]>
Commit | Line | Data |
---|---|---|
59721e2d JR |
1 | Goal: Don't call openlog() or closelog() from pam_smbpass |
2 | ||
3 | Fixes: bug #434372 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434372) | |
4 | ||
5 | Upstream status: submitted as bugzilla bug #4831 | |
6 | ||
7 | Index: samba-3.0.25c/source/pam_smbpass/support.c | |
8 | =================================================================== | |
9 | --- samba-3.0.25c.orig/source/pam_smbpass/support.c 2007-08-26 12:07:14.098417404 +0200 | |
10 | +++ samba-3.0.25c/source/pam_smbpass/support.c 2007-08-26 13:09:09.419359938 +0200 | |
11 | @@ -15,6 +15,7 @@ | |
12 | * Mass Ave, Cambridge, MA 02139, USA. | |
13 | */ | |
14 | ||
15 | + #include "config.h" | |
16 | #include "includes.h" | |
17 | #include "general.h" | |
18 | ||
19 | @@ -66,19 +67,44 @@ | |
20 | ||
21 | char *servicesf = dyn_CONFIGFILE; | |
22 | ||
23 | - /* syslogging function for errors and other information */ | |
24 | - | |
25 | - void _log_err( int err, const char *format, ... ) | |
26 | - { | |
27 | - va_list args; | |
28 | +/* syslogging function for errors and other information */ | |
29 | +#ifdef HAVE_PAM_VSYSLOG | |
30 | +void _log_err( pam_handle_t *pamh, int err, const char *format, ... ) | |
31 | +{ | |
32 | + va_list args; | |
33 | ||
34 | - va_start( args, format ); | |
35 | - openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH ); | |
36 | - vsyslog( err, format, args ); | |
37 | - va_end( args ); | |
38 | - closelog(); | |
39 | + va_start(args, format); | |
40 | + pam_vsyslog(pamh, err, format, args); | |
41 | + va_end(args); | |
42 | +} | |
43 | +#else | |
44 | +void _log_err( pam_handle_t *pamh, int err, const char *format, ... ) | |
45 | +{ | |
46 | + va_list args; | |
47 | + const char tag[] = "(pam_smbpass) "; | |
48 | + char *mod_format; | |
49 | + | |
50 | + mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format)); | |
51 | + /* try really, really hard to log something, since this may have | |
52 | + been a message about a malloc() failure... */ | |
53 | + if (mod_format == NULL) { | |
54 | + va_start(args, format); | |
55 | + vsyslog(err | LOG_AUTH, format, args); | |
56 | + va_end(args); | |
57 | + return; | |
58 | } | |
59 | ||
60 | + strncpy(mod_format, tag, strlen(tag)+1); | |
61 | + strncat(mod_format, format, strlen(format)); | |
62 | + | |
63 | + va_start(args, format); | |
64 | + vsyslog(err | LOG_AUTH, mod_format, args); | |
65 | + va_end(args); | |
66 | + | |
67 | + free(mod_format); | |
68 | +} | |
69 | +#endif | |
70 | + | |
71 | /* this is a front-end for module-application conversations */ | |
72 | ||
73 | int converse( pam_handle_t * pamh, int ctrl, int nargs | |
74 | @@ -95,12 +121,14 @@ | |
75 | ,response, conv->appdata_ptr); | |
76 | ||
77 | if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) { | |
78 | - _log_err(LOG_DEBUG, "conversation failure [%s]" | |
79 | - ,pam_strerror(pamh, retval)); | |
80 | + _log_err(pamh, LOG_DEBUG, | |
81 | + "conversation failure [%s]", | |
82 | + pam_strerror(pamh, retval)); | |
83 | } | |
84 | } else { | |
85 | - _log_err(LOG_ERR, "couldn't obtain coversation function [%s]" | |
86 | - ,pam_strerror(pamh, retval)); | |
87 | + _log_err(pamh, LOG_ERR, | |
88 | + "couldn't obtain coversation function [%s]", | |
89 | + pam_strerror(pamh, retval)); | |
90 | } | |
91 | ||
92 | return retval; /* propagate error status */ | |
93 | @@ -126,7 +154,7 @@ | |
94 | ||
