git: 8ed50ce9158b - main - security/sssd-devel: New port
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 03 Jul 2023 21:48:30 UTC
The branch main has been updated by jhixson:
URL: https://cgit.FreeBSD.org/ports/commit/?id=8ed50ce9158b14a08367afd130c2bba2e752b60b
commit 8ed50ce9158b14a08367afd130c2bba2e752b60b
Author: John Hixson <jhixson@FreeBSD.org>
AuthorDate: 2023-06-30 18:03:47 +0000
Commit: John Hixson <jhixson@FreeBSD.org>
CommitDate: 2023-07-03 21:48:08 +0000
security/sssd-devel: New port
Add new port sss-devel. This updates sssd to version 2.9.0. This is a
development version to be used to get out all the kinks before replacing
the current security/sssd port.
Changes:
https://sssd.io/release-notes/sssd-2.0.0.html
https://sssd.io/release-notes/sssd-2.1.0.html
https://sssd.io/release-notes/sssd-2.2.0.html
https://sssd.io/release-notes/sssd-2.3.0.html
https://sssd.io/release-notes/sssd-2.4.0.html
https://sssd.io/release-notes/sssd-2.5.0.html
https://sssd.io/release-notes/sssd-2.6.0.html
https://sssd.io/release-notes/sssd-2.7.0.html
https://sssd.io/release-notes/sssd-2.8.0.html
https://sssd.io/release-notes/sssd-2.9.0.html
---
security/Makefile | 1 +
security/sssd-devel/Makefile | 206 +++++
security/sssd-devel/distinfo | 3 +
security/sssd-devel/files/bsdnss.c | 196 +++++
security/sssd-devel/files/patch-Makefile.am | 871 +++++++++++++++++++++
security/sssd-devel/files/patch-configure.ac | 51 ++
.../sssd-devel/files/patch-src__confdb__confdb.c | 19 +
.../files/patch-src__external__crypto.m4 | 21 +
.../files/patch-src__external__inotify.m4 | 15 +
.../sssd-devel/files/patch-src__external__krb5.m4 | 13 +
.../files/patch-src__external__nsupdate.m4 | 8 +
.../files/patch-src__external__pac_responder.m4 | 21 +
.../files/patch-src__external__platform.m4 | 51 ++
.../sssd-devel/files/patch-src__external__samba.m4 | 32 +
...h-src__krb5_plugin__common__radius_kdcpreauth.c | 19 +
...rc__lib__winbind_idmap_sss__winbind_idmap_sss.c | 11 +
...rc__lib__winbind_idmap_sss__winbind_idmap_sss.h | 11 +
.../files/patch-src__p11_child__p11_child_common.c | 19 +
...atch-src__passkey_child__passkey_child_common.c | 19 +
.../files/patch-src__providers__ad__ad_common.c | 41 +
.../files/patch-src__providers__ad__ad_gpo_child.c | 19 +
.../files/patch-src__providers__ad__ad_pac.h | 11 +
.../patch-src__providers__ad__ad_pac_common.c | 11 +
...tch-src__providers__data_provider__dp_modules.c | 10 +
...tch-src__providers__data_provider__dp_targets.c | 10 +
.../files/patch-src__providers__data_provider_be.c | 11 +
.../files/patch-src__providers__data_provider_fo.c | 28 +
.../files/patch-src__providers__files__files_ops.c | 88 +++
.../files/patch-src__providers__ipa__ipa_common.c | 28 +
...c__providers__ipa__ipa_deskprofile_rules_util.c | 11 +
.../files/patch-src__providers__krb5__krb5_child.c | 19 +
.../files/patch-src__providers__ldap__ldap_auth.c | 46 ++
.../files/patch-src__providers__ldap__ldap_child.c | 42 +
.../patch-src__providers__ldap__sdap_access.c | 41 +
...rc__providers__ldap__sdap_async_sudo_hostinfo.c | 28 +
.../patch-src__providers__proxy__proxy_child.c | 29 +
.../files/patch-src__resolv__async_resolv_utils.c | 28 +
...cache_req__plugins__cache_req_ip_host_by_addr.c | 10 +
...he_req__plugins__cache_req_ip_network_by_addr.c | 10 +
...atch-src__responder__common__responder_common.c | 10 +
...atch-src__responder__common__responder_packet.c | 10 +
...atch-src__responder__kcm__kcmsrv_ccache_secdb.c | 23 +
.../files/patch-src__responder__kcm__kcmsrv_cmd.c | 15 +
.../files/patch-src__responder__kcm__kcmsrv_ops.c | 10 +
