summaryrefslogtreecommitdiff
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* s3: Fix bug 8099 - setpwent() actually does endpwent() on FreeBSDSergey Korsak2011-04-201-4/+4
| | | | | (cherry picked from commit 2167ac2cd42c9ed5aaae0086dbd27e29d1d77686) (cherry picked from commit fd387cd0bf186a94b64e8c2085c943992629e5af)
* Fix denial of service - memory corruption.Jeremy Allison2011-02-271-0/+17
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* libwbclient: Re-Fix a bug that was fixed with e5741e27c4cVolker Lendecke2010-05-064-26/+53
| | | | | | | | | | | | | | | | | | > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out! Volker (cherry picked from commit 3dab33103f4eddabdb908498200d888dfa6ae5a9)
* s3: Fix malformed require_membership_of_sid.Bo Yang2010-02-151-0/+12
| | | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 913a9f4e420c7a4177e6a7874e8ec2703f447918) Fix bug #7106. (cherry picked from commit 7e965f545b6f4d5f1ad12f4177eb477248c895c8)
* s3-kerberos: next step to resolve Bug #6929: build with recent heimdal.Günther Deschner2009-12-231-1/+5
| | | | | | | | | | Based on patch from Allan <allan@archlinux.org>. Also should fix the FreeBSD build on the buildfarm. Guenther (cherry picked from commit 5b3a32be97a37c119e837bdee8f049684565458c) (cherry picked from commit 9ea9c2089ed0835f4cf8f5fb6fecf4f156b19520)
* nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.Günther Deschner2009-12-231-0/+1
| | | | | | Guenther (cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d) (cherry picked from commit 0d19596e123d63343d31ca1783cc1f56d4f21684)
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2009-10-261-3/+7
| | | | | | | | Fix bug #6840. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit b9a3f1dd85d168c15df846dba525f4f882d1acf8) (cherry picked from commit a0fbf067011ae50d63c6ed2a79f1ff00c2ce2d11)
* s3: Don't fail authentication when one or some group of ↵Bo Yang2009-10-261-2/+23
| | | | | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 31f1a36901b5b8959dc51401c09c114829b50392) Fix bug #6826. (cherry picked from commit f383e5f549f9f2075a064ba3d88fa9b34c5e3389)
* Fix bug 6811 - pam_winbind references freed memory. s3: Fix reference to ↵Bo Yang2009-10-201-3/+4
| | | | | | freed memory in pam_winbind. (cherry picked from commit 106e3d5bdb1683d53b5525e3fe2e9e2d9de27e2c)
* s3: Fix a memleak reported by dmarkeyVolker Lendecke2009-10-201-0/+4
| | | | | | | (cherry picked from commit 5aeb954ba9382e1975c64ac96f1e377ed6af3ae0) Fix bug #6797. (cherry picked from commit a5e71f765927de5aa2a8e6a21cc297d274e8a1c2)
* s3: Don't overwrite password in pam_winbind, subsequent pam modules might ↵Bo Yang2009-10-201-4/+0
| | | | | | | | | use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org> Fix bug #6735. (cherry picked from commit 2a2779bb752d83ff51161a7e5d62ca21c4e6c909)
* s3:libwbclient: Fix bug 6349, initialize domain info structVolker Lendecke2009-09-031-0/+2
| | | | (cherry picked from commit e1a50994800ce311925214254c0a471a9f32c1f7)
* wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ↵Günther Deschner2009-09-031-4/+15
| | | | | | | ntlmv2 blobs in wbcAuthenticateUserEx(). Guenther (cherry picked from commit dadc57b140b4379f9f2f6fafe40332061df4d5a5)
* s3: To correctly handle upnBo Yang2009-08-131-1/+12
| | | | | | | | | | lookupname failed, cannot find domain when attempt to change password. This addresses bug #6560. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 9acc670541031414d0cb5df39d18866c4c96b37c)
* s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry calculation.Günther Deschner2009-06-191-1/+2
| | | | | | | Based on patch from Blindauer Emmanuel <samba@mooby.net>. Guenther (cherry picked from commit e77355fec0f3b30cadcefc106c4f7957bf763c6b)
* nsswitch/winbind_nss_aix.c(fill_grent): fixed memory leak.Slava Semushin2009-05-261-0/+3
| | | | | | Found by cppcheck: [./nsswitch/winbind_nss_aix.c:241]: (error) Memory leak: result (cherry picked from commit bfe6186c600470916d73c3d3b17b6dfc27c299bd)
* Fix a bunch of compiler warnings about wrong format types.Jeremy Allison2009-05-261-19/+23
| | | | | | Should make Solaris 10 builds look cleaner. Jeremy. (cherry picked from commit b5947b876f3c777e075879d305b6672a6c8d8abd)
* s3-pam_winbind: Fix Bug 6253: Use correct value for password expiry calculation.Günther Deschner2009-05-261-1/+1
