s4-auth log details about any token we fail to convert to a unix token

author Andrew Bartlett <abartlet@samba.org>

Thu, 17 Nov 2011 07:24:24 +0000 (18:24 +1100)

committer Amitay Isaacs <amitay@gmail.com>

Fri, 18 Nov 2011 03:38:28 +0000 (14:38 +1100)
author Andrew Bartlett <abartlet@samba.org>
Thu, 17 Nov 2011 07:24:24 +0000 (18:24 +1100)
committer Amitay Isaacs <amitay@gmail.com>
Fri, 18 Nov 2011 03:38:28 +0000 (14:38 +1100)
diff --git a/source4/auth/unix_token.c b/source4/auth/unix_token.c

index 765bf06188569565678e37261e0f7ab640ed5943..24f3226ceae5d2ec3655f0023b432a47629976bc 100644 (file)
--- a/source4/auth/unix_token.c
+++ b/source4/auth/unix_token.c
@@ -78,6 +78,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
         } else if (ids[0].xid.type == ID_TYPE_UID) {
                 (*sec)->uid = ids[0].xid.id;
         } else {
+               char *sid_str = dom_sid_string(mem_ctx, ids[0].sid);
+               DEBUG(0, ("Unable to convert first SID (%s) in user token to a UID.  Conversion was returned as type %d, full token:\n",
+                         sid_str, (int)ids[0].xid.type));
+               security_token_debug(0, 0, token);
+               talloc_free(sid_str);
                 return NT_STATUS_INVALID_SID;
         }
  
@@ -87,6 +92,11 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
                 (*sec)->groups[g] = ids[1].xid.id;
                 g++;
         } else {
+               char *sid_str = dom_sid_string(mem_ctx, ids[1].sid);
+               DEBUG(0, ("Unable to convert second SID (%s) in user token to a GID.  Conversion was returned as type %d, full token:\n",
+                         sid_str, (int)ids[1].xid.type));
+               security_token_debug(0, 0, token);
+               talloc_free(sid_str);
                 return NT_STATUS_INVALID_SID;
         }
  
@@ -96,10 +106,17 @@ NTSTATUS security_token_to_unix_token(TALLOC_CTX *mem_ctx,
                         (*sec)->groups[g] = ids[s].xid.id;
                         g++;
                 } else {
+                       char *sid_str = dom_sid_string(mem_ctx, ids[s].sid);
+                       DEBUG(0, ("Unable to convert SID (%s) at index %u in user token to a GID.  Conversion was returned as type %d, full token:\n",
+                                 sid_str, (unsigned int)s, (int)ids[s].xid.type));
+                       security_token_debug(0, 0, token);
+                       talloc_free(sid_str);
                         return NT_STATUS_INVALID_SID;
                 }
         }
  
+       DEBUG(5, ("Successfully converted security token to a unix token:"));
+       security_token_debug(0, 5, token);
         TALLOC_FREE(ids);
  
         return NT_STATUS_OK;
author	Andrew Bartlett <abartlet@samba.org>
	Thu, 17 Nov 2011 07:24:24 +0000 (18:24 +1100)
committer	Amitay Isaacs <amitay@gmail.com>
	Fri, 18 Nov 2011 03:38:28 +0000 (14:38 +1100)