summaryrefslogtreecommitdiff
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* CVE-2020-25717: nsswitch/nsstest.c: Lower 'non existent uid' to make room ↵Joseph Sutton2021-11-171-1/+1
| | | | | | | | | | | for new accounts BUG: https://bugzilla.samba.org/show_bug.cgi?id=14901 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit fdbee5e074ebd76d659613b8b7114d70f938c38a)
* nsswitch: ensure the attrlist_t array is large enough for a NULL sentinelRalph Boehme2021-07-121-1/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14754 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Jul 12 15:11:42 UTC 2021 on sn-devel-184
* nsswitch: Migrate wbinfo to new cmdline option parserAndreas Schneider2021-06-202-4/+11
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:torture: Migrate smbtorture to new cmdline option parserAndreas Schneider2021-06-161-19/+25
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: Fix a typoVolker Lendecke2021-06-041-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tests: Use --configfile instead of -sAndreas Schneider2021-04-281-1/+1
| | | | | | | | | | We should use long options in tests to make clear what we are trying to do. Also the -s short option will be removed for --configfile later. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* tests: Use ldbsearch '--scope instead of '-s'Andreas Schneider2021-04-281-2/+2
| | | | | | | | We should use long options in tests to make clear what we are trying to do. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wbinfo: Allow SID for -RVolker Lendecke2021-04-011-10/+15
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch pam_winbind: Fix clang compilation errorGary Lockyer2021-02-121-0/+7
| | | | | | | | | | | Fix clang compilation error: error: format string is not a string literal [-Werror,-Wformat-nonliteral] Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Feb 12 00:10:50 UTC 2021 on sn-devel-184
* pam_winbind: improve pam message if minimum password age strikesBjörn Jacke2021-02-091-3/+6
| | | | | | | | if minimum password age strikes we should output the next possible password change time and not other password restriction policies. Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libwbclient: Fix wbcStringToGuidVolker Lendecke2021-01-281-4/+4
| | | | | | | | The "x" sscanf conversion specifier requires an unsigned int. It is likely that this is actually a uint32_t, don't rely on that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Samuel Cabrero <scabrero@samba.org>
* wbinfo: Align some integer typesVolker Lendecke2020-11-301-7/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* winbind: alternatively use prama fini for destructors if supportedBjörn Jacke2020-11-101-0/+2
| | | | | | | | Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 10 08:17:53 UTC 2020 on sn-devel-184
* nsswitch: Add an async DNS kerberos locator plugin.Jeremy Allison2020-10-082-0/+462
| | | | | | | Used in production on a large customer site. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* tests: Make sure that idmap_ad retrieves unix nss attributesVolker Lendecke2020-09-021-2/+18
| | | | | | | | | | | | Make sure that unix_primary_group and unix_nss_info idmap_ad options work. We have two domains here and test wbinfo -i for both domains, so we also run the test without those options for the trusted domain. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 2 10:35:53 UTC 2020 on sn-devel-184
* s3: safe_string: do not include string_wrappers.hMatthew DeVore2020-08-282-0/+2
| | | | | | | | | | | | | Rather than have safe_string.h #include string_wrappers.h, make users of string_wrappers.h include it explicitly. includes.h now no longer includes string_wrappers.h transitively. Still allow includes.h to #include safe_string.h for now so that as many modules as possible get the safety checks in it. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* test: Test winbind idmap_ad ticket expiry behaviourVolker Lendecke2020-08-211-0/+74
| | | | | | | | | | | | | | | | | | | | | We need to make sure that winbind's idmap_ad deals fine with an expired krb ticket used to connect to AD via LDAP. In a customer situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop response coming through, but the TCP disconnect that Windows seems to do after that did not make it. Winbind deals fine with a TCP disconnect, but right now it does not handle just the section 4.4.1 response properly: It completely hangs. This test requests a ticket valid for 5 seconds and makes the LDAP server postpone the TCP disconnect after the ticket expiry for 10 seconds. The tests that winbind reacts to the ticket expiry exop response by making sure in this situation the wbinfo call running into the issue takes less than 8 seconds. If it did not look at the expiry exop response, it would take more than 10 seconds. Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* tests: Fix typosVolker Lendecke2020-08-171-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: relicense smb_strtoul(l) under LGPLv3Ralph Boehme2020-08-034-3/+4
| | | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184
* nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.hKhem Raj2020-07-281-8/+8
| | | | | | | | | | | | | | | glibc 2.32 will define these varibles [1] which results in conflicts with these static function names, therefore prefix these function names with samba_ to avoid it [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d Signed-off-by: Khem Raj <raj.khem@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Tue Jul 28 10:52:00 UTC 2020 on sn-devel-184
* pam_winbind: Fix CID 242274 Time of check time of useChristof Schmitt2020-07-171-5/+14
| | | | | | | | | Always issue the mkdir call to avoid the TOCTOU issue. Only if there is already an object with the requested name, check whether it is a directory. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* nsswitch: silence openpam error messages about unexpected responsesAndrew2020-06-231-5/+79
| | | | | | | | | | | | | | | | Openpam will log an error message when it receives an unexpected response. On servers using openpam, convert an unexpected response into PAM_SERVICE_ERR and log what we're doing so that logging behavior is more user-configurable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14416 Signed-off-by: Andrew <awalker@ixsystems.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Jun 23 08:08:29 UTC 2020 on sn-devel-184
* nsswitch: fix use-after-free causing segfault in _pam_delete_credGünther Deschner2020-03-301-1/+1
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14327 Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Mon Mar 30 13:01:20 UTC 2020 on sn-devel-184
* nsswitch:tests: Add test to check correct group lookup with samlogon cacheAndreas Schneider2020-01-241-0/+50
| | | | | | | | | | TEST FOR: https://bugzilla.samba.org/show_bug.cgi?id=14124 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jan 24 17:18:38 UTC 2020 on sn-devel-184
* nsswitch: Fix username in wbinfo -K outputAndreas Schneider2020-01-241-1/+1
| | | | | | We should not print the password if specified via the command line. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* build: Do not build selftest binaries for builds without --enable-selftestAndrew Bartlett2019-11-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add new for_selftest option to SAMBA_BINARY() and SAMBA3_BINARY() This allows us to be much more consistent (at least in the core Samba) and documents clearly why the binary should not be installed. Not modified are - test_lp_load - notifyd-tests - gendrandperf - test* from examples/libsmbclient - dbwrap_torture - split_tokens - locktest2 - msgtest - msg_sink - msg_source - versiontest - rpc_open_tcp - test_headers As these are not tested in selftest so any change would also be untested. Of course they probably should be added in a different MR. Also not modified (because they are not tests, nor part of the build system) are: - smb2mount - notifydd - log2pacp - debug2html - smbfilter - destroy_netlogon_creds_cli - spotlight2* - tevent_glib_tracker These do however appear to be untested. For now, the source4 forked client tools are left unchanged: - smbclient4 - nmblookup4 Finally, the heimdal binaries are left as install=False as they are either part of the build system or end-user tools that we just don't want to install. These are however tested. The motivation is commit like c34ec003b7d45aa4196ff93a0ac29694b25e5309 and da87fa998ab71328f30bcdf5b41aee8675aee48a, which are both totally correct but are not needed if the selftest is not run on MacOS. There are likely other platforms or build environments where building our test binaries is more pain than valuable, see for example also https://lists.samba.org/archive/samba/2019-November/227137.html Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org> Autobuild-User(master): Isaac Boukris <iboukris@samba.org> Autobuild-Date(master): Fri Nov 22 11:48:59 UTC 2019 on sn-devel-184
* krb5_plugin: Fix developer build with newer heimdal system libraryChristof Schmitt2019-11-131-0/+4
| | | | | | | | | | | Newer heimdal versions provide a different locator plugin interface. The function pointer for the old method has been renamed. Use an ifdef to initialize the correct pointer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* krb5_plugin: Use C99 initializerChristof Schmitt2019-11-131-4/+4
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: Link stress-nss-libwbclient against pthreadIsaac Boukris2019-10-161-1/+1
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* selftest: Test ID_TYPE_BOTH with idmap_rid moduleChristof Schmitt2019-09-271-0/+132
