a8958bfc8c
(The version sequence apparently goes 0.8.12 -> 0.9.0, with 0.8.13
as a maintenance release.)
Pkgsrc changes:
* Make sure the .so modules are installed unstripped, so that
they can actually be used (need symbol lookup for register functions).
* Replace python interpreter in a couple of installed scripts
* Point nslcd to config file in PKG_SYSCONFDIR, but install example
config in example directory.
Upstream changes:
changes from 0.9.6 to 0.9.7
---------------------------
* check existence of TLS certificate and key files on start-up
* fix password policy expiration handling when password was about to expire
(thanks Mathieu Baeumler for tracking this down)
* fix updating of shadowLastChange attribute when chasing referrals
(thanks Vasilis Tsiligiannis)
* add an pam_authc_ppolicy option to allows completely disabling ppolicy
handling (thanks Mathieu Baeumler)
* fix handling of nss_disable_enumeration (thanks Andrew W Elble for pointing
this out)
* display human readable password expiry messages (thanks Mathieu Baeumler)
* fix error when changing PAM user name (thanks #<9D>#<91>)
* support substring expressions ${var:offset:length} in attribute mapping
(thanks Giovanni Mascellani)
* also honor the ignorecase option in PAM
changes from 0.9.5 to 0.9.6
---------------------------
* fix a race condition in signal handling during start-up that would cause
nslcd to exit if a signal (such as SIGUSR1 that can be sent when network
status changes) is received
* fix signed integer overflow on 32bit systems when using objectSid (thanks
Geoffrey McRae)
* allow longer configuration values (thanks Jed Liu)
* add an nss_getgrent_skipmembers option to disable retrieving group members
to improve performance in specific environments
* add an nss_disable_enumeration option to disable full listing of all users
and groups to improve performance in specific environments (thanks Andrew
Elble)
* implement an innetgr function in the Solaris NSS module
changes from 0.9.4 to 0.9.5
---------------------------
* improve test suite (change IP range)
* handle situation better when server (or firewall) closed the connection
(thanks Tim Harder)
* make daemonising a little more robust and try to log more failures
* fix integer format strings (thanks Jianhai Luan and Patrick McLean)
* documentation updates (thanks Dalibor Pospí#il)
* fix range check for search access (thanks David Binderma)
* fix a bug in the NSS library when encountering IPv6 addresses in
the hosts map (thanks Mark R Bannister)
* allow configuring the name of the NSS and PAM modules (--with-module-name)
* adjust the Linux OOM (Out-Of-Memory) killer score to avoid killing nslcd
(thanks Patrick McLean)
* portability improvements (thanks Tim Rice)
changes from 0.9.3 to 0.9.4
---------------------------
* also handle password policy information on BIND failure (this makes it
possible to distinguish between a wrong password and an expired password)
* fix mapping the member attribute to an empty string
* any buffers that may have held passwords are cleared before the memory is
released
* increase buffer size for passwords to support extremely long passwords
(thanks ushi)
* increase buffer size for DN to support very long names or names with
non-ASCII characters
* log an error in almost all places where a defined buffer is not large
enough to hold the provided data instead of just (sometimes silently)
failing
* logging improvements (start-up problems, login failures)
* small improvement for Solaris
