summaryrefslogtreecommitdiff
path: root/nsswitch/libwbclient/wbc_pam.c
Commit message (Collapse)AuthorAgeFilesLines
* nsswitch: fill out wbcAuthUserInfo user_principal and dns_domain_name from info6Ralph Boehme2018-01-131-2/+12
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libwbclient: Fix two signed/unsigned hickupsVolker Lendecke2017-11-181-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libwbclient: Add "authoritative" to wbcAuthErrorInfoVolker Lendecke2017-03-071-0/+1
| | | | | | | smbd needs to react to "authoritative" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH responseStefan Metzmacher2016-04-121-1/+20
| | | | | | | | | | | | | | | | | | | | | | | | We don't need to change the protocol version because: 1. An old client may provide the "initial_blob" (which was and is still ignored when going via the wbcCredentialCache() function) and the new winbindd won't use new_spnego. 2. A new client will just get a zero byte from an old winbindd. As it uses talloc_zero() to create struct winbindd_response. 3. Changing the version number would introduce problems with backports to older Samba versions. New clients which are capable of using the new_spnego field will use "negotiate_blob" instead of "initial_blob". BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* Add context versions of wbclient functionsMatthew Newton2015-03-101-51/+147
| | | | | | | | | | | To make the libwbclient library thread-safe, all functions that call through to wb_common winbindd_request_response need to have context that they can use. This commit adds all the necessary functions. Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch: allow passing the domain name to wbcPingDC[2]()Stefan Metzmacher2014-12-191-9/+5
| | | | | | | | winbindd already supports this. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* As David Woodhouse points out, this breaks backwards compatibility.Jeremy Allison2014-07-141-2/+0
| | | | | | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10692 Revert "libwbclient: reject unknown named blobs in wbcCredentialCache()" This reverts commit 740d12d1e77d356ff22c3725dce8d5019c86a7a5. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 14 21:54:08 CEST 2014 on sn-devel-104
* libwbclient: reject unknown named blobs in wbcCredentialCache()Stefan Metzmacher2014-07-101-0/+2
| | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 10 22:30:45 CEST 2014 on sn-devel-104
* libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache()Stefan Metzmacher2014-07-101-9/+19
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: libwbclient: Don't break out of loop too soon - find all parameters.Jeremy Allison2014-07-101-2/+0
| | | | | | | | Fix bug #10692: wbcCredentialCache fails if challenge_blob is not first https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Jeremy Allison <jra@samba.org>
* Remove uid_wrapper related code.Andreas Schneider2014-04-171-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind: Extend wbcAuthenticateUserEx to provide PACChristof Schmitt2012-09-201-1/+15
| | | | | | | | | | | | | | With this new interface, external applications that have authenticated to an ADS can pass the PAC from the Kerberos ticket to wbcAuthenticateUserEx. winbindd decodes and extracts the info3 information for the external application. If winbindd can verify the PAC signature, the info3 from the PACis also added to the netsamlogon_cache. The info3 data can be used by the external application to get the uid and primary gid. The data in netsamlogon_cache allows to retrieve the complete group list through the NSS function getgrouplist. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* libwbclient: Add wbcPingDc2Christof Schmitt2012-08-151-0/+21
| | | | | | | Add wbcPingDc2 that optionally returns the DC that was attempted to ping. wbcPing is implemented as a wrapper around wbcPingDc2. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: Disable uid_wrapper in libwbclient.Andreas Schneider2011-10-271-0/+1
| | | | This way we don't have to link against it in the autoconf build.
