libwbclient: Re-Fix a bug that was fixed with e5741e27c4c

> r21878: Fix a bug with smbd serving a windows terminal server: If winbind
> decides smbd to be idle it might happen that smbd needs to do a winbind
> operation (for example sid2name) as non-root. This then fails to get the
> privileged pipe. When later on on the same connection another authentication
> request comes in, we try to do the CRAP auth via the non-privileged pipe.
>
> This adds a winbindd_priv_request_response() request that kills the existing
> winbind pipe connection if it's not privileged.

The fix for this was lost during the conversion to libwbclient.

Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out!

Volker

Fix bug #7357.
(cherry picked from commit 5c5e646ab3546aae4660b6598a6c89c66c3b4687)

4 files changed, 56 insertions, 29 deletions

diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c
index 10a02fd505a..bde14411abc 100644
--- a/nsswitch/libwbclient/wbc_idmap.c
+++ b/nsswitch/libwbclient/wbc_idmap.c
@@ -223,8 +223,8 @@ wbcErr wbcAllocateUid(uid_t *puid)
 
 	/* Make request */
 
-	wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID,
-					   &request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
 	/* Copy out result */
@@ -253,8 +253,8 @@ wbcErr wbcAllocateGid(gid_t *pgid)
 
 	/* Make request */
 
-	wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID,
-					   &request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
 	/* Copy out result */
@@ -299,8 +299,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid)
 		sizeof(request.data.dual_idmapset.sid)-1);
 	wbcFreeMemory(sid_string);
 
-	wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING,
-					&request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
  done:
@@ -336,8 +336,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid)
 		sizeof(request.data.dual_idmapset.sid)-1);
 	wbcFreeMemory(sid_string);
 
-	wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING,
-					&request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
  done:
@@ -373,8 +373,8 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid)
 		sizeof(request.data.dual_idmapset.sid)-1);
 	wbcFreeMemory(sid_string);
 
-	wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING,
-					&request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
  done:
@@ -410,8 +410,8 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid)
 		sizeof(request.data.dual_idmapset.sid)-1);
 	wbcFreeMemory(sid_string);
 
-	wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING,
-					&request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
  done:
@@ -435,8 +435,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm)
 	request.data.dual_idmapset.id = uid_hwm;
 	request.data.dual_idmapset.type = _ID_TYPE_UID;
 
-	wbc_status = wbcRequestResponse(WINBINDD_SET_HWM,
-					&request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
  done:
@@ -460,8 +460,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm)
 	request.data.dual_idmapset.id = gid_hwm;
 	request.data.dual_idmapset.type = _ID_TYPE_GID;
 
-	wbc_status = wbcRequestResponse(WINBINDD_SET_HWM,
-					&request, &response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM,
+					    &request, &response);
 	BAIL_ON_WBC_ERROR(wbc_status);
 
  done:
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 4b187273fce..25475ce5cf6 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -463,9 +463,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 		request.flags |= params->flags;
 	}
 
-	wbc_status = wbcRequestResponse(cmd,
-					&request,
-					&response);
+	if (cmd == WINBINDD_PAM_AUTH_CRAP) {
+		wbc_status = wbcRequestResponsePriv(cmd, &request, &response);
+	} else {
+		wbc_status = wbcRequestResponse(cmd, &request, &response);
+	}
 	if (response.data.auth.nt_status != 0) {
 		if (error) {
 			wbc_status = wbc_create_error_info(NULL,
@@ -513,9 +515,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain,
 
 	/* Send request */
 
-	wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC,
-					&request,
-					&response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC,
+					    &request, &response);
 	if (response.data.auth.nt_status != 0) {
 		if (error) {
 			wbc_status = wbc_create_error_info(NULL,
@@ -551,9 +552,8 @@ wbcErr wbcChangeTrustCredentials(const char *domain,
 
 	/* Send request */
 
-	wbc_status = wbcRequestResponse(WINBINDD_CHANGE_MACHACC,
-					&request,
-					&response);
+	wbc_status = wbcRequestResponsePriv(WINBINDD_CHANGE_MACHACC,
+					&request, &response);
 	if (response.data.auth.nt_status != 0) {
 		if (error) {
 			wbc_status = wbc_create_error_info(NULL,
diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c
index 9a1e770690e..ec8d205647e 100644
--- a/nsswitch/libwbclient/wbclient.c
+++ b/nsswitch/libwbclient/wbclient.c
@@ -32,6 +32,9 @@
 NSS_STATUS winbindd_request_response(int req_type,
 				     struct winbindd_request *request,
 				     struct winbindd_response *response);
+NSS_STATUS winbindd_priv_request_response(int req_type,
+					  struct winbindd_request *request,
+					  struct winbindd_response *response);
 
 /** @brief Wrapper around Winbind's send/receive API call
  *
@@ -55,16 +58,20 @@ NSS_STATUS winbindd_request_response(int req_type,
  --Volker
 **********************************************************************/
 
-wbcErr wbcRequestResponse(int cmd,
-			  struct winbindd_request *request,
-			  struct winbindd_response *response)
+static wbcErr wbcRequestResponseInt(
+	int cmd,
+	struct winbindd_request *request,
+	struct winbindd_response *response,
+	NSS_STATUS (*fn)(int req_type,
+			 struct winbindd_request *request,
+			 struct winbindd_response *response))
 {
 	wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
 	NSS_STATUS nss_status;
 
 	/* for some calls the request and/or response can be NULL */
 
-	nss_status = winbindd_request_response(cmd, request, response);
+	nss_status = fn(cmd, request, response);
 
 	switch (nss_status) {
 	case NSS_STATUS_SUCCESS:
@@ -84,6 +91,22 @@ wbcErr wbcRequestResponse(int cmd,
 	return wbc_status;
 }
 
+wbcErr wbcRequestResponse(int cmd,
+			  struct winbindd_request *request,
+			  struct winbindd_response *response)
+{
+	return wbcRequestResponseInt(cmd, request, response,
+				     winbindd_request_response);
+}
+
+wbcErr wbcRequestResponsePriv(int cmd,
+			      struct winbindd_request *request,
+			      struct winbindd_response *response)
+{
+	return wbcRequestResponseInt(cmd, request, response,
+				     winbindd_priv_request_response);
+}
+
 /** @brief Translate an error value into a string
  *
  * @param error
diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h
index 2d103ab3df8..5ce820785ee 100644
--- a/nsswitch/libwbclient/wbclient_internal.h
+++ b/nsswitch/libwbclient/wbclient_internal.h
@@ -28,4 +28,8 @@ wbcErr wbcRequestResponse(int cmd,
 			  struct winbindd_request *request,
 			  struct winbindd_response *response);
 
+wbcErr wbcRequestResponsePriv(int cmd,
+			      struct winbindd_request *request,
+			      struct winbindd_response *response);
+
 #endif      /* _WBCLIENT_INTERNAL_H */