summaryrefslogtreecommitdiff
path: root/source3/pam_smbpass
diff options
context:
space:
mode:
Diffstat (limited to 'source3/pam_smbpass')
-rw-r--r--source3/pam_smbpass/pam_smb_passwd.c21
-rw-r--r--source3/pam_smbpass/support.c42
2 files changed, 34 insertions, 29 deletions
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index 9e75efccf4..78b89c60b7 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -295,14 +295,21 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = smb_update_db(pamh, ctrl, user, pass_new);
if (retval == PAM_SUCCESS) {
+ uid_t uid;
+
/* password updated */
- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)"
- , user, pdb_get_uid(sampass), uidtoname( getuid() )
- , getuid() );
- } else {
- _log_err( LOG_ERR, "password change failed for user %s"
- , user );
- }
+ if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid))) {
+ _log_err( LOG_NOTICE, "Unable to get uid for user %s",
+ pdb_get_username(sampass));
+ _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+ user, uidtoname(getuid()), getuid());
+ } else {
+ _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+ user, uid, uidtoname(getuid()), getuid());
+ }
+ } else {
+ _log_err( LOG_ERR, "password change failed for user %s", user);
+ }
pass_old = pass_new = NULL;
if (sampass) {
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 11de306d13..62cc866fae 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -308,7 +308,6 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
const char *p, unsigned int ctrl )
{
- uchar hash_pass[16];
uchar lm_pw[16];
uchar nt_pw[16];
int retval = PAM_AUTH_ERR;
@@ -339,11 +338,8 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
const char *service;
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()), service ? service : "**unknown**", name);
return PAM_AUTH_ERR;
}
}
@@ -397,32 +393,34 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
retval = PAM_MAXTRIES;
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
new->count = 1;
}
+ if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &(new->id)))) {
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
+ }
new->user = smbpXstrDup( name );
- new->id = pdb_get_uid(sampass);
new->agent = smbpXstrDup( uidtoname( getuid() ) );
pam_set_data( pamh, data_name, new, _cleanup_failures );
} else {
_log_err( LOG_CRIT, "no memory for failure recorder" );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
retval = PAM_AUTH_ERR;
}
}
generated by cgit (git 2.34.1) at 2024-07-08 08:26:28 +0000