sssd:move to dynamic networking-layer

Signed-off-by: Armin Kuster <akuster808@gmail.com>

9 files changed, 0 insertions, 599 deletions

diff --git a/recipes-security/sssd/files/CVE-2021-3621.patch b/recipes-security/sssd/files/CVE-2021-3621.patch
deleted file mode 100644
index 7a59df9..0000000
--- a/recipes-security/sssd/files/CVE-2021-3621.patch
+++ /dev/null
@@ -1,288 +0,0 @@
-Backport patch to fix CVE-2021-3621.
-
-Upstream-Status: Backport [https://github.com/SSSD/sssd/commit/7ab83f9]
-CVE: CVE-2021-3621
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
-
-From 7ab83f97e1cbefb78ece17232185bdd2985f0bbe Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 18 Jun 2021 13:17:19 +0200
-Subject: [PATCH] TOOLS: replace system() with execvp() to avoid execution of
- user supplied command
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-:relnote: A flaw was found in SSSD, where the sssctl command was
-vulnerable to shell command injection via the logs-fetch and
-cache-expire subcommands. This flaw allows an attacker to trick
-the root user into running a specially crafted sssctl command,
-such as via sudo, to gain root access. The highest threat from this
-vulnerability is to confidentiality, integrity, as well as system
-availability.
-This patch fixes a flaw by replacing system() with execvp().
-
-:fixes: CVE-2021-3621
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/tools/sssctl/sssctl.c      | 39 ++++++++++++++++-------
- src/tools/sssctl/sssctl.h      |  2 +-
- src/tools/sssctl/sssctl_data.c | 57 +++++++++++-----------------------
- src/tools/sssctl/sssctl_logs.c | 32 +++++++++++++++----
- 4 files changed, 73 insertions(+), 57 deletions(-)
-
-diff --git a/src/tools/sssctl/sssctl.c b/src/tools/sssctl/sssctl.c
-index 2997dbf968..8adaf30910 100644
---- a/src/tools/sssctl/sssctl.c
-+++ b/src/tools/sssctl/sssctl.c
-@@ -97,22 +97,36 @@ sssctl_prompt(const char *message,
-     return SSSCTL_PROMPT_ERROR;
- }
- 
--errno_t sssctl_run_command(const char *command)
-+errno_t sssctl_run_command(const char *const argv[])
- {
-     int ret;
-+    int wstatus;
- 
--    DEBUG(SSSDBG_TRACE_FUNC, "Running %s\n", command);
-+    DEBUG(SSSDBG_TRACE_FUNC, "Running '%s'\n", argv[0]);
- 
--    ret = system(command);
-+    ret = fork();
-     if (ret == -1) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to execute %s\n", command);
-         ERROR("Error while executing external command\n");
-         return EFAULT;
--    } else if (WEXITSTATUS(ret) != 0) {
--        DEBUG(SSSDBG_CRIT_FAILURE, "Command %s failed with [%d]\n",
--              command, WEXITSTATUS(ret));
-+    }
-+
-+    if (ret == 0) {
-+        /* cast is safe - see
-+        https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html
-+        "The statement about argv[] and envp[] being constants ... "
-+        */
-+        execvp(argv[0], discard_const_p(char * const, argv));
-         ERROR("Error while executing external command\n");
--        return EIO;
-+        _exit(1);
-+    } else {
-+        if (waitpid(ret, &wstatus, 0) == -1) {
-+            ERROR("Error while executing external command '%s'\n", argv[0]);
-+            return EFAULT;
-+        } else if (WEXITSTATUS(wstatus) != 0) {
-+            ERROR("Command '%s' failed with [%d]\n",
-+                  argv[0], WEXITSTATUS(wstatus));
-+            return EIO;
-+        }
-     }
- 
-     return EOK;
-@@ -132,11 +146,14 @@ static errno_t sssctl_manage_service(enum sssctl_svc_action action)
- #elif defined(HAVE_SERVICE)
-     switch (action) {
-     case SSSCTL_SVC_START:
--        return sssctl_run_command(SERVICE_PATH" sssd start");
-+        return sssctl_run_command(
-+                      (const char *[]){SERVICE_PATH, "sssd", "start", NULL});
-     case SSSCTL_SVC_STOP:
--        return sssctl_run_command(SERVICE_PATH" sssd stop");
