From dominicm@gdc083.internal.graphdata.co.uk  Tue Oct 10 15:18:19 2006
Return-Path: <dominicm@gdc083.internal.graphdata.co.uk>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9719416A47C
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Oct 2006 15:18:19 +0000 (UTC)
	(envelope-from dominicm@gdc083.internal.graphdata.co.uk)
Received: from mailhost.graphdata.co.uk (mailhost.graphdata.co.uk [195.12.22.194])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7D12B43D90
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 10 Oct 2006 15:18:15 +0000 (GMT)
	(envelope-from dominicm@gdc083.internal.graphdata.co.uk)
Received: from localhost (localhost [127.0.0.1])
	by mailhost.graphdata.co.uk (Postfix) with ESMTP id 2F56C114020;
	Tue, 10 Oct 2006 16:18:14 +0100 (BST)
Received: from mailhost.graphdata.co.uk ([127.0.0.1])
	by localhost (mailhost.graphdata.co.uk [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Pmq-xBVpp5O7; Tue, 10 Oct 2006 16:18:09 +0100 (BST)
Received: from gdc083.internal.graphdata.co.uk (gdc083.internal.graphdata.co.uk [192.168.0.86])
	by mailhost.graphdata.co.uk (Postfix) with ESMTP id 3E0F511401E;
	Tue, 10 Oct 2006 16:18:09 +0100 (BST)
Received: by gdc083.internal.graphdata.co.uk (Postfix, from userid 4000)
	id 16D841CCD6; Tue, 10 Oct 2006 16:18:08 +0100 (BST)
Message-Id: <20061010151809.16D841CCD6@gdc083.internal.graphdata.co.uk>
Date: Tue, 10 Oct 2006 16:18:08 +0100 (BST)
From: Dominic Marks <dom@helenmarks.co.uk>
Reply-To: Dominic Marks <dom@helenmarks.co.uk>
To: FreeBSD-gnats-submit@freebsd.org
Cc: timur@gnu.org
Subject: net/samba3 3.0.23c_1,1 pam_winbind.so not load-able by OpenPAM
X-Send-Pr-Version: 3.113
X-GNATS-Notify: timur@gnu.org

>Number:         104269
>Category:       ports
>Synopsis:       net/samba3 3.0.23c_1,1 pam_winbind.so not load-able by OpenPAM
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    shaun
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Oct 10 15:20:22 GMT 2006
>Closed-Date:    Wed Oct 11 20:41:30 GMT 2006
>Last-Modified:  Wed Oct 11 20:50:18 GMT 2006
>Originator:     Dominic Marks
>Release:        FreeBSD 6.2-PRERELEASE i386
>Organization:
>Environment:
	
>Description:
With the latest version of the port pam_winbind.so does not seem to
be load-able by OpenPAM. This causes any system using nsswitch for
authentication to become useless. In my case it caused my workstation
to unusable without a visit to single user mode.
	
>How-To-Repeat:
1. Install net/samba with pam_winbind.so
2. Modify pam configuration to include it in authentication.
3. Join a AD Domain
4. Try and authenticate
5. Fail

Some example logging information:

gdc083# grep gdm /var/log/messages
Oct 10 14:27:46 gdc083 gdm[61268]: in openpam_load_module(): no /usr/local/lib/pam_winbind.so found
Oct 10 14:27:46 gdc083 gdm[61268]: gdm_verify_check: Can't find PAM configuration for GDM.

gdc083# ls -l /usr/local/lib/pam_winbind.so
-r-xr-xr-x  1 root  wheel  33736 Oct 10 14:15 /usr/local/lib/pam_winbind.so

gdc083# file /usr/local/lib/pam_winbind.so
/usr/local/lib/pam_winbind.so: ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), stripped

	
>Fix:
Roll back to 3.0.23b,1.
	
