[SCM] Samba Shared Repository - branch master updated

[Ralph Böhme]

The branch, master has been updated
   via  b680cee selftest: tests idmap mapping with idmap_rid
   via  ef10b43 selftest: new environment "ad_member_idmap_rid"
   via  9671811 winbindd: remove unused single_domains array
   via  a684df1 winbindd: use correct domain name for failed lookupsids
   via  d8fd56a selftest: fix for wbinfo -s tests for wellknown SIDs
   via  167bb5e winbindd: explicit check for well-known SIDs in 
wb_lookupsids_bulk()
  from  415d61e idmap_ldap: Fix CID 1404836 Dereference before null check

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit b680ceebf85b2403758a0f9e931f1211e9b80e8d
Author: Ralph Boehme 
Date:   Wed Apr 5 13:27:51 2017 +0200

selftest: tests idmap mapping with idmap_rid

This adds two blackbox tests that run wbinfo --sids-to-unix-ids:

o a non-existing SID from the primary domain should return a mapping

o a SID with a bogus (and therefor unknown) domain must not return a mapping

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Fri Apr  7 00:05:02 CEST 2017 on sn-devel-144

commit ef10b43469f5b31a696259a70b3e116a350bfd3d
Author: Ralph Boehme 
Date:   Wed Apr 5 13:27:14 2017 +0200

selftest: new environment "ad_member_idmap_rid"

This uses idmap_rid for the primary domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

commit 9671811da8ad3f91ba7bb0fa868f806bc5afe863
Author: Ralph Boehme 
Date:   Tue Apr 4 14:23:03 2017 +0200

winbindd: remove unused single_domains array

This was added as part of 9be918116e356c358ef77cc2933e471090088293, but
is not needed anymore as the previous commit changed the logic.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Ralph Boehme 
Signed-off-by: Stefan Metzmacher 

commit a684df160e692710e011c4eb6795a66772025c23
Author: Ralph Boehme 
Date:   Tue Apr 4 14:21:25 2017 +0200

winbindd: use correct domain name for failed lookupsids

What we want here is, for failed lookupsids, pass the domain name of the
SID we were trying to lookup to the idmap backend.

But as a domain member, using

  state->single_domains[state->single_sids_done]

for this purpose will always be use our primary domain name (for S-1-5-21
SIDs that are not in our local SAM).

So for now use find_domain_from_sid_noinit() to find the domain from the
domain list. This can be removed when we switch idmap backend
determination to be based on domain SIDs, not names.

Pair-Programmed-With: Stefan Metzmacher 

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme 
Signed-off-by: Stefan Metzmacher 

commit d8fd56a8244a3010469c27eaa3b73a2c5fbbc41f
Author: Ralph Boehme 
Date:   Fri Mar 31 16:06:18 2017 +0200

selftest: fix for wbinfo -s tests for wellknown SIDs

Rework while loop to not use a pipe as that uses a subshell for the loop
which means assigning to the variable failed is not visible in the
main script.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

commit 167bb5ead8c7193d173fdba8a453279d422fa7ea
Author: Ralph Boehme 
Date:   Sun Apr 2 13:42:45 2017 +0200

winbindd: explicit check for well-known SIDs in wb_lookupsids_bulk()

Those are implicitly already catched by the

  if (sid->num_auths != 5)

check, but I'd like to make the desired behaviour more obvious.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 nsswitch/tests/test_idmap_rid.sh | 66 ++
 nsswitch/tests/test_wbinfo.sh| 13 --
 selftest/target/Samba.pm |  1 +
 selftest/target/Samba3.pm| 88 
 selftest/target/Samba4.pm|  6 +++
 source3/selftest/tests.py|  4 +-
 source3/winbindd/wb_lookupsids.c | 21 --
 7 files changed, 181 insertions(+), 18 deletions(-)
 create mode 100755 nsswitch/tests/test_idmap_rid.sh


Changeset 

autobuild[sn-devel-144]: intermittent test failure detected

[autobuild]

The autobuild test system (on sn-devel-144) has detected an intermittent 
failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey.sn-devel-144/2017-04-06-2117/flakey.log