-+        return sssctl_run_command(
-+                      (const char *[]){SERVICE_PATH, "sssd", "stop", NULL});
-     case SSSCTL_SVC_RESTART:
--        return sssctl_run_command(SERVICE_PATH" sssd restart");
-+        return sssctl_run_command(
-+                      (const char *[]){SERVICE_PATH, "sssd", "restart", NULL});
-     }
- #endif
- 
-diff --git a/src/tools/sssctl/sssctl.h b/src/tools/sssctl/sssctl.h
-index 0115b2457c..599ef65196 100644
---- a/src/tools/sssctl/sssctl.h
-+++ b/src/tools/sssctl/sssctl.h
-@@ -47,7 +47,7 @@ enum sssctl_prompt_result
- sssctl_prompt(const char *message,
-               enum sssctl_prompt_result defval);
- 
--errno_t sssctl_run_command(const char *command);
-+errno_t sssctl_run_command(const char *const argv[]); /* argv[0] - command */
- bool sssctl_start_sssd(bool force);
- bool sssctl_stop_sssd(bool force);
- bool sssctl_restart_sssd(bool force);
-diff --git a/src/tools/sssctl/sssctl_data.c b/src/tools/sssctl/sssctl_data.c
-index 8d79b977fd..bf22913416 100644
---- a/src/tools/sssctl/sssctl_data.c
-+++ b/src/tools/sssctl/sssctl_data.c
-@@ -105,15 +105,15 @@ static errno_t sssctl_backup(bool force)
-         }
-     }
- 
--    ret = sssctl_run_command("sss_override user-export "
--                             SSS_BACKUP_USER_OVERRIDES);
-+    ret = sssctl_run_command((const char *[]){"sss_override", "user-export",
-+                                              SSS_BACKUP_USER_OVERRIDES, NULL});
-     if (ret != EOK) {
-         ERROR("Unable to export user overrides\n");
-         return ret;
-     }
- 
--    ret = sssctl_run_command("sss_override group-export "
--                             SSS_BACKUP_GROUP_OVERRIDES);
-+    ret = sssctl_run_command((const char *[]){"sss_override", "group-export",
-+                                              SSS_BACKUP_GROUP_OVERRIDES, NULL});
-     if (ret != EOK) {
-         ERROR("Unable to export group overrides\n");
-         return ret;
-@@ -158,8 +158,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
-     }
- 
-     if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
--        ret = sssctl_run_command("sss_override user-import "
--                                 SSS_BACKUP_USER_OVERRIDES);
-+        ret = sssctl_run_command((const char *[]){"sss_override", "user-import",
-+                                                  SSS_BACKUP_USER_OVERRIDES, NULL});
-         if (ret != EOK) {
-             ERROR("Unable to import user overrides\n");
-             return ret;
-@@ -167,8 +167,8 @@ static errno_t sssctl_restore(bool force_start, bool force_restart)
-     }
- 
-     if (sssctl_backup_file_exists(SSS_BACKUP_USER_OVERRIDES)) {
--        ret = sssctl_run_command("sss_override group-import "
--                                 SSS_BACKUP_GROUP_OVERRIDES);
-+        ret = sssctl_run_command((const char *[]){"sss_override", "group-import",
-+                                                  SSS_BACKUP_GROUP_OVERRIDES, NULL});
-         if (ret != EOK) {
-             ERROR("Unable to import group overrides\n");
-             return ret;
-@@ -296,40 +296,19 @@ errno_t sssctl_cache_expire(struct sss_cmdline *cmdline,
-                             void *pvt)
- {
-     errno_t ret;
--    char *cmd_args = NULL;
--    const char *cachecmd = SSS_CACHE;
--    char *cmd = NULL;
--    int i;
--
--    if (cmdline->argc == 0) {
--        ret = sssctl_run_command(cachecmd);
--        goto done;
--    }
- 
--    cmd_args = talloc_strdup(tool_ctx, "");
--    if (cmd_args == NULL) {
--        ret = ENOMEM;
--        goto done;
-+    const char **args = talloc_array_size(tool_ctx,
-+                                          sizeof(char *),
-+                                          cmdline->argc + 2);
-+    if (!args) {
-+        return ENOMEM;
-     }
-+    memcpy(&args[1], cmdline->argv, sizeof(char *) * cmdline->argc);
