summaryrefslogtreecommitdiff
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
...
* wbinfo: Add "authoritative" to wbinfo -a outputVolker Lendecke2017-03-241-1/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libwbclient: add WBC_SID_NAME_LABELStefan Metzmacher2017-03-233-1/+6
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Mar 23 12:55:26 CET 2017 on sn-devel-144
* nsswtich: Add negative tests for authentication with wbinfoAndreas Schneider2017-03-221-0/+4
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Wed Mar 22 10:58:58 CET 2017 on sn-devel-144
* libwbclient: Add "authoritative" to wbcAuthErrorInfoVolker Lendecke2017-03-074-2/+137
| | | | | | | smbd needs to react to "authoritative" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind: Add "authoritative" to winbindd_responseVolker Lendecke2017-03-071-2/+4
| | | | | | | | This is a relevant piece of info in the samlogon response, smbd and netlogond need to be able to react to it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* pam_winbind: Return if we do not have a domainAndreas Schneider2017-02-231-3/+7
| | | | | | | | | Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Correct "Controler" typos.Chris Lamb2017-02-221-1/+1
| | | | | | Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* nsswitch: remove unused TALLOC_* defines in pam_winbind.hStefan Metzmacher2017-01-111-6/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* pam_winbind: Fix compiler warningsBjörn Jacke2016-12-161-4/+7
| | | | | | | | | | | | Thanks to Stef Walter <stefw@gnome.org> BUG: http://bugzilla.samba.org/show_bug.cgi?id=8888 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Dec 16 16:22:32 CET 2016 on sn-devel-144
* pam: strip trailing whitespaces in pam_winbind.cBjörn Jacke2016-12-131-5/+5
| | | | | | | | Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Karolin Seeger <ks@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Tue Dec 13 18:01:21 CET 2016 on sn-devel-144
* pam: map more NT password errors to PAM errorsBjörn Jacke2016-12-131-0/+5
| | | | | | | | | | | | | | | | NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION, NT_STATUS_PWD_HISTORY_CONFLICT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_TOO_SHORT now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is the closest match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed by: Jeremy Allison <jra@samba.org>
* nss_wins: Fix errno values for HOST_NOT_FOUNDAndreas Schneider2016-11-161-2/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 16 04:10:55 CET 2016 on sn-devel-144
* wbinfo: Use ntlmv2 by default for wbinfo -aVolker Lendecke2016-11-151-3/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch: Use own credential cache for wbinfo testsAndreas Schneider2016-09-252-2/+18
| | | | | | | | If we do not set it will add the credentials to the system default credential cache, which is e.g. FILE:/tmp/krb5cc_1000. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Also set h_errnop for nss_wins functionsAndreas Schneider2016-09-201-0/+9
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Tue Sep 20 20:16:43 CEST 2016 on sn-devel-144
* waf: Explicitly link against libnss_wins.soAndreas Schneider2016-09-201-1/+1
| | | | | | | | | | | | | | If we do not specify replace as a depencency here, it will not link to libreplace using an rpath. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12277 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Tue Sep 20 08:00:08 CEST 2016 on sn-devel-144
* nsswitch: Add missing arguments to wins gethostbyname*Andreas Schneider2016-09-201-10/+41
| | | | | | | | | | The errno pointer argument is missing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org>
* selftest: test idmap backend id allocation for unknown SIDSRalph Boehme2016-06-281-0/+41
| | | | | | | | | | | | If an SID is is not found becaues the RID doesn't exist in a domain and the domain is configured to use a non-allocating idmap backend like idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the SID. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Fix memory leak in test_wbc_trusts()Andreas Schneider2016-06-241-10/+25
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_groups()Andreas Schneider2016-06-241-18/+55
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_users()Andreas Schneider2016-06-241-30/+77
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_domain_info()Andreas Schneider2016-06-241-11/+21
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_pingdc2()Andreas Schneider2016-06-241-19/+39
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_get_sidaliases()Andreas Schneider2016-06-241-17/+25
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_pingdc()Andreas Schneider2016-06-241-12/+22
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macroAndreas Schneider2016-06-241-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nss_wins: Fix the hostent setupTom Mortensen2016-04-221-3/+3
| | | | | | | | This can never have been tested.... Signed-off-by: Tom Mortensen <tomm@lime-technology.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nss_wins: ip_pton expects the raw IP addressTom Mortensen2016-04-221-1/+6
