aboutsummaryrefslogtreecommitdiffstats
path: root/net/nss-pam-ldapd
diff options
context:
space:
mode:
authortimur <timur@FreeBSD.org>2009-08-14 09:46:44 +0800
committertimur <timur@FreeBSD.org>2009-08-14 09:46:44 +0800
commit3a48b6e78e54e229cfa5628a66f9eeddf6f0fade (patch)
tree0681ea04f9fcfc54bf1058f6d7a4110be571815c /net/nss-pam-ldapd
parentd0846dd8e81c033a004ffa853fef17835c516f4a (diff)
downloadfreebsd-ports-gnome-3a48b6e78e54e229cfa5628a66f9eeddf6f0fade.tar.gz
freebsd-ports-gnome-3a48b6e78e54e229cfa5628a66f9eeddf6f0fade.tar.zst
freebsd-ports-gnome-3a48b6e78e54e229cfa5628a66f9eeddf6f0fade.zip
Advanced fork of nss_ldap module with standalone daemon.
PR: 137349 Submitted by: melifaro@ipfw.ru
Diffstat (limited to 'net/nss-pam-ldapd')
-rw-r--r--net/nss-pam-ldapd/Makefile121
-rw-r--r--net/nss-pam-ldapd/distinfo3
-rw-r--r--net/nss-pam-ldapd/files/nslcd.in24
-rw-r--r--net/nss-pam-ldapd/files/nss_compat.diff75
-rw-r--r--net/nss-pam-ldapd/files/patch-nslcd__cfg.c23
-rw-r--r--net/nss-pam-ldapd/files/patch-nslcd__common.c12
-rw-r--r--net/nss-pam-ldapd/files/patch-nslcd__common.h30
-rw-r--r--net/nss-pam-ldapd/files/patch-nslcd__nslcd.c15
-rw-r--r--net/nss-pam-ldapd/files/patch-nslcd__passwd.c61
-rw-r--r--net/nss-pam-ldapd/files/patch-nss__bsdnss.c160
-rw-r--r--net/nss-pam-ldapd/files/patch-nss__exports.freebsd30
-rw-r--r--net/nss-pam-ldapd/files/patch-nss__prototypes.h57
-rw-r--r--net/nss-pam-ldapd/files/patch-nss__shadow.c17
-rw-r--r--net/nss-pam-ldapd/pkg-descr11
-rw-r--r--net/nss-pam-ldapd/pkg-plist3
15 files changed, 642 insertions, 0 deletions
diff --git a/net/nss-pam-ldapd/Makefile b/net/nss-pam-ldapd/Makefile
new file mode 100644
index 000000000000..cf96beabc8a8
--- /dev/null
+++ b/net/nss-pam-ldapd/Makefile
@@ -0,0 +1,121 @@
+# Ports collection Makefile for: nss_ldapd
+# Date created: 23/7/2009
+# Whom: melifaro@ipfw.ru
+#
+# $FreeBSD$
+#
+
+PORTNAME= nss_ldapd
+PORTVERSION= 0.6.11
+CATEGORIES= net
+MASTER_SITES= http://arthurdejong.org/nss-ldapd/
+DISTNAME= nss-ldapd-${PORTVERSION}
+
+MAINTAINER= melifaro@ipfw.ru
+COMMENT= Advanced fork of nss_ldap
+
+GNU_CONFIGURE= yes
+USE_GMAKE= yes
+USE_LDCONFIG= yes
+USE_OPENLDAP= yes
+USE_RC_SUBR= nslcd
+
+NSLCD_PIDFILE?= /var/run/nslcd.pid
+NSLCD_SOCKET?= /var/run/nslcd.ctl
+
+OPTIONS= NSS_COMPAT "Enable nss_ldap compatibility" on \
+ SASL "Enable SASL" off
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 700000
+IGNORE= problems with nss/libc TLS
+.endif
+
+CONFIGURE_ENV= CPPFLAGS="-I${LOCALBASE}/include" \
+ LDFLAGS="-L${LOCALBASE}/lib"
+
+CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE} \
+ --with-nslcd-socket=${NSLCD_SOCKET} \
+ --with-ldap-lib=openldap --disable-kerberos
+
+.if defined(WITHOUT_NSS)
+.undef NSS_COMPAT
+.endif
+
+.if defined(WITH_NSS_COMPAT)
+CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf
+PLIST_SUB+= CONFIG="nss_ldap"
+EXTRA_PATCHES+= ${PATCHDIR}/nss_compat.diff
+.else
+CONFIGURE_ARGS+= --with-ldap-conf-file=${PREFIX}/etc/nss_ldapd.conf
+PLIST_SUB+= CONFIG="nss_ldapd"
+.endif
+
+.if defined(WITH_SASL)
+WANT_OPENLDAP_SASL= yes
+CONFIGURE_ARGS+= --enable-sasl
+.else
+CONFIGURE_ARGS+= --disable-sasl
+.endif
+
+.if defined(WITH_PAM)
+CONFIGURE_ARGS+= --enable-pam
+.else
+CONFIGURE_ARGS+= --disable-pam
+.endif
+
