Hello community,
here is the log from the commit of package samba
checked in at Thu Nov 2 20:25:14 CET 2006.
--------
--- samba/samba.changes 2006-10-24 17:11:48.000000000 +0200
+++ /mounts/work_src_done/STABLE/samba/samba.changes 2006-10-27 16:42:18.000000000 +0200
@@ -1,0 +2,6 @@
+Thu Oct 26 16:29:03 CEST 2006 - gd@suse.de
+
+- Fix pam_winbind overriding syslog settings; [#201756].
+- Fix profilepath pam_set_data for other PAM modules; [#215707].
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ samba-doc.spec ++++++
--- /var/tmp/diff_new_pack.rOt9PO/_old 2006-11-02 20:24:59.000000000 +0100
+++ /var/tmp/diff_new_pack.rOt9PO/_new 2006-11-02 20:24:59.000000000 +0100
@@ -15,10 +15,10 @@
%define samba_ver 3.0.23c
%define samba_ver_suffix %nil
%define samba_ver_full %{samba_ver}%{samba_ver_suffix}
-License: Other License(s), see package
+License: GNU General Public License (GPL) - all versions
URL: http://www.samba.org/
Version: 3.0.23c
-Release: 14
+Release: 16
Summary: Samba Documentation
Group: Documentation/Other
Autoreqprov: on
++++++ samba.spec ++++++
--- /var/tmp/diff_new_pack.rOt9PO/_old 2006-11-02 20:24:59.000000000 +0100
+++ /var/tmp/diff_new_pack.rOt9PO/_new 2006-11-02 20:24:59.000000000 +0100
@@ -22,7 +22,7 @@
URL: http://www.samba.org/
Autoreqprov: on
Version: 3.0.23c
-Release: 13
+Release: 15
Provides: sambaxp = %{version}-%{release} samba3 = %{version}-%{release}
Obsoletes: samba-classic samba-ldap sambaxp samba3 < %{version}
Requires: samba-client >= %{version}
@@ -159,7 +159,7 @@
Group: Productivity/Networking/Samba
Autoreqprov: on
Version: 1.34a
-Release: 45
+Release: 47
Requires: perl-ldap
%endif
%if %{suse_version} > 920
@@ -174,7 +174,7 @@
Group: Productivity/Networking/Samba
Autoreqprov: on
Version: 0.3.6b
-Release: 69
+Release: 71
Provides: samba3-vscan = 0.3.6b
Obsoletes: samba3-vscan
Requires: samba = %{samba_ver}
@@ -1040,6 +1040,7 @@
+
%endif
%if %{suse_version} < 1001
@@ -1173,6 +1174,9 @@
%endif
%changelog -n samba
+* Thu Oct 26 2006 - gd@suse.de
+- Fix pam_winbind overriding syslog settings; [#201756].
+- Fix profilepath pam_set_data for other PAM modules; [#215707].
* Mon Oct 23 2006 - gd@suse.de
- Fix timeout handling for winbindd (samr, netlogon).
- Fix gencache access; [#209409, #211281].
++++++ patches.tar.bz2 ++++++
diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/patches/samba.org/18484 new/patches/samba.org/18484
--- old/patches/samba.org/18484 1970-01-01 01:00:00.000000000 +0100
+++ new/patches/samba.org/18484 2006-10-26 16:04:24.000000000 +0200
@@ -0,0 +1,787 @@
+------------------------------------------------------------------------
+r18484 | gd | 2006-09-13 18:39:52 +0200 (Wed, 13 Sep 2006) | 10 lines
+
+Start some cleanup on pam_winbind's syslogging:
+
+* as openlog() is non-reentrant and pam_winbind thereby overrides the
+ syslog settings of the calling application, directly call syslog (or
+ pam_vsyslog if available)
+
+* support the PAM_SILENT flag to avoid any log messages beeing created
+
+Guenther
+
+------------------------------------------------------------------------
+Index: source/nsswitch/pam_winbind.c
+===================================================================
+--- source/nsswitch/pam_winbind.c.orig
++++ source/nsswitch/pam_winbind.c
+@@ -17,39 +17,75 @@
+ #define MAX_PASSWD_TRIES 3
+
+ /* some syslogging */
+-static void _pam_log(int err, const char *format, ...)