95 | /* set the control flags for the SMB module. */ | |
96 | ||
97 | -int set_ctrl( int flags, int argc, const char **argv ) | |
98 | +int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv ) | |
99 | { | |
100 | int i = 0; | |
101 | const char *service_file = dyn_CONFIGFILE; | |
102 | @@ -168,7 +196,7 @@ | |
103 | /* Read some options from the Samba config. Can be overridden by | |
104 | the PAM config. */ | |
105 | if(lp_load(service_file,True,False,False,True) == False) { | |
106 | - _log_err( LOG_ERR, "Error loading service file %s", service_file ); | |
107 | + _log_err(pamh, LOG_ERR, "Error loading service file %s", service_file); | |
108 | } | |
109 | ||
110 | secrets_init(); | |
111 | @@ -191,7 +219,7 @@ | |
112 | } | |
113 | ||
114 | if (j >= SMB_CTRLS_) { | |
115 | - _log_err( LOG_ERR, "unrecognized option [%s]", *argv ); | |
116 | + _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv); | |
117 | } else { | |
118 | ctrl &= smb_args[j].mask; /* for turning things off */ | |
119 | ctrl |= smb_args[j].flag; /* for turning things on */ | |
120 | @@ -230,7 +258,7 @@ | |
121 | * evidence of old token around for later stack analysis. | |
122 | * | |
123 | */ | |
124 | -char * smbpXstrDup( const char *x ) | |
125 | +char * smbpXstrDup( pam_handle_t *pamh, const char *x ) | |
126 | { | |
127 | register char *newstr = NULL; | |
128 | ||
129 | @@ -240,7 +268,7 @@ | |
130 | for (i = 0; x[i]; ++i); /* length of string */ | |
131 | if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) { | |
132 | i = 0; | |
133 | - _log_err( LOG_CRIT, "out of memory in smbpXstrDup" ); | |
134 | + _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup"); | |
135 | } else { | |
136 | while (i-- > 0) { | |
137 | newstr[i] = x[i]; | |
138 | @@ -282,7 +310,7 @@ | |
139 | /* log the number of authentication failures */ | |
140 | if (failure->count != 0) { | |
141 | pam_get_item( pamh, PAM_SERVICE, (const void **) &service ); | |
142 | - _log_err( LOG_NOTICE | |
143 | + _log_err(pamh, LOG_NOTICE | |
144 | , "%d authentication %s " | |
145 | "from %s for service %s as %s(%d)" | |
146 | , failure->count | |
147 | @@ -291,7 +319,7 @@ | |
148 | , service == NULL ? "**unknown**" : service | |
149 | , failure->user, failure->id ); | |
150 | if (failure->count > SMB_MAX_RETRIES) { | |
151 | - _log_err( LOG_ALERT | |
152 | + _log_err(pamh, LOG_ALERT | |
153 | , "service(%s) ignoring max retries; %d > %d" | |
154 | , service == NULL ? "**unknown**" : service | |
155 | , failure->count | |
156 | @@ -327,8 +355,7 @@ | |
157 | ||
158 | if (!pdb_get_lanman_passwd(sampass)) | |
159 | { | |
160 | - _log_err( LOG_DEBUG, "user %s has null SMB password" | |
161 | - , name ); | |
162 | + _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name); | |
163 | ||
164 | if (off( SMB__NONULL, ctrl ) | |
165 | && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ)) | |
166 | @@ -338,15 +365,16 @@ | |
167 | const char *service; | |
168 | ||
169 | pam_get_item( pamh, PAM_SERVICE, (const void **)&service ); | |
170 | - _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s", | |
171 | - uidtoname(getuid()), service ? service : "**unknown**", name); | |
172 | + _log_err(pamh, LOG_NOTICE, | |
173 | + "failed auth request by %s for service %s as %s", | |
174 | + uidtoname(getuid()), service ? service : "**unknown**", name); | |
175 | return PAM_AUTH_ERR; | |
176 | } | |
177 | } | |
178 | ||
179 | data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name )); | |
