From: Volker Lendecke Date: Tue, 13 Apr 2010 10:09:21 +0000 (+0200) Subject: libwbclient: Re-Fix a bug that was fixed with e5741e27c4c X-Git-Tag: samba-3.4.8~19 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9e1cfde589a79fb72cc96e62e494fd80485d758d;p=thirdparty%2Fsamba.git libwbclient: Re-Fix a bug that was fixed with e5741e27c4c > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper for pointing this out! Volker (cherry picked from commit 3dab33103f4eddabdb908498200d888dfa6ae5a9) --- diff --git a/nsswitch/libwbclient/wbc_idmap.c b/nsswitch/libwbclient/wbc_idmap.c index 5b2ab875f62..318e9631731 100644 --- a/nsswitch/libwbclient/wbc_idmap.c +++ b/nsswitch/libwbclient/wbc_idmap.c @@ -222,8 +222,8 @@ wbcErr wbcAllocateUid(uid_t *puid) /* Make request */ - wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_UID, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_UID, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ @@ -252,8 +252,8 @@ wbcErr wbcAllocateGid(gid_t *pgid) /* Make request */ - wbc_status = wbcRequestResponse(WINBINDD_ALLOCATE_GID, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_ALLOCATE_GID, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); /* Copy out result */ @@ -298,8 +298,8 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -335,8 +335,8 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_SET_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -372,8 +372,8 @@ wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -409,8 +409,8 @@ wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) sizeof(request.data.dual_idmapset.sid)-1); wbcFreeMemory(sid_string); - wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_REMOVE_MAPPING, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -434,8 +434,8 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) request.data.dual_idmapset.id = uid_hwm; request.data.dual_idmapset.type = _ID_TYPE_UID; - wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: @@ -459,8 +459,8 @@ wbcErr wbcSetGidHwm(gid_t gid_hwm) request.data.dual_idmapset.id = gid_hwm; request.data.dual_idmapset.type = _ID_TYPE_GID; - wbc_status = wbcRequestResponse(WINBINDD_SET_HWM, - &request, &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_SET_HWM, + &request, &response); BAIL_ON_WBC_ERROR(wbc_status); done: diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c index 422665ad2e3..7d4f1d1b96a 100644 --- a/nsswitch/libwbclient/wbc_pam.c +++ b/nsswitch/libwbclient/wbc_pam.c @@ -459,9 +459,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, request.flags |= params->flags; } - wbc_status = wbcRequestResponse(cmd, - &request, - &response); + if (cmd == WINBINDD_PAM_AUTH_CRAP) { + wbc_status = wbcRequestResponsePriv(cmd, &request, &response); + } else { + wbc_status = wbcRequestResponse(cmd, &request, &response); + } if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(NULL, @@ -513,9 +515,8 @@ wbcErr wbcCheckTrustCredentials(const char *domain, /* Send request */ - wbc_status = wbcRequestResponse(WINBINDD_CHECK_MACHACC, - &request, - &response); + wbc_status = wbcRequestResponsePriv(WINBINDD_CHECK_MACHACC, + &request, &response); if (response.data.auth.nt_status != 0) { if (error) { wbc_status = wbc_create_error_info(NULL, diff --git a/nsswitch/libwbclient/wbclient.c b/nsswitch/libwbclient/wbclient.c index f5c72315f2e..a4ef0beeef9 100644 --- a/nsswitch/libwbclient/wbclient.c +++ b/nsswitch/libwbclient/wbclient.c @@ -29,6 +29,9 @@ NSS_STATUS winbindd_request_response(int req_type, struct winbindd_request *request, struct winbindd_response *response); +NSS_STATUS winbindd_priv_request_response(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); /** @brief Wrapper around Winbind's send/receive API call * @@ -52,16 +55,20 @@ NSS_STATUS winbindd_request_response(int req_type, --Volker **********************************************************************/ -wbcErr wbcRequestResponse(int cmd, - struct winbindd_request *request, - struct winbindd_response *response) +static wbcErr wbcRequestResponseInt( + int cmd, + struct winbindd_request *request, + struct winbindd_response *response, + NSS_STATUS (*fn)(int req_type, + struct winbindd_request *request, + struct winbindd_response *response)) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; NSS_STATUS nss_status; /* for some calls the request and/or response can be NULL */ - nss_status = winbindd_request_response(cmd, request, response); + nss_status = fn(cmd, request, response); switch (nss_status) { case NSS_STATUS_SUCCESS: @@ -81,6 +88,22 @@ wbcErr wbcRequestResponse(int cmd, return wbc_status; } +wbcErr wbcRequestResponse(int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + return wbcRequestResponseInt(cmd, request, response, + winbindd_request_response); +} + +wbcErr wbcRequestResponsePriv(int cmd, + struct winbindd_request *request, + struct winbindd_response *response) +{ + return wbcRequestResponseInt(cmd, request, response, + winbindd_priv_request_response); +} + /** @brief Translate an error value into a string * * @param error diff --git a/nsswitch/libwbclient/wbclient_internal.h b/nsswitch/libwbclient/wbclient_internal.h index fc03c5409b4..5ce820785ee 100644 --- a/nsswitch/libwbclient/wbclient_internal.h +++ b/nsswitch/libwbclient/wbclient_internal.h @@ -28,5 +28,8 @@ wbcErr wbcRequestResponse(int cmd, struct winbindd_request *request, struct winbindd_response *response); +wbcErr wbcRequestResponsePriv(int cmd, + struct winbindd_request *request, + struct winbindd_response *response); #endif /* _WBCLIENT_INTERNAL_H */