[packages/samba.git] / samba-pam_smbpass-syslog.patch

Goal: Don't call openlog() or closelog() from pam_smbpass

Fixes: bug #434372 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434372)

Upstream status: submitted as bugzilla bug #4831

Index: samba-3.0.25c/source/pam_smbpass/support.c
===================================================================
--- samba-3.0.25c.orig/source/pam_smbpass/support.c	2007-08-26 12:07:14.098417404 +0200
+++ samba-3.0.25c/source/pam_smbpass/support.c	2007-08-26 13:09:09.419359938 +0200
@@ -15,6 +15,7 @@
 	 * Mass Ave, Cambridge, MA 02139, USA.
 	 */
 
+	#include "config.h"
 	#include "includes.h"
 	#include "general.h"
 
@@ -66,19 +67,44 @@
 
 	char *servicesf = dyn_CONFIGFILE;
 
-	/* syslogging function for errors and other information */
-
-	void _log_err( int err, const char *format, ... )
-	{
-	    va_list args;
+/* syslogging function for errors and other information */
+#ifdef HAVE_PAM_VSYSLOG
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
+{
+	va_list args;
 
-	    va_start( args, format );
-	    openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
-	    vsyslog( err, format, args );
-	    va_end( args );
-	    closelog();
+	va_start(args, format);
+	pam_vsyslog(pamh, err, format, args);
+	va_end(args);
+}
+#else
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
+{
+	va_list args;
+	const char tag[] = "(pam_smbpass) ";
+	char *mod_format;
+
+	mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format));
+	/* try really, really hard to log something, since this may have
+	   been a message about a malloc() failure... */
+	if (mod_format == NULL) {
+		va_start(args, format);
+		vsyslog(err | LOG_AUTH, format, args);
+		va_end(args);
+		return;
 	}
 
+	strncpy(mod_format, tag, strlen(tag)+1);
+	strncat(mod_format, format, strlen(format));
+
+	va_start(args, format);
+	vsyslog(err | LOG_AUTH, mod_format, args);
+	va_end(args);
+
+	free(mod_format);
+}
+#endif
+
 	/* this is a front-end for module-application conversations */
 
 	int converse( pam_handle_t * pamh, int ctrl, int nargs
@@ -95,12 +121,14 @@
 								,response, conv->appdata_ptr);
 
 			if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
-				_log_err(LOG_DEBUG, "conversation failure [%s]"
-						 ,pam_strerror(pamh, retval));
+				_log_err(pamh, LOG_DEBUG,
+				         "conversation failure [%s]",
+				         pam_strerror(pamh, retval));
 			}
 		} else {
-			_log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
-					 ,pam_strerror(pamh, retval));
+			_log_err(pamh, LOG_ERR,
+			         "couldn't obtain coversation function [%s]",
+			         pam_strerror(pamh, retval));
 		}
 
 		return retval;				/* propagate error status */
@@ -126,7 +154,7 @@
 
 	/* set the control flags for the SMB module. */
 
-int set_ctrl( int flags, int argc, const char **argv )
+int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv )
 {
     int i = 0;
     const char *service_file = dyn_CONFIGFILE;
@@ -168,7 +196,7 @@
     /* Read some options from the Samba config. Can be overridden by
        the PAM config. */
     if(lp_load(service_file,True,False,False,True) == False) {
-	_log_err( LOG_ERR, "Error loading service file %s", service_file );
+	_log_err(pamh, LOG_ERR, "Error loading service file %s", service_file);
     }
 
     secrets_init();
@@ -191,7 +219,7 @@
         }
 
         if (j >= SMB_CTRLS_) {
-            _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
+            _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv);
         } else {
             ctrl &= smb_args[j].mask;	/* for turning things off */
             ctrl |= smb_args[j].flag;	/* for turning things on  */
@@ -230,7 +258,7 @@
  * evidence of old token around for later stack analysis.
  *
  */
-char * smbpXstrDup( const char *x )
+char * smbpXstrDup( pam_handle_t *pamh, const char *x )
 {
     register char *newstr = NULL;
 
@@ -240,7 +268,7 @@
         for (i = 0; x[i]; ++i); /* length of string */
         if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
             i = 0;
-            _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
+            _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup");
         } else {
             while (i-- > 0) {
                 newstr[i] = x[i];
@@ -282,7 +310,7 @@
             /* log the number of authentication failures */
             if (failure->count != 0) {
                 pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
-                _log_err( LOG_NOTICE
+                _log_err(pamh, LOG_NOTICE
                           , "%d authentication %s "
                             "from %s for service %s as %s(%d)"
                           , failure->count
@@ -291,7 +319,7 @@
                           , service == NULL ? "**unknown**" : service 
                           , failure->user, failure->id );
                 if (failure->count > SMB_MAX_RETRIES) {
-                    _log_err( LOG_ALERT
+                    _log_err(pamh, LOG_ALERT
                               , "service(%s) ignoring max retries; %d > %d"
                               , service == NULL ? "**unknown**" : service
                               , failure->count
@@ -327,8 +355,7 @@
 
     if (!pdb_get_lanman_passwd(sampass))
     {
-        _log_err( LOG_DEBUG, "user %s has null SMB password"
-                  , name );
+        _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name);
 
         if (off( SMB__NONULL, ctrl )
             && (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
@@ -338,15 +365,16 @@
             const char *service;
 
             pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
-            _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
-                      uidtoname(getuid()), service ? service : "**unknown**", name);
+            _log_err(pamh, LOG_NOTICE,
+	             "failed auth request by %s for service %s as %s",
+                     uidtoname(getuid()), service ? service : "**unknown**", name);
             return PAM_AUTH_ERR;
         }
     }
 
     data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
     if (data_name == NULL) {
-        _log_err( LOG_CRIT, "no memory for data-name" );
+        _log_err(pamh, LOG_CRIT, "no memory for data-name");
     }
     strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
     strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
@@ -392,31 +420,31 @@
                         retval = PAM_MAXTRIES;
                     }
                 } else {
-                    _log_err(LOG_NOTICE,
+                    _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
                     newauth->count = 1;
                 }
 		if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) {
-                    _log_err(LOG_NOTICE,
+                    _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
 		}		
-                newauth->user = smbpXstrDup( name );
-                newauth->agent = smbpXstrDup( uidtoname( getuid() ) );
+                newauth->user = smbpXstrDup(pamh, name);
+                newauth->agent = smbpXstrDup(pamh, uidtoname( getuid() ));
                 pam_set_data( pamh, data_name, newauth, _cleanup_failures );
 
             } else {
-                _log_err( LOG_CRIT, "no memory for failure recorder" );
-                _log_err(LOG_NOTICE,
+                _log_err(pamh, LOG_CRIT, "no memory for failure recorder");
+                _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s(%d)",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
             }
         } else {
-            _log_err(LOG_NOTICE,
+            _log_err(pamh, LOG_NOTICE,
                       "failed auth request by %s for service %s as %s(%d)",
                       uidtoname(getuid()),
                       service ? service : "**unknown**", name);
@@ -490,8 +518,8 @@
         retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
         if (retval != PAM_SUCCESS) {
             /* very strange. */
-            _log_err( LOG_ALERT
-                      , "pam_get_item returned error to smb_read_password" );
+            _log_err(pamh, LOG_ALERT,
+                     "pam_get_item returned error to smb_read_password");
             return retval;
         } else if (item != NULL) {	/* we have a password! */
             *pass = item;
@@ -543,7 +571,7 @@
 
         if (retval == PAM_SUCCESS) {	/* a good conversation */
 
-            token = smbpXstrDup(resp[j++].resp);
+            token = smbpXstrDup(pamh, resp[j++].resp);
             if (token != NULL) {
                 if (expect == 2) {
                     /* verify that password entered correctly */
@@ -555,7 +583,8 @@
                     }
                 }
             } else {
-                _log_err(LOG_NOTICE, "could not recover authentication token");
+                _log_err(pamh, LOG_NOTICE,
+		         "could not recover authentication token");
             }
         }
 
@@ -568,7 +597,7 @@
 
     if (retval != PAM_SUCCESS) {
         if (on( SMB_DEBUG, ctrl ))
-            _log_err( LOG_DEBUG, "unable to obtain a password" );
+            _log_err(pamh, LOG_DEBUG, "unable to obtain a password");
         return retval;
     }
     /* 'token' is the entered password */
@@ -583,7 +612,7 @@
             || (retval = pam_get_item( pamh, authtok_flag
                             ,(const void **)&item )) != PAM_SUCCESS)
         {
-            _log_err( LOG_CRIT, "error manipulating password" );
+            _log_err(pamh, LOG_CRIT, "error manipulating password");
             return retval;
         }
     } else {
@@ -597,8 +626,8 @@
             || (retval = pam_get_data( pamh, data_name, (const void **)&item ))
                              != PAM_SUCCESS)
         {
-            _log_err( LOG_CRIT, "error manipulating password data [%s]"
-                      , pam_strerror( pamh, retval ));
+            _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]",
+                     pam_strerror( pamh, retval ));
             _pam_delete( token );
             item = NULL;
             return retval;
@@ -622,8 +651,8 @@
     if (pass_new == NULL || (pass_old && !strcmp( pass_old, pass_new )))
     {
 	if (on(SMB_DEBUG, ctrl)) {
-	    _log_err( LOG_DEBUG,
-	              "passwd: bad authentication token (null or unchanged)" );
+	    _log_err(pamh, LOG_DEBUG,
+	             "passwd: bad authentication token (null or unchanged)");
 	}
 	make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
 				"No password supplied" : "Password unchanged" );
Index: samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c
===================================================================
--- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_auth.c	2007-08-26 12:07:14.098417404 +0200
+++ samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c	2007-08-26 13:09:09.419359938 +0200
@@ -75,10 +75,9 @@
 
 	/* Samba initialization. */
 	load_case_tables();
-	setup_logging("pam_smbpass",False);
 	in_client = True;
 
-	ctrl = set_ctrl(flags, argc, argv);
+	ctrl = set_ctrl(pamh, flags, argc, argv);
 
