summaryrefslogtreecommitdiff
path: root/source3/pam_smbpass
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2003-04-29 22:06:16 +0000
committerSimo Sorce <idra@samba.org>2003-04-29 22:06:16 +0000
commita1eaa7d5e0f428359c0f661aeb2c313fa428ee0b (patch)
tree1d006dc489a2373fc3e55f78cc6ce34a4880b9aa /source3/pam_smbpass
parent0db7c13f9210c0eac82050a2b9e37bd81bfffe10 (diff)
downloadsamba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.gz
samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.bz2
samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.zip
This is a nice rewrite:
SAM_ACCOUNT does not have anymore uid and gid fields all the code that used them has been fixed to use the proper idmap calls fix to idmap_tdb for first time idmap.tdb initialization. auth_serversupplied_info structure has now an uid and gid field few other fixes to make the system behave correctly with idmap tested only with tdbsam, but smbpasswd and nisplus should be ok have not tested ldap ! (This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
Diffstat (limited to 'source3/pam_smbpass')
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c21
-rw-r--r--source3/pam_smbpass/support.c42
2 files changed, 35 insertions, 28 deletions
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 9e75efccf4..8fbef1fbf7 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -295,14 +295,21 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = smb_update_db(pamh, ctrl, user, pass_new);
if (retval == PAM_SUCCESS) {
+ uid_t uid;
+
/* password updated */
- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)"
- , user, pdb_get_uid(sampass), uidtoname( getuid() )
- , getuid() );
- } else {
- _log_err( LOG_ERR, "password change failed for user %s"
- , user );
- }
+ if (!sid_to_uid(sampass, &uid)) {
+ _log_err( LOG_NOTICE "Unable to get uid for user %s",
+ pdb_get_username(sampass));
+ _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+ user, uidtoname(getuid()), getuid());
+ } else {
+ _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+ user, uid, uidtoname(getuid()), getuid());
+ }
+ } else {
+ _log_err( LOG_ERR, "password change failed for user %s", user);
+ }
pass_old = pass_new = NULL;
if (sampass) {
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 11de306d13..61d9c6a8ab 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -339,11 +339,8 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
const char *service;
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()), service ? service : "**unknown**", name);
return PAM_AUTH_ERR;
}
}
@@ -378,6 +375,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
if (data_name != NULL) {
+ int type;
struct _pam_failed_auth *new = NULL;
const struct _pam_failed_auth *old = NULL;
@@ -397,32 +395,34 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
retval = PAM_MAXTRIES;
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
new->count = 1;
}
+ if (!sid_to_uid(pdb_get_user_sid(sampass, &(new->id), &type))) {
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
+ }
new->user = smbpXstrDup( name );
- new->id = pdb_get_uid(sampass);
new->agent = smbpXstrDup( uidtoname( getuid() ) );
pam_set_data( pamh, data_name, new, _cleanup_failures );
} else {
_log_err( LOG_CRIT, "no memory for failure recorder" );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
retval = PAM_AUTH_ERR;
}
}