| | | | | | | | Patch from Blindauer Emmanuel <samba@mooby.net>. Guenther (cherry picked from commit 290449aeae950d7490cdcf9d601052fc45bb84dd) (cherry picked from commit a79ae4e5364fe8e3ec6b451364dc5d861f202528)
* Fix Coverity ID 626: DEADCODEVolker Lendecke2009-04-281-5/+0
| | | | (cherry picked from commit eb247d6eb727b451727f454b0ec207f255341671)
* libwbclient: Fix undocumented arguments doxygen warnings.Günther Deschner2009-04-151-8/+8
| | | | | Guenther (cherry picked from commit f2b3fbf0c04a6f9484853da263174a472eb6bb6d)
* s3-nsswitch: Fix Bug #6238 2nd part. zero blob pointer in wbcLogoffUserParams.Günther Deschner2009-04-151-0/+1
| | | | | | | | Patch from Rashid N. Achilov <citycat4@ngs.ru>. Guenther (cherry picked from commit 43372b27403f617897bab564c42eead4d64532e4) (cherry picked from commit 5b8fc3858d3327056cd1ff9d2a47f6992825fcf2)
* s3-nsswitch: Fix Bug #6238. Make sure wbcLogoffUserParams are properlyGünther Deschner2009-04-151-2/+2
| | | | | | | | | | initialized before freed. Fix inspired by patch from Rashid N. Achilov <citycat4@ngs.ru>. Guenther (cherry picked from commit 09265bcff5a2fac42f5abf34b8b439aa0a6998a1) (cherry picked from commit 24ff9b8dba8e4e0918b0aabf5cb8bacecfbc39d7)
* nsswitch: only define TALLOC_FREE if neededStefan Metzmacher2009-04-151-0/+2
| | | | | | metze (cherry picked from commit d0b9cc62f99a1feca68c473f3cd1e93e50ab2eab) (cherry picked from commit 28b48329864b642c117ba193d94e5cbe466be10c)
* s3: Implement wbcGetSidAliasesDan Sledz2009-02-114-0/+219
| | | | | | * Adds wbcGetSidAliases that calls the lookup_useraliases function. * Updates wbinfo and winbind_util.c to call the new function. * Also added winbind_get_groups helper function.
* s3: Implement wbcGetpwsidDan Sledz2009-02-114-4/+92
| | | | | | | | * Adds the plumbing required to lookup users by sid into winbind, wbinfo and smbd helper lib (winbind_util.c). * Removes some double declarations of winbind_util.c functions. * Bumps the winbind protocol version to 21 and the minor version of wbclient to 3.
* s4:selftest: avoid hardcoded pathes in blackbox testsStefan Metzmacher2009-02-031-2/+2
| | | | metze
* talloc: Change the two other definitions of TALLOC_FREE to match the primary ↵Tim Prouty2009-01-231-1/+1
| | | | | | | | version Eventually these two other definitions should be removed and all of the TALLOC macros should live in the same header. Until then, this patch eliminates some build warnings.
* Avoid flooding of syslog with failing pam_putenv messages.Andreas Schneider2009-01-191-1/+1
| | | | | Signed-off-by: Andreas Schneider <anschneider@suse.de> Signed-off-by: Günther Deschner <gd@samba.org>
* s4-winbind: Add support for the WINBINDD_LIST_GROUPS command.Kai Blin2009-01-151-2/+1
|
* s4 torture: Add another wbinfo test and fix a typo in another oneKai Blin2009-01-151-2/+2
|
* s4 torture: Fix the wbinfo blackbox testsKai Blin2009-01-141-5/+13
|
* s3:winbindd: move WINBINDD_CCACHE_ENTRY and WINBINDD_MEMORY_CREDS to winbindd.hStefan Metzmacher2009-01-051-27/+0
| | | | metze
* wbinfo4: Add --gid-info optionKai Blin2008-12-291-0/+37
|
* wbinfo: Add --gid-info option.Kai Blin2008-12-291-0/+30
|
* Tweak with pam defines of older Linux versionsLars Müller2008-12-171-1/+8
| | | | | | | PAM_AUTHTOK_RECOVERY_ERR is not defined by older Linux versions (SUSE Linux Enterprise 9 and RedHat Enterprise 4). Patch suggested by Philipp Thomas <pth at suse dot de>.
* nsswitch: fix compiler warnings in winbind_nss_linux.cStefan Metzmacher2008-12-171-3/+3
| | | | metze
* nss_winbind: Solaris 64-bit fix and...SATOH Fumiyasu2008-12-162-2/+10
| | | | | | | | | | | PATCH 1: Fix gmem->numgids and gmem->maxgids breakage on Solaris 64-bit because sizeof(int) != sizeof(long int). PATCH 2: This patch fixes a compile-time warning "warning: implicit function declaration: _nss_winbind_initgroups_dyn". (cherry picked from commit cb036772d09227f870c2fec3ecd8c3f53787dfbc)
* nsswitch: Fix paths for Samba4 blackbox wbinfo testKai Blin2008-12-161-2/+2
|
* nsswitch: Move nsswitch files from source4 to top level nsswitch dirKai Blin2008-12-167-0/+2059
|
* nsswitch: Move source3 files to top level dir.Kai Blin2008-12-1633-0/+18573
Don't move source4 files yet to not confuse git's rename tracking too much.
View Lorry Controller Status