diff options
author | Volker Lendecke <vl@samba.org> | 2010-04-13 12:09:21 +0200 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-05-17 09:50:12 +0200 |
commit | 4d9210ef9cca057ddb2a6e648a0215996b3362f0 (patch) | |
tree | 6b4faef56b5ad4b7c504def1a74f1cfcb96232fe | |
parent | c6c4606dac3035a76ab36233e5b877a984c95ab2 (diff) | |
download | samba-4d9210ef9cca057ddb2a6e648a0215996b3362f0.tar.gz |
libwbclient: Re-Fix a bug that was fixed with e5741e27c4c
> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.
The fix for this was lost during the conversion to libwbclient.
Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out!
Volker
Fix bug #7357.
(cherry picked from commit 5c5e646ab3546aae4660b6598a6c89c66c3b4687)
-rw-r--r-- | nsswitch/libwbclient/wbc_idmap.c | 32 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbc_pam.c | 18 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbclient.c | 31 | ||||
-rw-r--r-- | nsswitch/libwbclient/wbclient_internal.h | 4 |
4 files changed, 56 insertions, 29 deletions
diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c index 10a02fd505a..bde14411abc 100644 --- a/nsswitch/libwbclient/wbc_idmap.c +++ b/nsswitch/libwbclient/wbc_idmap.c @@ -223,8 +223,8 @@ wbcErr wbcAllocateUid(uid_t *puid) /* Make request */ - wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ @@ -253,8 +253,8 @@ wbcErr wbcAllocateGid(gid_t *pgid) /* Make request */ - wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ @@ -299,8 +299,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -336,8 +336,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -373,8 +373,8 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -410,8 +410,8 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -435,8 +435,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) request.data.dual_idmapset.id = uid_hwm; request.data.dual_idmapset.type = _ID_TYPE_UID; - wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -460,8 +460,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm) request.data.dual_idmapset.id = gid_hwm; request.data.dual_idmapset.type = _ID_TYPE_GID; - wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 4b187273fce..25475ce5cf6 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -463,9 +463,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.flags |= params->flags; } - wbc_status = wbcRequestResponse(cmd, - &request, - &response); + if (cmd == WINBINDD_PAM_AUTH_CRAP) { + wbc_status = wbcRequestResponsePriv(cmd, &request, &response); + } else { + wbc_status = wbcRequestResponse(cmd, &request, &response); + } if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(NULL, @@ -513,9 +515,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain, /* Send request */ - wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC, - &request, - &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC, + &request, &response); if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(NULL, @@ -551,9 +552,8 @@ wbcErr wbcChangeTrustCredentials(const char *domain, /* Send request */ - wbc_status = wbcRequestResponse(WINBINDD_CHANGE_MACHACC, - &request, - &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_CHANGE_MACHACC, + &request, &response); if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(NULL, diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c index 9a1e770690e..ec8d205647e 100644 --- a/nsswitch/libwbclient/wbclient.c +++ b/nsswitch/libwbclient/wbclient.c @@ -32,6 +32,9 @@ NSS_STATUS winbindd_request_response(int req_type, struct winbindd_request *request, struct winbindd_response *response); +NSS_STATUS winbindd_priv_request_response(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); /** @brief Wrapper around Winbind's send/receive API call * @@ -55,16 +58,20 @@ NSS_STATUS winbindd_request_response(int req_type, --Volker **********************************************************************/ -wbcErr wbcRequestResponse(int cmd, - struct winbindd_request *request, - struct winbindd_response *response) +static wbcErr wbcRequestResponseInt( + int cmd, + struct winbindd_request *request, + struct winbindd_response *response, + NSS_STATUS (*fn)(int req_type, + struct winbindd_request *request, + struct winbindd_response *response)) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; NSS_STATUS nss_status; /* for some calls the request and/or response can be NULL */ - nss_status = winbindd_request_response(cmd, request, response); + nss_status = fn(cmd, request, response); switch (nss_status) { case NSS_STATUS_SUCCESS: @@ -84,6 +91,22 @@ wbcErr wbcRequestResponse(int cmd, return wbc_status; } +wbcErr wbcRequestResponse(int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + return wbcRequestResponseInt(cmd, request, response, + winbindd_request_response); +} + +wbcErr wbcRequestResponsePriv(int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + return wbcRequestResponseInt(cmd, request, response, + winbindd_priv_request_response); +} + /** @brief Translate an error value into a string * * @param error diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h index 2d103ab3df8..5ce820785ee 100644 --- a/nsswitch/libwbclient/wbclient_internal.h +++ b/nsswitch/libwbclient/wbclient_internal.h @@ -28,4 +28,8 @@ wbcErr wbcRequestResponse(int cmd, struct winbindd_request *request, struct winbindd_response *response); +wbcErr wbcRequestResponsePriv(int cmd, + struct winbindd_request *request, + struct winbindd_response *response); + #endif /* _WBCLIENT_INTERNAL_H */ |