-+    args[0] = SSS_CACHE;
-+    args[cmdline->argc + 1] = NULL;
- 
--    for (i = 0; i < cmdline->argc; i++) {
--        cmd_args = talloc_strdup_append(cmd_args, cmdline->argv[i]);
--        if (i != cmdline->argc - 1) {
--            cmd_args = talloc_strdup_append(cmd_args, " ");
--        }
--    }
--
--    cmd = talloc_asprintf(tool_ctx, "%s %s", cachecmd, cmd_args);
--    if (cmd == NULL) {
--        ret = ENOMEM;
--        goto done;
--    }
--
--    ret = sssctl_run_command(cmd);
--
--done:
--    talloc_free(cmd_args);
--    talloc_free(cmd);
-+    ret = sssctl_run_command(args);
- 
-+    talloc_free(args);
-     return ret;
- }
-diff --git a/src/tools/sssctl/sssctl_logs.c b/src/tools/sssctl/sssctl_logs.c
-index 9ff2be05b6..ebb2c4571c 100644
---- a/src/tools/sssctl/sssctl_logs.c
-+++ b/src/tools/sssctl/sssctl_logs.c
-@@ -31,6 +31,7 @@
- #include <ldb.h>
- #include <popt.h>
- #include <stdio.h>
-+#include <glob.h>
- 
- #include "util/util.h"
- #include "tools/common/sss_process.h"
-@@ -230,6 +231,7 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
- {
-     struct sssctl_logs_opts opts = {0};
-     errno_t ret;
-+    glob_t globbuf;
- 
-     /* Parse command line. */
-     struct poptOption options[] = {
-@@ -253,8 +255,20 @@ errno_t sssctl_logs_remove(struct sss_cmdline *cmdline,
- 
-         sss_signal(SIGHUP);
-     } else {
-+        globbuf.gl_offs = 4;
-+        ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
-+        if (ret != 0) {
-+            DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
-+            return ret;
-+        }
-+        globbuf.gl_pathv[0] = discard_const_p(char, "truncate");
-+        globbuf.gl_pathv[1] = discard_const_p(char, "--no-create");
-+        globbuf.gl_pathv[2] = discard_const_p(char, "--size");
-+        globbuf.gl_pathv[3] = discard_const_p(char, "0");
-+
-         PRINT("Truncating log files...\n");
--        ret = sssctl_run_command("truncate --no-create --size 0 " LOG_FILES);
-+        ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
-+        globfree(&globbuf);
-         if (ret != EOK) {
-             ERROR("Unable to truncate log files\n");
-             return ret;
-@@ -269,8 +283,8 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
-                           void *pvt)
- {
-     const char *file;
--    const char *cmd;
-     errno_t ret;
-+    glob_t globbuf;
- 
-     /* Parse command line. */
-     ret = sss_tool_popt_ex(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL,
-@@ -280,13 +294,19 @@ errno_t sssctl_logs_fetch(struct sss_cmdline *cmdline,
-         return ret;
-     }
- 
--    cmd = talloc_asprintf(tool_ctx, "tar -czf %s %s", file, LOG_FILES);
--    if (cmd == NULL) {
--        ERROR("Out of memory!");
-+    globbuf.gl_offs = 3;
-+    ret = glob(LOG_PATH"/*.log", GLOB_ERR|GLOB_DOOFFS, NULL, &globbuf);
-+    if (ret != 0) {
-+        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to expand log files list\n");
-+        return ret;
-     }
-+    globbuf.gl_pathv[0] = discard_const_p(char, "tar");
-+    globbuf.gl_pathv[1] = discard_const_p(char, "-czf");
-+    globbuf.gl_pathv[2] = discard_const_p(char, file);
- 
-     PRINT("Archiving log files into %s...\n", file);
--    ret = sssctl_run_command(cmd);
-+    ret = sssctl_run_command((const char * const*)globbuf.gl_pathv);
-+    globfree(&globbuf);
-     if (ret != EOK) {
-         ERROR("Unable to archive log files\n");
-         return ret;
diff --git a/recipes-security/sssd/files/drop_ntpdate_chk.patch b/recipes-security/sssd/files/drop_ntpdate_chk.patch
deleted file mode 100644
index 338af5d..0000000
--- a/recipes-security/sssd/files/drop_ntpdate_chk.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-nsupdate path is needed for various exec call
-but don't run natvie tests on it.
