Merge 2610c05b5b95cc7036b3d6dfb894c6cfbdb68483 as Samba-4.0alpha16

10 files changed, 139 insertions, 53 deletions

diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index c6ee531481..12fc31ea5e 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -395,7 +395,7 @@ static bool test_wbc_lookup_rids(struct torture_context *tctx)
 	torture_assert_str_equal(
 		tctx, names[1], "Users", "S-1-5-32-545 not mapped to 'Users'");
 
-	wbcFreeMemory((char *)domain_name);
+	wbcFreeMemory(discard_const_p(char ,domain_name));
 	wbcFreeMemory(names);
 	wbcFreeMemory(types);
 
diff --git a/nsswitch/libwbclient/wbc_util.c b/nsswitch/libwbclient/wbc_util.c
index d783ba36d8..af134ba7e5 100644
--- a/nsswitch/libwbclient/wbc_util.c
+++ b/nsswitch/libwbclient/wbc_util.c
@@ -623,13 +623,13 @@ static void wbcDomainControllerInfoExDestructor(void *ptr)
 {
 	struct wbcDomainControllerInfoEx *i =
 		(struct wbcDomainControllerInfoEx *)ptr;
-	free((char *)(i->dc_unc));
-	free((char *)(i->dc_address));
-	free((char *)(i->domain_guid));
-	free((char *)(i->domain_name));
-	free((char *)(i->forest_name));
-	free((char *)(i->dc_site_name));
-	free((char *)(i->client_site_name));
+	free(discard_const_p(char, i->dc_unc));
+	free(discard_const_p(char, i->dc_address));
+	free(discard_const_p(char, i->domain_guid));
+	free(discard_const_p(char, i->domain_name));
+	free(discard_const_p(char, i->forest_name));
+	free(discard_const_p(char, i->dc_site_name));
+	free(discard_const_p(char, i->client_site_name));
 }
 
 static wbcErr wbc_create_domain_controller_info_ex(const struct winbindd_response *resp,
@@ -758,7 +758,7 @@ static void wbcNamedBlobDestructor(void *ptr)
 	struct wbcNamedBlob *b = (struct wbcNamedBlob *)ptr;
 
 	while (b->name != NULL) {
-		free((char *)(b->name));
+		free(discard_const_p(char, b->name));
 		free(b->blob.data);
 		b += 1;
 	}
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 7005c25fae..e59a6d8ea1 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -11,8 +11,6 @@
 */
 
 #include "pam_winbind.h"
-#define CONST_DISCARD(type,ptr) ((type)(void *)ptr)
-
 
 static int wbc_error_to_pam_error(wbcErr status)
 {
@@ -412,51 +410,51 @@ static int _pam_parse(const pam_handle_t *pamh,
 		config_file = PAM_WINBIND_CONFIG_FILE;
 	}
 
-	d = iniparser_load(CONST_DISCARD(char *, config_file));
+	d = iniparser_load(discard_const_p(char, config_file));
 	if (d == NULL) {
 		goto config_from_pam;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:debug"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:debug"), false)) {
 		ctrl |= WINBIND_DEBUG_ARG;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:debug_state"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:debug_state"), false)) {
 		ctrl |= WINBIND_DEBUG_STATE;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:cached_login"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:cached_login"), false)) {
 		ctrl |= WINBIND_CACHED_LOGIN;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:krb5_auth"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:krb5_auth"), false)) {
 		ctrl |= WINBIND_KRB5_AUTH;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:silent"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:silent"), false)) {
 		ctrl |= WINBIND_SILENT;
 	}
 
-	if (iniparser_getstr(d, CONST_DISCARD(char *, "global:krb5_ccache_type")) != NULL) {
+	if (iniparser_getstr(d, discard_const_p(char, "global:krb5_ccache_type")) != NULL) {
 		ctrl |= WINBIND_KRB5_CCACHE_TYPE;
 	}
 
-	if ((iniparser_getstr(d, CONST_DISCARD(char *, "global:require-membership-of"))
+	if ((iniparser_getstr(d, discard_const_p(char, "global:require-membership-of"))
 	     != NULL) ||
-	    (iniparser_getstr(d, CONST_DISCARD(char *, "global:require_membership_of"))
+	    (iniparser_getstr(d, discard_const_p(char, "global:require_membership_of"))
 	     != NULL)) {
 		ctrl |= WINBIND_REQUIRED_MEMBERSHIP;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:try_first_pass"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:try_first_pass"), false)) {
 		ctrl |= WINBIND_TRY_FIRST_PASS_ARG;
 	}
 
