summaryrefslogtreecommitdiff
path: root/source4/auth
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2011-11-17 18:24:24 +1100
committerAmitay Isaacs <amitay@gmail.com>2011-11-18 14:38:28 +1100
commitf93ec5a0274b3b14a5ad2cff287fcb5e48d59731 (patch)
tree5c87981e48eb13017c51df18138dcf1ac29372e4 /source4/auth
parente6c77f523b8ed8332ecb4d50a6af7eaa7e6f19af (diff)
downloadsamba-f93ec5a0274b3b14a5ad2cff287fcb5e48d59731.tar.gz
samba-f93ec5a0274b3b14a5ad2cff287fcb5e48d59731.tar.bz2
samba-f93ec5a0274b3b14a5ad2cff287fcb5e48d59731.zip
s4-auth log details about any token we fail to convert to a unix token
Now that entries are being added into the idmap DB from Samba3, and may be UID or GID but not BOTH, failures are more likely. Andrew Bartlett
Diffstat (limited to 'source4/auth')
-rw-r--r--source4/auth/unix_token.c17
1 files changed, 17 insertions, 0 deletions
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c
index 765bf06188..24f3226cea 100644
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -78,6 +78,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
} else if (ids[0].xid.type == ID_TYPE_UID) {
(*sec)->uid = ids[0].xid.id;
} else {
+ char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
+ DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID. Conversion was returned as type %d, full token:\n",
+ sid_str, (int)ids[0].xid.type));
+ security_token_debug(0, 0, token);
+ talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@@ -87,6 +92,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
(*sec)->groups[g] = ids[1].xid.id;
g++;
} else {
+ char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
+ DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID. Conversion was returned as type %d, full token:\n",
+ sid_str, (int)ids[1].xid.type));
+ security_token_debug(0, 0, token);
+ talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
@@ -96,10 +106,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
(*sec)->groups[g] = ids[s].xid.id;
g++;
} else {
+ char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
+ DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID. Conversion was returned as type %d, full token:\n",
+ sid_str, (unsigned int)s, (int)ids[s].xid.type));
+ security_token_debug(0, 0, token);
+ talloc_free(sid_str);
return NT_STATUS_INVALID_SID;
}
}
+ DEBUG(5, ("Successfully converted security token to a unix token:"));
+ security_token_debug(0, 5, token);
TALLOC_FREE(ids);
return NT_STATUS_OK;