Pull in changes from PR pkg/49804, from Edgar Fuß.

- nss module + shim for NetBSD
- PAM module, installed on demand
- options

nss-pam-ldapd/DEINSTALL.nss

@@ -0,0 +1,6 @@
+# $NetBSD: DEINSTALL.nss $
+
+case ${STAGE} in
+	POST-DEINSTALL)
+		${RM} -f /usr/lib/nss_ldap.so.0 ;;
+esac

nss-pam-ldapd/INSTALL.nss

@@ -0,0 +1,6 @@
+# $NetBSD: INSTALL.nss $
+
+case ${STAGE} in
+	POST-INSTALL)
+		${LN} -sf ${PREFIX}/lib/nss_ldap.so.0 /usr/lib ;;
+esac

nss-pam-ldapd/Makefile

@@ -9,20 +9,103 @@ HOMEPAGE=	http://arthurdejong.org/nss-pam-ldapd/
 COMMENT=	LDAP client for nsswitch
 LICENSE=	gnu-lgpl-v2
 
-PKG_USERS=		nslcd:nslcd
-PKG_GROUPS=		nslcd
+NSLCD_USER?=		nslcd
+NSLCD_GROUP?=		nslcd
 
-USE_TOOLS+=		autoconf 
+PKG_USERS=		${NSLCD_USER}:${NSLCD_GROUP}
+PKG_GROUPS=		${NSLCD_GROUP}
+PKG_USERS_VARS+=	NSLCD_USER
+PKG_GROUPS_VARS+=	NSLCD_GROUP
+
+.include "../../mk/bsd.prefs.mk"
+.include "options.mk"
+
+USE_TOOLS+=		autoconf
 GNU_CONFIGURE=		yes
 CONFIGURE_ARGS+=	--sysconfdir=${PKG_SYSCONFDIR}
 CONFIGURE_ARGS+=	--with-ldap-conf-file=${EGDIR}/nslcd.conf
+CONFIGURE_ARGS+=	--with-nslcd-pidfile=${NSLCD_PIDFILE}
+CONFIGURE_ARGS+=	--with-nslcd-socket=${NSLCD_SOCKET}
+CONFIGURE_ARGS+=	--with-ldap-lib=openldap
+CONFIGURE_ARGS+=	--with-nss-ldap-soname=${NSS_LDAP_SONAME}
+CONFIGURE_ARGS+=	--with-pam-seclib-dir=${PREFIX}/lib/security
+.if ${OPSYS} == "NetBSD" || ${OPSYS} == "DragonFly"
+CONFIGURE_ARGS+=	--with-nss-flavour=freebsd
+.endif
+
+
+FILES_SUBST+=		PIDFILE=${NSLCD_PIDFILE}
+
+RCD_SCRIPTS+=		nslcd
 
 EGDIR=			${PREFIX}/share/examples/${PKGBASE}
-CONF_FILES=		${EGDIR}/nslcd.conf
-CONF_FILES+=		${PKG_SYSCONFDIR}/nslcd.conf
+VARDIR=			${VARBASE}/run/nslcd
+CONF_FILES=		${EGDIR}/nslcd.conf ${PKG_SYSCONFDIR}/nslcd.conf
+
+NSLCD_PIDFILE?=		${VARDIR}/nslcd.pid
+NSLCD_SOCKET?=		${VARDIR}/socket
+BUILD_DEFS+=		VARBASE NSLCD_PIDFILE NSLCD_SOCKET
+
+INSTALL_MAKE_FLAGS+=	NSLCD_CONF_PATH=${EGDIR}/nslcd.conf
+
+# Install FreeBSD's nss_compat.c and later patch it
+pre-patch:
+	${CP} ${FILESDIR}/nss_compat.c ${WRKSRC}/compat
 
 pre-configure:
-		cd ${WRKSRC} && autoconf
+	cd ${WRKSRC} && autoconf
+
+post-install:
+	${CHMOD} 0644 ${DESTDIR}${EGDIR}/nslcd.conf
+
+.if ${OPSYS} == "NetBSD"
+# Otherwise PAM_EXTERN ends up "static" and -O2 optimizes everything away
+CFLAGS+=		-DNO_STATIC_MODULES
+
+INSTALL_TEMPLATES=	INSTALL.nss
+DEINSTALL_TEMPLATES=	DEINSTALL.nss
+.endif
+
+# NSS_LDAP_SONAME is used by both the NSS client and the server(!)
+.if ${OPSYS} == "NetBSD"
+NSS_LDAP_SONAME=	nss_ldap.so.0
+.elif ${OPSYS} == "FreeBSD" || ${OPSYS} == "DragonFly" || ${OPSYS} == "SunOS"
+NSS_LDAP_SONAME=	nss_ldap.so.1
+.else
+NSS_LDAP_SONAME=	libnss_ldap.so.2
+.endif
+
+PLIST_SUBST+=		NSS_LDAP_SONAME=${NSS_LDAP_SONAME:Q}
+
+# PAM_LDAP_SONAME is used only by the PAM client, but define it here for consistency
+.if ${OPSYS} == "SunOS"
+PAM_LDAP_SONAME=	pam_ldap.so.1
+.else
+PAM_LDAP_SONAME=	pam_ldap.so
+.endif
+
+PLIST_SUBST+=		PAM_LDAP_SONAME=${PAM_LDAP_SONAME:Q}
+
+SUBST_CLASSES+=		fix-paths
+SUBST_STAGE.fix-paths=	pre-configure
+SUBST_MESSAGE.fix-paths=Fixing config file path
+SUBST_FILES.fix-paths=	man/*.[0-9] man/*.[0-9].xml
+SUBST_SED.fix-paths=	-e 's|/etc/nslcd.conf|${PKG_SYSCONFDIR}/nslcd.conf|g'
+
+# Thread Local Storage seems not to work on NetBSD-4
+.if !empty(MACHINE_PLATFORM:MNetBSD-[0-4].*-*)
+SUBST_CLASSES+=		disable-tls
+SUBST_STAGE.disable-tls=post-configure
+SUBST_MESSAGE.disable-tls=disabling TLS
+SUBST_FILES.disable-tls=config.h
+SUBST_SED.disable-tls=	-e 's|/\* \#undef __thread \*/|\#define __thread /\*\*/|'
+.endif
+
+SUBST_CLASSES+=		usergroup
+SUBST_STAGE.usergroup=	post-patch
+SUBST_FILES.usergroup=	nslcd.conf
+SUBST_SED.usergroup=	-e 's/^uid nslcd/uid ${NSLCD_USER}/'
+SUBST_SED.usergroup+=	-e 's/^gid nslcd/gid ${NSLCD_GROUP}/'
 