-	if (iniparser_getint(d, CONST_DISCARD(char *, "global:warn_pwd_expire"), 0)) {
+	if (iniparser_getint(d, discard_const_p(char, "global:warn_pwd_expire"), 0)) {
 		ctrl |= WINBIND_WARN_PWD_EXPIRE;
 	}
 
-	if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:mkhomedir"), false)) {
+	if (iniparser_getboolean(d, discard_const_p(char, "global:mkhomedir"), false)) {
 		ctrl |= WINBIND_MKHOMEDIR;
 	}
 
@@ -538,7 +536,7 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
 	textdomain_init();
 #endif
 
-	r = TALLOC_ZERO_P(NULL, struct pwb_context);
+	r = talloc_zero(NULL, struct pwb_context);
 	if (!r) {
 		return PAM_BUF_ERR;
 	}
@@ -1214,7 +1212,7 @@ out:
 static void _pam_setup_krb5_env(struct pwb_context *ctx,
 				struct wbcLogonUserInfo *info)
 {
-	char var[PATH_MAX];
+	char *var = NULL;
 	int ret;
 	uint32_t i;
 	const char *krb5ccname = NULL;
@@ -1241,7 +1239,7 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx,
 	_pam_log_debug(ctx, LOG_DEBUG,
 		       "request returned KRB5CCNAME: %s", krb5ccname);
 
-	if (snprintf(var, sizeof(var), "KRB5CCNAME=%s", krb5ccname) == -1) {
+	if (asprintf(&var, "KRB5CCNAME=%s", krb5ccname) == -1) {
 		return;
 	}
 
@@ -1251,6 +1249,7 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx,
 			 "failed to set KRB5CCNAME to %s: %s",
 			 var, pam_strerror(ctx->pamh, ret));
 	}
+	free(var);
 }
 
 /**
@@ -1764,7 +1763,7 @@ static int winbind_auth_request(struct pwb_context *ctx,
 					     &logon.blobs,
 					     "krb5_cc_type",
 					     0,
-					     (uint8_t *)cctype,
+					     discard_const_p(uint8_t, cctype),
 					     strlen(cctype)+1);
 		if (!WBC_ERROR_IS_OK(wbc_status)) {
 			goto done;
@@ -2514,7 +2513,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
 						     &logoff.blobs,
 						     "ccfilename",
 						     0,
-						     (uint8_t *)ccname,
+						     discard_const_p(uint8_t, ccname),
 						     strlen(ccname)+1);
 			if (!WBC_ERROR_IS_OK(wbc_status)) {
 				goto out;
diff --git a/nsswitch/pam_winbind.h b/nsswitch/pam_winbind.h
index ed924794c4..0d9529e726 100644
--- a/nsswitch/pam_winbind.h
+++ b/nsswitch/pam_winbind.h
@@ -1,9 +1,55 @@
+/*
+ * Copyright (c) Andrew Tridgell  <tridge@samba.org>   2000
+ * Copyright (c) Tim Potter       <tpot@samba.org>     2000
+ * Copyright (c) Andrew Bartlettt <abartlet@samba.org> 2002
+ * Copyright (c) Guenther Deschner <gd@samba.org>      2005-2008
+ * Copyright (c) Jan Rêkorajski 1999.
+ * Copyright (c) Andrew G. Morgan 1996-8.
+ * Copyright (c) Alex O. Yuriev, 1996.
+ * Copyright (c) Cristian Gafton 1996.
+ * Copyright (C) Elliot Lee <sopwith@redhat.com> 1996, Red Hat Software.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, and the entire permission notice in its entirety,
+ *    including the disclaimer of warranties.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * ALTERNATIVELY, this product may be distributed under the terms of
+ * the GNU Public License, in which case the provisions of the GPL are
+ * required INSTEAD OF the above restrictions.  (This clause is
+ * necessary due to a potential bad interaction between the GPL and
+ * the restrictions contained in a BSD-style copyright.)
+ *
+ * THIS SOFTWARE IS PROVIDED `AS IS'' AND ANY EXPRESS OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
 /* pam_winbind header file
    (Solaris needs some macros from Linux for common PAM code)
 
    Shirish Kalele 2000
 */
 
+#ifndef _NSSWITCH_PAM_WINBIND_H_
+#define _NSSWITCH_PAM_WINBIND_H_
+
 #include "../lib/replace/replace.h"
 #include "system/syslog.h"
 #include "system/time.h"
@@ -175,3 +221,5 @@ struct pwb_context {
 #endif
 #define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero(ctx, sizeof(type), #type)
 #define TALLOC_P(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type)
+
+#endif /* _NSSWITCH_PAM_WINBIND_H_ */
diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index dcfc8a5156..80c729a3b6 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -369,13 +369,14 @@ static int winbind_open_pipe_sock(int recursing, int need_priv)
 static int winbind_write_sock(void *buffer, int count, int recursing,
 			      int need_priv)
 {
-	int result, nwritten;
+	int fd, result, nwritten;
 