.../patch-src__responder__nss__nsssrv_mmap_cache.c | 27 +
.../files/patch-src__sbus__sbus_errors.c | 11 +
.../files/patch-src__sss_client__common.c | 29 +
.../files/patch-src__sss_client__nss_group.c | 78 ++
.../files/patch-src__sss_client__nss_hosts.c | 12 +
.../files/patch-src__sss_client__nss_ipnetworks.c | 12 +
.../files/patch-src__sss_client__pam_sss.c | 11 +
.../files/patch-src__sss_client__pam_sss_gss.c | 19 +
.../files/patch-src__sss_client__sss_nss.exports | 35 +
...tch-src__sss_client__sss_pac_responder_client.c | 19 +
.../files/patch-src__util__child_common.c | 21 +
.../files/patch-src__util__nss_dl_load.c | 28 +
.../sssd-devel/files/patch-src__util__server.c | 53 ++
.../sssd-devel/files/patch-src__util__sss_krb5.c | 11 +
.../files/patch-src__util__sss_pam_data.h | 10 +
.../files/patch-src__util__sss_sockets.c | 30 +
security/sssd-devel/files/patch-src__util__util.c | 19 +
.../sssd-devel/files/patch-src__util__util_creds.h | 20 +
.../files/patch-src_tests_cmocka_test__authtok.c | 10 +
security/sssd-devel/files/pkg-message.in | 27 +
security/sssd-devel/files/sss_bsd_errno.h | 58 ++
security/sssd-devel/files/sssd.in | 40 +
security/sssd-devel/pkg-descr | 7 +
security/sssd-devel/pkg-plist | 170 ++++
68 files changed, 2933 insertions(+)
diff --git a/security/Makefile b/security/Makefile
index 6993f1a1dbc3..2d570b70023e 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1262,6 +1262,7 @@
SUBDIR += sslscan
SUBDIR += sslsplit
SUBDIR += sssd
+ SUBDIR += sssd-devel
SUBDIR += ssss
SUBDIR += sst
SUBDIR += starttls
diff --git a/security/sssd-devel/Makefile b/security/sssd-devel/Makefile
new file mode 100644
index 000000000000..af2b53a01fa0
--- /dev/null
+++ b/security/sssd-devel/Makefile
@@ -0,0 +1,206 @@
+PORTNAME= sssd
+PORTVERSION= 2.9.0
+CATEGORIES= security
+PKGNAMESUFFIX= -devel
+
+MAINTAINER= jhixson@FreeBSD.org
+COMMENT= System Security Services Daemon
+WWW= https://sssd.io/
+
+LICENSE= GPLv3+
+LICENSE_FILE= ${WRKSRC}/COPYING
+
+CONFLICTS_INSTALL?= sssd*
+
+BUILD_DEPENDS= bash:shells/bash \
+ docbook-xsl>=1:textproc/docbook-xsl \
+ krb5>=1.20:security/krb5 \
+ p11-kit:security/p11-kit \
+ samba-nsupdate:dns/samba-nsupdate \
+ xmlcatalog:textproc/libxml2 \
+ xmlcatmgr:textproc/xmlcatmgr \
+ xsltproc:textproc/libxslt
+
+LIB_DIRS+= ${LOCALBASE}/lib ${LOCALBASE}/lib/sasl2
+LIB_DEPENDS= libcares.so:dns/c-ares \
+ libcom_err.so:security/krb5 \
+ libcurl.so:ftp/curl \
+ libdbus-1.so:devel/dbus \
+ libdhash.so:devel/ding-libs \
+ libfido2.so:security/libfido2 \
+ libgssapi_krb5.so:security/krb5 \
+ libinotify.so:devel/libinotify \
+ libjansson.so:devel/jansson \
+ libjose.so:net/jose \
+ libkrb5.so:security/krb5 \
+ libldb.so:databases/ldb22 \
+ libndr-krb5pac.so:net/samba416 \
+ libndr-nbt.so:net/samba416 \
+ libndr-standard.so:net/samba416 \
+ libndr.so:net/samba416 \
+ libnfs.so:net/libnfs \
+ libnss3.so:security/nss \
+ libp11-kit.so:security/p11-kit \
+ libpcre2-posix.so:devel/pcre2 \
+ libplds4.so:devel/nspr \
+ libpopt.so:devel/popt \
+ libsamba-util.so:net/samba416 \
+ libsasl2.so:security/cyrus-sasl2 \
+ libsmbclient.so:net/samba416 \
+ libtalloc.so:devel/talloc \
+ libtdb.so:databases/tdb \
+ libtevent.so:devel/tevent \
+ libunistring.so:devel/libunistring \
+ libuuid.so:misc/e2fsprogs-libuuid
+
+RUN_DEPENDS= cyrus-sasl-gssapi>0:security/cyrus-sasl2-gssapi \
+ sudo>0:security/sudo
+
+.include <bsd.port.options.mk>
+.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1300076
+IGNORE=SSSD is only supported on FreeBSD 13.1 and above
+.endif
+
+USES= autoreconf cpe gettext gmake gssapi:bootstrap,flags,mit iconv ldap \
