From: Andrew Bartlett Date: Mon, 7 Apr 2003 07:32:51 +0000 (+0000) Subject: Winbind merges from HEAD: X-Git-Tag: samba-4.0.0alpha6~801^2~14325 X-Git-Url: http://git.samba.org/samba.git/?p=sfrench%2Fsamba-autobuild%2F.git;a=commitdiff_plain;h=d23b35a65f9b178d72b7fe8dd15ae09baa695021 Winbind merges from HEAD: - fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8) --- diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 4f621e7008a..16644cd4840 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -447,9 +447,10 @@ static BOOL wbinfo_auth(char *username) (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, - response.data.auth.nt_status); + response.data.auth.nt_status, + response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; } @@ -502,9 +503,10 @@ static BOOL wbinfo_auth_crap(char *username) (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, - response.data.auth.nt_status); + response.data.auth.nt_status, + response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; } diff --git a/source3/nsswitch/winbindd.c b/source3/nsswitch/winbindd.c index 3b91f2d6af9..4b557e20782 100644 --- a/source3/nsswitch/winbindd.c +++ b/source3/nsswitch/winbindd.c @@ -312,7 +312,7 @@ static void process_request(struct winbindd_cli_state *state) /* Process a new connection by adding it to the client connection list */ -static void new_connection(int listen_sock, BOOL privilaged) +static void new_connection(int listen_sock, BOOL privileged) { struct sockaddr_un sunaddr; struct winbindd_cli_state *state; @@ -343,7 +343,7 @@ static void new_connection(int listen_sock, BOOL privilaged) state->last_access = time(NULL); - state->privilaged = privilaged; + state->privileged = privileged; /* Add to connection list */ @@ -664,7 +664,7 @@ static void process_loop(void) break; } } - /* new, non-privilaged connection */ + /* new, non-privileged connection */ new_connection(listen_sock, False); } @@ -678,7 +678,7 @@ static void process_loop(void) break; } } - /* new, privilaged connection */ + /* new, privileged connection */ new_connection(listen_priv_sock, True); } diff --git a/source3/nsswitch/winbindd.h b/source3/nsswitch/winbindd.h index f6b0e735430..ad0d6fbc3b0 100644 --- a/source3/nsswitch/winbindd.h +++ b/source3/nsswitch/winbindd.h @@ -42,7 +42,7 @@ struct winbindd_cli_state { BOOL finished; /* Can delete from list */ BOOL write_extra_data; /* Write extra_data field */ time_t last_access; /* Time of last access (read or write) */ - BOOL privilaged; /* Is the client 'privilaged' */ + BOOL privileged; /* Is the client 'privileged' */ struct winbindd_request request; /* Request from client */ struct winbindd_response response; /* Respose to client */ diff --git a/source3/nsswitch/winbindd_misc.c b/source3/nsswitch/winbindd_misc.c index 3b44d029c00..52889e85d42 100644 --- a/source3/nsswitch/winbindd_misc.c +++ b/source3/nsswitch/winbindd_misc.c @@ -239,7 +239,7 @@ enum winbindd_result winbindd_netbios_name(struct winbindd_cli_state *state) enum winbindd_result winbindd_priv_pipe_dir(struct winbindd_cli_state *state) { - DEBUG(3, ("[%5d]: request location of privilaged pipe\n", state->pid)); + DEBUG(3, ("[%5d]: request location of privileged pipe\n", state->pid)); state->response.extra_data = strdup(get_winbind_priv_pipe_dir()); if (!state->response.extra_data) diff --git a/source3/nsswitch/winbindd_nss.h b/source3/nsswitch/winbindd_nss.h index 88f4a11f875..cc1b1440633 100644 --- a/source3/nsswitch/winbindd_nss.h +++ b/source3/nsswitch/winbindd_nss.h @@ -30,7 +30,7 @@ #define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */ #define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */ -#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privilaged" /* name of subdirectory of lp_lockdir() to hold the 'privilaged' pipe */ +#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */ #define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */ #define WINBINDD_DONT_ENV "_NO_WINBINDD" @@ -105,7 +105,7 @@ enum winbindd_cmd { WINBINDD_NETBIOS_NAME, /* The netbios name of the server */ /* Placeholder for end of cmd list */ - /* find the location of our privilaged pipe */ + /* find the location of our privileged pipe */ WINBINDD_PRIV_PIPE_DIR, WINBINDD_NUM_CMDS diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d408a8b3ae4..e49a95f4b87 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) uni_group_cache_store_netlogon(mem_ctx, &info3); done: - + + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); @@ -174,8 +179,10 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) DATA_BLOB lm_resp, nt_resp; - if (!state->privilaged) { - DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n")); + if (!state->privileged) { + DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access denied!\n")); + /* send a better message than ACCESS_DENIED */ + push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap"); result = NT_STATUS_ACCESS_DENIED; goto done; } @@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); } if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { - memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); + memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */); } } done: + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); - push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); + if (!*state->response.data.auth.error_string) + push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,