Hello community, here is the log from the commit of package samba checked in at Thu Nov 2 20:25:14 CET 2006. -------- --- samba/samba.changes 2006-10-24 17:11:48.000000000 +0200 +++ /mounts/work_src_done/STABLE/samba/samba.changes 2006-10-27 16:42:18.000000000 +0200 @@ -1,0 +2,6 @@ +Thu Oct 26 16:29:03 CEST 2006 - gd@suse.de + +- Fix pam_winbind overriding syslog settings; [#201756]. +- Fix profilepath pam_set_data for other PAM modules; [#215707]. + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ samba-doc.spec ++++++ --- /var/tmp/diff_new_pack.rOt9PO/_old 2006-11-02 20:24:59.000000000 +0100 +++ /var/tmp/diff_new_pack.rOt9PO/_new 2006-11-02 20:24:59.000000000 +0100 @@ -15,10 +15,10 @@ %define samba_ver 3.0.23c %define samba_ver_suffix %nil %define samba_ver_full %{samba_ver}%{samba_ver_suffix} -License: Other License(s), see package +License: GNU General Public License (GPL) - all versions URL: http://www.samba.org/ Version: 3.0.23c -Release: 14 +Release: 16 Summary: Samba Documentation Group: Documentation/Other Autoreqprov: on ++++++ samba.spec ++++++ --- /var/tmp/diff_new_pack.rOt9PO/_old 2006-11-02 20:24:59.000000000 +0100 +++ /var/tmp/diff_new_pack.rOt9PO/_new 2006-11-02 20:24:59.000000000 +0100 @@ -22,7 +22,7 @@ URL: http://www.samba.org/ Autoreqprov: on Version: 3.0.23c -Release: 13 +Release: 15 Provides: sambaxp = %{version}-%{release} samba3 = %{version}-%{release} Obsoletes: samba-classic samba-ldap sambaxp samba3 < %{version} Requires: samba-client >= %{version} @@ -159,7 +159,7 @@ Group: Productivity/Networking/Samba Autoreqprov: on Version: 1.34a -Release: 45 +Release: 47 Requires: perl-ldap %endif %if %{suse_version} > 920 @@ -174,7 +174,7 @@ Group: Productivity/Networking/Samba Autoreqprov: on Version: 0.3.6b -Release: 69 +Release: 71 Provides: samba3-vscan = 0.3.6b Obsoletes: samba3-vscan Requires: samba = %{samba_ver} @@ -1040,6 +1040,7 @@ + %endif %if %{suse_version} < 1001 @@ -1173,6 +1174,9 @@ %endif %changelog -n samba +* Thu Oct 26 2006 - gd@suse.de +- Fix pam_winbind overriding syslog settings; [#201756]. +- Fix profilepath pam_set_data for other PAM modules; [#215707]. * Mon Oct 23 2006 - gd@suse.de - Fix timeout handling for winbindd (samr, netlogon). - Fix gencache access; [#209409, #211281]. ++++++ patches.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/18484 new/patches/samba.org/18484 --- old/patches/samba.org/18484 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/18484 2006-10-26 16:04:24.000000000 +0200 @@ -0,0 +1,787 @@ +------------------------------------------------------------------------ +r18484 | gd | 2006-09-13 18:39:52 +0200 (Wed, 13 Sep 2006) | 10 lines + +Start some cleanup on pam_winbind's syslogging: + +* as openlog() is non-reentrant and pam_winbind thereby overrides the + syslog settings of the calling application, directly call syslog (or + pam_vsyslog if available) + +* support the PAM_SILENT flag to avoid any log messages beeing created + +Guenther + +------------------------------------------------------------------------ +Index: source/nsswitch/pam_winbind.c +=================================================================== +--- source/nsswitch/pam_winbind.c.orig ++++ source/nsswitch/pam_winbind.c +@@ -17,39 +17,75 @@ + #define MAX_PASSWD_TRIES 3 + + /* some syslogging */ +-static void _pam_log(int err, const char *format, ...) ++ ++static void _pam_log_int(const pam_handle_t *pamh, int err, const char *format, va_list args) ++{ ++ ++#ifdef HAVE_PAM_VSYSLOG ++ pam_vsyslog(pamh, err, format, args); ++#else ++ { ++ ++ char *format2 = NULL; ++ const char *service; ++ ++ pam_get_item(pamh, PAM_SERVICE, (const void **)&service); ++ ++ format2 = malloc(strlen(MODULE_NAME)+strlen(format)+strlen(service)+5); ++ if (format2 == NULL) { ++ /* what else todo ? */ ++ vsyslog(err, format, args); ++ return; ++ } ++ ++ sprintf(format2, "%s(%s): %s", MODULE_NAME, service, format); ++ vsyslog(err, format2, args); ++ SAFE_FREE(format2); ++ } ++#endif ++} ++ ++static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) + { + va_list args; + ++ if (ctrl & WINBIND_SILENT) { ++ return; ++ } ++ + va_start(args, format); +- openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH); +- vsyslog(err, format, args); ++ _pam_log_int(pamh, err, format, args); + va_end(args); +- closelog(); + } + +-static void _pam_log_debug(int ctrl, int err, const char *format, ...) ++static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...) + { + va_list args; + ++ if (ctrl & WINBIND_SILENT) { ++ return; ++ } ++ + if (!