+.if defined(WITHOUT_NSS)
+CONFIGURE_ARGS+= --disable-nss
+PLIST_SUB+= NSS="@comment "
+.else
+CONFIGURE_ARGS+= --enable-nss
+CONFLICTS+= nss_ldap-1.*
+PLIST_SUB+= NSS=""
+.endif
+
+.if defined(WITHOUT_NSLCD)
+CONFIGURE_ARGS+= --disable-nslcd
+PLIST_SUB+= NSLCD="@comment "
+.else
+CONFIGURE_ARGS+= --enable-nslcd
+PLIST_SUB+= NSLCD=""
+MAN8= nslcd.8
+.endif
+
+MAN5= nss-ldapd.conf.5
+
+post-extract:
+ @${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in
+ @${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/;s/exports\.linux/exports.freebsd/' ${WRKSRC}/nss/Makefile.in
+ @${REINPLACE_CMD} -e 's/^NSS_VERS = .*/NSS_VERS = 1/;s/libnss_ldap\.so/nss_ldap.so/' ${WRKSRC}/nss/Makefile.in
+ @${MV} ${WRKSRC}/nss/exports.linux ${WRKSRC}/nss/exports.freebsd
+ @${REINPLACE_CMD} -e 's/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF)/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF).sample/' ${WRKSRC}/Makefile.in
+
+post-install:
+ @${ECHO_MSG}
+ @${ECHO_MSG} =====================================================================
+ @${ECHO_MSG}
+.if defined(WITH_NSS_COMPAT)
+ @${ECHO_MSG} " NSS_LDAP compatibility ENABLED."
+ @${ECHO_MSG}
+ @${ECHO_MSG} " LDAP configuration: ${PREFIX}/etc/nss_ldap.conf"
+ @${ECHO_MSG} " Secret file: ${PREFIX}/etc/nss_ldap.secret"
+ @${ECHO_MSG} " Sample configuration: ${PREFIX}/etc/nss_ldap.conf.sample"
+ @${ECHO_MSG}
+ @${ECHO_MSG} " Check if you need to adjust reconnect_* parameters"
+ @${ECHO_MSG} " WARNING: nss_ldapd will use ONLY rootbinddn to access LDAP data"
+.else
+ @${ECHO_MSG} " LDAP configuration: ${PREFIX}/etc/nss_ldapd.conf"
+ @${ECHO_MSG} " Sample configuration: ${PREFIX}/etc/nss_ldapd.conf.sample"
+ @${ECHO_MSG}
+.endif
+.if !defined(WITHOUT_NSS)
+ @${ECHO_MSG} " WARNING: Be sure to set uid and gid configuration parameters"
+ @${ECHO_MSG} " WARNING: to make nslcd run under unprivileged user"
+.endif
+ @${ECHO_MSG}
+ @${ECHO_MSG} =====================================================================
+ @${ECHO_MSG}
+
+.include <bsd.port.post.mk>
diff --git a/net/nss-pam-ldapd/distinfo b/net/nss-pam-ldapd/distinfo
new file mode 100644
index 000000000000..5c023d153828
--- /dev/null
+++ b/net/nss-pam-ldapd/distinfo
@@ -0,0 +1,3 @@
+MD5 (nss-ldapd-0.6.11.tar.gz) = 8e5087f74a128f2c12f974c176803747
+SHA256 (nss-ldapd-0.6.11.tar.gz) = ac41292c8c7c2a4fb2e77ee9bc165ecefc84e8c33682f8c87ee69381830a8aff
+SIZE (nss-ldapd-0.6.11.tar.gz) = 415271
diff --git a/net/nss-pam-ldapd/files/nslcd.in b/net/nss-pam-ldapd/files/nslcd.in
new file mode 100644
index 000000000000..bf7623d11854
--- /dev/null
+++ b/net/nss-pam-ldapd/files/nslcd.in
@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: nslcd
+# REQUIRE: DAEMON ldconfig resolv
+#
+# Add the following line to /etc/rc.conf to enable the nslcd daemon:
+#
+# nslcd_enable="YES"
+#
+
+nslcd_enable=${nslcd_enable-"NO"}
+
+. %%RC_SUBR%%
+
+name=nslcd
+rcvar=$(set_rcvar)
+
+command="%%PREFIX%%/sbin/%{name}"
+pidfile="/var/run/${name}.pid"
+
+load_rc_config ${name}
+run_rc_command "$1"
diff --git a/net/nss-pam-ldapd/files/nss_compat.diff b/net/nss-pam-ldapd/files/nss_compat.diff
new file mode 100644
index 000000000000..03d527af7de0
--- /dev/null
+++ b/net/nss-pam-ldapd/files/nss_compat.diff
@@ -0,0 +1,75 @@