The samba build logs are available here:

   
http://git.samba.org/autobuild.flakey.sn-devel-144/2017-04-06-2117/samba.stderr
   
http://git.samba.org/autobuild.flakey.sn-devel-144/2017-04-06-2117/samba.stdout
  
The top commit at the time of the failure was:

commit e69aa55c5dae0722e78fc67716c04dec2bec1c46
Author: Stefan Metzmacher 
Date:   Tue Apr 4 09:24:11 2017 +0200

winbindd: let WBFLAG_PAM_GET_PWD_POLICY only fake the password policy

As WBFLAG_PAM_GET_PWD_POLICY is only kept for legacy external callers
of libwbclient, we should avoid having the complexity to do additional
network roundtrips to our domain, while we still can't garantee that
the returned password policy actually represents the reality for
the current authentication.

Instead we're calculating r->data.auth.policy.expire and
r->data.auth.policy.min_passwordage based on the effective
{last,allow,force}_password_change values.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Christof Schmitt 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Thu Apr  6 14:03:09 CEST 2017 on sn-devel-144

[SCM] Samba Shared Repository - branch master updated

[David Disseldorp]

The branch, master has been updated
   via  415d61e idmap_ldap: Fix CID 1404836 Dereference before null check
   via  7f714a4 ctdb-docs: Fix documentation of -n option to ctdb tool
  from  e69aa55 winbindd: let WBFLAG_PAM_GET_PWD_POLICY only fake the 
password policy

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 415d61eebbfe22a243bc14c089b01054373cdf7e
Author: Volker Lendecke 
Date:   Thu Apr 6 11:35:23 2017 +0200

idmap_ldap: Fix CID 1404836 Dereference before null check

Signed-off-by: Volker Lendecke 
Reviewed-by: David Disseldorp 

Autobuild-User(master): David Disseldorp 
Autobuild-Date(master): Thu Apr  6 19:31:25 CEST 2017 on sn-devel-144

commit 7f714a436250dfeaa1970f78090ef066482711f0
Author: Amitay Isaacs 
Date:   Thu Apr 6 12:20:21 2017 +1000

ctdb-docs: Fix documentation of -n option to ctdb tool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12733

Signed-off-by: Amitay Isaacs 
Reviewed-by: David Disseldorp 

---

Summary of changes:
 ctdb/doc/ctdb.1.xml   |  4 ++--
 source3/winbindd/idmap_ldap.c | 11 +--
 2 files changed, 3 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/doc/ctdb.1.xml b/ctdb/doc/ctdb.1.xml
index 6a0e6ea..ceab2d3 100644
--- a/ctdb/doc/ctdb.1.xml
+++ b/ctdb/doc/ctdb.1.xml
@@ -123,10 +123,10 @@
 OPTIONS
 
 
-  -n PNN-LIST
+  -n PNN
   

- The nodes specified by PNN-LIST should be queried for the
+ The node specified by PNN should be queried for the
  requested information.  Default is to query the daemon
  running on the local host.

diff --git a/source3/winbindd/idmap_ldap.c b/source3/winbindd/idmap_ldap.c
index 041152c..7545061 100644
--- a/source3/winbindd/idmap_ldap.c
+++ b/source3/winbindd/idmap_ldap.c
@@ -78,16 +78,7 @@ static NTSTATUS get_credentials( TALLOC_CTX *mem_ctx,
tmp = idmap_config_const_string(dom->name, "ldap_user_dn", NULL);
 
if ( tmp ) {
-   if (!dom) {
-   DEBUG(0, ("get_credentials: Invalid domain 'NULL' "
- "encountered for user DN %s\n",
- tmp));
-   ret = NT_STATUS_UNSUCCESSFUL;
-   goto done;
-   } else {
-   secret = idmap_fetch_secret("ldap", dom->name, tmp);
-   }
-
+   secret = idmap_fetch_secret("ldap", dom->name, tmp);
if (!secret) {
DEBUG(0, ("get_credentials: Unable to fetch "
  "auth credentials for %s in %s\n",


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  e69aa55 winbindd: let WBFLAG_PAM_GET_PWD_POLICY only fake the 
password policy
   via  fba7ed9 pam_winbind: no longer use wbcUserPasswordPolicyInfo when 
authenticating
  from  5ee494c tests dsdb: load paramaters from test environment

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit e69aa55c5dae0722e78fc67716c04dec2bec1c46
Author: Stefan Metzmacher 
Date:   Tue Apr 4 09:24:11 2017 +0200

winbindd: let WBFLAG_PAM_GET_PWD_POLICY only fake the password policy

As WBFLAG_PAM_GET_PWD_POLICY is only kept for legacy external callers
of libwbclient, we should avoid having the complexity to do additional
network roundtrips to our domain, while we still can't garantee that
the returned password policy actually represents the reality for
the current authentication.

