Advanced fork of nss_ldap module with standalone daemon.

PR:		137349
Submitted by:	melifaro@ipfw.ru

net/nss-pam-ldapd/Makefile

@@ -0,0 +1,121 @@
+# Ports collection Makefile for:	nss_ldapd
+# Date created:				23/7/2009
+# Whom:					melifaro@ipfw.ru
+#
+# $FreeBSD$
+#
+
+PORTNAME=		nss_ldapd
+PORTVERSION=		0.6.11
+CATEGORIES=		net
+MASTER_SITES=		http://arthurdejong.org/nss-ldapd/
+DISTNAME=		nss-ldapd-${PORTVERSION}
+
+MAINTAINER=		melifaro@ipfw.ru
+COMMENT=		Advanced fork of nss_ldap
+
+GNU_CONFIGURE=		yes
+USE_GMAKE=		yes
+USE_LDCONFIG=		yes
+USE_OPENLDAP=		yes
+USE_RC_SUBR=		nslcd
+
+NSLCD_PIDFILE?=		/var/run/nslcd.pid
+NSLCD_SOCKET?=		/var/run/nslcd.ctl
+
+OPTIONS=		NSS_COMPAT	"Enable nss_ldap compatibility" on \
+			SASL		"Enable SASL" off
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 700000
+IGNORE=			problems with nss/libc TLS
+.endif
+
+CONFIGURE_ENV=		CPPFLAGS="-I${LOCALBASE}/include" \
+			LDFLAGS="-L${LOCALBASE}/lib"
+
+CONFIGURE_ARGS+=	--with-nslcd-pidfile=${NSLCD_PIDFILE} \
+			--with-nslcd-socket=${NSLCD_SOCKET} \
+			--with-ldap-lib=openldap --disable-kerberos
+
+.if defined(WITHOUT_NSS)
+.undef NSS_COMPAT
+.endif
+
+.if defined(WITH_NSS_COMPAT)
+CONFIGURE_ARGS+=	--with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf
+PLIST_SUB+=		CONFIG="nss_ldap"
+EXTRA_PATCHES+=		${PATCHDIR}/nss_compat.diff
+.else
+CONFIGURE_ARGS+=	--with-ldap-conf-file=${PREFIX}/etc/nss_ldapd.conf
+PLIST_SUB+=		CONFIG="nss_ldapd"
+.endif
+
+.if defined(WITH_SASL)
+WANT_OPENLDAP_SASL=	yes
+CONFIGURE_ARGS+=	--enable-sasl
+.else
+CONFIGURE_ARGS+=	--disable-sasl
+.endif
+
+.if defined(WITH_PAM)
+CONFIGURE_ARGS+=	--enable-pam
+.else
+CONFIGURE_ARGS+=	--disable-pam
+.endif
+
+.if defined(WITHOUT_NSS)
+CONFIGURE_ARGS+=	--disable-nss
+PLIST_SUB+=		NSS="@comment "
+.else
+CONFIGURE_ARGS+=	--enable-nss
+CONFLICTS+=		nss_ldap-1.*
+PLIST_SUB+=		NSS=""
+.endif
+
+.if defined(WITHOUT_NSLCD)
+CONFIGURE_ARGS+=	--disable-nslcd
+PLIST_SUB+=		NSLCD="@comment "
+.else
+CONFIGURE_ARGS+=	--enable-nslcd
+PLIST_SUB+=		NSLCD=""
+MAN8=			nslcd.8
+.endif
+
+MAN5=			nss-ldapd.conf.5
+
+post-extract:
+	@${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in
+	@${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/;s/exports\.linux/exports.freebsd/' ${WRKSRC}/nss/Makefile.in
+	@${REINPLACE_CMD} -e 's/^NSS_VERS = .*/NSS_VERS = 1/;s/libnss_ldap\.so/nss_ldap.so/' ${WRKSRC}/nss/Makefile.in
+	@${MV} ${WRKSRC}/nss/exports.linux ${WRKSRC}/nss/exports.freebsd
+	@${REINPLACE_CMD} -e 's/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF)/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF).sample/' ${WRKSRC}/Makefile.in
+
+post-install:
+	@${ECHO_MSG}
+	@${ECHO_MSG} =====================================================================
+	@${ECHO_MSG}
+.if defined(WITH_NSS_COMPAT)
+	@${ECHO_MSG} "                NSS_LDAP compatibility ENABLED."
+	@${ECHO_MSG}
+	@${ECHO_MSG} " LDAP configuration:      ${PREFIX}/etc/nss_ldap.conf"
+	@${ECHO_MSG} " Secret file:             ${PREFIX}/etc/nss_ldap.secret"
+	@${ECHO_MSG} " Sample configuration:    ${PREFIX}/etc/nss_ldap.conf.sample"
+	@${ECHO_MSG}
+	@${ECHO_MSG} " Check if you need to adjust  reconnect_* parameters"
+	@${ECHO_MSG} " WARNING: nss_ldapd will use ONLY rootbinddn to access LDAP data"
+.else
+	@${ECHO_MSG} " LDAP configuration:      ${PREFIX}/etc/nss_ldapd.conf"
+	@${ECHO_MSG} " Sample configuration:    ${PREFIX}/etc/nss_ldapd.conf.sample"
+	@${ECHO_MSG}
+.endif
+.if !defined(WITHOUT_NSS)
+	@${ECHO_MSG} " WARNING: Be sure to set uid and gid configuration parameters"
+	@${ECHO_MSG} " WARNING: to make nslcd run under unprivileged user"
+.endif
+	@${ECHO_MSG}
+	@${ECHO_MSG} =====================================================================
+	@${ECHO_MSG}
+
+.include <bsd.port.post.mk>

net/nss-pam-ldapd/distinfo

@@ -0,0 +1,3 @@
+MD5 (nss-ldapd-0.6.11.tar.gz) = 8e5087f74a128f2c12f974c176803747
+SHA256 (nss-ldapd-0.6.11.tar.gz) = ac41292c8c7c2a4fb2e77ee9bc165ecefc84e8c33682f8c87ee69381830a8aff
+SIZE (nss-ldapd-0.6.11.tar.gz) = 415271

net/nss-pam-ldapd/files/nslcd.in

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: nslcd
+# REQUIRE: DAEMON ldconfig resolv
+#
+# Add the following line to /etc/rc.conf to enable the nslcd daemon:
+#
+# nslcd_enable="YES"
+#
+
+nslcd_enable=${nslcd_enable-"NO"}
+
+. %%RC_SUBR%%
+
+name=nslcd
+rcvar=$(set_rcvar)
+
+command="%%PREFIX%%/sbin/%{name}"
+pidfile="/var/run/${name}.pid"
+
+load_rc_config ${name}
+run_rc_command "$1"