 	/* Open connection to winbind daemon */
 
  restart:
 
-	if (winbind_open_pipe_sock(recursing, need_priv) == -1) {
+	fd = winbind_open_pipe_sock(recursing, need_priv);
+	if (fd == -1) {
 		errno = ENOENT;
 		return -1;
 	}
@@ -391,7 +392,7 @@ static int winbind_write_sock(void *buffer, int count, int recursing,
 		/* Catch pipe close on other end by checking if a read()
 		   call would not block by calling poll(). */
 
-		pfd.fd = winbindd_fd;
+		pfd.fd = fd;
 		pfd.events = POLLIN|POLLHUP;
 
 		ret = poll(&pfd, 1, 0);
@@ -412,8 +413,7 @@ static int winbind_write_sock(void *buffer, int count, int recursing,
 
 		/* Do the write */
 
-		result = write(winbindd_fd,
-			       (char *)buffer + nwritten,
+		result = write(fd, (char *)buffer + nwritten,
 			       count - nwritten);
 
 		if ((result == -1) || (result == 0)) {
@@ -434,10 +434,12 @@ static int winbind_write_sock(void *buffer, int count, int recursing,
 
 static int winbind_read_sock(void *buffer, int count)
 {
+	int fd;
 	int nread = 0;
 	int total_time = 0;
 
-	if (winbindd_fd == -1) {
+	fd = winbind_open_pipe_sock(false, false);
+	if (fd == -1) {
 		return -1;
 	}
 
@@ -449,7 +451,7 @@ static int winbind_read_sock(void *buffer, int count)
 		/* Catch pipe close on other end by checking if a read()
 		   call would not block by calling poll(). */
 
-		pfd.fd = winbindd_fd;
+		pfd.fd = fd;
 		pfd.events = POLLIN|POLLHUP;
 
 		/* Wait for 5 seconds for a reply. May need to parameterise this... */
@@ -475,7 +477,7 @@ static int winbind_read_sock(void *buffer, int count)
 
 			/* Do the Read */
 
-			int result = read(winbindd_fd, (char *)buffer + nread,
+			int result = read(fd, (char *)buffer + nread,
 			      count - nread);
 
 			if ((result == -1) || (result == 0)) {
diff --git a/nsswitch/wbinfo.c b/nsswitch/wbinfo.c
index ac07175022..30e23b6a8f 100644
--- a/nsswitch/wbinfo.c
+++ b/nsswitch/wbinfo.c
@@ -134,7 +134,6 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain,
 	fstrcpy(user, p+1);
 	fstrcpy(domain, domuser);
 	domain[PTR_DIFF(p, domuser)] = 0;
-	strupper_m(domain);
 
 	return true;
 }
diff --git a/nsswitch/winbind_client.h b/nsswitch/winbind_client.h
index ed1c81ddb2..905a189c82 100644
--- a/nsswitch/winbind_client.h
+++ b/nsswitch/winbind_client.h
@@ -1,3 +1,30 @@
+/*
+   Unix SMB/CIFS implementation.
+
+   winbind client common code
+
+   Copyright (C) Tim Potter 2000
+   Copyright (C) Andrew Tridgell 2000
+   Copyright (C) Andrew Bartlett 2002
+
+
+   This library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 3 of the License, or (at your option) any later version.
+
+   This library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Library General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _NSSWITCH_WINBIND_CLIENT_H_
+#define _NSSWITCH_WINBIND_CLIENT_H_
+
 #include "winbind_nss_config.h"
 #include "winbind_struct_protocol.h"
 
@@ -19,3 +46,5 @@ NSS_STATUS winbindd_priv_request_response(int req_type,
 
 #define winbind_on() \
 	(setenv(WINBINDD_DONT_ENV, "0", 1) == 0)
+
+#endif /* _NSSWITCH_WINBIND_CLIENT_H_ */
diff --git a/nsswitch/winbind_nss_config.h b/nsswitch/winbind_nss_config.h
index 3e2ce68252..e1ad3f6463 100644
--- a/nsswitch/winbind_nss_config.h
+++ b/nsswitch/winbind_nss_config.h
@@ -54,7 +54,13 @@
 #ifndef FSTRING_LEN
 #define FSTRING_LEN 256
 typedef char fstring[FSTRING_LEN];
-#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1)
+#ifndef fstrcpy
+#define fstrcpy(d,s) \
+do { \
+        const char *_fstrcpy_src = (const char *)(s); \
+        strlcpy((d),_fstrcpy_src ? _fstrcpy_src : "",sizeof(fstring)); \
+} while (0)
+#endif
 #endif
 