changes from 0.9.2 to 0.9.3
---------------------------
* make the dn2uid cache lifetime configurable with the cache configuration
option
* have the nslcd process only exit after the service is completely available
to avoid race conditions in the init script
* the nslcd daemon now properly daemonises (double fork)
* support mapping the member attribute to an empty string to disable the
functionality to do extra lookups for member DN to member uid translations
* implement deref control handling to request the LDAP server to dereference
group member attribute values to uid values
* support getting built-in groups from Active Directory (thanks Davy Defaud)
* fix for pwdLastSet attribute value handling (thanks Joshua Shire)
* fix a possible crash in the NSS module when retrieving large networks
entries (thanks Lukas Slebodnik)
* correct NSS h_errnop return value to indicate buffer too small (thanks
Nalin Dahyabhai)
* fix a bug with shadow values on 64-bit architectures
* automatically detect DragonFly as using the FreeBSD NSS interface (thanks
Francois Tigeot)
* add a build-time test to see if krb5 is thread-safe
* various minor bug fixes
changes from 0.9.1 to 0.9.2
---------------------------
* increase password value buffer size (by Bersl)
* avoid more broken pipe errors by using a low timeout when aborting reading
requested information from nslcd (thanks John Sullivan)
* only log broken pipe errors in debugging mode
* fix buffer overflow on interrupted read that is hard to trigger (thanks
John Sullivan)
* use clock_gettime() with CLOCK_MONOTONIC for timeout calculations to avoid
clock adjustments errors (thanks John Sullivan)
* extend test suite to test for CLOCK_MONOTONIC and timed IO timeout
calculations
* increase the maximum number of base statements per map to 31
* use larger nslcd send buffers to reduce the number of write operations in
nslcd and consequently the number of reads in the NSS and PAM modules
(thanks John Sullivan)
* also run invalidators after first successful search
* various clean-ups, portability improvements and fixes for compiler warnings
* import configure checks of Python modules
* provide a script for setting up slapd in a test environment, automatically
loaded with the required test data
* add script for evaluating test environment availability
* portability improvements in the test scripts and test environment
changes from 0.9.0 to 0.9.1
---------------------------
* rename the nscd_invalidate option to reconnect_invalidate and allow flushing
the nfsidmap cache with the new option
* implement an -n switch to not daemonise (by Caleb Callaway)
* nslcd will now return partial shadow information to non-root users to avoid
authorisation problems with setgid shadow authentication helpers with some
PAM stacks
* nslcd will now retry failing LDAP connections after receiving SIGUSR1
(SIGUSR1 could be sent after re-establishing a network connection)
* fix the way manual pages are installed in some situations
* the code for the nslcd utilities (getent.ldap and chsh.ldap) is now
installed in {prefix}/share/nslcd-utils
* improve error and help output of the getent.ldap command
* documentation updates
* a number of tests were added and existing tests were extended
* fix for a potential, small memory leak in PAM module regarding temporary
saving of old password
* a large number of bug fixes and improvements in pynslcd
* hide passwords from the pynslcd debug output
* support start_tls, pam_password_prohibit_message, nss_initgroups_ignoreusers
