summaryrefslogtreecommitdiff
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* nsswitch: Also set h_errnop for nss_wins functionsAndreas Schneider2016-10-131-0/+9
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> (cherry picked from commit 382345126c56e26d3dbc319f1c7c1dae3c4fafc9)
* nsswitch: Add missing arguments to wins gethostbyname*Andreas Schneider2016-10-131-10/+41
| | | | | | | | | | | The errno pointer argument is missing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> (cherry picked from commit 124ae4e861f048fe015bff32ace4abff4d3e6c62)
* selftest: test idmap backend id allocation for unknown SIDSRalph Boehme2016-06-281-0/+41
| | | | | | | | | | | | If an SID is is not found becaues the RID doesn't exist in a domain and the domain is configured to use a non-allocating idmap backend like idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the SID. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Fix memory leak in test_wbc_trusts()Andreas Schneider2016-06-241-10/+25
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_groups()Andreas Schneider2016-06-241-18/+55
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_users()Andreas Schneider2016-06-241-30/+77
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_domain_info()Andreas Schneider2016-06-241-11/+21
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_pingdc2()Andreas Schneider2016-06-241-19/+39
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_get_sidaliases()Andreas Schneider2016-06-241-17/+25
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_pingdc()Andreas Schneider2016-06-241-12/+22
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macroAndreas Schneider2016-06-241-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nss_wins: Fix the hostent setupTom Mortensen2016-04-221-3/+3
| | | | | | | | This can never have been tested.... Signed-off-by: Tom Mortensen <tomm@lime-technology.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nss_wins: ip_pton expects the raw IP addressTom Mortensen2016-04-221-1/+6
| | | | | | Signed-off-by: Tom Mortensen <tomm@lime-technology.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH responseStefan Metzmacher2016-04-122-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | We don't need to change the protocol version because: 1. An old client may provide the "initial_blob" (which was and is still ignored when going via the wbcCredentialCache() function) and the new winbindd won't use new_spnego. 2. A new client will just get a zero byte from an old winbindd. As it uses talloc_zero() to create struct winbindd_response. 3. Changing the version number would introduce problems with backports to older Samba versions. New clients which are capable of using the new_spnego field will use "negotiate_blob" instead of "initial_blob". BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* pam_winbind: Avoid a use of sprintfVolker Lendecke2016-03-311-3/+3
| | | | | | | | pam_winbind depends on talloc, which depends on libreplace, so we have asprintf available. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pam_winbind: Create and use a wbclient contextAndreas Schneider2016-03-252-8/+29
| | | | | | | | | | | | | | | | PAM sessions are long running. If we create a pam session a connection to winbind is established and only closed by the destructor of the libwbclient library. If we create a wbcContext, we will free it in the end of the PAM function being called and the socket will be closed. This decreases the amount of allocated 'winbindd_cli_state' structures in winbind for every logged in user. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
* pam_winbind: Use the correct type to check the pam_parse() return codeAndreas Schneider2016-03-251-2/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.Jeremy Allison2016-03-221-11/+0
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Tue Mar 22 07:59:35 CET 2016 on sn-devel-144
* nsswitch: winbind_nss_aix: Remove all uses of strcpy.Jeremy Allison2016-03-221-5/+11
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* nsswitch: linux: Remove use of strcpy().Jeremy Allison2016-03-221-16/+28
| | | | | | | | | The previous use was safe, but having *any* use of strcpy inside our code sets off security flags. Replace with an explicit length calculation and memcpy. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_authHerwin Weststrate2016-03-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented). It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2. It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected). After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected). $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= Logon failure (0xc000006d) $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2 NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694 Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl> Reviewed-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbind: Remove unused WINBINDD_UID_TO_SIDVolker Lendecke2016-02-221-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Feb 22 23:39:13 CET 2016 on sn-devel-144
* nss_aix: Hack away WINBINDD_UID_TO_SIDVolker Lendecke2016-02-221-0/+11