+ libtool pathfix pkgconfig python:3.9+ shebangfix ssl
+
+USE_LDCONFIG= yes
+GNU_CONFIGURE= yes
+
+INSTALL_TARGET= install-strip
+CPE_VENDOR= fedoraproject
+
+DEBUG_FLAGS= -g
+STRIP=
+
+CONFIGURE_ARGS= --disable-dependency-tracking \
+ --datadir=${DATADIR} \
+ --docdir=${DOCSDIR} \
+ --localstatedir=/var \
+ --disable-silent-rules \
+ --disable-nls \
+ --disable-cifs-idmap-plugin \
+ --disable-valgrind \
+ --disable-systemtap \
+ --enable-pammoddir=${PREFIX}/lib \
+ --enable-ldb-version-check \
+ --enable-pac-responder \
+ --with-db-path=/var/db/sss/db \
+ --with-os=freebsd \
+ --with-plugin-path=${LOCALBASE}/lib/sssd \
+ --with-pubconf-path=/var/db/sss/pubconf \
+ --with-pid-path=/var/run \
+ --with-pipe-path=/var/run/sss/pipes \
+ --with-mcache-path=/var/db/sss/mc \
+ --with-environment-file=${LOCALBASE}/etc/sssd \
+ --with-init-dir=no \
+ --with-manpages \
+ --with-xml-catalog-path=${LOCALBASE}/share/xml/catalog \
+ --with-krb5-plugin-path=${LOCALBASE}/lib/krb5/plugins/libkrb5 \
+ --with-krb5authdata-plugin-path=${LOCALBASE}/lib/krb5/plugins/authdata \
+ --with-krb5-conf=/etc/krb5.conf \
+ --without-python2-bindings \
+ --with-winbind-plugin-path=${LOCALBASE}/lib/samba4/modules/idmap \
+ --without-selinux \
+ --with-gpo-cache-path=/var/db/sss/gpo_cache \
+ --without-semanage \
+ --with-app-libs=${LOCALBASE}/lib/sssd/modules \
+ --with-sudo \
+ --with-sudo-lib-path=${LOCALBASE}/lib \
+ --without-autofs \
+ --with-files-provider \
+ --with-passkey \
+ --with-libsifp \
+ --without-libsifp \
+ --with-syslog=syslog \
+ --with-samba \
+ --without-nfsv4-idmapd-plugin \
+ --with-nfs-lib-path=${LOCALBASE}/lib \
+ --with-secrets-db-path=/var/lib/sss/secrets \
+ --with-kcm \
+ --with-oidc-child \
+ --with-ldb-lib-dir=${LOCALBASE}/lib/shared-modules/ldb \
+ --with-smb-idmap-interface-version=6 \
+ --without-libnl \
+ --with-nscd-conf=/etc/nscd.conf \
+ --with-python_prefix=${PREFIX} \
+ --with-unicode-lib=libunistring
+
+CFLAGS+= -fstack-protector-all
+CFLAGS+= -I${LOCALBASE}/include -I${LOCALBASE}/include/samba4
+
+LIBS+= -L${LOCALBASE}/lib \
+ -L${LOCALBASE}/lib/samba4/private \
+ -L${LOCALBASE}/lib/sasl2 \
+ -linotify -lintl
+
+KRB5_HOME= ${LOCALBASE}
+KRB5_CONFIG= ${LOCALBASE}/bin/krb5-config
+KRB5_CFLAGS= -I${LOCALBASE}/include
+KRB5_LIBS= -L${LOCALBASE}/lib -lkrb5
+
+LDFLAGS+= -lgssapi
+LDFLAGS_SL+= -lgssapi
+
+LDFLAGS+= -L${LOCALBASE}/lib
+INCLUDES+= -I${LOCALBASE}/include
+CONFIGURE_ENV+= INCLUDES="${INCLUDES}" \
+ LDFLAGS_SL="${LDFLAGS_SL}"
+MAKE_ENV= MAKELEVEL=0
+
+PLIST_SUB= PYTHON_VER=${PYTHON_VER}
+MAKE_ENV+= LINGUAS="bg de eu es fr hu id it ja nb nl pl pt ru sv tg tr uk zh_CN zh_TW"
+SUB_FILES= pkg-message
+
+BINARY_ALIAS= python3=python${PYTHON_VER}
+SHEBANG_FILES= sbus_generate.sh.in \
+ src/tools/analyzer/sss_analyze \
+ src/tools/sss_obfuscate \
+ src/config/SSSDConfigTest.py \
+ src/tests/python-test.py \
+ src/tests/pysss-test.py \
+ src/tests/cwrap/cwrap_test_setup.sh \
+ src/tests/whitespace_test \
+ src/tests/pyhbac-test.py \
+ src/tests/multihost/data/memcachesize.py \
+ src/tests/double_semicolon_test \
+ src/tests/pysss_murmur-test.py \
+ scripts/release.sh \
+ contrib/git/pre-push \
+ contrib/ci/rpm-spec-builddeps \
+ contrib/ci/clean \
+ contrib/ci/valgrind-condense \
+ contrib/ci/run-multihost \
+ contrib/ci/run \
+ contrib/ci/get-matrix.py \
+ contrib/vagrant/bootstrap.sh \
+ contrib/fedora/make_srpm.sh
+
+USE_RC_SUBR= ${PORTNAME}
+
+USE_GITHUB=yes
+GH_ACCOUNT=sssd
+
+post-patch:
+ @${REINPLACE_CMD} -e 's|/usr/bin/|${PREFIX}/bin/|g' \