(ctrl & WINBIND_DEBUG_ARG)) { + return; + } + + va_start(args, format); +- openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH); +- vsyslog(err, format, args); ++ _pam_log_int(pamh, err, format, args); + va_end(args); +- closelog(); + } + +-static int _pam_parse(int argc, const char **argv, dictionary **d) ++static int _pam_parse(const pam_handle_t *pamh, int flags, int argc, const char **argv, dictionary **d) + { + int ctrl = 0; + const char *config_file = NULL; + int i; + const char **v; + ++ if (flags & PAM_SILENT) { ++ ctrl |= WINBIND_SILENT; ++ } ++ + if (d == NULL) { + goto config_from_pam; + } +@@ -83,6 +119,10 @@ static int _pam_parse(int argc, const ch + ctrl |= WINBIND_KRB5_AUTH; + } + ++ if (iniparser_getboolean(*d, CONST_DISCARD(char *, "global:silent"), False)) { ++ ctrl |= WINBIND_SILENT; ++ } ++ + if (iniparser_getstr(*d, CONST_DISCARD(char *,"global:krb5_ccache_type")) != NULL) { + ctrl |= WINBIND_KRB5_CCACHE_TYPE; + } +@@ -118,7 +158,7 @@ config_from_pam: + else if (!strcasecmp(*v, "cached_login")) + ctrl |= WINBIND_CACHED_LOGIN; + else { +- _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *v); ++ _pam_log(pamh, ctrl, LOG_ERR, "pam_parse: unknown option; %s", *v); + } + + } +@@ -229,14 +269,14 @@ static int pam_winbind_request(pam_handl + init_request(request, req_type); + + if (write_sock(request, sizeof(*request), 0) == -1) { +- _pam_log(LOG_ERR, "write to socket failed!"); ++ _pam_log(pamh, ctrl, LOG_ERR, "pam_winbind_request: write to socket failed!"); + close_sock(); + return PAM_SERVICE_ERR; + } + + /* Wait for reply */ + if (read_reply(response) == -1) { +- _pam_log(LOG_ERR, "read from socket failed!"); ++ _pam_log(pamh, ctrl, LOG_ERR, "pam_winbind_request: read from socket failed!"); + close_sock(); + return PAM_SERVICE_ERR; + } +@@ -247,14 +287,14 @@ static int pam_winbind_request(pam_handl + /* Copy reply data from socket */ + if (response->result != WINBINDD_OK) { + if (response->data.auth.pam_error != PAM_SUCCESS) { +- _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s", ++ _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s", + response->data.auth.error_string, + pam_strerror(pamh, response->data.auth.pam_error), + response->data.auth.pam_error, + response->data.auth.nt_status_string); + return response->data.auth.pam_error; + } else { +- _pam_log(LOG_ERR, "request failed, but PAM error 0!"); ++ _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!"); + return PAM_SERVICE_ERR; + } + } +@@ -262,7 +302,7 @@ static int pam_winbind_request(pam_handl + return PAM_SUCCESS; + } + +-static int pam_winbind_request_log(pam_handle_t * pamh, ++static int pam_winbind_request_log(pam_handle_t * pamh, + int ctrl, + enum winbindd_cmd req_type, + struct winbindd_request *request, +@@ -276,23 +316,23 @@ static int pam_winbind_request_log(pam_h + switch (retval) { + case PAM_AUTH_ERR: + /* incorrect password */ +- _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password or invalid membership)", user); ++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' denied access (incorrect password or invalid membership)", user); + return retval; + case PAM_ACCT_EXPIRED: + /* account expired */ +- _pam_log(LOG_WARNING, "user `%s' account expired", user); ++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' account expired", user); + return retval; + case PAM_AUTHTOK_EXPIRED: + /* password expired */ +- _pam_log(LOG_WARNING, "user `%s' password expired", user); ++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' password expired", user); + return retval; + case PAM_NEW_AUTHTOK_REQD: + /* new password required */ +- _pam_log(LOG_WARNING, "user `%s' new password required", user); ++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' new