net/nss-pam-ldapd/files/nss_compat.diff

@@ -0,0 +1,75 @@
+--- nslcd/cfg.c.orig	2009-06-19 16:03:14.000000000 +0400
++++ nslcd/cfg.c	2009-08-10 20:41:31.000000000 +0400
+@@ -33,6 +33,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <libgen.h>
+ #include <errno.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+@@ -649,13 +650,31 @@
+ {
+   FILE *fp;
+   int lnr=0;
+-  char linebuf[MAX_LINE_LENGTH];
++  char linebuf[MAX_LINE_LENGTH], secret_path[512];
+   char *line;
+   char keyword[32];
+   char token[64];
+   int i;
+   int rc;
+   char *value;
++
++  /* get secret password */
++  snprintf(secret_path, sizeof(secret_path), "%s/nss_ldap.secret", dirname(filename));
++  if ((fp=fopen(secret_path,"r"))==NULL)
++  {
++    log_log(LOG_ERR,"cannot open secret file (%s): %s",secret_path,strerror(errno));
++    /* exit(EXIT_FAILURE); */
++  }
++  else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL)
++  {
++    i=strlen(linebuf);
++    if (i>0)
++      linebuf[i-1]='\0';
++    cfg->ldc_bindpw=strdup(linebuf);
++  }
++  if (fp!=NULL)
++    fclose(fp);
++
+   /* open config file */
+   if ((fp=fopen(filename,"r"))==NULL)
+   {
+@@ -724,13 +743,14 @@
+       get_int(filename,lnr,keyword,&line,&cfg->ldc_version);
+       get_eol(filename,lnr,keyword,&line);
+     }
+-    else if (strcasecmp(keyword,"binddn")==0)
++    else if (strcasecmp(keyword,"rootbinddn")==0)
+     {
+       get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn);
+     }
+     else if (strcasecmp(keyword,"bindpw")==0)
+     {
+-      get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
++      if (cfg->ldc_bindpw == NULL)
++        get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
+     }
+     /* SASL authentication options */
+     else if (strcasecmp(keyword,"sasl_authcid")==0)
+@@ -931,12 +951,14 @@
+       get_int(filename,lnr,keyword,&line,&cfg->ldc_pagesize);
+       get_eol(filename,lnr,keyword,&line);
+     }
++#if 0    
+     /* fallthrough */
+     else
+     {
+       log_log(LOG_ERR,"%s:%d: unknown keyword: '%s'",filename,lnr,keyword);
+       exit(EXIT_FAILURE);
+     }
++#endif    
+   }
+   /* we're done reading file, close */
+   fclose(fp);

net/nss-pam-ldapd/files/patch-nslcd__cfg.c

@@ -0,0 +1,23 @@
+--- ./nslcd/cfg.c.orig	2009-08-02 22:32:27.000000000 +0000
++++ ./nslcd/cfg.c	2009-08-02 22:49:26.000000000 +0000
+@@ -37,14 +37,13 @@
+ #include <errno.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+-#ifdef HAVE_GSSAPI_H
+-#include <gssapi.h>
+-#endif /* HAVE_GSSAPI_H */
+-#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
++#if HAVE_GSSAPI_GSSAPI_H
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_krb5.h>
+-#endif /* HAVE_GSSAPI_GSSAPI_KRB5_H */
+-#include <sys/types.h>
++#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
++#include <gssapi/gssapi_generic.h>
++#elif HAVE_GSSAPI_H
++#include <gssapi.h>
++#endif
+ #include <pwd.h>
+ #include <grp.h>
+ 

net/nss-pam-ldapd/files/patch-nslcd__common.c

@@ -0,0 +1,12 @@
+--- ./nslcd/common.c.orig	2009-02-27 17:27:08.000000000 +0000
++++ ./nslcd/common.c	2009-08-02 22:32:27.000000000 +0000
+@@ -27,6 +27,9 @@
+ #include <stdarg.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#ifdef __FreeBSD__
++#include <netinet/in.h>
++#endif
+ #include <arpa/inet.h>
+ #include <strings.h>
+ #include <limits.h>

net/nss-pam-ldapd/files/patch-nslcd__common.h

@@ -0,0 +1,30 @@
+--- ./nslcd/common.h.orig	2009-06-03 10:31:05.000000000 +0000
++++ ./nslcd/common.h	2009-08-02 22:32:27.000000000 +0000
+@@ -124,9 +124,9 @@
+ int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session);
++int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
++int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
++int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
+ int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session);
+@@ -145,8 +145,12 @@
+ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session);
+ 
+ /* macro for generating service handling code */
+-#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) \
+-  int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \
++#define COMMA	,
++#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn)	NSLCD_HANDLE_PARAMS(db,fn,,readfn,logcall,action,mkfilter,writefn)
++#define NSLCD_HANDLE_UID(db,fn,readfn,logcall,action,mkfilter,writefn)	NSLCD_HANDLE_PARAMS(db,fn,COMMA uid_t calleruid,readfn,logcall,action,mkfilter,writefn)
++
++#define NSLCD_HANDLE_PARAMS(db,fn,params,readfn,logcall,action,mkfilter,writefn) \
++  int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session params ) \
+   { \
+     /* define common variables */ \
+     int32_t tmpint32; \

net/nss-pam-ldapd/files/patch-nslcd__nslcd.c

@@ -0,0 +1,15 @@
+--- ./nslcd/nslcd.c.orig	2009-06-12 21:53:18.000000000 +0000
++++ ./nslcd/nslcd.c	2009-08-02 22:32:27.000000000 +0000
+@@ -398,9 +398,9 @@
+     case NSLCD_ACTION_NETWORK_BYNAME:   (void)nslcd_network_byname(fp,session); break;
+     case NSLCD_ACTION_NETWORK_BYADDR:   (void)nslcd_network_byaddr(fp,session); break;
+     case NSLCD_ACTION_NETWORK_ALL:      (void)nslcd_network_all(fp,session); break;
+-    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nslcd_passwd_byname(fp,session); break;
+-    case NSLCD_ACTION_PASSWD_BYUID:     (void)nslcd_passwd_byuid(fp,session); break;
+-    case NSLCD_ACTION_PASSWD_ALL:       (void)nslcd_passwd_all(fp,session); break;
++    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nslcd_passwd_byname(fp,session,uid); break;
++    case NSLCD_ACTION_PASSWD_BYUID:     (void)nslcd_passwd_byuid(fp,session,uid); break;
++    case NSLCD_ACTION_PASSWD_ALL:       (void)nslcd_passwd_all(fp,session,uid); break;
+     case NSLCD_ACTION_PROTOCOL_BYNAME:  (void)nslcd_protocol_byname(fp,session); break;
+     case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break;
+     case NSLCD_ACTION_PROTOCOL_ALL:     (void)nslcd_protocol_all(fp,session); break;