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->feedback 
State-Changed-By: edwin 
State-Changed-When: Tue Oct 10 15:21:39 UTC 2006 
State-Changed-Why:  
Awaiting maintainers feedback 

http://www.freebsd.org/cgi/query-pr.cgi?pr=104269 
Responsible-Changed-From-To: freebsd-ports-bugs->shaun 
Responsible-Changed-By: shaun 
Responsible-Changed-When: Wed Oct 11 00:27:24 UTC 2006 
Responsible-Changed-Why:  
Take it. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=104269 

From: "Timur I. Bakeyev" <timur@gnu.org>
To: bug-followup@FreeBSD.org, dom@helenmarks.co.uk
Cc:  
Subject: Re: ports/104269: net/samba3 3.0.23c_1,1 pam_winbind.so not load-able by OpenPAM
Date: Wed, 11 Oct 2006 03:47:38 +0200

 --W/nzBZO5zC0uMSeA
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 
 Hi, Dominic!
 
 Thank you for your report! I did some tests and found out that the problem
 is caused by usage of strequal() function in the code? which isn't linked 
 into the pam_winbind.so. The easiest solution is to replace it with strcmp().
 
 I do attach the patch to this mail that have to replace original one in the
 port. You can just place in into files/ instead of original one.
 
 With best regards,
 Timur.
 
 
 
 
 
 --W/nzBZO5zC0uMSeA
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: attachment; filename=patch-za
 
 --- nsswitch/wb_common.c.orig	Thu Apr 20 04:29:21 2006
 +++ nsswitch/wb_common.c	Mon Sep 25 12:49:04 2006
 @@ -525,15 +525,11 @@
  NSS_STATUS winbindd_send_request(int req_type, struct winbindd_request *request)
  {
  	struct winbindd_request lrequest;
 -	char *env;
 -	int  value;
 -	
 +
  	/* Check for our tricky environment variable */
  
 -	if ( (env = getenv(WINBINDD_DONT_ENV)) != NULL ) {
 -		value = atoi(env);
 -		if ( value == 1 )
 -			return NSS_STATUS_NOTFOUND;
 +	if (winbind_env_set()) {
 +		return NSS_STATUS_NOTFOUND;
  	}
  
  	if (!request) {
 @@ -632,3 +628,14 @@
  	return putenv(s) != -1;
  }
  
 +BOOL winbind_env_set( void )
 +{
 +	char *env;
 +	
 +	if ((env=getenv(WINBINDD_DONT_ENV)) != NULL) {
 +		if(strcmp(env, "1")) {
 +			return True;
 +		}
 +	}
 +	return False;
 +}
 --- passdb/pdb_interface.c.orig	Wed Aug 23 18:16:38 2006
 +++ passdb/pdb_interface.c	Mon Sep 25 13:10:15 2006
 @@ -1321,27 +1321,25 @@
  	struct group *grp;
  	char **gr;
  	struct passwd *pwd;
 -	char *winbindd_env;
 +	BOOL winbind_env;
   
  	*pp_uids = NULL;
  	*p_num = 0;
  
  	/* We only look at our own sam, so don't care about imported stuff */
 -
 -	winbindd_env = getenv(WINBINDD_DONT_ENV);
 +	winbind_env = winbind_env_set();
  	winbind_off();
  
  	if ((grp = getgrgid(gid)) == NULL) {
  		/* allow winbindd lookups, but only if they weren't already disabled */
 -		if ( !(winbindd_env && strequal(winbindd_env, "1")) ) {
 +		if (!winbind_env) {
  			winbind_on();
  		}
 -
 +		
  		return False;
  	}
  
  	/* Primary group members */
 -
  	setpwent();
  	while ((pwd = getpwent()) != NULL) {
  		if (pwd->pw_gid == gid) {
 @@ -1352,7 +1350,6 @@
  	endpwent();
  
  	/* Secondary group members */
 -
  	for (gr = grp->gr_mem; (*gr != NULL) && ((*gr)[0] != '\0'); gr += 1) {
  		struct passwd *pw = getpwnam(*gr);
  
 @@ -1362,11 +1359,10 @@
  	}
  
  	/* allow winbindd lookups, but only if they weren't already disabled */
 -
 -	if ( !(winbindd_env && strequal(winbindd_env, "1")) ) {
 +	if (!winbind_env) {
  		winbind_on();
  	}
 -
 +	
  	return True;
  }
  