180 | if (data_name == NULL) { | |
181 | - _log_err( LOG_CRIT, "no memory for data-name" ); | |
182 | + _log_err(pamh, LOG_CRIT, "no memory for data-name"); | |
183 | } | |
184 | strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) ); | |
185 | strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 ); | |
186 | @@ -392,31 +420,31 @@ | |
187 | retval = PAM_MAXTRIES; | |
188 | } | |
189 | } else { | |
190 | - _log_err(LOG_NOTICE, | |
191 | + _log_err(pamh, LOG_NOTICE, | |
192 | "failed auth request by %s for service %s as %s", | |
193 | uidtoname(getuid()), | |
194 | service ? service : "**unknown**", name); | |
195 | newauth->count = 1; | |
196 | } | |
197 | if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) { | |
198 | - _log_err(LOG_NOTICE, | |
199 | + _log_err(pamh, LOG_NOTICE, | |
200 | "failed auth request by %s for service %s as %s", | |
201 | uidtoname(getuid()), | |
202 | service ? service : "**unknown**", name); | |
203 | } | |
204 | - newauth->user = smbpXstrDup( name ); | |
205 | - newauth->agent = smbpXstrDup( uidtoname( getuid() ) ); | |
206 | + newauth->user = smbpXstrDup(pamh, name); | |
207 | + newauth->agent = smbpXstrDup(pamh, uidtoname( getuid() )); | |
208 | pam_set_data( pamh, data_name, newauth, _cleanup_failures ); | |
209 | ||
210 | } else { | |
211 | - _log_err( LOG_CRIT, "no memory for failure recorder" ); | |
212 | - _log_err(LOG_NOTICE, | |
213 | + _log_err(pamh, LOG_CRIT, "no memory for failure recorder"); | |
214 | + _log_err(pamh, LOG_NOTICE, | |
215 | "failed auth request by %s for service %s as %s(%d)", | |
216 | uidtoname(getuid()), | |
217 | service ? service : "**unknown**", name); | |
218 | } | |
219 | } else { | |
220 | - _log_err(LOG_NOTICE, | |
221 | + _log_err(pamh, LOG_NOTICE, | |
222 | "failed auth request by %s for service %s as %s(%d)", | |
223 | uidtoname(getuid()), | |
224 | service ? service : "**unknown**", name); | |
225 | @@ -490,8 +518,8 @@ | |
226 | retval = pam_get_item( pamh, authtok_flag, (const void **) &item ); | |
227 | if (retval != PAM_SUCCESS) { | |
228 | /* very strange. */ | |
229 | - _log_err( LOG_ALERT | |
230 | - , "pam_get_item returned error to smb_read_password" ); | |
231 | + _log_err(pamh, LOG_ALERT, | |
232 | + "pam_get_item returned error to smb_read_password"); | |
233 | return retval; | |
234 | } else if (item != NULL) { /* we have a password! */ | |
235 | *pass = item; | |
236 | @@ -543,7 +571,7 @@ | |
237 | ||
238 | if (retval == PAM_SUCCESS) { /* a good conversation */ | |
239 | ||
240 | - token = smbpXstrDup(resp[j++].resp); | |
241 | + token = smbpXstrDup(pamh, resp[j++].resp); | |
242 | if (token != NULL) { | |
243 | if (expect == 2) { | |
244 | /* verify that password entered correctly */ | |
245 | @@ -555,7 +583,8 @@ | |
246 | } | |
247 | } | |
248 | } else { | |
249 | - _log_err(LOG_NOTICE, "could not recover authentication token"); | |
250 | + _log_err(pamh, LOG_NOTICE, | |
251 | + "could not recover authentication token"); | |
252 | } | |
253 | } | |
254 | ||
255 | @@ -568,7 +597,7 @@ | |
256 | ||
257 | if (retval != PAM_SUCCESS) { | |
258 | if (on( SMB_DEBUG, ctrl )) | |
259 | - _log_err( LOG_DEBUG, "unable to obtain a password" ); | |
260 | + _log_err(pamh, LOG_DEBUG, "unable to obtain a password"); | |
261 | return retval; | |
262 | } | |
263 | /* 'token' is the entered password */ | |
264 | @@ -583,7 +612,7 @@ | |
265 | || (retval = pam_get_item( pamh, authtok_flag | |