-
-
-Upstream-Status: Inappropriate [OE specific]
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: sssd-2.5.0/src/external/nsupdate.m4
-===================================================================
---- sssd-2.5.0.orig/src/external/nsupdate.m4
-+++ sssd-2.5.0/src/external/nsupdate.m4
-@@ -3,16 +3,4 @@ AC_MSG_CHECKING(for executable nsupdate)
- if test -x "$NSUPDATE"; then
-   AC_DEFINE_UNQUOTED([NSUPDATE_PATH], ["$NSUPDATE"], [The path to nsupdate])
-   AC_MSG_RESULT(yes)
--
--  AC_MSG_CHECKING(for nsupdate 'realm' support')
--  if AC_RUN_LOG([echo realm |$NSUPDATE >&2]); then
--    AC_MSG_RESULT([yes])
--  else
--    AC_MSG_RESULT([no])
--    AC_MSG_ERROR([nsupdate does not support 'realm'])
--  fi
--
--else
--  AC_MSG_RESULT([no])
--  AC_MSG_ERROR([nsupdate is not available])
- fi
diff --git a/recipes-security/sssd/files/fix-ldblibdir.patch b/recipes-security/sssd/files/fix-ldblibdir.patch
deleted file mode 100644
index e350baf..0000000
--- a/recipes-security/sssd/files/fix-ldblibdir.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-When calculate value of ldblibdir, it checks whether the directory of
-$ldblibdir exists. If not, it assigns ldblibdir with ${libdir}/ldb. It is not
-suitable for cross compile. Fix it that only re-assign ldblibdir when its value
-is empty.
-
-Upstream-Status: Inappropriate [cross compile specific]
-
-Signed-off-by: Kai Kang <kai.kang@windriver.com>
----
- src/external/libldb.m4 | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/external/libldb.m4 b/src/external/libldb.m4
-index c400add..5e5f06d 100644
---- a/src/external/libldb.m4
-+++ b/src/external/libldb.m4
-@@ -19,7 +19,7 @@ if test x"$with_ldb_lib_dir" != x; then
-     ldblibdir=$with_ldb_lib_dir
- else
-     ldblibdir="`$PKG_CONFIG --variable=modulesdir ldb`"
--    if ! test -d $ldblibdir; then
-+    if test -z $ldblibdir; then
-         ldblibdir="${libdir}/ldb"
-     fi
- fi
diff --git a/recipes-security/sssd/files/fix_gid.patch b/recipes-security/sssd/files/fix_gid.patch
deleted file mode 100644
index 9b481cc..0000000
--- a/recipes-security/sssd/files/fix_gid.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-from ../sssd-2.5.0/src/util/sss_pam_data.c:27:
-| ../sssd-2.5.0/src/util/debug.h:88:44: error: unknown type name 'uid_t'; did you mean 'uint_t'?
-|    88 | int chown_debug_file(const char *filename, uid_t uid, gid_t gid);
-|       |                                            ^~~~~
-|       |                                            uint_t
-| ../sssd-2.5.0/src/util/debug.h:88:55: error: unknown type name 'gid_t'
-|    88 | int chown_debug_file(const char *filename, uid_t uid, gid_t gid);
-|       |                                                       ^~~~~
-| make[2]: *** [Makefile:22529: src/util/libsss_iface_la-sss_pam_data.lo] Error 1
-| make[2]: *** Waiting for unfinished jobs....