and nss_min_uid in pynslcd
* fix rootpwmodpw handling in pynslcd
* complete a basic PAM implementation in pynslcd (some things such as shadow
attribute checking remain to be implemented)
* clean up the caching functionality in pynslcd (functionality is still
disabled)
changes from 0.8.12 to 0.9.0
----------------------------
* backwards incompatible change to the communications protocol between nslcd
and NSS and PAM modules to use network byte order to be able to work on
mixed endian multiarch systems
* netgroup lookups now makes a distinction between empty netgroups and
non-existing netgroups
* the PAM protocol is now more consistent (cleaner support for password
modification by root, have all request parameters in the same order and
limit the information returned from the call)
* request and handle password policy controls on LDAP authentication
* implement support for nested groups which can be enabled with the
nss_nested_groups option (thanks Steve Hill)
* add a log option to configure log level and logging to plain files
* add an nscd_invalidate option to invalidate the nscd cache after recovering
from LDAP connection problems (to clear any negative cache entries)
* allow trimming expressions with ${foo#bar} syntax in attribute mapping
expressions (thanks Thorsten Glaser)
* pynslcd supports trimming expressions with full shell glob matching
* support password modification in pynslcd
* support children search scope for systems that have it
* add a getent.ldap utility to perform nslcd queries bypassing the libc NSS
stack
* implement functionality for changing user information and provide a
chsh.ldap utility to allow users to change their login shell
* remove deprecated use_sasl, reconnect_tries, reconnect_maxsleeptime and
tls_checkpeer options which have been replaced long ago
* allow names with one character in default validnames option and allow
parentheses (taken from Fedora packages)
* fall back to updating the lastChange attribute with the normal LDAP
connection
* dump full nslcd configuration at debug level on start-up
* export an _nss_ldap_version symbol in the NSS module to make finding version
mismatches easier (the NSS module version is logged from nslcd)
* documentation improvements
* update the coding style for the C source code to follow a more modern and
commonly used coding convention
* some parts of the code were refactored or rewritten to take into account the
changes within the software (e.g. configuration file handling, reduction in
the number of system calls for normal communication)
* numerous smaller fixes
* portability and robustness improvements to the tests
* implement lookup_netgroup and lookup_shadow test commands for systems that
cannot use getent to query these
* guess the value for --with-pam-seclib-dir configure option if it is not
specified
* temporary disable the caching functionality of pynslcd
* usability improvements in the pynslcd implementation
* various fixes for Solaris
119 lines
3.5 KiB
Makefile
119 lines
3.5 KiB
Makefile
# $NetBSD: Makefile,v 1.2 2012/12/13 18:20:29 ftigeot Exp $
|
|
|
|
DISTNAME= nss-pam-ldapd-0.9.7
|
|
CATEGORIES= databases
|
|
MASTER_SITES= http://arthurdejong.org/nss-pam-ldapd/
|
|
|
|
MAINTAINER= pkgsrc-users@NetBSD.org
|
|
HOMEPAGE= http://arthurdejong.org/nss-pam-ldapd/
|
|
COMMENT= LDAP client for nsswitch
|
|
LICENSE= gnu-lgpl-v2
|
|
|
|
NSLCD_USER?= nslcd
|
|
NSLCD_GROUP?= nslcd
|
|
|
|
PKG_USERS= ${NSLCD_USER}:${NSLCD_GROUP}
|
|
PKG_GROUPS= ${NSLCD_GROUP}
|
|
