summaryrefslogtreecommitdiff
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* libwbclient: Fix CID 1414781 Dereference null return valueVolker Lendecke2017-07-121-1/+1
| | | | | | | | | | Basically a cut&paste error from somewhere else Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jul 12 22:12:22 CEST 2017 on sn-devel-144
* selftest: add some basic tests for idmap_adRalph Boehme2017-07-121-0/+99
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Prime the netlogon cache during test_idmap_rfc2307Andrew Bartlett2017-07-021-0/+6
| | | | | | | | | | | | | | | This ensures that the group memberships just created are reflected in the test comparison. Otherwise we are trusting that no caches are primed, which is simply not safe in a test. (The login will put a list of groups, as obtained by the login over NETLOGON or via the PAC, into the samlogon cache). Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sun Jul 2 21:59:18 CEST 2017 on sn-devel-144
* selftest: Use tree_delete control in idmap_rfc2307 testAndrew Bartlett2017-07-021-12/+2
| | | | | | | | This control removes an entire subtree, which was the intention of the previouse code but much more effectively. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-infoAndreas Schneider2017-06-291-0/+6
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jun 29 02:33:48 CEST 2017 on sn-devel-144
* s4: popt: Global replace of cmdline_credentials -> ↵Jeremy Allison2017-05-111-20/+40
| | | | | | | | | | | popt_get_cmdline_credentials(). Add one use of popt_set_cmdline_credentials(). Fix 80 column limits when cmdline_credentials changes to popt_get_cmdline_credentials(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* idmap_rfc2307: Test unix-ids-to-sids with 35 groupsVolker Lendecke2017-05-081-0/+14
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* test_idmap_rfc2307: Test wbinfo -r for 35 supplementary group membershipsVolker Lendecke2017-05-081-6/+60
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* test_idmap_rfc2307: Do a recursive delete in ou=idmapVolker Lendecke2017-05-081-8/+15
| | | | | | | | | We'll create more posix objects soon BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* test_idmap_rfc2307: Correct usageVolker Lendecke2017-05-081-1/+1
| | | | | | | | | We already have 13 args at this point, and growing BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* test_idmap_rfc2307: Avoid a tmpfileVolker Lendecke2017-05-081-17/+10
| | | | | | | | | We can << directly into ldbadd BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* test_idmap_rfc2307: Remove the correct fileVolker Lendecke2017-05-081-1/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* s4: torture: Add TALLOC_CTX * to torture_winbind_init().Jeremy Allison2017-05-051-2/+2
| | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org>
* selftest: tests idmap mapping with idmap_ridRalph Boehme2017-04-071-0/+66
| | | | | | | | | | | | | | | | This adds two blackbox tests that run wbinfo --sids-to-unix-ids: o a non-existing SID from the primary domain should return a mapping o a SID with a bogus (and therefor unknown) domain must not return a mapping Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Apr 7 00:05:02 CEST 2017 on sn-devel-144
* selftest: fix for wbinfo -s tests for wellknown SIDsRalph Boehme2017-04-061-4/+9
| | | | | | | | | | | Rework while loop to not use a pipe as that uses a subshell for the loop which means assigning to the variable failed is not visible in the main script. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticatingStefan Metzmacher2017-04-061-46/+12
| | | | | | | | | | | | | | | The expiry time for the specific user comes from info->pass_must_change_time and nothing else. The authenticating DC knows which password policy applies to the user, that's nothing the client can do, as domain trusts and fine-grained password policies makes this a very complex task. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* selftest: fix SID composition in a test scriptRalph Boehme2017-04-051-1/+1
| | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Apr 5 17:59:32 CEST 2017 on sn-devel-144
* selftest: wbinfo -s tests for wellknown SIDsRalph Boehme2017-04-011-0/+20
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* selftest: Define template homedir for 'ad_member' envAndreas Schneider2017-03-301-6/+11
| | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699 With this set, the samba3.local.nss test for ad_member will ensure that we correctly substitute those smb.conf options. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 30 04:26:18 CEST 2017 on sn-devel-144
* wbinfo: Prevent client segfault with given EOFGarming Sam2017-03-271-1/+2
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wbinfo: Add "authoritative" to wbinfo -a outputVolker Lendecke2017-03-241-1/+3
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=2976 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libwbclient: add WBC_SID_NAME_LABELStefan Metzmacher2017-03-233-1/+6
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Mar 23 12:55:26 CET 2017 on sn-devel-144
* nsswtich: Add negative tests for authentication with wbinfoAndreas Schneider2017-03-221-0/+4
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12708 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org> Autobuild-User(master): Uri Simchoni <uri@samba.org> Autobuild-Date(master): Wed Mar 22 10:58:58 CET 2017 on sn-devel-144
* libwbclient: Add "authoritative" to wbcAuthErrorInfoVolker Lendecke2017-03-074-2/+137
| | | | | | | smbd needs to react to "authoritative" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* winbind: Add "authoritative" to winbindd_responseVolker Lendecke2017-03-071-2/+4
