[SCM] Samba Shared Repository - branch v3-3-test updated

Karolin Seeger kseeger at samba.org
Thu Oct 8 07:23:15 MDT 2009


The branch, v3-3-test has been updated
       via  6c4fe10... WHATSNEW: Add more coherent explanation for bug #6680.
       via  baa2c10... s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.
      from  113e33c... WHATSNEW: List major enhancements.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit 6c4fe1086020d7bc278d84c56b6cbcc6e3a64b5d
Author: Karolin Seeger <kseeger at samba.org>
Date:   Thu Oct 8 15:21:00 2009 +0200

    WHATSNEW: Add more coherent explanation for bug #6680.
    
    Karolin

commit baa2c10b11a960dd70b3d32b4868a303d85ca9b2
Author: Günther Deschner <gd at samba.org>
Date:   Thu Oct 8 15:16:25 2009 +0200

    s3-pamsmbpass: copy _pam_get_item and _pam_get_data from pam_winbind.
    
    Fix bug #6790.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                        |    4 +-
 source/pam_smbpass/pam_smb_auth.c   |    4 +-
 source/pam_smbpass/pam_smb_passwd.c |    8 +++---
 source/pam_smbpass/support.c        |   38 ++++++++++++++++++++++++++--------
 source/pam_smbpass/support.h        |    7 ++++++
 source/utils/net_rpc.c              |    6 ++--
 6 files changed, 47 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c68b2c2..81a325c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -9,6 +9,7 @@ This is the latest bugfix release of the Samba 3.3 series.
 Major enhancements in Samba 3.3.9 include:
 
    o Fix trust relationships to windows 2008 (2008 r2) (bug #6711).
+   o Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680).
    o Fix SAMR server for Winbind access (bug #6504).
 
 
@@ -33,8 +34,7 @@ o   Yannick Bergeron <burgergold at hotmail.com>
 
 
 o   Günther Deschner <gd at samba.org>
-    * BUG 6680: Always activate handling of large (> 256 byte) ntlmv2 blobs
-      in wbcAuthenticateUserEx().
+    * BUG 6680: Fix Windows 7 share access (which defaults to NTLMv2).
     * BUG 6697: Fix interdomain trusts with Windows 2008 R2 DCs.
     * BUG 6700: Use DNS domain name when needing to guess server principal.
     * BUG 6711: Fix trust relationships to windows 2008 (2008 r2).
diff --git a/source/pam_smbpass/pam_smb_auth.c b/source/pam_smbpass/pam_smb_auth.c
index 3dceb52..b5a6a47 100644
--- a/source/pam_smbpass/pam_smb_auth.c
+++ b/source/pam_smbpass/pam_smb_auth.c
@@ -179,7 +179,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags,
 
 	retval = PAM_SUCCESS;
 
-	pam_get_data(pamh, "smb_setcred_return", (const void **) &pretval);
+	_pam_get_data(pamh, "smb_setcred_return", &pretval);
 	if(pretval) {
 		retval = *pretval;
 		SAFE_FREE(pretval);
@@ -199,7 +199,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
 	int retval;
 
 	/* Get the authtok; if we don't have one, silently fail. */
-	retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
+	retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass );
 
 	if (retval != PAM_SUCCESS) {
 		_log_err( LOG_ALERT
diff --git a/source/pam_smbpass/pam_smb_passwd.c b/source/pam_smbpass/pam_smb_passwd.c
index b6de43f..dce6e01 100644
--- a/source/pam_smbpass/pam_smb_passwd.c
+++ b/source/pam_smbpass/pam_smb_passwd.c
@@ -229,11 +229,11 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
          */
 
         if (off( SMB_NOT_SET_PASS, ctrl )) {
-            retval = pam_get_item( pamh, PAM_OLDAUTHTOK,
-                                   (const void **)&pass_old );
+            retval = _pam_get_item( pamh, PAM_OLDAUTHTOK,
+                                   &pass_old );
         } else {
-            retval = pam_get_data( pamh, _SMB_OLD_AUTHTOK,
-                                   (const void **)&pass_old );
+            retval = _pam_get_data( pamh, _SMB_OLD_AUTHTOK,
+                                   &pass_old );
             if (retval == PAM_NO_MODULE_DATA) {
 		pass_old = NULL;
                 retval = PAM_SUCCESS;
diff --git a/source/pam_smbpass/support.c b/source/pam_smbpass/support.c
index 8f537c4..7dcdaba 100644
--- a/source/pam_smbpass/support.c
+++ b/source/pam_smbpass/support.c
@@ -83,7 +83,7 @@ int converse( pam_handle_t * pamh, int ctrl, int nargs
 	int retval;
 	struct pam_conv *conv;
 
-	retval = pam_get_item(pamh, PAM_CONV, (const void **) &conv);
+	retval = _pam_get_item(pamh, PAM_CONV, &conv);
 	if (retval == PAM_SUCCESS) {
 
 		retval = conv->conv(nargs, (const struct pam_message **) message
@@ -276,7 +276,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
 