++
++static void _pam_log_int(const pam_handle_t *pamh, int err, const char *format, va_list args)
++{
++
++#ifdef HAVE_PAM_VSYSLOG
++ pam_vsyslog(pamh, err, format, args);
++#else
++ {
++
++ char *format2 = NULL;
++ const char *service;
++
++ pam_get_item(pamh, PAM_SERVICE, (const void **)&service);
++
++ format2 = malloc(strlen(MODULE_NAME)+strlen(format)+strlen(service)+5);
++ if (format2 == NULL) {
++ /* what else todo ? */
++ vsyslog(err, format, args);
++ return;
++ }
++
++ sprintf(format2, "%s(%s): %s", MODULE_NAME, service, format);
++ vsyslog(err, format2, args);
++ SAFE_FREE(format2);
++ }
++#endif
++}
++
++static void _pam_log(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
+ {
+ va_list args;
+
++ if (ctrl & WINBIND_SILENT) {
++ return;
++ }
++
+ va_start(args, format);
+- openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH);
+- vsyslog(err, format, args);
++ _pam_log_int(pamh, err, format, args);
+ va_end(args);
+- closelog();
+ }
+
+-static void _pam_log_debug(int ctrl, int err, const char *format, ...)
++static void _pam_log_debug(const pam_handle_t *pamh, int ctrl, int err, const char *format, ...)
+ {
+ va_list args;
+
++ if (ctrl & WINBIND_SILENT) {
++ return;
++ }
++
+ if (!(ctrl & WINBIND_DEBUG_ARG)) {
+ return;
+ }
+
+ va_start(args, format);
+- openlog(MODULE_NAME, LOG_CONS|LOG_PID, LOG_AUTH);
+- vsyslog(err, format, args);
++ _pam_log_int(pamh, err, format, args);
+ va_end(args);
+- closelog();
+ }
+
+-static int _pam_parse(int argc, const char **argv, dictionary **d)
++static int _pam_parse(const pam_handle_t *pamh, int flags, int argc, const char **argv, dictionary **d)
+ {
+ int ctrl = 0;
+ const char *config_file = NULL;
+ int i;
+ const char **v;
+
++ if (flags & PAM_SILENT) {
++ ctrl |= WINBIND_SILENT;
++ }
++
+ if (d == NULL) {
+ goto config_from_pam;
+ }
+@@ -83,6 +119,10 @@ static int _pam_parse(int argc, const ch
+ ctrl |= WINBIND_KRB5_AUTH;
+ }
+
++ if (iniparser_getboolean(*d, CONST_DISCARD(char *, "global:silent"), False)) {
++ ctrl |= WINBIND_SILENT;
++ }
++
+ if (iniparser_getstr(*d, CONST_DISCARD(char *,"global:krb5_ccache_type")) != NULL) {
+ ctrl |= WINBIND_KRB5_CCACHE_TYPE;
+ }
+@@ -118,7 +158,7 @@ config_from_pam:
+ else if (!strcasecmp(*v, "cached_login"))
+ ctrl |= WINBIND_CACHED_LOGIN;
+ else {
+- _pam_log(LOG_ERR, "pam_parse: unknown option; %s", *v);
++ _pam_log(pamh, ctrl, LOG_ERR, "pam_parse: unknown option; %s", *v);
+ }
+
+ }
+@@ -229,14 +269,14 @@ static int pam_winbind_request(pam_handl
+ init_request(request, req_type);
+
+ if (write_sock(request, sizeof(*request), 0) == -1) {
+- _pam_log(LOG_ERR, "write to socket failed!");
++ _pam_log(pamh, ctrl, LOG_ERR, "pam_winbind_request: write to socket failed!");
+ close_sock();
+ return PAM_SERVICE_ERR;
+ }
+
+ /* Wait for reply */
+ if (read_reply(response) == -1) {
+- _pam_log(LOG_ERR, "read from socket failed!");
++ _pam_log(pamh, ctrl, LOG_ERR, "pam_winbind_request: read from socket failed!");
+ close_sock();
+ return PAM_SERVICE_ERR;
+ }
+@@ -247,14 +287,14 @@ static int pam_winbind_request(pam_handl
+ /* Copy reply data from socket */
+ if (response->result != WINBINDD_OK) {
+ if (response->data.auth.pam_error != PAM_SUCCESS) {
+- _pam_log(LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
++ _pam_log(pamh, ctrl, LOG_ERR, "request failed: %s, PAM error was %s (%d), NT error was %s",
+ response->data.auth.error_string,
+ pam_strerror(pamh, response->data.auth.pam_error),
+ response->data.auth.pam_error,
+ response->data.auth.nt_status_string);
+ return response->data.auth.pam_error;
+ } else {
+- _pam_log(LOG_ERR, "request failed, but PAM error 0!");
++ _pam_log(pamh, ctrl, LOG_ERR, "request failed, but PAM error 0!");
