int _smb_verify_password( pam_handle_t * pamh, SAM_ACCOUNT *sampass,
const char *p, unsigned int ctrl )
{
- uchar hash_pass[16];
uchar lm_pw[16];
uchar nt_pw[16];
int retval = PAM_AUTH_ERR;
const char *service;
pam_get_item( pamh, PAM_SERVICE, (const void **)&service );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err( LOG_NOTICE, "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()), service ? service : "**unknown**", name);
return PAM_AUTH_ERR;
}
}
strncpy( data_name, FAIL_PREFIX, sizeof(FAIL_PREFIX) );
strncpy( data_name + sizeof(FAIL_PREFIX) - 1, name, strlen( name ) + 1 );
- /* First we check whether we've been given the password in already
- encrypted form. */
- if (strlen( p ) == 16 || (strlen( p ) == 32
- && pdb_gethexpwd( p, (char *) hash_pass ))) {
-
- if (!memcmp( hash_pass, pdb_get_lanman_passwd(sampass), 16 )
- || (pdb_get_nt_passwd(sampass)
- && !memcmp( hash_pass, pdb_get_nt_passwd(sampass), 16 )))
- {
- retval = PAM_SUCCESS;
- if (data_name) { /* reset failures */
- pam_set_data( pamh, data_name, NULL, _cleanup_failures );
- }
- _pam_delete( data_name );
- memset( hash_pass, '\0', 16 );
- return retval;
- }
- }
-
/*
* The password we were given wasn't an encrypted password, or it
* didn't match the one we have. We encrypt the password now and try
retval = PAM_MAXTRIES;
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
new->count = 1;
}
+ if (NT_STATUS_IS_ERR(sid_to_uid(pdb_get_user_sid(sampass, &(new->id), &type)))) {
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
+ }
new->user = smbpXstrDup( name );
- new->id = pdb_get_uid(sampass);
new->agent = smbpXstrDup( uidtoname( getuid() ) );
pam_set_data( pamh, data_name, new, _cleanup_failures );
} else {
_log_err( LOG_CRIT, "no memory for failure recorder" );
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
}
} else {
- _log_err( LOG_NOTICE
- , "failed auth request by %s for service %s as %s(%d)"
- , uidtoname( getuid() )
- , service ? service : "**unknown**", name
- , pdb_get_uid(sampass) );
+ _log_err(LOG_NOTICE,
+ "failed auth request by %s for service %s as %s(%d)",
+ uidtoname(getuid()),
+ service ? service : "**unknown**", name);
retval = PAM_AUTH_ERR;
}
}