diff options
author | Björn Jacke <bj@sernet.de> | 2009-05-26 15:40:21 +0200 |
---|---|---|
committer | Björn Jacke <bj@sernet.de> | 2009-05-26 16:23:11 +0200 |
commit | caeae66c5bb3a4a600b5c90be97d98a323d1dc2f (patch) | |
tree | fdff8e7b6a21b09ddb03865eb948cea3e5eafeb0 /source3/pam_smbpass/pam_smb_passwd.c | |
parent | 6b7bd3757005286c528d3bb0c6790e0d8651eaaf (diff) | |
download | samba-caeae66c5bb3a4a600b5c90be97d98a323d1dc2f.tar.gz samba-caeae66c5bb3a4a600b5c90be97d98a323d1dc2f.tar.bz2 samba-caeae66c5bb3a4a600b5c90be97d98a323d1dc2f.zip |
s3:pam_smbpass: don't call openlog() or closelog() from pam_smbpass
Patch from Steve Langasek with tiny fixes by me to make it apply to master.
Also see Debian bug #434372 and bugzilla #4831.
Calling openlog() or closelog() inside a pam module is not good as these
functions are not stackable and no program won't re-do openlog() just because a
pam module might have called closelog().
Diffstat (limited to 'source3/pam_smbpass/pam_smb_passwd.c')
-rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 40 |
1 files changed, 20 insertions, 20 deletions
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index dce6e01ae9..9504e4d53c 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -106,10 +106,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* Samba initialization. */ load_case_tables(); - setup_logging( "pam_smbpass", False ); lp_set_in_client(True); - ctrl = set_ctrl(flags, argc, argv); + ctrl = set_ctrl(pamh, flags, argc, argv); /* * First get the name of a user. No need to do anything if we can't @@ -119,16 +118,16 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = pam_get_user( pamh, &user, "Username: " ); if (retval != PAM_SUCCESS) { if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "password: could not identify user" ); + _log_err(pamh, LOG_DEBUG, "password: could not identify user"); } return retval; } if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "username [%s] obtained", user ); + _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user); } if (geteuid() != 0) { - _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root."); + _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root."); return PAM_AUTHINFO_UNAVAIL; } @@ -137,7 +136,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); if (!initialize_password_db(False, NULL)) { - _log_err( LOG_ALERT, "Cannot access samba password database" ); + _log_err(pamh, LOG_ALERT, "Cannot access samba password database" ); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_AUTHINFO_UNAVAIL; } @@ -149,12 +148,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } if (!pdb_getsampwnam(sampass,user)) { - _log_err( LOG_ALERT, "Failed to find entry for user %s.", user ); + _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_USER_UNKNOWN; } if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_DEBUG, "Located account for %s", user ); + _log_err(pamh, LOG_DEBUG, "Located account for %s", user); } if (flags & PAM_PRELIM_CHECK) { @@ -180,7 +179,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, #define greeting "Changing password for " Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user)); if (Announce == NULL) { - _log_err(LOG_CRIT, "password: out of memory"); + _log_err(pamh, LOG_CRIT, "password: out of memory"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return PAM_BUF_ERR; @@ -195,8 +194,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, SAFE_FREE( Announce ); if (retval != PAM_SUCCESS) { - _log_err( LOG_NOTICE - , "password - (old) token not obtained" ); + _log_err(pamh, LOG_NOTICE, + "password - (old) token not obtained"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return retval; @@ -241,7 +240,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } if (retval != PAM_SUCCESS) { - _log_err( LOG_NOTICE, "password: user not authenticated" ); + _log_err(pamh, LOG_NOTICE, "password: user not authenticated"); TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); return retval; @@ -266,8 +265,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, if (retval != PAM_SUCCESS) { if (on( SMB_DEBUG, ctrl )) { - _log_err( LOG_ALERT - , "password: new password not obtained" ); + _log_err(pamh, LOG_ALERT, + "password: new password not obtained"); } pass_old = NULL; /* tidy up */ TALLOC_FREE(sampass); @@ -288,7 +287,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new); if (retval != PAM_SUCCESS) { - _log_err(LOG_NOTICE, "new password not acceptable"); + _log_err(pamh, LOG_NOTICE, "new password not acceptable"); pass_new = pass_old = NULL; /* tidy up */ TALLOC_FREE(sampass); CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); @@ -308,16 +307,17 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, /* password updated */ if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) { - _log_err( LOG_NOTICE, "Unable to get uid for user %s", + _log_err(pamh, LOG_NOTICE, + "Unable to get uid for user %s", pdb_get_username(sampass)); - _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", + _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)", user, uidtoname(getuid()), getuid()); } else { - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", + _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", user, uid, uidtoname(getuid()), getuid()); } } else { - _log_err( LOG_ERR, "password change failed for user %s", user); + _log_err(pamh, LOG_ERR, "password change failed for user %s", user); } pass_old = pass_new = NULL; @@ -328,7 +328,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, } else { /* something has broken with the library */ - _log_err( LOG_ALERT, "password received unknown request" ); + _log_err(pamh, LOG_ALERT, "password received unknown request"); retval = PAM_ABORT; } |