             /* log the number of authentication failures */
             if (failure->count != 0) {
-                pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
+                _pam_get_item( pamh, PAM_SERVICE, &service );
                 _log_err( LOG_NOTICE
                           , "%d authentication %s "
                             "from %s for service %s as %s(%d)"
@@ -332,7 +332,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
         } else {
             const char *service;
 
-            pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+            _pam_get_item( pamh, PAM_SERVICE, &service );
             _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()), service ? service : "**unknown**", name);
             return PAM_AUTH_ERR;
@@ -367,7 +367,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
 
         const char *service;
 
-        pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
+        _pam_get_item( pamh, PAM_SERVICE, &service );
 
         if (data_name != NULL) {
             struct _pam_failed_auth *newauth = NULL;
@@ -380,7 +380,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
             if (newauth != NULL) {
 
                 /* any previous failures for this user ? */
-                pam_get_data(pamh, data_name, (const void **) &old);
+                _pam_get_data(pamh, data_name, &old);
 
                 if (old != NULL) {
                     newauth->count = old->count + 1;
@@ -485,7 +485,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
     /* should we obtain the password from a PAM item ? */
 
     if (on(SMB_TRY_FIRST_PASS, ctrl) || on(SMB_USE_FIRST_PASS, ctrl)) {
-        retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
+        retval = _pam_get_item( pamh, authtok_flag, &item );
         if (retval != PAM_SUCCESS) {
             /* very strange. */
             _log_err( LOG_ALERT
@@ -578,8 +578,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
         retval = pam_set_item( pamh, authtok_flag, (const void *)token );
         _pam_delete( token );		/* clean it up */
         if (retval != PAM_SUCCESS
-            || (retval = pam_get_item( pamh, authtok_flag
-                            ,(const void **)&item )) != PAM_SUCCESS)
+            || (retval = _pam_get_item( pamh, authtok_flag
+                            ,&item )) != PAM_SUCCESS)
         {
             _log_err( LOG_CRIT, "error manipulating password" );
             return retval;
@@ -592,7 +592,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl,
 
         retval = pam_set_data( pamh, data_name, (void *) token, _cleanup );
         if (retval != PAM_SUCCESS
-            || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
+            || (retval = _pam_get_data( pamh, data_name, &item ))
                              != PAM_SUCCESS)
         {
             _log_err( LOG_CRIT, "error manipulating password data [%s]"
@@ -630,3 +630,23 @@ int _pam_smb_approve_pass(pam_handle_t * pamh,
 
     return PAM_SUCCESS;
 }
+
+/*
+ * Work around the pam API that has functions with void ** as parameters
+ * These lead to strict aliasing warnings with gcc.
+ */
+int _pam_get_item(const pam_handle_t *pamh,
+		  int item_type,
+		  const void *_item)
+{
+	const void **item = (const void **)_item;
+	return pam_get_item(pamh, item_type, item);
+}
+
+int _pam_get_data(const pam_handle_t *pamh,
+		  const char *module_data_name,
+		  const void *_data)
+{
+	const void **data = (const void **)_data;
+	return pam_get_data(pamh, module_data_name, data);
+}
diff --git a/source/pam_smbpass/support.h b/source/pam_smbpass/support.h
index 5ac48c3..87f1690 100644
--- a/source/pam_smbpass/support.h
+++ b/source/pam_smbpass/support.h
@@ -48,3 +48,10 @@ extern int _smb_read_password( pam_handle_t *, unsigned int, const char*,
 
 extern int _pam_smb_approve_pass(pam_handle_t *, unsigned int, const char *,
 				 const char *);
+
+int _pam_get_item(const pam_handle_t *pamh,
+		  int item_type,
+		  const void *_item);
+int _pam_get_data(const pam_handle_t *pamh,
+		  const char *module_data_name,
+		  const void *_data);
diff --git a/source/utils/net_rpc.c b/source/utils/net_rpc.c
index 60de1cb..d90aac1 100644
--- a/source/utils/net_rpc.c
+++ b/source/utils/net_rpc.c
@@ -798,7 +798,7 @@ static int rpc_user_info(struct net_context *c, int argc, const char **argv)
 	status = NetUserGetGroups(c->opt_host,
 				  argv[0],
 				  0,
-				  (uint8_t **)&u0,
+				  (uint8_t **)(void *)&u0,
 				  (uint32_t)-1,
 				  &entries_read,
 				  &total_entries);
@@ -2998,7 +2998,7 @@ static int rpc_share_list(struct net_context *c, int argc, const char **argv)
 
 	status = NetShareEnum(c->opt_host,
 			      level,
-			      (uint8_t **)&i1,
+			      (uint8_t **)(void *)&i1,
 			      (uint32_t)-1,
 			      &entries_read,
 			      &total_entries,
@@ -4774,7 +4774,7 @@ static int rpc_file_user(struct net_context *c, int argc, const char **argv)
 			     NULL,
 			     username,
 			     3,
-			     (uint8_t **)&i3,
+			     (uint8_t **)(void *)&i3,
 			     preferred_len,
 			     &entries_read,
 			     &total_entries,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list