266 | ,(const void **)&item )) != PAM_SUCCESS) | |
267 | { | |
268 | - _log_err( LOG_CRIT, "error manipulating password" ); | |
269 | + _log_err(pamh, LOG_CRIT, "error manipulating password"); | |
270 | return retval; | |
271 | } | |
272 | } else { | |
273 | @@ -597,8 +626,8 @@ | |
274 | || (retval = pam_get_data( pamh, data_name, (const void **)&item )) | |
275 | != PAM_SUCCESS) | |
276 | { | |
277 | - _log_err( LOG_CRIT, "error manipulating password data [%s]" | |
278 | - , pam_strerror( pamh, retval )); | |
279 | + _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]", | |
280 | + pam_strerror( pamh, retval )); | |
281 | _pam_delete( token ); | |
282 | item = NULL; | |
283 | return retval; | |
284 | @@ -622,8 +651,8 @@ | |
285 | if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new ))) | |
286 | { | |
287 | if (on(SMB_DEBUG, ctrl)) { | |
288 | - _log_err( LOG_DEBUG, | |
289 | - "passwd: bad authentication token (null or unchanged)" ); | |
290 | + _log_err(pamh, LOG_DEBUG, | |
291 | + "passwd: bad authentication token (null or unchanged)"); | |
292 | } | |
293 | make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ? | |
294 | "No password supplied" : "Password unchanged" ); | |
295 | Index: samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c | |
296 | =================================================================== | |
297 | --- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_auth.c 2007-08-26 12:07:14.098417404 +0200 | |
298 | +++ samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c 2007-08-26 13:09:09.419359938 +0200 | |
299 | @@ -75,10 +75,9 @@ | |
300 | ||
301 | /* Samba initialization. */ | |
302 | load_case_tables(); | |
303 | - setup_logging("pam_smbpass",False); | |
304 | in_client = True; | |
305 | ||
306 | - ctrl = set_ctrl(flags, argc, argv); | |
307 | + ctrl = set_ctrl(pamh, flags, argc, argv); | |
308 | ||
309 | /* Get a few bytes so we can pass our return value to | |
310 | pam_sm_setcred(). */ | |
311 | @@ -93,23 +92,23 @@ | |
312 | retval = pam_get_user( pamh, &name, "Username: " ); | |
313 | if ( retval != PAM_SUCCESS ) { | |
314 | if (on( SMB_DEBUG, ctrl )) { | |
315 | - _log_err(LOG_DEBUG, "auth: could not identify user"); | |
316 | + _log_err(pamh, LOG_DEBUG, "auth: could not identify user"); | |
317 | } | |
318 | AUTH_RETURN; | |
319 | } | |
320 | if (on( SMB_DEBUG, ctrl )) { | |
321 | - _log_err( LOG_DEBUG, "username [%s] obtained", name ); | |
322 | + _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name); | |
323 | } | |
324 | ||
325 | if (!initialize_password_db(True)) { | |
326 | - _log_err( LOG_ALERT, "Cannot access samba password database" ); | |
327 | + _log_err(pamh, LOG_ALERT, "Cannot access samba password database"); | |
328 | retval = PAM_AUTHINFO_UNAVAIL; | |
329 | AUTH_RETURN; | |
330 | } | |
331 | ||
332 | sampass = samu_new( NULL ); | |
333 | if (!sampass) { | |
334 | - _log_err( LOG_ALERT, "Cannot talloc a samu struct" ); | |
335 | + _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct"); | |
336 | retval = nt_status_to_pam(NT_STATUS_NO_MEMORY); | |
337 | AUTH_RETURN; | |
338 | } | |
339 | @@ -123,7 +122,7 @@ | |
340 | } | |
341 | ||
342 | if (!found) { | |
343 | - _log_err(LOG_ALERT, "Failed to find entry for user %s.", name); | |
344 | + _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name); | |
345 | retval = PAM_USER_UNKNOWN; | |
346 | TALLOC_FREE(sampass); | |
347 | sampass = NULL; | |
348 | @@ -142,7 +141,7 @@ | |