Instead we're calculating r->data.auth.policy.expire and
r->data.auth.policy.min_passwordage based on the effective
{last,allow,force}_password_change values.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Christof Schmitt 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Thu Apr  6 14:03:09 CEST 2017 on sn-devel-144

commit fba7ed9a3fa6fcb2d90d1271ae81ec11b554bd2d
Author: Stefan Metzmacher 
Date:   Mon Apr 3 00:19:25 2017 +0200

pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating

The expiry time for the specific user comes from
info->pass_must_change_time and nothing else.

The authenticating DC knows which password policy applies
to the user, that's nothing the client can do, as
domain trusts and fine-grained password policies makes
this a very complex task.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Christof Schmitt 

---

Summary of changes:
 nsswitch/pam_winbind.c  | 58 +---
 source3/winbindd/winbindd_pam.c | 59 ++---
 2 files changed, 49 insertions(+), 68 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 746b157..4ae6464 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1004,7 +1004,6 @@ static bool _pam_send_password_expiry_message(struct 
pwb_context *ctx,
 
 static void _pam_warn_password_expiry(struct pwb_context *ctx,
  const struct wbcAuthUserInfo *info,
- const struct wbcUserPasswordPolicyInfo 
*policy,
  int warn_pwd_expire,
  bool *already_expired,
  bool *change_pwd)
@@ -1012,7 +1011,7 @@ static void _pam_warn_password_expiry(struct pwb_context 
*ctx,
time_t now = time(NULL);
time_t next_change = 0;
 
-   if (!info || !policy) {
+   if (info == NULL) {
return;
}
 
@@ -1044,23 +1043,6 @@ static void _pam_warn_password_expiry(struct pwb_context 
*ctx,
return;
}
 
-   /* now check for the global password policy */
-   /* good catch from Ralf Haferkamp: an expiry of "never" is translated
-* to -1 */
-   if ((policy->expire == (int64_t)-1) ||
-   (policy->expire == 0)) {
-   return;
-   }
-
-   next_change = info->pass_last_set_time + policy->expire;
-
-   if (_pam_send_password_expiry_message(ctx, next_change, now,
- warn_pwd_expire,
- already_expired,
- change_pwd)) {
-   return;
-   }
-
/* no warning sent */
 }
 
@@ -1696,23 +1678,17 @@ static int winbind_auth_request(struct pwb_context *ctx,
const int warn_pwd_expire,
struct wbcAuthErrorInfo **p_error,
struct wbcLogonUserInfo **p_info,
-   struct wbcUserPasswordPolicyInfo **p_policy,
time_t *pwd_last_set,
char **user_ret)
 {
wbcErr wbc_status;
-
struct wbcLogonUserParams logon;
char membership_of[1024];
uid_t user_uid = -1;
-   uint32_t flags = WBFLAG_PAM_INFO3_TEXT |
-WBFLAG_PAM_GET_PWD_POLICY;
-
+   uint32_t flags = WBFLAG_PAM_INFO3_TEXT;
struct wbcLogonUserInfo *info = NULL;
struct wbcAuthUserInfo *user_info = NULL;
struct wbcAuthErrorInfo *error = NULL;
-   

[SCM] pam wrapper repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  bb04070 Bump version to 1.0.3
   via  48c7b4e doc: Document PAM_WRAPPER_USE_SYSLOG variable
   via  9411daf pwrap: Do not log to syslog by default but use our logging
   via  22a4fbf pwrap: Do an early return in pwrap_vlog if log level 
doesn't match
   via  e7d8276 pwrap: Add pwrap_vlog() functions
   via  09fcd1e pwrap: Remove useless break
  from  91227b3 libpamtest: Do not declare variable in for-loop

https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master


- Log -
commit bb0407078c357cb0476e49b634faf4fd086f1d12
Author: Andreas Schneider 
Date:   Thu Apr 6 09:55:29 2017 +0200

