From b7ea3351b01aa024da941a2a3890eb3ccc68a86a Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Mon, 16 Dec 2024 13:26:53 +0300 Subject: [PATCH 1/5] Add FreeBSD support, round 1 --- src/confdb/confdb.c | 3 + src/external/platform.m4 | 18 +- src/krb5_plugin/common/radius_kdcpreauth.c | 3 + src/lib/certmap/sss_certmap.exports | 1 - src/lib/winbind_idmap_sss/winbind_idmap_sss.c | 2 + src/lib/winbind_idmap_sss/winbind_idmap_sss.h | 2 + src/p11_child/p11_child_common.c | 2 + src/passkey_child/passkey_child_common.c | 4 + src/providers/ad/ad_common.c | 3 + src/providers/ad/ad_gpo_child.c | 4 + src/providers/ad/ad_pac.h | 2 + src/providers/ad/ad_pac_common.c | 3 + src/providers/data_provider/dp_modules.c | 3 + src/providers/data_provider/dp_targets.c | 3 + src/providers/data_provider_be.c | 2 + src/providers/data_provider_fo.c | 3 + src/providers/ipa/ipa_common.c | 3 + .../ipa/ipa_deskprofile_rules_util.c | 2 + src/providers/krb5/krb5_child.c | 2 + src/providers/ldap/ldap_auth.c | 26 +++ src/providers/ldap/ldap_child.c | 5 + src/providers/ldap/sdap_access.c | 9 + src/providers/ldap/sdap_async_sudo_hostinfo.c | 3 + src/providers/proxy/proxy_child.c | 14 ++ src/resolv/async_resolv_utils.c | 3 + .../plugins/cache_req_ip_host_by_addr.c | 3 + .../plugins/cache_req_ip_network_by_addr.c | 3 + src/responder/common/responder_common.c | 3 + src/responder/common/responder_packet.c | 3 + src/responder/kcm/kcmsrv_ccache_secdb.c | 9 + src/responder/kcm/kcmsrv_cmd.c | 6 + src/responder/kcm/kcmsrv_ops.c | 3 + src/responder/nss/nsssrv_mmap_cache.c | 11 +- src/sbus/sbus_errors.c | 2 +- src/sss_client/bsdnss.c | 215 ++++++++++++++++++ src/sss_client/common.c | 6 +- src/sss_client/nss_group.c | 71 ++++++ src/sss_client/nss_hosts.c | 5 + src/sss_client/nss_ipnetworks.c | 5 + src/sss_client/pam_sss.c | 4 + src/sss_client/pam_sss_gss.c | 6 + src/sss_client/sss_nss.exports | 18 ++ src/sss_client/sss_pac_responder_client.c | 7 + src/tests/cmocka/test_authtok.c | 1 + src/util/child_common.c | 6 + src/util/find_uid.c | 92 +++++++- src/util/nss_dl_load.c | 11 + src/util/server.c | 16 +- src/util/sss_bsd_errno.h | 58 +++++ src/util/sss_krb5.c | 4 + src/util/sss_pam_data.h | 1 + src/util/sss_sockets.c | 4 +- src/util/util.c | 12 + src/util/util_creds.h | 13 ++ 54 files changed, 699 insertions(+), 24 deletions(-) create mode 100644 src/sss_client/bsdnss.c create mode 100644 src/util/sss_bsd_errno.h diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 593400ac264..7446cda75e0 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -21,6 +21,9 @@ #include "config.h" +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include "sbus/sbus_opath.h" #include "util/util.h" diff --git a/src/external/platform.m4 b/src/external/platform.m4 index eb704281332..811135d76c0 100644 --- a/src/external/platform.m4 +++ b/src/external/platform.m4 @@ -1,5 +1,5 @@ AC_ARG_WITH([os], - [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (unknown|fedora|redhat|suse|debian|gentoo)])] + [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (unknown|fedora|freebsd|redhat|suse|gentoo)])] ) osname="" if test x"$with_os" != x ; then @@ -21,6 +21,8 @@ if test x"$osname" = x ; then . /etc/os-release if ([[ "${ID}" = "suse" ]]) || ([[ "${ID_LIKE#*suse*}" != "${ID_LIKE}" ]]); then osname="suse" + elif ([[ "${ID}" = "freebsd" ]]) || ([[ "${ID_LIKE#*freebsd*}" != "${ID_LIKE}" ]]); then + osname="freebsd" fi else osname="unknown" @@ -30,6 +32,7 @@ if test x"$osname" = x ; then fi AM_CONDITIONAL([HAVE_FEDORA], [test x"$osname" = xfedora]) +AM_CONDITIONAL([HAVE_FREEBSD], [test x"$osname" = xfreebsd]) AM_CONDITIONAL([HAVE_REDHAT], [test x"$osname" = xredhat]) AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse]) AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian]) @@ -38,13 +41,22 @@ AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo]) AS_CASE([$osname], [redhat], [AC_DEFINE_UNQUOTED([HAVE_REDHAT], 1, [Build with redhat config])], [fedora], [AC_DEFINE_UNQUOTED([HAVE_FEDORA], 1, [Build with fedora config])], + [freebsd], [AC_DEFINE_UNQUOTED([HAVE_FREEBSD], 1, [Build with freebsd config])], [suse], [AC_DEFINE_UNQUOTED([HAVE_SUSE], 1, [Build with suse config])], [gentoo], [AC_DEFINE_UNQUOTED([HAVE_GENTOO], 1, [Build with gentoo config])], [debian], [AC_DEFINE_UNQUOTED([HAVE_DEBIAN], 1, [Build with debian config])], [AC_MSG_NOTICE([Build with $osname config])]) -AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , - [[#include ]]) +if test x"$osname" = x"freebsd"; then + AC_CHECK_MEMBERS([struct xucred.cr_pid, struct xucred.cr_uid, struct xucred.cr_gid], , , [[ +#include +#include +]]) +else + AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , + [[#include ]]) +fi + if test x"$ac_cv_member_struct_ucred_pid" = xyes -a \ x"$ac_cv_member_struct_ucred_uid" = xyes -a \ diff --git a/src/krb5_plugin/common/radius_kdcpreauth.c b/src/krb5_plugin/common/radius_kdcpreauth.c index 77f3661ef4e..15040d18870 100644 --- a/src/krb5_plugin/common/radius_kdcpreauth.c +++ b/src/krb5_plugin/common/radius_kdcpreauth.c @@ -18,6 +18,9 @@ along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/lib/certmap/sss_certmap.exports b/src/lib/certmap/sss_certmap.exports index 7d7667738e3..952917e5fa6 100644 --- a/src/lib/certmap/sss_certmap.exports +++ b/src/lib/certmap/sss_certmap.exports @@ -2,7 +2,6 @@ SSS_CERTMAP_0.0 { global: sss_certmap_init; sss_certmap_free_ctx; - sss_certmap_err_msg; sss_certmap_add_rule; sss_certmap_match_cert; sss_certmap_get_search_filter; diff --git a/src/lib/winbind_idmap_sss/winbind_idmap_sss.c b/src/lib/winbind_idmap_sss/winbind_idmap_sss.c index 58375322a08..e722c36ce2c 100644 --- a/src/lib/winbind_idmap_sss/winbind_idmap_sss.c +++ b/src/lib/winbind_idmap_sss/winbind_idmap_sss.c @@ -22,6 +22,8 @@ along with this program. If not, see . */ +#include +#include #include #include diff --git a/src/lib/winbind_idmap_sss/winbind_idmap_sss.h b/src/lib/winbind_idmap_sss/winbind_idmap_sss.h index 78800838eb7..5a3cd10faa8 100644 --- a/src/lib/winbind_idmap_sss/winbind_idmap_sss.h +++ b/src/lib/winbind_idmap_sss/winbind_idmap_sss.h @@ -29,6 +29,8 @@ #include #include +#include +#include #include #include diff --git a/src/p11_child/p11_child_common.c b/src/p11_child/p11_child_common.c index 583c88ac54b..c8f67e274e0 100644 --- a/src/p11_child/p11_child_common.c +++ b/src/p11_child/p11_child_common.c @@ -27,7 +27,9 @@ #include #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include "util/util.h" #include "util/child_common.h" diff --git a/src/passkey_child/passkey_child_common.c b/src/passkey_child/passkey_child_common.c index 9e71631a798..43d953802a0 100644 --- a/src/passkey_child/passkey_child_common.c +++ b/src/passkey_child/passkey_child_common.c @@ -23,7 +23,9 @@ */ #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include #include #include @@ -276,7 +278,9 @@ parse_arguments(TALLOC_CTX *mem_ctx, int argc, const char *argv[], poptFreeContext(pc); +#ifndef __FreeBSD__ prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); +#endif // __FreeBSD__ if (user_verification != NULL) { if (strcmp(user_verification, "true") == 0) { diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c index 48e3b811477..976b184ef55 100644 --- a/src/providers/ad/ad_common.c +++ b/src/providers/ad/ad_common.c @@ -19,6 +19,9 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include "providers/ad/ad_common.h" diff --git a/src/providers/ad/ad_gpo_child.c b/src/providers/ad/ad_gpo_child.c index 27691f9c19d..cccb1d85fd1 100644 --- a/src/providers/ad/ad_gpo_child.c +++ b/src/providers/ad/ad_gpo_child.c @@ -26,7 +26,9 @@ #include #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include #include @@ -705,7 +707,9 @@ main(int argc, const char *argv[]) poptFreeContext(pc); +#ifndef __FreeBSD__ prctl(PR_SET_DUMPABLE, (dumpable == 0) ? 0 : 1); +#endif // __FreeBSD__ debug_prg_name = talloc_asprintf(NULL, "gpo_child[%d]", getpid()); if (debug_prg_name == NULL) { diff --git a/src/providers/ad/ad_pac.h b/src/providers/ad/ad_pac.h index 405d1c3af1b..d757f27677c 100644 --- a/src/providers/ad/ad_pac.h +++ b/src/providers/ad/ad_pac.h @@ -32,6 +32,8 @@ #ifdef ldb_val #error Please make sure to include ad_pac.h before ldb.h #endif +#include +#include #include #include #include diff --git a/src/providers/ad/ad_pac_common.c b/src/providers/ad/ad_pac_common.c index fcb54cd2cb5..0f3bc9cfdbe 100644 --- a/src/providers/ad/ad_pac_common.c +++ b/src/providers/ad/ad_pac_common.c @@ -21,6 +21,9 @@ */ +#include +#include + #include "providers/ad/ad_pac.h" #include "util/util.h" diff --git a/src/providers/data_provider/dp_modules.c b/src/providers/data_provider/dp_modules.c index 2e6e33ddbc5..59f6f6fec58 100644 --- a/src/providers/data_provider/dp_modules.c +++ b/src/providers/data_provider/dp_modules.c @@ -23,6 +23,9 @@ #include "providers/data_provider/dp.h" #include "providers/data_provider/dp_private.h" #include "providers/backend.h" +#ifdef __FreeBSD__ +#include "util/sss_bsd_errno.h" +#endif // __FreeBSD__ #include "util/util.h" /* There can be at most the same number of different modules loaded at diff --git a/src/providers/data_provider/dp_targets.c b/src/providers/data_provider/dp_targets.c index 75cb47d8ae2..131f33ac73c 100644 --- a/src/providers/data_provider/dp_targets.c +++ b/src/providers/data_provider/dp_targets.c @@ -26,6 +26,9 @@ #include "providers/data_provider/dp_private.h" #include "providers/data_provider/dp_builtin.h" #include "providers/backend.h" +#ifdef __FreeBSD__ +#include "util/sss_bsd_errno.h" +#endif // __FreeBSD__ #include "util/util.h" #define DP_TARGET_INIT_FN "sssm_%s_%s_init" diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index f8e90a0486e..eb000051b94 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -25,6 +25,8 @@ #include #include #include +#include +#include #include #include #include diff --git a/src/providers/data_provider_fo.c b/src/providers/data_provider_fo.c index c23f92e3556..1e7e6879913 100644 --- a/src/providers/data_provider_fo.c +++ b/src/providers/data_provider_fo.c @@ -19,6 +19,9 @@ along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include "providers/backend.h" diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 01c835c7334..87523582303 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -22,6 +22,9 @@ along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c index 597bc8d9bfe..a949e99c63e 100644 --- a/src/providers/ipa/ipa_deskprofile_rules_util.c +++ b/src/providers/ipa/ipa_deskprofile_rules_util.c @@ -23,6 +23,8 @@ #include "providers/ipa/ipa_deskprofile_rules_util.h" #include "providers/ipa/ipa_deskprofile_private.h" #include "providers/ipa/ipa_rules_common.h" +#include +#include #include #include diff --git a/src/providers/krb5/krb5_child.c b/src/providers/krb5/krb5_child.c index 8de0702adde..e38adae7bfa 100644 --- a/src/providers/krb5/krb5_child.c +++ b/src/providers/krb5/krb5_child.c @@ -29,7 +29,9 @@ #include #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include diff --git a/src/providers/ldap/ldap_auth.c b/src/providers/ldap/ldap_auth.c index 370cdf17188..d06a8f2c9ab 100644 --- a/src/providers/ldap/ldap_auth.c +++ b/src/providers/ldap/ldap_auth.c @@ -37,7 +37,9 @@ #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include #include "util/util.h" @@ -51,6 +53,24 @@ #define LDAP_PWEXPIRE_WARNING_TIME 0 +#ifdef __FreeBSD__ +struct spwd +{ + char *sp_namp; /* Login name. */ + char *sp_pwdp; /* Encrypted password. */ + long int sp_lstchg; /* Date of last change. */ + long int sp_min; /* Minimum number of days between changes. */ + long int sp_max; /* Maximum number of days between changes. */ + long int sp_warn; /* Number of days to warn user to change + the password. */ + long int sp_inact; /* Number of days the account may be + inactive. */ + long int sp_expire; /* Number of days since 1970-01-01 until + account expires. */ + unsigned long int sp_flag; /* Reserved. */ +}; +#endif // __FreeBSD__ + static errno_t add_expired_warning(struct pam_data *pd, long exp_time) { int ret; @@ -96,9 +116,15 @@ static errno_t check_pwexpire_kerberos(const char *expire_date, time_t now, } DEBUG(SSSDBG_TRACE_ALL, +#ifdef __FreeBSD__ + "Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%"SPRItime"] expire_time [%"SPRItime"].\n", + tzname[0], tzname[1], now, expire_time); +#else // __FreeBSD__ "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n", tzname[0], tzname[1], timezone, daylight, now, expire_time); +#endif // __FreeBSD__ if (expire_time == 0) { /* Used by the MIT LDAP KDB plugin to indicate "never" */ diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c index 86269cabf56..bf87b240b2e 100644 --- a/src/providers/ldap/ldap_child.c +++ b/src/providers/ldap/ldap_child.c @@ -23,12 +23,17 @@ */ #include +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include "util/util.h" #include "util/sss_krb5.h" diff --git a/src/providers/ldap/sdap_access.c b/src/providers/ldap/sdap_access.c index bbfa2620d04..d6af8f325ba 100644 --- a/src/providers/ldap/sdap_access.c +++ b/src/providers/ldap/sdap_access.c @@ -24,6 +24,9 @@ #include "config.h" +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include @@ -568,9 +571,15 @@ bool nds_check_expired(const char *exp_time_str) now = time(NULL); DEBUG(SSSDBG_TRACE_ALL, +#ifdef __FreeBSD__ + "Time info: tzname[0] [%s] tzname[1] [%s] " + "now [%"SPRItime"] expire_time [%"SPRItime"].\n", + tzname[0], tzname[1], now, expire_time); +#else // __FreeBSD__ "Time info: tzname[0] [%s] tzname[1] [%s] timezone [%ld] " "daylight [%d] now [%"SPRItime"] expire_time [%"SPRItime"].\n", tzname[0], tzname[1], timezone, daylight, now, expire_time); +#endif // __FreeBSD__ if (difftime(now, expire_time) > 0.0) { DEBUG(SSSDBG_CONF_SETTINGS, "NDS account expired.\n"); diff --git a/src/providers/ldap/sdap_async_sudo_hostinfo.c b/src/providers/ldap/sdap_async_sudo_hostinfo.c index a3c3e10680a..967039746ce 100644 --- a/src/providers/ldap/sdap_async_sudo_hostinfo.c +++ b/src/providers/ldap/sdap_async_sudo_hostinfo.c @@ -18,6 +18,9 @@ along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/providers/proxy/proxy_child.c b/src/providers/proxy/proxy_child.c index b8fe7931d03..80b19f74536 100644 --- a/src/providers/proxy/proxy_child.c +++ b/src/providers/proxy/proxy_child.c @@ -30,6 +30,9 @@ #include #include #include +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include @@ -456,6 +459,17 @@ int proxy_child_process_init(TALLOC_CTX *mem_ctx, const char *domain, return EOK; } +#if (defined(__FreeBSD__) && (__FreeBSD__ < 14)) +extern char **environ; + +static int +clearenv(void) +{ + *environ = NULL; + return 0; +} +#endif + int main(int argc, const char *argv[]) { int opt; diff --git a/src/resolv/async_resolv_utils.c b/src/resolv/async_resolv_utils.c index f86181b91d7..5ba2d8a0471 100644 --- a/src/resolv/async_resolv_utils.c +++ b/src/resolv/async_resolv_utils.c @@ -18,6 +18,9 @@ along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c b/src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c index 324d20e2b08..addf9b3f976 100644 --- a/src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c +++ b/src/responder/common/cache_req/plugins/cache_req_ip_host_by_addr.c @@ -23,6 +23,9 @@ #include #include #include +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include "db/sysdb.h" #include "db/sysdb_iphosts.h" diff --git a/src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c b/src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c index 0ad7f618c41..150223458a4 100644 --- a/src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c +++ b/src/responder/common/cache_req/plugins/cache_req_ip_network_by_addr.c @@ -23,6 +23,9 @@ #include #include #include +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include "db/sysdb.h" #include "db/sysdb_ipnetworks.h" diff --git a/src/responder/common/responder_common.c b/src/responder/common/responder_common.c index 77449363059..12b672b86af 100644 --- a/src/responder/common/responder_common.c +++ b/src/responder/common/responder_common.c @@ -33,6 +33,9 @@ #include #include +#ifdef __FreeBSD__ +#include "util/sss_bsd_errno.h" +#endif // __FreeBSD__ #include "util/util.h" #include "util/strtonum.h" #include "db/sysdb.h" diff --git a/src/responder/common/responder_packet.c b/src/responder/common/responder_packet.c index db74cc13d32..b93c95484e9 100644 --- a/src/responder/common/responder_packet.c +++ b/src/responder/common/responder_packet.c @@ -25,6 +25,9 @@ #include #include +#ifdef __FreeBSD__ +#include "util/sss_bsd_errno.h" +#endif // __FreeBSD__ #include "util/util.h" #include "responder/common/responder_packet.h" diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c index 738562f37a2..b007be71e22 100644 --- a/src/responder/kcm/kcmsrv_ccache_secdb.c +++ b/src/responder/kcm/kcmsrv_ccache_secdb.c @@ -21,6 +21,10 @@ #include "config.h" +#ifdef __FreeBSD__ +#include +#include +#endif // __FreeBSD__ #include #include @@ -872,8 +876,13 