diff options
Diffstat (limited to 'sys-auth')
| -rw-r--r-- | sys-auth/nss_ldap/ChangeLog | 9 | ||||
| -rw-r--r-- | sys-auth/nss_ldap/files/digest-nss_ldap-257 | 3 | ||||
| -rw-r--r-- | sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch | 92 | ||||
| -rw-r--r-- | sys-auth/nss_ldap/nss_ldap-257.ebuild | 72 |
4 files changed, 175 insertions, 1 deletions
diff --git a/sys-auth/nss_ldap/ChangeLog b/sys-auth/nss_ldap/ChangeLog index ca5a729a3257..5c15226cc0a6 100644 --- a/sys-auth/nss_ldap/ChangeLog +++ b/sys-auth/nss_ldap/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for sys-auth/nss_ldap # Copyright 2002-2007 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.40 2007/02/08 07:14:04 robbat2 Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/ChangeLog,v 1.41 2007/09/18 23:18:35 robbat2 Exp $ + +*nss_ldap-257 (18 Sep 2007) + + 18 Sep 2007; Robin H. Johnson <robbat2@gentoo.org> + +files/nss_ldap-257-nss_max_group_depth.patch, +nss_ldap-257.ebuild: + Version bump per bug #173383. Fixes SIGPIPE issue from bugs #166519, + #162355. Includes bug #155492: nss_max_group_depth patch. 08 Feb 2007; Robin H. Johnson <robbat2@gentoo.org> metadata.xml: Note ldap-bugs mail alias. diff --git a/sys-auth/nss_ldap/files/digest-nss_ldap-257 b/sys-auth/nss_ldap/files/digest-nss_ldap-257 new file mode 100644 index 000000000000..e2b688c86184 --- /dev/null +++ b/sys-auth/nss_ldap/files/digest-nss_ldap-257 @@ -0,0 +1,3 @@ +MD5 5e4ad4aa9ed2514927a23bf94b9fc5a3 nss_ldap-257.tar.gz 229242 +RMD160 b7260a768217901c701c52a5f2446894f6dc7aef nss_ldap-257.tar.gz 229242 +SHA256 22a0e3b0ebffc5d8f252144a422ef5eaef2ad1255aa7c0953691c990a44e267b nss_ldap-257.tar.gz 229242 diff --git a/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch new file mode 100644 index 000000000000..d2f8efeec751 --- /dev/null +++ b/sys-auth/nss_ldap/files/nss_ldap-257-nss_max_group_depth.patch @@ -0,0 +1,92 @@ +Gentoo-Bug: 155492 +Original-Author: Heath Caldwell <hncaldwell@csupomona.edu> +Rediffed-by: Robin H. Johnson <robbat2@gentoo.org> + +--- nss_ldap-257.orig/ChangeLog 2007-09-18 15:02:59.997686000 -0700 ++++ nss_ldap-257/ChangeLog 2007-09-18 15:04:07.925113592 -0700 +@@ -3,2 +3,7 @@ + ++257.1 Heath Caldwell <hncaldwell@csupomona.edu> ++ ++ * add configurable maximum group depth with new ++ configuration file option called nss_max_group_depth ++ + 257 Luke Howard <lukeh@padl.com> +--- nss_ldap-257.orig/ldap-grp.c 2007-08-02 21:51:09.000000000 -0700 ++++ nss_ldap-257/ldap-grp.c 2007-09-18 15:03:23.734619150 -0700 +@@ -308,7 +308,7 @@ + uniquemember_attrs[0] = uniquemember_attr; + uniquemember_attrs[1] = NULL; + +- if (*depth > LDAP_NSS_MAXGR_DEPTH) ++ if (*depth > _nss_ldap_max_group_depth) + { + return NSS_NOTFOUND; + } +@@ -844,7 +844,7 @@ + const char *gidnumber_attrs[2]; + int erange; + +- if (lia->depth > LDAP_NSS_MAXGR_DEPTH) ++ if (lia->depth > _nss_ldap_max_group_depth) + return NSS_NOTFOUND; + + if (_nss_ldap_namelist_find (lia->known_groups, dn)) +@@ -890,7 +890,7 @@ + size_t memberCount, i; + int erange; + +- if (lia->depth > LDAP_NSS_MAXGR_DEPTH) ++ if (lia->depth > _nss_ldap_max_group_depth) + return NSS_NOTFOUND; + + for (memberCount = 0; membersOf[memberCount] != NULL; memberCount++) +--- nss_ldap-257.orig/ldap-nss.h 2007-09-18 15:02:59.997686000 -0700 ++++ nss_ldap-257/ldap-nss.h 2007-09-18 15:03:23.734619150 -0700 +@@ -105,7 +105,8 @@ + #define LDAP_NSS_MAXNETGR_DEPTH 16 /* maximum depth of netgroup nesting for innetgr() */ + #endif /* HAVE_NSSWITCH_H */ + +-#define LDAP_NSS_MAXGR_DEPTH 16 /* maximum depth of group nesting for getgrent()/initgroups() */ ++#define LDAP_NSS_MAXGR_DEPTH 16 /* default maximum depth of group nesting for getgrent()/initgroups() */ ++extern int _nss_ldap_max_group_depth; /* global variable to hold maximum group depth */ + + #if LDAP_NSS_NGROUPS > 64 + #define LDAP_NSS_BUFLEN_GROUP (NSS_BUFSIZ + (LDAP_NSS_NGROUPS * (sizeof (char *) + LOGNAME_MAX))) +--- nss_ldap-257.orig/nss_ldap.5 2007-09-18 15:03:00.001020000 -0700 ++++ nss_ldap-257/nss_ldap.5 2007-09-18 15:05:42.779508238 -0700 +@@ -453,6 +453,10 @@ + verify no local applications rely on this information before + enabling this on a production system. + .TP ++.B nss_max_group_depth <value> ++Specifies the maximum depth to which nested groups are queried. ++A value of 0 effectively disables querying for nested groups. ++.TP + .B nss_srv_domain <domain> + This option determines the DNS domain used for performing SRV + lookups. +--- nss_ldap-257.orig/util.c 2007-09-18 15:03:00.001020000 -0700 ++++ nss_ldap-257/util.c 2007-09-18 15:04:35.032083555 -0700 +@@ -62,2 +62,5 @@ + ++/* Initialize global maximum group depth to default. */ ++int _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH; ++ + static NSS_STATUS do_getrdnvalue (const char *dn, +@@ -805,2 +808,5 @@ + ++ /* Reset global maximum group depth to default. */ ++ _nss_ldap_max_group_depth = LDAP_NSS_MAXGR_DEPTH; ++ + while (fgets (b, sizeof (b), fp) != NULL) +--- nss_ldap-257.orig/util.h 2007-09-18 15:03:00.001020000 -0700 ++++ nss_ldap-257/util.h 2007-09-18 15:05:11.295822638 -0700 +@@ -84,6 +84,7 @@ + #define NSS_LDAP_KEY_INITGROUPS "nss_initgroups" + #define NSS_LDAP_KEY_INITGROUPS_IGNOREUSERS "nss_initgroups_ignoreusers" + #define NSS_LDAP_KEY_GETGRENT_SKIPMEMBERS "nss_getgrent_skipmembers" ++#define NSS_LDAP_KEY_MAX_GROUP_DEPTH "nss_max_group_depth" + + /* more reconnect policy fine-tuning */ + #define NSS_LDAP_KEY_RECONNECT_TRIES "nss_reconnect_tries" diff --git a/sys-auth/nss_ldap/nss_ldap-257.ebuild b/sys-auth/nss_ldap/nss_ldap-257.ebuild new file mode 100644 index 000000000000..3eca16b06811 --- /dev/null +++ b/sys-auth/nss_ldap/nss_ldap-257.ebuild @@ -0,0 +1,72 @@ +# Copyright 1999-2007 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-auth/nss_ldap/nss_ldap-257.ebuild,v 1.1 2007/09/18 23:18:35 robbat2 Exp $ + +inherit fixheadtails eutils multilib + +IUSE="debug sasl kerberos" + +DESCRIPTION="NSS LDAP Module" +HOMEPAGE="http://www.padl.com/OSS/nss_ldap.html" +SRC_URI="http://www.padl.com/download/${P}.tar.gz" + +SLOT="0" +LICENSE="LGPL-2" +KEYWORDS="~alpha ~amd64 ~hppa ~mips ~ppc ~ppc64 ~sparc ~x86" + +DEPEND=">=net-nds/openldap-2.1.30-r5 + sasl? ( dev-libs/cyrus-sasl ) + kerberos? ( virtual/krb5 )" +RDEPEND="${DEPEND} + !<net-fs/autofs-4.1.3" + +src_unpack() { + unpack ${A} + cd ${S} + epatch ${FILESDIR}/nsswitch.ldap.diff + # Applied by upstream + #epatch ${FILESDIR}/${PN}-239-tls-security-bug.patch + epatch ${FILESDIR}/${PN}-249-sasl-compile.patch + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-252-reconnect-timeouts.patch + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-254-nss_getgrent_skipmembers.patch + EPATCH_OPTS="-p1 -d ${S}" epatch ${FILESDIR}/${PN}-257-nss_max_group_depth.patch + sed -i.orig \ + -e '/^ @(#)\$Id: ldap.conf,v/s,^,#,' \ + ${S}/ldap.conf || die "failed to clean up initial version marker" + # fix head/tail stuff + ht_fix_file ${S}/Makefile.am ${S}/Makefile.in ${S}/depcomp + # fix build borkage + for i in Makefile.{in,am}; do + sed -i.orig \ + -e '/^install-exec-local: nss_ldap.so/s,nss_ldap.so,,g' \ + ${S}/$i + done +} + +src_compile() { + local myconf="" + use debug && myconf="${myconf} --enable-debugging" + use kerberos && myconf="${myconf} --enable-configurable-krb5-ccname-gssapi" + econf \ + --with-ldap-lib=openldap \ + --libdir=/$(get_libdir) \ + --enable-schema-mapping \ + --enable-paged-results \ + --enable-rfc2307bis \ + ${myconf} || die "configure failed" + + emake || die "make failed" +} + +src_install() { + dodir /$(get_libdir) + + emake -j1 DESTDIR="${D}" install || die "make install failed" + + insinto /etc + doins ldap.conf + + dodoc ldap.conf ANNOUNCE NEWS ChangeLog AUTHORS \ + COPYING CVSVersionInfo.txt README nsswitch.ldap certutil + docinto docs; dodoc doc/* +} |