diff options
| author | Simo Sorce <idra@samba.org> | 2003-04-29 22:06:16 +0000 |
|---|---|---|
| committer | Simo Sorce <idra@samba.org> | 2003-04-29 22:06:16 +0000 |
| commit | a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b (patch) | |
| tree | 1d006dc489a2373fc3e55f78cc6ce34a4880b9aa /source3/pam_smbpass | |
| parent | 0db7c13f9210c0eac82050a2b9e37bd81bfffe10 (diff) | |
| download | samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.gz samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.tar.bz2 samba-a1eaa7d5e0f428359c0f661aeb2c313fa428ee0b.zip | |
This is a nice rewrite:
SAM_ACCOUNT does not have anymore uid and gid fields
all the code that used them has been fixed to use the proper idmap calls
fix to idmap_tdb for first time idmap.tdb initialization.
auth_serversupplied_info structure has now an uid and gid field
few other fixes to make the system behave correctly with idmap
tested only with tdbsam, but smbpasswd and nisplus should be ok
have not tested ldap !
(This used to be commit 6a6f6032467e55aa9b76390e035623976477ba42)
Diffstat (limited to 'source3/pam_smbpass')
| -rw-r--r-- | source3/pam_smbpass/pam_smb_passwd.c | 21 | ||||
| -rw-r--r-- | source3/pam_smbpass/support.c | 42 |
2 files changed, 35 insertions, 28 deletions
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c index 9e75efccf4..8fbef1fbf7 100644 --- a/source3/pam_smbpass/pam_smb_passwd.c +++ b/source3/pam_smbpass/pam_smb_passwd.c @@ -295,14 +295,21 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = smb_update_db(pamh, ctrl, user, pass_new); if (retval == PAM_SUCCESS) { + uid_t uid; + /* password updated */ - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)" - , user, pdb_get_uid(sampass), uidtoname( getuid() ) - , getuid() ); - } else { - _log_err( LOG_ERR, "password change failed for user %s" - , user ); - } + if (!sid_to_uid(sampass, &uid)) { + _log_err( LOG_NOTICE "Unable to get uid for user %s", + pdb_get_username(sampass)); + _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", + user, uidtoname(getuid()), getuid()); + } else { + _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", + user, uid, uidtoname(getuid()), getuid()); + } + } else { + _log_err( LOG_ERR, "password change failed for user %s", user); + } pass_old = pass_new = NULL; if (sampass) { diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c index 11de306d13..61d9c6a8ab 100644 --- a/source3/pam_smbpass/support.c +++ b/source3/pam_smbpass/support.c @@ -339,11 +339,8 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, const char *service; pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", + uidtoname(getuid()), service ? service : "**unknown**", name); return PAM_AUTH_ERR; } } @@ -378,6 +375,7 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); if (data_name != NULL) { + int type; struct _pam_failed_auth *new = NULL; const struct _pam_failed_auth *old = NULL; @@ -397,32 +395,34 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, retval = PAM_MAXTRIES; } } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s", + uidtoname(getuid()), + service ? service : "**unknown**", name); new->count = 1; } + if (!sid_to_uid(pdb_get_user_sid(sampass, &(new->id), &type))) { + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s", + uidtoname(getuid()), + service ? service : "**unknown**", name); + } new->user = smbpXstrDup( name ); - new->id = pdb_get_uid(sampass); new->agent = smbpXstrDup( uidtoname( getuid() ) ); pam_set_data( pamh, data_name, new, _cleanup_failures ); } else { _log_err( LOG_CRIT, "no memory for failure recorder" ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s(%d)", + uidtoname(getuid()), + service ? service : "**unknown**", name); } } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s(%d)", + uidtoname(getuid()), + service ? service : "**unknown**", name); retval = PAM_AUTH_ERR; } } |