 .include "../../databases/openldap-client/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

nss-pam-ldapd/PLIST

@@ -1,7 +1,9 @@
 @comment $NetBSD: PLIST,v 1.2 2012/12/13 18:20:29 ftigeot Exp $
-lib/nss_ldap.so.1
+lib/${NSS_LDAP_SONAME}
+lib/security/${PAM_LDAP_SONAME}
 man/man5/nslcd.conf.5
 man/man8/nslcd.8
 man/man8/pam_ldap.8
 sbin/nslcd
 share/examples/nss-pam-ldapd/nslcd.conf
+share/examples/rc.d/nslcd

nss-pam-ldapd/distinfo

@@ -3,4 +3,9 @@ $NetBSD: distinfo,v 1.1 2012/12/11 20:21:43 ftigeot Exp $
 SHA1 (nss-pam-ldapd-0.8.13.tar.gz) = 0567cfea104defabeacd88a3a3200b311b8071ec
 RMD160 (nss-pam-ldapd-0.8.13.tar.gz) = 74d2f7aad5961a6657119aaf7b12d87e28949bb0
 Size (nss-pam-ldapd-0.8.13.tar.gz) = 487295 bytes
+SHA1 (patch-compat_getpeercred.c) = b0469e0698e4cdd4cd82df5d215ffbaa2f8e614a
+SHA1 (patch-compat_nss_compat.c) = 22857c0a0d7f6ae068982373f34448330e1b5840
+SHA1 (patch-compat_nss_compat.h) = f31b2b1c43a9ccc6617fd283d62db7a0abd889c6
 SHA1 (patch-configure.ac) = 51db0b8f0670f103265df0988832caac5a034d60
+SHA1 (patch-nss_bsdnss.c) = 0a05447f224ed8cea64a09b24fc1d13acf345195
+SHA1 (patch-pynslcd_Makefile.in) = 36a3a45e78115436aa7305e46b1368f9e5762d7d

nss-pam-ldapd/files/nslcd.sh

@@ -0,0 +1,17 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: nslcd.sh Exp $
+# PROVIDE: nslcd
+# REQUIRE: DAEMON
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="nslcd"
+rcvar="${name}"
+command="@PREFIX@/sbin/${name}"
+required_files="@PKG_SYSCONFDIR@/${name}.conf"
+extra_commands="reload"
+pidfile="@PIDFILE@"
+
+load_rc_config "$name"
+run_rc_command "$1"