password required", user); + return retval; + case PAM_USER_UNKNOWN: + /* the user does not exist */ +- _pam_log_debug(ctrl, LOG_NOTICE, "user `%s' not found", user); ++ _pam_log_debug(pamh, ctrl, LOG_NOTICE, "user '%s' not found", user); + if (ctrl & WINBIND_UNKNOWN_OK_ARG) { + return PAM_IGNORE; + } +@@ -300,26 +340,26 @@ static int pam_winbind_request_log(pam_h + case PAM_SUCCESS: + if (req_type == WINBINDD_PAM_AUTH) { + /* Otherwise, the authentication looked good */ +- _pam_log(LOG_NOTICE, "user '%s' granted access", user); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' granted access", user); + } else if (req_type == WINBINDD_PAM_CHAUTHTOK) { + /* Otherwise, the authentication looked good */ +- _pam_log(LOG_NOTICE, "user '%s' password changed", user); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' password changed", user); + } else { + /* Otherwise, the authentication looked good */ +- _pam_log(LOG_NOTICE, "user '%s' OK", user); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' OK", user); + } + + return retval; + default: + /* we don't know anything about this return value */ +- _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s')", ++ _pam_log(pamh, ctrl, LOG_ERR, "internal module error (retval = %d, user = '%s')", + retval, user); + return retval; + } + } + + /* talk to winbindd */ +-static int winbind_auth_request(pam_handle_t * pamh, ++static int winbind_auth_request(pam_handle_t * pamh, + int ctrl, + const char *user, + const char *pass, +@@ -354,7 +394,7 @@ static int winbind_auth_request(pam_hand + + struct passwd *pwd = NULL; + +- _pam_log_debug(ctrl, LOG_DEBUG, "enabling krb5 login flag\n"); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling krb5 login flag\n"); + + request.flags |= WBFLAG_PAM_KRB5 | WBFLAG_PAM_FALLBACK_AFTER_KRB5; + +@@ -366,14 +406,14 @@ static int winbind_auth_request(pam_hand + } + + if (ctrl & WINBIND_CACHED_LOGIN) { +- _pam_log_debug(ctrl, LOG_DEBUG, "enabling cached login flag\n"); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling cached login flag\n"); + request.flags |= WBFLAG_PAM_CACHED_LOGIN; + } + + if (cctype != NULL) { + strncpy(request.data.auth.krb5_cc_type, cctype, + sizeof(request.data.auth.krb5_cc_type) - 1); +- _pam_log_debug(ctrl, LOG_DEBUG, "enabling request for a %s krb5 ccache\n", cctype); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling request for a %s krb5 ccache\n", cctype); + } + + request.data.auth.require_membership_of_sid[0] = '\0'; +@@ -392,14 +432,14 @@ static int winbind_auth_request(pam_hand + ZERO_STRUCT(sid_request); + ZERO_STRUCT(sid_response); + +- _pam_log_debug(ctrl, LOG_DEBUG, "no sid given, looking up: %s\n", member); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "no sid given, looking up: %s\n", member); + + /* fortunatly winbindd can handle non-separated names */ + strncpy(sid_request.data.name.name, member, + sizeof(sid_request.data.name.name) - 1); + + if (pam_winbind_request_log(pamh, ctrl, WINBINDD_LOOKUPNAME, &sid_request, &sid_response, user)) { +- _pam_log(LOG_INFO, "could not lookup name: %s\n", member); ++ _pam_log(pamh, ctrl, LOG_INFO, "could not lookup name: %s\n", member); + return PAM_AUTH_ERR; + } + +@@ -420,14 +460,14 @@ static int winbind_auth_request(pam_hand + + char var[PATH_MAX]; + +- _pam_log_debug(ctrl, LOG_DEBUG, "request returned KRB5CCNAME: %s", ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "request returned KRB5CCNAME: %s", + response.data.auth.krb5ccname); + + snprintf(var, sizeof(var), "KRB5CCNAME=%s", response.data.auth.krb5ccname); + + ret = pam_putenv(pamh, var); + if (ret != PAM_SUCCESS) { +- _pam_log(LOG_ERR, "failed to set KRB5CCNAME to %s", var); ++ _pam_log(pamh, ctrl, LOG_ERR, "failed to set KRB5CCNAME to %s", var); + return ret; + } + } +@@ -457,7 +497,7 @@ static int winbind_auth_request(pam_hand + + ret = PAM_AUTHTOK_EXPIRED; + +- _pam_log_debug(ctrl, LOG_DEBUG,"Password has expired (Password was last set: %d, " ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,"Password has expired (Password was last set: %d, " + "the policy says it should expire here %d (now it's: %d)\n", + response.data.auth.info3.pass_last_set_time, + response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire, +@@ -480,7 +520,7 @@ static int winbind_auth_request(pam_hand + + if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) { + _make_remark(pamh, PAM_ERROR_MSG, "Logging on using cached account. Network ressources can be unavailable"); +- _pam_log_debug(ctrl, LOG_DEBUG,"User %s logged on using cached account\n", user); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,"User %s logged on using cached account\n", user); + } + + /* save the CIFS homedir for pam_cifs / pam_mount */ +@@ -490,7 +530,7 @@ static int winbind_auth_request(pam_hand + (void *) strdup(response.data.auth.info3.home_dir), + _pam_winbind_cleanup_func); + if (ret2) { +- _pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s", ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s", + pam_strerror(pamh, ret2)); + } + +@@ -503,7 +543,7 @@ static int winbind_auth_request(pam_hand + (void *) strdup(response.data.auth.info3.logon_script), + _pam_winbind_cleanup_func); + if (ret2) { +- _pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s", ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s", + pam_strerror(pamh, ret2)); + } + } +@@ -589,7 +629,7 @@ static int winbind_chauthtok_request(pam + _make_remark(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements"); + break; + default: +- _pam_log_debug(ctrl, LOG_DEBUG, ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, + "unknown password change reject reason: %d", + response.data.auth.reject_reason); + break; +@@ -620,7 +660,7 @@ static int winbind_chauthtok_request(pam + * 0 = OK + * -1 = System error + */ +-static int valid_user(const char *user, pam_handle_t *pamh, int ctrl) ++static int valid_user(pam_handle_t *pamh, int ctrl, const char *user) + { + /* check not only if the user is available over NSS calls, also make + * sure it's really a winbind user, this is important when stacking PAM +@@ -698,7 +738,7 @@ static int _winbind_read_password(pam_ha + retval = pam_get_item(pamh, authtok_flag, (const void **) &item); + if (retval != PAM_SUCCESS) { + /* very strange. */ +- _pam_log(LOG_ALERT, ++ _pam_log(pamh, ctrl, LOG_ALERT, + "pam_get_item returned error to unix-read-password" + ); + return retval; +@@ -767,7 +807,7 @@ static int _winbind_read_password(pam_ha + } + } + } else { +- _pam_log(LOG_NOTICE, "could not recover authentication token"); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "could not recover authentication token"); + retval = PAM_AUTHTOK_RECOVER_ERR; + } + +@@ -786,7 +826,7 @@ static int _winbind_read_password(pam_ha + } + + if (retval != PAM_SUCCESS) { +- _pam_log_debug(ctrl, LOG_DEBUG, ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, + "unable to obtain a password"); + return retval; + } +@@ -799,7 +839,7 @@ static int _winbind_read_password(pam_ha + if (retval != PAM_SUCCESS || + (retval = pam_get_item(pamh, authtok_flag, (const void **) &item)) != PAM_SUCCESS) { + +- _pam_log(LOG_CRIT, "error manipulating password"); ++ _pam_log(pamh, ctrl, LOG_CRIT, "error manipulating password"); + return retval; + + } +@@ -810,19 +850,20 @@ static int _winbind_read_password(pam_ha + return PAM_SUCCESS; + } + +-const char *get_conf_item_string(int argc, ++const char *get_conf_item_string(const pam_handle_t *pamh, ++ int argc, + const char **argv, + int ctrl, + dictionary *d, + const char *item, +- int flag) ++ int config_flag) + { + int i = 0; + char *parm = NULL; + const char *parm_opt = NULL; + char *key = NULL; + +- if (!(ctrl & flag)) { ++ if (!