 --- lib/system_smbd.c.orig	Thu Apr 20 04:29:23 2006
 +++ lib/system_smbd.c	Mon Sep 25 12:53:54 2006
 @@ -120,19 +120,15 @@
  static int sys_getgrouplist(const char *user, gid_t gid, gid_t *groups, int *grpcnt)
  {
  	int retval;
 -	char *winbindd_env;
 +	BOOL winbind_env;
  
  	DEBUG(10,("sys_getgrouplist: user [%s]\n", user));
  
 -	/* Save the winbindd state and not just blindly turn it back on */
 -
 -	winbindd_env = getenv(WINBINDD_DONT_ENV);
 -	
  	/* This is only ever called for Unix users, remote memberships are
  	 * always determined by the info3 coming back from auth3 or the
  	 * PAC. */
 -
 -	winbind_off() ;
 +	winbind_env = winbind_env_set();
 +	winbind_off();
  
  #ifdef HAVE_GETGROUPLIST
  	retval = getgrouplist(user, gid, groups, grpcnt);
 @@ -142,9 +138,8 @@
  	unbecome_root();
  #endif
  
 -	/* allow winbindd lookups , but only if they were not already disabled */
 -
 -	if ( !(winbindd_env && strequal(winbindd_env, "1")) ) {
 +	/* allow winbindd lookups, but only if they were not already disabled */
 +	if (!winbind_env) {
  		winbind_on();
  	}
  
 
 --W/nzBZO5zC0uMSeA--

From: Dominic Marks <dom@helenmarks.co.uk>
To: "Timur I. Bakeyev" <timur@gnu.org>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/104269: net/samba3 3.0.23c_1,1 pam_winbind.so not
 load-able by OpenPAM
Date: Wed, 11 Oct 2006 10:36:28 +0100

 On Wed, 11 Oct 2006 03:47:38 +0200
 "Timur I. Bakeyev" <timur@gnu.org> wrote:
 
 > Hi, Dominic!
 > 
 > Thank you for your report! I did some tests and found out that the problem
 > is caused by usage of strequal() function in the code? which isn't linked 
 > into the pam_winbind.so. The easiest solution is to replace it with strcmp().
 > 
 > I do attach the patch to this mail that have to replace original one in the
 > port. You can just place in into files/ instead of original one.
 
 Thanks. I assume this will be committed soon?
 Thanks you very much Timur, very quick fix. Excellent work!
 
 Dominic
 
 > With best regards,
 > Timur.

From: "Timur I. Bakeyev" <timur@gnu.org>
To: Dominic Marks <dom@helenmarks.co.uk>
Cc: "Timur I. Bakeyev" <timur@gnu.org>, bug-followup@FreeBSD.org
Subject: Re: ports/104269: net/samba3 3.0.23c_1,1 pam_winbind.so not load-able by OpenPAM
Date: Wed, 11 Oct 2006 13:26:00 +0200

 Hi Dominic!
 
 On Wed, Oct 11, 2006 at 10:36:28AM +0100, Dominic Marks wrote:
 > 
 > Thanks. I assume this will be committed soon?
 > Thanks you very much Timur, very quick fix. Excellent work!
 
 There is a slight problem with commitment - ports tree is frozen for
 upcoming 6.2 release, so if this fix won't be approved by portmanager,
 you have to wait a week or so.
 
 So, if you want immediate results - try the attached patch now :)
 
 With best regards,
 Timur.
State-Changed-From-To: feedback->closed 
State-Changed-By: shaun 
State-Changed-When: Wed Oct 11 19:59:13 UTC 2006 
State-Changed-Why:  
Fix provided by maintainer was committed. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=104269 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/104269: commit references a PR
Date: Wed, 11 Oct 2006 20:42:28 +0000 (UTC)

 shaun       2006-10-11 20:40:35 UTC
 
   FreeBSD ports repository
 
   Modified files:
     net/samba3           Makefile 
     net/samba3/files     patch-za 
   Log:
   Fix a bug introduced by a previous patch, whereby pam_winbind.so would
   fail to load correctly.
   
   PR:             ports/104269
   Submitted by:   Dominic Marks <dom@helenmarks.co.uk>
   Approved by:    portmgr (erwin)
   
   Revision  Changes    Path
   1.155     +1 -1      ports/net/samba3/Makefile
   1.2       +1 -1      ports/net/samba3/files/patch-za
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
