net/nss-pam-ldapd: Add LCLASS Support

PR: 220379 Submitted by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
2024-12-29 05:38:00 +00:00 · 2023-08-27 09:53:30 -04:00 · 2023-08-27 09:53:30 -04:00 · a01debe78c
commit a01debe78c
parent 51b6c68f5d
5 changed files with 89 additions and 1 deletions
--- a/net/nss-pam-ldapd/Makefile
+++ b/net/nss-pam-ldapd/Makefile
@ -13,6 +13,7 @@ LICENSE=		LGPL21 LGPL3
 LICENSE_COMB=		dual

 USES=			cpe ldap
+
 CPE_VENDOR=		arthurdejong
 GNU_CONFIGURE=		yes
 USE_RC_SUBR=		nslcd
@ -24,9 +25,12 @@ NSLCD_PIDFILE?=		/var/run/nslcd.pid
 NSLCD_VARDIR?=		/var/run/nslcd
 NSLCD_SOCKET?=		${NSLCD_VARDIR}/nslcd.ctl

-OPTIONS_DEFINE=		KERBEROS
+OPTIONS_DEFINE=		KERBEROS LCLASS
 OPTIONS_DEFAULT=	KERBEROS

+LCLASS_EXTRA_PATCHES=	${PATCHDIR}/lclass-patches
+LCLASS_DESC=		Build with loginClass support
+
 .if defined(SLAVE_PORT)
 OPTIONS_DEFINE+=	SASL
 OPTIONS_MULTI=		MG1
--- a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.c
@ -0,0 +1,18 @@
+--- nslcd/attmap.c.orig	2019-11-02 16:23:45.000000000 +0100
+++ nslcd/attmap.c	2023-05-29 19:22:02.233300000 +0200
+@@ -176,6 +176,7 @@
+     if (strcasecmp(name, "gecos") == 0)             return &attmap_passwd_gecos;
+     if (strcasecmp(name, "homeDirectory") == 0)     return &attmap_passwd_homeDirectory;
+     if (strcasecmp(name, "loginShell") == 0)        return &attmap_passwd_loginShell;
+    if (strcasecmp(name, "loginClass") ==0)         return &attmap_passwd_loginClass;
+   }
+   else if (map == LM_PROTOCOLS)
+   {
+@@ -230,6 +231,7 @@
+         (var != &attmap_shadow_shadowWarning) &&
+         (var != &attmap_shadow_shadowInactive) &&
+         (var != &attmap_shadow_shadowExpire) &&
+	 (var != &attmap_passwd_loginClass) &&
+         (var != &attmap_shadow_shadowFlag))
+       return NULL;
+     /* the member attribute may only be set to an empty string */
--- a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__attmap.h
@ -0,0 +1,10 @@
+--- nslcd/attmap.h.orig	2021-11-15 20:40:49.000000000 +0100
+++ nslcd/attmap.h	2023-05-29 19:22:02.233912000 +0200
+@@ -67,6 +67,7 @@
+ extern const char *attmap_shadow_shadowInactive;
+ extern const char *attmap_shadow_shadowExpire;
+ extern const char *attmap_shadow_shadowFlag;
+extern const char *attmap_passwd_loginClass;
+ 
+ /* return a reference to the map specific base variable */
+ const char **base_get_var(enum ldap_map_selector map);
--- a/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nslcd__passwd.c
@ -0,0 +1,43 @@
+--- nslcd/passwd.c.orig	2021-11-15 20:40:49.000000000 +0100
+++ nslcd/passwd.c	2023-05-29 19:22:02.234797000 +0200
+@@ -63,6 +63,7 @@
+ const char *attmap_passwd_gecos         = "\"${gecos:-$cn}\"";
+ const char *attmap_passwd_homeDirectory = "homeDirectory";
+ const char *attmap_passwd_loginShell    = "loginShell";
+const char *attmap_passwd_loginClass    = "loginClass";
+ 
+ /* special properties for objectSid-based searches
+    (these are already LDAP-escaped strings) */
+@@ -150,6 +151,7 @@
+   attmap_add_attributes(set, attmap_passwd_gecos);
+   attmap_add_attributes(set, attmap_passwd_homeDirectory);
+   attmap_add_attributes(set, attmap_passwd_loginShell);
+  attmap_add_attributes(set, attmap_passwd_loginClass);
+   passwd_attrs = set_tolist(set);
+   if (passwd_attrs == NULL)
+   {
+@@ -428,6 +430,7 @@
+   char gecos[1024];
+   char homedir[256];
+   char shell[64];
+  char lclass[256];
+   char passbuffer[BUFLEN_PASSWORDHASH];
+   int i, j;
+   /* get the usernames for this entry */
+@@ -541,6 +544,8 @@
+             myldap_get_dn(entry), attmap_passwd_homeDirectory);
+   /* get the shell for this entry */
+   attmap_get_value(entry, attmap_passwd_loginShell, shell, sizeof(shell));
+  /* get the login class for this entry */
+  attmap_get_value(entry, attmap_passwd_loginClass, lclass, sizeof(lclass));
+   /* write the entries */
+   for (i = 0; usernames[i] != NULL; i++)
+   {
+@@ -565,6 +570,7 @@
+             WRITE_STRING(fp, gecos);
+             WRITE_STRING(fp, homedir);
+             WRITE_STRING(fp, shell);
+            WRITE_STRING(fp, lclass);
+           }
+         }
+       }
--- a/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c
+++ b/net/nss-pam-ldapd/files/lclass-patches/patch-nss__passwd.c
@ -0,0 +1,13 @@
+--- nss/passwd.c.orig	2019-11-02 16:23:46.000000000 +0100
+++ nss/passwd.c	2023-05-29 19:22:02.235416000 +0200
+@@ -45,8 +45,8 @@
+   READ_BUF_STRING(fp, result->pw_dir);
+   READ_BUF_STRING(fp, result->pw_shell);
+ #ifdef HAVE_STRUCT_PASSWD_PW_CLASS
+-  /* set the user access class to an empty string */
+-  result->pw_class = result->pw_name + strlen(result->pw_name);
+  /* set the user access class to an empty string only if empty */
+  READ_BUF_STRING(fp, result->pw_class);
+ #endif /* HAVE_STRUCT_PASSWD_PW_CLASS */
+   return NSS_STATUS_SUCCESS;
+ }