[SCM] Samba Shared Repository - branch v3-4-stable updated -
release-3-4-0pre1-233-g6f3a58d
Karolin Seeger
kseeger at samba.org
Wed May 27 08:10:54 GMT 2009
The branch, v3-4-stable has been updated
via 6f3a58dce40c7acd21f405e6eaf57e5c660a6678 (commit)
via 92fc2b5c2f97bf966dcec4b95d8fafd514c199ec (commit)
via c216d96511ffb8ac4edfbf0c491a5ecccd7b63fb (commit)
via a0e356b5fe134f72d9c9a04914f4e7a4d4a8f9d0 (commit)
via 84673c608acd8f9cb92d983990c9c0848819dbed (commit)
via 9ff6c8d528f5d04dd9246645d1106718dbfdf6dc (commit)
from a03099aa862b1a0fa4eb89f9be875f9781c39fb1 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-stable
- Log -----------------------------------------------------------------
commit 6f3a58dce40c7acd21f405e6eaf57e5c660a6678
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue May 26 14:16:10 2009 +0200
s3/docs: Fix typo in man idmap_rid.
Karolin
(cherry picked from commit 73eaff7a395c9a7a0042f2c50f8817499b6cfdcd)
(cherry picked from commit b85c2cbcc57291ff88d8d490f548faa675b689be)
commit 92fc2b5c2f97bf966dcec4b95d8fafd514c199ec
Author: Steven Danneman <steven.danneman at isilon.com>
Date: Fri May 22 16:57:52 2009 -0700
s3/docs Add manpage for "map untrusted to domain" parameter
This fixes bug 6352.
(cherry picked from commit bf5fb8b58cb1813fdadabe8f96ef8af305d4d582)
commit c216d96511ffb8ac4edfbf0c491a5ecccd7b63fb
Author: Michael Adam <obnox at samba.org>
Date: Tue May 26 00:47:15 2009 +0200
s3:dbwrap_tool: add listkeys operation
Michael
(cherry picked from commit 714acfac013a46c3677c3eb72ad57db6d97c7d61)
(cherry picked from commit 816776d2f81c1ae90e52612af76aaafeaeb04598)
commit a0e356b5fe134f72d9c9a04914f4e7a4d4a8f9d0
Author: Michael Adam <obnox at samba.org>
Date: Tue May 26 00:26:39 2009 +0200
s3:dbwrap_tool: remove superfluous command mapping
Michael
(cherry picked from commit 11f07599006cf2ce6760095d07bfe22680c3744e)
(cherry picked from commit 53dfa79e07b22325c0f290b05d4b87dde0cbf3cb)
commit 84673c608acd8f9cb92d983990c9c0848819dbed
Author: Michael Adam <obnox at samba.org>
Date: Mon May 25 23:27:28 2009 +0200
s3:dbwrap_tool: add "erase" opearation
Michael
(cherry picked from commit dfe06d21bdc4c715e02c9f80c4bc7144a0d9ee59)
(cherry picked from commit 2e051ece16e7b18e9e82ef36f7d7e8e39d00e66d)
commit 9ff6c8d528f5d04dd9246645d1106718dbfdf6dc
Author: Björn Jacke <bj at sernet.de>
Date: Tue May 26 15:40:21 2009 +0200
s3:pam_smbpass: don't call openlog() or closelog() from pam_smbpass
Patch from Steve Langasek with tiny fixes by me to make it apply to master.
Also see Debian bug #434372 and bugzilla #4831.
Calling openlog() or closelog() inside a pam module is not good as these
functions are not stackable and no program won't re-do openlog() just because a
pam module might have called closelog().
(cherry picked from commit 5c34ea94bdf9e3efb6743e52dd3c0c0088cff7d8)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/idmap_rid.8.xml | 2 +-
.../smbdotconf/security/mapuntrustedtodomain.xml | 33 +++++++
source3/pam_smbpass/pam_smb_acct.c | 17 ++--
source3/pam_smbpass/pam_smb_auth.c | 19 ++--
source3/pam_smbpass/pam_smb_passwd.c | 40 ++++----
source3/pam_smbpass/support.c | 102 ++++++++++++-------
source3/pam_smbpass/support.h | 6 +-
source3/utils/dbwrap_tool.c | 92 ++++++++++++++++--
8 files changed, 223 insertions(+), 88 deletions(-)
create mode 100644 docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/idmap_rid.8.xml b/docs-xml/manpages-3/idmap_rid.8.xml
index f9030a1..3f6bb2e 100644
--- a/docs-xml/manpages-3/idmap_rid.8.xml
+++ b/docs-xml/manpages-3/idmap_rid.8.xml
@@ -66,7 +66,7 @@
</programlisting>
</para>
<para>
- Correspondingly, the formula for calculationg the RID for a
+ Correspondingly, the formula for calculating the RID for a
given Unix ID is this:
<programlisting>
RID = ID + BASE_RID - LOW_RANGE_ID.