+--- nslcd/cfg.c.orig 2009-06-19 16:03:14.000000000 +0400
++++ nslcd/cfg.c 2009-08-10 20:41:31.000000000 +0400
+@@ -33,6 +33,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <libgen.h>
+ #include <errno.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+@@ -649,13 +650,31 @@
+ {
+ FILE *fp;
+ int lnr=0;
+- char linebuf[MAX_LINE_LENGTH];
++ char linebuf[MAX_LINE_LENGTH], secret_path[512];
+ char *line;
+ char keyword[32];
+ char token[64];
+ int i;
+ int rc;
+ char *value;
++
++ /* get secret password */
++ snprintf(secret_path, sizeof(secret_path), "%s/nss_ldap.secret", dirname(filename));
++ if ((fp=fopen(secret_path,"r"))==NULL)
++ {
++ log_log(LOG_ERR,"cannot open secret file (%s): %s",secret_path,strerror(errno));
++ /* exit(EXIT_FAILURE); */
++ }
++ else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL)
++ {
++ i=strlen(linebuf);
++ if (i>0)
++ linebuf[i-1]='\0';
++ cfg->ldc_bindpw=strdup(linebuf);
++ }
++ if (fp!=NULL)
++ fclose(fp);
++
+ /* open config file */
+ if ((fp=fopen(filename,"r"))==NULL)
+ {
+@@ -724,13 +743,14 @@
+ get_int(filename,lnr,keyword,&line,&cfg->ldc_version);
+ get_eol(filename,lnr,keyword,&line);
+ }
+- else if (strcasecmp(keyword,"binddn")==0)
++ else if (strcasecmp(keyword,"rootbinddn")==0)
+ {
+ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn);
+ }
+ else if (strcasecmp(keyword,"bindpw")==0)
+ {
+- get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
++ if (cfg->ldc_bindpw == NULL)
++ get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
+ }
+ /* SASL authentication options */
+ else if (strcasecmp(keyword,"sasl_authcid")==0)
+@@ -931,12 +951,14 @@
+ get_int(filename,lnr,keyword,&line,&cfg->ldc_pagesize);
+ get_eol(filename,lnr,keyword,&line);
+ }
++#if 0
+ /* fallthrough */
+ else
+ {
+ log_log(LOG_ERR,"%s:%d: unknown keyword: '%s'",filename,lnr,keyword);
+ exit(EXIT_FAILURE);
+ }
++#endif
+ }
+ /* we're done reading file, close */
+ fclose(fp);
diff --git a/net/nss-pam-ldapd/files/patch-nslcd__cfg.c b/net/nss-pam-ldapd/files/patch-nslcd__cfg.c
new file mode 100644
index 000000000000..17ddb62fc0f0
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd__cfg.c
@@ -0,0 +1,23 @@
+--- ./nslcd/cfg.c.orig 2009-08-02 22:32:27.000000000 +0000
++++ ./nslcd/cfg.c 2009-08-02 22:49:26.000000000 +0000
+@@ -37,14 +37,13 @@
+ #include <errno.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+-#ifdef HAVE_GSSAPI_H
+-#include <gssapi.h>
+-#endif /* HAVE_GSSAPI_H */
+-#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
++#if HAVE_GSSAPI_GSSAPI_H
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_krb5.h>
+-#endif /* HAVE_GSSAPI_GSSAPI_KRB5_H */
+-#include <sys/types.h>
++#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
++#include <gssapi/gssapi_generic.h>
++#elif HAVE_GSSAPI_H
++#include <gssapi.h>
++#endif
+ #include <pwd.h>
+ #include <grp.h>
+
diff --git a/net/nss-pam-ldapd/files/patch-nslcd__common.c b/net/nss-pam-ldapd/files/patch-nslcd__common.c
new file mode 100644
index 000000000000..63bf26253df8
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd__common.c
@@ -0,0 +1,12 @@
+--- ./nslcd/common.c.orig 2009-02-27 17:27:08.000000000 +0000
++++ ./nslcd/common.c 2009-08-02 22:32:27.000000000 +0000
+@@ -27,6 +27,9 @@
+ #include <stdarg.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#ifdef __FreeBSD__
