diff options
| author | Volker Lendecke <vlendec@samba.org> | 2007-03-19 21:04:56 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:18:42 -0500 |
| commit | 3fdef9433a9e08064b32e34a16ce62a60ce144fb (patch) | |
| tree | c035739e6b8a7c4b57d937fe25961b9e469b4b60 /source3/auth | |
| parent | 7c09cfd0806d24e89f4dc9714a9efe09758e6f12 (diff) | |
| download | samba-3fdef9433a9e08064b32e34a16ce62a60ce144fb.tar.gz samba-3fdef9433a9e08064b32e34a16ce62a60ce144fb.tar.bz2 samba-3fdef9433a9e08064b32e34a16ce62a60ce144fb.zip | |
r21878: Fix a bug with smbd serving a windows terminal server: If winbind decides smbd
to be idle it might happen that smbd needs to do a winbind operation (for
example sid2name) as non-root. This then fails to get the privileged
pipe. When later on on the same connection another authentication request
comes in, we try to do the CRAP auth via the non-privileged pipe.
This adds a winbindd_priv_request_response() request that kills the existing
winbind pipe connection if it's not privileged.
Volker
(This used to be commit e5741e27c4c22702c9f8b07877641fecc7eef39c)
Diffstat (limited to 'source3/auth')
| -rw-r--r-- | source3/auth/auth_winbind.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c index fa56757950..f06f83f406 100644 --- a/source3/auth/auth_winbind.c +++ b/source3/auth/auth_winbind.c @@ -108,7 +108,8 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context, /* we are contacting the privileged pipe */ become_root(); - result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); + result = winbindd_priv_request_response(WINBINDD_PAM_AUTH_CRAP, + &request, &response); unbecome_root(); if ( result == NSS_STATUS_UNAVAIL ) { |