diff options
author | Andrew Bartlett <abartlet@samba.org> | 2002-10-26 02:20:59 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2002-10-26 02:20:59 +0000 |
commit | 35ac9d287f000c27dc864789b341bebe7acb4c74 (patch) | |
tree | a05b4998fbbe9e0063bd616630458f75a022285e | |
parent | 0e7938ab5dc666d83a490210d35fee03f6483e49 (diff) | |
download | samba-35ac9d287f000c27dc864789b341bebe7acb4c74.tar.gz samba-35ac9d287f000c27dc864789b341bebe7acb4c74.tar.bz2 samba-35ac9d287f000c27dc864789b341bebe7acb4c74.zip |
Try to catch up on the code I've put into HEAD that should be in 3.0:
- vorlan's hosts allow with DNS names patch
- use x_fileno() in debug.c, not the struct directly.
- check for server timeout on password change (was reporting success)
- better error/status loggin in both the pam_winbind client and winbindd_pam
server code.
- (pdb_ldap) don't set the ldap version twice - we do it on every bind anyway.
(This used to be commit 9fa1863d8e7788eda83911ca2610754486b33069)
-rw-r--r-- | source3/lib/access.c | 6 | ||||
-rw-r--r-- | source3/lib/debug.c | 2 | ||||
-rw-r--r-- | source3/lib/util_sock.c | 6 | ||||
-rw-r--r-- | source3/libsmb/clirap.c | 12 | ||||
-rw-r--r-- | source3/nsswitch/pam_winbind.c | 56 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 7 | ||||
-rw-r--r-- | source3/passdb/pdb_ldap.c | 7 | ||||
-rw-r--r-- | source3/web/cgi.c | 2 |
8 files changed, 60 insertions, 38 deletions
diff --git a/source3/lib/access.c b/source3/lib/access.c index 4e524735e4..a39bc6df76 100644 --- a/source3/lib/access.c +++ b/source3/lib/access.c @@ -316,20 +316,20 @@ BOOL check_access(int sock, char **allow_list, char **deny_list) else { DEBUG (3, ("check_access: hostnames in host allow/deny list.\n")); - ret = allow_access(deny_list,allow_list, get_socket_name(sock), + ret = allow_access(deny_list,allow_list, get_socket_name(sock,True), get_socket_addr(sock)); } if (ret) { DEBUG(2,("Allowed connection from %s (%s)\n", - only_ip ? "" : get_socket_name(sock), + only_ip ? "" : get_socket_name(sock,True), get_socket_addr(sock))); } else { DEBUG(0,("Denied connection from %s (%s)\n", - only_ip ? "" : get_socket_name(sock), + only_ip ? "" : get_socket_name(sock,True), get_socket_addr(sock))); } } diff --git a/source3/lib/debug.c b/source3/lib/debug.c index f4f3ee2f9f..483db71b85 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -603,7 +603,7 @@ BOOL reopen_logs( void ) (void)umask(oldumask); /* Take over stderr to catch ouput into logs */ - if (dbf && sys_dup2(dbf->fd, 2) == -1) { + if (dbf && sys_dup2(x_fileno(dbf), 2) == -1) { close_low_fds(True); /* Close stderr too, if dup2 can't point it at the logfile */ } diff --git a/source3/lib/util_sock.c b/source3/lib/util_sock.c index fc2abf976f..04c20f6596 100644 --- a/source3/lib/util_sock.c +++ b/source3/lib/util_sock.c @@ -832,7 +832,7 @@ void client_setfd(int fd) char *client_name(void) { - return get_socket_name(client_fd); + return get_socket_name(client_fd,False); } char *client_addr(void) @@ -890,7 +890,7 @@ static BOOL matchname(char *remotehost,struct in_addr addr) /******************************************************************* return the DNS name of the remote end of a socket ******************************************************************/ -char *get_socket_name(int fd) +char *get_socket_name(int fd, BOOL force_lookup) { static pstring name_buf; static fstring addr_buf; @@ -902,7 +902,7 @@ char *get_socket_name(int fd) situations won't work because many networks don't link dhcp with dns. To avoid the delay we avoid the lookup if possible */ - if (!lp_hostname_lookups()) { + if (!lp_hostname_lookups() && (force_lookup == False)) { return get_socket_addr(fd); } diff --git a/source3/libsmb/clirap.c b/source3/libsmb/clirap.c index 2064e14954..b4924fd773 100644 --- a/source3/libsmb/clirap.c +++ b/source3/libsmb/clirap.c @@ -343,13 +343,17 @@ BOOL cli_oem_change_password(struct cli_state *cli, const char *user, const char return False; } - if (cli_receive_trans(cli,SMBtrans, + if (!cli_receive_trans(cli,SMBtrans, &rparam, &rprcnt, &rdata, &rdrcnt)) { - if (rparam) - cli->rap_error = SVAL(rparam,0); + DEBUG(0,("cli_oem_change_password: Failed to recieve reply to password change for user %s\n", + user )); + return False; } - + + if (rparam) + cli->rap_error = SVAL(rparam,0); + SAFE_FREE(rparam); SAFE_FREE(rdata); diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index f95caefb4c..7d0353664f 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -134,22 +134,15 @@ static int pam_winbind_request(enum winbindd_cmd req_type, return PAM_SUCCESS; } -/* talk to winbindd */ -static int winbind_auth_request(const char *user, const char *pass, int ctrl) +static int pam_winbind_request_log(enum winbindd_cmd req_type, + struct winbindd_request *request, + struct winbindd_response *response, + int ctrl, + const char *user) { - struct winbindd_request request; - struct winbindd_response response; int retval; - ZERO_STRUCT(request); - - strncpy(request.data.auth.user, user, - sizeof(request.data.auth.user)-1); - - strncpy(request.data.auth.pass, pass, - sizeof(request.data.auth.pass)-1); - - retval = pam_winbind_request(WINBINDD_PAM_AUTH, &request, &response); + retval = pam_winbind_request(req_type, request, response); switch (retval) { case PAM_AUTH_ERR: @@ -178,8 +171,16 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl) } return retval; case PAM_SUCCESS: - /* Otherwise, the authentication looked good */ - _pam_log(LOG_NOTICE, "user '%s' granted acces", user); + if (req_type == WINBINDD_PAM_AUTH) { + /* Otherwise, the authentication looked good */ + _pam_log(LOG_NOTICE, "user '%s' granted acces", user); + } else if (req_type == WINBINDD_PAM_CHAUTHTOK) { + /* Otherwise, the authentication looked good */ + _pam_log(LOG_NOTICE, "user '%s' password changed", user); + } else { + /* Otherwise, the authentication looked good */ + _pam_log(LOG_NOTICE, "user '%s' OK", user); + } return retval; default: /* we don't know anything about this return value */ @@ -187,12 +188,29 @@ static int winbind_auth_request(const char *user, const char *pass, int ctrl) retval, user); return retval; } - /* should not be reached */ +} + +/* talk to winbindd */ +static int winbind_auth_request(const char *user, const char *pass, int ctrl) +{ + struct winbindd_request request; + struct winbindd_response response; + + ZERO_STRUCT(request); + + strncpy(request.data.auth.user, user, + sizeof(request.data.auth.user)-1); + + strncpy(request.data.auth.pass, pass, + sizeof(request.data.auth.pass)-1); + + + return pam_winbind_request_log(WINBINDD_PAM_AUTH, &request, &response, ctrl, user); } /* talk to winbindd */ static int winbind_chauthtok_request(const char *user, const char *oldpass, - const char *newpass) + const char *newpass, int ctrl) { struct winbindd_request request; struct winbindd_response response; @@ -218,7 +236,7 @@ static int winbind_chauthtok_request(const char *user, const char *oldpass, request.data.chauthtok.newpass[0] = '\0'; } - return pam_winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response); + return pam_winbind_request_log(WINBINDD_PAM_CHAUTHTOK, &request, &response, ctrl, user); } /* @@ -665,7 +683,7 @@ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * rebuild the password database file. */ - retval = winbind_chauthtok_request(user, pass_old, pass_new); + retval = winbind_chauthtok_request(user, pass_old, pass_new, ctrl); _pam_overwrite(pass_new); _pam_overwrite(pass_old); pass_old = pass_new = NULL; diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index 3e7a8ad971..969cf272a3 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -354,5 +354,12 @@ done: fstrcpy(state->response.data.auth.error_string, nt_errstr(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); + DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, + ("Password change for user [%s]\\[%s] returned %s (PAM: %d)\n", + domain, + user, + state->response.data.auth.nt_status_string, + state->response.data.auth.pam_error)); + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c index a10e6f2989..2121c335a0 100644 --- a/source3/passdb/pdb_ldap.c +++ b/source3/passdb/pdb_ldap.c @@ -1420,13 +1420,6 @@ static NTSTATUS ldapsam_modify_entry(LDAP *ldap_struct,SAM_ACCOUNT *newpwd,char char *retoid; struct berval *retdata; - if (ldap_get_option(ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version) == LDAP_OPT_SUCCESS) { - if (version != LDAP_VERSION3) { - version = LDAP_VERSION3; - ldap_set_option (ldap_struct, LDAP_OPT_PROTOCOL_VERSION, &version); - } - } - if ((ber = ber_alloc_t(LBER_USE_DER))==NULL) { DEBUG(0,("ber_alloc_t returns NULL\n")); return ret; diff --git a/source3/web/cgi.c b/source3/web/cgi.c index 684086f61e..c9cb78f6f1 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -636,7 +636,7 @@ return the hostname of the client char *cgi_remote_host(void) { if (inetd_server) { - return get_socket_name(1); + return get_socket_name(1,False); } return getenv("REMOTE_HOST"); } |