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX *mem_ctx, continue; } +#ifdef __FreeBSD__ + cli_cred.ucred.cr_uid = pwd->pw_uid; + cli_cred.ucred.cr_gid = pwd->pw_gid; +#else // __FreeBSD__ cli_cred.ucred.uid = pwd->pw_uid; cli_cred.ucred.gid = pwd->pw_gid; +#endif // __FreeBSD__ ret = key_by_uuid(tmp_ctx, secdb->sctx, &cli_cred, uuid, &secdb_key); if (ret != EOK) { diff --git a/src/responder/kcm/kcmsrv_cmd.c b/src/responder/kcm/kcmsrv_cmd.c index ed2e0694495..1d13b67cdf8 100644 --- a/src/responder/kcm/kcmsrv_cmd.c +++ b/src/responder/kcm/kcmsrv_cmd.c @@ -20,9 +20,15 @@ */ #include +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include "config.h" +#ifdef __FreeBSD__ +#include "util/sss_bsd_errno.h" +#endif // __FreeBSD__ #include "util/util.h" #include "responder/common/responder.h" #include "responder/kcm/kcmsrv_pvt.h" diff --git a/src/responder/kcm/kcmsrv_ops.c b/src/responder/kcm/kcmsrv_ops.c index 00a056473b7..eeda269fa1a 100644 --- a/src/responder/kcm/kcmsrv_ops.c +++ b/src/responder/kcm/kcmsrv_ops.c @@ -21,6 +21,9 @@ #include "config.h" +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include diff --git a/src/responder/nss/nsssrv_mmap_cache.c b/src/responder/nss/nsssrv_mmap_cache.c index d1ba9302605..6f9f80c84db 100644 --- a/src/responder/nss/nsssrv_mmap_cache.c +++ b/src/responder/nss/nsssrv_mmap_cache.c @@ -23,6 +23,7 @@ #include "util/crypto/sss_crypto.h" #include "confdb/confdb.h" #include +#include #include #include "util/mmap_cache.h" #include "sss_client/idmap/sss_nss_idmap.h" @@ -1445,8 +1446,14 @@ errno_t sss_mmap_cache_init(TALLOC_CTX *mem_ctx, const char *name, /* Attempt allocation several times, in case of EINTR */ for (int i = 0; i < POSIX_FALLOCATE_ATTEMPTS; i++) { ret = posix_fallocate(mc_ctx->fd, 0, mc_ctx->mmap_size); - if (ret != EINTR) - break; + if (ret != EINTR && ret == EINVAL) { + /* posix_fallocate doesn't work on ZFS */ + ret = ftruncate(mc_ctx->fd, mc_ctx->mmap_size); + if (ret != 0) { + break; + } + } else if (ret != EINTR) + break; } if (ret) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to allocate file %s: %d(%s)\n", diff --git a/src/sbus/sbus_errors.c b/src/sbus/sbus_errors.c index c6449dd87ec..e3f2f75ff9e 100644 --- a/src/sbus/sbus_errors.c +++ b/src/sbus/sbus_errors.c @@ -53,7 +53,7 @@ static const struct { { DBUS_ERROR_LIMITS_EXCEEDED, ERANGE}, { DBUS_ERROR_ACCESS_DENIED, EPERM}, { DBUS_ERROR_AUTH_FAILED, EACCES}, - { DBUS_ERROR_NO_NETWORK, ENONET}, + { DBUS_ERROR_NO_NETWORK, EHOSTDOWN}, { DBUS_ERROR_DISCONNECTED, ERR_OFFLINE}, { DBUS_ERROR_INVALID_ARGS, EINVAL}, diff --git a/src/sss_client/bsdnss.c b/src/sss_client/bsdnss.c new file mode 100644 index 00000000000..21484bdca1f --- /dev/null +++ b/src/sss_client/bsdnss.c @@ -0,0 +1,215 @@ +#include +#include +#include +#include +#include +#include +#include + +NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); +NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); + +NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); + +extern enum nss_status _nss_sss_getgrent_r(struct group *, char *, size_t, + int *); +extern enum nss_status _nss_sss_getgrnam_r(const char *, struct group *, + char *, size_t, int *); +extern enum nss_status _nss_sss_getgrgid_r(gid_t gid, struct group *, char *, + size_t, int *); +extern enum nss_status _nss_sss_setgrent(void); +extern enum nss_status _nss_sss_endgrent(void); + +extern enum nss_status _nss_sss_getpwent_r(struct passwd *, char *, size_t, + int *); +extern enum nss_status _nss_sss_getpwnam_r(const char *, struct passwd *, + char *, size_t, int *); +extern enum nss_status _nss_sss_getpwuid_r(gid_t gid, struct passwd *, char *, + size_t, int *); +extern enum nss_status _nss_sss_setpwent(void); +extern enum nss_status _nss_sss_endpwent(void); + +extern enum nss_status _nss_sss_gethostbyname_r(const char *name, + struct hostent * result, + char *buffer, size_t buflen, + int *errnop, + int *h_errnop); + +extern enum nss_status _nss_sss_gethostbyname2_r(const char *name, int af, + struct hostent * result, + char *buffer, size_t buflen, + int *errnop, + int *h_errnop); +extern enum nss_status _nss_sss_gethostbyaddr_r(struct in_addr * addr, int len, + int type, + struct hostent * result, + char *buffer, size_t buflen, + int *errnop, int *h_errnop); + +extern enum nss_status _nss_sss_getgroupmembership(const char *uname, + gid_t agroup, gid_t *groups, + int maxgrp, int *grpcnt); + +NSS_METHOD_PROTOTYPE(__nss_compat_getgroupmembership); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setgrent); +NSS_METHOD_PROTOTYPE(__nss_compat_endgrent); + +NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r); +NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r); +NSS_METHOD_PROTOTYPE(__nss_compat_setpwent); +NSS_METHOD_PROTOTYPE(__nss_compat_endpwent); + +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2); +NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr); + +static ns_mtab methods[] = { +{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, +{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, +{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, +{ NSDB_GROUP, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, +{ NSDB_GROUP, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, + +{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, +{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, +{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, +{ NSDB_PASSWD, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, +{ NSDB_PASSWD, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, + +{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_sss_gethostbyname_r }, +{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_sss_gethostbyaddr_r }, +{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_sss_gethostbyname2_r }, + +{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_sss_getgrnam_r }, +{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_sss_getgrgid_r }, +{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_sss_getgrent_r }, +{ NSDB_GROUP_COMPAT, "setgrent", __nss_compat_setgrent, _nss_sss_setgrent }, +{ NSDB_GROUP_COMPAT, "endgrent", __nss_compat_endgrent, _nss_sss_endgrent }, + +{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_sss_getpwnam_r }, +{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_sss_getpwuid_r }, +{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_sss_getpwent_r }, +{ NSDB_PASSWD_COMPAT, "setpwent", __nss_compat_setpwent, _nss_sss_setpwent }, +{ NSDB_PASSWD_COMPAT, "endpwent", __nss_compat_endpwent, _nss_sss_endpwent }, + +{ NSDB_GROUP, "getgroupmembership", __nss_compat_getgroupmembership, _nss_sss_getgroupmembership }, + +}; + + +ns_mtab * +nss_module_register(const char *source, unsigned int *mtabsize, + nss_module_unregister_fn *unreg) +{ + *mtabsize = sizeof(methods)/sizeof(methods[0]); + *unreg = NULL; + return (methods); +} + +int __nss_compat_getgroupmembership(void *retval, void *mdata, va_list ap) +{ + int (*fn)(const char *, gid_t, gid_t *, int, int *); + + const char *uname; + gid_t agroup; + gid_t *groups; + int maxgrp; + int *grpcnt; + int errnop = 0; + enum nss_status status; + + fn = mdata; + uname = va_arg(ap, const char *); + agroup = va_arg(ap, gid_t); + groups = va_arg(ap, gid_t *); + maxgrp = va_arg(ap, int); + grpcnt = va_arg(ap, int *); + status = fn(uname, agroup, groups, maxgrp, grpcnt); + status = __nss_compat_result(status, errnop); + return (status); +} + +int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap) +{ + enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); + const char *name; + struct hostent *result; + char buffer[1024]; + size_t buflen = 1024; + int errnop; + int h_errnop; + int af; + enum nss_status status; + + fn = mdata; + name = va_arg(ap, const char*); + af = va_arg(ap,int); + result = va_arg(ap,struct hostent *); + status = fn(name, result, buffer, buflen, &errnop, &h_errnop); + status = __nss_compat_result(status,errnop); + h_errno = h_errnop; + return (status); +} + +int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap) +{ + enum nss_status (*fn)(const char *, struct hostent *, char *, size_t, int *, int *); + const char *name; + struct hostent *result; + char buffer[1024]; + size_t buflen = 1024; + int errnop; + int h_errnop; + int af; + enum nss_status status; + + fn = mdata; + name = va_arg(ap, const char*); + af = va_arg(ap,int); + result = va_arg(ap,struct hostent *); + status = fn(name, result, buffer, buflen, &errnop, &h_errnop); + status = __nss_compat_result(status,errnop); + h_errno = h_errnop; + return (status); +} + +int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap) +{ + struct in_addr *addr; + int len; + int type; + struct hostent *result; + char buffer[1024]; + size_t buflen = 1024; + int errnop; + int h_errnop; + enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *); + enum nss_status status; + + fn = mdata; + addr = va_arg(ap, struct in_addr*); + len = va_arg(ap,int); + type = va_arg(ap,int); + result = va_arg(ap, struct hostent*); + status = fn(addr, len, type, result, buffer, buflen, &errnop, &h_errnop); + status = __nss_compat_result(status,errnop); + h_errno = h_errnop; + return (status); +} diff --git a/src/sss_client/common.c b/src/sss_client/common.c index e19478e3526..c95d8e11346 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -207,7 +207,7 @@ static enum sss_status sss_cli_send_req(enum sss_cli_command cmd, *errnop = error; break; case 0: - *errnop = ETIME; + *errnop = ETIMEDOUT; break; case 1: if (pfd.revents & (POLLERR | POLLHUP)) { @@ -319,7 +319,7 @@ static enum sss_status sss_cli_recv_rep(enum sss_cli_command cmd, *errnop = error; break; case 0: - *errnop = ETIME; + *errnop = ETIMEDOUT; break; case 1: if (pfd.revents & (POLLHUP)) { @@ -817,7 +817,7 @@ static enum sss_status sss_cli_check_socket(int *errnop, *errnop = error; break; case 0: - *errnop = ETIME; + *errnop = ETIMEDOUT; break; case 1: if (pfd.revents & (POLLERR | POLLHUP)) { diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c index 7b77d019f66..9b9bd0adbc7 100644 --- a/src/sss_client/nss_group.c +++ b/src/sss_client/nss_group.c @@ -411,6 +411,77 @@ enum nss_status _nss_sss_initgroups_dyn(const char *user, gid_t group, return nret; } +#ifdef __FreeBSD__ +#define MIN(a, b)((a) < (b) ? (a) : (b)) + +int gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) +{ + int ret, dupc; + + for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { + if (groups[dupc] == gid) + return 1; + } + + ret = 1; + if (*grpcnt < maxgrp) + groups[*grpcnt] = gid; + else + ret = 0; + + (*grpcnt)++; + + return ret; +} + +enum nss_status _nss_sss_getgroupmembership(const char *uname, gid_t agroup, + gid_t *groups, int maxgrp, + int *grpcnt) +{ + struct sss_cli_req_data rd; + uint8_t *repbuf; + size_t replen; + enum nss_status nret; + uint32_t *rbuf; + uint32_t num_ret; + long int l, max_ret; + int errnop; + + rd.len = strlen(uname) +1; + rd.data = uname; + + sss_nss_lock(); + + nret = sss_nss_make_request(SSS_NSS_INITGR, &rd, + &repbuf, &replen, &errnop); + if (nret != NSS_STATUS_SUCCESS) { + goto done; + } + + /* no results if not found */ + num_ret = ((uint32_t *)repbuf)[0]; + if (num_ret == 0) { + free(repbuf); + nret = NSS_STATUS_NOTFOUND; + goto done; + } + max_ret = num_ret; + + gr_addgid(agroup, groups, maxgrp, grpcnt); + + rbuf = &((uint32_t *)repbuf)[2]; + for (l = 0; l < max_ret; l++) { + gr_addgid(rbuf[l], groups, maxgrp, grpcnt); + } + + free(repbuf); + nret = NSS_STATUS_SUCCESS; + +done: + sss_nss_unlock(); + return nret; +} +#endif // __FreeBSD__ enum nss_status _nss_sss_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c index 81017bc9db2..87b055cc2c4 100644 --- a/src/sss_client/nss_hosts.c +++ b/src/sss_client/nss_hosts.c @@ -22,6 +22,11 @@ #include "config.h" +#ifdef __FreeBSD__ +#include +#include +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c index 85d9cc746d8..fd5c02b738a 100644 --- a/src/sss_client/nss_ipnetworks.c +++ b/src/sss_client/nss_ipnetworks.c @@ -22,6 +22,11 @@ #include "config.h" +#ifdef __FreeBSD__ +#include +#include +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c index 600c3616a68..9b7a8ef1ebe 100644 --- a/src/sss_client/pam_sss.c +++ b/src/sss_client/pam_sss.c @@ -1445,7 +1445,11 @@ static int get_pam_items(pam_handle_t *pamh, uint32_t flags, pi->cli_pid = getpid(); +#ifdef __FreeBSD__ + pi->login_name = getlogin(); +#else // __FreeBSD__ pi->login_name = pam_modutil_getlogin(pamh); +#endif // __FreeBSD__ if (pi->login_name == NULL) pi->login_name=""; pi->domain_name = NULL; diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c index dd578ae5d39..047df9b437b 100644 --- a/src/sss_client/pam_sss_gss.c +++ b/src/sss_client/pam_sss_gss.c @@ -24,7 +24,11 @@ #include #include #include +#ifdef __FreeBSD__ +#include +#else // __FreeBSD__ #include +#endif // __FreeBSD__ #include #include #include @@ -46,7 +50,9 @@ bool debug_enabled; #define ERROR(pamh, fmt, ...) do { \ if (debug_enabled) { \ pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \ +#ifndef __FreeBSD__ pam_syslog(pamh, LOG_ERR, fmt, ## __VA_ARGS__); \ +#endif // __FreeBSD__ } \ } while (0) diff --git a/src/sss_client/sss_nss.exports b/src/sss_client/sss_nss.exports index d833ddfce41..59bb5893407 100644 --- a/src/sss_client/sss_nss.exports +++ b/src/sss_client/sss_nss.exports @@ -3,6 +3,7 @@ EXPORTED { # public functions global: + nss_module_register; _nss_sss_getpwnam_r; _nss_sss_getpwuid_r; _nss_sss_setpwent; @@ -14,8 +15,25 @@ EXPORTED { _nss_sss_setgrent; _nss_sss_getgrent_r; _nss_sss_endgrent; + _nss_sss_getgroupmembership; _nss_sss_initgroups_dyn; + #__nss_compat_getgrnam_r; + #__nss_compat_getgrgid_r; + #__nss_compat_getgrent_r; + #__nss_compat_setgrent; + #__nss_compat_endgrent; + + #__nss_compat_getpwnam_r; + #__nss_compat_getpwuid_r; + #__nss_compat_getpwent_r; + #__nss_compat_setpwent; + #__nss_compat_endpwent; + + #__nss_compat_gethostbyname; + #__nss_compat_gethostbyname2; + #__nss_compat_gethostbyaddr; + #_nss_sss_getaliasbyname_r; #_nss_sss_setaliasent; #_nss_sss_getaliasent_r; diff --git a/src/sss_client/sss_pac_responder_client.c b/src/sss_client/sss_pac_responder_client.c index ee0ec0e133e..9d7a6b5f231 100644 --- a/src/sss_client/sss_pac_responder_client.c +++ b/src/sss_client/sss_pac_responder_client.c @@ -24,6 +24,9 @@ #include #include +#ifdef __FreeBSD__ +#include +#endif // __FreeBSD__ #include #include "sss_client/sss_cli.h" @@ -97,7 +100,11 @@ static void *pac_client(void *arg) size_t c; fprintf(stderr, "[%"SPRItime"][%d][%ld][%s] started\n", +#ifdef __FreeBSD__ + time(NULL), getpid(), pthread_getthreadid_np(), (char *) arg); +#else // __FreeBSD__ time(NULL), getpid(), syscall(SYS_gettid), (char *) arg); +#endif // __FreeBSD__ for (c = 0; c < 1000; c++) { /* sss_pac_make_request() does not protect the client's file * descriptor to the PAC responder. With this one thread will miss a diff --git a/src/tests/cmocka/test_authtok.c b/src/tests/cmocka/test_authtok.c index c736fd5a336..043a93a1b8f 100644 --- a/src/tests/cmocka/test_authtok.c +++ b/src/tests/cmocka/test_authtok.c @@ -28,6 +28,7 @@ #include "tests/cmocka/common_mock.h" #include "util/authtok.h" +#include "util/sss_endian.h" struct test_state { diff --git a/src/util/child_common.c b/src/util/child_common.c index 0ed19baa7a6..b7e41f60699 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -30,7 +30,9 @@ #include #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include "util/debug.h" #include "util/util.h" @@ -814,7 +816,11 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, * host keytab accidentially. */ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", +#ifndef __FreeBSD_ prctl(PR_GET_DUMPABLE)); +#else // __FreeBSD_ + 0); +#else // __FreeBSD_ if (argv[argc] == NULL) { ret = ENOMEM; goto fail; diff --git a/src/util/find_uid.c b/src/util/find_uid.c index 1b506dfc391..5958f243aed 100644 --- a/src/util/find_uid.c +++ b/src/util/find_uid.c @@ -36,6 +36,10 @@ #include #include #include +#ifdef __FreeBSD__ +#include +#include +#endif // __FreeBSD__ #include "util/find_uid.h" #include "util/util.h" @@ -325,9 +329,86 @@ static errno_t get_active_uid_linux(hash_table_t *table, uid_t search_uid) return ret; } -errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) +#ifdef __FreeBSD__ +static errno_t get_active_uid_freebsd(hash_table_t *table, uid_t uid) +{ + struct kinfo_proc *kp; + hash_key_t key; + hash_value_t value; + size_t sz; + int err, mib[3]; + + mib[0] = CTL_KERN; + mib[1] = KERN_PROC; + mib[2] = KERN_PROC_PROC; + + sz = 0; + err = sysctl(mib, 3, NULL, &sz, NULL, 0); + if (err) { + err = errno; + DEBUG(SSSDBG_CRIT_FAILURE, "sysctl failed.\n"); + return err; + } + sz *= 2; + + kp = talloc_size(NULL, sz); + if (kp == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n"); + return ENOMEM; + } + + err = sysctl(mib, 3, kp, &sz, NULL, 0); + if (err) { + err = errno; + DEBUG(SSSDBG_CRIT_FAILURE, "sysctl failed.