diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-04-07 07:32:51 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-07 07:32:51 +0000 |
commit | d23b35a65f9b178d72b7fe8dd15ae09baa695021 (patch) | |
tree | 5ca36b5108cb48ea0aeaa8f448847ff31d5980cc /source3/nsswitch/winbindd_pam.c | |
parent | 6dce8c678a806add23c9bc05be65a050f7fedf0a (diff) | |
download | samba-d23b35a65f9b178d72b7fe8dd15ae09baa695021.tar.gz samba-d23b35a65f9b178d72b7fe8dd15ae09baa695021.tar.bz2 samba-d23b35a65f9b178d72b7fe8dd15ae09baa695021.zip |
Winbind merges from HEAD:
- fix winbindd_pam bugs
- give a better error message for unauthorized access to auth_crap
- show this message in wbinfo
- fix spelling: privilaged -> privileged
** This changes the location of the winbindd privileged pipe **
(thanks to tpot)
Andrew Bartlett
(This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8)
Diffstat (limited to 'source3/nsswitch/winbindd_pam.c')
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 23 |
1 files changed, 18 insertions, 5 deletions
diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d408a8b3ae..e49a95f4b8 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) uni_group_cache_store_netlogon(mem_ctx, &info3); done: - + + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); @@ -174,8 +179,10 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) DATA_BLOB lm_resp, nt_resp; - if (!state->privilaged) { - DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n")); + if (!state->privileged) { + DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access denied!\n")); + /* send a better message than ACCESS_DENIED */ + push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap"); result = NT_STATUS_ACCESS_DENIED; goto done; } @@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); } if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { - memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); + memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */); } } done: + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); - push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); + if (!*state->response.data.auth.error_string) + push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, |