349 | ||
350 | retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p); | |
351 | if (retval != PAM_SUCCESS ) { | |
352 | - _log_err(LOG_CRIT, "auth: no password provided for [%s]", name); | |
353 | + _log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name); | |
354 | TALLOC_FREE(sampass); | |
355 | AUTH_RETURN; | |
356 | } | |
357 | @@ -194,8 +193,8 @@ | |
358 | retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass ); | |
359 | ||
360 | if (retval != PAM_SUCCESS) { | |
361 | - _log_err( LOG_ALERT | |
362 | - , "pam_get_item returned error to pam_sm_authenticate" ); | |
363 | + _log_err(pamh, LOG_ALERT, | |
364 | + "pam_get_item returned error to pam_sm_authenticate"); | |
365 | return PAM_AUTHTOK_RECOVER_ERR; | |
366 | } else if (pass == NULL) { | |
367 | return PAM_AUTHTOK_RECOVER_ERR; | |
368 | Index: samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c | |
369 | =================================================================== | |
370 | --- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_acct.c 2007-08-26 12:07:14.098417404 +0200 | |
371 | +++ samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c 2007-08-26 13:09:09.419359938 +0200 | |
372 | @@ -52,29 +52,28 @@ | |
373 | ||
374 | /* Samba initialization. */ | |
375 | load_case_tables(); | |
376 | - setup_logging( "pam_smbpass", False ); | |
377 | in_client = True; | |
378 | ||
379 | - ctrl = set_ctrl( flags, argc, argv ); | |
380 | + ctrl = set_ctrl(pamh, flags, argc, argv); | |
381 | ||
382 | /* get the username */ | |
383 | ||
384 | retval = pam_get_user( pamh, &name, "Username: " ); | |
385 | if (retval != PAM_SUCCESS) { | |
386 | if (on( SMB_DEBUG, ctrl )) { | |
387 | - _log_err( LOG_DEBUG, "acct: could not identify user" ); | |
388 | + _log_err(pamh, LOG_DEBUG, "acct: could not identify user"); | |
389 | } | |
390 | return retval; | |
391 | } | |
392 | if (on( SMB_DEBUG, ctrl )) { | |
393 | - _log_err( LOG_DEBUG, "acct: username [%s] obtained", name ); | |
394 | + _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name); | |
395 | } | |
396 | ||
397 | /* Getting into places that might use LDAP -- protect the app | |
398 | from a SIGPIPE it's not expecting */ | |
399 | oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); | |
400 | if (!initialize_password_db(True)) { | |
401 | - _log_err( LOG_ALERT, "Cannot access samba password database" ); | |
402 | + _log_err(pamh, LOG_ALERT, "Cannot access samba password database"); | |
403 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
404 | return PAM_AUTHINFO_UNAVAIL; | |
405 | } | |
406 | @@ -88,7 +87,7 @@ | |
407 | } | |
408 | ||
409 | if (!pdb_getsampwnam(sampass, name )) { | |
410 | - _log_err( LOG_DEBUG, "acct: could not identify user" ); | |
411 | + _log_err(pamh, LOG_DEBUG, "acct: could not identify user"); | |
412 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
413 | return PAM_USER_UNKNOWN; | |
414 | } | |
415 | @@ -101,8 +100,8 @@ | |
416 | ||
417 | if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) { | |
418 | if (on( SMB_DEBUG, ctrl )) { | |
419 | - _log_err( LOG_DEBUG | |
420 | - , "acct: account %s is administratively disabled", name ); | |
421 | + _log_err(pamh, LOG_DEBUG, | |
422 | + "acct: account %s is administratively disabled", name); | |
423 | } | |
424 | make_remark( pamh, ctrl, PAM_ERROR_MSG | |
425 | , "Your account has been disabled; " | |
426 | Index: samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c | |