net/nss-pam-ldapd/files/patch-nslcd__passwd.c

@@ -0,0 +1,61 @@
+--- ./nslcd/passwd.c.orig	2009-06-29 19:04:54.000000000 +0000
++++ ./nslcd/passwd.c	2009-08-02 22:32:27.000000000 +0000
+@@ -292,7 +292,7 @@
+ #define MAXUIDS_PER_ENTRY 5
+ 
+ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
+-                        const uid_t *requid)
++                        const uid_t *requid,uid_t calleruid)
+ {
+   int32_t tmpint32;
+   const char **tmpvalues;
+@@ -323,7 +323,7 @@
+   else
+   {
+     passwd=get_userpassword(entry,attmap_passwd_userPassword);
+-    if (passwd==NULL)
++    if ((passwd==NULL) || (calleruid!=0))
+       passwd=default_passwd_userPassword;
+   }
+   /* get the uids for this entry */
+@@ -451,7 +451,7 @@
+   return 0;
+ }
+ 
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+   passwd,byname,
+   char name[256];
+   char filter[1024];
+@@ -463,10 +463,10 @@
+   log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name);,
+   NSLCD_ACTION_PASSWD_BYNAME,
+   mkfilter_passwd_byname(name,filter,sizeof(filter)),
+-  write_passwd(fp,entry,name,NULL)
++  write_passwd(fp,entry,name,NULL,calleruid)
+ )
+ 
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+   passwd,byuid,
+   uid_t uid;
+   char filter[1024];
+@@ -474,15 +474,15 @@
+   log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid);,
+   NSLCD_ACTION_PASSWD_BYUID,
+   mkfilter_passwd_byuid(uid,filter,sizeof(filter)),
+-  write_passwd(fp,entry,NULL,&uid)
++  write_passwd(fp,entry,NULL,&uid,calleruid)
+ )
+ 
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+   passwd,all,
+   const char *filter;
+   /* no parameters to read */,
+   log_log(LOG_DEBUG,"nslcd_passwd_all()");,
+   NSLCD_ACTION_PASSWD_ALL,
+   (filter=passwd_filter,0),
+-  write_passwd(fp,entry,NULL,NULL)
++  write_passwd(fp,entry,NULL,NULL,calleruid)
+ )

net/nss-pam-ldapd/files/patch-nss__bsdnss.c

@@ -0,0 +1,160 @@
+--- ./nss/bsdnss.c.orig	2009-08-10 16:06:22.000000000 +0000
++++ ./nss/bsdnss.c	2009-08-10 15:58:04.000000000 +0000
+@@ -0,0 +1,157 @@
++#include <errno.h>
++#include <sys/param.h>
++#include <netinet/in.h>
++#include <pwd.h>
++#include <grp.h>
++#include <nss.h>
++#include <netdb.h>
++
++#define BUFFER_SIZE		1024
++
++extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t,
++    int *);
++extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *,
++    char *, size_t, int *);
++extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *,
++    size_t, int *);
++extern enum nss_status _nss_ldap_setgrent(void);
++extern enum nss_status _nss_ldap_endgrent(void);
++
++extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t,
++    int *);
++extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *,
++    char *, size_t, int *);
++extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *,
++    size_t, int *);
++extern enum nss_status _nss_ldap_setpwent(void);
++extern enum nss_status _nss_ldap_endpwent(void);
++
++extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result,
++			   char *buffer, size_t buflen, int *errnop,
++			   int *h_errnop);
++
++extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result,
++			    char *buffer, size_t buflen, int *errnop,
++			    int *h_errnop);
++extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
++			   struct hostent * result, char *buffer,
++			   size_t buflen, int *errnop, int *h_errnop);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
++
++static ns_mtab methods[] = {
++{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
++{ NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
++
++{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
++{ NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
++
++{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
++{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
++{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
++
++{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP_COMPAT, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
++{ NSDB_GROUP_COMPAT, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
++
++{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD_COMPAT, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
++{ NSDB_PASSWD_COMPAT, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
++
++};
++
++
++int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
++{
++	enum nss_status 	(*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++	const char 	*name;
++	struct hostent 	*result;
++	char 		buffer[BUFFER_SIZE];
++	int 		errnop;
++	int		h_errnop;
++	int		af;
++	enum nss_status	status;
++	fn = mdata;
++	name = va_arg(ap, const char*);
++	af = va_arg(ap,int);
++	result = va_arg(ap,struct hostent *);
++	status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++	status = __nss_compat_result(status,errnop);
++	h_errno = h_errnop;
++	return (status);
++}
++
++int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
++{
++	enum nss_status 	(*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++	const char 	*name;
++	struct hostent 	*result;
++	char 		buffer[BUFFER_SIZE];
++	int 		errnop;
++	int		h_errnop;
++	int		af;
++	enum nss_status	status;
++	fn = mdata;
++	name = va_arg(ap, const char*);
++	af = va_arg(ap,int);
++	result = va_arg(ap,struct hostent *);
++	status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++	status = __nss_compat_result(status,errnop);
++	h_errno = h_errnop;
++	return (status);
++}
++
++int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
++{
++	struct in_addr 	*addr;
++	int 		len;
++	int 		type;
++	struct hostent	*result;
++	char 		buffer[BUFFER_SIZE];
++	int		errnop;
++	int		h_errnop;
++	enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
++	enum nss_status status;
++	fn = mdata;
++	addr = va_arg(ap, struct in_addr*);
++	len = va_arg(ap,int);
++	type = va_arg(ap,int);
++	result = va_arg(ap, struct hostent*);
++	status = fn(addr, len, type, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++	status = __nss_compat_result(status,errnop);
++	h_errno = h_errnop;
++	return (status);
++}
++
++ns_mtab *
++nss_module_register(const char *source, unsigned int *mtabsize,
++    nss_module_unregister_fn *unreg)
++{
++	*mtabsize = sizeof(methods)/sizeof(methods[0]);
++	*unreg = NULL;
++	return (methods);
++}