diff --git a/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
new file mode 100644
index 0000000..bcf65e6
--- /dev/null
+++ b/docs-xml/smbdotconf/security/mapuntrustedtodomain.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="map untrusted to domain"
+ context="G"
+ type="boolean"
+ advanced="1"
+ developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>
+ If a client connects to smbd using an untrusted domain name, such as
+ BOGUS\user, smbd replaces the BOGUS domain with it's SAM name before
+ attempting to authenticate that user. In the case where smbd is acting as
+ a PDC this will be DOMAIN\user. In the case where smbd is acting as a
+ domain member server or a standalone server this will be WORKSTATION\user.
+ </para>
+
+ <para>
+ In previous versions of Samba (pre 3.4), if smbd was acting as a domain
+ member server, the BOGUS domain name would instead be replaced by the
+ primary domain which smbd was a member of. In this case authentication
+ would be deferred off to a DC using the credentials DOMAIN\user.
+ </para>
+
+ <para>
+ When this parameter is set to <constant>yes</constant> smbd provides the
+ legacy behavior of mapping untrusted domain names to the primary domain.
+ When smbd is not acting as a domain member server, this parameter has no
+ effect.
+ </para>
+
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/source3/pam_smbpass/pam_smb_acct.c b/source3/pam_smbpass/pam_smb_acct.c
index 2a8bd26..9ad7478 100644
--- a/source3/pam_smbpass/pam_smb_acct.c
+++ b/source3/pam_smbpass/pam_smb_acct.c
@@ -58,26 +58,25 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
/* Samba initialization. */
load_case_tables();
- setup_logging( "pam_smbpass", False );
lp_set_in_client(True);
- ctrl = set_ctrl( flags, argc, argv );
+ ctrl = set_ctrl(pamh, flags, argc, argv );
/* get the username */
retval = pam_get_user( pamh, &name, "Username: " );
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG, "acct: could not identify user" );
+ _log_err(pamh, LOG_DEBUG, "acct: could not identify user" );
}
return retval;
}
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG, "acct: username [%s] obtained", name );
+ _log_err(pamh, LOG_DEBUG, "acct: username [%s] obtained", name );
}
if (geteuid() != 0) {
- _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
return PAM_AUTHINFO_UNAVAIL;
}
@@ -85,7 +84,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
from a SIGPIPE it's not expecting */
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
if (!initialize_password_db(True, NULL)) {
- _log_err( LOG_ALERT, "Cannot access samba password database" );
+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_AUTHINFO_UNAVAIL;
}
@@ -99,7 +98,7 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
}
if (!pdb_getsampwnam(sampass, name )) {
- _log_err( LOG_DEBUG, "acct: could not identify user" );
+ _log_err(pamh, LOG_DEBUG, "acct: could not identify user");
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
@@ -112,8 +111,8 @@ int pam_sm_acct_mgmt( pam_handle_t *pamh, int flags,
if (pdb_get_acct_ctrl(sampass) & ACB_DISABLED) {
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG
- , "acct: account %s is administratively disabled", name );
+ _log_err(pamh, LOG_DEBUG,
+ "acct: account %s is administratively disabled", name);
}
make_remark( pamh, ctrl, PAM_ERROR_MSG
, "Your account has been disabled; "
diff --git a/source3/pam_smbpass/pam_smb_auth.c b/source3/pam_smbpass/pam_smb_auth.c
index b5a6a47..88ff985 100644
--- a/source3/pam_smbpass/pam_smb_auth.c
+++ b/source3/pam_smbpass/pam_smb_auth.c
@@ -81,10 +81,9 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
/* Samba initialization. */
load_case_tables();
- setup_logging("pam_smbpass",False);
lp_set_in_client(True);
- ctrl = set_ctrl(flags, argc, argv);
+ ctrl = set_ctrl(pamh, flags, argc, argv);
/* Get a few bytes so we can pass our return value to
pam_sm_setcred(). */
@@ -99,29 +98,29 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
retval = pam_get_user( pamh, &name, "Username: " );
if ( retval != PAM_SUCCESS ) {