(ctrl & config_flag)) { + goto out; + } + +@@ -846,36 +887,36 @@ const char *get_conf_item_string(int arg + parm = strdup(argv[i]); + + if ( (p = strchr( parm, '=' )) == NULL) { +- _pam_log(LOG_INFO, "no "=" delimiter for "%s" found\n", item); ++ _pam_log(pamh, ctrl, LOG_INFO, "no "=" delimiter for "%s" found\n", item); + goto out; + } + SAFE_FREE(parm); +- _pam_log_debug(ctrl, LOG_INFO, "PAM config: %s '%s'\n", item, p+1); ++ _pam_log_debug(pamh, ctrl, LOG_INFO, "PAM config: %s '%s'\n", item, p+1); + return p + 1; + } + } + + if (d != NULL) { +- _pam_log_debug(ctrl, LOG_INFO, "CONFIG file: %s '%s'\n", item, parm_opt); ++ _pam_log_debug(pamh, ctrl, LOG_INFO, "CONFIG file: %s '%s'\n", item, parm_opt); + } + out: + SAFE_FREE(parm); + return parm_opt; + } + +-const char *get_krb5_cc_type_from_config(int argc, const char **argv, int ctrl, dictionary *d) ++const char *get_krb5_cc_type_from_config(const pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d) + { +- return get_conf_item_string(argc, argv, ctrl, d, "krb5_ccache_type", WINBIND_KRB5_CCACHE_TYPE); ++ return get_conf_item_string(pamh, argc, argv, ctrl, d, "krb5_ccache_type", WINBIND_KRB5_CCACHE_TYPE); + } + +-const char *get_member_from_config(int argc, const char **argv, int ctrl, dictionary *d) ++const char *get_member_from_config(const pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d) + { + const char *ret = NULL; +- ret = get_conf_item_string(argc, argv, ctrl, d, "require_membership_of", WINBIND_REQUIRED_MEMBERSHIP); ++ ret = get_conf_item_string(pamh, argc, argv, ctrl, d, "require_membership_of", WINBIND_REQUIRED_MEMBERSHIP); + if (ret) { + return ret; + } +- return get_conf_item_string(argc, argv, ctrl, d, "require-membership-of", WINBIND_REQUIRED_MEMBERSHIP); ++ return get_conf_item_string(pamh, argc, argv, ctrl, d, "require-membership-of", WINBIND_REQUIRED_MEMBERSHIP); + } + + PAM_EXTERN +@@ -890,18 +931,18 @@ int pam_sm_authenticate(pam_handle_t *pa + dictionary *d; + + /* parse arguments */ +- int ctrl = _pam_parse(argc, argv, &d); ++ int ctrl = _pam_parse(pamh, flags, argc, argv, &d); + if (ctrl == -1) { + retval = PAM_SYSTEM_ERR; + goto out; + } + +- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_authenticate (flags: 0x%04x)", flags); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_authenticate (flags: 0x%04x)", flags); + + /* Get the username */ + retval = pam_get_user(pamh, &username, NULL); + if ((retval != PAM_SUCCESS) || (!username)) { +- _pam_log_debug(ctrl, LOG_DEBUG, "can not get the username"); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "can not get the username"); + retval = PAM_SERVICE_ERR; + goto out; + } +@@ -911,7 +952,7 @@ int pam_sm_authenticate(pam_handle_t *pa + &password); + + if (retval != PAM_SUCCESS) { +- _pam_log(LOG_ERR, "Could not retrieve user's password"); ++ _pam_log(pamh, ctrl, LOG_ERR, "Could not retrieve user's password"); + retval = PAM_AUTHTOK_ERR; + goto out; + } +@@ -919,15 +960,15 @@ int pam_sm_authenticate(pam_handle_t *pa + /* Let's not give too much away in the log file */ + + #ifdef DEBUG_PASSWORD +- _pam_log_debug(ctrl, LOG_INFO, "Verify user `%s' with password `%s'", ++ _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s' with password '%s'", + username, password); + #else +- _pam_log_debug(ctrl, LOG_INFO, "Verify user `%s'", username); ++ _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", username); + #endif + +- member = get_member_from_config(argc, argv, ctrl, d); ++ member = get_member_from_config(pamh, argc, argv, ctrl, d); + +- cctype = get_krb5_cc_type_from_config(argc, argv, ctrl, d); ++ cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d); + + /* Now use the username to look up password */ + retval = winbind_auth_request(pamh, ctrl, username, password, member, cctype, True, NULL); +@@ -960,12 +1001,12 @@ int pam_sm_setcred(pam_handle_t *pamh, i + int argc, const char **argv) + { + /* parse arguments */ +- int ctrl = _pam_parse(argc, argv, NULL); ++ int ctrl = _pam_parse(pamh, flags, argc, argv, NULL); + if (ctrl == -1) { + return PAM_SYSTEM_ERR; + } + +- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_setcred (flags: 0x%04x)", flags); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_setcred (flags: 0x%04x)", flags); + + if (flags & PAM_DELETE_CRED) { + return pam_sm_close_session(pamh, flags, argc, argv); +@@ -987,30 +1028,30 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, + void *tmp = NULL; + + /* parse arguments */ +- int ctrl = _pam_parse(argc, argv, NULL); ++ int ctrl = _pam_parse(pamh, flags, argc, argv, NULL); + if (ctrl == -1) { + return PAM_SYSTEM_ERR; + } + +- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_acct_mgmt (flags: 0x%04x)", flags); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_acct_mgmt (flags: 0x%04x)", flags); + + + /* Get the username */ + retval = pam_get_user(pamh, &username, NULL); + if ((retval != PAM_SUCCESS) || (!username)) { +- _pam_log_debug(ctrl, LOG_DEBUG,"can not get the username"); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,"can not get the username"); + return PAM_SERVICE_ERR; + } + + /* Verify the username */ +- retval = valid_user(username, pamh, ctrl); ++ retval = valid_user(pamh, ctrl, username); + switch (retval) { + case -1: + /* some sort of system error. The log was already printed */ + return PAM_SERVICE_ERR; + case 1: + /* the user does not exist */ +- _pam_log_debug(ctrl, LOG_NOTICE, "user `%s' not found", username); ++ _pam_log_debug(pamh, ctrl, LOG_NOTICE, "user '%s' not found", username); + if (ctrl & WINBIND_UNKNOWN_OK_ARG) { + return PAM_IGNORE; + } +@@ -1023,24 +1064,24 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, + case PAM_AUTHTOK_EXPIRED: + /* fall through, since new token is required in this case */ + case PAM_NEW_AUTHTOK_REQD: +- _pam_log(LOG_WARNING, "pam_sm_acct_mgmt success but %s is set", ++ _pam_log(pamh, ctrl, LOG_WARNING, "pam_sm_acct_mgmt success but %s is set", + PAM_WINBIND_NEW_AUTHTOK_REQD); +- _pam_log(LOG_NOTICE, "user '%s' needs new password", username); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' needs new password", username); + /* PAM_AUTHTOKEN_REQD does not exist, but is documented in the manpage */ + return PAM_NEW_AUTHTOK_REQD; + default: +- _pam_log(LOG_WARNING, "pam_sm_acct_mgmt success"); +- _pam_log(LOG_NOTICE, "user '%s' granted access", username); ++ _pam_log(pamh, ctrl, LOG_WARNING, "pam_sm_acct_mgmt success"); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' granted access", username); + return PAM_SUCCESS; + } + } + + /* Otherwise, the authentication looked good */ +- _pam_log(LOG_NOTICE, "user '%s' granted access", username); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' granted access", username); + return PAM_SUCCESS; + default: + /* we don't know anything about this return value */ +- _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s')", ++ _pam_log(pamh, ctrl, LOG_ERR, "internal module error (retval = %d, user = '%s')", + retval, username); + return PAM_SERVICE_ERR; + } +@@ -1054,12 +1095,12 @@ int pam_sm_open_session(pam_handle_t *pa + int argc, const char **argv) + { + /* parse arguments */ +- int ctrl = _pam_parse(argc, argv, NULL); ++ int ctrl = _pam_parse(pamh, flags, argc, argv, NULL); + if (ctrl == -1) { + return PAM_SYSTEM_ERR; + } + +- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_open_session handler (flags: 0x%04x)", flags); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_open_session handler (flags: 0x%04x)", flags); + + return PAM_SUCCESS; + } +@@ -1072,13 +1113,13 @@ int pam_sm_close_session(pam_handle_t *p + int retval = PAM_SUCCESS; + + /* parse arguments */ +- int ctrl = _pam_parse(argc, argv, &d); ++ int ctrl = _pam_parse(pamh, flags, argc, argv, &d); + if (ctrl == -1) { + retval = PAM_SYSTEM_ERR; + goto out; + } + +- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_close_session handler (flags: 0x%04x)", flags); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_close_session handler (flags: 0x%04x)", flags); + + if (!(flags & PAM_DELETE_CRED)) { + retval = PAM_SUCCESS; +@@ -1100,21 +1141,21 @@ int pam_sm_close_session(pam_handle_t *p + retval = pam_get_user(pamh, &user, "Username: "); + if (retval == PAM_SUCCESS) { + if (user == NULL) { +- _pam_log(LOG_ERR, "username was NULL!"); ++ _pam_log(pamh, ctrl, LOG_ERR, "username was NULL!"); + retval = PAM_USER_UNKNOWN; + goto out; + } + if (retval == PAM_SUCCESS) { +- _pam_log_debug(ctrl, LOG_DEBUG, "username [%s] obtained", user); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "username [%s] obtained", user); + } + } else { +- _pam_log_debug(ctrl, LOG_DEBUG, "could not identify user"); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "could not identify user"); + goto out; + } + + ccname = pam_getenv(pamh, "KRB5CCNAME"); + if (ccname == NULL) { +- _pam_log_debug(ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment"); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment"); + retval = PAM_SUCCESS; + goto out; + } +@@ -1164,13 +1205,13 @@ int pam_sm_chauthtok(pam_handle_t * pamh + int retry = 0; + dictionary *d; + +- ctrl = _pam_parse(argc, argv, &d); ++ ctrl = _pam_parse(pamh, flags, argc, argv, &d); + if (ctrl == -1) { + retval = PAM_SYSTEM_ERR; + goto out; + } + +- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_chauthtok (flags: 0x%04x)", flags); ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_chauthtok (flags: 0x%04x)", flags); + + /* clearing offline bit for the auth in the password change */ + ctrl &= ~WINBIND_CACHED_LOGIN; +@@ -1181,22 +1222,22 @@ int pam_sm_chauthtok(pam_handle_t * pamh + retval = pam_get_user(pamh, &user, "Username: "); + if (retval == PAM_SUCCESS) { + if (user == NULL) { +- _pam_log(LOG_ERR, "username was NULL!"); ++ _pam_log(pamh, ctrl, LOG_ERR, "username was NULL!"); + retval = PAM_USER_UNKNOWN; + goto out; + } + if (retval == PAM_SUCCESS) { +- _pam_log_debug(ctrl, LOG_DEBUG, "username [%s] obtained", ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "username [%s] obtained", + user); + } + } else { +- _pam_log_debug(ctrl, LOG_DEBUG, ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, + "password - could not identify user"); + goto out; + } + + /* check if this is really a user in winbindd, not only in NSS */ +- retval = valid_user(user, pamh, ctrl); ++ retval = valid_user(pamh, ctrl, user); + switch (retval) { + case 1: + retval = PAM_USER_UNKNOWN; +@@ -1221,7 +1262,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh + #define greeting "Changing password for " + Announce = (char *) malloc(sizeof(greeting) + strlen(user)); + if (Announce == NULL) { +- _pam_log(LOG_CRIT, "password - out of memory"); ++ _pam_log(pamh, ctrl, LOG_CRIT, "password - out of memory"); + retval = PAM_BUF_ERR; + goto out; + } +@@ -1236,7 +1277,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh + NULL, + (const char **) &pass_old); + if (retval != PAM_SUCCESS) { +- _pam_log(LOG_NOTICE, "password - (old) token not obtained"); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "password - (old) token not obtained"); + goto out; + } + /* verify that this is the password for this user */ +@@ -1256,7 +1297,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh + retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old); + pass_old = NULL; + if (retval != PAM_SUCCESS) { +- _pam_log(LOG_CRIT, "failed to set PAM_OLDAUTHTOK"); ++ _pam_log(pamh, ctrl, LOG_CRIT, "failed to set PAM_OLDAUTHTOK"); + } + } else if (flags & PAM_UPDATE_AUTHTOK) { + +@@ -1274,7 +1315,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh + (const void **) &pass_old); + + if (retval != PAM_SUCCESS) { +- _pam_log(LOG_NOTICE, "user not authenticated"); ++ _pam_log(pamh, ctrl, LOG_NOTICE, "user not authenticated"); + goto out; + } + +@@ -1298,7 +1339,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh + (const char **) &pass_new); + + if (retval != PAM_SUCCESS) { +- _pam_log_debug(ctrl, LOG_ALERT ++ _pam_log_debug(pamh, ctrl, LOG_ALERT + ,"password - new password not obtained"); + pass_old = NULL;/* tidy up */ + goto out; +@@ -1333,8 +1374,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh + + if (ctrl & WINBIND_KRB5_AUTH) { + +- const char *member = get_member_from_config(argc, argv, ctrl, d); +- const char *cctype = get_krb5_cc_type_from_config(argc, argv, ctrl, d); ++ const char *member = get_member_from_config(pamh, argc, argv, ctrl, d); ++ const char *cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d); + + retval = winbind_auth_request(pamh, ctrl, user, pass_new, member, cctype, False, NULL); + _pam_overwrite(pass_new); +Index: source/nsswitch/pam_winbind.h +=================================================================== +--- source/nsswitch/pam_winbind.h.orig ++++ source/nsswitch/pam_winbind.h +@@ -43,7 +43,7 @@ + #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR + #endif + +-#endif ++#endif /* defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX) */ + + #ifdef HAVE_SECURITY_PAM_MODULES_H + #include <security/pam_modules.h> +@@ -82,6 +82,10 @@ do { \ + #define _pam_drop(X) SAFE_FREE(X) + + #define x_strdup(s) ( (s) ? strdup(s):NULL ) ++#endif /* HAVE_SECURITY__PAM_MACROS_H */ ++ ++#ifdef HAVE_SECURITY_PAM_EXT_H ++#include <security/pam_ext.h> + #endif + + #define WINBIND_DEBUG_ARG (1<<0) +@@ -95,6 +99,7 @@ do { \ + #define WINBIND_KRB5_CCACHE_TYPE (1<<8) + #define WINBIND_CACHED_LOGIN (1<<9) + #define WINBIND_CONFIG_FILE (1<<10) ++#define WINBIND_SILENT (1<<11) + + /* + * here is the string to inform the user that the new passwords they +Index: source/configure.in +=================================================================== +--- source/configure.in.orig ++++ source/configure.in +@@ -864,6 +864,7 @@ AC_CHECK_HEADERS(sys/termio.h sys/statfs + AC_CHECK_HEADERS(sys/sysmacros.h security/_pam_macros.h dlfcn.h) + AC_CHECK_HEADERS(sys/syslog.h syslog.h) + AC_CHECK_HEADERS(langinfo.h locale.h) ++AC_CHECK_HEADERS(security/pam_ext.h) + + AC_CHECK_HEADERS(rpcsvc/yp_prot.h,,,[[ + #if HAVE_RPC_RPC_H +@@ -3931,6 +3932,7 @@ AC_ARG_WITH(pam, + + # we can't build a pam module if we don't have pam. + AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM,1,[Whether libpam is available])]) ++AC_CHECK_LIB(pam, pam_vsyslog, [AC_DEFINE(HAVE_PAM_VSYSLOG,1,[Whether pam_vsyslog is available])]) + + ################################################# + # check for pam_smbpass support diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/19351 new/patches/samba.org/19351 --- old/patches/samba.org/19351 1970-01-01 01:00:00.000000000 +0100 +++ new/patches/samba.org/19351 2006-10-26 16:45:42.000000000 +0200 @@ -0,0 +1,44 @@ +------------------------------------------------------------------------ +r19351 | gd | 2006-10-17 01:13:56 +0200 (Tue, 17 Oct 2006) | 5 lines + +Also export the info3 profilepath via the PAM_WINBIND_PROFILEPATH data +field. + +Guenther + +------------------------------------------------------------------------ +Index: source/nsswitch/pam_winbind.c +=================================================================== +--- source/nsswitch/pam_winbind.c.orig ++++ source/nsswitch/pam_winbind.c +@@ -548,6 +548,18 @@ static int winbind_auth_request(pam_hand + } + } + ++ /* save the profile path for other PAM modules */ ++ if (response.data.auth.info3.profile_path[0] != '\0') { ++ ++ int ret2 = pam_set_data(pamh, PAM_WINBIND_PROFILEPATH, ++ (void *) strdup(response.data.auth.info3.profile_path), ++ _pam_winbind_cleanup_func); ++ if (ret2) { ++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s", ++ pam_strerror(pamh, ret2)); ++ } ++ } ++ + return ret; + } + +Index: source/nsswitch/pam_winbind.h +=================================================================== +--- source/nsswitch/pam_winbind.h.orig ++++ source/nsswitch/pam_winbind.h +@@ -114,6 +114,7 @@ do { \ + #define PAM_WINBIND_NEW_AUTHTOK_REQD "PAM_WINBIND_NEW_AUTHTOK_REQD" + #define PAM_WINBIND_HOMEDIR "PAM_WINBIND_HOMEDIR" + #define PAM_WINBIND_LOGONSCRIPT "PAM_WINBIND_LOGONSCRIPT" ++#define PAM_WINBIND_PROFILEPATH "PAM_WINBIND_PROFILEPATH" + #define PAM_WINBIND_PWD_LAST_SET "PAM_WINBIND_PWD_LAST_SET" + + #define SECONDS_PER_DAY 86400 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/series new/patches/series --- old/patches/series 2006-10-24 17:11:48.000000000 +0200 +++ new/patches/series 2006-10-26 16:25:21.000000000 +0200 @@ -5,6 +5,8 @@ # allows quilt to work in the usual way (= outside of our RPM spec file). # Samba patches from upstream, svnanon.Samba.org +samba.org/18484 -p0 +samba.org/19351 -p0 # SuSE specific changes # disabled -> WIP lmuelle ++++++ vendor-files.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/vendor-files/tools/package-data new/vendor-files/tools/package-data --- old/vendor-files/tools/package-data 2006-10-24 17:15:44.000000000 +0200 +++ new/vendor-files/tools/package-data 2006-11-01 17:42:39.000000000 +0100 @@ -1,2 +1,2 @@ # This is an autogenrated file. -SAMBA_PACKAGE_SVN_VERSION="1017" +SAMBA_PACKAGE_SVN_VERSION="1019:1020M" ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org