nss-pam-ldapd/files/nss_compat.c

@@ -0,0 +1,278 @@
+/*-
+ * Copyright (c) 2003 Networks Associates Technology, Inc.
+ * All rights reserved.
+ *
+ * This software was developed for the FreeBSD Project by
+ * Jacques A. Vidrine, Safeport Network Services, and Network
+ * Associates Laboratories, the Security Research Division of Network
+ * Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+ * ("CBOSS"), as part of the DARPA CHATS research program.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * Compatibility shims for the GNU C Library-style nsswitch interface.
+ */
+#include <sys/cdefs.h>
+__FBSDID("$FreeBSD$");
+
+#include "namespace.h"
+#include <sys/param.h>
+#include <errno.h>
+#include <nss.h>
+#include <pthread.h>
+#include <pthread_np.h>
+#include "un-namespace.h"
+#include "libc_private.h"
+
+
+struct group;
+struct passwd;
+
+static int	terminator;
+
+#define DECLARE_TERMINATOR(x)					\
+static pthread_key_t	 _term_key_##x;				\
+static void							\
+_term_create_##x(void)						\
+{								\
+	(void)_pthread_key_create(&_term_key_##x, NULL);	\
+}								\
+static void		*_term_main_##x;			\
+static pthread_once_t	 _term_once_##x = PTHREAD_ONCE_INIT
+
+#define SET_TERMINATOR(x, y)						\
+do {									\
+	if (!__isthreaded || _pthread_main_np())			\
+		_term_main_##x = (y);					\
+	else {								\
+		(void)_pthread_once(&_term_once_##x, _term_create_##x);	\
+		(void)_pthread_setspecific(_term_key_##x, y);		\
+	}								\
+} while (0)
+
+#define CHECK_TERMINATOR(x)					\
+(!__isthreaded || _pthread_main_np() ?				\
+    (_term_main_##x) :						\
+    ((void)_pthread_once(&_term_once_##x, _term_create_##x),	\
+    _pthread_getspecific(_term_key_##x)))
+
+
+
+DECLARE_TERMINATOR(group);
+
+
+int
+__nss_compat_getgrnam_r(void *retval, void *mdata, va_list ap)
+{
+	int (*fn)(const char *, struct group *, char *, size_t, int *);
+	const char	*name;
+	struct group	*grp;
+	char		*buffer;
+	int		*errnop;
+	size_t		 bufsize;
+	enum nss_status	 status;
+
+	fn = mdata;
+	name = va_arg(ap, const char *);
+	grp = va_arg(ap, struct group *);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errnop = va_arg(ap, int *);
+	status = fn(name, grp, buffer, bufsize, errnop);
+	status = __nss_compat_result(status, *errnop);
+	if (status == NS_SUCCESS)
+		*(struct group **)retval = grp;
+	return (status);
+}
+
+
+int
+__nss_compat_getgrgid_r(void *retval, void *mdata, va_list ap)
+{
+	int (*fn)(gid_t, struct group *, char *, size_t, int *);
+	gid_t		 gid;
+	struct group	*grp;
+	char		*buffer;
+	int		*errnop;
+	size_t		 bufsize;
+	enum nss_status	 status;
+	
+	fn = mdata;
+	gid = va_arg(ap, gid_t);
+	grp = va_arg(ap, struct group *);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errnop = va_arg(ap, int *);
+	status = fn(gid, grp, buffer, bufsize, errnop);
+	status = __nss_compat_result(status, *errnop);
+	if (status == NS_SUCCESS)
+		*(struct group **)retval = grp;
+	return (status);
+}
+
+
+int
+__nss_compat_getgrent_r(void *retval, void *mdata, va_list ap)
+{
+	int (*fn)(struct group *, char *, size_t, int *);
+	struct group	*grp;
+	char		*buffer;
+	int		*errnop;
+	size_t		 bufsize;
+	enum nss_status	 status;
+
+	if (CHECK_TERMINATOR(group))
+		return (NS_NOTFOUND);
+	fn = mdata;
+	grp = va_arg(ap, struct group *);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errnop = va_arg(ap, int *);
+	status = fn(grp, buffer, bufsize, errnop);
+	status = __nss_compat_result(status, *errnop);
+	if (status == NS_SUCCESS)
+		*(struct group **)retval = grp;
+	else if (status != NS_RETURN)
+		SET_TERMINATOR(group, &terminator);
+	return (status);
+}
+
+
+int
+__nss_compat_setgrent(void *retval, void *mdata, va_list ap)
+{
+
+	SET_TERMINATOR(group, NULL);
+	((int (*)(void))mdata)();
+	return (NS_UNAVAIL);
+}
+
+
+int
+__nss_compat_endgrent(void *retval, void *mdata, va_list ap)
+{
+
+	SET_TERMINATOR(group, NULL);
+	((int (*)(void))mdata)();
+	return (NS_UNAVAIL);
+}
+
+
+
+DECLARE_TERMINATOR(passwd);
+
+
+int
+__nss_compat_getpwnam_r(void *retval, void *mdata, va_list ap)
+{
+	int (*fn)(const char *, struct passwd *, char *, size_t, int *);
+	const char	*name;
+	struct passwd	*pwd;
+	char		*buffer;
+	int		*errnop;
+	size_t		 bufsize;
+	enum nss_status	 status;
+
+	fn = mdata;
+	name = va_arg(ap, const char *);
+	pwd = va_arg(ap, struct passwd *);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errnop = va_arg(ap, int *);
+	status = fn(name, pwd, buffer, bufsize, errnop);
+	status = __nss_compat_result(status, *errnop);
+	if (status == NS_SUCCESS)
+		*(struct passwd **)retval = pwd;
+	return (status);
+}
+
+
+int
+__nss_compat_getpwuid_r(void *retval, void *mdata, va_list ap)
+{
+	int (*fn)(uid_t, struct passwd *, char *, size_t, int *);
+	uid_t		 uid;
+	struct passwd	*pwd;
+	char		*buffer;
+	int		*errnop;
+	size_t		 bufsize;
+	enum nss_status	 status;
+	
+	fn = mdata;
+	uid = va_arg(ap, uid_t);
+	pwd = va_arg(ap, struct passwd *);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errnop = va_arg(ap, int *);
+	status = fn(uid, pwd, buffer, bufsize, errnop);
+	status = __nss_compat_result(status, *errnop);
+	if (status == NS_SUCCESS)
+		*(struct passwd **)retval = pwd;
+	return (status);
+}
+
+
+int
+__nss_compat_getpwent_r(void *retval, void *mdata, va_list ap)
+{
+	int (*fn)(struct passwd *, char *, size_t, int *);
+	struct passwd	*pwd;
+	char		*buffer;
+	int		*errnop;
+	size_t		 bufsize;
+	enum nss_status	 status;
+
+	if (CHECK_TERMINATOR(passwd))
+		return (NS_NOTFOUND);
+	fn = mdata;
+	pwd = va_arg(ap, struct passwd *);
+	buffer = va_arg(ap, char *);
+	bufsize = va_arg(ap, size_t);
+	errnop = va_arg(ap, int *);
+	status = fn(pwd, buffer, bufsize, errnop);
+	status = __nss_compat_result(status, *errnop);
+	if (status == NS_SUCCESS)
+		*(struct passwd **)retval = pwd;
+	else if (status != NS_RETURN)
+		SET_TERMINATOR(passwd, &terminator);
+	return (status);
+}
+
+
+int
+__nss_compat_setpwent(void *retval, void *mdata, va_list ap)
+{
+
+	SET_TERMINATOR(passwd, NULL);
+	((int (*)(void))mdata)();
+	return (NS_UNAVAIL);
+}
+
+
+int
+__nss_compat_endpwent(void *retval, void *mdata, va_list ap)
+{
+
+	SET_TERMINATOR(passwd, NULL);
+	((int (*)(void))mdata)();
+	return (NS_UNAVAIL);
+}

nss-pam-ldapd/files/pynslcd.sh

@@ -0,0 +1,18 @@
+#!@RCD_SCRIPTS_SHELL@
+#
+# $NetBSD: nslcd.sh Exp $
+# PROVIDE: nslcd
+# REQUIRE: DAEMON
+
+$_rc_subr_loaded . /etc/rc.subr
+
+name="pynslcd"
+rcvar="${name}"
+command="@PREFIX@/sbin/${name}"
+command_interpreter="@PYTHONBIN@"
+required_files="@PKG_SYSCONFDIR@/nslcd.conf"
+extra_commands="reload"
+pidfile="@PIDFILE@"
+
+load_rc_config "$name"
+run_rc_command "$1"

nss-pam-ldapd/options.mk

@@ -0,0 +1,19 @@
+# $NetBSD: options.mk $
+
+PKG_OPTIONS_VAR=	PKG_OPTIONS.nss-pam-ldapd
+PKG_SUPPORTED_OPTIONS=	kerberos sasl
+PKG_SUGGESTED_OPTIONS=	# empty
+
+.include "../../mk/bsd.options.mk"
+
+.if !empty(PKG_OPTIONS:Mkerberos)
+.include "../../mk/krb5.buildlink3.mk"
+.else
+CONFIGURE_ARGS+=	--disable-kerberos
+.endif
+
+.if !empty(PKG_OPTIONS:Msasl)
+.include "../../security/cyrus-sasl/buildlink3.mk"
+.else
+CONFIGURE_ARGS+=	--disable-sasl
+.endif