++#include <netinet/in.h>
++#endif
+ #include <arpa/inet.h>
+ #include <strings.h>
+ #include <limits.h>
diff --git a/net/nss-pam-ldapd/files/patch-nslcd__common.h b/net/nss-pam-ldapd/files/patch-nslcd__common.h
new file mode 100644
index 000000000000..e8fb8c95cc51
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd__common.h
@@ -0,0 +1,30 @@
+--- ./nslcd/common.h.orig 2009-06-03 10:31:05.000000000 +0000
++++ ./nslcd/common.h 2009-08-02 22:32:27.000000000 +0000
+@@ -124,9 +124,9 @@
+ int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session);
++int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
++int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
++int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
+ int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session);
+@@ -145,8 +145,12 @@
+ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session);
+
+ /* macro for generating service handling code */
+-#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) \
+- int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \
++#define COMMA ,
++#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) NSLCD_HANDLE_PARAMS(db,fn,,readfn,logcall,action,mkfilter,writefn)
++#define NSLCD_HANDLE_UID(db,fn,readfn,logcall,action,mkfilter,writefn) NSLCD_HANDLE_PARAMS(db,fn,COMMA uid_t calleruid,readfn,logcall,action,mkfilter,writefn)
++
++#define NSLCD_HANDLE_PARAMS(db,fn,params,readfn,logcall,action,mkfilter,writefn) \
++ int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session params ) \
+ { \
+ /* define common variables */ \
+ int32_t tmpint32; \
diff --git a/net/nss-pam-ldapd/files/patch-nslcd__nslcd.c b/net/nss-pam-ldapd/files/patch-nslcd__nslcd.c
new file mode 100644
index 000000000000..fb6128ca2065
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd__nslcd.c
@@ -0,0 +1,15 @@
+--- ./nslcd/nslcd.c.orig 2009-06-12 21:53:18.000000000 +0000
++++ ./nslcd/nslcd.c 2009-08-02 22:32:27.000000000 +0000
+@@ -398,9 +398,9 @@
+ case NSLCD_ACTION_NETWORK_BYNAME: (void)nslcd_network_byname(fp,session); break;
+ case NSLCD_ACTION_NETWORK_BYADDR: (void)nslcd_network_byaddr(fp,session); break;
+ case NSLCD_ACTION_NETWORK_ALL: (void)nslcd_network_all(fp,session); break;
+- case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session); break;
+- case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session); break;
+- case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session); break;
++ case NSLCD_ACTION_PASSWD_BYNAME: (void)nslcd_passwd_byname(fp,session,uid); break;
++ case NSLCD_ACTION_PASSWD_BYUID: (void)nslcd_passwd_byuid(fp,session,uid); break;
++ case NSLCD_ACTION_PASSWD_ALL: (void)nslcd_passwd_all(fp,session,uid); break;
+ case NSLCD_ACTION_PROTOCOL_BYNAME: (void)nslcd_protocol_byname(fp,session); break;
+ case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break;
+ case NSLCD_ACTION_PROTOCOL_ALL: (void)nslcd_protocol_all(fp,session); break;
diff --git a/net/nss-pam-ldapd/files/patch-nslcd__passwd.c b/net/nss-pam-ldapd/files/patch-nslcd__passwd.c
new file mode 100644
index 000000000000..1f4f05fa0fd9
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nslcd__passwd.c
@@ -0,0 +1,61 @@
+--- ./nslcd/passwd.c.orig 2009-06-29 19:04:54.000000000 +0000