Bump version to 1.0.3

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 48c7b4e13450930cf479334e0ab6e432fca08a7e
Author: Andreas Schneider 
Date:   Thu Apr 6 11:51:32 2017 +0200

doc: Document PAM_WRAPPER_USE_SYSLOG variable

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 9411daf54d6f2492508fba10e08260779faf1cc9
Author: Andreas Schneider 
Date:   Thu Apr 6 11:47:37 2017 +0200

pwrap: Do not log to syslog by default but use our logging

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 22a4fbf90a8c9b34b893bec2890c0590ddd4cb61
Author: Andreas Schneider 
Date:   Thu Apr 6 12:08:54 2017 +0200

pwrap: Do an early return in pwrap_vlog if log level doesn't match

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit e7d8276736f7c45a3734060c5c7242f018bd9028
Author: Andreas Schneider 
Date:   Thu Apr 6 11:41:12 2017 +0200

pwrap: Add pwrap_vlog() functions

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 09fcd1e8ea1e8e269b2a812dbbb22abafaf17708
Author: Andreas Schneider 
Date:   Thu Apr 6 09:56:15 2017 +0200

pwrap: Remove useless break

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 CMakeLists.txt|   2 +-
 ChangeLog |   4 ++
 doc/pam_wrapper.1 |  13 --
 doc/pam_wrapper.1.txt |   8 +++-
 src/pam_wrapper.c | 123 ++
 5 files changed, 106 insertions(+), 44 deletions(-)


Changeset truncated at 500 lines:

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f0c950f..a929eb2 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -8,7 +8,7 @@ set(APPLICATION_NAME ${PROJECT_NAME})
 
 set(APPLICATION_VERSION_MAJOR "1")
 set(APPLICATION_VERSION_MINOR "0")
-set(APPLICATION_VERSION_PATCH "2")
+set(APPLICATION_VERSION_PATCH "3")
 
 set(APPLICATION_VERSION 
"${APPLICATION_VERSION_MAJOR}.${APPLICATION_VERSION_MINOR}.${APPLICATION_VERSION_PATCH}")
 
diff --git a/ChangeLog b/ChangeLog
index 5af21dd..c2be509 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,10 @@
 ChangeLog
 ==
 
+version 1.0.3 (released 2017-04-06)
+  * Fixed some build issues with strict compiler flags
+  * Logging to syslog is disabled by default
+
 version 1.0.2 (released 2016-05-24)
   * Fixed pam_wrapper on some BSDs
   * Fixed simple conversation in libpamtest
diff --git a/doc/pam_wrapper.1 b/doc/pam_wrapper.1
index 0d737a9..3536c82 100644
--- a/doc/pam_wrapper.1
+++ b/doc/pam_wrapper.1
@@ -1,13 +1,13 @@
 '\" t
 .\" Title: pam_wrapper
 .\"Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.78.1 
-.\"  Date: 2015-11-04
+.\" Generator: DocBook XSL Stylesheets v1.79.0 
+.\"  Date: 2017-04-06
 .\"Manual: \ \&
 .\"Source: \ \&
 .\"  Language: English
 .\"
-.TH "PAM_WRAPPER" "1" "2015\-11\-04" "\ \&" "\ \&"
+.TH "PAM_WRAPPER" "1" "2017\-04\-06" "\ \&" "\ \&"
 .\" -
 .\" * Define some portability stuff
 .\" -
@@ -100,6 +100,11 @@ If you need to see what is going on in pam_wrapper itself 
or try to find a bug,
 .RE
 .RE
 .PP
+\fBPAM_WRAPPER_USE_SYSLOG\fR
+.RS 4
+By default pam logs will go to the pam_wrapper DEBUG log level and will not be 
sent to the syslog\&. If you want to log to the syslog to you can set this 
variable to 1\&.
+.RE
+.PP
 \fBPAM_WRAPPER_KEEP_DIR\fR
 .RS 4
 If this option is set to 1, then pam_wrapper won\(cqt delete its temporary 
directories\&. Mostly useful for pam_wrapper development\&.
@@ -123,7 +128,7 @@ session required
/usr/lib/pam_wrapper/pam_matrix\&.so 