nss-pam-ldapd/patches/patch-compat_getpeercred.c

@@ -0,0 +1,39 @@
+$NetBSD$
+
+Support getsockopt(LOCAL_PEEREID) call.
+The emulation using getpeereid() is completely broken.
+
+--- compat/getpeercred.c.orig	2011-10-12 22:55:25.000000000 +0200
++++ compat/getpeercred.c	2013-12-06 12:02:46.000000000 +0100
+@@ -75,6 +75,17 @@
+   if (gid!=NULL) *gid=cred.cr_gid;
+   if (pid!=NULL) *pid=(pid_t)-1;
+   return 0;
++#elif defined(LOCAL_PEEREID)
++  socklen_t l;
++  struct unpcbid pcbid;
++  l=(socklen_t)sizeof(struct unpcbid);
++  if (getsockopt(sock,0,LOCAL_PEEREID,&pcbid,&l) < 0)
++    return -1; /* errno already set */
++  /* return the data */
++  if (uid!=NULL) *uid=pcbid.unp_euid;
++  if (gid!=NULL) *gid=pcbid.unp_egid;
++  if (pid!=NULL) *pid=pcbid.unp_pid;
++  return 0;
+ #elif defined(HAVE_GETPEERUCRED)
+   ucred_t *cred=NULL;
+   if (getpeerucred(sock,&cred))
+@@ -90,12 +101,10 @@
+   uid_t tuid;
+   gid_t tgid;
+   if (uid==NULL) uid=&tuid;
+-  if (gid==NULL) gid=&tguid;
++  if (gid==NULL) gid=&tgid;
+   if (getpeereid(sock,uid,gid))
+     return -1;
+   /* return the data */
+-  if (uid!=NULL) *uid=cred.uid;
+-  if (gid!=NULL) *gid=cred.gid;
+   if (pid!=NULL) *pid=-1; /* we return a -1 pid because we have no usable pid */
+   return 0;
+ #else