++++ ./nslcd/passwd.c 2009-08-02 22:32:27.000000000 +0000
+@@ -292,7 +292,7 @@
+ #define MAXUIDS_PER_ENTRY 5
+
+ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
+- const uid_t *requid)
++ const uid_t *requid,uid_t calleruid)
+ {
+ int32_t tmpint32;
+ const char **tmpvalues;
+@@ -323,7 +323,7 @@
+ else
+ {
+ passwd=get_userpassword(entry,attmap_passwd_userPassword);
+- if (passwd==NULL)
++ if ((passwd==NULL) || (calleruid!=0))
+ passwd=default_passwd_userPassword;
+ }
+ /* get the uids for this entry */
+@@ -451,7 +451,7 @@
+ return 0;
+ }
+
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+ passwd,byname,
+ char name[256];
+ char filter[1024];
+@@ -463,10 +463,10 @@
+ log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name);,
+ NSLCD_ACTION_PASSWD_BYNAME,
+ mkfilter_passwd_byname(name,filter,sizeof(filter)),
+- write_passwd(fp,entry,name,NULL)
++ write_passwd(fp,entry,name,NULL,calleruid)
+ )
+
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+ passwd,byuid,
+ uid_t uid;
+ char filter[1024];
+@@ -474,15 +474,15 @@
+ log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid);,
+ NSLCD_ACTION_PASSWD_BYUID,
+ mkfilter_passwd_byuid(uid,filter,sizeof(filter)),
+- write_passwd(fp,entry,NULL,&uid)
++ write_passwd(fp,entry,NULL,&uid,calleruid)
+ )
+
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+ passwd,all,
+ const char *filter;
+ /* no parameters to read */,
+ log_log(LOG_DEBUG,"nslcd_passwd_all()");,
+ NSLCD_ACTION_PASSWD_ALL,
+ (filter=passwd_filter,0),
+- write_passwd(fp,entry,NULL,NULL)
++ write_passwd(fp,entry,NULL,NULL,calleruid)
+ )
diff --git a/net/nss-pam-ldapd/files/patch-nss__bsdnss.c b/net/nss-pam-ldapd/files/patch-nss__bsdnss.c
new file mode 100644
index 000000000000..059be6179fe1
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nss__bsdnss.c
@@ -0,0 +1,160 @@
+--- ./nss/bsdnss.c.orig 2009-08-10 16:06:22.000000000 +0000
++++ ./nss/bsdnss.c 2009-08-10 15:58:04.000000000 +0000
+@@ -0,0 +1,157 @@
++#include <errno.h>
++#include <sys/param.h>
++#include <netinet/in.h>
++#include <pwd.h>
++#include <grp.h>
++#include <nss.h>
++#include <netdb.h>
++
++#define BUFFER_SIZE 1024
++
++extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t,
++ int *);
++extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *,
++ char *, size_t, int *);
++extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *,
++ size_t, int *);
++extern enum nss_status _nss_ldap_setgrent(void);
++extern enum nss_status _nss_ldap_endgrent(void);
++
++extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t,
++ int *);
++extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *,
++ char *, size_t, int *);
++extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *,
++ size_t, int *);
++extern enum nss_status _nss_ldap_setpwent(void);
++extern enum nss_status _nss_ldap_endpwent(void);
++
++extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result,
++ char *buffer, size_t buflen, int *errnop,
++ int *h_errnop);
++
++extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result,
++ char *buffer, size_t buflen, int *errnop,
++ int *h_errnop);
++extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
++ struct hostent * result, char *buffer,
