From 3fdef9433a9e08064b32e34a16ce62a60ce144fb Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vlendec@samba.org>
Date: Mon, 19 Mar 2007 21:04:56 +0000
Subject: r21878: Fix a bug with smbd serving a windows terminal server: If
 winbind decides smbd to be idle it might happen that smbd needs to do a
 winbind operation (for example sid2name) as non-root. This then fails to get
 the privileged pipe. When later on on the same connection another
 authentication request comes in, we try to do the CRAP auth via the
 non-privileged pipe.

This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.

Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
---
 source3/auth/auth_winbind.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'source3/auth/auth_winbind.c')

diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index fa56757950d..f06f83f4065 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -108,7 +108,8 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
 
 	/* we are contacting the privileged pipe */
 	become_root();
-	result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
+	result = winbindd_priv_request_response(WINBINDD_PAM_AUTH_CRAP,
+						&request, &response);
 	unbecome_root();
 
 	if ( result == NSS_STATUS_UNAVAIL )  {
-- 
cgit