 	/* Get a few bytes so we can pass our return value to
 		pam_sm_setcred(). */
@@ -93,23 +92,23 @@
 	retval = pam_get_user( pamh, &name, "Username: " );
 	if ( retval != PAM_SUCCESS ) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err(LOG_DEBUG, "auth: could not identify user");
+			_log_err(pamh, LOG_DEBUG, "auth: could not identify user");
 		}
 		AUTH_RETURN;
 	}
 	if (on( SMB_DEBUG, ctrl )) {
-		_log_err( LOG_DEBUG, "username [%s] obtained", name );
+		_log_err(pamh, LOG_DEBUG, "username [%s] obtained", name);
 	}
 
 	if (!initialize_password_db(True)) {
-		_log_err( LOG_ALERT, "Cannot access samba password database" );
+		_log_err(pamh, LOG_ALERT, "Cannot access samba password database");
 		retval = PAM_AUTHINFO_UNAVAIL;
 		AUTH_RETURN;
 	}
 
 	sampass = samu_new( NULL );
     	if (!sampass) {
-		_log_err( LOG_ALERT, "Cannot talloc a samu struct" );
+		_log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct");
 		retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
 		AUTH_RETURN;
 	}
@@ -123,7 +122,7 @@
 	}
 
 	if (!found) {
-		_log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
+		_log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name);
 		retval = PAM_USER_UNKNOWN;
 		TALLOC_FREE(sampass);
 		sampass = NULL;
@@ -142,7 +141,7 @@
 
 	retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
 	if (retval != PAM_SUCCESS ) {
-		_log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
+		_log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name);
 		TALLOC_FREE(sampass);
 		AUTH_RETURN;
 	}
@@ -194,8 +193,8 @@
     retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
 
     if (retval != PAM_SUCCESS) {
-	_log_err( LOG_ALERT
-	          , "pam_get_item returned error to pam_sm_authenticate" );
+	_log_err(pamh, LOG_ALERT,
+	         "pam_get_item returned error to pam_sm_authenticate");
 	return PAM_AUTHTOK_RECOVER_ERR;
     } else if (pass == NULL) {
 	return PAM_AUTHTOK_RECOVER_ERR;
Index: samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c
===================================================================
--- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_acct.c	2007-08-26 12:07:14.098417404 +0200
+++ samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c	2007-08-26 13:09:09.419359938 +0200
@@ -52,29 +52,28 @@
 
 	/* Samba initialization. */
 	load_case_tables();
-	setup_logging( "pam_smbpass", False );
 	in_client = True;
 
-	ctrl = set_ctrl( flags, argc, argv );
+	ctrl = set_ctrl(pamh, flags, argc, argv);
 
 	/* get the username */
 
 	retval = pam_get_user( pamh, &name, "Username: " );
 	if (retval != PAM_SUCCESS) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err( LOG_DEBUG, "acct: could not identify user" );
+			_log_err(pamh, LOG_DEBUG, "acct: could not identify user");
 		}
 		return retval;
 	}
 	if (on( SMB_DEBUG, ctrl )) {
-		_log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
+		_log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name);
 	}
 
 	/* Getting into places that might use LDAP -- protect the app
 		from a SIGPIPE it's not expecting */
 	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
 	if (!initialize_password_db(True)) {
-		_log_err( LOG_ALERT, "Cannot access samba password database" );
+		_log_err(pamh, LOG_ALERT, "Cannot access samba password database");
 		CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
 		return PAM_AUTHINFO_UNAVAIL;
 	}
@@ -88,7 +87,7 @@
 	}
 
 	if (!pdb_getsampwnam(sampass, name )) {
-		_log_err( LOG_DEBUG, "acct: could not identify user" );
+		_log_err(pamh, LOG_DEBUG, "acct: could not identify user");
         	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         	return PAM_USER_UNKNOWN;
 	}
@@ -101,8 +100,8 @@
 
 	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
 		if (on( SMB_DEBUG, ctrl )) {
-			_log_err( LOG_DEBUG
-				, "acct: account %s is administratively disabled", name );
+			_log_err(pamh, LOG_DEBUG,
+				 "acct: account %s is administratively disabled", name);
 		}
 		make_remark( pamh, ctrl, PAM_ERROR_MSG
 			, "Your account has been disabled; "
Index: samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c
===================================================================
--- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_passwd.c	2007-08-26 12:07:14.098417404 +0200
+++ samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c	2007-08-26 13:09:09.419359938 +0200
@@ -104,10 +104,9 @@
 
     /* Samba initialization. */
     load_case_tables();
-    setup_logging( "pam_smbpass", False );
     in_client = True;
 
-    ctrl = set_ctrl(flags, argc, argv);
+    ctrl = set_ctrl(pamh, flags, argc, argv);
 
     /*
      * First get the name of a user.  No need to do anything if we can't
@@ -117,12 +116,12 @@
     retval = pam_get_user( pamh, &user, "Username: " );
     if (retval != PAM_SUCCESS) {
         if (on( SMB_DEBUG, ctrl )) {
-            _log_err( LOG_DEBUG, "password: could not identify user" );
+            _log_err(pamh, LOG_DEBUG, "password: could not identify user");
         }
         return retval;
     }
     if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "username [%s] obtained", user );
+        _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
     }
 
