From be813ff2d4a8d85eccc641f0d0739b31f4fdb964 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 13 Apr 2010 12:09:21 +0200 Subject: libwbclient: Re-Fix a bug that was fixed with e5741e27c4c > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper for pointing this out! Volker --- nsswitch/libwbclient/wbc_idmap.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'nsswitch/libwbclient/wbc_idmap.c') diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c index caa6a46417..a125b04d7d 100644 --- a/nsswitch/libwbclient/wbc_idmap.c +++ b/nsswitch/libwbclient/wbc_idmap.c @@ -224,8 +224,8 @@ wbcErr wbcAllocateUid(uid_t *puid) /* Make request */ - wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ @@ -254,8 +254,8 @@ wbcErr wbcAllocateGid(gid_t *pgid) /* Make request */ - wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ @@ -300,8 +300,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -337,8 +337,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -374,8 +374,8 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -411,8 +411,8 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -436,8 +436,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) request.data.dual_idmapset.id = uid_hwm; request.data.dual_idmapset.type = _ID_TYPE_UID; - wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -461,8 +461,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm) request.data.dual_idmapset.id = gid_hwm; request.data.dual_idmapset.type = _ID_TYPE_GID; - wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: -- cgit