 /* Some systems (SCO) treat UNIX domain sockets as FIFOs */
diff --git a/nsswitch/wins.c b/nsswitch/wins.c
index e0aa2ad8f5..d63968b2bc 100644
--- a/nsswitch/wins.c
+++ b/nsswitch/wins.c
@@ -59,8 +59,10 @@ static void nss_wins_init(void)
 
 static struct in_addr *lookup_byname_backend(const char *name, int *count)
 {
-	struct ip_service *address = NULL;
+	TALLOC_CTX *frame = talloc_stackframe();
+	struct sockaddr_storage *address = NULL;
 	struct in_addr *ret = NULL;
+	NTSTATUS status;
 	int j;
 
 	if (!initialised) {
@@ -70,19 +72,21 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count)
 	*count = 0;
 
 	/* always try with wins first */
-	if (NT_STATUS_IS_OK(resolve_wins(name,0x00,&address,count))) {
+	status = resolve_wins(name, 0x00, talloc_tos(),
+			      &address, count);
+	if (NT_STATUS_IS_OK(status)) {
 		if ( (ret = SMB_MALLOC_P(struct in_addr)) == NULL ) {
-			free( address );
+			TALLOC_FREE(frame);
 			return NULL;
 		}
-		if (address[0].ss.ss_family != AF_INET) {
-			free(address);
+		if (address[0].ss_family != AF_INET) {
 			free(ret);
+			TALLOC_FREE(frame);
 			return NULL;
 		}
-		*ret = ((struct sockaddr_in *)(void *)&address[0].ss)
+		*ret = ((struct sockaddr_in *)(void *)address)
 			->sin_addr;
-		free( address );
+		TALLOC_FREE(frame);
 		return ret;
 	}
 
@@ -91,24 +95,23 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count)
 		const struct in_addr *bcast = iface_n_bcast_v4(j);
 		struct sockaddr_storage ss;
 		struct sockaddr_storage *pss;
-		NTSTATUS status;
 
 		if (!bcast) {
 			continue;
 		}
 		in_addr_to_sockaddr_storage(&ss, *bcast);
 		status = name_query(name, 0x00, True, True, &ss,
-				    NULL, &pss, count, NULL);
-		if (pss) {
+				    talloc_tos(), &pss, count, NULL);
+		if (NT_STATUS_IS_OK(status) && (*count > 0)) {
 			if ((ret = SMB_MALLOC_P(struct in_addr)) == NULL) {
+				TALLOC_FREE(frame);
 				return NULL;
 			}
 			*ret = ((struct sockaddr_in *)pss)->sin_addr;
-			TALLOC_FREE(pss);
 			break;
 		}
 	}
-
+	TALLOC_FREE(frame);
 	return ret;
 }
 
@@ -180,7 +183,7 @@ int lookup(nsd_file_t *rq)
 	 * response needs to be a string of the following format
 	 * ip_address[ ip_address]*\tname[ alias]*
 	 */
-	if (StrCaseCmp(map,"hosts.byaddr") == 0) {
+	if (strcasecmp_m(map,"hosts.byaddr") == 0) {
 		if ( status = lookup_byaddr_backend(key, &count)) {
 		    size = strlen(key) + 1;
 		    if (size > len) {
@@ -208,7 +211,7 @@ int lookup(nsd_file_t *rq)
 		    response[strlen(response)-1] = '\n';
 		    talloc_free(status);
 		}
-	} else if (StrCaseCmp(map,"hosts.byname") == 0) {
+	} else if (strcasecmp_m(map,"hosts.byname") == 0) {
 	    if (ip_list = lookup_byname_backend(key, &count)) {
 		for (i = count; i ; i--) {
 		    addr = inet_ntoa(ip_list[i-1]);
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 83b10a7969..47f6fbcc23 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -21,7 +21,7 @@ bld.SAMBA_LIBRARY('nss_winbind',
 	vnum='2')
 
 
-if bld.CONFIG_SET('WITH_PAM_MODULES') or bld.CONFIG_SET('HAVE_PAM_START'):
+if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
 	bld.SAMBA_LIBRARY('pamwinbind',
 		source='pam_winbind.c',
 		deps='intl talloc wbclient winbind-client LIBINIPARSER pam',