summaryrefslogtreecommitdiff
path: root/nsswitch/pam_winbind.c
Commit message (Collapse)AuthorAgeFilesLines
* nsswitch: cppcheck: Fix ctunullpointer errorNoel Power2019-06-041-4/+6
| | | | | | | | | Fixes nsswitch/pam_winbind.c:1379: error: ctunullpointer: Null pointer dereference: info <--[cppcheck] Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* nsswitch pam_winbind: Fix Asan use after freeGary Lockyer2019-05-061-0/+5
| | | | | | | | | | | | | | | Fix use after free condition detected by Address Sanitizer triggered by wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a double free. This patch prevents the Address Sanitizer error, allowing tests to be run with Address Sanitizer enabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184
* pam_winbind: Set the request type as client nameAndreas Schneider2018-11-121-0/+8
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Nov 12 13:44:09 CET 2018 on sn-devel-144
* nsswitch: Add try_authtok option to pam_winbindMathieu Parent2018-10-021-0/+5
| | | | | | | | | | | | Same as the use_authtok option, except that if the new password is not valid, PAM will prompt for a password. Bug-Debian: https://bugs.debian.org/858923 Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944 Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* Fix spelling s/formated/formatted/Mathieu Parent2018-05-121-1/+1
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* nsswitch: Add FALL_THROUGH statements in pam_winbind.cAndreas Schneider2018-03-011-1/+2
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pam_winbind: avoid non-literal-format warningUri Simchoni2017-11-291-5/+19
| | | | | | | | Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144
* pam_winbind: fix const discard warningsUri Simchoni2017-11-241-2/+2
| | | | | Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticatingStefan Metzmacher2017-04-061-46/+12
| | | | | | | | | | | | | | | The expiry time for the specific user comes from info->pass_must_change_time and nothing else. The authenticating DC knows which password policy applies to the user, that's nothing the client can do, as domain trusts and fine-grained password policies makes this a very complex task. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* pam_winbind: Return if we do not have a domainAndreas Schneider2017-02-231-3/+7
| | | | | | | | | Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Correct "Controler" typos.Chris Lamb2017-02-221-1/+1
| | | | | | Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* pam_winbind: Fix compiler warningsBjörn Jacke2016-12-161-4/+7
| | | | | | | | | | | | Thanks to Stef Walter <stefw@gnome.org> BUG: http://bugzilla.samba.org/show_bug.cgi?id=8888 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Dec 16 16:22:32 CET 2016 on sn-devel-144
* pam: strip trailing whitespaces in pam_winbind.cBjörn Jacke2016-12-131-5/+5
| | | | | | | | Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Karolin Seeger <ks@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Tue Dec 13 18:01:21 CET 2016 on sn-devel-144
* pam: map more NT password errors to PAM errorsBjörn Jacke2016-12-131-0/+5
| | | | | | | | | | | | | | | | NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION, NT_STATUS_PWD_HISTORY_CONFLICT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_TOO_SHORT now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is the closest match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed by: Jeremy Allison <jra@samba.org>
* pam_winbind: Avoid a use of sprintfVolker Lendecke2016-03-311-3/+3
| | | | | | | | pam_winbind depends on talloc, which depends on libreplace, so we have asprintf available. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pam_winbind: Create and use a wbclient contextAndreas Schneider2016-03-251-8/+28
| | | | | | | | | | | | | | | | PAM sessions are long running. If we create a pam session a connection to winbind is established and only closed by the destructor of the libwbclient library. If we create a wbcContext, we will free it in the end of the PAM function being called and the socket will be closed. This decreases the amount of allocated 'winbindd_cli_state' structures in winbind for every logged in user. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
* pam_winbind: Use the correct type to check the pam_parse() return codeAndreas Schneider2016-03-251-2/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* pam_winbind: check != PAM_SUCCESS and != NULL explicitlyMichael Adam2016-01-131-14/+14
| | | | | | | | ...instead of using "if (ret)" or similar. This is just a code cleanup, no changes in behaviour. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* pam_winbind: Fix a segfault if initialization failsAndreas Schneider2015-09-081-11/+8
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Sep 8 21:39:21 CEST 2015 on sn-devel-104
* pam: Fix CID 1034871 Resource leakVolker Lendecke2015-03-031-0/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Mar 3 20:03:25 CET 2015 on sn-devel-104
* pam: Fix CID 1034870 Resource leakVolker Lendecke2015-03-031-1/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* pam_winbind: fix warn_pwd_expire implementation.Günther Deschner2014-12-031-1/+4
| | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9056 warn_pwd_expire parameter is not working as documented in pam_winbind manual page. This patch adds missing bit and allows disabling warning message fully, i.e. setting warn time to zero days. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Dec 3 21:36:49 CET 2014 on sn-devel-104