| | | | | | Signed-off-by: Tom Mortensen <tomm@lime-technology.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH responseStefan Metzmacher2016-04-122-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | We don't need to change the protocol version because: 1. An old client may provide the "initial_blob" (which was and is still ignored when going via the wbcCredentialCache() function) and the new winbindd won't use new_spnego. 2. A new client will just get a zero byte from an old winbindd. As it uses talloc_zero() to create struct winbindd_response. 3. Changing the version number would introduce problems with backports to older Samba versions. New clients which are capable of using the new_spnego field will use "negotiate_blob" instead of "initial_blob". BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* pam_winbind: Avoid a use of sprintfVolker Lendecke2016-03-311-3/+3
| | | | | | | | pam_winbind depends on talloc, which depends on libreplace, so we have asprintf available. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* pam_winbind: Create and use a wbclient contextAndreas Schneider2016-03-252-8/+29
| | | | | | | | | | | | | | | | PAM sessions are long running. If we create a pam session a connection to winbind is established and only closed by the destructor of the libwbclient library. If we create a wbcContext, we will free it in the end of the PAM function being called and the socket will be closed. This decreases the amount of allocated 'winbindd_cli_state' structures in winbind for every logged in user. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
* pam_winbind: Use the correct type to check the pam_parse() return codeAndreas Schneider2016-03-251-2/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* nsswitch: winbind_nss_solaris.c: Remove unused macro containing strcpy.Jeremy Allison2016-03-221-11/+0
| | | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Autobuild-User(master): Martin Schwenke <martins@samba.org> Autobuild-Date(master): Tue Mar 22 07:59:35 CET 2016 on sn-devel-144
* nsswitch: winbind_nss_aix: Remove all uses of strcpy.Jeremy Allison2016-03-221-5/+11
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* nsswitch: linux: Remove use of strcpy().Jeremy Allison2016-03-221-16/+28
| | | | | | | | | The previous use was safe, but having *any* use of strcpy inside our code sets off security flags. Replace with an explicit length calculation and memcpy. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* Added MSV1_0_ALLOW_MSVCHAPV2 flag to ntlm_authHerwin Weststrate2016-03-111-0/+1
| | | | | | | | | | | | | | | | | | | | | | An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented). It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2. It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected). After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected). $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= Logon failure (0xc000006d) $ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2 NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694 Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl> Reviewed-by: Kai Blin <kai@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* winbind: Remove unused WINBINDD_UID_TO_SIDVolker Lendecke2016-02-221-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Feb 22 23:39:13 CET 2016 on sn-devel-144
* nss_aix: Hack away WINBINDD_UID_TO_SIDVolker Lendecke2016-02-221-0/+11
| | | | | | | | | To do a proper xids2sids conversion I need a build environment. Everyone who needs this and can build AIX please speak up! Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Remove unused WINBINDD_GID_TO_SIDVolker Lendecke2016-02-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxUnixIdsToSids in wbcCtxGidToSidVolker Lendecke2016-02-221-19/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxUnixIdsToSids in wbcCtxUidToSidVolker Lendecke2016-02-221-19/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Remove unused WINBINDD_SID_TO_GIDVolker Lendecke2016-02-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Remove unused WINBINDD_SID_TO_UIDVolker Lendecke2016-02-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxSidsToUnixIds in wbcCtxSidToGidVolker Lendecke2016-02-221-19/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Use wbcCtxSidsToUnixIds in wbcCtxSidToUidVolker Lendecke2016-02-221-19/+12
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* wbinfo: Add --unix-ids-to-sidsVolker Lendecke2016-02-221-0/+77
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libwbclient: Implement wbc[Ctx]UnixIdsToSidsVolker Lendecke2016-02-224-2/+226
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* winbind: Expose WINBINDD_XIDS_TO_SIDS externallyVolker Lendecke2016-02-221-1/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nss_netbsd: Remove unimplemented prototypesVolker Lendecke2016-02-111-13/+0
| | | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Feb 11 04:43:53 CET 2016 on sn-devel-144
* nss_linux: Remove non-nss functionsVolker Lendecke2016-02-111-371/+0
| | | | | | | | | These functions were meant as a standard interface before libwbclient was developed. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status