From b9a2edea74ea04a09301f91fffb6835df72d8760 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Tue, 22 Aug 2017 13:09:18 +0200 Subject: [PATCH 192/192] libwbclient: Change return code for wbcAuthenticateUserEx Samba-4.6 change behaviour of few functions New version of code make sure session info for user is stored in cache. It is a performance optimisation to prevent contacting KDC for each session. More details in samba bug https://bugzilla.samba.org/show_bug.cgi?id=11259 Old return code WBC_SSSD_NOT_IMPLEMENTED was translated to NT_STATUS_LOGON_FAILURE which caused many failures. [2017/08/21 11:34:15.044321, 5, pid=27742, effective(0, 0), real(0, 0)] ../libcli/security/security_token.c:53(security_token_debug) Security token: (NULL) [2017/08/21 11:34:15.044330, 5, pid=27742, effective(0, 0), real(0, 0)] ../source3/auth/token_util.c:640(debug_unix_user_token) UNIX token of user 0 Primary group is 0 and contains 0 supplementary groups [2017/08/21 11:34:15.044349, 4, pid=27742, effective(0, 0), real(0, 0)] ../source3/smbd/sec_ctx.c:439(pop_sec_ctx) pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0 [2017/08/21 11:34:15.044360, 1, pid=27742, effective(0, 0), real(0, 0)] ../source3/smbd/sesssetup.c:290(reply_sesssetup_and_X_spnego) Failed to generate session_info (user and group token) for session setup: NT_STATUS_LOGON_FAILURE Resolves: https://pagure.io/SSSD/sssd/issue/3461 Reviewed-by: Sumit Bose (cherry picked from commit 725d04cd21016dc6092a9f03cd363bb83d7c054c) (cherry picked from commit aede6a1f4412f133e4b3fd76944f764d76fc4868) (cherry picked from commit 260062d946e7cc265e2671f88b1662276431c0bb) --- src/sss_client/libwbclient/wbc_pam_sssd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/sss_client/libwbclient/wbc_pam_sssd.c b/src/sss_client/libwbclient/wbc_pam_sssd.c index 174cf1310fad0243036fe591978cc89700903896..77698f523e6e7aeb37d4db50b469d1604d7ee595 100644 --- a/src/sss_client/libwbclient/wbc_pam_sssd.c +++ b/src/sss_client/libwbclient/wbc_pam_sssd.c @@ -49,7 +49,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, *error = NULL; } - WBC_SSSD_NOT_IMPLEMENTED; + return WBC_ERR_WINBIND_NOT_AVAILABLE; } /* Trigger a verification of the trust credentials of a specific domain */ -- 2.9.4