| | | | | | | | | To do a proper xids2sids conversion I need a build environment. Everyone who needs this and can build AIX please speak up! Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Remove unused WINBINDD_GID_TO_SIDVolker Lendecke2016-02-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxUnixIdsToSids in wbcCtxGidToSidVolker Lendecke2016-02-221-19/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxUnixIdsToSids in wbcCtxUidToSidVolker Lendecke2016-02-221-19/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Remove unused WINBINDD_SID_TO_GIDVolker Lendecke2016-02-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Remove unused WINBINDD_SID_TO_UIDVolker Lendecke2016-02-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxSidsToUnixIds in wbcCtxSidToGidVolker Lendecke2016-02-221-19/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxSidsToUnixIds in wbcCtxSidToUidVolker Lendecke2016-02-221-19/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wbinfo: Add --unix-ids-to-sidsVolker Lendecke2016-02-221-0/+77
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Implement wbc[Ctx]UnixIdsToSidsVolker Lendecke2016-02-224-2/+226
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Expose WINBINDD_XIDS_TO_SIDS externallyVolker Lendecke2016-02-221-1/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nss_netbsd: Remove unimplemented prototypesVolker Lendecke2016-02-111-13/+0
| | | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 11 04:43:53 CET 2016 on sn-devel-144
* nss_linux: Remove non-nss functionsVolker Lendecke2016-02-111-371/+0
| | | | | | | | | These functions were meant as a standard interface before libwbclient was developed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libwbclient: Fix a few resource leak CIDsVolker Lendecke2016-02-041-6/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libwbclient: Add "goto fail" test macrosVolker Lendecke2016-02-041-0/+21
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* pam_winbind: check != PAM_SUCCESS and != NULL explicitlyMichael Adam2016-01-131-14/+14
| | | | | | | | ...instead of using "if (ret)" or similar. This is just a code cleanup, no changes in behaviour. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* torture: add torture comment output of name/ip to WinsBy{Ip,Name} testsMichael Adam2016-01-111-0/+6
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* torture: Fix winbind.wbclient.ResolveWinsByIp testMichael Adam2016-01-111-1/+13
| | | | | | | | | | | | The test gets handed a name, so we first need to resolve the name to an IP before we can pass that on to ResolveWinsByIp. Bug uncovered by the new nss_wrapper code (1.1.2). Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Fix various spelling errorsMathieu Parent2015-11-061-1/+1
| | | | | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
* nss_wins: Use libwbclient to query wins serverAndreas Schneider2015-10-262-160/+86
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* nss_wins: Use lp_global_no_reinit()Andreas Schneider2015-10-261-1/+1
| | | | | | | | | | This avoids that we run into use after free issues when we access memory allocated on the globals and the global being reinitialized. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* wbinfo: make --verbose --pam-logon print sidsVolker Lendecke2015-10-121-0/+10
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Oct 12 14:01:50 CEST 2015 on sn-devel-104
* build: Move __attribute__ ((destructor)) and ((constructor)) tests to wafsambaAndrew Bartlett2015-10-091-1/+1
| | | | | | | | This allows us to use them in talloc as well. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
* nss_winbind: fix hang on Solaris on big groupsBjörn Jacke2015-09-111-0/+6
| | | | | | | | | | | | | | The problem with large groups on Solaris in the the NSS winbind module is Solaris wants the return value to be NSS_UNAVAIL if the buffer given is too small for getgrnam_r. The current code return NSS_TRYAGAIN which causes Solaris/Illumos to loop without trying to resize the buffer. Thanks to Nathan Huff <nhuff@acm.org> for finding this out. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10365 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Ralph Böhme <rb@sernet.de>
* nss_wins: add module for FreeBSDBjörn Jacke2015-09-112-1/+87
| | | | | | | | | Thanks to Timur Bakeyev <timur@FreeBSD.org> for the patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11493 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Ralph Böhme <rb@sernet.de>
* pam_winbind: Fix a segfault if initialization failsAndreas Schneider2015-09-081-11/+8
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Sep 8 21:39:21 CEST 2015 on sn-devel-104
* winbind client: avoid vicious cycle created by client retryUri Simchoni2015-07-151-17/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch cancels the retry policy of the winbind client. When winbindd fails to respond to a request within 30 seconds, the winbind client closes the connection and retries up to 10 times. In some cases, delayed response is a result of multiple requests from multiple clients piling up on the winbind domain child process. Retrying just piles more and more requests, creating a vicious cycle. Even in the case of a single request taking long to complete, there's no point in retrying because the retry request would just wait for the current request to complete. Better to wait patiently. There's one possible benefit in the retry, namely that winbindd typically caches the results, and therefore a retry might take a cached result, so the net effect of the retry may be to increase the timeout to 300 seconds. But a more straightforward way to have a 300 second timeout is to modify the timeout. Therefore the timeout is modified from 30 seconds to 300 seconds (IMHO 300 seconds is too much, but we have "winbind rquest timeout" with a default of 60 to make sure the request completes or fails within 60 seconds) BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397 Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* wbinfo: Dump user info for pam-logon -vVolker Lendecke2015-06-111-3/+42
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status