[SCM] Samba Shared Repository - branch master updated

[Andrew Bartlett]

The branch, master has been updated
   via  5ee494c tests dsdb: load paramaters from test environment
   via  62bbfda password_hash: refactor setup_supplemental_field
   via  d1f4fc9 password_hash: Add tests to allow refactoring
  from  78403a8 selftest: fix SID composition in a test script

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 5ee494cbd77d3b988f4472bca9e936bd540f055f
Author: Gary Lockyer 
Date:   Tue Apr 4 08:56:47 2017 +1200

tests dsdb: load paramaters from test environment

Load the test environment specific parameters

Signed-off-by: Gary Lockyer 
Reviewed-by: Garming Sam 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Apr  6 10:06:05 CEST 2017 on sn-devel-144

commit 62bbfda8677d5ed576849b83fcaea1b94f3c3689
Author: Gary Lockyer 
Date:   Fri Mar 31 09:17:07 2017 +1300

password_hash: refactor setup_supplemental_field

refactored to make it easier to add extra password hashes.

Signed-off-by: Gary Lockyer 
Reviewed-by: Garming Sam 
Reviewed-by: Andrew Bartlett 

commit d1f4fc9ee38bc6f1a318ceee940d8408e2050a50
Author: Gary Lockyer 
Date:   Fri Mar 31 15:50:31 2017 +1300

password_hash: Add tests to allow refactoring

Add tests for password_hash.c to allow refactoring of 
setup_supplemental_field

Signed-off-by: Gary Lockyer 
Reviewed-by: Garming Sam 
Reviewed-by: Andrew Bartlett 

---

Summary of changes:
 python/samba/tests/dsdb.py |  11 +-
 python/samba/tests/password_hash.py| 290 ++
 python/samba/tests/password_hash_fl2003.py | 107 +++
 python/samba/tests/password_hash_fl2008.py | 112 +++
 python/samba/tests/password_hash_gpgme.py  | 126 
 source4/dsdb/samdb/ldb_modules/password_hash.c | 398 -
 source4/selftest/tests.py  |  15 +
 7 files changed, 853 insertions(+), 206 deletions(-)
 create mode 100644 python/samba/tests/password_hash.py
 create mode 100644 python/samba/tests/password_hash_fl2003.py
 create mode 100644 python/samba/tests/password_hash_fl2008.py
 create mode 100644 python/samba/tests/password_hash_gpgme.py


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index a3b94fb..4a34bac 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -32,16 +32,13 @@ class DsdbTests(TestCase):
 
 def setUp(self):
 super(DsdbTests, self).setUp()
-self.lp = samba.param.LoadParm()
-self.lp.load(os.path.join(os.path.join(self.baseprovpath(), "etc"), 
"smb.conf"))
+self.lp = samba.tests.env_loadparm()
 self.creds = Credentials()
 self.creds.guess(self.lp)
 self.session = system_session()
-self.samdb = SamDB(os.path.join(self.baseprovpath(), "private", 
"sam.ldb"),
-session_info=self.session, credentials=self.creds,lp=self.lp)
-
-def baseprovpath(self):
-return os.path.join(os.environ['SELFTEST_PREFIX'], "ad_dc_ntvfs")
+self.samdb = SamDB(session_info=self.session,
+   credentials=self.creds,
+   lp=self.lp)
 
 def test_get_oid_from_attrid(self):
 oid = self.samdb.get_oid_from_attid(591614)
diff --git a/python/samba/tests/password_hash.py 
b/python/samba/tests/password_hash.py
new file mode 100644
index 000..c1631c6
--- /dev/null
+++ b/python/samba/tests/password_hash.py
@@ -0,0 +1,290 @@
+# Tests for Tests for source4/dsdb/samdb/ldb_modules/password_hash.c
+#
+# Copyright (C) Catalyst IT Ltd. 2017
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see .
+#
+
+"""
+Base class for tests for source4/dsdb/samdb/ldb_modules/password_hash.c
+"""
+
+from samba.credentials import Credentials
+from samba.samdb import SamDB
+from samba.auth import system_session
+from 