net/nss-pam-ldapd/files/patch-nss__exports.freebsd

@@ -0,0 +1,30 @@
+--- ./nss/exports.freebsd.orig	2007-12-31 16:49:01.000000000 +0000
++++ ./nss/exports.freebsd	2009-08-02 22:32:27.000000000 +0000
+@@ -78,6 +78,27 @@
+     _nss_ldap_getspent_r;
+     _nss_ldap_endspent;
+ 
++    # compat 4 bsd 
++    __nss_compat_getgrnam_r;
++    __nss_compat_getgrgid_r;
++    __nss_compat_getgrent_r;
++    __nss_compat_setgrent;
++    __nss_compat_endgrent;
++
++    __nss_compat_getpwnam_r;
++    __nss_compat_getpwuid_r;
++    __nss_compat_getpwent_r;
++    __nss_compat_setpwent;
++    __nss_compat_endpwent;
++
++    __nss_compat_gethostbyname;
++    __nss_compat_gethostbyname2;
++    __nss_compat_gethostbyaddr;
++    
++    # module init
++    nss_module_register;
++
++
+   # everything else should not be exported
+   local:
+     *;

net/nss-pam-ldapd/files/patch-nss__prototypes.h

@@ -0,0 +1,57 @@
+--- ./nss/prototypes.h.orig	2008-05-02 21:00:10.000000000 +0000
++++ ./nss/prototypes.h	2009-08-02 22:32:27.000000000 +0000
+@@ -24,13 +24,40 @@
+ #define _NSS_EXPORTS_H 1
+ 
+ #include <nss.h>
+-#include <aliases.h>
++#ifndef __FreeBSD__
+ #include <netinet/ether.h>
++#else
++#include <net/ethernet.h>
++#include <sys/socket.h>
++#endif
+ #include <sys/types.h>
+ #include <grp.h>
+ #include <netdb.h>
+ #include <pwd.h>
++#ifdef HAVE_SHADOW_H
+ #include <shadow.h>
++#endif
++
++#ifdef __FreeBSD__
++/* 
++ * Import from aliases.h
++ */
++struct aliasent
++  {
++    char *alias_name;
++    size_t alias_members_len;
++    char **alias_members;
++    int alias_local;
++  };
++
++struct rpcent
++{
++  char *r_name;         /* Name of server for this rpc program.  */
++  char **r_aliases;     /* Alias list.  */
++  int r_number;         /* RPC program number.  */
++};
++
++#endif
+ 
+ /* We define struct etherent here because it does not seem to
+    be defined in any publicly available header file exposed
+@@ -160,10 +187,12 @@
+ enum nss_status _nss_ldap_getservent_r(struct servent *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_endservent(void);
+ 
++#ifdef HAVE_SHADOW_H
+ /* shadow - extended user information */
+ enum nss_status _nss_ldap_getspnam_r(const char *name,struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_setspent(int stayopen);
+ enum nss_status _nss_ldap_getspent_r(struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_endspent(void);
++#endif
+ 
+ #endif /* not NSS_EXPORTS */

net/nss-pam-ldapd/files/patch-nss__shadow.c

@@ -0,0 +1,17 @@
+--- ./nss/shadow.c.orig	2009-05-29 21:23:03.000000000 +0000
++++ ./nss/shadow.c	2009-08-02 22:32:27.000000000 +0000
+@@ -22,6 +22,7 @@
+ 
+ #include "config.h"
+ 
++#ifdef HAVE_SHADOW_H
+ #include <string.h>
+ #include <nss.h>
+ #include <errno.h>
+@@ -73,3 +74,6 @@
+ {
+   NSS_ENDENT(spentfp);
+ }
++
++#endif
++

net/nss-pam-ldapd/pkg-descr

@@ -0,0 +1,11 @@
+nss_ldapd is a NSS module which provides an LDAP backend for C library
+functions such as getpwnam(3), getgrnam(3), and gethostbyname(3).  It
+is compliant with RFC 2307, ``An Approach for Using LDAP as a Network
+Information Service''.
+
+Key differences from nss_ldap:
+* lighter nss library (no ldap* dependings)
+* server-side connection caching
+
+
+WWW: http://arthurdejong.org/nss-ldapd/

net/nss-pam-ldapd/pkg-plist

@@ -0,0 +1,3 @@
+etc/%%CONFIG%%.conf.sample
+%%NSS%%lib/nss_ldap.so.1
+%%NSLCD%%sbin/nslcd