+ return PAM_SERVICE_ERR;
+ }
+ }
+@@ -262,7 +302,7 @@ static int pam_winbind_request(pam_handl
+ return PAM_SUCCESS;
+ }
+
+-static int pam_winbind_request_log(pam_handle_t * pamh,
++static int pam_winbind_request_log(pam_handle_t * pamh,
+ int ctrl,
+ enum winbindd_cmd req_type,
+ struct winbindd_request *request,
+@@ -276,23 +316,23 @@ static int pam_winbind_request_log(pam_h
+ switch (retval) {
+ case PAM_AUTH_ERR:
+ /* incorrect password */
+- _pam_log(LOG_WARNING, "user `%s' denied access (incorrect password or invalid membership)", user);
++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' denied access (incorrect password or invalid membership)", user);
+ return retval;
+ case PAM_ACCT_EXPIRED:
+ /* account expired */
+- _pam_log(LOG_WARNING, "user `%s' account expired", user);
++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' account expired", user);
+ return retval;
+ case PAM_AUTHTOK_EXPIRED:
+ /* password expired */
+- _pam_log(LOG_WARNING, "user `%s' password expired", user);
++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' password expired", user);
+ return retval;
+ case PAM_NEW_AUTHTOK_REQD:
+ /* new password required */
+- _pam_log(LOG_WARNING, "user `%s' new password required", user);
++ _pam_log(pamh, ctrl, LOG_WARNING, "user '%s' new password required", user);
+ return retval;
+ case PAM_USER_UNKNOWN:
+ /* the user does not exist */
+- _pam_log_debug(ctrl, LOG_NOTICE, "user `%s' not found", user);
++ _pam_log_debug(pamh, ctrl, LOG_NOTICE, "user '%s' not found", user);
+ if (ctrl & WINBIND_UNKNOWN_OK_ARG) {
+ return PAM_IGNORE;
+ }
+@@ -300,26 +340,26 @@ static int pam_winbind_request_log(pam_h
+ case PAM_SUCCESS:
+ if (req_type == WINBINDD_PAM_AUTH) {
+ /* Otherwise, the authentication looked good */
+- _pam_log(LOG_NOTICE, "user '%s' granted access", user);
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' granted access", user);
+ } else if (req_type == WINBINDD_PAM_CHAUTHTOK) {
+ /* Otherwise, the authentication looked good */
+- _pam_log(LOG_NOTICE, "user '%s' password changed", user);
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' password changed", user);
+ } else {
+ /* Otherwise, the authentication looked good */
+- _pam_log(LOG_NOTICE, "user '%s' OK", user);
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' OK", user);
+ }
+
+ return retval;
+ default:
+ /* we don't know anything about this return value */
+- _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s')",
++ _pam_log(pamh, ctrl, LOG_ERR, "internal module error (retval = %d, user = '%s')",
+ retval, user);
+ return retval;
+ }
+ }
+
+ /* talk to winbindd */
+-static int winbind_auth_request(pam_handle_t * pamh,
++static int winbind_auth_request(pam_handle_t * pamh,
+ int ctrl,
+ const char *user,
+ const char *pass,
+@@ -354,7 +394,7 @@ static int winbind_auth_request(pam_hand
+
+ struct passwd *pwd = NULL;
+
+- _pam_log_debug(ctrl, LOG_DEBUG, "enabling krb5 login flag\n");
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling krb5 login flag\n");
+
+ request.flags |= WBFLAG_PAM_KRB5 | WBFLAG_PAM_FALLBACK_AFTER_KRB5;
+
+@@ -366,14 +406,14 @@ static int winbind_auth_request(pam_hand
+ }
+
+ if (ctrl & WINBIND_CACHED_LOGIN) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "enabling cached login flag\n");
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling cached login flag\n");
+ request.flags |= WBFLAG_PAM_CACHED_LOGIN;
+ }
+
+ if (cctype != NULL) {
+ strncpy(request.data.auth.krb5_cc_type, cctype,
+ sizeof(request.data.auth.krb5_cc_type) - 1);
+- _pam_log_debug(ctrl, LOG_DEBUG, "enabling request for a %s krb5 ccache\n", cctype);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "enabling request for a %s krb5 ccache\n", cctype);
