diff options
author | Simo Sorce <idra@samba.org> | 2003-05-12 18:12:31 +0000 |
---|---|---|
committer | Simo Sorce <idra@samba.org> | 2003-05-12 18:12:31 +0000 |
commit | 0e58085978f984436815114a2ec347cf7899a89d (patch) | |
tree | 3afeaf87a43542c5cdb5da929113b4ea37abdf44 /source/pam_smbpass | |
parent | f59bcb51cfe4e268ba43245d401d212aefdf2b72 (diff) | |
download | samba-0e58085978f984436815114a2ec347cf7899a89d.tar.gz samba-0e58085978f984436815114a2ec347cf7899a89d.tar.xz samba-0e58085978f984436815114a2ec347cf7899a89d.zip |
And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
Diffstat (limited to 'source/pam_smbpass')
-rw-r--r-- | source/pam_smbpass/pam_smb_passwd.c | 21 | ||||
-rw-r--r-- | source/pam_smbpass/support.c | 42 |
2 files changed, 34 insertions, 29 deletions
diff --git a/source/pam_smbpass/pam_smb_passwd.c b/source/pam_smbpass/pam_smb_passwd.c index 9e75efccf4d..78b89c60b76 100644 --- a/source/pam_smbpass/pam_smb_passwd.c +++ b/source/pam_smbpass/pam_smb_passwd.c @@ -295,14 +295,21 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags, retval = smb_update_db(pamh, ctrl, user, pass_new); if (retval == PAM_SUCCESS) { + uid_t uid; + /* password updated */ - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)" - , user, pdb_get_uid(sampass), uidtoname( getuid() ) - , getuid() ); - } else { - _log_err( LOG_ERR, "password change failed for user %s" - , user ); - } + if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &uid))) { + _log_err( LOG_NOTICE, "Unable to get uid for user %s", + pdb_get_username(sampass)); + _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", + user, uidtoname(getuid()), getuid()); + } else { + _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", + user, uid, uidtoname(getuid()), getuid()); + } + } else { + _log_err( LOG_ERR, "password change failed for user %s", user); + } pass_old = pass_new = NULL; if (sampass) { diff --git a/source/pam_smbpass/support.c b/source/pam_smbpass/support.c index 11de306d134..62cc866fae0 100644 --- a/source/pam_smbpass/support.c +++ b/source/pam_smbpass/support.c @@ -308,7 +308,6 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err ) int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, const char *p, unsigned int ctrl ) { - uchar hash_pass[16]; uchar lm_pw[16]; uchar nt_pw[16]; int retval = PAM_AUTH_ERR; @@ -339,11 +338,8 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, const char *service; pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", + uidtoname(getuid()), service ? service : "**unknown**", name); return PAM_AUTH_ERR; } } @@ -397,32 +393,34 @@ int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass, retval = PAM_MAXTRIES; } } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s", + uidtoname(getuid()), + service ? service : "**unknown**", name); new->count = 1; } + if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass), &(new->id)))) { + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s", + uidtoname(getuid()), + service ? service : "**unknown**", name); + } new->user = smbpXstrDup( name ); - new->id = pdb_get_uid(sampass); new->agent = smbpXstrDup( uidtoname( getuid() ) ); pam_set_data( pamh, data_name, new, _cleanup_failures ); } else { _log_err( LOG_CRIT, "no memory for failure recorder" ); - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s(%d)", + uidtoname(getuid()), + service ? service : "**unknown**", name); } } else { - _log_err( LOG_NOTICE - , "failed auth request by %s for service %s as %s(%d)" - , uidtoname( getuid() ) - , service ? service : "**unknown**", name - , pdb_get_uid(sampass) ); + _log_err(LOG_NOTICE, + "failed auth request by %s for service %s as %s(%d)", + uidtoname(getuid()), + service ? service : "**unknown**", name); retval = PAM_AUTH_ERR; } } |