+ -e 's|/var/lib/sss/pubconf/|/var/db/sss/pubconf/|g' \
+ ${WRKSRC}/src/man/sss_ssh_knownhostsproxy.1.xml \
+ ${WRKSRC}/src/man/po/*.po || true
+ @${REINPLACE_CMD} -e 's|/etc/sssd/|${ETCDIR}/|g' \
+ -e 's|/etc/openldap/|${LOCALBASE}/etc/openldap/|g' \
+ ${WRKSRC}/src/man/*xml || true
+ @${CP} ${FILESDIR}/sss_bsd_errno.h ${WRKSRC}/src/util/sss_bsd_errno.h
+ @${CP} ${FILESDIR}/bsdnss.c ${WRKSRC}/src/sss_client/bsdnss.c
+
+post-install:
+ ${INSTALL_DATA} ${WRKSRC}/src/examples/sssd-example.conf \
+ ${STAGEDIR}${ETCDIR}/sssd.conf.sample
+ ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system.d
+ ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.conf \
+ ${STAGEDIR}${PREFIX}/share/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf
+ ${MKDIR} ${STAGEDIR}${PREFIX}/share/dbus-1/system-services
+ ${INSTALL_DATA} ${WRKSRC}/src/responder/ifp/org.freedesktop.sssd.infopipe.service \
+ ${STAGEDIR}${PREFIX}/share/dbus-1/system-services/org.freedesktop.sssd.infopipe.service
+ ${LN} -sf libnss_sss.so.2 ${STAGEDIR}${PREFIX}/lib/nss_sss.so.1
+
+.include <bsd.port.mk>
diff --git a/security/sssd-devel/distinfo b/security/sssd-devel/distinfo
new file mode 100644
index 000000000000..a1b047b93845
--- /dev/null
+++ b/security/sssd-devel/distinfo
@@ -0,0 +1,3 @@
+TIMESTAMP = 1684527117
+SHA256 (sssd-sssd-2.9.0_GH0.tar.gz) = 6dcf9b0d76ffde6031cb5f836574072c1a1ca31e7b1d5a4da8c0c4b636f1340a
+SIZE (sssd-sssd-2.9.0_GH0.tar.gz) = 6631690
diff --git a/security/sssd-devel/files/bsdnss.c b/security/sssd-devel/files/bsdnss.c
new file mode 100644
index 000000000000..6a1152100c67
--- /dev/null
+++ b/security/sssd-devel/files/bsdnss.c
@@ -0,0 +1,196 @@
+#include <errno.h>
+#include <sys/param.h>
+#include <netinet/in.h>
+#include <pwd.h>
+#include <grp.h>
+#include <nss.h>
+#include <netdb.h>
+
+extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t,
+ int *);
+extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *,
+ char *, size_t, int *);
+extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *,
+ size_t, int *);
+extern enum nss_status _nss_sss_setgrent(void);
+extern enum nss_status _nss_sss_endgrent(void);
+
+extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t,
+ int *);
+extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *,
+ char *, size_t, int *);
+extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *,
+ size_t, int *);
+extern enum nss_status _nss_sss_setpwent(void);
+extern enum nss_status _nss_sss_endpwent(void);
+
+extern enum nss_status _nss_sss_gethostbyname_r(const char *name,
+ struct hostent * result,
+ char *buffer, size_t buflen,
+ int *errnop,
+ int *h_errnop);
+
+extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af,
+ struct hostent * result,
+ char *buffer, size_t buflen,
+ int *errnop,
+ int *h_errnop);
+extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len,
+ int type,
+ struct hostent * result,
+ char *buffer, size_t buflen,
+ int *errnop, int *h_errnop);
+
+extern enum nss_status _nss_sss_getgroupmembership(const char *uname,
+ gid_t agroup, gid_t *groups,
+ int maxgrp, int *grpcnt);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
+NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
+NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
+
+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
+NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
+
+static ns_mtab methods[] = {
+{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
+{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
+{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
+{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership },
+{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
+{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
+
+{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
+{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
+{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
+{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
+{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
+
+// { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r },
+//{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r },
+//{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r },
+
+{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r },
+{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r },
+{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r },
+{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent },
+{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent },
+
+{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r },
+{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r },
+{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r },
+{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent },
+{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent },
+
+};
+
+
+ns_mtab *
+nss_module_register(const char *source, unsigned int *mtabsize,
+ nss_module_unregister_fn *unreg)
+{
+ *mtabsize = sizeof(methods)/sizeof(methods[0]);
+ *unreg = NULL;
+ return (methods);
+}
+
+int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap)
+{
+ int (*fn)(const char *, gid_t, gid_t *, int, int *);
+
+ const char *uname;
+ gid_t agroup;
+ gid_t *groups;
+ int maxgrp;
+ int *grpcnt;
+ int errnop = 0;
+ enum nss_status status;
+
+ fn = mdata;
+ uname = va_arg(ap, const char *);
+ agroup = va_arg(ap, gid_t);
+ groups = va_arg(ap, gid_t *);
+ maxgrp = va_arg(ap, int);
+ grpcnt = va_arg(ap, int *);
+ status = fn(uname, agroup, groups, maxgrp, grpcnt);
+ status = __nss_compat_result(status, errnop);
+ return (status);
+}
+
+int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
+{
+ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
+ const char *name;
+ struct hostent *result;
+ char buffer[1024];
+ size_t buflen = 1024;
+ int errnop;
+ int h_errnop;
+ int af;
+ enum nss_status status;
+
+ fn = mdata;
+ name = va_arg(ap, const char*);
+ af = va_arg(ap,int);
+ result = va_arg(ap,struct hostent *);
+ status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
+ status = __nss_compat_result(status,errnop);
+ h_errno = h_errnop;
+ return (status);
+}
+
+int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
+{
+ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
+ const char *name;
+ struct hostent *result;
+ char buffer[1024];
+ size_t buflen = 1024;
+ int errnop;
+ int h_errnop;
+ int af;
+ enum nss_status status;
+
+ fn = mdata;
+ name = va_arg(ap, const char*);
+ af = va_arg(ap,int);
+ result = va_arg(ap,struct hostent *);
+ status = fn(name, result, buffer, buflen, &errnop, &h_errnop);
+ status = __nss_compat_result(status,errnop);
+ h_errno = h_errnop;
+ return (status);
+}
+
+int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
+{
+ struct in_addr *addr;
+ int len;
+ int type;
+ struct hostent *result;
+ char buffer[1024];
+ size_t buflen = 1024;
+ int errnop;
+ int h_errnop;
+ enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
+ enum nss_status status;
+
+ fn = mdata;
+ addr = va_arg(ap, struct in_addr*);
+ len = va_arg(ap,int);
+ type = va_arg(ap,int);
+ result = va_arg(ap, struct hostent*);
+ status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop);
