(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
- d_printf("error code was %s (0x%x)\n",
+ d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
- response.data.auth.nt_status);
+ response.data.auth.nt_status,
+ response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS;
}
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status)
- d_printf("error code was %s (0x%x)\n",
+ d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string,
- response.data.auth.nt_status);
+ response.data.auth.nt_status,
+ response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS;
}
/* Process a new connection by adding it to the client connection list */
-static void new_connection(int listen_sock, BOOL privilaged)
+static void new_connection(int listen_sock, BOOL privileged)
{
struct sockaddr_un sunaddr;
struct winbindd_cli_state *state;
state->last_access = time(NULL);
- state->privilaged = privilaged;
+ state->privileged = privileged;
/* Add to connection list */
break;
}
}
- /* new, non-privilaged connection */
+ /* new, non-privileged connection */
new_connection(listen_sock, False);
}
break;
}
}
- /* new, privilaged connection */
+ /* new, privileged connection */
new_connection(listen_priv_sock, True);
}
BOOL finished; /* Can delete from list */
BOOL write_extra_data; /* Write extra_data field */
time_t last_access; /* Time of last access (read or write) */
- BOOL privilaged; /* Is the client 'privilaged' */
+ BOOL privileged; /* Is the client 'privileged' */
struct winbindd_request request; /* Request from client */
struct winbindd_response response; /* Respose to client */
enum winbindd_result winbindd_priv_pipe_dir(struct winbindd_cli_state *state)
{
- DEBUG(3, ("[%5d]: request location of privilaged pipe\n", state->pid));
+ DEBUG(3, ("[%5d]: request location of privileged pipe\n", state->pid));
state->response.extra_data = strdup(get_winbind_priv_pipe_dir());
if (!state->response.extra_data)
#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
-#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privilaged" /* name of subdirectory of lp_lockdir() to hold the 'privilaged' pipe */
+#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
/* Placeholder for end of cmd list */
- /* find the location of our privilaged pipe */
+ /* find the location of our privileged pipe */
WINBINDD_PRIV_PIPE_DIR,
WINBINDD_NUM_CMDS
uni_group_cache_store_netlogon(mem_ctx, &info3);
done:
-
+
+ /* give us a more useful (more correct?) error code */
+ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
+ result = NT_STATUS_NO_LOGON_SERVERS;
+ }
+
state->response.data.auth.nt_status = NT_STATUS_V(result);
fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
DATA_BLOB lm_resp, nt_resp;
- if (!state->privilaged) {
- DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n"));
+ if (!state->privileged) {
+ DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access denied!\n"));
+ /* send a better message than ACCESS_DENIED */
+ push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap");
result = NT_STATUS_ACCESS_DENIED;
goto done;
}
memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */);
}
if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) {
- memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */);
+ memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */);
}
}
done:
+ /* give us a more useful (more correct?) error code */
+ if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
+ result = NT_STATUS_NO_LOGON_SERVERS;
+ }
+
state->response.data.auth.nt_status = NT_STATUS_V(result);
push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result));
- push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result));
+ if (!*state->response.data.auth.error_string)
+ push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
state->response.data.auth.pam_error = nt_status_to_pam(result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,