* nsswitch: avoid some compiler warningsStefan Metzmacher2014-11-141-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pam_winbind: fix comment typosMichael Adam2014-10-181-1/+1
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Sat Oct 18 12:41:07 CEST 2014 on sn-devel-104
* Replace all uses of iniparser with tiniparser.Jeremy Allison2014-08-141-20/+24
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* Remove uid_wrapper related code.Andreas Schneider2014-04-171-2/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Revert "pam_winbind: fix segfault in pam_sm_authenticate()"Garming Sam2014-01-151-4/+3
| | | | | | | | | | | | | This reverts commit ec0f51b200d6e5b99bbd872e169621c17f33524c. A more generic fix is now in use. Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jan 15 01:37:38 CET 2014 on sn-devel-104
* pam_winbind: Do not honour require_membership_of in the acct module parametersGarming Sam2014-01-141-16/+41
| | | | | | | | This needs a password to work, and it confuses users for it to appear to be valid here. Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: David Disseldorp <ddiss@samba.org>
* pam_winbind: Fix segfault caused by invalid configuration optionsGarming Sam2014-01-141-3/+3
| | | | | | | | | | This is a better fix for 8564 and will allow ec0f51b200d6e5b99bbd872e169621c17f33524c to be reverted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8564 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: David Disseldorp <ddiss@samba.org>
* fail authentication for single group name which cannot be converted to sidNoel Power2013-11-291-0/+6
| | | | | | | | | | | | | | furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Nov 29 15:45:11 CET 2013 on sn-devel-104
* pam_winbind: Use strlcat in safe_append_stringVolker Lendecke2013-11-281-9/+3
| | | | | | | | | | We have that available via libreplace, so use it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Nov 28 14:33:32 CET 2013 on sn-devel-104
* handle later iniparser version assigning a zero length string value for 'key='Noel Power2013-11-201-4/+19
| | | | | | | | | | | | | | | | | | | | older iniparser versions ( like that used in upstream samba ) ignore 'key=' entries, the key is not entered into the dictionary at all. Later versions of iniparse specifically handle the following special cases * key= * key=; * key=# by assigning a value of "" ( a zero length string ) to the key in the dictionary. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Nov 20 16:12:13 CET 2013 on sn-devel-104
* BUG 9735: Fix winbind seperator in upn to username conversion.Andreas Schneider2013-03-221-1/+1
| | | | | | | Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 22 16:18:06 CET 2013 on sn-devel-104
* nsswitch: Fix pam_get_{item,data} build warnings.Andreas Schneider2012-12-121-31/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* nsswitch: Remove unused variable in _pam_winbind_change_pwd().Andreas Schneider2012-12-121-3/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* pam_winbind: fix segfault in pam_sm_authenticate()David Disseldorp2012-10-261-3/+4
| | | | | | | | | | | | Ensure the potentially null winbind context is not dereferenced on cleanup. https://bugzilla.samba.org/show_bug.cgi?id=8564 Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Oct 26 22:40:57 CEST 2012 on sn-devel-104
* pam_winbind: match more return codes when wbcGetPwnam has failed.Günther Deschner2012-09-191-0/+3
| | | | | | | | | | This is required to properly return PAM_USER_UNKNOWN in case winbind had a problem. Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104
* nsswitch: fix crash on null pam change pw responseLuca Lorenzetto2012-09-121-1/+1
| | | | | | | | | | | | The function _pam_winbind_change_pwd crashes due to a null value passed to the function strcasecmp and denies to login via graphical login manager. Check for a null value before doing a strcasecmp. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296 Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013 Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Sep 12 00:07:28 CEST 2012 on sn-devel-104
* Fix pam_winbind build against newer iniparser librarySimo Sorce2012-04-241-4/+4
| | | | | | | | iniparser_getstr is deprecated and has been removed in newer libraries available in Fedora. Use iniparse_getstring instead. Autobuild-User: Simo Sorce <idra@samba.org> Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104
* s3: No value change, just use the correct enum valueVolker Lendecke2012-01-061-1/+1
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Jan 6 16:33:42 CET 2012 on sn-devel-104
* nsswitch: Disable uid_wrapper in libwbclient.Andreas Schneider2011-10-271-0/+2
| | | | This way we don't have to link against it in the autoconf build.
* s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
* Remove a PATH_MAX.Jeremy Allison2011-06-011-2/+3
|
* More const fixes. Remove CONST_DISCARD.Jeremy Allison2011-05-061-2/+0
|
* More const fixes for compiler warnings from the waf build.Jeremy Allison2011-05-051-14/+14
|
* pam_winbind: Use wbcSidToStringBufVolker Lendecke2011-03-051-12/+3
|
* nsswitch: wbcFreeMemory deals fine with NULLVolker Lendecke2011-03-051-3/+1
|
* pam_winbind: Fix shadowing a global on FreeBSDVolker Lendecke2010-07-171-5/+5
| | | | FreeBSD defines a function pam_error()
* s3-winbind: Make sure we crash if domain is really not found.Andreas Schneider2010-06-291-1/+1
| | | | Found by clang-analyzer.
* s3: Add i18n/l10n strings in pam_winbind.c coming from winbindd.Bo Yang2010-03-061-1/+1
| | | | Signed-off-by: Bo Yang <boyang@samba.org>
View Lorry Controller Status