     /* Getting into places that might use LDAP -- protect the app
@@ -130,7 +129,7 @@
     oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
 
     if (!initialize_password_db(False)) {
-        _log_err( LOG_ALERT, "Cannot access samba password database" );
+        _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         return PAM_AUTHINFO_UNAVAIL;
     }
@@ -142,12 +141,12 @@
     }
 
     if (!pdb_getsampwnam(sampass,user)) {
-        _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
+        _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user);
         CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
         return PAM_USER_UNKNOWN;
     }
     if (on( SMB_DEBUG, ctrl )) {
-        _log_err( LOG_DEBUG, "Located account for %s", user );
+        _log_err(pamh, LOG_DEBUG, "Located account for %s", user);
     }
 
     if (flags & PAM_PRELIM_CHECK) {
@@ -173,7 +172,7 @@
 #define greeting "Changing password for "
             Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
             if (Announce == NULL) {
-                _log_err(LOG_CRIT, "password: out of memory");
+                _log_err(pamh, LOG_CRIT, "password: out of memory");
                 TALLOC_FREE(sampass);
                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
                 return PAM_BUF_ERR;
@@ -188,8 +187,8 @@
             SAFE_FREE( Announce );
 
             if (retval != PAM_SUCCESS) {
-                _log_err( LOG_NOTICE
-                          , "password - (old) token not obtained" );
+                _log_err(pamh, LOG_NOTICE,
+                         "password - (old) token not obtained");
                 TALLOC_FREE(sampass);
                 CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
                 return retval;
@@ -234,7 +233,7 @@
         }
 
         if (retval != PAM_SUCCESS) {
-            _log_err( LOG_NOTICE, "password: user not authenticated" );
+            _log_err(pamh, LOG_NOTICE, "password: user not authenticated");
             TALLOC_FREE(sampass);
             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
             return retval;
@@ -259,8 +258,8 @@
 
         if (retval != PAM_SUCCESS) {
             if (on( SMB_DEBUG, ctrl )) {
-                _log_err( LOG_ALERT
-                          , "password: new password not obtained" );
+                _log_err(pamh, LOG_ALERT,
+                         "password: new password not obtained");
             }
             pass_old = NULL;                               /* tidy up */
             TALLOC_FREE(sampass);
@@ -281,7 +280,7 @@
         retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
 
         if (retval != PAM_SUCCESS) {
-            _log_err(LOG_NOTICE, "new password not acceptable");
+            _log_err(pamh, LOG_NOTICE, "new password not acceptable");
             pass_new = pass_old = NULL;               /* tidy up */
             TALLOC_FREE(sampass);
             CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
@@ -301,16 +300,17 @@
 	    
             /* password updated */
 		if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
-			_log_err( LOG_NOTICE, "Unable to get uid for user %s",
+			_log_err(pamh, LOG_NOTICE,
+			         "Unable to get uid for user %s",
 				pdb_get_username(sampass));
-			_log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+			_log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)",
 				user, uidtoname(getuid()), getuid());
 		} else {
-			_log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+			_log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
 				user, uid, uidtoname(getuid()), getuid());
 		}
 	} else {
-		_log_err( LOG_ERR, "password change failed for user %s", user);
+		_log_err(pamh, LOG_ERR, "password change failed for user %s", user);
 	}
 
         pass_old = pass_new = NULL;
@@ -321,7 +321,7 @@
 
     } else {            /* something has broken with the library */
 
-        _log_err( LOG_ALERT, "password received unknown request" );
+        _log_err(pamh, LOG_ALERT, "password received unknown request");
         retval = PAM_ABORT;
 
     }
Index: samba-3.0.25c/source/pam_smbpass/support.h
===================================================================
--- samba-3.0.25c.orig/source/pam_smbpass/support.h	2007-08-26 12:07:14.098417404 +0200
+++ samba-3.0.25c/source/pam_smbpass/support.h	2007-08-26 13:09:09.419359938 +0200
@@ -1,8 +1,8 @@
 /* syslogging function for errors and other information */
-extern void _log_err(int, const char *, ...);
+extern void _log_err(pam_handle_t *, int, const char *, ...);
 
 /* set the control flags for the UNIX module. */
-extern int set_ctrl(int, int, const char **);
+extern int set_ctrl(pam_handle_t *, int, int, const char **);
 
 /* generic function for freeing pam data segments */
 extern void _cleanup(pam_handle_t *, void *, int);
@@ -12,7 +12,7 @@
  * evidence of old token around for later stack analysis.
  */
 
-extern char *smbpXstrDup(const char *);
+extern char *smbpXstrDup(pam_handle_t *,const char *);
 