net/nss_ldapd/Makefile

@@ -0,0 +1,121 @@
+# Ports collection Makefile for:	nss_ldapd
+# Date created:				23/7/2009
+# Whom:					melifaro@ipfw.ru
+#
+# $FreeBSD$
+#
+
+PORTNAME=		nss_ldapd
+PORTVERSION=		0.6.11
+CATEGORIES=		net
+MASTER_SITES=		http://arthurdejong.org/nss-ldapd/
+DISTNAME=		nss-ldapd-${PORTVERSION}
+
+MAINTAINER=		melifaro@ipfw.ru
+COMMENT=		Advanced fork of nss_ldap
+
+GNU_CONFIGURE=		yes
+USE_GMAKE=		yes
+USE_LDCONFIG=		yes
+USE_OPENLDAP=		yes
+USE_RC_SUBR=		nslcd
+
+NSLCD_PIDFILE?=		/var/run/nslcd.pid
+NSLCD_SOCKET?=		/var/run/nslcd.ctl
+
+OPTIONS=		NSS_COMPAT	"Enable nss_ldap compatibility" on \
+			SASL		"Enable SASL" off
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 700000
+IGNORE=			problems with nss/libc TLS
+.endif
+
+CONFIGURE_ENV=		CPPFLAGS="-I${LOCALBASE}/include" \
+			LDFLAGS="-L${LOCALBASE}/lib"
+
+CONFIGURE_ARGS+=	--with-nslcd-pidfile=${NSLCD_PIDFILE} \
+			--with-nslcd-socket=${NSLCD_SOCKET} \
+			--with-ldap-lib=openldap --disable-kerberos
+
+.if defined(WITHOUT_NSS)
+.undef NSS_COMPAT
+.endif
+
+.if defined(WITH_NSS_COMPAT)
+CONFIGURE_ARGS+=	--with-ldap-conf-file=${PREFIX}/etc/nss_ldap.conf
+PLIST_SUB+=		CONFIG="nss_ldap"
+EXTRA_PATCHES+=		${PATCHDIR}/nss_compat.diff
+.else
+CONFIGURE_ARGS+=	--with-ldap-conf-file=${PREFIX}/etc/nss_ldapd.conf
+PLIST_SUB+=		CONFIG="nss_ldapd"
+.endif
+
+.if defined(WITH_SASL)
+WANT_OPENLDAP_SASL=	yes
+CONFIGURE_ARGS+=	--enable-sasl
+.else
+CONFIGURE_ARGS+=	--disable-sasl
+.endif
+
+.if defined(WITH_PAM)
+CONFIGURE_ARGS+=	--enable-pam
+.else
+CONFIGURE_ARGS+=	--disable-pam
+.endif
+
+.if defined(WITHOUT_NSS)
+CONFIGURE_ARGS+=	--disable-nss
+PLIST_SUB+=		NSS="@comment "
+.else
+CONFIGURE_ARGS+=	--enable-nss
+CONFLICTS+=		nss_ldap-1.*
+PLIST_SUB+=		NSS=""
+.endif
+
+.if defined(WITHOUT_NSLCD)
+CONFIGURE_ARGS+=	--disable-nslcd
+PLIST_SUB+=		NSLCD="@comment "
+.else
+CONFIGURE_ARGS+=	--enable-nslcd
+PLIST_SUB+=		NSLCD=""
+MAN8=			nslcd.8
+.endif
+
+MAN5=			nss-ldapd.conf.5
+
+post-extract:
+	@${REINPLACE_CMD} -e 's/\(INSTALL_\)\(.*\)) -D /\1\2) /' ${WRKSRC}/Makefile.in ${WRKSRC}/nss/Makefile.in
+	@${REINPLACE_CMD} -e 's/shadow.$$(OBJEXT)/shadow.$$(OBJEXT) bsdnss.$$(OBJEXT)/;s/shadow\.c/shadow.c bsdnss.c/;s/exports\.linux/exports.freebsd/' ${WRKSRC}/nss/Makefile.in
+	@${REINPLACE_CMD} -e 's/^NSS_VERS = .*/NSS_VERS = 1/;s/libnss_ldap\.so/nss_ldap.so/' ${WRKSRC}/nss/Makefile.in
+	@${MV} ${WRKSRC}/nss/exports.linux ${WRKSRC}/nss/exports.freebsd
+	@${REINPLACE_CMD} -e 's/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF)/$$(DESTDIR)$$(NSS_LDAP_PATH_CONF).sample/' ${WRKSRC}/Makefile.in
+
+post-install:
+	@${ECHO_MSG}
+	@${ECHO_MSG} =====================================================================
+	@${ECHO_MSG}
+.if defined(WITH_NSS_COMPAT)
+	@${ECHO_MSG} "                NSS_LDAP compatibility ENABLED."
+	@${ECHO_MSG}
+	@${ECHO_MSG} " LDAP configuration:      ${PREFIX}/etc/nss_ldap.conf"
+	@${ECHO_MSG} " Secret file:             ${PREFIX}/etc/nss_ldap.secret"
+	@${ECHO_MSG} " Sample configuration:    ${PREFIX}/etc/nss_ldap.conf.sample"
+	@${ECHO_MSG}
+	@${ECHO_MSG} " Check if you need to adjust  reconnect_* parameters"
+	@${ECHO_MSG} " WARNING: nss_ldapd will use ONLY rootbinddn to access LDAP data"
+.else
+	@${ECHO_MSG} " LDAP configuration:      ${PREFIX}/etc/nss_ldapd.conf"
+	@${ECHO_MSG} " Sample configuration:    ${PREFIX}/etc/nss_ldapd.conf.sample"
+	@${ECHO_MSG}
+.endif
+.if !defined(WITHOUT_NSS)
+	@${ECHO_MSG} " WARNING: Be sure to set uid and gid configuration parameters"
+	@${ECHO_MSG} " WARNING: to make nslcd run under unprivileged user"
+.endif
+	@${ECHO_MSG}
+	@${ECHO_MSG} =====================================================================
+	@${ECHO_MSG}
+
+.include <bsd.port.post.mk>

net/nss_ldapd/distinfo

@@ -0,0 +1,3 @@
+MD5 (nss-ldapd-0.6.11.tar.gz) = 8e5087f74a128f2c12f974c176803747
+SHA256 (nss-ldapd-0.6.11.tar.gz) = ac41292c8c7c2a4fb2e77ee9bc165ecefc84e8c33682f8c87ee69381830a8aff
+SIZE (nss-ldapd-0.6.11.tar.gz) = 415271

net/nss_ldapd/files/nslcd.in

@@ -0,0 +1,24 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: nslcd
+# REQUIRE: DAEMON ldconfig resolv
+#
+# Add the following line to /etc/rc.conf to enable the nslcd daemon:
+#
+# nslcd_enable="YES"
+#
+
+nslcd_enable=${nslcd_enable-"NO"}
+
+. %%RC_SUBR%%
+
+name=nslcd
+rcvar=$(set_rcvar)
+
+command="%%PREFIX%%/sbin/%{name}"
+pidfile="/var/run/${name}.pid"
+
+load_rc_config ${name}
+run_rc_command "$1"

net/nss_ldapd/files/nss_compat.diff

@@ -0,0 +1,75 @@
+--- nslcd/cfg.c.orig	2009-06-19 16:03:14.000000000 +0400
++++ nslcd/cfg.c	2009-08-10 20:41:31.000000000 +0400
+@@ -33,6 +33,7 @@
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <unistd.h>
++#include <libgen.h>
+ #include <errno.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+@@ -649,13 +650,31 @@
+ {
+   FILE *fp;
+   int lnr=0;
+-  char linebuf[MAX_LINE_LENGTH];
++  char linebuf[MAX_LINE_LENGTH], secret_path[512];
+   char *line;
+   char keyword[32];
+   char token[64];
+   int i;
+   int rc;
+   char *value;
++
++  /* get secret password */
++  snprintf(secret_path, sizeof(secret_path), "%s/nss_ldap.secret", dirname(filename));
++  if ((fp=fopen(secret_path,"r"))==NULL)
++  {
++    log_log(LOG_ERR,"cannot open secret file (%s): %s",secret_path,strerror(errno));
++    /* exit(EXIT_FAILURE); */
++  }
++  else if (fgets(linebuf,MAX_LINE_LENGTH,fp)!=NULL)
++  {
++    i=strlen(linebuf);
++    if (i>0)
++      linebuf[i-1]='\0';
++    cfg->ldc_bindpw=strdup(linebuf);
++  }
++  if (fp!=NULL)
++    fclose(fp);
++
+   /* open config file */
+   if ((fp=fopen(filename,"r"))==NULL)
+   {
+@@ -724,13 +743,14 @@
+       get_int(filename,lnr,keyword,&line,&cfg->ldc_version);
+       get_eol(filename,lnr,keyword,&line);
+     }
+-    else if (strcasecmp(keyword,"binddn")==0)
++    else if (strcasecmp(keyword,"rootbinddn")==0)
+     {
+       get_restdup(filename,lnr,keyword,&line,&cfg->ldc_binddn);
+     }
+     else if (strcasecmp(keyword,"bindpw")==0)
+     {
+-      get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
++      if (cfg->ldc_bindpw == NULL)
++        get_restdup(filename,lnr,keyword,&line,&cfg->ldc_bindpw);
+     }
+     /* SASL authentication options */
+     else if (strcasecmp(keyword,"sasl_authcid")==0)
+@@ -931,12 +951,14 @@
+       get_int(filename,lnr,keyword,&line,&cfg->ldc_pagesize);
+       get_eol(filename,lnr,keyword,&line);
+     }
++#if 0    
+     /* fallthrough */
+     else
+     {
+       log_log(LOG_ERR,"%s:%d: unknown keyword: '%s'",filename,lnr,keyword);
+       exit(EXIT_FAILURE);
+     }
++#endif    
+   }
+   /* we're done reading file, close */
+   fclose(fp);