if (on( SMB_DEBUG, ctrl )) {
- _log_err(LOG_DEBUG, "auth: could not identify user");
+ _log_err(pamh, LOG_DEBUG, "auth: could not identify user");
}
AUTH_RETURN;
}
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG, "username [%s] obtained", name );
+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", name );
}
if (geteuid() != 0) {
- _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
retval = PAM_AUTHINFO_UNAVAIL;
AUTH_RETURN;
}
if (!initialize_password_db(True, NULL)) {
- _log_err( LOG_ALERT, "Cannot access samba password database" );
+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
retval = PAM_AUTHINFO_UNAVAIL;
AUTH_RETURN;
}
sampass = samu_new( NULL );
if (!sampass) {
- _log_err( LOG_ALERT, "Cannot talloc a samu struct" );
+ _log_err(pamh, LOG_ALERT, "Cannot talloc a samu struct" );
retval = nt_status_to_pam(NT_STATUS_NO_MEMORY);
AUTH_RETURN;
}
@@ -135,7 +134,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
}
if (!found) {
- _log_err(LOG_ALERT, "Failed to find entry for user %s.", name);
+ _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", name);
retval = PAM_USER_UNKNOWN;
TALLOC_FREE(sampass);
sampass = NULL;
@@ -154,7 +153,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags,
retval = _smb_read_password(pamh, ctrl, NULL, "Password: ", NULL, _SMB_AUTHTOK, &p);
if (retval != PAM_SUCCESS ) {
- _log_err(LOG_CRIT, "auth: no password provided for [%s]", name);
+ _log_err(pamh,LOG_CRIT, "auth: no password provided for [%s]", name);
TALLOC_FREE(sampass);
AUTH_RETURN;
}
@@ -202,7 +201,7 @@ static int _smb_add_user(pam_handle_t *pamh, unsigned int ctrl,
retval = _pam_get_item( pamh, PAM_AUTHTOK, &pass );
if (retval != PAM_SUCCESS) {
- _log_err( LOG_ALERT
+ _log_err(pamh, LOG_ALERT
, "pam_get_item returned error to pam_sm_authenticate" );
return PAM_AUTHTOK_RECOVER_ERR;
} else if (pass == NULL) {
diff --git a/source3/pam_smbpass/pam_smb_passwd.c b/source3/pam_smbpass/pam_smb_passwd.c
index dce6e01..9504e4d 100644
--- a/source3/pam_smbpass/pam_smb_passwd.c
+++ b/source3/pam_smbpass/pam_smb_passwd.c
@@ -106,10 +106,9 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
/* Samba initialization. */
load_case_tables();
- setup_logging( "pam_smbpass", False );
lp_set_in_client(True);
- ctrl = set_ctrl(flags, argc, argv);
+ ctrl = set_ctrl(pamh, flags, argc, argv);
/*
* First get the name of a user. No need to do anything if we can't
@@ -119,16 +118,16 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = pam_get_user( pamh, &user, "Username: " );
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG, "password: could not identify user" );
+ _log_err(pamh, LOG_DEBUG, "password: could not identify user");
}
return retval;
}
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG, "username [%s] obtained", user );
+ _log_err(pamh, LOG_DEBUG, "username [%s] obtained", user);
}
if (geteuid() != 0) {
- _log_err( LOG_DEBUG, "Cannot access samba password database, not running as root.");
+ _log_err(pamh, LOG_DEBUG, "Cannot access samba password database, not running as root.");
return PAM_AUTHINFO_UNAVAIL;
}
@@ -137,7 +136,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
oldsig_handler = CatchSignal(SIGPIPE, SIGNAL_CAST SIG_IGN);
if (!initialize_password_db(False, NULL)) {
- _log_err( LOG_ALERT, "Cannot access samba password database" );
+ _log_err(pamh, LOG_ALERT, "Cannot access samba password database" );
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_AUTHINFO_UNAVAIL;
}
@@ -149,12 +148,12 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
if (!pdb_getsampwnam(sampass,user)) {
- _log_err( LOG_ALERT, "Failed to find entry for user %s.", user );
+ _log_err(pamh, LOG_ALERT, "Failed to find entry for user %s.", user);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_USER_UNKNOWN;
}
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_DEBUG, "Located account for %s", user );
+ _log_err(pamh, LOG_DEBUG, "Located account for %s", user);
}
if (flags & PAM_PRELIM_CHECK) {
@@ -180,7 +179,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
#define greeting "Changing password for "