427 | =================================================================== | |
428 | --- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_passwd.c 2007-08-26 12:07:14.098417404 +0200 | |
429 | +++ samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c 2007-08-26 13:09:09.419359938 +0200 | |
430 | @@ -104,10 +104,9 @@ | |
431 | ||
432 | /* Samba initialization. */ | |
433 | load_case_tables(); | |
434 | - setup_logging( "pam_smbpass", False ); | |
435 | in_client = True; | |
436 | ||
437 | - ctrl = set_ctrl(flags, argc, argv); | |
438 | + ctrl = set_ctrl(pamh, flags, argc, argv); | |
439 | ||
440 | /* | |
441 | * First get the name of a user. No need to do anything if we can't | |
442 | @@ -117,12 +116,12 @@ | |
443 | retval = pam_get_user( pamh, &user, "Username: " ); | |
444 | if (retval != PAM_SUCCESS) { | |
445 | if (on( SMB_DEBUG, ctrl )) { | |
446 | - _log_err( LOG_DEBUG, "password: could not identify user" ); | |
447 | + _log_err(pamh, LOG_DEBUG, "password: could not identify user"); | |
448 | } | |
449 | return retval; | |
450 | } | |
451 | if (on( SMB_DEBUG, ctrl )) { | |
452 | - _log_err( LOG_DEBUG, "username [%s] obtained", user ); | |
453 | + _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user); | |
454 | } | |
455 | ||
456 | /* Getting into places that might use LDAP -- protect the app | |
457 | @@ -130,7 +129,7 @@ | |
458 | oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN); | |
459 | ||
460 | if (!initialize_password_db(False)) { | |
461 | - _log_err( LOG_ALERT, "Cannot access samba password database" ); | |
462 | + _log_err(pamh, LOG_ALERT, "Cannot access samba password database"); | |
463 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
464 | return PAM_AUTHINFO_UNAVAIL; | |
465 | } | |
466 | @@ -142,12 +141,12 @@ | |
467 | } | |
468 | ||
469 | if (!pdb_getsampwnam(sampass,user)) { | |
470 | - _log_err( LOG_ALERT, "Failed to find entry for user %s.", user ); | |
471 | + _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user); | |
472 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
473 | return PAM_USER_UNKNOWN; | |
474 | } | |
475 | if (on( SMB_DEBUG, ctrl )) { | |
476 | - _log_err( LOG_DEBUG, "Located account for %s", user ); | |
477 | + _log_err(pamh, LOG_DEBUG, "Located account for %s", user); | |
478 | } | |
479 | ||
480 | if (flags & PAM_PRELIM_CHECK) { | |
481 | @@ -173,7 +172,7 @@ | |
482 | #define greeting "Changing password for " | |
483 | Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user)); | |
484 | if (Announce == NULL) { | |
485 | - _log_err(LOG_CRIT, "password: out of memory"); | |
486 | + _log_err(pamh, LOG_CRIT, "password: out of memory"); | |
487 | TALLOC_FREE(sampass); | |
488 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
489 | return PAM_BUF_ERR; | |
490 | @@ -188,8 +187,8 @@ | |
491 | SAFE_FREE( Announce ); | |
492 | ||
493 | if (retval != PAM_SUCCESS) { | |
494 | - _log_err( LOG_NOTICE | |
495 | - , "password - (old) token not obtained" ); | |
496 | + _log_err(pamh, LOG_NOTICE, | |
497 | + "password - (old) token not obtained"); | |
498 | TALLOC_FREE(sampass); | |
499 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
500 | return retval; | |
501 | @@ -234,7 +233,7 @@ | |
502 | } | |
503 | ||
504 | if (retval != PAM_SUCCESS) { | |
505 | - _log_err( LOG_NOTICE, "password: user not authenticated" ); | |
506 | + _log_err(pamh, LOG_NOTICE, "password: user not authenticated"); | |