+ status = __nss_compat_result(status,errnop);
+ h_errno = h_errnop;
+ return (status);
+}
diff --git a/security/sssd-devel/files/patch-Makefile.am b/security/sssd-devel/files/patch-Makefile.am
new file mode 100644
index 000000000000..36b53712ce10
--- /dev/null
+++ b/security/sssd-devel/files/patch-Makefile.am
@@ -0,0 +1,871 @@
+--- Makefile.am.orig 2023-06-09 02:31:48 UTC
++++ Makefile.am
+@@ -59,7 +59,7 @@ dbusservicedir = $(datadir)/dbus-1/system-services
+ krb5snippetsdir = $(sssddatadir)/krb5-snippets
+ dbuspolicydir = $(datadir)/dbus-1/system.d
+ dbusservicedir = $(datadir)/dbus-1/system-services
+-sss_statedir = $(localstatedir)/lib/sss
++sss_statedir = $(localstatedir)/db/sss
+ runstatedir = @runstatedir@
+ localedir = @localedir@
+ nsslibdir = @nsslibdir@
+@@ -640,6 +640,7 @@ SSSD_LIBS = \
+
+ SSSD_LIBS = \
+ $(TALLOC_LIBS) \
++ $(LTLIBINTL) \
+ $(TEVENT_LIBS) \
+ $(POPT_LIBS) \
+ $(LDB_LIBS) \
+@@ -711,6 +712,7 @@ dist_noinst_HEADERS = \
+ src/util/sss_ssh.h \
+ src/util/sss_ini.h \
+ src/util/sss_format.h \
++ src/util/sss_bsd_errno.h \
+ src/util/sss_pam_data.h \
+ src/util/refcount.h \
+ src/util/file_watch.h \
+@@ -1512,6 +1514,7 @@ sssd_LDADD = \
+ $(SSSD_LIBS) \
+ $(INOTIFY_LIBS) \
+ $(LIBNL_LIBS) \
++ $(LTLIBINTL) \
+ $(KEYUTILS_LIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -1540,6 +1543,7 @@ sssd_nss_LDADD = \
+ $(LIBADD_DL) \
+ $(TDB_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ libsss_idmap.la \
+ libsss_cert.la \
+ $(SYSTEMD_DAEMON_LIBS) \
+@@ -1570,6 +1574,7 @@ sssd_pam_LDADD = \
+ $(LIBADD_DL) \
+ $(TDB_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SELINUX_LIBS) \
+ $(PAM_LIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+@@ -1589,8 +1594,10 @@ sssd_sudo_LDADD = \
+ src/responder/sudo/sudosrv_dp.c \
+ $(SSSD_RESPONDER_OBJ)
+ sssd_sudo_LDADD = \
++ $(GSSAPI_KRB5_LIBS) \
+ $(LIBADD_DL) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_iface.la \
+@@ -1606,6 +1613,7 @@ sssd_autofs_LDADD = \
+ sssd_autofs_LDADD = \
+ $(LIBADD_DL) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_iface.la \
+@@ -1626,6 +1634,7 @@ sssd_ssh_LDADD = \
+ sssd_ssh_LDADD = \
+ $(LIBADD_DL) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ libsss_cert.la \
+@@ -1649,6 +1658,7 @@ sssd_pac_LDADD = \
+ $(NDR_KRB5PAC_LIBS) \
+ $(TDB_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ libsss_idmap.la \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -1727,6 +1737,7 @@ sssd_ifp_LDADD = \
+ sssd_ifp_LDADD = \
+ $(LIBADD_DL) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_cert.la \
+@@ -1789,6 +1800,7 @@ sssd_kcm_LDADD = \
+ $(LIBADD_DL) \
+ $(KRB5_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(UUID_LIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -1839,6 +1851,7 @@ sssd_be_LDADD = \
+ sssd_be_LDADD = \
+ $(LIBADD_DL) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CARES_LIBS) \
+ $(PAM_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -1900,6 +1913,7 @@ sss_signal_LDADD = \
+ src/tools/common/sss_process.c
+ $(NULL)
+ sss_signal_LDADD = \
++ $(LTLIBINTL) \
+ libsss_debug.la \
+ $(NULL)
+
+@@ -1956,7 +1970,7 @@ sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
+ src/sss_client/sudo/sss_sudo_response.c \
+ src/sss_client/sudo_testcli/sudo_testcli.c
+ sss_sudo_cli_CFLAGS = $(AM_CFLAGS)
+-sss_sudo_cli_LDADD = $(CLIENT_LIBS)
++sss_sudo_cli_LDADD = $(GSSAPI_KRB5_LIBS) $(CLIENT_LIBS)
+ endif
+
+ if BUILD_SSH