net/nss_ldapd/files/patch-nslcd__cfg.c

@@ -0,0 +1,23 @@
+--- ./nslcd/cfg.c.orig	2009-08-02 22:32:27.000000000 +0000
++++ ./nslcd/cfg.c	2009-08-02 22:49:26.000000000 +0000
+@@ -37,14 +37,13 @@
+ #include <errno.h>
+ #include <netdb.h>
+ #include <sys/socket.h>
+-#ifdef HAVE_GSSAPI_H
+-#include <gssapi.h>
+-#endif /* HAVE_GSSAPI_H */
+-#ifdef HAVE_GSSAPI_GSSAPI_KRB5_H
++#if HAVE_GSSAPI_GSSAPI_H
+ #include <gssapi/gssapi.h>
+-#include <gssapi/gssapi_krb5.h>
+-#endif /* HAVE_GSSAPI_GSSAPI_KRB5_H */
+-#include <sys/types.h>
++#elif HAVE_GSSAPI_GSSAPI_GENERIC_H
++#include <gssapi/gssapi_generic.h>
++#elif HAVE_GSSAPI_H
++#include <gssapi.h>
++#endif
+ #include <pwd.h>
+ #include <grp.h>
+ 

net/nss_ldapd/files/patch-nslcd__common.c

@@ -0,0 +1,12 @@
+--- ./nslcd/common.c.orig	2009-02-27 17:27:08.000000000 +0000
++++ ./nslcd/common.c	2009-08-02 22:32:27.000000000 +0000
+@@ -27,6 +27,9 @@
+ #include <stdarg.h>
+ #include <sys/types.h>
+ #include <sys/socket.h>
++#ifdef __FreeBSD__
++#include <netinet/in.h>
++#endif
+ #include <arpa/inet.h>
+ #include <strings.h>
+ #include <limits.h>

net/nss_ldapd/files/patch-nslcd__common.h

@@ -0,0 +1,30 @@
+--- ./nslcd/common.h.orig	2009-06-03 10:31:05.000000000 +0000
++++ ./nslcd/common.h	2009-08-02 22:32:27.000000000 +0000
+@@ -124,9 +124,9 @@
+ int nslcd_network_byname(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_network_byaddr(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_network_all(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session);
+-int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session);
++int nslcd_passwd_byname(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
++int nslcd_passwd_byuid(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
++int nslcd_passwd_all(TFILE *fp,MYLDAP_SESSION *session,uid_t uid);
+ int nslcd_protocol_byname(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_protocol_bynumber(TFILE *fp,MYLDAP_SESSION *session);
+ int nslcd_protocol_all(TFILE *fp,MYLDAP_SESSION *session);
+@@ -145,8 +145,12 @@
+ int nslcd_pam_pwmod(TFILE *fp,MYLDAP_SESSION *session);
+ 
+ /* macro for generating service handling code */
+-#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn) \
+-  int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session) \
++#define COMMA	,
++#define NSLCD_HANDLE(db,fn,readfn,logcall,action,mkfilter,writefn)	NSLCD_HANDLE_PARAMS(db,fn,,readfn,logcall,action,mkfilter,writefn)
++#define NSLCD_HANDLE_UID(db,fn,readfn,logcall,action,mkfilter,writefn)	NSLCD_HANDLE_PARAMS(db,fn,COMMA uid_t calleruid,readfn,logcall,action,mkfilter,writefn)
++
++#define NSLCD_HANDLE_PARAMS(db,fn,params,readfn,logcall,action,mkfilter,writefn) \
++  int nslcd_##db##_##fn(TFILE *fp,MYLDAP_SESSION *session params ) \
+   { \
+     /* define common variables */ \
+     int32_t tmpint32; \

net/nss_ldapd/files/patch-nslcd__nslcd.c

@@ -0,0 +1,15 @@
+--- ./nslcd/nslcd.c.orig	2009-06-12 21:53:18.000000000 +0000
++++ ./nslcd/nslcd.c	2009-08-02 22:32:27.000000000 +0000
+@@ -398,9 +398,9 @@
+     case NSLCD_ACTION_NETWORK_BYNAME:   (void)nslcd_network_byname(fp,session); break;
+     case NSLCD_ACTION_NETWORK_BYADDR:   (void)nslcd_network_byaddr(fp,session); break;
+     case NSLCD_ACTION_NETWORK_ALL:      (void)nslcd_network_all(fp,session); break;
+-    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nslcd_passwd_byname(fp,session); break;
+-    case NSLCD_ACTION_PASSWD_BYUID:     (void)nslcd_passwd_byuid(fp,session); break;
+-    case NSLCD_ACTION_PASSWD_ALL:       (void)nslcd_passwd_all(fp,session); break;
++    case NSLCD_ACTION_PASSWD_BYNAME:    (void)nslcd_passwd_byname(fp,session,uid); break;
++    case NSLCD_ACTION_PASSWD_BYUID:     (void)nslcd_passwd_byuid(fp,session,uid); break;
++    case NSLCD_ACTION_PASSWD_ALL:       (void)nslcd_passwd_all(fp,session,uid); break;
+     case NSLCD_ACTION_PROTOCOL_BYNAME:  (void)nslcd_protocol_byname(fp,session); break;
+     case NSLCD_ACTION_PROTOCOL_BYNUMBER:(void)nslcd_protocol_bynumber(fp,session); break;
+     case NSLCD_ACTION_PROTOCOL_ALL:     (void)nslcd_protocol_all(fp,session); break;