PKG_USERS_VARS+= NSLCD_USER
|
|
PKG_GROUPS_VARS+= NSLCD_GROUP
|
|
|
|
.include "../../mk/bsd.prefs.mk"
|
|
.include "options.mk"
|
|
|
|
USE_TOOLS+= autoconf
|
|
GNU_CONFIGURE= yes
|
|
CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
|
|
CONFIGURE_ARGS+= --with-ldap-conf-file=${PKG_SYSCONFDIR}/nslcd.conf
|
|
CONFIGURE_ARGS+= --with-nslcd-pidfile=${NSLCD_PIDFILE}
|
|
CONFIGURE_ARGS+= --with-nslcd-socket=${NSLCD_SOCKET}
|
|
CONFIGURE_ARGS+= --with-ldap-lib=openldap
|
|
CONFIGURE_ARGS+= --with-nss-ldap-soname=${NSS_LDAP_SONAME}
|
|
CONFIGURE_ARGS+= --with-pam-seclib-dir=${PREFIX}/lib/security
|
|
.if ${OPSYS} == "NetBSD" || ${OPSYS} == "DragonFly"
|
|
CONFIGURE_ARGS+= --with-nss-flavour=freebsd
|
|
.endif
|
|
|
|
REPLACE_PYTHON+= utils/chsh.py
|
|
REPLACE_PYTHON+= utils/getent.py
|
|
|
|
# Don't stip the .so objects, they will then be useless
|
|
# e.g. because nss_module_register can't be looked up
|
|
INSTALL_UNSTRIPPED= yes
|
|
|
|
FILES_SUBST+= PIDFILE=${NSLCD_PIDFILE}
|
|
|
|
RCD_SCRIPTS+= nslcd
|
|
|
|
EGDIR= ${PREFIX}/share/examples/${PKGBASE}
|
|
VARDIR= ${VARBASE}/run/nslcd
|
|
CONF_FILES= ${EGDIR}/nslcd.conf ${PKG_SYSCONFDIR}/nslcd.conf
|
|
|
|
NSLCD_PIDFILE?= ${VARDIR}/nslcd.pid
|
|
NSLCD_SOCKET?= ${VARDIR}/socket
|
|
BUILD_DEFS+= VARBASE NSLCD_PIDFILE NSLCD_SOCKET
|
|
|
|
INSTALL_MAKE_FLAGS+= NSLCD_CONF_PATH=${PKG_SYSCONFDIR}/nslcd.conf
|
|
|
|
# Install FreeBSD's nss_compat.c and later patch it
|
|
pre-patch:
|
|
${CP} ${FILESDIR}/nss_compat.c ${WRKSRC}/compat
|
|
|
|
pre-configure:
|
|
cd ${WRKSRC} && autoconf
|
|
|
|
post-install:
|
|
${CHMOD} 0644 ${DESTDIR}${EGDIR}/nslcd.conf
|
|
|
|
.if ${OPSYS} == "NetBSD"
|
|
# Otherwise PAM_EXTERN ends up "static" and -O2 optimizes everything away
|
|
CFLAGS+= -DNO_STATIC_MODULES
|
|
|
|
INSTALL_TEMPLATES= INSTALL.nss
|
|
DEINSTALL_TEMPLATES= DEINSTALL.nss
|
|
.endif
|
|
|
|
# NSS_LDAP_SONAME is used by both the NSS client and the server(!)
|
|
.if ${OPSYS} == "NetBSD"
|
|
NSS_LDAP_SONAME= nss_ldap.so.0
|
|
.elif ${OPSYS} == "FreeBSD" || ${OPSYS} == "DragonFly" || ${OPSYS} == "SunOS"
|
|
NSS_LDAP_SONAME= nss_ldap.so.1
|
|
.else
|
|
NSS_LDAP_SONAME= libnss_ldap.so.2
|
|
.endif
|
|
|
|
PLIST_SUBST+= NSS_LDAP_SONAME=${NSS_LDAP_SONAME:Q}
|
|
|
|
# PAM_LDAP_SONAME is used only by the PAM client, but define it here for consistency
|
|
.if ${OPSYS} == "SunOS"
|
|
PAM_LDAP_SONAME= pam_ldap.so.1
|
|
.else
|
|
PAM_LDAP_SONAME= pam_ldap.so
|
|
.endif
|
|
|
|
PLIST_SUBST+= PAM_LDAP_SONAME=${PAM_LDAP_SONAME:Q}
|
|
|
|
SUBST_CLASSES+= fix-paths
|
|
SUBST_STAGE.fix-paths= pre-configure
|
|
SUBST_MESSAGE.fix-paths=Fixing config file path
|
|
SUBST_FILES.fix-paths= man/*.[0-9] man/*.[0-9].xml
|
|
SUBST_SED.fix-paths= -e 's|/etc/nslcd.conf|${PKG_SYSCONFDIR}/nslcd.conf|g'
|
|
|
|
# Thread Local Storage seems not to work on NetBSD-4
|
|
.if !empty(MACHINE_PLATFORM:MNetBSD-[0-4].*-*)
|
|
SUBST_CLASSES+= disable-tls
|
|
SUBST_STAGE.disable-tls=post-configure
|
|
SUBST_MESSAGE.disable-tls=disabling TLS
|
|
SUBST_FILES.disable-tls=config.h
|
|
SUBST_SED.disable-tls= -e 's|/\* \#undef __thread \*/|\#define __thread /\*\*/|'
|
|
.endif
|
|
|
|
SUBST_CLASSES+= usergroup
|
|
SUBST_STAGE.usergroup= post-patch
|
|
SUBST_FILES.usergroup= nslcd.conf
|
|
SUBST_SED.usergroup= -e 's/^uid nslcd/uid ${NSLCD_USER}/'
|
|
SUBST_SED.usergroup+= -e 's/^gid nslcd/gid ${NSLCD_GROUP}/'
|
|
|
|
.include "../../lang/python/application.mk"
|
|
.include "../../databases/openldap-client/buildlink3.mk"
|
|
.include "../../mk/bsd.pkg.mk"
|