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: sssd-2.5.0/src/util/debug.h
-===================================================================
---- sssd-2.5.0.orig/src/util/debug.h
-+++ sssd-2.5.0/src/util/debug.h
-@@ -24,6 +24,8 @@
- #include "config.h"
- 
- #include <stdio.h>
-+#include <unistd.h>
-+#include <sys/types.h>
- #include <stdbool.h>
- 
- #include "util/util_errors.h"
diff --git a/recipes-security/sssd/files/musl_fixup.patch b/recipes-security/sssd/files/musl_fixup.patch
deleted file mode 100644
index 68f267c..0000000
--- a/recipes-security/sssd/files/musl_fixup.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-fix musl build failures
-
-Missing _PATH_HOSTS and some NETDB defines when musl is enabled.
-
-These are work arounds for now while we figure out where the real fix should reside (musl, gcompact, sssd):
-
-./sssd-2.5.1/src/providers/fail_over.c:1199:19: error: '_PATH_HOSTS' undeclared (first use in this function)
-|  1199 |                   _PATH_HOSTS);
-|       |                   ^~~~~~~~~~~
-
-and 
-
-i./sssd-2.5.1/src/sss_client/nss_ipnetworks.c:415:21: error: 'NETDB_INTERNAL' undeclared (first use in this function)
-|   415 |         *h_errnop = NETDB_INTERNAL;
-
-
-Upstream-Status: Pending
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: sssd-2.5.1/src/providers/fail_over.c
-===================================================================
---- sssd-2.5.1.orig/src/providers/fail_over.c
-+++ sssd-2.5.1/src/providers/fail_over.c
-@@ -31,6 +31,10 @@
- #include <talloc.h>
- #include <netdb.h>
- 
-+#if !defined(_PATH_HOSTS)
-+#define _PATH_HOSTS     "/etc/hosts"
-+#endif
-+
- #include "util/dlinklist.h"
- #include "util/refcount.h"
- #include "util/util.h"
-Index: sssd-2.5.1/src/sss_client/sss_cli.h
-===================================================================
---- sssd-2.5.1.orig/src/sss_client/sss_cli.h
-+++ sssd-2.5.1/src/sss_client/sss_cli.h
-@@ -44,6 +44,14 @@ typedef int errno_t;
- #define EOK 0
- #endif
- 
-+#ifndef NETDB_INTERNAL
-+# define NETDB_INTERNAL (-1)
-+#endif
-+
-+#ifndef NETDB_SUCCESS
-+# define NETDB_SUCCESS (0)
-+#endif
-+
- #define SSS_NSS_PROTOCOL_VERSION 1
- #define SSS_PAM_PROTOCOL_VERSION 3
- #define SSS_SUDO_PROTOCOL_VERSION 1
diff --git a/recipes-security/sssd/files/no_gen.patch b/recipes-security/sssd/files/no_gen.patch
deleted file mode 100644
index 5c83777..0000000
--- a/recipes-security/sssd/files/no_gen.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-don't run generate-sbus-code
-
-Upstream-Status: Inappropriate [OE Specific]
-
-Signed-off-by: Armin Kuster <akuster808@gmail.com>
-
-Index: sssd-2.5.0/Makefile.am
-===================================================================
---- sssd-2.5.0.orig/Makefile.am
-+++ sssd-2.5.0/Makefile.am
-@@ -1033,8 +1033,6 @@ generate-sbus-code:
- 
- .PHONY: generate-sbus-code
- 
--BUILT_SOURCES += generate-sbus-code
--
- EXTRA_DIST += \
-     sbus_generate.sh.in \
-     src/sbus/codegen/dbus.xml \
diff --git a/recipes-security/sssd/files/sssd.conf b/recipes-security/sssd/files/sssd.conf
deleted file mode 100644
index 1709a7a..0000000
--- a/recipes-security/sssd/files/sssd.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[sssd]
-services = nss, pam
-config_file_version = 2
-
-[nss]
-
-[pam]
-
diff --git a/recipes-security/sssd/files/volatiles.99_sssd b/recipes-security/sssd/files/volatiles.99_sssd
deleted file mode 100644
index 2a82413..0000000
--- a/recipes-security/sssd/files/volatiles.99_sssd
+++ /dev/null
@@ -1 +0,0 @@
-d root root 0750 /var/log/sssd none
diff --git a/recipes-security/sssd/sssd_2.5.2.bb b/recipes-security/sssd/sssd_2.5.2.bb
deleted file mode 100644
index 9f1d627..0000000
--- a/recipes-security/sssd/sssd_2.5.2.bb
+++ /dev/null
@@ -1,150 +0,0 @@
-SUMMARY = "system security services daemon"