507 | TALLOC_FREE(sampass); | |
508 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
509 | return retval; | |
510 | @@ -259,8 +258,8 @@ | |
511 | ||
512 | if (retval != PAM_SUCCESS) { | |
513 | if (on( SMB_DEBUG, ctrl )) { | |
514 | - _log_err( LOG_ALERT | |
515 | - , "password: new password not obtained" ); | |
516 | + _log_err(pamh, LOG_ALERT, | |
517 | + "password: new password not obtained"); | |
518 | } | |
519 | pass_old = NULL; /* tidy up */ | |
520 | TALLOC_FREE(sampass); | |
521 | @@ -281,7 +280,7 @@ | |
522 | retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new); | |
523 | ||
524 | if (retval != PAM_SUCCESS) { | |
525 | - _log_err(LOG_NOTICE, "new password not acceptable"); | |
526 | + _log_err(pamh, LOG_NOTICE, "new password not acceptable"); | |
527 | pass_new = pass_old = NULL; /* tidy up */ | |
528 | TALLOC_FREE(sampass); | |
529 | CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler); | |
530 | @@ -301,16 +300,17 @@ | |
531 | ||
532 | /* password updated */ | |
533 | if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) { | |
534 | - _log_err( LOG_NOTICE, "Unable to get uid for user %s", | |
535 | + _log_err(pamh, LOG_NOTICE, | |
536 | + "Unable to get uid for user %s", | |
537 | pdb_get_username(sampass)); | |
538 | - _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)", | |
539 | + _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)", | |
540 | user, uidtoname(getuid()), getuid()); | |
541 | } else { | |
542 | - _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", | |
543 | + _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)", | |
544 | user, uid, uidtoname(getuid()), getuid()); | |
545 | } | |
546 | } else { | |
547 | - _log_err( LOG_ERR, "password change failed for user %s", user); | |
548 | + _log_err(pamh, LOG_ERR, "password change failed for user %s", user); | |
549 | } | |
550 | ||
551 | pass_old = pass_new = NULL; | |
552 | @@ -321,7 +321,7 @@ | |
553 | ||
554 | } else { /* something has broken with the library */ | |
555 | ||
556 | - _log_err( LOG_ALERT, "password received unknown request" ); | |
557 | + _log_err(pamh, LOG_ALERT, "password received unknown request"); | |
558 | retval = PAM_ABORT; | |
559 | ||
560 | } | |
561 | Index: samba-3.0.25c/source/pam_smbpass/support.h | |
562 | =================================================================== | |
563 | --- samba-3.0.25c.orig/source/pam_smbpass/support.h 2007-08-26 12:07:14.098417404 +0200 | |
564 | +++ samba-3.0.25c/source/pam_smbpass/support.h 2007-08-26 13:09:09.419359938 +0200 | |
565 | @@ -1,8 +1,8 @@ | |
566 | /* syslogging function for errors and other information */ | |
567 | -extern void _log_err(int, const char *, ...); | |
568 | +extern void _log_err(pam_handle_t *, int, const char *, ...); | |
569 | ||
570 | /* set the control flags for the UNIX module. */ | |
571 | -extern int set_ctrl(int, int, const char **); | |
572 | +extern int set_ctrl(pam_handle_t *, int, int, const char **); | |
573 | ||
574 | /* generic function for freeing pam data segments */ | |
575 | extern void _cleanup(pam_handle_t *, void *, int); | |
576 | @@ -12,7 +12,7 @@ | |
577 | * evidence of old token around for later stack analysis. | |
578 | */ | |
579 | ||
580 | -extern char *smbpXstrDup(const char *); | |
581 | +extern char *smbpXstrDup(pam_handle_t *,const char *); | |
582 | ||
583 | /* ************************************************************** * | |
584 | * Useful non-trivial functions * |