 /* ************************************************************** *
  * Useful non-trivial functions                                   *
Commit	Line	Data
59721e2d JR	1	Goal: Don't call openlog() or closelog() from pam_smbpass
	2
	3	Fixes: bug #434372 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=434372)
	4
	5	Upstream status: submitted as bugzilla bug #4831
	6
	7	Index: samba-3.0.25c/source/pam_smbpass/support.c
	8	===================================================================
	9	--- samba-3.0.25c.orig/source/pam_smbpass/support.c 2007-08-26 12:07:14.098417404 +0200
	10	+++ samba-3.0.25c/source/pam_smbpass/support.c 2007-08-26 13:09:09.419359938 +0200
	11	@@ -15,6 +15,7 @@
	12	* Mass Ave, Cambridge, MA 02139, USA.
	13	*/
	14
	15	+ #include "config.h"
	16	#include "includes.h"
	17	#include "general.h"
	18
	19	@@ -66,19 +67,44 @@
	20
	21	char *servicesf = dyn_CONFIGFILE;
	22
	23	- /* syslogging function for errors and other information */
	24	-
	25	- void _log_err( int err, const char *format, ... )
	26	- {
	27	- va_list args;
	28	+/* syslogging function for errors and other information */
	29	+#ifdef HAVE_PAM_VSYSLOG
	30	+void _log_err( pam_handle_t pamh, int err, const char format, ... )
	31	+{
	32	+ va_list args;
	33
	34	- va_start( args, format );
	35	- openlog( "PAM_smbpass", LOG_CONS \| LOG_PID, LOG_AUTH );
	36	- vsyslog( err, format, args );
	37	- va_end( args );
	38	- closelog();
	39	+ va_start(args, format);
	40	+ pam_vsyslog(pamh, err, format, args);
	41	+ va_end(args);
	42	+}
	43	+#else
	44	+void _log_err( pam_handle_t pamh, int err, const char format, ... )
	45	+{
	46	+ va_list args;
	47	+ const char tag[] = "(pam_smbpass) ";
	48	+ char *mod_format;
	49	+
	50	+ mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format));
	51	+ /* try really, really hard to log something, since this may have
	52	+ been a message about a malloc() failure... */
	53	+ if (mod_format == NULL) {
	54	+ va_start(args, format);
	55	+ vsyslog(err \| LOG_AUTH, format, args);
	56	+ va_end(args);
	57	+ return;
	58	}
	59
	60	+ strncpy(mod_format, tag, strlen(tag)+1);
	61	+ strncat(mod_format, format, strlen(format));
	62	+
	63	+ va_start(args, format);
	64	+ vsyslog(err \| LOG_AUTH, mod_format, args);
65	+ va_end(args);
66	+
67	+ free(mod_format);
68	+}
69	+#endif
70	+
71	/* this is a front-end for module-application conversations */
72
73	int converse( pam_handle_t * pamh, int ctrl, int nargs
74	@@ -95,12 +121,14 @@
75	,response, conv->appdata_ptr);
76
77	if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
78	- _log_err(LOG_DEBUG, "conversation failure [%s]"
79	- ,pam_strerror(pamh, retval));
80	+ _log_err(pamh, LOG_DEBUG,
81	+ "conversation failure [%s]",
82	+ pam_strerror(pamh, retval));
83	}
84	} else {
85	- _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
86	- ,pam_strerror(pamh, retval));
87	+ _log_err(pamh, LOG_ERR,
88	+ "couldn't obtain coversation function [%s]",
89	+ pam_strerror(pamh, retval));
90	}
91
92	return retval; /* propagate error status */
93	@@ -126,7 +154,7 @@
94
95	/* set the control flags for the SMB module. */
96
97	-int set_ctrl( int flags, int argc, const char **argv )
98	+int set_ctrl( pam_handle_t pamh, int flags, int argc, const char *argv )
99	{
100	int i = 0;
101	const char *service_file = dyn_CONFIGFILE;
102	@@ -168,7 +196,7 @@
103	/* Read some options from the Samba config. Can be overridden by
104	the PAM config. */
105	if(lp_load(service_file,True,False,False,True) == False) {
106	- _log_err( LOG_ERR, "Error loading service file %s", service_file );
107	+ _log_err(pamh, LOG_ERR, "Error loading service file %s", service_file);
108	}
109
110	secrets_init();
111	@@ -191,7 +219,7 @@
112	}
113
114	if (j >= SMB_CTRLS_) {
115	- _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
116	+ _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv);
117	} else {
118	ctrl &= smb_args[j].mask; /* for turning things off */
119	ctrl \|= smb_args[j].flag; /* for turning things on */
120	@@ -230,7 +258,7 @@
121	* evidence of old token around for later stack analysis.
122	*
123	*/
124	-char * smbpXstrDup( const char *x )
125	+char * smbpXstrDup( pam_handle_t pamh, const char x )
126	{
127	register char *newstr = NULL;
128
129	@@ -240,7 +268,7 @@
130	for (i = 0; x[i]; ++i); /* length of string */
131	if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
132	i = 0;
133	- _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
134	+ _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup");
135	} else {
136	while (i-- > 0) {
137	newstr[i] = x[i];
138	@@ -282,7 +310,7 @@
139	/* log the number of authentication failures */
140	if (failure->count != 0) {
141	pam_get_item( pamh, PAM_SERVICE, (const void **) &service );
142	- _log_err( LOG_NOTICE
143	+ _log_err(pamh, LOG_NOTICE
144	, "%d authentication %s "
145	"from %s for service %s as %s(%d)"
146	, failure->count
147	@@ -291,7 +319,7 @@
148	, service == NULL ? "unknown" : service
149	, failure->user, failure->id );
150	if (failure->count > SMB_MAX_RETRIES) {
151	- _log_err( LOG_ALERT
152	+ _log_err(pamh, LOG_ALERT
153	, "service(%s) ignoring max retries; %d > %d"
154	, service == NULL ? "unknown" : service
155	, failure->count