+ }
+
+ request.data.auth.require_membership_of_sid[0] = '\0';
+@@ -392,14 +432,14 @@ static int winbind_auth_request(pam_hand
+ ZERO_STRUCT(sid_request);
+ ZERO_STRUCT(sid_response);
+
+- _pam_log_debug(ctrl, LOG_DEBUG, "no sid given, looking up: %s\n", member);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "no sid given, looking up: %s\n", member);
+
+ /* fortunatly winbindd can handle non-separated names */
+ strncpy(sid_request.data.name.name, member,
+ sizeof(sid_request.data.name.name) - 1);
+
+ if (pam_winbind_request_log(pamh, ctrl, WINBINDD_LOOKUPNAME, &sid_request, &sid_response, user)) {
+- _pam_log(LOG_INFO, "could not lookup name: %s\n", member);
++ _pam_log(pamh, ctrl, LOG_INFO, "could not lookup name: %s\n", member);
+ return PAM_AUTH_ERR;
+ }
+
+@@ -420,14 +460,14 @@ static int winbind_auth_request(pam_hand
+
+ char var[PATH_MAX];
+
+- _pam_log_debug(ctrl, LOG_DEBUG, "request returned KRB5CCNAME: %s",
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "request returned KRB5CCNAME: %s",
+ response.data.auth.krb5ccname);
+
+ snprintf(var, sizeof(var), "KRB5CCNAME=%s", response.data.auth.krb5ccname);
+
+ ret = pam_putenv(pamh, var);
+ if (ret != PAM_SUCCESS) {
+- _pam_log(LOG_ERR, "failed to set KRB5CCNAME to %s", var);
++ _pam_log(pamh, ctrl, LOG_ERR, "failed to set KRB5CCNAME to %s", var);
+ return ret;
+ }
+ }
+@@ -457,7 +497,7 @@ static int winbind_auth_request(pam_hand
+
+ ret = PAM_AUTHTOK_EXPIRED;
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"Password has expired (Password was last set: %d, "
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,"Password has expired (Password was last set: %d, "
+ "the policy says it should expire here %d (now it's: %d)\n",
+ response.data.auth.info3.pass_last_set_time,
+ response.data.auth.info3.pass_last_set_time + response.data.auth.policy.expire,
+@@ -480,7 +520,7 @@ static int winbind_auth_request(pam_hand
+
+ if (response.data.auth.info3.user_flgs & LOGON_CACHED_ACCOUNT) {
+ _make_remark(pamh, PAM_ERROR_MSG, "Logging on using cached account. Network ressources can be unavailable");
+- _pam_log_debug(ctrl, LOG_DEBUG,"User %s logged on using cached account\n", user);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,"User %s logged on using cached account\n", user);
+ }
+
+ /* save the CIFS homedir for pam_cifs / pam_mount */
+@@ -490,7 +530,7 @@ static int winbind_auth_request(pam_hand
+ (void *) strdup(response.data.auth.info3.home_dir),
+ _pam_winbind_cleanup_func);
+ if (ret2) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s",
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s",
+ pam_strerror(pamh, ret2));
+ }
+
+@@ -503,7 +543,7 @@ static int winbind_auth_request(pam_hand
+ (void *) strdup(response.data.auth.info3.logon_script),
+ _pam_winbind_cleanup_func);
+ if (ret2) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "Could not set data: %s",
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "Could not set data: %s",
+ pam_strerror(pamh, ret2));
+ }
+ }
+@@ -589,7 +629,7 @@ static int winbind_chauthtok_request(pam
+ _make_remark(pamh, PAM_ERROR_MSG, "Password does not meet complexity requirements");
+ break;
+ default:
+- _pam_log_debug(ctrl, LOG_DEBUG,
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "unknown password change reject reason: %d",
+ response.data.auth.reject_reason);
+ break;
+@@ -620,7 +660,7 @@ static int winbind_chauthtok_request(pam
+ * 0 = OK
+ * -1 = System error
+ */
+-static int valid_user(const char *user, pam_handle_t *pamh, int ctrl)
++static int valid_user(pam_handle_t *pamh, int ctrl, const char *user)
+ {
+ /* check not only if the user is available over NSS calls, also make
