summaryrefslogtreecommitdiff
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* nsswitch: Extend idmap_rfc2307 testcase for reverse lookupChristof Schmitt2015-06-091-9/+63
| | | | | | | | | | | | | | | Also test the codepaths to map UID and GID back to SID and names. Use different user and group to avoid returning results cached from the previous lookups. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 5 01:24:32 CEST 2015 on sn-devel-104 (cherry picked from commit c1c07b462058f863e706127203e6f30dba89a2a9)
* nsswitch: fix soname of linux nss_*.so.2 modulesStefan Metzmacher2015-01-111-6/+18
| | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=9299 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (similar to commit 575b093dac3c509b1bfaab0b4ad29b9b4214e487) Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Sun Jan 11 16:15:06 CET 2015 on sn-devel-104
* pam_winbind: fix warn_pwd_expire implementation.Günther Deschner2014-12-081-1/+4
| | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=9056 warn_pwd_expire parameter is not working as documented in pam_winbind manual page. This patch adds missing bit and allows disabling warning message fully, i.e. setting warn time to zero days. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Dec 3 21:36:49 CET 2014 on sn-devel-104
* nss_winbind: add getgroupmembership for FreeBSDBjörn Jacke2014-10-261-1/+73
| | | | | | | | | | | | | The getgroupmembership call on FreeBSD is needed for "winbind expand groups=0" (the new default in 4.2) to work. Thanks to Timur I. Bakeyev for the enhancement patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10835 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org> (cherry picked from commit 8ccf5f66691e2bbf0883afa658282ef2ac60b015)
* nsswitch: Skip groups we were not able to map.Andreas Schneider2014-09-271-0/+5
| | | | | | | | | | | | | | | | | | | | If we have configured the idmap_ad backend it is possible that the user is in a group without a gid set. This will result in (uid_t)-1 as the gid. We return this invalid gid to NSS which is wrong. BUG: https://bugzilla.samba.org/show_bug.cgi?id=10824 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104 (cherry picked from commit 7f59711f076e98ece099f6b38ff6da8c80fa6d5e) Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Sat Sep 27 23:12:49 CEST 2014 on sn-devel-104
* libwbclient: allow only one initial_blob/challenge_blob in wbcCredentialCache()Stefan Metzmacher2014-07-151-9/+19
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: libwbclient: Don't break out of loop too soon - find all parameters.Jeremy Allison2014-07-151-2/+0
| | | | | | | | Fix bug #10692: wbcCredentialCache fails if challenge_blob is not first https://bugzilla.samba.org/show_bug.cgi?id=10692 Signed-off-by: Jeremy Allison <jra@samba.org>
* wbinfo: Fix a memory leak in wbinfo_ping_dc().Andreas Schneider2014-01-131-0/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> (cherry picked from commit 541164d47a86bab90ef96a9be40b8c0997abdd61)
* CVE-2012-6150: Fail authentication for single group name which cannot be ↵Noel Power2013-12-061-0/+6
| | | | | | | | | | | | | | | converted to sid furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10300 Bug: https://bugzilla.samba.org/show_bug.cgi?id=10306 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> [ddiss@samba.org: fixed incorrect bugzilla tag I added to master commit]
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-052-3/+27
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* nsswitch: Fix short writes in winbind_write_sockVolker Lendecke2013-10-281-2/+2
| | | | | | | | | | | | | | We set the socket to nonblocking and don't handle EAGAIN right. We do a poll anyway, so wait for writability, which should fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit c6909887c26d4e827633acd50b11cf08c6aee0f7) Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Mon Oct 28 12:50:37 CET 2013 on sn-devel-104
* waf: replace dependency to libintl with samba_intlChristian Ambach2013-08-201-1/+1
| | | | | | | | | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104 (cherry picked from commit 20b64eae75b8809d67b8c2824616996bb4722612) The last 5 patches address bug #9911 - Build Samba 4.0.x on AIX with IBM XL C/C++.