nss-pam-ldapd/patches/patch-compat_nss_compat.c

@@ -0,0 +1,477 @@
+$NetBSD$
+
+Adjust FreeBSD's nss_compat.c to NetBSD.
+
+--- compat/nss_compat.c.orig	2013-12-03 17:20:30.000000000 +0100
++++ compat/nss_compat.c	2013-12-03 18:06:25.000000000 +0100
+@@ -30,19 +30,21 @@
+  * SUCH DAMAGE.
+  *
+  * Compatibility shims for the GNU C Library-style nsswitch interface.
++ *
++ * Ported to NetBSD by Edgar Fuß, Mathematisches Institut der Uni Bonn,
++ * <ef@math.uni-bonn.de>.
+  */
+ #include <sys/cdefs.h>
+-__FBSDID("$FreeBSD$");
+ 
+-#include "namespace.h"
+ #include <sys/param.h>
+ #include <errno.h>
+-#include <nss.h>
+ #include <pthread.h>
+-#include <pthread_np.h>
+-#include "un-namespace.h"
+-#include "libc_private.h"
+ 
++#include <stdarg.h>
++#include <lwp.h>
++extern int __isthreaded;
++#define pthread_main_np() (_lwp_self() == 1)
++#include <compat/nss_compat.h>
+ 
+ struct group;
+ struct passwd;
+@@ -54,26 +56,26 @@
+ static void							\
+ _term_create_##x(void)						\
+ {								\
+-	(void)_pthread_key_create(&_term_key_##x, NULL);	\
++	(void)pthread_key_create(&_term_key_##x, NULL);	\
+ }								\
+ static void		*_term_main_##x;			\
+ static pthread_once_t	 _term_once_##x = PTHREAD_ONCE_INIT
+ 
+ #define SET_TERMINATOR(x, y)						\
+ do {									\
+-	if (!__isthreaded || _pthread_main_np())			\
++	if (!__isthreaded || pthread_main_np())			\
+ 		_term_main_##x = (y);					\
+ 	else {								\
+-		(void)_pthread_once(&_term_once_##x, _term_create_##x);	\
+-		(void)_pthread_setspecific(_term_key_##x, y);		\
++		(void)pthread_once(&_term_once_##x, _term_create_##x);	\
++		(void)pthread_setspecific(_term_key_##x, y);		\
+ 	}								\
+ } while (0)
+ 
+ #define CHECK_TERMINATOR(x)					\
+-(!__isthreaded || _pthread_main_np() ?				\
++(!__isthreaded || pthread_main_np() ?				\
+     (_term_main_##x) :						\
+-    ((void)_pthread_once(&_term_once_##x, _term_create_##x),	\
+-    _pthread_getspecific(_term_key_##x)))
++    ((void)pthread_once(&_term_once_##x, _term_create_##x),	\
++    pthread_getspecific(_term_key_##x)))
+ 
+ 
+ 
+@@ -81,98 +83,177 @@
+ 
+ 
+ int
+-__nss_compat_getgrnam_r(void *retval, void *mdata, va_list ap)
++__nss_compat_getgrnam(void *cbrv, void *cbdata, va_list ap)
++{
++	int (*fn)(const char *, struct group *, char *, size_t, int *);
++	struct group   **retval;
++	const char	*name;
++	int		 errno;
++	enum nss_status	 status;
++	static struct group grp;
++	static char buffer[BUFFER_SIZE];
++
++	fn = cbdata;
++	retval = va_arg(ap, struct group **);
++	name = va_arg(ap, const char *);
++	status = fn(name, &grp, buffer, sizeof buffer, &errno);
++	status = __nss_compat_result(status, errno);
++	if (status == NS_SUCCESS)
++		*retval = &grp;
++	else
++		*retval = NULL;
++	return (status);
++}
++
++int
++__nss_compat_getgrnam_r(void *cbrv, void *cbdata, va_list ap)
+ {
+ 	int (*fn)(const char *, struct group *, char *, size_t, int *);
++	int		*retval;
+ 	const char	*name;
+ 	struct group	*grp;
+ 	char		*buffer;
+-	int		*errnop;
+ 	size_t		 bufsize;
++	struct group   **result;
+ 	enum nss_status	 status;
+ 
+-	fn = mdata;
++	fn = cbdata;
++	retval = va_arg(ap, int *);
+ 	name = va_arg(ap, const char *);
+ 	grp = va_arg(ap, struct group *);
+ 	buffer = va_arg(ap, char *);
+ 	bufsize = va_arg(ap, size_t);
+-	errnop = va_arg(ap, int *);
+-	status = fn(name, grp, buffer, bufsize, errnop);
+-	status = __nss_compat_result(status, *errnop);
++	result = va_arg(ap, struct group **);
++	status = fn(name, grp, buffer, bufsize, retval);
++	status = __nss_compat_result(status, *retval);
+ 	if (status == NS_SUCCESS)
+-		*(struct group **)retval = grp;
++		*result = grp;
++	else
++		*result = NULL;
+ 	return (status);
+ }
+ 
+ 
+ int
+-__nss_compat_getgrgid_r(void *retval, void *mdata, va_list ap)
++__nss_compat_getgrgid(void *cbrv, void *cbdata, va_list ap)
++{
++	int (*fn)(gid_t, struct group *, char *, size_t, int *);
++	struct group   **retval;
++	gid_t		 gid;
++	int		 errno;
++	enum nss_status	 status;
++	static struct group grp;
++	static char buffer[BUFFER_SIZE];
++	
++	fn = cbdata;
++	retval = va_arg(ap, struct group **);
++	gid = va_arg(ap, gid_t);
++	status = fn(gid, &grp, buffer, sizeof buffer, &errno);
++	status = __nss_compat_result(status, errno);
++	if (status == NS_SUCCESS)
++		*retval = &grp;
++	else
++		*retval = NULL;
++	return (status);
++}
++
++int
++__nss_compat_getgrgid_r(void *cbrv, void *cbdata, va_list ap)
+ {
+ 	int (*fn)(gid_t, struct group *, char *, size_t, int *);
++	int		*retval;
+ 	gid_t		 gid;
+ 	struct group	*grp;
+ 	char		*buffer;
+-	int		*errnop;
+ 	size_t		 bufsize;
++	struct group   **result;
+ 	enum nss_status	 status;
+ 	
+-	fn = mdata;
++	fn = cbdata;
++	retval = va_arg(ap, int *);
+ 	gid = va_arg(ap, gid_t);
+ 	grp = va_arg(ap, struct group *);
+ 	buffer = va_arg(ap, char *);
+ 	bufsize = va_arg(ap, size_t);
+-	errnop = va_arg(ap, int *);
+-	status = fn(gid, grp, buffer, bufsize, errnop);
+-	status = __nss_compat_result(status, *errnop);
++	result = va_arg(ap, struct group **);
++	status = fn(gid, grp, buffer, bufsize, retval);
++	status = __nss_compat_result(status, *retval);
+ 	if (status == NS_SUCCESS)
+-		*(struct group **)retval = grp;
++		*result = grp;
++	else
++		*result = NULL;
+ 	return (status);
+ }
+ 
+ 
+ int
+-__nss_compat_getgrent_r(void *retval, void *mdata, va_list ap)
++__nss_compat_getgrent(void *cbrv, void *cbdata, va_list ap)
++{
++	int (*fn)(struct group *, char *, size_t, int *);
++	struct group   **retval;
++	int		  errno;
++	enum nss_status	 status;
++	static struct group grp;
++	static char buffer[BUFFER_SIZE];
++
++	fn = cbdata;
++	retval = va_arg(ap, struct group **);
++	status = fn(&grp, buffer, sizeof buffer, &errno);
++	status = __nss_compat_result(status, errno);
++	if (status == NS_SUCCESS)
++		*retval = &grp;
++	else
++		*retval = NULL;
++	return (status);
++}
++
++int
++__nss_compat_getgrent_r(void *cbrv, void *cbdata, va_list ap)
+ {
+ 	int (*fn)(struct group *, char *, size_t, int *);
++	int		*retval;
+ 	struct group	*grp;
+ 	char		*buffer;
+-	int		*errnop;
+ 	size_t		 bufsize;
++	struct group   **result;
+ 	enum nss_status	 status;
+ 
+ 	if (CHECK_TERMINATOR(group))
+ 		return (NS_NOTFOUND);
+-	fn = mdata;
++	fn = cbdata;
++	retval = va_arg(ap, int *);
+ 	grp = va_arg(ap, struct group *);
+ 	buffer = va_arg(ap, char *);
+ 	bufsize = va_arg(ap, size_t);
+-	errnop = va_arg(ap, int *);