+ * sure it's really a winbind user, this is important when stacking PAM
+@@ -698,7 +738,7 @@ static int _winbind_read_password(pam_ha
+ retval = pam_get_item(pamh, authtok_flag, (const void **) &item);
+ if (retval != PAM_SUCCESS) {
+ /* very strange. */
+- _pam_log(LOG_ALERT,
++ _pam_log(pamh, ctrl, LOG_ALERT,
+ "pam_get_item returned error to unix-read-password"
+ );
+ return retval;
+@@ -767,7 +807,7 @@ static int _winbind_read_password(pam_ha
+ }
+ }
+ } else {
+- _pam_log(LOG_NOTICE, "could not recover authentication token");
++ _pam_log(pamh, ctrl, LOG_NOTICE, "could not recover authentication token");
+ retval = PAM_AUTHTOK_RECOVER_ERR;
+ }
+
+@@ -786,7 +826,7 @@ static int _winbind_read_password(pam_ha
+ }
+
+ if (retval != PAM_SUCCESS) {
+- _pam_log_debug(ctrl, LOG_DEBUG,
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "unable to obtain a password");
+ return retval;
+ }
+@@ -799,7 +839,7 @@ static int _winbind_read_password(pam_ha
+ if (retval != PAM_SUCCESS ||
+ (retval = pam_get_item(pamh, authtok_flag, (const void **) &item)) != PAM_SUCCESS) {
+
+- _pam_log(LOG_CRIT, "error manipulating password");
++ _pam_log(pamh, ctrl, LOG_CRIT, "error manipulating password");
+ return retval;
+
+ }
+@@ -810,19 +850,20 @@ static int _winbind_read_password(pam_ha
+ return PAM_SUCCESS;
+ }
+
+-const char *get_conf_item_string(int argc,
++const char *get_conf_item_string(const pam_handle_t *pamh,
++ int argc,
+ const char **argv,
+ int ctrl,
+ dictionary *d,
+ const char *item,
+- int flag)
++ int config_flag)
+ {
+ int i = 0;
+ char *parm = NULL;
+ const char *parm_opt = NULL;
+ char *key = NULL;
+
+- if (!(ctrl & flag)) {
++ if (!(ctrl & config_flag)) {
+ goto out;
+ }
+
+@@ -846,36 +887,36 @@ const char *get_conf_item_string(int arg
+ parm = strdup(argv[i]);
+
+ if ( (p = strchr( parm, '=' )) == NULL) {
+- _pam_log(LOG_INFO, "no \"=\" delimiter for \"%s\" found\n", item);
++ _pam_log(pamh, ctrl, LOG_INFO, "no \"=\" delimiter for \"%s\" found\n", item);
+ goto out;
+ }
+ SAFE_FREE(parm);
+- _pam_log_debug(ctrl, LOG_INFO, "PAM config: %s '%s'\n", item, p+1);
++ _pam_log_debug(pamh, ctrl, LOG_INFO, "PAM config: %s '%s'\n", item, p+1);
+ return p + 1;
+ }
+ }
+
+ if (d != NULL) {
+- _pam_log_debug(ctrl, LOG_INFO, "CONFIG file: %s '%s'\n", item, parm_opt);
++ _pam_log_debug(pamh, ctrl, LOG_INFO, "CONFIG file: %s '%s'\n", item, parm_opt);
+ }
+ out:
+ SAFE_FREE(parm);
+ return parm_opt;
+ }
+
+-const char *get_krb5_cc_type_from_config(int argc, const char **argv, int ctrl, dictionary *d)
++const char *get_krb5_cc_type_from_config(const pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d)
+ {
+- return get_conf_item_string(argc, argv, ctrl, d, "krb5_ccache_type", WINBIND_KRB5_CCACHE_TYPE);
++ return get_conf_item_string(pamh, argc, argv, ctrl, d, "krb5_ccache_type", WINBIND_KRB5_CCACHE_TYPE);
+ }
+
+-const char *get_member_from_config(int argc, const char **argv, int ctrl, dictionary *d)
++const char *get_member_from_config(const pam_handle_t *pamh, int argc, const char **argv, int ctrl, dictionary *d)
+ {
+ const char *ret = NULL;
+- ret = get_conf_item_string(argc, argv, ctrl, d, "require_membership_of", WINBIND_REQUIRED_MEMBERSHIP);
++ ret = get_conf_item_string(pamh, argc, argv, ctrl, d, "require_membership_of", WINBIND_REQUIRED_MEMBERSHIP);
+ if (ret) {
+ return ret;
+ }
+- return get_conf_item_string(argc, argv, ctrl, d, "require-membership-of", WINBIND_REQUIRED_MEMBERSHIP);
++ return get_conf_item_string(pamh, argc, argv, ctrl, d, "require-membership-of", WINBIND_REQUIRED_MEMBERSHIP);
+ }
+
+ PAM_EXTERN
+@@ -890,18 +931,18 @@ int pam_sm_authenticate(pam_handle_t *pa
+ dictionary *d;
+
+ /* parse arguments */
