From d23b35a65f9b178d72b7fe8dd15ae09baa695021 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 7 Apr 2003 07:32:51 +0000 Subject: Winbind merges from HEAD: - fix winbindd_pam bugs - give a better error message for unauthorized access to auth_crap - show this message in wbinfo - fix spelling: privilaged -> privileged ** This changes the location of the winbindd privileged pipe ** (thanks to tpot) Andrew Bartlett (This used to be commit 92c2a33483cc9ddd1dd627224192a3023f8caff8) --- source3/nsswitch/winbindd_pam.c | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'source3/nsswitch/winbindd_pam.c') diff --git a/source3/nsswitch/winbindd_pam.c b/source3/nsswitch/winbindd_pam.c index d408a8b3ae..e49a95f4b8 100644 --- a/source3/nsswitch/winbindd_pam.c +++ b/source3/nsswitch/winbindd_pam.c @@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state) uni_group_cache_store_netlogon(mem_ctx, &info3); done: - + + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); @@ -174,8 +179,10 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) DATA_BLOB lm_resp, nt_resp; - if (!state->privilaged) { - DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n")); + if (!state->privileged) { + DEBUG(2, ("winbindd_pam_auth_crap: non-privileged access denied!\n")); + /* send a better message than ACCESS_DENIED */ + push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap"); result = NT_STATUS_ACCESS_DENIED; goto done; } @@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state) memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); } if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { - memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); + memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */); } } done: + /* give us a more useful (more correct?) error code */ + if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) { + result = NT_STATUS_NO_LOGON_SERVERS; + } + state->response.data.auth.nt_status = NT_STATUS_V(result); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); - push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); + if (!*state->response.data.auth.error_string) + push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); state->response.data.auth.pam_error = nt_status_to_pam(result); DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, -- cgit