diff options
author | Björn Jacke <bj@sernet.de> | 2009-05-26 15:40:21 +0200 |
---|---|---|
committer | Björn Jacke <bj@sernet.de> | 2009-05-26 16:23:11 +0200 |
commit | caeae66c5bb3a4a600b5c90be97d98a323d1dc2f (patch) | |
tree | fdff8e7b6a21b09ddb03865eb948cea3e5eafeb0 | |
parent | 6b7bd3757005286c528d3bb0c6790e0d8651eaaf (diff) | |
download | samba-caeae66c5bb3a4a600b5c90be97d98a323d1dc2f.tar.gz samba-caeae66c5bb3a4a600b5c90be97d98a323d1dc2f.tar.bz2 samba-caeae66c5bb3a4a600b5c90be97d98a323d1dc2f.zip |
s3:pam_smbpass: don't call openlog() or closelog() from pam_smbpass
Patch from Steve Langasek with tiny fixes by me to make it apply to master.
Also see Debian bug #434372 and bugzilla #4831.
Calling openlog() or closelog() inside a pam module is not good as these
functions are not stackable and no program won't re-do openlog() just because a
pam module might have called closelog().
-rw-r--r-- | source3/pam_smbpass/pam_smb_acct.c | 17 | ||||
-rw-r--r-- | source3/pam_smbpass/pam_smb_auth.c | 19 | ||||
-rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 40 | ||||
-rw-r--r-- | source3/pam_smbpass/support.c | 102 | ||||
-rw-r--r-- | source3/pam_smbpass/support.h | 6 |
5 files changed, 104 insertions, 80 deletions
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c index 2a8bd26597..9ad74788f0 100644 --- a/source3/pam_smbpass/pam_smb_acct.c +++ b/source3/pam_smbpass/pam_smb_acct.c @@ -58,26 +58,25 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, /* Samba initialization. */ load_case_tables(); - setup_logging( "pam_smbpass", False ); lp_set_in_client(True); - ctrl = set_ctrl( flags, argc, argv ); + ctrl = set_ctrl(pamh, flags, argc, argv ); /* get the username */ retval = pam_get_user( pamh, &name, "Username: " ); if (retval != PAM_SUCCESS) { if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "acct: could not identify user" ); + _log_err(pamh, LOG_DEBUG, "acct: could not identify user" ); } return retval; } if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); + _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name ); } if (geteuid() != 0) { - _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root."); + _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); return PAM_AUTHINFO_UNAVAIL; } @@ -85,7 +84,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, from a SIGPIPE it's not expecting */ oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); if (!initialize_password_db(True, NULL)) { - _log_err( LOG_ALERT, "Cannot access samba password database" ); + _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_AUTHINFO_UNAVAIL; } @@ -99,7 +98,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, } if (!pdb_getsampwnam(sampass, name )) { - _log_err( LOG_DEBUG, "acct: could not identify user" ); + _log_err(pamh, LOG_DEBUG, "acct: could not identify user"); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_USER_UNKNOWN; } @@ -112,8 +111,8 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags, if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG - , "acct: account %s is administratively disabled", name ); + _log_err(pamh, LOG_DEBUG, + "acct: account %s is administratively disabled", name); } make_remark( pamh, ctrl, PAM_ERROR_MSG , "Your account has been disabled; " diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c index b5a6a473b6..88ff9851f5 100644 --- a/source3/pam_smbpass/pam_smb_auth.c +++ b/source3/pam_smbpass/pam_smb_auth.c @@ -81,10 +81,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* Samba initialization. */ load_case_tables(); - setup_logging("pam_smbpass",False); lp_set_in_client(True); - ctrl = set_ctrl(flags, argc, argv); + ctrl = set_ctrl(pamh, flags, argc, argv); /* Get a few bytes so we can pass our return value to pam_sm_setcred(). */ @@ -99,29 +98,29 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, retval = pam_get_user( pamh, &name, "Username: " ); if ( retval != PAM_SUCCESS ) { if (on( SMB_DEBUG, ctrl )) { - _log_err(LOG_DEBUG, "auth: could not identify user"); + _log_err(pamh, LOG_DEBUG, "auth: could not identify user"); } AUTH_RETURN; } if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "username [%s] obtained", name ); + _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name ); } if (geteuid() != 0) { - _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root."); + _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); retval = PAM_AUTHINFO_UNAVAIL; AUTH_RETURN; } if (!initialize_password_db(True, NULL)) { - _log_err( LOG_ALERT, "Cannot access samba password database" ); + _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); retval = PAM_AUTHINFO_UNAVAIL; AUTH_RETURN; } sampass = samu_new( NULL ); if (!sampass) { - _log_err( LOG_ALERT, "Cannot talloc a samu struct" ); + _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct" ); retval = nt_status_to_pam(NT_STATUS_NO_MEMORY); AUTH_RETURN; } @@ -135,7 +134,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, } if (!found) { - _log_err(LOG_ALERT, "Failed to find entry for user %s.", name); + _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name); retval = PAM_USER_UNKNOWN; TALLOC_FREE(sampass); sampass = NULL; @@ -154,7 +153,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p); if (retval != PAM_SUCCESS ) { - _log_err(LOG_CRIT, "auth: no password provided for [%s]", name); + _log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name); TALLOC_FREE(sampass); AUTH_RETURN; } @@ -202,7 +201,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl, retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass ); if (retval != PAM_SUCCESS) { - _log_err( LOG_ALERT + _log_err(pamh, LOG_ALERT , "pam_get_item returned error to pam_sm_authenticate" ); return PAM_AUTHTOK_RECOVER_ERR; } else if (pass == NULL) { diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index dce6e01ae9..9504e4d53c 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -106,10 +106,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* Samba initialization. */ load_case_tables(); - setup_logging( "pam_smbpass", False ); lp_set_in_client(True); - ctrl = set_ctrl(flags, argc, argv); + ctrl = set_ctrl(pamh, flags, argc, argv); /* * First get the name of a user. No need to do anything if we can't @@ -119,16 +118,16 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = pam_get_user( pamh, &user, "Username: " ); if (retval != PAM_SUCCESS) { if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "password: could not identify user" ); + _log_err(pamh, LOG_DEBUG, "password: could not identify user"); } return retval; } if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "username [%s] obtained", user ); + _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user); } if (geteuid() != 0) { - _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root."); + _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); return PAM_AUTHINFO_UNAVAIL; } @@ -137,7 +136,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); if (!initialize_password_db(False, NULL)) { - _log_err( LOG_ALERT, "Cannot access samba password database" ); + _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_AUTHINFO_UNAVAIL; } @@ -149,12 +148,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } if (!pdb_getsampwnam(sampass,user)) { - _log_err( LOG_ALERT, "Failed to find entry for user %s.", user ); + _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_USER_UNKNOWN; } if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "Located account for %s", user ); + _log_err(pamh, LOG_DEBUG, "Located account for %s", user); } if (flags & PAM_PRELIM_CHECK) { @@ -180,7 +179,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, #define greeting "Changing password for " Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user)); if (Announce == NULL) { - _log_err(LOG_CRIT, "password: out of memory"); + _log_err(pamh, LOG_CRIT, "password: out of memory"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_BUF_ERR; @@ -195,8 +194,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, SAFE_FREE( Announce ); if (retval != PAM_SUCCESS) { - _log_err( LOG_NOTICE - , "password - (old) token not obtained" ); + _log_err(pamh, LOG_NOTICE, + "password - (old) token not obtained"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return retval; @@ -241,7 +240,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } if (retval != PAM_SUCCESS) { - _log_err( LOG_NOTICE, "password: user not authenticated" ); + _log_err(pamh, LOG_NOTICE, "password: user not authenticated"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return retval; @@ -266,8 +265,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval != PAM_SUCCESS) { if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_ALERT - , "password: new password not obtained" ); + _log_err(pamh, LOG_ALERT, + "password: new password not obtained"); } pass_old = NULL; /* tidy up */ TALLOC_FREE(sampass); @@ -288,7 +287,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new); if (retval != PAM_SUCCESS) { - _log_err(LOG_NOTICE, "new password not acceptable"); + _log_err(pamh, LOG_NOTICE, "new password not acceptable"); pass_new = pass_old = NULL; /* tidy up */ TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); @@ -308,16 +307,17 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* password updated */ if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) { - _log_err( LOG_NOTICE, "Unable to get uid for user %s", + _log_err(pamh, LOG_NOTICE, + "Unable to get uid for user %s", pdb_get_username(sampass)); - _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", + _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)", user, uidtoname(getuid()), getuid()); } else { - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", + _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", user, uid, uidtoname(getuid()), getuid()); } } else { - _log_err( LOG_ERR, "password change failed for user %s", user); + _log_err(pamh, LOG_ERR, "password change failed for user %s", user); } pass_old = pass_new = NULL; @@ -328,7 +328,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } else { /* something has broken with the library */ - _log_err( LOG_ALERT, "password received unknown request" ); + _log_err(pamh, LOG_ALERT, "password received unknown request"); retval = PAM_ABORT; } diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c index b6cf3a886d..855885a6d7 100644 --- a/source3/pam_smbpass/support.c +++ b/source3/pam_smbpass/support.c @@ -14,6 +14,7 @@ * this program; if not, see <http://www.gnu.org/licenses/>. */ +#include "config.h" #include "includes.h" #include "general.h" @@ -64,17 +65,42 @@ void _cleanup(pam_handle_t *, void *, int); char *_pam_delete(register char *); /* syslogging function for errors and other information */ +#ifdef HAVE_PAM_VSYSLOG +void _log_err( pam_handle_t *pamh, int err, const char *format, ... ) +{ + va_list args; -void _log_err( int err, const char *format, ... ) + va_start(args, format); + pam_vsyslog(pamh, err, format, args); + va_end(args); +} +#else +void _log_err( pam_handle_t *pamh, int err, const char *format, ... ) { - va_list args; + va_list args; + const char tag[] = "(pam_smbpass) "; + char *mod_format; + + mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format)); + /* try really, really hard to log something, since this may have + been a message about a malloc() failure... */ + if (mod_format == NULL) { + va_start(args, format); + vsyslog(err | LOG_AUTH, format, args); + va_end(args); + return; + } - va_start( args, format ); - openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH ); - vsyslog( err, format, args ); - va_end( args ); - closelog(); + strncpy(mod_format, tag, strlen(tag)+1); + strncat(mod_format, format, strlen(format)); + + va_start(args, format); + vsyslog(err | LOG_AUTH, mod_format, args); + va_end(args); + + free(mod_format); } +#endif /* this is a front-end for module-application conversations */ @@ -92,11 +118,11 @@ int converse( pam_handle_t * pamh, int ctrl, int nargs ,response, conv->appdata_ptr); if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) { - _log_err(LOG_DEBUG, "conversation failure [%s]" + _log_err(pamh, LOG_DEBUG, "conversation failure [%s]" ,pam_strerror(pamh, retval)); } } else { - _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" + _log_err(pamh, LOG_ERR, "couldn't obtain coversation function [%s]" ,pam_strerror(pamh, retval)); } @@ -123,7 +149,7 @@ int make_remark( pam_handle_t * pamh, unsigned int ctrl /* set the control flags for the SMB module. */ -int set_ctrl( int flags, int argc, const char **argv ) +int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv ) { int i = 0; const char *service_file = NULL; @@ -165,7 +191,7 @@ int set_ctrl( int flags, int argc, const char **argv ) /* Read some options from the Samba config. Can be overridden by the PAM config. */ if(lp_load(service_file,True,False,False,True) == False) { - _log_err( LOG_ERR, "Error loading service file %s", service_file ); + _log_err(pamh, LOG_ERR, "Error loading service file %s", service_file); } secrets_init(); @@ -188,7 +214,7 @@ int set_ctrl( int flags, int argc, const char **argv ) } if (j >= SMB_CTRLS_) { - _log_err( LOG_ERR, "unrecognized option [%s]", *argv ); + _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv); } else { ctrl &= smb_args[j].mask; /* for turning things off */ ctrl |= smb_args[j].flag; /* for turning things on */ @@ -227,7 +253,7 @@ void _cleanup( pam_handle_t * pamh, void *x, int error_status ) * evidence of old token around for later stack analysis. * */ -char * smbpXstrDup( const char *x ) +char * smbpXstrDup( pam_handle_t *pamh, const char *x ) { register char *newstr = NULL; @@ -237,7 +263,7 @@ char * smbpXstrDup( const char *x ) for (i = 0; x[i]; ++i); /* length of string */ if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) { i = 0; - _log_err( LOG_CRIT, "out of memory in smbpXstrDup" ); + _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup"); } else { while (i-- > 0) { newstr[i] = x[i]; @@ -279,7 +305,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err ) /* log the number of authentication failures */ if (failure->count != 0) { _pam_get_item( pamh, PAM_SERVICE, &service ); - _log_err( LOG_NOTICE + _log_err(pamh, LOG_NOTICE , "%d authentication %s " "from %s for service %s as %s(%d)" , failure->count @@ -288,7 +314,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err ) , service == NULL ? "**unknown**" : service , failure->user, failure->id ); if (failure->count > SMB_MAX_RETRIES) { - _log_err( LOG_ALERT + _log_err(pamh, LOG_ALERT , "service(%s) ignoring max retries; %d > %d" , service == NULL ? "**unknown**" : service , failure->count @@ -324,8 +350,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, if (!pdb_get_nt_passwd(sampass)) { - _log_err( LOG_DEBUG, "user %s has null SMB password" - , name ); + _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name); if (off( SMB__NONULL, ctrl ) && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) @@ -335,7 +360,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, const char *service; _pam_get_item( pamh, PAM_SERVICE, &service ); - _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", + _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s", uidtoname(getuid()), service ? service : "**unknown**", name); return PAM_AUTH_ERR; } @@ -343,7 +368,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name )); if (data_name == NULL) { - _log_err( LOG_CRIT, "no memory for data-name" ); + _log_err(pamh, LOG_CRIT, "no memory for data-name" ); return PAM_AUTH_ERR; } strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) ); @@ -390,31 +415,31 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, retval = PAM_MAXTRIES; } } else { - _log_err(LOG_NOTICE, + _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s", uidtoname(getuid()), service ? service : "**unknown**", name); newauth->count = 1; } if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) { - _log_err(LOG_NOTICE, + _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s", uidtoname(getuid()), service ? service : "**unknown**", name); } - newauth->user = smbpXstrDup( name ); - newauth->agent = smbpXstrDup( uidtoname( getuid() ) ); + newauth->user = smbpXstrDup( pamh, name ); + newauth->agent = smbpXstrDup( pamh, uidtoname( getuid() ) ); pam_set_data( pamh, data_name, newauth, _cleanup_failures ); } else { - _log_err( LOG_CRIT, "no memory for failure recorder" ); - _log_err(LOG_NOTICE, + _log_err(pamh, LOG_CRIT, "no memory for failure recorder" ); + _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s(%d)", uidtoname(getuid()), service ? service : "**unknown**", name); } } - _log_err(LOG_NOTICE, + _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s(%d)", uidtoname(getuid()), service ? service : "**unknown**", name); @@ -422,7 +447,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass, } _pam_delete( data_name ); - + return retval; } @@ -490,8 +515,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, retval = _pam_get_item( pamh, authtok_flag, &item ); if (retval != PAM_SUCCESS) { /* very strange. */ - _log_err( LOG_ALERT - , "pam_get_item returned error to smb_read_password" ); + _log_err(pamh, LOG_ALERT, + "pam_get_item returned error to smb_read_password"); return retval; } else if (item != NULL) { /* we have a password! */ *pass = item; @@ -543,7 +568,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, if (retval == PAM_SUCCESS) { /* a good conversation */ - token = smbpXstrDup(resp[j++].resp); + token = smbpXstrDup(pamh, resp[j++].resp); if (token != NULL) { if (expect == 2) { /* verify that password entered correctly */ @@ -555,7 +580,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, } } } else { - _log_err(LOG_NOTICE, "could not recover authentication token"); + _log_err(pamh, LOG_NOTICE, + "could not recover authentication token"); } } @@ -568,7 +594,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, if (retval != PAM_SUCCESS) { if (on( SMB_DEBUG, ctrl )) - _log_err( LOG_DEBUG, "unable to obtain a password" ); + _log_err(pamh, LOG_DEBUG, "unable to obtain a password"); return retval; } /* 'token' is the entered password */ @@ -583,7 +609,7 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, || (retval = _pam_get_item( pamh, authtok_flag ,&item )) != PAM_SUCCESS) { - _log_err( LOG_CRIT, "error manipulating password" ); + _log_err(pamh, LOG_CRIT, "error manipulating password"); return retval; } } else { @@ -597,8 +623,8 @@ int _smb_read_password( pam_handle_t * pamh, unsigned int ctrl, || (retval = _pam_get_data( pamh, data_name, &item )) != PAM_SUCCESS) { - _log_err( LOG_CRIT, "error manipulating password data [%s]" - , pam_strerror( pamh, retval )); + _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]", + pam_strerror( pamh, retval )); _pam_delete( token ); item = NULL; return retval; @@ -622,8 +648,8 @@ int _pam_smb_approve_pass(pam_handle_t * pamh, if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new ))) { if (on(SMB_DEBUG, ctrl)) { - _log_err( LOG_DEBUG, - "passwd: bad authentication token (null or unchanged)" ); + _log_err(pamh, LOG_DEBUG, + "passwd: bad authentication token (null or unchanged)"); } make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? "No password supplied" : "Password unchanged" ); diff --git a/source3/pam_smbpass/support.h b/source3/pam_smbpass/support.h index 87f1690a60..7ee77042d7 100644 --- a/source3/pam_smbpass/support.h +++ b/source3/pam_smbpass/support.h @@ -1,8 +1,8 @@ /* syslogging function for errors and other information */ -extern void _log_err(int, const char *, ...); +extern void _log_err(pam_handle_t *, int, const char *, ...); /* set the control flags for the UNIX module. */ -extern int set_ctrl(int, int, const char **); +extern int set_ctrl(pam_handle_t *, int, int, const char **); /* generic function for freeing pam data segments */ extern void _cleanup(pam_handle_t *, void *, int); @@ -12,7 +12,7 @@ extern void _cleanup(pam_handle_t *, void *, int); * evidence of old token around for later stack analysis. */ -extern char *smbpXstrDup(const char *); +extern char *smbpXstrDup(pam_handle_t *,const char *); /* ************************************************************** * * Useful non-trivial functions * |