+- int ctrl = _pam_parse(argc, argv, &d);
++ int ctrl = _pam_parse(pamh, flags, argc, argv, &d);
+ if (ctrl == -1) {
+ retval = PAM_SYSTEM_ERR;
+ goto out;
+ }
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_authenticate (flags: 0x%04x)", flags);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_authenticate (flags: 0x%04x)", flags);
+
+ /* Get the username */
+ retval = pam_get_user(pamh, &username, NULL);
+ if ((retval != PAM_SUCCESS) || (!username)) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "can not get the username");
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "can not get the username");
+ retval = PAM_SERVICE_ERR;
+ goto out;
+ }
+@@ -911,7 +952,7 @@ int pam_sm_authenticate(pam_handle_t *pa
+ &password);
+
+ if (retval != PAM_SUCCESS) {
+- _pam_log(LOG_ERR, "Could not retrieve user's password");
++ _pam_log(pamh, ctrl, LOG_ERR, "Could not retrieve user's password");
+ retval = PAM_AUTHTOK_ERR;
+ goto out;
+ }
+@@ -919,15 +960,15 @@ int pam_sm_authenticate(pam_handle_t *pa
+ /* Let's not give too much away in the log file */
+
+ #ifdef DEBUG_PASSWORD
+- _pam_log_debug(ctrl, LOG_INFO, "Verify user `%s' with password `%s'",
++ _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s' with password '%s'",
+ username, password);
+ #else
+- _pam_log_debug(ctrl, LOG_INFO, "Verify user `%s'", username);
++ _pam_log_debug(pamh, ctrl, LOG_INFO, "Verify user '%s'", username);
+ #endif
+
+- member = get_member_from_config(argc, argv, ctrl, d);
++ member = get_member_from_config(pamh, argc, argv, ctrl, d);
+
+- cctype = get_krb5_cc_type_from_config(argc, argv, ctrl, d);
++ cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d);
+
+ /* Now use the username to look up password */
+ retval = winbind_auth_request(pamh, ctrl, username, password, member, cctype, True, NULL);
+@@ -960,12 +1001,12 @@ int pam_sm_setcred(pam_handle_t *pamh, i
+ int argc, const char **argv)
+ {
+ /* parse arguments */
+- int ctrl = _pam_parse(argc, argv, NULL);
++ int ctrl = _pam_parse(pamh, flags, argc, argv, NULL);
+ if (ctrl == -1) {
+ return PAM_SYSTEM_ERR;
+ }
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_setcred (flags: 0x%04x)", flags);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_setcred (flags: 0x%04x)", flags);
+
+ if (flags & PAM_DELETE_CRED) {
+ return pam_sm_close_session(pamh, flags, argc, argv);
+@@ -987,30 +1028,30 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh,
+ void *tmp = NULL;
+
+ /* parse arguments */
+- int ctrl = _pam_parse(argc, argv, NULL);
++ int ctrl = _pam_parse(pamh, flags, argc, argv, NULL);
+ if (ctrl == -1) {
+ return PAM_SYSTEM_ERR;
+ }
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_acct_mgmt (flags: 0x%04x)", flags);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_acct_mgmt (flags: 0x%04x)", flags);
+
+
+ /* Get the username */
+ retval = pam_get_user(pamh, &username, NULL);
+ if ((retval != PAM_SUCCESS) || (!username)) {
+- _pam_log_debug(ctrl, LOG_DEBUG,"can not get the username");
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,"can not get the username");
+ return PAM_SERVICE_ERR;
+ }
+
+ /* Verify the username */
+- retval = valid_user(username, pamh, ctrl);
++ retval = valid_user(pamh, ctrl, username);
+ switch (retval) {
+ case -1:
+ /* some sort of system error. The log was already printed */
+ return PAM_SERVICE_ERR;
+ case 1:
+ /* the user does not exist */
+- _pam_log_debug(ctrl, LOG_NOTICE, "user `%s' not found", username);
++ _pam_log_debug(pamh, ctrl, LOG_NOTICE, "user '%s' not found", username);
+ if (ctrl & WINBIND_UNKNOWN_OK_ARG) {
+ return PAM_IGNORE;
+ }
+@@ -1023,24 +1064,24 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh,