-DESCRIPTION = "SSSD is a system security services daemon"
-HOMEPAGE = "https://pagure.io/SSSD/sssd/"
-SECTION = "base"
-LICENSE = "GPL-3.0-or-later"
-LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-
-DEPENDS = "acl attr openldap cyrus-sasl libtdb ding-libs libpam c-ares krb5 autoconf-archive"
-DEPENDS:append = " libldb dbus libtalloc libpcre glib-2.0 popt e2fsprogs libtevent bind p11-kit"
-
-DEPENDS:append:libc-musl = " musl-nscd"
-
-# If no crypto has been selected, default to DEPEND on nss, since that's what
-# sssd will pick if no active choice is made during configure
-DEPENDS += "${@bb.utils.contains('PACKAGECONFIG', 'nss', '', \
-               bb.utils.contains('PACKAGECONFIG', 'crypto', '', 'nss', d), d)}"
-
-SRC_URI = "https://github.com/SSSD/sssd/releases/download/${PV}/sssd-${PV}.tar.gz \
-           file://sssd.conf \
-           file://volatiles.99_sssd \
-           file://no_gen.patch \
-           file://fix_gid.patch \
-           file://drop_ntpdate_chk.patch \
-           file://fix-ldblibdir.patch \
-           file://musl_fixup.patch \
-           file://CVE-2021-3621.patch \
-           "
-
-SRC_URI[sha256sum] = "5e21b3c7b4a2f1063d0fbdd3216d29886b6eaba153b44fb5961698367f399a0f"
-
-inherit autotools pkgconfig gettext python3-dir features_check systemd
-
-REQUIRED_DISTRO_FEATURES = "pam"
-
-SSSD_UID ?= "root"
-SSSD_GID ?= "root"
-
-CACHED_CONFIGUREVARS = "ac_cv_member_struct_ldap_conncb_lc_arg=no \
-    ac_cv_prog_HAVE_PYTHON3=${PYTHON_DIR} \
-    "
-
-PACKAGECONFIG ?="nss nscd autofs sudo infopipe"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'selinux', 'selinux', '', d)}"
-PACKAGECONFIG += "${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'systemd', '', d)}"
-
-PACKAGECONFIG[autofs] = "--with-autofs, --with-autofs=no"
-PACKAGECONFIG[crypto] = ", , libcrypto"
-PACKAGECONFIG[curl] = "--with-kcm, --without-kcm, curl jansson"
-PACKAGECONFIG[infopipe] = "--with-infopipe, --with-infopipe=no, "
-PACKAGECONFIG[manpages] = "--with-manpages, --with-manpages=no, libxslt-native docbook-xml-dtd4-native docbook-xsl-stylesheets-native"
-PACKAGECONFIG[nl] = "--with-libnl, --with-libnl=no, libnl"
-PACKAGECONFIG[nscd] = "--with-nscd=${sbindir}, --with-nscd=no "
-PACKAGECONFIG[nss] = ", ,nss,"
-PACKAGECONFIG[python3] = "--with-python3-bindings, --without-python3-bindings"
-PACKAGECONFIG[samba] = "--with-samba, --with-samba=no, samba"
-PACKAGECONFIG[selinux] = "--with-selinux, --with-selinux=no --with-semanage=no, libselinux"
-PACKAGECONFIG[ssh] = "--with-ssh, --with-ssh=no, "
-PACKAGECONFIG[sudo] = "--with-sudo, --with-sudo=no, "
-PACKAGECONFIG[systemd] = "--with-initscript=systemd,--with-initscript=sysv"
-
-EXTRA_OECONF += " \
-    --disable-cifs-idmap-plugin \
-    --without-nfsv4-idmapd-plugin \
-    --without-ipa-getkeytab \
-    --without-python2-bindings \
-    --enable-pammoddir=${base_libdir}/security \
-    --without-python2-bindings \
-    --without-secrets \
-    --with-xml-catalog-path=${STAGING_ETCDIR_NATIVE}/xml/catalog \
-    --with-pid-path=/run \
-"
-
-do_configure:prepend() {
-    mkdir -p ${AUTOTOOLS_AUXDIR}/build
-    cp ${STAGING_DATADIR_NATIVE}/gettext/config.rpath ${AUTOTOOLS_AUXDIR}/build/
-
-    # libresove has host path, remove it
-    sed -i -e "s#\$sss_extra_libdir##" ${S}/src/external/libresolv.m4
-}
-
-do_compile:prepend () {
-     echo '#define NSUPDATE_PATH "${bindir}"' >> ${B}/config.h
-}
-do_install () {
-    oe_runmake install  DESTDIR="${D}"
-    rmdir --ignore-fail-on-non-empty "${D}/${bindir}"
-    install -d ${D}/${sysconfdir}/${BPN}
-    install -m 600 ${WORKDIR}/${BPN}.conf ${D}/${sysconfdir}/${BPN}
-
-    # /var/log/sssd needs to be created in runtime. Use rmdir to catch if
-    # upstream stops creating /var/log/sssd, or adds something else in
-    # /var/log.