+-	status = fn(grp, buffer, bufsize, errnop);
+-	status = __nss_compat_result(status, *errnop);
++	result = va_arg(ap, struct group **);
++	status = fn(grp, buffer, bufsize, retval);
++	status = __nss_compat_result(status, *retval);
+ 	if (status == NS_SUCCESS)
+-		*(struct group **)retval = grp;
+-	else if (status != NS_RETURN)
++		*result = grp;
++	else
++		*result = NULL;
++	if (status != NS_RETURN)
+ 		SET_TERMINATOR(group, &terminator);
+ 	return (status);
+ }
+ 
+ 
+ int
+-__nss_compat_setgrent(void *retval, void *mdata, va_list ap)
++__nss_compat_setgrent(void *cbrv, void *cbdata, va_list ap)
+ {
+ 
+ 	SET_TERMINATOR(group, NULL);
+-	((int (*)(void))mdata)();
++	((int (*)(void))cbdata)();
+ 	return (NS_UNAVAIL);
+ }
+ 
+ 
+ int
+-__nss_compat_endgrent(void *retval, void *mdata, va_list ap)
++__nss_compat_endgrent(void *cbrv, void *cbdata, va_list ap)
+ {
+ 
+ 	SET_TERMINATOR(group, NULL);
+-	((int (*)(void))mdata)();
++	((int (*)(void))cbdata)();
+ 	return (NS_UNAVAIL);
+ }
+ 
+@@ -182,97 +263,178 @@
+ 
+ 
+ int
+-__nss_compat_getpwnam_r(void *retval, void *mdata, va_list ap)
++__nss_compat_getpwnam(void *cbrv, void *cbdata, va_list ap)
+ {
+ 	int (*fn)(const char *, struct passwd *, char *, size_t, int *);
++	struct passwd  **retval;
++	const char	*name;
++	int		 errno;
++	enum nss_status	 status;
++	static struct passwd pwd;
++	static char buffer[BUFFER_SIZE];
++
++	fn = cbdata;
++	retval = va_arg(ap, struct passwd **);
++	name = va_arg(ap, const char *);
++	status = fn(name, &pwd, buffer, sizeof buffer, &errno);
++	status = __nss_compat_result(status, errno);
++	if (status == NS_SUCCESS)
++		*retval = &pwd;
++	else
++		*retval = NULL;
++	return (status);
++}
++
++int
++__nss_compat_getpwnam_r(void *cbrv, void *cbdata, va_list ap)
++{
++	int (*fn)(const char *, struct passwd *, char *, size_t, int *);
++	int		*retval;
+ 	const char	*name;
+ 	struct passwd	*pwd;
+ 	char		*buffer;
+-	int		*errnop;
+ 	size_t		 bufsize;
++	struct passwd  **result;
++	int		 errno;
+ 	enum nss_status	 status;
+ 
+-	fn = mdata;
++	fn = cbdata;
++	retval = va_arg(ap, int *);
+ 	name = va_arg(ap, const char *);
+ 	pwd = va_arg(ap, struct passwd *);
+ 	buffer = va_arg(ap, char *);
+ 	bufsize = va_arg(ap, size_t);
+-	errnop = va_arg(ap, int *);
+-	status = fn(name, pwd, buffer, bufsize, errnop);
+-	status = __nss_compat_result(status, *errnop);
++	result = va_arg(ap, struct passwd **);
++	status = fn(name, pwd, buffer, bufsize, retval);
++	status = __nss_compat_result(status, *retval);
+ 	if (status == NS_SUCCESS)
+-		*(struct passwd **)retval = pwd;
++		*result = pwd;
++	else
++		*result = NULL;
+ 	return (status);
+ }
+ 
+ 
+ int
+-__nss_compat_getpwuid_r(void *retval, void *mdata, va_list ap)
++__nss_compat_getpwuid(void *cbrv, void *cbdata, va_list ap)
+ {
+ 	int (*fn)(uid_t, struct passwd *, char *, size_t, int *);
++	struct passwd  **retval;
++	uid_t		 uid;
++	int		 errno;
++	enum nss_status	 status;
++	static struct passwd pwd;
++	static char buffer[BUFFER_SIZE];
++	
++	fn = cbdata;
++	retval = va_arg(ap, struct passwd **);
++	uid = va_arg(ap, uid_t);
++	status = fn(uid, &pwd, buffer, sizeof buffer, &errno);
++	status = __nss_compat_result(status, errno);
++	if (status == NS_SUCCESS)
++		*retval = &pwd;
++	else
++		*retval = NULL;
++	return (status);
++}
++
++int
++__nss_compat_getpwuid_r(void *cbrv, void *cbdata, va_list ap)
++{
++	int (*fn)(uid_t, struct passwd *, char *, size_t, int *);
++	int		*retval;
+ 	uid_t		 uid;
+ 	struct passwd	*pwd;
+ 	char		*buffer;
+-	int		*errnop;
+ 	size_t		 bufsize;
++	struct passwd   **result;
+ 	enum nss_status	 status;
+ 	
+-	fn = mdata;
++	fn = cbdata;
++	retval = va_arg(ap, int *);
+ 	uid = va_arg(ap, uid_t);
+ 	pwd = va_arg(ap, struct passwd *);
+ 	buffer = va_arg(ap, char *);
+ 	bufsize = va_arg(ap, size_t);
+-	errnop = va_arg(ap, int *);
+-	status = fn(uid, pwd, buffer, bufsize, errnop);
+-	status = __nss_compat_result(status, *errnop);
++	result = va_arg(ap, struct passwd **);
++	retval = va_arg(ap, int *);
++	status = fn(uid, pwd, buffer, bufsize, retval);
++	status = __nss_compat_result(status, *retval);
+ 	if (status == NS_SUCCESS)
+-		*(struct passwd **)retval = pwd;
++		*result = pwd;
++	else
++		*result = NULL;
+ 	return (status);
+ }
+ 
+ 
+ int
+-__nss_compat_getpwent_r(void *retval, void *mdata, va_list ap)
++__nss_compat_getpwent(void *cbrv, void *cbdata, va_list ap)
++{
++	int (*fn)(struct passwd *, char *, size_t, int *);
++	struct passwd  **retval;
++	int		 errno;
++	enum nss_status	 status;
++	static struct passwd pwd;
++	static char buffer[BUFFER_SIZE];
++
++	fn = cbdata;
++	retval = va_arg(ap, struct passwd **);
++	status = fn(&pwd, buffer, sizeof buffer, &errno);
++	status = __nss_compat_result(status, errno);
++	if (status == NS_SUCCESS)
++		*retval = &pwd;
++	else
++		*retval = NULL;
++	return (status);
++}
++
++int
++__nss_compat_getpwent_r(void *cbrv, void *cbdata, va_list ap)
+ {
+ 	int (*fn)(struct passwd *, char *, size_t, int *);
++	int		*retval;
+ 	struct passwd	*pwd;
+ 	char		*buffer;
+-	int		*errnop;
+ 	size_t		 bufsize;
++	struct passwd  **result;
+ 	enum nss_status	 status;
+ 
+ 	if (CHECK_TERMINATOR(passwd))
+ 		return (NS_NOTFOUND);
+-	fn = mdata;
++	fn = cbdata;
++	retval = va_arg(ap, int *);
+ 	pwd = va_arg(ap, struct passwd *);
+ 	buffer = va_arg(ap, char *);
+ 	bufsize = va_arg(ap, size_t);
+-	errnop = va_arg(ap, int *);
+-	status = fn(pwd, buffer, bufsize, errnop);
+-	status = __nss_compat_result(status, *errnop);
++	result = va_arg(ap, struct passwd **);
++	status = fn(pwd, buffer, bufsize, retval);
++	status = __nss_compat_result(status, *retval);
+ 	if (status == NS_SUCCESS)
+-		*(struct passwd **)retval = pwd;
+-	else if (status != NS_RETURN)
++		*result = pwd;
++	else
++		*result = NULL;
++	if (status != NS_RETURN)
+ 		SET_TERMINATOR(passwd, &terminator);
+ 	return (status);
+ }
+ 
+ 
+ int
+-__nss_compat_setpwent(void *retval, void *mdata, va_list ap)
++__nss_compat_setpwent(void *cbrv, void *cbdata, va_list ap)
+ {
+ 
+ 	SET_TERMINATOR(passwd, NULL);
+-	((int (*)(void))mdata)();
++	((int (*)(void))cbdata)();
+ 	return (NS_UNAVAIL);
+ }
+ 
+ 
+ int
+-__nss_compat_endpwent(void *retval, void *mdata, va_list ap)
++__nss_compat_endpwent(void *cbrv, void *cbdata, va_list ap)
+ {
+ 
+ 	SET_TERMINATOR(passwd, NULL);
+-	((int (*)(void))mdata)();
++	((int (*)(void))cbdata)();
+ 	return (NS_UNAVAIL);
+ }