[SCM] pam wrapper repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  91227b3 libpamtest: Do not declare variable in for-loop
   via  7dce9b5 pypamtest: Add sanity checks in new_conv_list()
   via  14adde1 pypamtest: Do not use variable declaration in for-loop
  from  b6708f7 cmake: Add Python 3.6 if we look for the python library

https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master


- Log -
commit 91227b3056ef7c16b5c6ea7515f4f1b65feca859
Author: Andreas Schneider 
Date:   Thu Apr 6 09:15:07 2017 +0200

libpamtest: Do not declare variable in for-loop

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 7dce9b5147cb699a1972590b1fb8262a4aa64b18
Author: Andreas Schneider 
Date:   Thu Apr 6 09:13:40 2017 +0200

pypamtest: Add sanity checks in new_conv_list()

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 14adde1d0ea2069b546278529a5e13e113303f51
Author: Andreas Schneider 
Date:   Thu Apr 6 09:09:53 2017 +0200

pypamtest: Do not use variable declaration in for-loop

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 src/libpamtest.c   |  4 +++-
 src/python/pypamtest.c | 13 +++--
 2 files changed, 14 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/src/libpamtest.c b/src/libpamtest.c
index 7119184..c0ab41d 100644
--- a/src/libpamtest.c
+++ b/src/libpamtest.c
@@ -117,11 +117,13 @@ enum pamtest_err _pamtest_conv(const char *service,
 
 void pamtest_free_env(char **envlist)
 {
+   size_t i;
+
if (envlist == NULL) {
return;
}
 
-   for (size_t i = 0; envlist[i] != NULL; i++) {
+   for (i = 0; envlist[i] != NULL; i++) {
free(envlist[i]);
}
free(envlist);
diff --git a/src/python/pypamtest.c b/src/python/pypamtest.c
index a1b3054..585f27d 100644
--- a/src/python/pypamtest.c
+++ b/src/python/pypamtest.c
@@ -133,9 +133,18 @@ static void free_string_list(char **list)
PyMem_Free(list);
 }
 
-static char **new_conv_list(const int list_size)
+static char **new_conv_list(const size_t list_size)
 {
char **list;
+   size_t i;
+
+   if (list_size == 0) {
+   return NULL;
+   }
+
+   if (list_size + 1 < list_size) {
+   return NULL;
+   }
 
list = PyMem_New(char *, list_size + 1);
if (list == NULL) {
@@ -143,7 +152,7 @@ static char **new_conv_list(const int list_size)
}
list[list_size] = NULL;
 
-   for (int i =0; i < list_size; i++) {
+   for (i = 0; i < list_size; i++) {
list[i] = PyMem_New(char, PAM_MAX_MSG_SIZE);
if (list[i] == NULL) {
PyMem_Free(list);


-- 
pam wrapper repository

[SCM] Socket Wrapper Repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  9088344 swrap: Add fopen64() on systems which provide it
   via  fb810a6 cmake: Check for fopen64() function
   via  b139b7c swrap: Add open64() on systems which provide it
   via  ef67998 cmake: Check for open64() function
   via  f64d6bd cmake: Do not check for LFS support
   via  502ab86 swrap: Increase max wrapped interfaces
  from  7ca7d61 tests: Fix test_close_failure test case

https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master


- Log -
commit 908834465e11736796e418dfdee6425f71959590
Author: Andreas Schneider 
Date:   Thu Apr 6 09:05:26 2017 +0200

swrap: Add fopen64() on systems which provide it

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit fb810a68eae6cb369d799805d3f0cd529f6d893c
Author: Andreas Schneider 
Date:   Thu Apr 6 09:02:21 2017 +0200

cmake: Check for fopen64() function

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit b139b7c2dae519a8fdd589b4bdff14b9a657fc4a
Author: Andreas Schneider 
Date:   Tue Mar 28 09:09:06 2017 +0200

swrap: Add open64() on systems which provide it

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12694

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit ef679984f4a85b4b75a85fc41df4d16a92f26721
Author: Andreas Schneider 
Date:   Tue Mar 28 09:03:02 2017 +0200

cmake: Check for open64() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12694

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit f64d6bd6526b046c350e8e421204461ee66cf9b8
Author: Andreas Schneider 
Date:   Tue Mar 28 08:58:14 2017 +0200

cmake: Do not check for LFS support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12694

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 502ab86d4863802ef183cedbbf3283bf4bc07ab9
Author: Andreas Schneider 
Date:   Mon Mar 20 11:25:40 2017 +0100

swrap: Increase max wrapped interfaces

We are hitting the limit of 40 interfaces with Samba. So increase it to
64.

