[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Tue Apr 13 06:29:02 MDT 2010
The branch, master has been updated
via be813ff... libwbclient: Re-Fix a bug that was fixed with e5741e27c4c
from fcab3d6... libwbclient: Remove a pointless variable
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit be813ff2d4a8d85eccc641f0d0739b31f4fdb964
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 12:09:21 2010 +0200
libwbclient: Re-Fix a bug that was fixed with e5741e27c4c
> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.
The fix for this was lost during the conversion to libwbclient.
Thanks to Ira Cooper <samba at ira.wakeful.net> for pointing this out!
Volker
-----------------------------------------------------------------------
Summary of changes:
nsswitch/libwbclient/wbc_idmap.c | 32 +++++++++++++++---------------
nsswitch/libwbclient/wbc_pam.c | 18 ++++++++--------
nsswitch/libwbclient/wbclient.c | 31 +++++++++++++++++++++++++---
nsswitch/libwbclient/wbclient_internal.h | 4 +++
4 files changed, 56 insertions(+), 29 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
index caa6a46..a125b04 100644
--- a/nsswitch/libwbclient/wbc_idmap.c
+++ b/nsswitch/libwbclient/wbc_idmap.c
@@ -224,8 +224,8 @@ wbcErr wbcAllocateUid(uid_t *puid)
/* Make request */
- wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
/* Copy out result */
@@ -254,8 +254,8 @@ wbcErr wbcAllocateGid(gid_t *pgid)
/* Make request */
- wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
/* Copy out result */
@@ -300,8 +300,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid)
sizeof(request.data.dual_idmapset.sid)-1);
wbcFreeMemory(sid_string);
- wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -337,8 +337,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid)
sizeof(request.data.dual_idmapset.sid)-1);
wbcFreeMemory(sid_string);
- wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -374,8 +374,8 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid)
sizeof(request.data.dual_idmapset.sid)-1);
wbcFreeMemory(sid_string);
- wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -411,8 +411,8 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid)
sizeof(request.data.dual_idmapset.sid)-1);
wbcFreeMemory(sid_string);
- wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -436,8 +436,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm)
request.data.dual_idmapset.id = uid_hwm;
request.data.dual_idmapset.type = _ID_TYPE_UID;
- wbc_status = wbcRequestResponse(WINBINDD_SET_HWM,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
@@ -461,8 +461,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm)
request.data.dual_idmapset.id = gid_hwm;
request.data.dual_idmapset.type = _ID_TYPE_GID;
- wbc_status = wbcRequestResponse(WINBINDD_SET_HWM,
- &request, &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM,
+ &request, &response);
BAIL_ON_WBC_ERROR(wbc_status);
done:
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 8cc4c71..0417af4 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -462,9 +462,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
request.flags |= params->flags;
}
- wbc_status = wbcRequestResponse(cmd,
- &request,
- &response);
+ if (cmd == WINBINDD_PAM_AUTH_CRAP) {
+ wbc_status = wbcRequestResponsePriv(cmd, &request, &response);
+ } else {
+ wbc_status = wbcRequestResponse(cmd, &request, &response);
+ }
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(&response,
@@ -510,9 +512,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
/* Send request */
- wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC,
- &request,
- &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC,
+ &request, &response);
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(&response,
@@ -547,9 +548,8 @@ wbcErr wbcChangeTrustCredentials(const char *domain,
/* Send request */
- wbc_status = wbcRequestResponse(WINBINDD_CHANGE_MACHACC,
- &request,
- &response);
+ wbc_status = wbcRequestResponsePriv(WINBINDD_CHANGE_MACHACC,
+ &request, &response);
if (response.data.auth.nt_status != 0) {
if (error) {
wbc_status = wbc_create_error_info(&response,
diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c
index 31a736d..cd5ffa8 100644
--- a/nsswitch/libwbclient/wbclient.c
+++ b/nsswitch/libwbclient/wbclient.c
@@ -30,6 +30,9 @@
NSS_STATUS winbindd_request_response(int req_type,
struct winbindd_request *request,
struct winbindd_response *response);
+NSS_STATUS winbindd_priv_request_response(int req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response);
/** @brief Wrapper around Winbind's send/receive API call
*
@@ -53,16 +56,20 @@ NSS_STATUS winbindd_request_response(int req_type,
--Volker
**********************************************************************/
-wbcErr wbcRequestResponse(int cmd,
- struct winbindd_request *request,
- struct winbindd_response *response)
+static wbcErr wbcRequestResponseInt(
+ int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response,
+ NSS_STATUS (*fn)(int req_type,
+ struct winbindd_request *request,
+ struct winbindd_response *response))
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
NSS_STATUS nss_status;
/* for some calls the request and/or response can be NULL */
- nss_status = winbindd_request_response(cmd, request, response);
+ nss_status = fn(cmd, request, response);
switch (nss_status) {
case NSS_STATUS_SUCCESS:
@@ -82,6 +89,22 @@ wbcErr wbcRequestResponse(int cmd,
return wbc_status;
}
+wbcErr wbcRequestResponse(int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response)
+{
+ return wbcRequestResponseInt(cmd, request, response,
+ winbindd_request_response);
+}
+
+wbcErr wbcRequestResponsePriv(int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response)
+{
+ return wbcRequestResponseInt(cmd, request, response,
+ winbindd_priv_request_response);
+}
+
/** @brief Translate an error value into a string
*
* @param error
diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h
index 2d103ab..5ce8207 100644
--- a/nsswitch/libwbclient/wbclient_internal.h
+++ b/nsswitch/libwbclient/wbclient_internal.h
@@ -28,4 +28,8 @@ wbcErr wbcRequestResponse(int cmd,
struct winbindd_request *request,
struct winbindd_response *response);
+wbcErr wbcRequestResponsePriv(int cmd,
+ struct winbindd_request *request,
+ struct winbindd_response *response);
+
#endif /* _WBCLIENT_INTERNAL_H */
--
Samba Shared Repository
More information about the samba-cvs
mailing list