nss-pam-ldapd/patches/patch-compat_nss_compat.h

@@ -0,0 +1,36 @@
+$NetBSD$
+
+NetBSD doesn't have <nss.h>
+
+--- compat/nss_compat.h.orig	2012-05-11 14:25:15.000000000 +0200
++++ compat/nss_compat.h	2013-11-28 18:11:22.000000000 +0100
+@@ -25,6 +25,29 @@
+ 
+ #ifdef HAVE_NSS_H
+ #include <nss.h>
++#else
++#ifdef __NetBSD__
++#include <nsswitch.h>
++enum nss_status {
++	NSS_STATUS_TRYAGAIN = -2,
++	NSS_STATUS_UNAVAIL,
++	NSS_STATUS_NOTFOUND,
++	NSS_STATUS_SUCCESS,
++	NSS_STATUS_RETURN
++};
++#define HAVE_ENUM_NSS_STATUS 1
++#include <stdarg.h>
++#define NSS_METHOD_PROTOTYPE(method) \
++	int method(void *, void *, va_list)
++#define __nss_compat_result(rv, err) \
++	((rv == NSS_STATUS_TRYAGAIN) ? (err == ERANGE ? NS_UNAVAIL : NS_TRYAGAIN) : \
++	 (rv == NSS_STATUS_TRYAGAIN) ? NS_TRYAGAIN : \
++	 (rv == NSS_STATUS_UNAVAIL)  ? NS_UNAVAIL  : \
++	 (rv == NSS_STATUS_NOTFOUND) ? NS_NOTFOUND : \
++	 (rv == NSS_STATUS_SUCCESS)  ? NS_SUCCESS  : \
++	 (rv == NSS_STATUS_RETURN)   ? NS_UNAVAIL  : \
++	0)
++#endif /* __NetBSD__ */
+ #endif /* HAVE_NSS_H */
+ #ifdef HAVE_NSS_COMMON_H
+ #include <nss_common.h>