Announce = SMB_MALLOC_ARRAY(char, sizeof(greeting)+strlen(user));
if (Announce == NULL) {
- _log_err(LOG_CRIT, "password: out of memory");
+ _log_err(pamh, LOG_CRIT, "password: out of memory");
TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return PAM_BUF_ERR;
@@ -195,8 +194,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
SAFE_FREE( Announce );
if (retval != PAM_SUCCESS) {
- _log_err( LOG_NOTICE
- , "password - (old) token not obtained" );
+ _log_err(pamh, LOG_NOTICE,
+ "password - (old) token not obtained");
TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
@@ -241,7 +240,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
}
if (retval != PAM_SUCCESS) {
- _log_err( LOG_NOTICE, "password: user not authenticated" );
+ _log_err(pamh, LOG_NOTICE, "password: user not authenticated");
TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
return retval;
@@ -266,8 +265,8 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
if (retval != PAM_SUCCESS) {
if (on( SMB_DEBUG, ctrl )) {
- _log_err( LOG_ALERT
- , "password: new password not obtained" );
+ _log_err(pamh, LOG_ALERT,
+ "password: new password not obtained");
}
pass_old = NULL; /* tidy up */
TALLOC_FREE(sampass);
@@ -288,7 +287,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
retval = _pam_smb_approve_pass(pamh, ctrl, pass_old, pass_new);
if (retval != PAM_SUCCESS) {
- _log_err(LOG_NOTICE, "new password not acceptable");
+ _log_err(pamh, LOG_NOTICE, "new password not acceptable");
pass_new = pass_old = NULL; /* tidy up */
TALLOC_FREE(sampass);
CatchSignal(SIGPIPE, SIGNAL_CAST oldsig_handler);
@@ -308,16 +307,17 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
/* password updated */
if (!sid_to_uid(pdb_get_user_sid(sampass), &uid)) {
- _log_err( LOG_NOTICE, "Unable to get uid for user %s",
+ _log_err(pamh, LOG_NOTICE,
+ "Unable to get uid for user %s",
pdb_get_username(sampass));
- _log_err( LOG_NOTICE, "password for (%s) changed by (%s/%d)",
+ _log_err(pamh, LOG_NOTICE, "password for (%s) changed by (%s/%d)",
user, uidtoname(getuid()), getuid());
} else {
- _log_err( LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
+ _log_err(pamh, LOG_NOTICE, "password for (%s/%d) changed by (%s/%d)",
user, uid, uidtoname(getuid()), getuid());
}
} else {
- _log_err( LOG_ERR, "password change failed for user %s", user);
+ _log_err(pamh, LOG_ERR, "password change failed for user %s", user);
}
pass_old = pass_new = NULL;
@@ -328,7 +328,7 @@ int pam_sm_chauthtok(pam_handle_t *pamh, int flags,
} else { /* something has broken with the library */
- _log_err( LOG_ALERT, "password received unknown request" );
+ _log_err(pamh, LOG_ALERT, "password received unknown request");
retval = PAM_ABORT;
}
diff --git a/source3/pam_smbpass/support.c b/source3/pam_smbpass/support.c
index 7dcdaba..50a2a14 100644
--- a/source3/pam_smbpass/support.c
+++ b/source3/pam_smbpass/support.c
@@ -14,6 +14,7 @@
* this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#include "config.h"
#include "includes.h"
#include "general.h"
@@ -62,17 +63,42 @@ void _cleanup(pam_handle_t *, void *, int);
char *_pam_delete(register char *);
/* syslogging function for errors and other information */
+#ifdef HAVE_PAM_VSYSLOG
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
+{
+ va_list args;
-void _log_err( int err, const char *format, ... )
+ va_start(args, format);
+ pam_vsyslog(pamh, err, format, args);
+ va_end(args);
+}
+#else
+void _log_err( pam_handle_t *pamh, int err, const char *format, ... )
{
- va_list args;
+ va_list args;
+ const char tag[] = "(pam_smbpass) ";
+ char *mod_format;
+
+ mod_format = SMB_MALLOC_ARRAY(char, sizeof(tag) + strlen(format));
+ /* try really, really hard to log something, since this may have
+ been a message about a malloc() failure... */
+ if (mod_format == NULL) {
+ va_start(args, format);
+ vsyslog(err | LOG_AUTH, format, args);
+ va_end(args);
+ return;
+ }
- va_start( args, format );
- openlog( "PAM_smbpass", LOG_CONS | LOG_PID, LOG_AUTH );
- vsyslog( err, format, args );
- va_end( args );
- closelog();
