git: a01debe78c6a - main - net/nss-pam-ldapd: Add LCLASS Support

From: Ryan Steinmetz <zi_at_FreeBSD.org>
Date: Sun, 27 Aug 2023 13:54:33 UTC
The branch main has been updated by zi:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a01debe78c6a48b2af17be589f4d13307e4d7b59

commit a01debe78c6a48b2af17be589f4d13307e4d7b59
Author:     Ryan Steinmetz <zi@FreeBSD.org>
AuthorDate: 2023-08-27 13:53:30 +0000
Commit:     Ryan Steinmetz <zi@FreeBSD.org>
CommitDate: 2023-08-27 13:53:30 +0000

    net/nss-pam-ldapd: Add LCLASS Support
    
    PR:             220379
    Submitted by:   Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
---
 net/nss-pam-ldapd/Makefile                         |  6 ++-
 .../files/lclass-patches/patch-nslcd__attmap.c     | 18 +++++++++
 .../files/lclass-patches/patch-nslcd__attmap.h     | 10 +++++
 .../files/lclass-patches/patch-nslcd__passwd.c     | 43 ++++++++++++++++++++++
 .../files/lclass-patches/patch-nss__passwd.c       | 13 +++++++
 5 files changed, 89 insertions(+), 1 deletion(-)

diff --git a/net/nss-pam-ldapd/Makefile b/net/nss-pam-ldapd/Makefile
index da980d0bc012..cbd58ca8a2c9 100644
--- a/net/nss-pam-ldapd/Makefile
+++ b/net/nss-pam-ldapd/Makefile
@@ -13,6 +13,7 @@ LICENSE=		LGPL21 LGPL3
 LICENSE_COMB=		dual
 
 USES=			cpe ldap
+
 CPE_VENDOR=		arthurdejong
 GNU_CONFIGURE=		yes
 USE_RC_SUBR=		nslcd
@@ -24,9 +25,12 @@ NSLCD_PIDFILE?=		/var/run/nslcd.pid
 NSLCD_VARDIR?=		/var/run/nslcd
 NSLCD_SOCKET?=		${NSLCD_VARDIR}/nslcd.ctl
 
-OPTIONS_DEFINE=		KERBEROS
+OPTIONS_DEFINE=		KERBEROS LCLASS
 OPTIONS_DEFAULT=	KERBEROS
 
+LCLASS_EXTRA_PATCHES=	${PATCHDIR}/lclass-patches
+LCLASS_DESC=		Build with loginClass support
+
 .if defined(SLAVE_PORT)
 OPTIONS_DEFINE+=	SASL
 OPTIONS_MULTI=		MG1
diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c
new file mode 100644
index 000000000000..b326d1830662
--- /dev/null
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c
@@ -0,0 +1,18 @@
+--- nslcd/attmap.c.orig	2019-11-02 16:23:45.000000000 +0100
++++ nslcd/attmap.c	2023-05-29 19:22:02.233300000 +0200
+@@ -176,6 +176,7 @@
+     if (strcasecmp(name, "gecos") == 0)             return &attmap_passwd_gecos;
+     if (strcasecmp(name, "homeDirectory") == 0)     return &attmap_passwd_homeDirectory;
+     if (strcasecmp(name, "loginShell") == 0)        return &attmap_passwd_loginShell;
++    if (strcasecmp(name, "loginClass") ==0)         return &attmap_passwd_loginClass;
+   }
+   else if (map == LM_PROTOCOLS)
+   {
+@@ -230,6 +231,7 @@
+         (var != &attmap_shadow_shadowWarning) &&
+         (var != &attmap_shadow_shadowInactive) &&
+         (var != &attmap_shadow_shadowExpire) &&
++	 (var != &attmap_passwd_loginClass) &&
+         (var != &attmap_shadow_shadowFlag))
+       return NULL;
+     /* the member attribute may only be set to an empty string */
diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h
new file mode 100644
index 000000000000..7100e2924193
--- /dev/null
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h
@@ -0,0 +1,10 @@
+--- nslcd/attmap.h.orig	2021-11-15 20:40:49.000000000 +0100
++++ nslcd/attmap.h	2023-05-29 19:22:02.233912000 +0200
+@@ -67,6 +67,7 @@
+ extern const char *attmap_shadow_shadowInactive;
+ extern const char *attmap_shadow_shadowExpire;
+ extern const char *attmap_shadow_shadowFlag;
++extern const char *attmap_passwd_loginClass;
+ 
+ /* return a reference to the map specific base variable */
+ const char **base_get_var(enum ldap_map_selector map);
diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c
new file mode 100644
index 000000000000..1689f2afec2a
--- /dev/null
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c
@@ -0,0 +1,43 @@
+--- nslcd/passwd.c.orig	2021-11-15 20:40:49.000000000 +0100
++++ nslcd/passwd.c	2023-05-29 19:22:02.234797000 +0200
+@@ -63,6 +63,7 @@
+ const char *attmap_passwd_gecos         = "\"${gecos:-$cn}\"";
+ const char *attmap_passwd_homeDirectory = "homeDirectory";
+ const char *attmap_passwd_loginShell    = "loginShell";
++const char *attmap_passwd_loginClass    = "loginClass";
+ 
+ /* special properties for objectSid-based searches
+    (these are already LDAP-escaped strings) */
+@@ -150,6 +151,7 @@
+   attmap_add_attributes(set, attmap_passwd_gecos);
+   attmap_add_attributes(set, attmap_passwd_homeDirectory);
+   attmap_add_attributes(set, attmap_passwd_loginShell);
++  attmap_add_attributes(set, attmap_passwd_loginClass);
+   passwd_attrs = set_tolist(set);
+   if (passwd_attrs == NULL)
+   {
+@@ -428,6 +430,7 @@
+   char gecos[1024];
+   char homedir[256];
+   char shell[64];
++  char lclass[256];
+   char passbuffer[BUFLEN_PASSWORDHASH];
+   int i, j;
+   /* get the usernames for this entry */
+@@ -541,6 +544,8 @@
+             myldap_get_dn(entry), attmap_passwd_homeDirectory);
+   /* get the shell for this entry */
+   attmap_get_value(entry, attmap_passwd_loginShell, shell, sizeof(shell));
++  /* get the login class for this entry */
++  attmap_get_value(entry, attmap_passwd_loginClass, lclass, sizeof(lclass));
+   /* write the entries */
+   for (i = 0; usernames[i] != NULL; i++)
+   {
+@@ -565,6 +570,7 @@
+             WRITE_STRING(fp, gecos);
+             WRITE_STRING(fp, homedir);
+             WRITE_STRING(fp, shell);
++            WRITE_STRING(fp, lclass);
+           }
+         }
+       }
diff --git a/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c b/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c
new file mode 100644
index 000000000000..cad4bfffda85
--- /dev/null
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c
@@ -0,0 +1,13 @@
+--- nss/passwd.c.orig	2019-11-02 16:23:46.000000000 +0100
++++ nss/passwd.c	2023-05-29 19:22:02.235416000 +0200
+@@ -45,8 +45,8 @@
+   READ_BUF_STRING(fp, result->pw_dir);
+   READ_BUF_STRING(fp, result->pw_shell);
+ #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
+-  /* set the user access class to an empty string */
+-  result->pw_class = result->pw_name + strlen(result->pw_name);
++  /* set the user access class to an empty string only if empty */
++  READ_BUF_STRING(fp, result->pw_class);
+ #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
+   return NSS_STATUS_SUCCESS;
+ }