++ size_t buflen, int *errnop, int *h_errnop);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
++
++static ns_mtab methods[] = {
++{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
++{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++
++{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
++{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
++
++{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
++{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
++{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
++
++{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_ldap_setgrent },
++{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_ldap_endgrent },
++
++{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_ldap_setpwent },
++{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_ldap_endpwent },
++
++};
++
++
++int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
++{
++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++ const char *name;
++ struct hostent *result;
++ char buffer[BUFFER_SIZE];
++ int errnop;
++ int h_errnop;
++ int af;
++ enum nss_status status;
++ fn = mdata;
++ name = va_arg(ap, const char*);
++ af = va_arg(ap,int);
++ result = va_arg(ap,struct hostent *);
++ status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
++{
++ enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++ const char *name;
++ struct hostent *result;
++ char buffer[BUFFER_SIZE];
++ int errnop;
++ int h_errnop;
++ int af;
++ enum nss_status status;
++ fn = mdata;
++ name = va_arg(ap, const char*);
++ af = va_arg(ap,int);
++ result = va_arg(ap,struct hostent *);
++ status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
++{
++ struct in_addr *addr;
++ int len;
++ int type;
++ struct hostent *result;
++ char buffer[BUFFER_SIZE];
++ int errnop;
++ int h_errnop;
++ enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
++ enum nss_status status;
++ fn = mdata;
++ addr = va_arg(ap, struct in_addr*);
++ len = va_arg(ap,int);
++ type = va_arg(ap,int);
++ result = va_arg(ap, struct hostent*);
++ status = fn(addr, len, type, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++ status = __nss_compat_result(status,errnop);
++ h_errno = h_errnop;
++ return (status);
++}
++
++ns_mtab *
++nss_module_register(const char *source, unsigned int *mtabsize,
++ nss_module_unregister_fn *unreg)
++{
++ *mtabsize = sizeof(methods)/sizeof(methods[0]);
++ *unreg = NULL;
++ return (methods);
++}
diff --git a/net/nss-pam-ldapd/files/patch-nss__exports.freebsd b/net/nss-pam-ldapd/files/patch-nss__exports.freebsd
new file mode 100644
index 000000000000..4691824f10df
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nss__exports.freebsd
@@ -0,0 +1,30 @@
+--- ./nss/exports.freebsd.orig 2007-12-31 16:49:01.000000000 +0000
++++ ./nss/exports.freebsd 2009-08-02 22:32:27.000000000 +0000
+@@ -78,6 +78,27 @@
+ _nss_ldap_getspent_r;
+ _nss_ldap_endspent;
+
++ # compat 4 bsd
++ __nss_compat_getgrnam_r;
++ __nss_compat_getgrgid_r;
++ __nss_compat_getgrent_r;
++ __nss_compat_setgrent;
++ __nss_compat_endgrent;
++
++ __nss_compat_getpwnam_r;
++ __nss_compat_getpwuid_r;
++ __nss_compat_getpwent_r;
++ __nss_compat_setpwent;
++ __nss_compat_endpwent;
++
++ __nss_compat_gethostbyname;
++ __nss_compat_gethostbyname2;