156	@@ -327,8 +355,7 @@
157
158	if (!pdb_get_lanman_passwd(sampass))
159	{
160	- _log_err( LOG_DEBUG, "user %s has null SMB password"
161	- , name );
162	+ _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name);
163
164	if (off( SMB__NONULL, ctrl )
165	&& (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
166	@@ -338,15 +365,16 @@
167	const char *service;
168
169	pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
170	- _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
171	- uidtoname(getuid()), service ? service : "unknown", name);
172	+ _log_err(pamh, LOG_NOTICE,
173	+ "failed auth request by %s for service %s as %s",
174	+ uidtoname(getuid()), service ? service : "unknown", name);
175	return PAM_AUTH_ERR;
176	}
177	}
178
179	data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
180	if (data_name == NULL) {
181	- _log_err( LOG_CRIT, "no memory for data-name" );
182	+ _log_err(pamh, LOG_CRIT, "no memory for data-name");
183	}
184	strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
185	strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
186	@@ -392,31 +420,31 @@
187	retval = PAM_MAXTRIES;
188	}
189	} else {
190	- _log_err(LOG_NOTICE,
191	+ _log_err(pamh, LOG_NOTICE,
192	"failed auth request by %s for service %s as %s",
193	uidtoname(getuid()),
194	service ? service : "unknown", name);
195	newauth->count = 1;
196	}
197	if (!sid_to_uid(pdb_get_user_sid(sampass), &(newauth->id))) {
198	- _log_err(LOG_NOTICE,
199	+ _log_err(pamh, LOG_NOTICE,
200	"failed auth request by %s for service %s as %s",
201	uidtoname(getuid()),
202	service ? service : "unknown", name);
203	}
204	- newauth->user = smbpXstrDup( name );
205	- newauth->agent = smbpXstrDup( uidtoname( getuid() ) );
206	+ newauth->user = smbpXstrDup(pamh, name);
207	+ newauth->agent = smbpXstrDup(pamh, uidtoname( getuid() ));
208	pam_set_data( pamh, data_name, newauth, _cleanup_failures );
209
210	} else {
211	- _log_err( LOG_CRIT, "no memory for failure recorder" );
212	- _log_err(LOG_NOTICE,
213	+ _log_err(pamh, LOG_CRIT, "no memory for failure recorder");
214	+ _log_err(pamh, LOG_NOTICE,
215	"failed auth request by %s for service %s as %s(%d)",
216	uidtoname(getuid()),
217	service ? service : "unknown", name);
218	}
219	} else {
220	- _log_err(LOG_NOTICE,
221	+ _log_err(pamh, LOG_NOTICE,
222	"failed auth request by %s for service %s as %s(%d)",
223	uidtoname(getuid()),
224	service ? service : "unknown", name);
225	@@ -490,8 +518,8 @@
226	retval = pam_get_item( pamh, authtok_flag, (const void **) &item );
227	if (retval != PAM_SUCCESS) {
228	/* very strange. */
229	- _log_err( LOG_ALERT
230	- , "pam_get_item returned error to smb_read_password" );
231	+ _log_err(pamh, LOG_ALERT,
232	+ "pam_get_item returned error to smb_read_password");
233	return retval;
234	} else if (item != NULL) { /* we have a password! */
235	*pass = item;
236	@@ -543,7 +571,7 @@
237
238	if (retval == PAM_SUCCESS) { /* a good conversation */
239
240	- token = smbpXstrDup(resp[j++].resp);
241	+ token = smbpXstrDup(pamh, resp[j++].resp);
242	if (token != NULL) {
243	if (expect == 2) {
244	/* verify that password entered correctly */
245	@@ -555,7 +583,8 @@
246	}
247	}
248	} else {
249	- _log_err(LOG_NOTICE, "could not recover authentication token");
250	+ _log_err(pamh, LOG_NOTICE,
251	+ "could not recover authentication token");
252	}
253	}
254
255	@@ -568,7 +597,7 @@
256
257	if (retval != PAM_SUCCESS) {
258	if (on( SMB_DEBUG, ctrl ))
259	- _log_err( LOG_DEBUG, "unable to obtain a password" );
260	+ _log_err(pamh, LOG_DEBUG, "unable to obtain a password");
261	return retval;
262	}
263	/* 'token' is the entered password */
264	@@ -583,7 +612,7 @@
265	\|\| (retval = pam_get_item( pamh, authtok_flag
266	,(const void **)&item )) != PAM_SUCCESS)
267	{
268	- _log_err( LOG_CRIT, "error manipulating password" );
269	+ _log_err(pamh, LOG_CRIT, "error manipulating password");
270	return retval;
271	}
272	} else {
273	@@ -597,8 +626,8 @@
274	\|\| (retval = pam_get_data( pamh, data_name, (const void **)&item ))
275	!= PAM_SUCCESS)
276	{
277	- _log_err( LOG_CRIT, "error manipulating password data [%s]"
278	- , pam_strerror( pamh, retval ));
279	+ _log_err(pamh, LOG_CRIT, "error manipulating password data [%s]",
280	+ pam_strerror( pamh, retval ));
281	_pam_delete( token );
282	item = NULL;
283	return retval;
284	@@ -622,8 +651,8 @@
285	if (pass_new == NULL \|\| (pass_old && !strcmp( pass_old, pass_new )))
286	{
287	if (on(SMB_DEBUG, ctrl)) {
288	- _log_err( LOG_DEBUG,
289	- "passwd: bad authentication token (null or unchanged)" );
290	+ _log_err(pamh, LOG_DEBUG,
291	+ "passwd: bad authentication token (null or unchanged)");
292	}
293	make_remark( pamh, ctrl, PAM_ERROR_MSG, pass_new == NULL ?
294	"No password supplied" : "Password unchanged" );
295	Index: samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c
296	===================================================================
297	--- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_auth.c 2007-08-26 12:07:14.098417404 +0200
298	+++ samba-3.0.25c/source/pam_smbpass/pam_smb_auth.c 2007-08-26 13:09:09.419359938 +0200
299	@@ -75,10 +75,9 @@
300
301	/* Samba initialization. */
302	load_case_tables();
