diff options
Diffstat (limited to 'meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files')
7 files changed, 168 insertions, 0 deletions
diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/drop_ntpdate_chk.patch b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/drop_ntpdate_chk.patch new file mode 100644 index 0000000000..338af5d364 --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/drop_ntpdate_chk.patch @@ -0,0 +1,28 @@ +nsupdate path is needed for various exec call +but don't run natvie tests on it. + + +Upstream-Status: Inappropriate [OE specific] +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: sssd-2.5.0/src/external/nsupdate.m4 +=================================================================== +--- sssd-2.5.0.orig/src/external/nsupdate.m4 ++++ sssd-2.5.0/src/external/nsupdate.m4 +@@ -3,16 +3,4 @@ AC_MSG_CHECKING(for executable nsupdate) + if test -x "$NSUPDATE"; then + AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate]) + AC_MSG_RESULT(yes) +- +- AC_MSG_CHECKING(for nsupdate 'realm' support') +- if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then +- AC_MSG_RESULT([yes]) +- else +- AC_MSG_RESULT([no]) +- AC_MSG_ERROR([nsupdate does not support 'realm']) +- fi +- +-else +- AC_MSG_RESULT([no]) +- AC_MSG_ERROR([nsupdate is not available]) + fi diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/fix-ldblibdir.patch b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/fix-ldblibdir.patch new file mode 100644 index 0000000000..e350bafcd2 --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/fix-ldblibdir.patch @@ -0,0 +1,25 @@ +When calculate value of ldblibdir, it checks whether the directory of +$ldblibdir exists. If not, it assigns ldblibdir with ${libdir}/ldb. It is not +suitable for cross compile. Fix it that only re-assign ldblibdir when its value +is empty. + +Upstream-Status: Inappropriate [cross compile specific] + +Signed-off-by: Kai Kang <kai.kang@windriver.com> +--- + src/external/libldb.m4 | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/external/libldb.m4 b/src/external/libldb.m4 +index c400add..5e5f06d 100644 +--- a/src/external/libldb.m4 ++++ b/src/external/libldb.m4 +@@ -19,7 +19,7 @@ if test x"$with_ldb_lib_dir" != x; then + ldblibdir=$with_ldb_lib_dir + else + ldblibdir="`$PKG_CONFIG --variable=modulesdir ldb`" +- if ! test -d $ldblibdir; then ++ if test -z $ldblibdir; then + ldblibdir="${libdir}/ldb" + fi + fi diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/fix_gid.patch b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/fix_gid.patch new file mode 100644 index 0000000000..419b83f278 --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/fix_gid.patch @@ -0,0 +1,27 @@ +from ../sssd-2.5.0/src/util/sss_pam_data.c:27: +| ../sssd-2.5.0/src/util/debug.h:88:44: error: unknown type name 'uid_t'; did you mean 'uint_t'? +| 88 | int chown_debug_file(const char *filename, uid_t uid, gid_t gid); +| | ^~~~~ +| | uint_t +| ../sssd-2.5.0/src/util/debug.h:88:55: error: unknown type name 'gid_t' +| 88 | int chown_debug_file(const char *filename, uid_t uid, gid_t gid); +| | ^~~~~ +| make[2]: *** [Makefile:22529: src/util/libsss_iface_la-sss_pam_data.lo] Error 1 +| make[2]: *** Waiting for unfinished jobs.... + +Upstream-Status: Pending +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: sssd-2.7.1/src/util/debug.h +=================================================================== +--- sssd-2.7.1.orig/src/util/debug.h ++++ sssd-2.7.1/src/util/debug.h +@@ -24,6 +24,8 @@ + #include "config.h" + + #include <stdio.h> ++#include <unistd.h> ++#include <sys/types.h> + #include <stdbool.h> + #include <sys/types.h> + diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/musl_fixup.patch b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/musl_fixup.patch new file mode 100644 index 0000000000..68f267c7c7 --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/musl_fixup.patch @@ -0,0 +1,53 @@ +fix musl build failures + +Missing _PATH_HOSTS and some NETDB defines when musl is enabled. + +These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd): + +./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function) +| 1199 | _PATH_HOSTS); +| | ^~~~~~~~~~~ + +and + +i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function) +| 415 | *h_errnop = NETDB_INTERNAL; + + +Upstream-Status: Pending +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: sssd-2.5.1/src/providers/fail_over.c +=================================================================== +--- sssd-2.5.1.orig/src/providers/fail_over.c ++++ sssd-2.5.1/src/providers/fail_over.c +@@ -31,6 +31,10 @@ + #include <talloc.h> + #include <netdb.h> + ++#if !defined(_PATH_HOSTS) ++#define _PATH_HOSTS "/etc/hosts" ++#endif ++ + #include "util/dlinklist.h" + #include "util/refcount.h" + #include "util/util.h" +Index: sssd-2.5.1/src/sss_client/sss_cli.h +=================================================================== +--- sssd-2.5.1.orig/src/sss_client/sss_cli.h ++++ sssd-2.5.1/src/sss_client/sss_cli.h +@@ -44,6 +44,14 @@ typedef int errno_t; + #define EOK 0 + #endif + ++#ifndef NETDB_INTERNAL ++# define NETDB_INTERNAL (-1) ++#endif ++ ++#ifndef NETDB_SUCCESS ++# define NETDB_SUCCESS (0) ++#endif ++ + #define SSS_NSS_PROTOCOL_VERSION 1 + #define SSS_PAM_PROTOCOL_VERSION 3 + #define SSS_SUDO_PROTOCOL_VERSION 1 diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/no_gen.patch b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/no_gen.patch new file mode 100644 index 0000000000..7d8e80b6ef --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/no_gen.patch @@ -0,0 +1,19 @@ +don't run generate-sbus-code + +Upstream-Status: Inappropriate [OE Specific] + +Signed-off-by: Armin Kuster <akuster808@gmail.com> + +Index: sssd-2.7.1/Makefile.am +=================================================================== +--- sssd-2.7.1.orig/Makefile.am ++++ sssd-2.7.1/Makefile.am +@@ -1023,8 +1023,6 @@ generate-sbus-code: + + .PHONY: generate-sbus-code + +-BUILT_SOURCES += generate-sbus-code +- + EXTRA_DIST += \ + sbus_generate.sh.in \ + src/sbus/codegen/dbus.xml \ diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf new file mode 100644 index 0000000000..1e8b537a73 --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/sssd.conf @@ -0,0 +1,15 @@ +[sssd] +services = nss, pam +domains = shadowutils + +[nss] + +[pam] + +[domain/shadowutils] +id_provider = files + +auth_provider = proxy +proxy_pam_target = sssd-shadowutils + +proxy_fast_alias = True diff --git a/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd new file mode 100644 index 0000000000..2a82413f38 --- /dev/null +++ b/meta-security/dynamic-layers/networking-layer/recipes-security/sssd/files/volatiles.99_sssd @@ -0,0 +1 @@ +d root root 0750 /var/log/sssd none |