summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2003-04-07 07:32:51 +0000
committerAndrew Bartlett <abartlet@samba.org>2003-04-07 07:32:51 +0000
commitd23b35a65f9b178d72b7fe8dd15ae09baa695021 (patch)
tree5ca36b5108cb48ea0aeaa8f448847ff31d5980cc
parent6dce8c678a806add23c9bc05be65a050f7fedf0a (diff)
downloadsamba-d23b35a65f9b178d72b7fe8dd15ae09baa695021.tar.gz
samba-d23b35a65f9b178d72b7fe8dd15ae09baa695021.tar.xz
samba-d23b35a65f9b178d72b7fe8dd15ae09baa695021.zip
Winbind merges from HEAD:
- fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
-rw-r--r--source3/nsswitch/wbinfo.c10
-rw-r--r--source3/nsswitch/winbindd.c8
-rw-r--r--source3/nsswitch/winbindd.h2
-rw-r--r--source3/nsswitch/winbindd_misc.c2
-rw-r--r--source3/nsswitch/winbindd_nss.h4
-rw-r--r--source3/nsswitch/winbindd_pam.c23
6 files changed, 32 insertions, 17 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c
index 4f621e7008a..16644cd4840 100644
--- a/source3/nsswitch/wbinfo.c
+++ b/source3/nsswitch/wbinfo.c
@@ -447,9 +447,10 @@ static BOOL wbinfo_auth(char *username)
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
- d_printf("error code was %s (0x%x)\n",
+ d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
- response.data.auth.nt_status);
+ response.data.auth.nt_status,
+ response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS;
}
@@ -502,9 +503,10 @@ static BOOL wbinfo_auth_crap(char *username)
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
- d_printf("error code was %s (0x%x)\n",
+ d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
- response.data.auth.nt_status);
+ response.data.auth.nt_status,
+ response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS;
}
diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c
index 3b91f2d6af9..4b557e20782 100644
--- a/source3/nsswitch/winbindd.c
+++ b/source3/nsswitch/winbindd.c
@@ -312,7 +312,7 @@ static void process_request(struct winbindd_cli_state *state)
/* Process a new connection by adding it to the client connection list */
-static void new_connection(int listen_sock, BOOL privilaged)
+static void new_connection(int listen_sock, BOOL privileged)
{
struct sockaddr_un sunaddr;
struct winbindd_cli_state *state;
@@ -343,7 +343,7 @@ static void new_connection(int listen_sock, BOOL privilaged)
state->last_access = time(NULL);
- state->privilaged = privilaged;
+ state->privileged = privileged;
/* Add to connection list */
@@ -664,7 +664,7 @@ static void process_loop(void)
break;
}
}
- /* new, non-privilaged connection */
+ /* new, non-privileged connection */
new_connection(listen_sock, False);
}
@@ -678,7 +678,7 @@ static void process_loop(void)
break;
}
}
- /* new, privilaged connection */
+ /* new, privileged connection */
new_connection(listen_priv_sock, True);
}
diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h
index f6b0e735430..ad0d6fbc3b0 100644
--- a/source3/nsswitch/winbindd.h
+++ b/source3/nsswitch/winbindd.h
@@ -42,7 +42,7 @@ struct winbindd_cli_state {
BOOL finished; /* Can delete from list */
BOOL write_extra_data; /* Write extra_data field */
time_t last_access; /* Time of last access (read or write) */
- BOOL privilaged; /* Is the client 'privilaged' */
+ BOOL privileged; /* Is the client 'privileged' */
struct winbindd_request request; /* Request from client */
struct winbindd_response response; /* Respose to client */
diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c
index 3b44d029c00..52889e85d42 100644
--- a/source3/nsswitch/winbindd_misc.c
+++ b/source3/nsswitch/winbindd_misc.c
@@ -239,7 +239,7 @@ enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state)
enum winbindd_result winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request location of privilaged pipe\n", state->pid));
+ DEBUG(3, ("[%5d]: request location of privileged pipe\n", state->pid));
state->response.extra_data = strdup(get_winbind_priv_pipe_dir());
if (!state->response.extra_data)
diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h
index 88f4a11f875..cc1b1440633 100644
--- a/source3/nsswitch/winbindd_nss.h
+++ b/source3/nsswitch/winbindd_nss.h
@@ -30,7 +30,7 @@
#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
-#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privilaged" /* name of subdirectory of lp_lockdir() to hold the 'privilaged' pipe */
+#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
@@ -105,7 +105,7 @@ enum winbindd_cmd {
WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
/* Placeholder for end of cmd list */
- /* find the location of our privilaged pipe */
+ /* find the location of our privileged pipe */
WINBINDD_PRIV_PIPE_DIR,
WINBINDD_NUM_CMDS
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c
index d408a8b3ae4..e49a95f4b87 100644
--- a/source3/nsswitch/winbindd_pam.c
+++ b/source3/nsswitch/winbindd_pam.c
@@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
uni_group_cache_store_netlogon(mem_ctx, &info3);
done:
-
+
+ /* give us a more useful (more correct?) error code */
+ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
+ result = NT_STATUS_NO_LOGON_SERVERS;
+ }
+
state->response.data.auth.nt_status = NT_STATUS_V(result);
fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
@@ -174,8 +179,10 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
DATA_BLOB lm_resp, nt_resp;
- if (!state->privilaged) {
- DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n"));
+ if (!state->privileged) {
+ DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access denied!\n"));
+ /* send a better message than ACCESS_DENIED */
+ push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap");
result = NT_STATUS_ACCESS_DENIED;
goto done;
}
@@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */);
}
if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) {
- memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */);
+ memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */);
}
}
done:
+ /* give us a more useful (more correct?) error code */
+ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
+ result = NT_STATUS_NO_LOGON_SERVERS;
+ }
+
state->response.data.auth.nt_status = NT_STATUS_V(result);
push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result));
- push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result));
+ if (!*state->response.data.auth.error_string)
+ push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
state->response.data.auth.pam_error = nt_status_to_pam(result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,