| | | | | | | | | | | | | ID_TYPE_BOTH means that each user and group has two mappings, a uid and gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid always return some information, so that uid and gid can be mapped to a name. Establish a test to verify that the expected information is returned. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: add logging to wbc_auth_error_to_pam_error() for non auth errorsStefan Metzmacher2019-09-241-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* nsswitch/libwbclient: clang: Fix Value stored to 'wbc_status' is never readNoel Power2019-07-111-1/+0
| | | | | | | | | | | | Fixes: nsswitch/libwbclient/wbc_util.c:123:3: warning: Value stored to 'wbc_status' is never read <--[clang] wbc_status = WBC_ERR_SUCCESS; ^ ~~~~~~~~~~~~~~~ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* nsswitch/libwbclient: clang Fix Potential leak of memoryNoel Power2019-07-111-2/+4
| | | | | | | | | | | Fixes: nsswitch/libwbclient/wbc_sid.c:848:2: warning: Potential leak of memory pointed to by 'extra_data' free(extra_data); ^ 1 warning generated. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* nsswitch: Update all consumers of strtoul_err(), strtoull_err() to new APISwen Schillig2019-06-303-16/+35
| | | | | | Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* nsswitch: Use GnuTLS RC4 in wbclient testAndreas Schneider2019-06-271-3/+28
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: cppcheck: Fix ctunullpointer errorNoel Power2019-06-041-4/+6
| | | | | | | | | Fixes nsswitch/pam_winbind.c:1379: error: ctunullpointer: Null pointer dereference: info <--[cppcheck] Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* nsswitch: cppcheck: Fix memleakOnRealloc errorsNoel Power2019-06-041-0/+6
| | | | | | | | | | | Fixes the following errors nsswitch/nsstest.c:192: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck] nsswitch/nsstest.c:230: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck] nsswitch/nsstest.c:269: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck] Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org>
* nsswitch pam_winbind: Fix Asan use after freeGary Lockyer2019-05-061-0/+5
| | | | | | | | | | | | | | | Fix use after free condition detected by Address Sanitizer triggered by wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a double free. This patch prevents the Address Sanitizer error, allowing tests to be run with Address Sanitizer enabled. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184
* selftest: Add trusted domain tests for idmap_adChristof Schmitt2019-04-241-0/+106
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Pass trusted domain information to idmap_ad testChristof Schmitt2019-04-241-2/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Add gid-to-sid lookup to idmap_ad testChristof Schmitt2019-04-241-0/+24
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch: Fix usage information of test_wbinfo_name_lookup.shChristof Schmitt2019-04-181-2/+2
| | | | | | | | Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Christof Schmitt <cs@samba.org> Autobuild-Date(master): Thu Apr 18 18:20:26 UTC 2019 on sn-devel-144
* nsswitch: Add testcase for checking output of wbinfo --sid-to-nameChristof Schmitt2019-04-181-0/+15
| | | | | | | | | | The username should always be returned in the DOMAISHORTNAME/USERNAME format. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* wbinfo: Use wrapper for string to integer conversionSwen Schillig2019-03-011-3/+11
| | | | | | | | | | | | In order to detect an value overflow error during the string to integer conversion with strtoul/strtoull, the errno variable must be set to zero before the execution and checked after the conversion is performed. This is achieved by using the wrapper function strtoul_err and strtoull_err. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libwbclient: Use wrapper for string to integer conversionSwen Schillig2019-03-013-21/+27
| | | | | | | | | | | | In order to detect an value overflow error during the string to integer conversion with strtoul/strtoull, the errno variable must be set to zero before the execution and checked after the conversion is performed. This is achieved by using the wrapper function strtoul_err and strtoull_err. Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libwbclient: Protect wbcCtxUnixIdsToSids against integer-wrapVolker Lendecke2019-02-281-1/+11
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* wbinfo: fix --ntlmv1 optionGary Lockyer2019-02-201-0/+1
| | | | | | | | Currently using the --ntlmv1 option fails with an unknown option error. This patch ensures that the option is correctly supported. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* nssswitch: Log user access to kerberosAndreas Schneider2019-02-181-5/+16
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Feb 18 13:01:12 CET 2019 on sn-devel-144
* nsswitch: Use C99 initializer for poptOption in wbinfoAndreas Schneider2019-01-281-81/+484
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* selftest: Test sids-to-xids with one failing sidVolker Lendecke2019-01-081-0/+32
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>