* s3: Fix Coverity ID 2148, FORWARD_NULLVolker Lendecke2011-03-161-3/+2
| | | | Further down we unconditionally reference *info
* libwbclient: Correctly order the wbcAllocateMemory argsVolker Lendecke2010-11-271-5/+5
| | | | | | | In these cases, it does not make a functional difference. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sat Nov 27 19:56:02 CET 2010 on sn-devel-104
* s3: auth.krb5ccname and auth.unix_username are both fstringsVolker Lendecke2010-09-101-4/+2
| | | | There's no point in checking for != NULL
* libwbclient: Actually copy something in wbcChangeUserPasswordExVolker Lendecke2010-04-231-8/+8
| | | | The length argument for memcpy was initialized to 0 and not initialized
* libwbclient: Remove some pointless BAIL_ON_WBC_ERROR macro callsVolker Lendecke2010-04-231-12/+12
|
* libwbclient: Make wbc_create_error_info not use tallocVolker Lendecke2010-04-191-4/+13
|
* libwbclient: Make wbcCredentialCache not use tallocVolker Lendecke2010-04-191-10/+14
|
* libwbclient: Make wbcAuthenticateUserEx not use tallocVolker Lendecke2010-04-191-2/+3
|
* libwbclient: Make wbc_create_logon_info not use tallocVolker Lendecke2010-04-191-6/+11
|
* libwbclient: Make wbc_create_auth_info not use tallocVolker Lendecke2010-04-191-17/+33
|
* libwbclient: Make wbc_create_password_policy_info not use tallocVolker Lendecke2010-04-191-2/+3
|
* libwbclient: Make _SID_COMPOSE a function instead of a macroVolker Lendecke2010-04-191-19/+28
|
* libwbclient: Re-Fix a bug that was fixed with e5741e27c4cVolker Lendecke2010-04-131-9/+9
| | | | | | | | | | | | | | | | | > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out! Volker
* libwbclient: Remove a pointless variableVolker Lendecke2010-04-131-3/+1
|
* libwbclient: Streamline result processing of wbcCredentialCache()Volker Lendecke2010-04-041-4/+2
|
* libwbclient: Fix a memleak in wbcCredentialCacheVolker Lendecke2010-04-041-0/+1
|
* libwbclient: Separate out the async functionsKai Blin2010-02-131-269/+0
|
* libwbclient: Implement wbcAuthenticateUserEx_send/recvKai Blin2010-02-111-0/+270
|
* libwbclient: wbc_create_logon_info is always called with mem_ctx==NULLVolker Lendecke2010-02-071-5/+3
|
* libwbclient: wbc_create_password_policy_info is always called with mem_ctx==NULLVolker Lendecke2010-02-071-7/+4
|
* libwbclient: wbc_create_error_info is always called with mem_ctx==NULLVolker Lendecke2010-02-071-18/+10
|
* libwbclient: Actually implement wbcCredentialCache()Volker Lendecke2010-01-241-1/+127
|
* s3: Add wbinfo --ccache-saveVolker Lendecke2010-01-241-0/+18
| | | | | With this command you can give winbind your password for later use by the automatic ntlm_auth
* libwbclient: Use winbindd_free_response()Volker Lendecke2010-01-241-4/+3
|
* s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dcVolker Lendecke2009-12-211-0/+45
| | | | | | This just does a NULL RPC call through an existing NETLOGON connection. If someone knows an operation that "just works" and does not return NOT_SUPPORTED, please tell me :-)
* libwbclient: add wbcChangeTrustCredentials.Günther Deschner2009-10-131-0/+38
| | | | Guenther
* libwbclient: implement secure channel verification for specific domains in ↵Günther Deschner2009-10-071-9/+5
| | | | | | wbcCheckTrustCredentials(). Guenther
* wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2Günther Deschner2009-09-011-4/+15
| | | | | | blobs in wbcAuthenticateUserEx(). Guenther
* libwbclient: fix returned LogonInfo in wbc_LogonUser().Günther Deschner2009-06-181-2/+4
| | | | | | | That function could return emtpy blobs for username and ccache for e.g. cached logins. Guenther
* libwbclient: Attempt to fix build on AIXKai Blin2009-06-041-0/+1
|
* libwbclient: Silence a compiler warningKai Blin2009-05-301-1/+1
|
* Fix Coverity ID 626: DEADCODEVolker Lendecke2009-04-231-5/+0
|
* nsswitch: Move source3 files to top level dir.Kai Blin2008-12-161-0/+1034
Don't move source4 files yet to not confuse git's rename tracking too much.
View Lorry Controller Status