diff options
author | Volker Lendecke <vl@samba.org> | 2010-04-13 12:09:21 +0200 |
---|---|---|
committer | Volker Lendecke <vl@samba.org> | 2010-04-13 13:30:53 +0200 |
commit | be813ff2d4a8d85eccc641f0d0739b31f4fdb964 (patch) | |
tree | 080ae38b0b3ffcfeaacb298448b55881bdf911d8 /nsswitch/libwbclient/wbc_pam.c | |
parent | fcab3d64f496693c70cc1ff1bcf1cf439a15fcf1 (diff) | |
download | samba-be813ff2d4a8d85eccc641f0d0739b31f4fdb964.tar.gz samba-be813ff2d4a8d85eccc641f0d0739b31f4fdb964.tar.bz2 samba-be813ff2d4a8d85eccc641f0d0739b31f4fdb964.zip |
libwbclient: Re-Fix a bug that was fixed with e5741e27c4c
> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.
The fix for this was lost during the conversion to libwbclient.
Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out!
Volker
Diffstat (limited to 'nsswitch/libwbclient/wbc_pam.c')
-rw-r--r-- | nsswitch/libwbclient/wbc_pam.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 8cc4c71642..0417af4446 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -462,9 +462,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.flags |= params->flags; } - wbc_status = wbcRequestResponse(cmd, - &request, - &response); + if (cmd == WINBINDD_PAM_AUTH_CRAP) { + wbc_status = wbcRequestResponsePriv(cmd, &request, &response); + } else { + wbc_status = wbcRequestResponse(cmd, &request, &response); + } if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(&response, @@ -510,9 +512,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain, /* Send request */ - wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC, - &request, - &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC, + &request, &response); if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(&response, @@ -547,9 +548,8 @@ wbcErr wbcChangeTrustCredentials(const char *domain, /* Send request */ - wbc_status = wbcRequestResponse(WINBINDD_CHANGE_MACHACC, - &request, - &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_CHANGE_MACHACC, + &request, &response); if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(&response, |