* nsswitch: Add OPT_KRB5CCNAME to avoid an error message.Andreas Schneider2013-08-051-2/+4
| | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10048 Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 26 17:40:26 CEST 2013 on sn-devel-104 Autobuild-User(v4-1-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-1-test): Mon Aug 5 22:14:36 CEST 2013 on sn-devel-104
* wbinfo: allow to define a custom krb5ccname for kerberized pam auth.Günther Deschner2013-07-241-2/+4
| | | | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 73e6feff9b3f30e70d84fe256aff239fafdfdb95)
* nsswitch: fix a commentChristian Ambach2013-06-251-1/+1
| | | | | | | the beginning if is only ifdef LINUX now, not the long list this comment refers to Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* nsswitch: Remove #if SAMBA_BUILD_ >= 4 now we only have the waf buildAndrew Bartlett2013-05-281-4/+0
| | | | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* nsswitch: fix some typosChristian Ambach2013-05-171-2/+2
| | | | | | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104
* Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logonDavid Disseldorp2013-04-171-4/+3
| | | | | | | | | | | wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always returns an allocated wbcAuthErrorInfo struct on failure. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
* BUG 9735: Fix winbind seperator in upn to username conversion.Andreas Schneider2013-03-221-1/+1
| | | | | | | Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 22 16:18:06 CET 2013 on sn-devel-104
* Add testcase for idmap_rfc2307 moduleChristof Schmitt2013-03-091-0/+94
| | | | | | | | | | | Create a new test environment with 'idmap config DOMAIN : backend = rfc2307'. A new test script adds LDAP records and queries them again for the mapped uid and gid. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
* Correct the name of the nss_winbind module for FreeBSD by creating a symlinkRichard Sharpe2013-03-081-1/+1
| | | | | | | | | | | from the FreeBSD required name to the built module. Signed-off-by: Timur Bakeyev <timur@FreeBSD.org> Reviewed-by: Andrew Bartlett <abartlett@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104
* wbinfo: Fix several memory leaks.Andreas Schneider2013-02-221-0/+8
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* build: Remove includes.h dep in winbind client librariesAndrew Bartlett2013-02-221-1/+0
| | | | | | | | | | | | Our LGPL winbind client libs do not link against our server-side code, and should not use the server-side includes.h. This removes a build-time dep on talloc that was brought in via includes.h as this code also does not use talloc. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Fix two bitfield constants being the same.Ira Cooper2013-01-181-3/+1
| | | | | | | | | | | WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB are the same causing errors in NTLMv2 authentication. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104
* Sort winbind request flags. Ira saw we have a duplicate.Jeremy Allison2013-01-181-9/+9
| | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed by: Ira Cooper <ira@wakeful.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Add test for rfc2307 mapping handlingAndrew Bartlett2013-01-101-0/+181
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libwbclient: Fix null check in process_domain_info_string().Andreas Schneider2012-12-211-5/+0
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* nsswitch: Fix wbclient BAIL macros.Andreas Schneider2012-12-211-2/+2
| | | | | | | | | | | In the code you normally use: BAIL_ON_WBC_ERROR; but the last ; is statement never reached, so dead code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* nsswitch: Fix pam_get_{item,data} build warnings.Andreas Schneider2012-12-121-31/+15
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* nsswitch: Remove unused variable in _pam_winbind_change_pwd().Andreas Schneider2012-12-121-3/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* nsswitch: Cleanup code in parse_wbinfo_domain_user().Andreas Schneider2012-12-121-1/+2
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* wbinfo: Use new samba_getpass() function.Andreas Schneider2012-12-031-4/+11
| | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* build: Do not install testing binariesAndrew Bartlett2012-11-221-3/+4
| | | | | | | | | | | | | These binaries are for developer or selftest use, and are not supported for installation onto the system. The autoconf build does not install these binaries, and so neither should the waf build. Andrew Bartlett Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Nov 22 12:00:36 CET 2012 on sn-devel-104
* pam_winbind: fix segfault in pam_sm_authenticate()David Disseldorp2012-10-261-3/+4
| | | | | | | | | | | | Ensure the potentially null winbind context is not dereferenced on cleanup. https://bugzilla.samba.org/show_bug.cgi?id=8564 Signed-off-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Oct 26 22:40:57 CEST 2012 on sn-devel-104
* waf: Create a libnss_winbind.so symlink.Andreas Schneider2012-10-221-0/+1
| | | | This fixes bug #9299.