+ case PAM_AUTHTOK_EXPIRED:
+ /* fall through, since new token is required in this case */
+ case PAM_NEW_AUTHTOK_REQD:
+- _pam_log(LOG_WARNING, "pam_sm_acct_mgmt success but %s is set",
++ _pam_log(pamh, ctrl, LOG_WARNING, "pam_sm_acct_mgmt success but %s is set",
+ PAM_WINBIND_NEW_AUTHTOK_REQD);
+- _pam_log(LOG_NOTICE, "user '%s' needs new password", username);
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' needs new password", username);
+ /* PAM_AUTHTOKEN_REQD does not exist, but is documented in the manpage */
+ return PAM_NEW_AUTHTOK_REQD;
+ default:
+- _pam_log(LOG_WARNING, "pam_sm_acct_mgmt success");
+- _pam_log(LOG_NOTICE, "user '%s' granted access", username);
++ _pam_log(pamh, ctrl, LOG_WARNING, "pam_sm_acct_mgmt success");
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' granted access", username);
+ return PAM_SUCCESS;
+ }
+ }
+
+ /* Otherwise, the authentication looked good */
+- _pam_log(LOG_NOTICE, "user '%s' granted access", username);
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user '%s' granted access", username);
+ return PAM_SUCCESS;
+ default:
+ /* we don't know anything about this return value */
+- _pam_log(LOG_ERR, "internal module error (retval = %d, user = `%s')",
++ _pam_log(pamh, ctrl, LOG_ERR, "internal module error (retval = %d, user = '%s')",
+ retval, username);
+ return PAM_SERVICE_ERR;
+ }
+@@ -1054,12 +1095,12 @@ int pam_sm_open_session(pam_handle_t *pa
+ int argc, const char **argv)
+ {
+ /* parse arguments */
+- int ctrl = _pam_parse(argc, argv, NULL);
++ int ctrl = _pam_parse(pamh, flags, argc, argv, NULL);
+ if (ctrl == -1) {
+ return PAM_SYSTEM_ERR;
+ }
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_open_session handler (flags: 0x%04x)", flags);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_open_session handler (flags: 0x%04x)", flags);
+
+ return PAM_SUCCESS;
+ }
+@@ -1072,13 +1113,13 @@ int pam_sm_close_session(pam_handle_t *p
+ int retval = PAM_SUCCESS;
+
+ /* parse arguments */
+- int ctrl = _pam_parse(argc, argv, &d);
++ int ctrl = _pam_parse(pamh, flags, argc, argv, &d);
+ if (ctrl == -1) {
+ retval = PAM_SYSTEM_ERR;
+ goto out;
+ }
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_close_session handler (flags: 0x%04x)", flags);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_close_session handler (flags: 0x%04x)", flags);
+
+ if (!(flags & PAM_DELETE_CRED)) {
+ retval = PAM_SUCCESS;
+@@ -1100,21 +1141,21 @@ int pam_sm_close_session(pam_handle_t *p
+ retval = pam_get_user(pamh, &user, "Username: ");
+ if (retval == PAM_SUCCESS) {
+ if (user == NULL) {
+- _pam_log(LOG_ERR, "username was NULL!");
++ _pam_log(pamh, ctrl, LOG_ERR, "username was NULL!");
+ retval = PAM_USER_UNKNOWN;
+ goto out;
+ }
+ if (retval == PAM_SUCCESS) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "username [%s] obtained", user);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "username [%s] obtained", user);
+ }
+ } else {
+- _pam_log_debug(ctrl, LOG_DEBUG, "could not identify user");
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "could not identify user");
+ goto out;
+ }
+
+ ccname = pam_getenv(pamh, "KRB5CCNAME");
+ if (ccname == NULL) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment");
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "user has no KRB5CCNAME environment");
+ retval = PAM_SUCCESS;
+ goto out;
+ }
+@@ -1164,13 +1205,13 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ int retry = 0;
+ dictionary *d;
+
+- ctrl = _pam_parse(argc, argv, &d);
++ ctrl = _pam_parse(pamh, flags, argc, argv, &d);
+ if (ctrl == -1) {
+ retval = PAM_SYSTEM_ERR;
+ goto out;
+ }
+
+- _pam_log_debug(ctrl, LOG_DEBUG,"pam_winbind: pam_sm_chauthtok (flags: 0x%04x)", flags);