\n"); + talloc_free(kp); + return err; + } + + err = ENOENT; + for (size_t i = 0; i < sz / sizeof(struct kinfo_proc); i++) { + if (kp[i].ki_uid == 0) { + continue; + } + + if (table != NULL) { + key.type = HASH_KEY_ULONG; + key.ul = (unsigned long) kp[i].ki_ruid; + value.type = HASH_VALUE_ULONG; + value.ul = (unsigned long) kp[i].ki_ruid; + + err = hash_enter(table, &key, &value); + if (err != HASH_SUCCESS) { + DEBUG(SSSDBG_CRIT_FAILURE, + "cannot add to table [%s]\n", hash_error_string(err)); + err = ENOMEM; + break; + } + } else { + if (kp[i].ki_ruid == uid) { + err = EOK; + break; + } + } + } + talloc_free(kp); + return err; +} +#endif /* __FreeBSD__ */ + +static errno_t get_active_uid(hash_table_t *table, uid_t uid) { #ifdef __linux__ + return get_active_uid_linux(table, uid); +#elif defined(__FreeBSD__) + return get_active_uid_freebsd(table, uid); +#else + return ENOSYS; +#endif +} + +errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) +{ int ret; ret = hash_create_ex(0, table, 0, 0, 0, 0, @@ -339,10 +420,7 @@ errno_t get_uid_table(TALLOC_CTX *mem_ctx, hash_table_t **table) return ENOMEM; } - return get_active_uid_linux(*table, 0); -#else - return ENOSYS; -#endif + return get_active_uid(*table, 0); } errno_t check_if_uid_is_active(uid_t uid, bool *result) @@ -365,9 +443,9 @@ errno_t check_if_uid_is_active(uid_t uid, bool *result) /* fall back to the old method */ #endif - ret = get_active_uid_linux(NULL, uid); + ret = get_active_uid(NULL, uid); if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "get_active_uid_linux() failed.\n"); + DEBUG(SSSDBG_CRIT_FAILURE, "get_active_uid() failed.\n"); return ret; } diff --git a/src/util/nss_dl_load.c b/src/util/nss_dl_load.c index 44210830775..03b8e3cebe0 100644 --- a/src/util/nss_dl_load.c +++ b/src/util/nss_dl_load.c @@ -24,6 +24,9 @@ #include "util/util_errors.h" #include "util/debug.h" #include "nss_dl_load.h" +#ifdef __FreeBSD__ +#include "util/sss_bsd_errno.h" +#endif // __FreeBSD__ #define NSS_FN_NAME "_nss_%s_%s" @@ -36,7 +39,11 @@ static void *proxy_dlsym(void *handle, char *funcname; void *funcptr; +#ifdef __FreeBSD__ + funcname = talloc_asprintf(NULL, "%s", name); +#else // __FreeBSD__ funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name); +#endif // __FreeBSD__ if (funcname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); return NULL; @@ -56,7 +63,11 @@ errno_t sss_load_nss_symbols(struct sss_nss_ops *ops, const char *libname, char *libpath; size_t i; +#ifdef __FreeBSD__ + libpath = talloc_asprintf(NULL, "/lib/libc.so.7", libname); +#else // __FreeBSD__ libpath = talloc_asprintf(NULL, "libnss_%s.so.2", libname); +#endif // __FreeBSD__ if (libpath == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); return ENOMEM; diff --git a/src/util/server.c b/src/util/server.c index 8a01126d2ae..6d323c5ba06 100644 --- a/src/util/server.c +++ b/src/util/server.c @@ -30,17 +30,15 @@ #include #include #include +#ifndef __FreeBSD__ #include +#endif // __FreeBSD__ #include #include "util/util.h" #include "confdb/confdb.h" #include "util/sss_chain_id.h" #include "util/sss_chain_id_tevent.h" -#ifdef HAVE_PRCTL -#include -#endif - static TALLOC_CTX *autofree_ctx; static void server_atexit(void) @@ -320,10 +318,13 @@ static void setup_signals(void) BlockSignals(false, SIGTERM); #ifndef HAVE_PRCTL - /* If prctl is not defined on the system, try to handle - * some common termination signals gracefully */ + /* If prctl is not defined on the system, try to handle + * some common termination signals gracefully */ + (void) sig_segv_abrt; /* unused */ + /* CatchSignal(SIGSEGV, sig_segv_abrt); CatchSignal(SIGABRT, sig_segv_abrt); + */ #endif } @@ -738,6 +739,8 @@ int server_setup(const char *name, bool is_responder, DEBUG(SSSDBG_FATAL_FAILURE, "Failed to determine "CONFDB_MONITOR_DUMPABLE"\n"); return ret; } + +#ifdef HAVE_PRCTL ret = prctl(PR_SET_DUMPABLE, dumpable ? 1 : 0); if (ret != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set PR_SET_DUMPABLE\n"); @@ -745,6 +748,7 @@ int server_setup(const char *name, bool is_responder, } else if (!dumpable) { DEBUG(SSSDBG_IMPORTANT_INFO, "Core dumps are disabled!\n"); } +#endif sss_chain_id_setup(ctx->event_ctx); diff --git a/src/util/sss_bsd_errno.h b/src/util/sss_bsd_errno.h new file mode 100644 index 00000000000..b7bd215249f --- /dev/null +++ b/src/util/sss_bsd_errno.h @@ -0,0 +1,58 @@ +/* + SSSD + + Authors: + Lukas Slebodnik + + Copyright (C) 2013 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef SSS_BSD_ERRNO_H_ +#define SSS_BSD_ERRNO_H_ + +#include + +#define BSD_ERR_MASK (0xB5DE <<16) + +#ifndef EUCLEAN +#define EUCLEAN (BSD_ERR_MASK | 117) +#endif +#ifndef EMEDIUMTYPE +#define EMEDIUMTYPE (BSD_ERR_MASK | 124) +#endif +#ifndef EOWNERDEAD +#define EOWNERDEAD (BSD_ERR_MASK | 130) +#endif +#ifndef ECONNRESET +#define ECONNRESET (BSD_ERR_MASK | 104) +#endif +#ifndef ETIMEDOUT +#define ETIMEDOUT (BSD_ERR_MASK | 110) +#endif +#ifndef ENODATA +#define ENODATA (BSD_ERR_MASK | 61) +#endif +#ifndef ETIME +#define ETIME (BSD_ERR_MASK | 62) +#endif +#ifndef ELIBACC +#define ELIBACC (BSD_ERR_MASK | 79) +#endif +#ifndef ELIBBAD +#define ELIBBAD (BSD_ERR_MASK | 80) +#endif + +#endif /* SSS_BSD_ERRNO_H_ */ diff --git a/src/util/sss_krb5.c b/src/util/sss_krb5.c index 6b6dd2069ec..e5327d3ffda 100644 --- a/src/util/sss_krb5.c +++ b/src/util/sss_krb5.c @@ -17,6 +17,10 @@ You should have received a copy of the GNU General Public License along with this program. If not, see . */ +#ifdef __FreeBSD__ +#include +#include +#endif // __FreeBSD__ #include #include #include diff --git a/src/util/sss_pam_data.h b/src/util/sss_pam_data.h index e9b90a8a4e5..cd5be804698 