+@@ -2137,6 +2151,7 @@ sysdb_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ sysdb_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2150,6 +2165,7 @@ sysdb_ssh_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ sysdb_ssh_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2162,6 +2178,7 @@ strtonum_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ strtonum_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ libsss_debug.la \
+ libsss_test_common.la
+@@ -2186,6 +2203,7 @@ krb5_utils_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ krb5_utils_tests_LDADD = \
+ $(SSSD_LIBS)\
++ $(LTLIBINTL) \
+ $(CARES_LIBS) \
+ $(KRB5_LIBS) \
+ $(CHECK_LIBS) \
+@@ -2246,6 +2264,7 @@ resolv_tests_LDADD = \
+ -DBUILD_TXT
+ resolv_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(CARES_LIBS) \
+ libsss_debug.la \
+@@ -2259,6 +2278,7 @@ file_watch_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ file_watch_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(INOTIFY_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -2272,6 +2292,7 @@ refcount_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ refcount_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2285,6 +2306,7 @@ fail_over_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ fail_over_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(CARES_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -2316,6 +2338,7 @@ auth_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ auth_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2365,6 +2388,7 @@ util_tests_LDADD = \
+ $(NULL)
+ util_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la \
+@@ -2377,6 +2401,7 @@ safe_format_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ safe_format_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2389,6 +2414,7 @@ debug_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ debug_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ libsss_debug.la
+
+@@ -2412,6 +2438,7 @@ ipa_hbac_tests_LDADD = \
+ $(CHECK_CFLAGS)
+ ipa_hbac_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CHECK_LIBS) \
+ libsss_test_common.la \
+ libipa_hbac.la
+@@ -2446,6 +2473,7 @@ responder_socket_access_tests_LDADD = \
+ $(LIBADD_DL) \
+ $(CHECK_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ libsss_test_common.la \
+@@ -2458,6 +2486,7 @@ stress_tests_LDADD = \
+ src/tests/stress-tests.c
+ stress_tests_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ libsss_test_common.la
+
+ krb5_child_test_SOURCES = \
+@@ -2482,6 +2511,7 @@ krb5_child_test_LDADD = \
+ $(CHECK_CFLAGS)
+ krb5_child_test_LDADD = \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(CARES_LIBS) \
+ $(KRB5_LIBS) \
+ $(CHECK_LIBS) \
+@@ -2499,6 +2529,7 @@ test_ssh_client_LDADD = \
+ test_ssh_client_LDADD = \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(NULL)
+
+ test_sbus_message_SOURCES = \
+@@ -2592,6 +2623,7 @@ nss_srv_tests_LDADD = \
+ $(LIBADD_DL) \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ libsss_test_common.la \
+@@ -2641,6 +2673,7 @@ pam_srv_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(PAM_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(GSSAPI_KRB5_LIBS) \
+@@ -2681,6 +2714,7 @@ ssh_srv_tests_LDADD = \
+ $(LIBADD_DL) \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ libsss_test_common.la \
+@@ -2705,6 +2739,7 @@ responder_get_domains_tests_LDADD = \
+ $(LIBADD_DL) \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ libsss_test_common.la \
+@@ -2768,6 +2803,7 @@ test_negcache_LDADD = \
+ $(LIBADD_DL) \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SYSTEMD_DAEMON_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la \