303	- setup_logging("pam_smbpass",False);
304	in_client = True;
305
306	- ctrl = set_ctrl(flags, argc, argv);
307	+ ctrl = set_ctrl(pamh, flags, argc, argv);
308
309	/* Get a few bytes so we can pass our return value to
310	pam_sm_setcred(). */
311	@@ -93,23 +92,23 @@
312	retval = pam_get_user( pamh, &name, "Username: " );
313	if ( retval != PAM_SUCCESS ) {
314	if (on( SMB_DEBUG, ctrl )) {
315	- _log_err(LOG_DEBUG, "auth: could not identify user");
316	+ _log_err(pamh, LOG_DEBUG, "auth: could not identify user");
317	}
318	AUTH_RETURN;
319	}
320	if (on( SMB_DEBUG, ctrl )) {
321	- _log_err( LOG_DEBUG, "username [%s] obtained", name );
322	+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name);
323	}
324
325	if (!initialize_password_db(True)) {
326	- _log_err( LOG_ALERT, "Cannot access samba password database" );
327	+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
328	retval = PAM_AUTHINFO_UNAVAIL;
329	AUTH_RETURN;
330	}
331
332	sampass = samu_new( NULL );
333	if (!sampass) {
334	- _log_err( LOG_ALERT, "Cannot talloc a samu struct" );
335	+ _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct");
336	retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
337	AUTH_RETURN;
338	}
339	@@ -123,7 +122,7 @@
340	}
341
342	if (!found) {
343	- _log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
344	+ _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name);
345	retval = PAM_USER_UNKNOWN;
346	TALLOC_FREE(sampass);
347	sampass = NULL;
348	@@ -142,7 +141,7 @@
349
350	retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
351	if (retval != PAM_SUCCESS ) {
352	- _log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
353	+ _log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name);
354	TALLOC_FREE(sampass);
355	AUTH_RETURN;
356	}
357	@@ -194,8 +193,8 @@
358	retval = pam_get_item( pamh, PAM_AUTHTOK, (const void **) &pass );
359
360	if (retval != PAM_SUCCESS) {
361	- _log_err( LOG_ALERT
362	- , "pam_get_item returned error to pam_sm_authenticate" );
363	+ _log_err(pamh, LOG_ALERT,
364	+ "pam_get_item returned error to pam_sm_authenticate");
365	return PAM_AUTHTOK_RECOVER_ERR;
366	} else if (pass == NULL) {
367	return PAM_AUTHTOK_RECOVER_ERR;
368	Index: samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c
369	===================================================================
370	--- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_acct.c 2007-08-26 12:07:14.098417404 +0200
371	+++ samba-3.0.25c/source/pam_smbpass/pam_smb_acct.c 2007-08-26 13:09:09.419359938 +0200
372	@@ -52,29 +52,28 @@
373
374	/* Samba initialization. */
375	load_case_tables();
376	- setup_logging( "pam_smbpass", False );
377	in_client = True;
378
379	- ctrl = set_ctrl( flags, argc, argv );
380	+ ctrl = set_ctrl(pamh, flags, argc, argv);
381
382	/* get the username */
383
384	retval = pam_get_user( pamh, &name, "Username: " );
385	if (retval != PAM_SUCCESS) {
386	if (on( SMB_DEBUG, ctrl )) {
387	- _log_err( LOG_DEBUG, "acct: could not identify user" );
388	+ _log_err(pamh, LOG_DEBUG, "acct: could not identify user");
389	}
390	return retval;
391	}
392	if (on( SMB_DEBUG, ctrl )) {
393	- _log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
394	+ _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name);
395	}
396
397	/* Getting into places that might use LDAP -- protect the app
398	from a SIGPIPE it's not expecting */
399	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
400	if (!initialize_password_db(True)) {
401	- _log_err( LOG_ALERT, "Cannot access samba password database" );
402	+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
403	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
404	return PAM_AUTHINFO_UNAVAIL;
405	}
406	@@ -88,7 +87,7 @@
407	}
408
409	if (!pdb_getsampwnam(sampass, name )) {
410	- _log_err( LOG_DEBUG, "acct: could not identify user" );
411	+ _log_err(pamh, LOG_DEBUG, "acct: could not identify user");
412	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
413	return PAM_USER_UNKNOWN;
414	}
415	@@ -101,8 +100,8 @@
416
417	if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
418	if (on( SMB_DEBUG, ctrl )) {
419	- _log_err( LOG_DEBUG
420	- , "acct: account %s is administratively disabled", name );
421	+ _log_err(pamh, LOG_DEBUG,
422	+ "acct: account %s is administratively disabled", name);
423	}
424	make_remark( pamh, ctrl, PAM_ERROR_MSG
425	, "Your account has been disabled; "
426	Index: samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c
427	===================================================================
428	--- samba-3.0.25c.orig/source/pam_smbpass/pam_smb_passwd.c 2007-08-26 12:07:14.098417404 +0200
429	+++ samba-3.0.25c/source/pam_smbpass/pam_smb_passwd.c 2007-08-26 13:09:09.419359938 +0200
430	@@ -104,10 +104,9 @@
431
432	/* Samba initialization. */
433	load_case_tables();
434	- setup_logging( "pam_smbpass", False );
435	in_client = True;
436
437	- ctrl = set_ctrl(flags, argc, argv);
438	+ ctrl = set_ctrl(pamh, flags, argc, argv);
439
440	/*
441	* First get the name of a user. No need to do anything if we can't
442	@@ -117,12 +116,12 @@
443	retval = pam_get_user( pamh, &user, "Username: " );
444	if (retval != PAM_SUCCESS) {
445	if (on( SMB_DEBUG, ctrl )) {
