diff options
-rw-r--r-- | source3/nsswitch/wbinfo.c | 10 | ||||
-rw-r--r-- | source3/nsswitch/winbindd_pam.c | 19 | ||||
-rw-r--r-- | source3/utils/ntlm_auth.c | 10 |
3 files changed, 28 insertions, 11 deletions
diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 5ec8e534aa..61c54b3738 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -447,9 +447,10 @@ static BOOL wbinfo_auth(char *username) (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, - response.data.auth.nt_status); + response.data.auth.nt_status, + response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; } @@ -502,9 +503,10 @@ static BOOL wbinfo_auth_crap(char *username) (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); if (response.data.auth.nt_status) - d_printf("error code was %s (0x%x)\n", + d_printf("error code was %s (0x%x)\nerror messsage was: %s\n", response.data.auth.nt_status_string, - response.data.auth.nt_status); + response.data.auth.nt_status, + response.data.auth.error_string); return result == NSS_STATUS_SUCCESS; } diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d408a8b3ae..e65d2bb0f6 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) uni_group_cache_store_netlogon(mem_ctx, &info3); done: - + + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); @@ -176,6 +181,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) if (!state->privilaged) { DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n")); + /* send a better message than ACCESS_DENIED */ + push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap"); result = NT_STATUS_ACCESS_DENIED; goto done; } @@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); } if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { - memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); + memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */); } } done: + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); - push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); + if (!*state->response.data.auth.error_string) + push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 82e6127d55..88913c8051 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -157,17 +157,19 @@ static BOOL check_plaintext_auth(const char *user, const char *pass, BOOL stdout d_printf("Reading winbind reply failed! (0x01)\n"); } - d_printf("%s (0x%x)\n", + d_printf("%s: %s (0x%x)\n", response.data.auth.nt_status_string, + response.data.auth.error_string, response.data.auth.nt_status); } else { if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) { DEBUG(1, ("Reading winbind reply failed! (0x01)\n")); } - DEBUG(3, ("%s (0x%x)\n", - response.data.auth.nt_status_string, - response.data.auth.nt_status)); + DEBUG(3, ("%s: %s (0x%x)\n", + response.data.auth.nt_status_string, + response.data.auth.error_string, + response.data.auth.nt_status)); } return (result == NSS_STATUS_SUCCESS); |