ ifelse([$1],,AC_DEFINE(HAVE_PTHREAD,1,[Define if you have POSIX threads libraries and header files.]),[$1]) ++ : ++else ++ ax_pthread_ok=no ++ $2 ++fi ++AC_LANG_POP ++])dnl AX_PTHREAD +Index: Makefile.am +=================================================================== +--- Makefile.am.orig ++++ Makefile.am +@@ -1,3 +1,5 @@ ++ACLOCAL_AMFLAGS = -I m4 ++ + if AIX + authmod = NSS_LDAP + else diff --git a/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch b/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch new file mode 100644 index 000000000000..b377ad7bb326 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-265-reconnect-timeouts.patch @@ -0,0 +1,57 @@ +diff -Nuar --exclude '*.orig' nss_ldap-265.orig/ldap.conf nss_ldap-265/ldap.conf +--- nss_ldap-265.orig/ldap.conf 2009-11-06 10:28:08.000000000 +0000 ++++ nss_ldap-265/ldap.conf 2010-02-19 18:36:58.272236290 +0000 +@@ -279,7 +279,8 @@ + # OpenLDAP SSL mechanism + # start_tls mechanism uses the normal LDAP port, LDAPS typically 636 + #ssl start_tls +-#ssl on ++###ssl on ++# Gentoo note: Don't use 'ssl on' in 249/250. They are broken in some cases! Use start_tls instead. + + # OpenLDAP SSL options + # Require and verify server certificate (yes/no) +@@ -311,3 +312,27 @@ + # Override the default Kerberos ticket cache location. + #krb5_ccname FILE:/etc/.ldapcache + ++# Timeout behavior ++# Upstream nss_ldap hard-codes these values: ++#nss_reconnect_tries 5 # number of times to double the sleep time ++#nss_reconnect_sleeptime 4 # initial sleep value ++#nss_reconnect_maxsleeptime 64 # max sleep value to cap at ++#nss_reconnect_maxconntries 2 # how many tries before sleeping ++# This leads to a delay of 124 seconds (4+8+16+32+64=124) per lookup if the ++# server is not available. ++ ++# For Gentoo's distribution of nss_ldap, as of 250-r1, we use these values ++# (The hardwired constants in the code are changed to them as well): ++nss_reconnect_tries 4 # number of times to double the sleep time ++nss_reconnect_sleeptime 1 # initial sleep value ++nss_reconnect_maxsleeptime 16 # max sleep value to cap at ++nss_reconnect_maxconntries 2 # how many tries before sleeping ++# This leads to a delay of 15 seconds (1+2+4+8=15) ++ ++# If you are impatient, and know your LDAP server is reliable, fast or local, ++# you may wish to use these values instead: ++#nss_reconnect_tries 1 # number of times to double the sleep time ++#nss_reconnect_sleeptime 1 # initial sleep value ++#nss_reconnect_maxsleeptime 1 # max sleep value to cap at ++#nss_reconnect_maxconntries 3 # how many tries before sleeping ++# This leads to a delay of 1 second. +diff -Nuar --exclude '*.orig' nss_ldap-265.orig/ldap-nss.h nss_ldap-265/ldap-nss.h +--- nss_ldap-265.orig/ldap-nss.h 2009-11-06 10:28:08.000000000 +0000 ++++ nss_ldap-265/ldap-nss.h 2010-02-19 18:37:49.278474888 +0000 +@@ -96,9 +96,9 @@ + * unacceptable, in which case you may wish to adjust + * the constants below. + */ +-#define LDAP_NSS_TRIES 5 /* number of sleeping reconnect attempts */ +-#define LDAP_NSS_SLEEPTIME 4 /* seconds to sleep; doubled until max */ +-#define LDAP_NSS_MAXSLEEPTIME 64 /* maximum seconds to sleep */ ++#define LDAP_NSS_TRIES 4 /* number of sleeping reconnect attempts */ ++#define LDAP_NSS_SLEEPTIME 1 /* seconds to sleep; doubled until max */ ++#define LDAP_NSS_MAXSLEEPTIME 16 /* maximum seconds to sleep */ + #define LDAP_NSS_MAXCONNTRIES 2 /* reconnect attempts before sleeping */ + + #if defined(HAVE_NSSWITCH_H) || defined(HAVE_IRS_H) diff --git a/sys-auth/nss_ldap/files/nsswitch.ldap.diff b/sys-auth/nss_ldap/files/nsswitch.ldap.diff new file mode 100644 index 000000000000..a8e96e05e8d8 --- /dev/null +++ b/sys-auth/nss_ldap/files/nsswitch.ldap.diff @@ -0,0 +1,15 @@ +--- nsswitch.ldap 2004-06-08 00:34:09.895330016 -0500 ++++ nsswitch.ldap-modified 2004-06-08 00:35:21.518441648 -0500 +@@ -10,10 +10,10 @@ + passwd: files ldap + group: files ldap + +-# consult DNS first, we will need it to resolve the LDAP host. (If we ++# consult files/dns first, we will need it to resolve the LDAP host. (If we + # can't resolve it, we're in infinite recursion, because libldap calls + # gethostbyname(). Careful!) +-hosts: dns ldap ++hosts: files dns ldap + + # LDAP is nominally authoritative for the following maps. + services: ldap [NOTFOUND=return] files |