| | | | | | | | This is a relevant piece of info in the samlogon response, smbd and netlogond need to be able to react to it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* pam_winbind: Return if we do not have a domainAndreas Schneider2017-02-231-3/+7
| | | | | | | | | Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Correct "Controler" typos.Chris Lamb2017-02-221-1/+1
| | | | | | Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* nsswitch: remove unused TALLOC_* defines in pam_winbind.hStefan Metzmacher2017-01-111-6/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* pam_winbind: Fix compiler warningsBjörn Jacke2016-12-161-4/+7
| | | | | | | | | | | | Thanks to Stef Walter <stefw@gnome.org> BUG: http://bugzilla.samba.org/show_bug.cgi?id=8888 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Fri Dec 16 16:22:32 CET 2016 on sn-devel-144
* pam: strip trailing whitespaces in pam_winbind.cBjörn Jacke2016-12-131-5/+5
| | | | | | | | Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Karolin Seeger <ks@sernet.de> Autobuild-User(master): Björn Jacke <bj@sernet.de> Autobuild-Date(master): Tue Dec 13 18:01:21 CET 2016 on sn-devel-144
* pam: map more NT password errors to PAM errorsBjörn Jacke2016-12-131-0/+5
| | | | | | | | | | | | | | | | NT_STATUS_ACCOUNT_DISABLED, NT_STATUS_PASSWORD_RESTRICTION, NT_STATUS_PWD_HISTORY_CONFLICT, NT_STATUS_PWD_TOO_RECENT, NT_STATUS_PWD_TOO_SHORT now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is the closest match. BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210 Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed by: Jeremy Allison <jra@samba.org>
* nss_wins: Fix errno values for HOST_NOT_FOUNDAndreas Schneider2016-11-161-2/+1
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 16 04:10:55 CET 2016 on sn-devel-144
* wbinfo: Use ntlmv2 by default for wbinfo -aVolker Lendecke2016-11-151-3/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch: Use own credential cache for wbinfo testsAndreas Schneider2016-09-252-2/+18
| | | | | | | | If we do not set it will add the credentials to the system default credential cache, which is e.g. FILE:/tmp/krb5cc_1000. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Also set h_errnop for nss_wins functionsAndreas Schneider2016-09-201-0/+9
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Tue Sep 20 20:16:43 CEST 2016 on sn-devel-144
* waf: Explicitly link against libnss_wins.soAndreas Schneider2016-09-201-1/+1
| | | | | | | | | | | | | | If we do not specify replace as a depencency here, it will not link to libreplace using an rpath. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12277 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org> Autobuild-User(master): Jim McDonough <jmcd@samba.org> Autobuild-Date(master): Tue Sep 20 08:00:08 CEST 2016 on sn-devel-144
* nsswitch: Add missing arguments to wins gethostbyname*Andreas Schneider2016-09-201-10/+41
| | | | | | | | | | The errno pointer argument is missing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Jim McDonough <jmcd@samba.org>
* selftest: test idmap backend id allocation for unknown SIDSRalph Boehme2016-06-281-0/+41
| | | | | | | | | | | | If an SID is is not found becaues the RID doesn't exist in a domain and the domain is configured to use a non-allocating idmap backend like idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the SID. Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Fix memory leak in test_wbc_trusts()Andreas Schneider2016-06-241-10/+25
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_groups()Andreas Schneider2016-06-241-18/+55
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_users()Andreas Schneider2016-06-241-30/+77
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_domain_info()Andreas Schneider2016-06-241-11/+21
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_pingdc2()Andreas Schneider2016-06-241-19/+39
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_get_sidaliases()Andreas Schneider2016-06-241-17/+25
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix memory leak in test_wbc_pingdc()Andreas Schneider2016-06-241-12/+22
| | | | | | | Found by cppcheck. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nsswitch: Fix wbclient torture_assert_wbc_ok_goto_fail macroAndreas Schneider2016-06-241-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* nss_wins: Fix the hostent setupTom Mortensen2016-04-221-3/+3
| | | | | | | | This can never have been tested.... Signed-off-by: Tom Mortensen <tomm@lime-technology.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nss_wins: ip_pton expects the raw IP addressTom Mortensen2016-04-221-1/+6
| | | | | | Signed-off-by: Tom Mortensen <tomm@lime-technology.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2016-2110: winbindd: add new_spnego to the WINBINDD_CCACHE_NTLMAUTH responseStefan Metzmacher2016-04-122-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | We don't need to change the protocol version because: 1. An old client may provide the "initial_blob" (which was and is still ignored when going via the wbcCredentialCache() function) and the new winbindd won't use new_spnego. 2. A new client will just get a zero byte from an old winbindd. As it uses talloc_zero() to create struct winbindd_response. 3. Changing the version number would introduce problems with backports to older Samba versions. New clients which are capable of using the new_spnego field will use "negotiate_blob" instead of "initial_blob". BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* pam_winbind: Avoid a use of sprintfVolker Lendecke2016-03-311-3/+3
| | | | | | | | pam_winbind depends on talloc, which depends on libreplace, so we have asprintf available. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status