446	- _log_err( LOG_DEBUG, "password: could not identify user" );
447	+ _log_err(pamh, LOG_DEBUG, "password: could not identify user");
448	}
449	return retval;
450	}
451	if (on( SMB_DEBUG, ctrl )) {
452	- _log_err( LOG_DEBUG, "username [%s] obtained", user );
453	+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
454	}
455
456	/* Getting into places that might use LDAP -- protect the app
457	@@ -130,7 +129,7 @@
458	oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
459
460	if (!initialize_password_db(False)) {
461	- _log_err( LOG_ALERT, "Cannot access samba password database" );
462	+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database");
463	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
464	return PAM_AUTHINFO_UNAVAIL;
465	}
466	@@ -142,12 +141,12 @@
467	}
468
469	if (!pdb_getsampwnam(sampass,user)) {
470	- _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
471	+ _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user);
472	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
473	return PAM_USER_UNKNOWN;
474	}
475	if (on( SMB_DEBUG, ctrl )) {
476	- _log_err( LOG_DEBUG, "Located account for %s", user );
477	+ _log_err(pamh, LOG_DEBUG, "Located account for %s", user);
478	}
479
480	if (flags & PAM_PRELIM_CHECK) {
481	@@ -173,7 +172,7 @@
482	#define greeting "Changing password for "
483	Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
484	if (Announce == NULL) {
485	- _log_err(LOG_CRIT, "password: out of memory");
486	+ _log_err(pamh, LOG_CRIT, "password: out of memory");
487	TALLOC_FREE(sampass);
488	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
489	return PAM_BUF_ERR;
490	@@ -188,8 +187,8 @@
491	SAFE_FREE( Announce );
492
493	if (retval != PAM_SUCCESS) {
494	- _log_err( LOG_NOTICE
495	- , "password - (old) token not obtained" );
496	+ _log_err(pamh, LOG_NOTICE,
497	+ "password - (old) token not obtained");
498	TALLOC_FREE(sampass);
499	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
500	return retval;
501	@@ -234,7 +233,7 @@
502	}
503
504	if (retval != PAM_SUCCESS) {
505	- _log_err( LOG_NOTICE, "password: user not authenticated" );
506	+ _log_err(pamh, LOG_NOTICE, "password: user not authenticated");
507	TALLOC_FREE(sampass);
508	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
509	return retval;
510	@@ -259,8 +258,8 @@
511
512	if (retval != PAM_SUCCESS) {
513	if (on( SMB_DEBUG, ctrl )) {
514	- _log_err( LOG_ALERT
515	- , "password: new password not obtained" );
516	+ _log_err(pamh, LOG_ALERT,
517	+ "password: new password not obtained");
518	}
519	pass_old = NULL; /* tidy up */
520	TALLOC_FREE(sampass);
521	@@ -281,7 +280,7 @@
522	retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
523
524	if (retval != PAM_SUCCESS) {
525	- _log_err(LOG_NOTICE, "new password not acceptable");
526	+ _log_err(pamh, LOG_NOTICE, "new password not acceptable");
527	pass_new = pass_old = NULL; /* tidy up */
528	TALLOC_FREE(sampass);
529	CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
530	@@ -301,16 +300,17 @@
531
532	/* password updated */
533	if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
534	- _log_err( LOG_NOTICE, "Unable to get uid for user %s",
535	+ _log_err(pamh, LOG_NOTICE,
536	+ "Unable to get uid for user %s",
537	pdb_get_username(sampass));
538	- _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
539	+ _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)",
540	user, uidtoname(getuid()), getuid());
541	} else {
542	- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
543	+ _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
544	user, uid, uidtoname(getuid()), getuid());
545	}
546	} else {
547	- _log_err( LOG_ERR, "password change failed for user %s", user);
548	+ _log_err(pamh, LOG_ERR, "password change failed for user %s", user);
549	}
550
551	pass_old = pass_new = NULL;
552	@@ -321,7 +321,7 @@
553
554	} else { /* something has broken with the library */
555
556	- _log_err( LOG_ALERT, "password received unknown request" );
557	+ _log_err(pamh, LOG_ALERT, "password received unknown request");
558	retval = PAM_ABORT;
559
560	}
561	Index: samba-3.0.25c/source/pam_smbpass/support.h
562	===================================================================
563	--- samba-3.0.25c.orig/source/pam_smbpass/support.h 2007-08-26 12:07:14.098417404 +0200
564	+++ samba-3.0.25c/source/pam_smbpass/support.h 2007-08-26 13:09:09.419359938 +0200
565	@@ -1,8 +1,8 @@
566	/* syslogging function for errors and other information */
567	-extern void _log_err(int, const char *, ...);
568	+extern void _log_err(pam_handle_t , int, const char , ...);
569
570	/* set the control flags for the UNIX module. */
571	-extern int set_ctrl(int, int, const char **);
572	+extern int set_ctrl(pam_handle_t , int, int, const char *);
573
574	/* generic function for freeing pam data segments */
575	extern void _cleanup(pam_handle_t , void , int);
576	@@ -12,7 +12,7 @@
577	* evidence of old token around for later stack analysis.
578	*/
579
580	-extern char smbpXstrDup(const char );
581	+extern char smbpXstrDup(pam_handle_t ,const char *);
582
583	/* ************************************************************** *
584	* Useful non-trivial functions *