net/nss_ldapd/files/patch-nslcd__passwd.c

@@ -0,0 +1,61 @@
+--- ./nslcd/passwd.c.orig	2009-06-29 19:04:54.000000000 +0000
++++ ./nslcd/passwd.c	2009-08-02 22:32:27.000000000 +0000
+@@ -292,7 +292,7 @@
+ #define MAXUIDS_PER_ENTRY 5
+ 
+ static int write_passwd(TFILE *fp,MYLDAP_ENTRY *entry,const char *requser,
+-                        const uid_t *requid)
++                        const uid_t *requid,uid_t calleruid)
+ {
+   int32_t tmpint32;
+   const char **tmpvalues;
+@@ -323,7 +323,7 @@
+   else
+   {
+     passwd=get_userpassword(entry,attmap_passwd_userPassword);
+-    if (passwd==NULL)
++    if ((passwd==NULL) || (calleruid!=0))
+       passwd=default_passwd_userPassword;
+   }
+   /* get the uids for this entry */
+@@ -451,7 +451,7 @@
+   return 0;
+ }
+ 
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+   passwd,byname,
+   char name[256];
+   char filter[1024];
+@@ -463,10 +463,10 @@
+   log_log(LOG_DEBUG,"nslcd_passwd_byname(%s)",name);,
+   NSLCD_ACTION_PASSWD_BYNAME,
+   mkfilter_passwd_byname(name,filter,sizeof(filter)),
+-  write_passwd(fp,entry,name,NULL)
++  write_passwd(fp,entry,name,NULL,calleruid)
+ )
+ 
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+   passwd,byuid,
+   uid_t uid;
+   char filter[1024];
+@@ -474,15 +474,15 @@
+   log_log(LOG_DEBUG,"nslcd_passwd_byuid(%d)",(int)uid);,
+   NSLCD_ACTION_PASSWD_BYUID,
+   mkfilter_passwd_byuid(uid,filter,sizeof(filter)),
+-  write_passwd(fp,entry,NULL,&uid)
++  write_passwd(fp,entry,NULL,&uid,calleruid)
+ )
+ 
+-NSLCD_HANDLE(
++NSLCD_HANDLE_UID(
+   passwd,all,
+   const char *filter;
+   /* no parameters to read */,
+   log_log(LOG_DEBUG,"nslcd_passwd_all()");,
+   NSLCD_ACTION_PASSWD_ALL,
+   (filter=passwd_filter,0),
+-  write_passwd(fp,entry,NULL,NULL)
++  write_passwd(fp,entry,NULL,NULL,calleruid)
+ )

net/nss_ldapd/files/patch-nss__bsdnss.c

@@ -0,0 +1,160 @@
+--- ./nss/bsdnss.c.orig	2009-08-10 16:06:22.000000000 +0000
++++ ./nss/bsdnss.c	2009-08-10 15:58:04.000000000 +0000
+@@ -0,0 +1,157 @@
++#include <errno.h>
++#include <sys/param.h>
++#include <netinet/in.h>
++#include <pwd.h>
++#include <grp.h>
++#include <nss.h>
++#include <netdb.h>
++
++#define BUFFER_SIZE		1024
++
++extern enum nss_status _nss_ldap_getgrent_r(struct group *, char *, size_t,
++    int *);
++extern enum nss_status _nss_ldap_getgrnam_r(const char *, struct group *,
++    char *, size_t, int *);
++extern enum nss_status _nss_ldap_getgrgid_r(gid_t gid, struct group *, char *,
++    size_t, int *);
++extern enum nss_status _nss_ldap_setgrent(void);
++extern enum nss_status _nss_ldap_endgrent(void);
++
++extern enum nss_status _nss_ldap_getpwent_r(struct passwd *, char *, size_t,
++    int *);
++extern enum nss_status _nss_ldap_getpwnam_r(const char *, struct passwd *,
++    char *, size_t, int *);
++extern enum nss_status _nss_ldap_getpwuid_r(gid_t gid, struct passwd *, char *,
++    size_t, int *);
++extern enum nss_status _nss_ldap_setpwent(void);
++extern enum nss_status _nss_ldap_endpwent(void);
++
++extern enum nss_status _nss_ldap_gethostbyname_r (const char *name, struct hostent * result,
++			   char *buffer, size_t buflen, int *errnop,
++			   int *h_errnop);
++
++extern enum nss_status _nss_ldap_gethostbyname2_r (const char *name, int af, struct hostent * result,
++			    char *buffer, size_t buflen, int *errnop,
++			    int *h_errnop);
++extern enum nss_status _nss_ldap_gethostbyaddr_r (struct in_addr * addr, int len, int type,
++			   struct hostent * result, char *buffer,
++			   size_t buflen, int *errnop, int *h_errnop);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrgid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getgrent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setgrent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endgrent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwnam_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwuid_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_getpwent_r);
++NSS_METHOD_PROTOTYPE(__nss_compat_setpwent);
++NSS_METHOD_PROTOTYPE(__nss_compat_endpwent);
++
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyname2);
++NSS_METHOD_PROTOTYPE(__nss_compat_gethostbyaddr);
++
++static ns_mtab methods[] = {
++{ NSDB_GROUP, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
++{ NSDB_GROUP, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
++
++{ NSDB_PASSWD, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
++{ NSDB_PASSWD, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
++
++{ NSDB_HOSTS, "gethostbyname", __nss_compat_gethostbyname, _nss_ldap_gethostbyname_r },
++{ NSDB_HOSTS, "gethostbyaddr", __nss_compat_gethostbyaddr, _nss_ldap_gethostbyaddr_r },
++{ NSDB_HOSTS, "gethostbyname2", __nss_compat_gethostbyname2, _nss_ldap_gethostbyname2_r },
++
++{ NSDB_GROUP_COMPAT, "getgrnam_r", __nss_compat_getgrnam_r, _nss_ldap_getgrnam_r },
++{ NSDB_GROUP_COMPAT, "getgrgid_r", __nss_compat_getgrgid_r, _nss_ldap_getgrgid_r },
++{ NSDB_GROUP_COMPAT, "getgrent_r", __nss_compat_getgrent_r, _nss_ldap_getgrent_r },
++{ NSDB_GROUP_COMPAT, "setgrent",   __nss_compat_setgrent,   _nss_ldap_setgrent },
++{ NSDB_GROUP_COMPAT, "endgrent",   __nss_compat_endgrent,   _nss_ldap_endgrent },
++
++{ NSDB_PASSWD_COMPAT, "getpwnam_r", __nss_compat_getpwnam_r, _nss_ldap_getpwnam_r },
++{ NSDB_PASSWD_COMPAT, "getpwuid_r", __nss_compat_getpwuid_r, _nss_ldap_getpwuid_r },
++{ NSDB_PASSWD_COMPAT, "getpwent_r", __nss_compat_getpwent_r, _nss_ldap_getpwent_r },
++{ NSDB_PASSWD_COMPAT, "setpwent",   __nss_compat_setpwent,   _nss_ldap_setpwent },
++{ NSDB_PASSWD_COMPAT, "endpwent",   __nss_compat_endpwent,   _nss_ldap_endpwent },
++
++};
++
++
++int __nss_compat_gethostbyname(void *retval, void *mdata, va_list ap)
++{
++	enum nss_status 	(*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++	const char 	*name;
++	struct hostent 	*result;
++	char 		buffer[BUFFER_SIZE];
++	int 		errnop;
++	int		h_errnop;
++	int		af;
++	enum nss_status	status;
++	fn = mdata;
++	name = va_arg(ap, const char*);
++	af = va_arg(ap,int);
++	result = va_arg(ap,struct hostent *);
++	status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++	status = __nss_compat_result(status,errnop);
++	h_errno = h_errnop;
++	return (status);
++}
++
++int __nss_compat_gethostbyname2(void *retval, void *mdata, va_list ap)
++{
++	enum nss_status 	(*fn)(const char *, struct hostent *, char *, size_t, int *, int *);
++	const char 	*name;
++	struct hostent 	*result;
++	char 		buffer[BUFFER_SIZE];
++	int 		errnop;
++	int		h_errnop;
++	int		af;
++	enum nss_status	status;
++	fn = mdata;
++	name = va_arg(ap, const char*);
++	af = va_arg(ap,int);
++	result = va_arg(ap,struct hostent *);
++	status = fn(name, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++	status = __nss_compat_result(status,errnop);
++	h_errno = h_errnop;
++	return (status);
++}
++
++int __nss_compat_gethostbyaddr(void *retval, void *mdata, va_list ap)
++{
++	struct in_addr 	*addr;
++	int 		len;
++	int 		type;
++	struct hostent	*result;
++	char 		buffer[BUFFER_SIZE];
++	int		errnop;
++	int		h_errnop;
++	enum nss_status (*fn)(struct in_addr *, int, int, struct hostent *, char *, size_t, int *, int *);
++	enum nss_status status;
++	fn = mdata;
++	addr = va_arg(ap, struct in_addr*);
++	len = va_arg(ap,int);
++	type = va_arg(ap,int);
++	result = va_arg(ap, struct hostent*);
++	status = fn(addr, len, type, result, buffer, sizeof(buffer), &errnop, &h_errnop);
++	status = __nss_compat_result(status,errnop);
++	h_errno = h_errnop;
++	return (status);
++}
++
++ns_mtab *
++nss_module_register(const char *source, unsigned int *mtabsize,
++    nss_module_unregister_fn *unreg)
++{
++	*mtabsize = sizeof(methods)/sizeof(methods[0]);
++	*unreg = NULL;
++	return (methods);
++}