++ __nss_compat_gethostbyaddr;
++
++ # module init
++ nss_module_register;
++
++
+ # everything else should not be exported
+ local:
+ *;
diff --git a/net/nss-pam-ldapd/files/patch-nss__prototypes.h b/net/nss-pam-ldapd/files/patch-nss__prototypes.h
new file mode 100644
index 000000000000..5f17cb2ef350
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nss__prototypes.h
@@ -0,0 +1,57 @@
+--- ./nss/prototypes.h.orig 2008-05-02 21:00:10.000000000 +0000
++++ ./nss/prototypes.h 2009-08-02 22:32:27.000000000 +0000
+@@ -24,13 +24,40 @@
+ #define _NSS_EXPORTS_H 1
+
+ #include <nss.h>
+-#include <aliases.h>
++#ifndef __FreeBSD__
+ #include <netinet/ether.h>
++#else
++#include <net/ethernet.h>
++#include <sys/socket.h>
++#endif
+ #include <sys/types.h>
+ #include <grp.h>
+ #include <netdb.h>
+ #include <pwd.h>
++#ifdef HAVE_SHADOW_H
+ #include <shadow.h>
++#endif
++
++#ifdef __FreeBSD__
++/*
++ * Import from aliases.h
++ */
++struct aliasent
++ {
++ char *alias_name;
++ size_t alias_members_len;
++ char **alias_members;
++ int alias_local;
++ };
++
++struct rpcent
++{
++ char *r_name; /* Name of server for this rpc program. */
++ char **r_aliases; /* Alias list. */
++ int r_number; /* RPC program number. */
++};
++
++#endif
+
+ /* We define struct etherent here because it does not seem to
+ be defined in any publicly available header file exposed
+@@ -160,10 +187,12 @@
+ enum nss_status _nss_ldap_getservent_r(struct servent *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_endservent(void);
+
++#ifdef HAVE_SHADOW_H
+ /* shadow - extended user information */
+ enum nss_status _nss_ldap_getspnam_r(const char *name,struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_setspent(int stayopen);
+ enum nss_status _nss_ldap_getspent_r(struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_endspent(void);
++#endif
+
+ #endif /* not NSS_EXPORTS */
diff --git a/net/nss-pam-ldapd/files/patch-nss__shadow.c b/net/nss-pam-ldapd/files/patch-nss__shadow.c
new file mode 100644
index 000000000000..9212ca6d4518
--- /dev/null
+++ b/net/nss-pam-ldapd/files/patch-nss__shadow.c
@@ -0,0 +1,17 @@
+--- ./nss/shadow.c.orig 2009-05-29 21:23:03.000000000 +0000
++++ ./nss/shadow.c 2009-08-02 22:32:27.000000000 +0000
+@@ -22,6 +22,7 @@
+
+ #include "config.h"
+
++#ifdef HAVE_SHADOW_H
+ #include <string.h>
+ #include <nss.h>
+ #include <errno.h>
+@@ -73,3 +74,6 @@
+ {
+ NSS_ENDENT(spentfp);
+ }
++
++#endif
++
diff --git a/net/nss-pam-ldapd/pkg-descr b/net/nss-pam-ldapd/pkg-descr
new file mode 100644
index 000000000000..7534ff69d43c
--- /dev/null
+++ b/net/nss-pam-ldapd/pkg-descr
@@ -0,0 +1,11 @@
+nss_ldapd is a NSS module which provides an LDAP backend for C library
+functions such as getpwnam(3), getgrnam(3), and gethostbyname(3). It
+is compliant with RFC 2307, ``An Approach for Using LDAP as a Network
+Information Service''.
+
+Key differences from nss_ldap:
+* lighter nss library (no ldap* dependings)
+* server-side connection caching
+
+
+WWW: http://arthurdejong.org/nss-ldapd/
diff --git a/net/nss-pam-ldapd/pkg-plist b/net/nss-pam-ldapd/pkg-plist
new file mode 100644
index 000000000000..79cc79128932
--- /dev/null
+++ b/net/nss-pam-ldapd/pkg-plist
@@ -0,0 +1,3 @@
+etc/%%CONFIG%%.conf.sample
+%%NSS%%lib/nss_ldap.so.1
+%%NSLCD%%sbin/nslcd