+@@ -2794,6 +2830,7 @@ test_authtok_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(DHASH_LIBS) \
+ $(POPT_LIBS) \
++ $(LTLIBINTL) \
+ libsss_test_common.la \
+ libsss_debug.la \
+ $(NULL)
+@@ -2809,6 +2846,7 @@ test_prompt_config_LDADD = \
+ test_prompt_config_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
++ $(LTLIBINTL) \
+ libsss_debug.la \
+ $(TALLOC_LIBS) \
+ $(NULL)
+@@ -2833,6 +2871,7 @@ deskprofile_utils_tests_LDADD = \
+ deskprofile_utils_tests_CFLAGS = \
+ $(AM_CFLAGS)
+ deskprofile_utils_tests_LDADD = \
++ $(LTLIBINTL) \
+ $(CMOCKA_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2856,6 +2895,7 @@ dyndns_tests_LDADD = \
+ $(CARES_LIBS) \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+
+@@ -2866,6 +2906,7 @@ domain_resolution_order_tests_LDADD = \
+ $(AM_CFLAGS)
+ domain_resolution_order_tests_LDADD = \
+ $(CMOCKA_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+
+@@ -2876,6 +2917,7 @@ fqnames_tests_LDADD = \
+ fqnames_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+
+@@ -2895,6 +2937,7 @@ nestedgroups_tests_LDADD = \
+ nestedgroups_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(OPENLDAP_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_idmap.la \
+@@ -2926,6 +2969,7 @@ test_ipa_idmap_LDADD = \
+ test_ipa_idmap_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
++ $(LTLIBINTL) \
+ libsss_idmap.la \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+@@ -2948,6 +2992,7 @@ test_utils_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
++ $(LTLIBINTL) \
+ libsss_test_common.la
+
+ test_search_bases_SOURCES = \
+@@ -2956,6 +3001,7 @@ test_search_bases_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(TALLOC_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
++ $(LTLIBINTL) \
+ libsss_ldap_common.la \
+ libsss_test_common.la \
+ libdlopen_test_providers.la \
+@@ -2970,6 +3016,7 @@ test_ldap_auth_LDADD = \
+ test_ldap_auth_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(TALLOC_LIBS) \
++ $(LTLIBINTL) \
+ libsss_ldap_common.la \
+ libsss_test_common.la \
+ libdlopen_test_providers.la \
+@@ -2983,6 +3030,7 @@ test_ldap_id_cleanup_LDADD = \
+ test_ldap_id_cleanup_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
++ $(LTLIBINTL) \
+ $(TALLOC_LIBS) \
+ $(TEVENT_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -3000,6 +3048,7 @@ test_sdap_access_LDADD = \
+ test_sdap_access_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(TALLOC_LIBS) \
++ $(LTLIBINTL) \
+ libsss_ldap_common.la \
+ libsss_test_common.la \
+ libdlopen_test_providers.la \
+@@ -3019,6 +3068,7 @@ test_sdap_certmap_LDADD = \
+ test_sdap_certmap_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(TALLOC_LIBS) \
++ $(LTLIBINTL) \
+ $(POPT_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la \
+@@ -3030,6 +3080,7 @@ ad_access_filter_tests_LDADD = \
+ ad_access_filter_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(POPT_LIBS) \
++ $(LTLIBINTL) \
+ $(TALLOC_LIBS) \
+ $(TEVENT_LIBS) \
+ $(SSSD_INTERNAL_LTLIBS) \
+@@ -3051,6 +3102,7 @@ ad_gpo_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(OPENLDAP_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ $(NDR_NBT_LIBS) \
+ libsss_ldap_common.la \
+@@ -3088,6 +3140,7 @@ ad_common_tests_LDADD = \
+ ad_common_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(SSSD_LIBS) \
++ $(LTLIBINTL) \
+ $(KEYUTILS_LIBS) \
+ $(NDR_NBT_LIBS) \
+ $(NDR_KRB5PAC_LIBS) \
+@@ -3110,6 +3163,7 @@ dp_opt_tests_LDADD = \
+ $(CMOCKA_LIBS) \
+ $(TALLOC_LIBS) \
+ $(POPT_LIBS) \
++ $(LTLIBINTL) \
+ $(SSSD_INTERNAL_LTLIBS) \
+ libsss_test_common.la
+
*** 2458 LINES SKIPPED ***