net/nss_ldapd/files/patch-nss__exports.freebsd

@@ -0,0 +1,30 @@
+--- ./nss/exports.freebsd.orig	2007-12-31 16:49:01.000000000 +0000
++++ ./nss/exports.freebsd	2009-08-02 22:32:27.000000000 +0000
+@@ -78,6 +78,27 @@
+     _nss_ldap_getspent_r;
+     _nss_ldap_endspent;
+ 
++    # compat 4 bsd 
++    __nss_compat_getgrnam_r;
++    __nss_compat_getgrgid_r;
++    __nss_compat_getgrent_r;
++    __nss_compat_setgrent;
++    __nss_compat_endgrent;
++
++    __nss_compat_getpwnam_r;
++    __nss_compat_getpwuid_r;
++    __nss_compat_getpwent_r;
++    __nss_compat_setpwent;
++    __nss_compat_endpwent;
++
++    __nss_compat_gethostbyname;
++    __nss_compat_gethostbyname2;
++    __nss_compat_gethostbyaddr;
++    
++    # module init
++    nss_module_register;
++
++
+   # everything else should not be exported
+   local:
+     *;

net/nss_ldapd/files/patch-nss__prototypes.h

@@ -0,0 +1,57 @@
+--- ./nss/prototypes.h.orig	2008-05-02 21:00:10.000000000 +0000
++++ ./nss/prototypes.h	2009-08-02 22:32:27.000000000 +0000
+@@ -24,13 +24,40 @@
+ #define _NSS_EXPORTS_H 1
+ 
+ #include <nss.h>
+-#include <aliases.h>
++#ifndef __FreeBSD__
+ #include <netinet/ether.h>
++#else
++#include <net/ethernet.h>
++#include <sys/socket.h>
++#endif
+ #include <sys/types.h>
+ #include <grp.h>
+ #include <netdb.h>
+ #include <pwd.h>
++#ifdef HAVE_SHADOW_H
+ #include <shadow.h>
++#endif
++
++#ifdef __FreeBSD__
++/* 
++ * Import from aliases.h
++ */
++struct aliasent
++  {
++    char *alias_name;
++    size_t alias_members_len;
++    char **alias_members;
++    int alias_local;
++  };
++
++struct rpcent
++{
++  char *r_name;         /* Name of server for this rpc program.  */
++  char **r_aliases;     /* Alias list.  */
++  int r_number;         /* RPC program number.  */
++};
++
++#endif
+ 
+ /* We define struct etherent here because it does not seem to
+    be defined in any publicly available header file exposed
+@@ -160,10 +187,12 @@
+ enum nss_status _nss_ldap_getservent_r(struct servent *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_endservent(void);
+ 
++#ifdef HAVE_SHADOW_H
+ /* shadow - extended user information */
+ enum nss_status _nss_ldap_getspnam_r(const char *name,struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_setspent(int stayopen);
+ enum nss_status _nss_ldap_getspent_r(struct spwd *result,char *buffer,size_t buflen,int *errnop);
+ enum nss_status _nss_ldap_endspent(void);
++#endif
+ 
+ #endif /* not NSS_EXPORTS */

net/nss_ldapd/files/patch-nss__shadow.c

@@ -0,0 +1,17 @@
+--- ./nss/shadow.c.orig	2009-05-29 21:23:03.000000000 +0000
++++ ./nss/shadow.c	2009-08-02 22:32:27.000000000 +0000
+@@ -22,6 +22,7 @@
+ 
+ #include "config.h"
+ 
++#ifdef HAVE_SHADOW_H
+ #include <string.h>
+ #include <nss.h>
+ #include <errno.h>
+@@ -73,3 +74,6 @@
+ {
+   NSS_ENDENT(spentfp);
+ }
++
++#endif
++

net/nss_ldapd/pkg-descr

@@ -0,0 +1,11 @@
+nss_ldapd is a NSS module which provides an LDAP backend for C library
+functions such as getpwnam(3), getgrnam(3), and gethostbyname(3).  It
+is compliant with RFC 2307, ``An Approach for Using LDAP as a Network
+Information Service''.
+
+Key differences from nss_ldap:
+* lighter nss library (no ldap* dependings)
+* server-side connection caching
+
+
+WWW: http://arthurdejong.org/nss-ldapd/

net/nss_ldapd/pkg-plist

@@ -0,0 +1,3 @@
+etc/%%CONFIG%%.conf.sample
+%%NSS%%lib/nss_ldap.so.1
+%%NSLCD%%sbin/nslcd