-    rmdir ${D}${localstatedir}/log/${BPN} ${D}${localstatedir}/log
-    rmdir --ignore-fail-on-non-empty ${D}${localstatedir}
-
-    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-        install -d ${D}${sysconfdir}/tmpfiles.d
-        echo "d /var/log/sssd 0750 - - - -" > ${D}${sysconfdir}/tmpfiles.d/sss.conf
-    fi
-
-    if [ "${@bb.utils.filter('DISTRO_FEATURES', 'sysvinit', d)}" ]; then
-        install -d ${D}${sysconfdir}/default/volatiles
-        echo "d ${SSSD_UID}:${SSSD_GID} 0755 ${localstatedir}/log/${BPN} none" > ${D}${sysconfdir}/default/volatiles/99_${BPN}
-    fi
-
-    # Remove /run as it is created on startup
-    rm -rf ${D}/run
-
-    rm -f ${D}${systemd_system_unitdir}/sssd-secrets.*
-}
-
-pkg_postinst_ontarget:${PN} () {
-if [ -e /etc/init.d/populate-volatile.sh ] ; then
-    ${sysconfdir}/init.d/populate-volatile.sh update
-fi
-    chown ${SSSD_UID}:${SSSD_GID} ${sysconfdir}/${BPN}/${BPN}.conf
-}
-
-FILES:${PN} += "${nonarch_libdir}/tmpfiles.d"
-
-CONFFILES:${PN} = "${sysconfdir}/${BPN}/${BPN}.conf"
-
-INITSCRIPT_NAME = "sssd"
-INITSCRIPT_PARAMS = "start 02 5 3 2 . stop 20 0 1 6 ."
-SYSTEMD_SERVICE:${PN} = " \
-    ${@bb.utils.contains('PACKAGECONFIG', 'autofs', 'sssd-autofs.service sssd-autofs.socket', '', d)} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'curl', 'sssd-kcm.service sssd-kcm.socket', '', d)} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'infopipe', 'sssd-ifp.service ', '', d)} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'ssh', 'sssd-ssh.service sssd-ssh.socket', '', d)} \
-    ${@bb.utils.contains('PACKAGECONFIG', 'sudo', 'sssd-sudo.service sssd-sudo.socket', '', d)} \
-    sssd-nss.service \
-    sssd-nss.socket \
-    sssd-pam-priv.socket \
-    sssd-pam.service \
-    sssd-pam.socket \
-    sssd.service \
-"
-SYSTEMD_AUTO_ENABLE = "disable"
-
-PACKAGES =+ "libsss-sudo"
-ALLOW_EMPTY:libsss-sudo = "1"
-
-FILES:${PN} += "${base_libdir}/security/pam_sss*.so  \
-                ${datadir}/dbus-1/system-services/*.service \
-                ${libdir}/krb5/* \
-                ${libdir}/ldb/* \
-                "
-FILES:libsss-sudo = "${libdir}/libsss_sudo.so"
-
-RDEPENDS:${PN} = "bind bind-utils dbus libldb libpam libsss-sudo"