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "pam_winbind: pam_sm_chauthtok (flags: 0x%04x)", flags);
+
+ /* clearing offline bit for the auth in the password change */
+ ctrl &= ~WINBIND_CACHED_LOGIN;
+@@ -1181,22 +1222,22 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ retval = pam_get_user(pamh, &user, "Username: ");
+ if (retval == PAM_SUCCESS) {
+ if (user == NULL) {
+- _pam_log(LOG_ERR, "username was NULL!");
++ _pam_log(pamh, ctrl, LOG_ERR, "username was NULL!");
+ retval = PAM_USER_UNKNOWN;
+ goto out;
+ }
+ if (retval == PAM_SUCCESS) {
+- _pam_log_debug(ctrl, LOG_DEBUG, "username [%s] obtained",
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG, "username [%s] obtained",
+ user);
+ }
+ } else {
+- _pam_log_debug(ctrl, LOG_DEBUG,
++ _pam_log_debug(pamh, ctrl, LOG_DEBUG,
+ "password - could not identify user");
+ goto out;
+ }
+
+ /* check if this is really a user in winbindd, not only in NSS */
+- retval = valid_user(user, pamh, ctrl);
++ retval = valid_user(pamh, ctrl, user);
+ switch (retval) {
+ case 1:
+ retval = PAM_USER_UNKNOWN;
+@@ -1221,7 +1262,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ #define greeting "Changing password for "
+ Announce = (char *) malloc(sizeof(greeting) + strlen(user));
+ if (Announce == NULL) {
+- _pam_log(LOG_CRIT, "password - out of memory");
++ _pam_log(pamh, ctrl, LOG_CRIT, "password - out of memory");
+ retval = PAM_BUF_ERR;
+ goto out;
+ }
+@@ -1236,7 +1277,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ NULL,
+ (const char **) &pass_old);
+ if (retval != PAM_SUCCESS) {
+- _pam_log(LOG_NOTICE, "password - (old) token not obtained");
++ _pam_log(pamh, ctrl, LOG_NOTICE, "password - (old) token not obtained");
+ goto out;
+ }
+ /* verify that this is the password for this user */
+@@ -1256,7 +1297,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ retval = pam_set_item(pamh, PAM_OLDAUTHTOK, (const void *) pass_old);
+ pass_old = NULL;
+ if (retval != PAM_SUCCESS) {
+- _pam_log(LOG_CRIT, "failed to set PAM_OLDAUTHTOK");
++ _pam_log(pamh, ctrl, LOG_CRIT, "failed to set PAM_OLDAUTHTOK");
+ }
+ } else if (flags & PAM_UPDATE_AUTHTOK) {
+
+@@ -1274,7 +1315,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ (const void **) &pass_old);
+
+ if (retval != PAM_SUCCESS) {
+- _pam_log(LOG_NOTICE, "user not authenticated");
++ _pam_log(pamh, ctrl, LOG_NOTICE, "user not authenticated");
+ goto out;
+ }
+
+@@ -1298,7 +1339,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+ (const char **) &pass_new);
+
+ if (retval != PAM_SUCCESS) {
+- _pam_log_debug(ctrl, LOG_ALERT
++ _pam_log_debug(pamh, ctrl, LOG_ALERT
+ ,"password - new password not obtained");
+ pass_old = NULL;/* tidy up */
+ goto out;
+@@ -1333,8 +1374,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh
+
+ if (ctrl & WINBIND_KRB5_AUTH) {
+
+- const char *member = get_member_from_config(argc, argv, ctrl, d);
+- const char *cctype = get_krb5_cc_type_from_config(argc, argv, ctrl, d);
++ const char *member = get_member_from_config(pamh, argc, argv, ctrl, d);
++ const char *cctype = get_krb5_cc_type_from_config(pamh, argc, argv, ctrl, d);
+
+ retval = winbind_auth_request(pamh, ctrl, user, pass_new, member, cctype, False, NULL);
+ _pam_overwrite(pass_new);
+Index: source/nsswitch/pam_winbind.h
+===================================================================
+--- source/nsswitch/pam_winbind.h.orig
++++ source/nsswitch/pam_winbind.h
+@@ -43,7 +43,7 @@
+ #define PAM_AUTHTOK_RECOVER_ERR PAM_AUTHTOK_RECOVERY_ERR
+ #endif
+
+-#endif
++#endif /* defined(SUNOS5) || defined(SUNOS4) || defined(HPUX) || defined(FREEBSD) || defined(AIX) */
+
+ #ifdef HAVE_SECURITY_PAM_MODULES_H
+ #include