* nsswitch: Build nss_winbind on all supported platformsAndrew Bartlett2012-10-031-10/+49
| | | | | | This matches what the autoconf build can do. Andrew Bartlett
* selftest: Always build a linux-style nss_winbind for nss_wrapperAndrew Bartlett2012-10-031-0/+9
|
* s3: Fix libnss_winbind.so's build on Illumos/SolarisIra Cooper2012-09-302-7/+20
| | | | | | | | Due to not building and linking in the winbind_nss_solaris bits in addition to the linux bits, nss was broken on Solaris. Autobuild-User(master): Ira Cooper <ira@samba.org> Autobuild-Date(master): Sun Sep 30 22:56:30 CEST 2012 on sn-devel-104
* nsswitch: Add waf tests for solaris special casesAndrew Bartlett2012-09-261-0/+16
| | | | | | | | | | These are in configure.in for autoconf. Found in the config.h comparison on the smbtorture4 build. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 26 11:50:10 CEST 2012 on sn-devel-104
* libwbclient: bump ABI to 0.11 as wbcAuthenticateUserEx now provides PAC parsingAndrew Bartlett2012-09-213-2/+79
| | | | | Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Sep 21 06:37:15 CEST 2012 on sn-devel-104
* winbind: Extend wbcAuthenticateUserEx to provide PACChristof Schmitt2012-09-203-21/+38
| | | | | | | | | | | | | | With this new interface, external applications that have authenticated to an ADS can pass the PAC from the Kerberos ticket to wbcAuthenticateUserEx. winbindd decodes and extracts the info3 information for the external application. If winbindd can verify the PAC signature, the info3 from the PACis also added to the netsamlogon_cache. The info3 data can be used by the external application to get the uid and primary gid. The data in netsamlogon_cache allows to retrieve the complete group list through the NSS function getgrouplist. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* pam_winbind: match more return codes when wbcGetPwnam has failed.Günther Deschner2012-09-191-0/+3
| | | | | | | | | | This is required to properly return PAM_USER_UNKNOWN in case winbind had a problem. Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104
* nsswitch: fix crash on null pam change pw responseLuca Lorenzetto2012-09-121-1/+1
| | | | | | | | | | | | The function _pam_winbind_change_pwd crashes due to a null value passed to the function strcasecmp and denies to login via graphical login manager. Check for a null value before doing a strcasecmp. Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296 Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013 Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Sep 12 00:07:28 CEST 2012 on sn-devel-104
* Extending space for fqdn in wbinfo --trusted-domains in verbose modeDaniel Liberman2012-08-231-2/+2
| | | | | | | | | Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104
* libwbclient: Add test for wbcPingDc2Christof Schmitt2012-08-151-0/+14
| | | | | | | The internal domain used in 'make test' does not report a DC name, so just add tests similar to the old wbcPingDc call. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* wbinfo: Improve output of wbinfo --ping-dcChristof Schmitt2012-08-151-3/+5
| | | | | | | | | | | Use wbcPingDc2 to get the DC name and print it. Cleanup error messages: Remove "Could not ping our DC", there is always a more specific message. Avoid printing "failed to call wbcPingDc" in case the ping has been attempted and it returns an error, the error is already printed. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* libwbclient: Add wbcPingDc2Christof Schmitt2012-08-154-2/+115
| | | | | | | Add wbcPingDc2 that optionally returns the DC that was attempted to ping. wbcPing is implemented as a wrapper around wbcPingDc2. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* nsswitch: add ABI checking and symbol versions to libwbclientAndrew Bartlett2012-08-102-0/+78
| | | | | | | | | This will ensure that we do not unintentionally break the ABI. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Aug 10 04:08:54 CEST 2012 on sn-devel-104
* nsstest: fix use of a non-existent word (existant)Michael Adam2012-06-121-4/+4
|
* libwbclient: Fix an invalid free()Volker Lendecke2012-05-161-1/+1
| | | | | Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Wed May 16 00:00:00 CEST 2012 on sn-devel-104
View Lorry Controller Status