+ strncpy(mod_format, tag, strlen(tag)+1);
+ strncat(mod_format, format, strlen(format));
+
+ va_start(args, format);
+ vsyslog(err | LOG_AUTH, mod_format, args);
+ va_end(args);
+
+ free(mod_format);
}
+#endif
/* this is a front-end for module-application conversations */
@@ -90,11 +116,11 @@ int converse( pam_handle_t * pamh, int ctrl, int nargs
,response, conv->appdata_ptr);
if (retval != PAM_SUCCESS && on(SMB_DEBUG, ctrl)) {
- _log_err(LOG_DEBUG, "conversation failure [%s]"
+ _log_err(pamh, LOG_DEBUG, "conversation failure [%s]"
,pam_strerror(pamh, retval));
}
} else {
- _log_err(LOG_ERR, "couldn't obtain coversation function [%s]"
+ _log_err(pamh, LOG_ERR, "couldn't obtain coversation function [%s]"
,pam_strerror(pamh, retval));
}
@@ -121,7 +147,7 @@ int make_remark( pam_handle_t * pamh, unsigned int ctrl
/* set the control flags for the SMB module. */
-int set_ctrl( int flags, int argc, const char **argv )
+int set_ctrl( pam_handle_t *pamh, int flags, int argc, const char **argv )
{
int i = 0;
const char *service_file = NULL;
@@ -163,7 +189,7 @@ int set_ctrl( int flags, int argc, const char **argv )
/* Read some options from the Samba config. Can be overridden by
the PAM config. */
if(lp_load(service_file,True,False,False,True) == False) {
- _log_err( LOG_ERR, "Error loading service file %s", service_file );
+ _log_err(pamh, LOG_ERR, "Error loading service file %s", service_file);
}
secrets_init();
@@ -186,7 +212,7 @@ int set_ctrl( int flags, int argc, const char **argv )
}
if (j >= SMB_CTRLS_) {
- _log_err( LOG_ERR, "unrecognized option [%s]", *argv );
+ _log_err(pamh, LOG_ERR, "unrecognized option [%s]", *argv);
} else {
ctrl &= smb_args[j].mask; /* for turning things off */
ctrl |= smb_args[j].flag; /* for turning things on */
@@ -225,7 +251,7 @@ void _cleanup( pam_handle_t * pamh, void *x, int error_status )
* evidence of old token around for later stack analysis.
*
*/
-char * smbpXstrDup( const char *x )
+char * smbpXstrDup( pam_handle_t *pamh, const char *x )
{
register char *newstr = NULL;
@@ -235,7 +261,7 @@ char * smbpXstrDup( const char *x )
for (i = 0; x[i]; ++i); /* length of string */
if ((newstr = SMB_MALLOC_ARRAY(char, ++i)) == NULL) {
i = 0;
- _log_err( LOG_CRIT, "out of memory in smbpXstrDup" );
+ _log_err(pamh, LOG_CRIT, "out of memory in smbpXstrDup");
} else {
while (i-- > 0) {
newstr[i] = x[i];
@@ -277,7 +303,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
/* log the number of authentication failures */
if (failure->count != 0) {
_pam_get_item( pamh, PAM_SERVICE, &service );
- _log_err( LOG_NOTICE
+ _log_err(pamh, LOG_NOTICE
, "%d authentication %s "
"from %s for service %s as %s(%d)"
, failure->count
@@ -286,7 +312,7 @@ void _cleanup_failures( pam_handle_t * pamh, void *fl, int err )
, service == NULL ? "**unknown**" : service
, failure->user, failure->id );
if (failure->count > SMB_MAX_RETRIES) {
- _log_err( LOG_ALERT
+ _log_err(pamh, LOG_ALERT
, "service(%s) ignoring max retries; %d > %d"
, service == NULL ? "**unknown**" : service
, failure->count
@@ -322,8 +348,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
if (!pdb_get_nt_passwd(sampass))
{
- _log_err( LOG_DEBUG, "user %s has null SMB password"
- , name );
+ _log_err(pamh, LOG_DEBUG, "user %s has null SMB password", name);
if (off( SMB__NONULL, ctrl )
&& (pdb_get_acct_ctrl(sampass) & ACB_PWNOTREQ))
@@ -333,7 +358,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
const char *service;
_pam_get_item( pamh, PAM_SERVICE, &service );
- _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+ _log_err(pamh, LOG_NOTICE, "failed auth request by %s for service %s as %s",
uidtoname(getuid()), service ? service : "**unknown**", name);
return PAM_AUTH_ERR;
}
@@ -341,7 +366,7 @@ int _smb_verify_password( pam_handle_t * pamh, struct samu *sampass,
data_name = SMB_MALLOC_ARRAY(char, sizeof(FAIL_PREFIX) + strlen( name ));
if (data_name == NULL) {
- _log_err( LOG_CRIT, "no memory for data-name" );
+ _log_err(pamh, LOG_CRIT, "no memory for data-name" );
return PAM_AUTH_ERR;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list