sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-28 11:42:03 +03:00
Code Activity

Print out the 'freindly' error message from winbind. Also print useful

Browse Source 
information into it re the privilaged pipe.

Also clean up some bugs in winbindd_pam.c

Andrew Bartlett
This commit is contained in:
Andrew Bartlett
-
parent 266c3970df
commit e73b01204a
3 changed files with 28 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
source/nsswitch/wbinfo.c
View File

@ -447,9 +447,10 @@ static BOOL wbinfo_auth(char *username)
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status) if (response.data.auth.nt_status)
d_printf("error code was %s (0x%x)\n", d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string, response.data.auth.nt_status_string,
response.data.auth.nt_status); response.data.auth.nt_status,
response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS; return result == NSS_STATUS_SUCCESS;
} }
@ -502,9 +503,10 @@ static BOOL wbinfo_auth_crap(char *username)
(result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed"); (result == NSS_STATUS_SUCCESS) ? "succeeded" : "failed");
if (response.data.auth.nt_status) if (response.data.auth.nt_status)
d_printf("error code was %s (0x%x)\n", d_printf("error code was %s (0x%x)\nerror messsage was: %s\n",
response.data.auth.nt_status_string, response.data.auth.nt_status_string,
response.data.auth.nt_status); response.data.auth.nt_status,
response.data.auth.error_string);
return result == NSS_STATUS_SUCCESS; return result == NSS_STATUS_SUCCESS;
} }

19
source/nsswitch/winbindd_pam.c
View File

@ -140,7 +140,12 @@ enum winbindd_result winbindd_pam_auth(struct winbindd_cli_state *state)
uni_group_cache_store_netlogon(mem_ctx, &info3); uni_group_cache_store_netlogon(mem_ctx, &info3);
done: done:
/* give us a more useful (more correct?) error code */
if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
result = NT_STATUS_NO_LOGON_SERVERS;
}
state->response.data.auth.nt_status = NT_STATUS_V(result); state->response.data.auth.nt_status = NT_STATUS_V(result);
fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result)); fstrcpy(state->response.data.auth.nt_status_string, nt_errstr(result));
fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result)); fstrcpy(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
@ -176,6 +181,8 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
if (!state->privilaged) { if (!state->privilaged) {
DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n")); DEBUG(2, ("winbindd_pam_auth_crap: non-privilaged access denied!\n"));
/* send a better message than ACCESS_DENIED */
push_utf8_fstring(state->response.data.auth.error_string, "winbind client not authorized to use winbindd_pam_auth_crap");
result = NT_STATUS_ACCESS_DENIED; result = NT_STATUS_ACCESS_DENIED;
goto done; goto done;
} }
@ -282,15 +289,21 @@ enum winbindd_result winbindd_pam_auth_crap(struct winbindd_cli_state *state)
memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */); memcpy(state->response.data.auth.nt_session_key, info3.user_sess_key, sizeof(state->response.data.auth.nt_session_key) /* 16 */);
} }
if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) { if (state->request.data.auth_crap.flags & WINBIND_PAM_LMKEY) {
memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.nt_session_key) /* 16 */); memcpy(state->response.data.auth.first_8_lm_hash, info3.padding, sizeof(state->response.data.auth.first_8_lm_hash) /* 8 */);
} }
} }
done: done:
/* give us a more useful (more correct?) error code */
if ((NT_STATUS_EQUAL(result, NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND) || (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)))) {
result = NT_STATUS_NO_LOGON_SERVERS;
}
state->response.data.auth.nt_status = NT_STATUS_V(result); state->response.data.auth.nt_status = NT_STATUS_V(result);
push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result)); push_utf8_fstring(state->response.data.auth.nt_status_string, nt_errstr(result));
push_utf8_fstring(state->response.data.auth.error_string, nt_errstr(result)); if (!*state->response.data.auth.error_string)
push_utf8_fstring(state->response.data.auth.error_string, get_friendly_nt_error_msg(result));
state->response.data.auth.pam_error = nt_status_to_pam(result); state->response.data.auth.pam_error = nt_status_to_pam(result);
DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2, DEBUG(NT_STATUS_IS_OK(result) ? 5 : 2,

10
source/utils/ntlm_auth.c
View File

@ -157,17 +157,19 @@ static BOOL check_plaintext_auth(const char *user, const char *pass, BOOL stdout
d_printf("Reading winbind reply failed! (0x01)\n"); d_printf("Reading winbind reply failed! (0x01)\n");
} }
d_printf("%s (0x%x)\n", d_printf("%s: %s (0x%x)\n",
response.data.auth.nt_status_string, response.data.auth.nt_status_string,
response.data.auth.error_string,
response.data.auth.nt_status); response.data.auth.nt_status);
} else { } else {
if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) { if ((result != NSS_STATUS_SUCCESS) && (response.data.auth.nt_status == 0)) {
DEBUG(1, ("Reading winbind reply failed! (0x01)\n")); DEBUG(1, ("Reading winbind reply failed! (0x01)\n"));
} }
DEBUG(3, ("%s (0x%x)\n", DEBUG(3, ("%s: %s (0x%x)\n",
response.data.auth.nt_status_string, response.data.auth.nt_status_string,
response.data.auth.nt_status)); response.data.auth.error_string,
response.data.auth.nt_status));
} }
return (result == NSS_STATUS_SUCCESS); return (result == NSS_STATUS_SUCCESS);