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:
 ConfigureChecks.cmake   |  2 +
 cmake/Modules/DefineCompilerFlags.cmake | 29 --
 config.h.cmake  |  2 +
 src/socket_wrapper.c| 99 -
 4 files changed, 102 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index 71b34ce..0691c8a 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -63,6 +63,8 @@ check_function_exists(eventfd HAVE_EVENTFD)
 check_function_exists(timerfd_create HAVE_TIMERFD_CREATE)
 check_function_exists(bindresvport HAVE_BINDRESVPORT)
 check_function_exists(accept4 HAVE_ACCEPT4)
+check_function_exists(open64 HAVE_OPEN64)
+check_function_exists(fopen64 HAVE_FOPEN64)
 
 check_function_exists(pledge HAVE_PLEDGE)
 
diff --git a/cmake/Modules/DefineCompilerFlags.cmake 
b/cmake/Modules/DefineCompilerFlags.cmake
index 53481c3..c60e586 100644
--- a/cmake/Modules/DefineCompilerFlags.cmake
+++ b/cmake/Modules/DefineCompilerFlags.cmake
@@ -53,35 +53,6 @@ if (UNIX AND NOT WIN32)
 endif()
 endif (${CMAKE_C_COMPILER_ID} MATCHES "(GNU|Clang)")
 
-#
-# Check for large filesystem support
-#
-if (CMAKE_SIZEOF_VOID_P MATCHES "8")
-# with large file support
-execute_process(
-COMMAND
-getconf LFS64_CFLAGS
-OUTPUT_VARIABLE
-_lfs_CFLAGS
-ERROR_QUIET
-OUTPUT_STRIP_TRAILING_WHITESPACE
-)
-else (CMAKE_SIZEOF_VOID_P MATCHES "8")
-# with large file support
-execute_process(
-COMMAND
-getconf LFS_CFLAGS
-OUTPUT_VARIABLE
-_lfs_CFLAGS
-ERROR_QUIET
-OUTPUT_STRIP_TRAILING_WHITESPACE
-)
-endif (CMAKE_SIZEOF_VOID_P MATCHES "8")
-if (_lfs_CFLAGS)
-string(REGEX REPLACE "[\r\n]" " " "${_lfs_CFLAGS}" "${${_lfs_CFLAGS}}")
-set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${_lfs_CFLAGS}")
-endif (_lfs_CFLAGS)
-
 endif (UNIX AND NOT WIN32)
 
 if (MSVC)
diff --git a/config.h.cmake b/config.h.cmake
index 6786b8a..2f494a4 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -40,6 +40,8 @@
 #cmakedefine HAVE_TIMERFD_CREATE 1
 #cmakedefine 

[SCM] pam wrapper repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  b6708f7 cmake: Add Python 3.6 if we look for the python library
   via  8efb64e pwrap: Do not discard const value
   via  308f344 cmake: Remove unused define
   via  cccdca5 cmake: Do not check for pam_(v)syslog twice
  from  247260d Bump version to 1.0.2

https://git.samba.org/?p=pam_wrapper.git;a=shortlog;h=master


- Log -
commit b6708f72588784b5b4c8784df0e1a27817e331d3
Author: Andreas Schneider 
Date:   Thu Mar 30 08:46:44 2017 +0200

cmake: Add Python 3.6 if we look for the python library

Signed-off-by: Andreas Schneider 
Reviewed-by: Jakub Hrozek 
Reviewed-by: Ralph Boehme 

commit 8efb64e1b307d4ff294042e95ecd33db1f568c7c
Author: Andreas Schneider 
Date:   Wed Mar 29 16:16:18 2017 +0200

pwrap: Do not discard const value

Signed-off-by: Andreas Schneider 
Reviewed-by: Jakub Hrozek 
Reviewed-by: Ralph Boehme 