nss-pam-ldapd/patches/patch-nss_bsdnss.c

@@ -0,0 +1,179 @@
+$NetBSD$
+
+NetBSD does not have __nss_compat_xxx functions in its C library.
+It also need non-_r variants.
+
+--- nss/bsdnss.c.orig	2012-05-18 15:34:22.000000000 +0200
++++ nss/bsdnss.c	2013-12-03 17:18:50.000000000 +0100
+@@ -40,108 +40,106 @@
+ NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
+ NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
+ NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent);
+ NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
+ NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
+-NSS_METHOD_PROTOTYPE(__freebsd_getgroupmembership);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid);
++NSS_METHOD_PROTOTYPE(__netbsd_getgroupmembership);
+ 
+ NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
+ NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
+ NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent);
+ NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
+ NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid);
+ 
+ NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
+-NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
+ NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
+ 
+ static ns_mtab methods[]={
+   { NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
+   { NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
+   { NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++  { NSDB_GROUP, "getgrent",   __nss_compat_getgrent,   _nss_ldap_getgrent_r },
+   { NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
+   { NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
+-  { NSDB_GROUP, "getgroupmembership", __freebsd_getgroupmembership, NULL },
++  { NSDB_GROUP, "getgrnam", __nss_compat_getgrnam, _nss_ldap_getgrnam_r },
++  { NSDB_GROUP, "getgrgid", __nss_compat_getgrgid, _nss_ldap_getgrgid_r },
++  { NSDB_GROUP, "getgroupmembership", __netbsd_getgroupmembership, NULL },
+ 
+   { NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
+   { NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
+   { NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++  { NSDB_PASSWD, "getpwent",   __nss_compat_getpwent,   _nss_ldap_getpwent_r },
+   { NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
+   { NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
++  { NSDB_PASSWD, "getpwnam", __nss_compat_getpwnam, _nss_ldap_getpwnam_r },
++  { NSDB_PASSWD, "getpwuid", __nss_compat_getpwuid, _nss_ldap_getpwuid_r },
+ 
+   { NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
+   { NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
+-  { NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
+ 
+   { NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
+   { NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
+   { NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++  { NSDB_GROUP_COMPAT, "getgrent",   __nss_compat_getgrent,   _nss_ldap_getgrent_r },
+   { NSDB_GROUP_COMPAT, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
+   { NSDB_GROUP_COMPAT, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
++  { NSDB_GROUP_COMPAT, "getgrnam", __nss_compat_getgrnam, _nss_ldap_getgrnam_r },
++  { NSDB_GROUP_COMPAT, "getgrgid", __nss_compat_getgrgid, _nss_ldap_getgrgid_r },
+ 
+   { NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
+   { NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
+   { NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++  { NSDB_PASSWD_COMPAT, "getpwent",   __nss_compat_getpwent,   _nss_ldap_getpwent_r },
+   { NSDB_PASSWD_COMPAT, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
+   { NSDB_PASSWD_COMPAT, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
++  { NSDB_PASSWD_COMPAT, "getpwnam", __nss_compat_getpwnam, _nss_ldap_getpwnam_r },
++  { NSDB_PASSWD_COMPAT, "getpwuid", __nss_compat_getpwuid, _nss_ldap_getpwuid_r },
+ };
+ 
+-int __nss_compat_gethostbyname(void *retval,void *mdata,va_list ap)
+-{
+-  nss_status_t (*fn)(const char *,struct hostent *,char *,size_t,int *,int *);
+-  const char *name;
+-  struct hostent *result;
+-  char buffer[BUFFER_SIZE];
+-  int errnop;
+-  int h_errnop;
+-  int af;
+-  nss_status_t status;
+-  fn=mdata;
+-  name=va_arg(ap,const char*);
+-  af=va_arg(ap,int);
+-  result=va_arg(ap,struct hostent *);
+-  status=fn(name,result,buffer,sizeof(buffer),&errnop,&h_errnop);
+-  status=__nss_compat_result(status,errnop);
+-  h_errno=h_errnop;
+-  return (status);
+-}
++#ifdef __NetBSD__
++#include <compat/nss_compat.c>
++#endif
+ 
+-int __nss_compat_gethostbyname2(void *retval,void *mdata,va_list ap)
++int __nss_compat_gethostbyname(void *cbrv,void *cbdata,va_list ap)
+ {
+   nss_status_t (*fn)(const char *,struct hostent *,char *,size_t,int *,int *);
+   const char *name;
+-  struct hostent *result;
++  int namelen;
+   char buffer[BUFFER_SIZE];
+   int errnop;
+   int h_errnop;
+   int af;
+   nss_status_t status;
+-  fn=mdata;
++  fn=cbdata;
+   name=va_arg(ap,const char*);
++  namelen=va_arg(ap,int);
+   af=va_arg(ap,int);
+-  result=va_arg(ap,struct hostent *);
+-  status=fn(name,result,buffer,sizeof(buffer),&errnop,&h_errnop);
++  status=fn(name,(struct hostent *)cbrv,buffer,sizeof(buffer),&errnop,&h_errnop);
+   status=__nss_compat_result(status,errnop);
+   h_errno=h_errnop;
+   return (status);
+ }
+ 
+-int __nss_compat_gethostbyaddr(void *retval,void *mdata,va_list ap)
++int __nss_compat_gethostbyaddr(void *cbrv,void *cbdata,va_list ap)
+ {
+   struct in_addr *addr;
+-  int len;
+-  int type;
+-  struct hostent *result;
++  int addrlen;
++  int af;
+   char buffer[BUFFER_SIZE];
+   int errnop;
+   int h_errnop;
+   nss_status_t (*fn)(struct in_addr *,int,int,struct hostent *,char *,size_t,int *,int *);
+   nss_status_t status;
+-  fn=mdata;
++  fn=cbdata;
+   addr=va_arg(ap,struct in_addr*);
+-  len=va_arg(ap,int);
+-  type=va_arg(ap,int);
+-  result=va_arg(ap,struct hostent*);
+-  status=fn(addr,len,type,result,buffer,sizeof(buffer),&errnop,&h_errnop);
++  addrlen=va_arg(ap,int);
++  af=va_arg(ap,int);
++  status=fn(addr,addrlen,af,(struct hostent *)cbrv,buffer,sizeof(buffer),&errnop,&h_errnop);
+   status=__nss_compat_result(status,errnop);
+   h_errno=h_errnop;
+   return (status);
+@@ -165,22 +163,26 @@
+   return ret;
+ }
+ 
+-int __freebsd_getgroupmembership(void *retval,void *mdata,va_list ap)
++int __netbsd_getgroupmembership(void *cbrv,void *cbdata,va_list ap)
+ {
+   int err;
+   nss_status_t s;
+   gid_t group;
+   gid_t *tmpgroups;
++  int *retval;
+   const char *user;
+   gid_t *groups;
+   int maxgrp,*grpcnt;
+   int i;
+   long int lstart,lsize;
++  (void)cbdata;
++  retval=va_arg(ap,int *);
+   user=va_arg(ap,const char *);
+   group=va_arg(ap,gid_t);
+   groups=va_arg(ap,gid_t *);
+   maxgrp=va_arg(ap,int);
+   grpcnt=va_arg(ap,int *);
++  (void)retval;
+   tmpgroups=malloc(maxgrp*sizeof(gid_t));
+   if (tmpgroups==NULL)
+     return NSS_STATUS_UNAVAIL;

nss-pam-ldapd/patches/patch-pynslcd_Makefile.in

@@ -0,0 +1,15 @@
+$NetBSD$
+
+Install pynslcd's files into $libdir/pynslcd, not $datadir/pynslcd since .pyc/.pyo files are binary
+
+--- pynslcd/Makefile.in.orig	2013-05-05 14:04:06.000000000 +0200
++++ pynslcd/Makefile.in	2013-11-29 16:33:48.000000000 +0100
+@@ -249,7 +249,7 @@
+ top_build_prefix = @top_build_prefix@
+ top_builddir = @top_builddir@
+ top_srcdir = @top_srcdir@
+-pynslcddir = $(datadir)/pynslcd
++pynslcddir = $(libdir)/pynslcd
+ pynslcd_PYTHON = pynslcd.py attmap.py cache.py cfg.py common.py expr.py \
+                  mypidfile.py tio.py \
+                  alias.py ether.py group.py host.py netgroup.py network.py \