100644 --- a/src/util/sss_pam_data.h +++ b/src/util/sss_pam_data.h @@ -24,6 +24,7 @@ #include "config.h" #include #include +#include #ifdef USE_KEYRING #include #include diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c index 60312d5ee98..3e9614114b0 100644 --- a/src/util/sss_sockets.c +++ b/src/util/sss_sockets.c @@ -145,6 +145,7 @@ errno_t set_fd_common_opts(int fd, int timeout) strerror(ret)); } +#ifndef __FreeBSD__ if (domain != AF_UNIX && type == SOCK_STREAM) { milli = timeout * 1000; /* timeout in milliseconds */ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli, @@ -156,6 +157,7 @@ errno_t set_fd_common_opts(int fd, int timeout) strerror(ret)); } } +#endif // __FreeBSD__ } return EOK; @@ -258,7 +260,7 @@ static void sssd_async_connect_done(struct tevent_context *ev, talloc_zfree(fde); - if (ret == EOK) { + if (ret == EOK || ret == EISCONN) { tevent_req_done(req); } else { ret = errno; diff --git a/src/util/util.c b/src/util/util.c index bc34b0ba662..e2c06a11dca 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -785,6 +785,18 @@ errno_t sss_fd_nonblocking(int fd) return EOK; } +#ifdef __FreeBSD__ +int flb_timezone(void) +{ + struct tm tm; + time_t t = 0; + tzset(); + localtime_r(&t, &tm); + return -(tm.tm_gmtoff); +} +#define timezone (flb_timezone()) +#endif // __FreeBSD__ + /* Convert GeneralizedTime (http://en.wikipedia.org/wiki/GeneralizedTime) * to unix time (seconds since epoch). Use UTC time zone. */ diff --git a/src/util/util_creds.h b/src/util/util_creds.h index 598275834ed..1a3213c822b 100644 --- a/src/util/util_creds.h +++ b/src/util/util_creds.h @@ -64,6 +64,18 @@ typedef void * SEC_CTX; #endif /* done HAVE_SELINUX */ #include +#ifdef __FreeBSD__ +#include +#include +struct cli_creds { + struct xucred ucred; + SELINUX_CTX selinux_ctx; +}; + +#define cli_creds_get_uid(x) (x->ucred.cr_uid) +#define cli_creds_get_gid(x) (x->ucred.cr_gid) + +#else // __FreeBSD__ struct cli_creds { struct ucred ucred; SELINUX_CTX selinux_ctx; @@ -71,5 +83,6 @@ struct cli_creds { #define cli_creds_get_uid(x) (x->ucred.uid) #define cli_creds_get_gid(x) (x->ucred.gid) +#endif // __FreeBSD__ #endif /* __SSSD_UTIL_CREDS_H__ */ From c3565538e638d99374b9a0b2ee954effa1864751 Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Mon, 16 Dec 2024 13:44:33 +0300 Subject: [PATCH 2/5] src/util/child_common.c: fix typo --- src/util/child_common.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/util/child_common.c b/src/util/child_common.c index b7e41f60699..163f1064633 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -816,11 +816,11 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, * host keytab accidentially. */ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", -#ifndef __FreeBSD_ +#ifndef __FreeBSD__ prctl(PR_GET_DUMPABLE)); -#else // __FreeBSD_ +#else // __FreeBSD__ 0); -#else // __FreeBSD_ +#else // __FreeBSD__ if (argv[argc] == NULL) { ret = ENOMEM; goto fail; From 913d15885312a433b58387a84905bcb4fdbe09f0 Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Mon, 16 Dec 2024 13:54:43 +0300 Subject: [PATCH 3/5] src/util/child_common.c: fix condition --- src/util/child_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/util/child_common.c b/src/util/child_common.c index 163f1064633..f2b65f0a9e6 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -820,7 +820,7 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, prctl(PR_GET_DUMPABLE)); #else // __FreeBSD__ 0); -#else // __FreeBSD__ +#endif // __FreeBSD__ if (argv[argc] == NULL) { ret = ENOMEM; goto fail; From 86898c42a89333a45ee51cef890b173457b66f95 Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Mon, 16 Dec 2024 14:15:42 +0300 Subject: [PATCH 4/5] src/util/child_common.c: rewrite condition --- src/util/child_common.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/util/child_common.c b/src/util/child_common.c index f2b65f0a9e6..c0671ecc159 100644 --- a/src/util/child_common.c +++ b/src/util/child_common.c @@ -40,6 +40,12 @@ #include "db/sysdb.h" #include "util/child_common.h" +#ifdef __FreeBSD__ +#define _MACRO_PRCTL_DUMPABLE 0 +#else // __FreeBSD__ +#define _MACRO_PRCTL_DUMPABLE prctl(PR_GET_DUMPABLE) +#endif // __FreeBSD__ + struct sss_sigchild_ctx { struct tevent_context *ev; hash_table_t *children; @@ -816,11 +822,7 @@ static errno_t prepare_child_argv(TALLOC_CTX *mem_ctx, * host keytab accidentially. */ argv[--argc] = talloc_asprintf(argv, "--dumpable=%d", -#ifndef __FreeBSD__ - prctl(PR_GET_DUMPABLE)); -#else // __FreeBSD__ - 0); -#endif // __FreeBSD__ + _MACRO_PRCTL_DUMPABLE); if (argv[argc] == NULL) { ret = ENOMEM; goto fail; From 005689f2d9cf652e3968375c2f5da613bdc6a22c Mon Sep 17 00:00:00 2001 From: Dima Panov Date: Mon, 16 Dec 2024 14:41:50 +0300 Subject: [PATCH 5/5] src/sss_client/pam_sss_gss.c: rewrite #ifdef guards fround macros --- src/sss_client/pam_sss_gss.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/src/sss_client/pam_sss_gss.c b/src/sss_client/pam_sss_gss.c index 047df9b437b..ebfad3d951e 100644 --- a/src/sss_client/pam_sss_gss.c +++ b/src/sss_client/pam_sss_gss.c @@ -47,14 +47,20 @@ bool debug_enabled; } \ } while (0) +#ifdef __FreeBSD__ +#define ERROR(pamh, fmt, ...) do { \ + if (debug_enabled) { \ + pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \ + } \ +} while (0) +#else // __FreeBSD__ #define ERROR(pamh, fmt, ...) do { \ if (debug_enabled) { \ pam_error(pamh, "pam_sss_gss: " fmt, ## __VA_ARGS__); \ -#ifndef __FreeBSD__ pam_syslog(pamh, LOG_ERR, fmt, ## __VA_ARGS__); \ -#endif // __FreeBSD__ } \ } while (0) +#endif // __FreeBSD__ static bool switch_euid(pam_handle_t *pamh, uid_t current, uid_t desired) {