diff options
| author | Volker Lendecke <vlendec@samba.org> | 2007-03-19 21:04:56 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:42 -0500 |
| commit | e5741e27c4c22702c9f8b07877641fecc7eef39c (patch) | |
| tree | 0d32d9bd21c8d6d4a675bea16cc160e9305cd7a8 /source/auth | |
| parent | 184571e4b0283fb1a62c441f10429006656052c8 (diff) | |
| download | samba-e5741e27c4c22702c9f8b07877641fecc7eef39c.tar.gz samba-e5741e27c4c22702c9f8b07877641fecc7eef39c.tar.xz samba-e5741e27c4c22702c9f8b07877641fecc7eef39c.zip | |
r21878: Fix a bug with smbd serving a windows terminal server: If winbind decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
Diffstat (limited to 'source/auth')
| -rw-r--r-- | source/auth/auth_winbind.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source/auth/auth_winbind.c b/source/auth/auth_winbind.c index fa56757950d..f06f83f4065 100644 --- a/source/auth/auth_winbind.c +++ b/source/auth/auth_winbind.c @@ -108,7 +108,8 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, /* we are contacting the privileged pipe */ become_root(); - result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); + result = winbindd_priv_request_response(WINBINDD_PAM_AUTH_CRAP, + &request, &response); unbecome_root(); if ( result == NSS_STATUS_UNAVAIL ) { |