else
{
DEBUG (3, ("check_access: hostnames in host allow/deny list.\n"));
- ret = allow_access(deny_list,allow_list, get_socket_name(sock),
+ ret = allow_access(deny_list,allow_list, get_socket_name(sock,True),
get_socket_addr(sock));
}
if (ret)
{
DEBUG(2,("Allowed connection from %s (%s)\n",
- only_ip ? "" : get_socket_name(sock),
+ only_ip ? "" : get_socket_name(sock,True),
get_socket_addr(sock)));
}
else
{
DEBUG(0,("Denied connection from %s (%s)\n",
- only_ip ? "" : get_socket_name(sock),
+ only_ip ? "" : get_socket_name(sock,True),
get_socket_addr(sock)));
}
}
char *client_name(void)
{
- return get_socket_name(client_fd);
+ return get_socket_name(client_fd,False);
}
char *client_addr(void)
/*******************************************************************
return the DNS name of the remote end of a socket
******************************************************************/
-char *get_socket_name(int fd)
+char *get_socket_name(int fd, BOOL force_lookup)
{
static pstring name_buf;
static fstring addr_buf;
situations won't work because many networks don't link dhcp
with dns. To avoid the delay we avoid the lookup if
possible */
- if (!lp_hostname_lookups()) {
+ if (!lp_hostname_lookups() && (force_lookup == False)) {
return get_socket_addr(fd);
}
return PAM_SUCCESS;
}
-/* talk to winbindd */
-static int winbind_auth_request(const char *user, const char *pass, int ctrl)
+static int pam_winbind_request_log(enum winbindd_cmd req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response,
+ int ctrl,
+ const char *user)
{
- struct winbindd_request request;
- struct winbindd_response response;
int retval;
- ZERO_STRUCT(request);
-
- strncpy(request.data.auth.user, user,
- sizeof(request.data.auth.user)-1);
-
- strncpy(request.data.auth.pass, pass,
- sizeof(request.data.auth.pass)-1);
-
- retval = pam_winbind_request(WINBINDD_PAM_AUTH, &request, &response);
+ retval = pam_winbind_request(req_type, request, response);
switch (retval) {
case PAM_AUTH_ERR:
}
return retval;
case PAM_SUCCESS:
- /* Otherwise, the authentication looked good */
- _pam_log(LOG_NOTICE, "user '%s' granted acces", user);
+ if (req_type == WINBINDD_PAM_AUTH) {
+ /* Otherwise, the authentication looked good */
+ _pam_log(LOG_NOTICE, "user '%s' granted acces", user);
+ } else if (req_type == WINBINDD_PAM_CHAUTHTOK) {
+ /* Otherwise, the authentication looked good */
+ _pam_log(LOG_NOTICE, "user '%s' password changed", user);
+ } else {
+ /* Otherwise, the authentication looked good */
+ _pam_log(LOG_NOTICE, "user '%s' OK", user);
+ }
return retval;
default:
/* we don't know anything about this return value */
retval, user);
return retval;
}
- /* should not be reached */
+}
+
+/* talk to winbindd */
+static int winbind_auth_request(const char *user, const char *pass, int ctrl)
+{
+ struct winbindd_request request;
+ struct winbindd_response response;
+
+ ZERO_STRUCT(request);
+
+ strncpy(request.data.auth.user, user,
+ sizeof(request.data.auth.user)-1);
+
+ strncpy(request.data.auth.pass, pass,
+ sizeof(request.data.auth.pass)-1);
+
+
+ return pam_winbind_request_log(WINBINDD_PAM_AUTH, &request, &response, ctrl, user);
}
/* talk to winbindd */
static int winbind_chauthtok_request(const char *user, const char *oldpass,
- const char *newpass)
+ const char *newpass, int ctrl)
{
struct winbindd_request request;
struct winbindd_response response;
request.data.chauthtok.newpass[0] = '\0';
}
- return pam_winbind_request(WINBINDD_PAM_CHAUTHTOK, &request, &response);
+ return pam_winbind_request_log(WINBINDD_PAM_CHAUTHTOK, &request, &response, ctrl, user);
}
/*
* rebuild the password database file.
*/
- retval = winbind_chauthtok_request(user, pass_old, pass_new);
+ retval = winbind_chauthtok_request(user, pass_old, pass_new, ctrl);
_pam_overwrite(pass_new);
_pam_overwrite(pass_old);
pass_old = pass_new = NULL;