commit 308f3442499b57f77435f928d56fdd6b085802cd
Author: Andreas Schneider 
Date:   Wed Mar 29 15:53:20 2017 +0200

cmake: Remove unused define

Signed-off-by: Andreas Schneider 
Reviewed-by: Jakub Hrozek 
Reviewed-by: Ralph Boehme 

commit cccdca57f275799ee86e189196f0b2642243c763
Author: Andreas Schneider 
Date:   Wed Mar 29 15:51:06 2017 +0200

cmake: Do not check for pam_(v)syslog twice

Signed-off-by: Andreas Schneider 
Reviewed-by: Jakub Hrozek 
Reviewed-by: Ralph Boehme 

---

Summary of changes:
 CMakeLists.txt|  2 +-
 ConfigureChecks.cmake |  5 -
 config.h.cmake|  5 -
 src/pam_wrapper.c | 37 +++--
 4 files changed, 20 insertions(+), 29 deletions(-)


Changeset truncated at 500 lines:

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 5f52edf..f0c950f 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -47,7 +47,7 @@ set(CMAKE_THREAD_PREFER_PTHREADS ON)
 find_package(Threads)
 
 find_package(PythonInterp)
-set(Python_ADDITIONAL_VERSIONS 2.6 2.7 3.3 3.4)
+set(Python_ADDITIONAL_VERSIONS 2.6 2.7 3.3 3.4 3.6)
 find_package(PythonLibs)
 find_package(PythonSiteLibs)
 
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index f3383f9..2fdd296 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -46,11 +46,6 @@ check_function_exists(strncpy HAVE_STRNCPY)
 check_function_exists(vsnprintf HAVE_VSNPRINTF)
 check_function_exists(snprintf HAVE_SNPRINTF)
 
-set(CMAKE_REQUIRED_LIBRARIES pam)
-check_function_exists(pam_vsyslog HAVE_PAM_VSYSLOG)
-check_function_exists(pam_syslog HAVE_PAM_SYSLOG)
-set(CMAKE_REQUIRED_LIBRARIES)
-
 check_prototype_definition(pam_vprompt
 "int pam_vprompt(const pam_handle_t *_pamh, int _style, char **_resp, 
const char *_fmt, va_list _ap)"
 "-1"
diff --git a/config.h.cmake b/config.h.cmake
index 9888219..d587f84 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -20,14 +20,9 @@
 #cmakedefine HAVE_SECURITY_PAM_MODULES_H 1
 #cmakedefine HAVE_SECURITY_PAM_EXT_H 1
 #cmakedefine HAVE_OPENPAM ${HAVE_OPENPAM}
-#cmakedefine HAVE_PAM_SYSLOG 1
-#cmakedefine HAVE_PAM_VSYSLOG 1
 
 /*** FUNCTIONS ***/
 
-/* Define to 1 if you have the `seteuid' function. */
-#cmakedefine HAVE_SETEUID 1
-
 #cmakedefine HAVE_PAM_VSYSLOG 1
 #cmakedefine HAVE_PAM_SYSLOG 1
 
diff --git a/src/pam_wrapper.c b/src/pam_wrapper.c
index bc73f41..168020b 100644
--- a/src/pam_wrapper.c
+++ b/src/pam_wrapper.c
@@ -1203,55 +1203,56 @@ static int pwrap_pam_get_item(const pam_handle_t *pamh,
case PAM_USER:
PWRAP_LOG(PWRAP_LOG_TRACE,
  "pwrap_get_item PAM_USER=%s",
- (char *) *item);
+ (const char *)*item);
break;
case PAM_SERVICE:
svc = pwrap_get_service((const char *) *item);
 
PWRAP_LOG(PWRAP_LOG_TRACE,
  "pwrap_get_item PAM_SERVICE=%s",
- (char *) svc);
+ svc);
*item = svc;
break;
case PAM_USER_PROMPT:
PWRAP_LOG(PWRAP_LOG_TRACE,
  "pwrap_get_item PAM_USER_PROMPT=%s",
- (char *) *item);
+ (const char *)*item);
break;
case PAM_TTY:
PWRAP_LOG(PWRAP_LOG_TRACE,