summaryrefslogtreecommitdiffstats
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* libwbclient: Fix bug 8087 -- wbcChangeUserPasswordEx in RESPONSE mode does ↵Volker Lendecke2011-06-141-8/+8
| | | | | | | | | | | not work This is 03115efae89c8c4f51dea1ce82613817bd9fcf5b from master Actually copy something in wbcChangeUserPasswordEx The length argument for memcpy was initialized to 0 and not initialized (cherry picked from commit c707b1f3b199b8c785a79db308d80eee2926b060)
* s3: Fix bug 8099 - setpwent() actually does endpwent() on FreeBSDSergey Korsak2011-06-141-4/+4
| | | | (cherry picked from commit 2167ac2cd42c9ed5aaae0086dbd27e29d1d77686)
* nsswitch: fix a segfault in the krb5 locator pluginChristian Ambach2011-06-141-1/+1
| | | | | | | | after the number of retries was exceeded, the loop did not bail out correctly with an error and went on using a null pointer Fix bug #8008 (winbind krb5 locator crash). (cherry picked from commit f5eba15db82ed679d72dc8b13912d54919343314)
* Fix denial of service - memory corruption.Jeremy Allison2011-02-272-1/+15
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* libwbclient: Fix a fd-leak at dlclose-timeVolker Lendecke2010-09-271-0/+3
| | | | | | | | | | | | | | __attribute__((destructor)) makes winbind_close_sock() being called at dlclose() time. Found while testing apache on Linux with mod_auth_pam. Other platforms will have to find a different fix. One possibility would be to always close the socket after each operation, but this badly sucks performance-wise. Fix bug #7684 (fd leak in libwbclient.so). (cherry picked from commit f7e7fa50ec3aef60b72a34988825e314b7228c23)
* libwbclient: Re-Fix a bug that was fixed with e5741e27c4cVolker Lendecke2010-05-174-29/+56
| | | | | | | | | | | | | | | | | | | | > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out! Volker Fix bug #7357. (cherry picked from commit 5c5e646ab3546aae4660b6598a6c89c66c3b4687)
* s3: Fix bug 7202Volker Lendecke2010-03-291-0/+5
| | | | | | | | | Make sure _nss_wins_gethostbyname_r has a talloc stackframe available Thanks to Sergey Tereschenko <serg.partizan@gmail.com> for reporting the bug! Volker (cherry picked from commit 3c68414b2fe1e8db66469b4b6374b26b5fe9fbcb)
* s3: Fix malformed require_membership_of_sid.Bo Yang2010-02-101-0/+12
| | | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 913a9f4e420c7a4177e6a7874e8ec2703f447918) Fix bug #7106. (cherry picked from commit d8d96fa8f9500d34fab1c7ffdb287a055cc209bb)
* libwbclient: Actually implement wbcCredentialCache()Volker Lendecke2010-01-261-1/+129
| | | | (cherry picked from commit 7ab798d141bf715808fa0941f19422069e65fa0e)
* s3: Add the session key to the ccache_ntlm_auth responseVolker Lendecke2010-01-261-1/+3
| | | | (cherry picked from commit 99f6f322ae5aa13596c5b0f1a6e600b6fec48896)
* s3: Add wbinfo --ccache-saveVolker Lendecke2010-01-264-1/+82
| | | | | | With this command you can give winbind your password for later use by the automatic ntlm_auth (cherry picked from commit 1ae7b074113497342f0b85223df270bdee0b07a0)
* s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dcVolker Lendecke2009-12-234-1/+96
| | | | | | | This just does a NULL RPC call through an existing NETLOGON connection. If someone knows an operation that "just works" and does not return NOT_SUPPORTED, please tell me :-) (cherry picked from commit 6a2c2a762f288e394520f7752661ec67704db56f)
* s3: check for PAM_RADIO_TYPE.Bo Yang2009-12-141-3/+1
| | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit c7e3a2dc319cc6504356be7fa7970917404a69b5) (cherry picked from commit fa572721577732c1b5d1cd32de4479a34c895919)
* s3: Fix build on non-linux platform.Bo Yang2009-12-141-0/+8
| | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit b386c3311d8c05ccbd075ab86be2ddace335b73b) (cherry picked from commit 9a522cd96d66f6a6cf5f483fb8928982bbe95ea4)
* s3: Give the user a chance to change password when password will expire soon.Bo Yang2009-12-141-11/+109
| | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit f7723293a07d1b7a4f3476939590fa8db6080d06) (cherry picked from commit 7097f6101e52220f7ff0ef821efa5b1810b2604d)
* s3-kerberos: next step to resolve Bug #6929: build with recent heimdal.Günther Deschner2009-12-081-1/+5
| | | | | | | | | | Based on patch from Allan <allan@archlinux.org>. Also should fix the FreeBSD build on the buildfarm. Guenther (cherry picked from commit 5b3a32be97a37c119e837bdee8f049684565458c) (cherry picked from commit ec7929a8c783d85a4d30b41b1a9152586bdf2132)
* nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.Günther Deschner2009-11-261-0/+1
| | | | | | Guenther (cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d) (cherry picked from commit df71a31140d2a63eeb22d2dace45f6b73abde0be)
* pam_winbind: fix a printf type mismatch warningBjörn Jacke2009-11-261-2/+2
| | | | (cherry picked from commit 327e1377c96403e8a83b127470ae8464bf50347d)
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2009-11-261-3/+7
| | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit b9a3f1dd85d168c15df846dba525f4f882d1acf8) (cherry picked from commit b46f0a7bda7101517435ef612c68e81976d15102)
* wbinfo: use wbcLookupDomainControllerEx for wbinfo --dsgetdcname.Günther Deschner2009-11-261-25/+18
| | | | | | Guenther (cherry picked from commit 10bd52184959335d779aae52f9178c0441c70da9) (cherry picked from commit a63fb1555646dbfbcc993fc298aa4b51bee77eed)
* libwbclient: fix wbcLookupDomainController().Günther Deschner2009-11-261-2/+3
| | | | | | | | Found by WINBIND-WBCLIENT torture test. Guenther (cherry picked from commit 110a40d4bc043d2bb2316480e6ba66ece1bf04ad) (cherry picked from commit f5a5c2613bd7ff64cb86fdb9e508d243033a32c8)
* s4-smbtorture: test wbcLookupDomainController{Ex} in WINBIND-WBCLIENT.Günther Deschner2009-11-261-0/+37
| | | | | | Guenther (cherry picked from commit 71cfbf958cbb26dcc050bab9fd05b38556128d4f) (cherry picked from commit 95aab5556b1bd7eda726e908302fb51f49da3717)
* s3: Don't fail authentication when one or some group of ↵Bo Yang2009-11-261-2/+23
| | | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 31f1a36901b5b8959dc51401c09c114829b50392) (cherry picked from commit 5d62b2fcce7d846bf5adb4407c05d281afa6a9e9)
* nsswitch: increase libwbclient version after adding wbcChangeTrustCredentials().Günther Deschner2009-11-261-1/+2
| | | | | | Guenther (cherry picked from commit 20c07674f6c0b9423c13b9876dbe4d12f86e0d72) (cherry picked from commit f2b94302ba7b30703b2edbdb5272582cff03fff9)
* s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well.Günther Deschner2009-11-261-1/+4
| | | | | | Guenther (cherry picked from commit c2966a0766998b732c190860879c001d6140863e) (cherry picked from commit 227558fb3bbe037b812f5cf202701f9bf28af919)
* s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT.Günther Deschner2009-11-261-0/+34
| | | | | | Guenther (cherry picked from commit 246597cb0d8d62c702841dfbb3fa257fc2da70da) (cherry picked from commit 5e295ada507a50a135759d2c70cbb8195546d2b7)
* s4-smbtorture: add very basic libwbclient testsuite.Günther Deschner2009-11-261-0/+252
| | | | | | Guenther (cherry picked from commit 612deb2699c87fc05b98290e1791493603e7b686) (cherry picked from commit 27e64f5fe99ff49e2153c0046399d1c58cc36b56)
* Fix the build, missing ->.Jeremy Allison2009-11-261-2/+2
| | | | | Jeremy. (cherry picked from commit 9535d43484d299f716e8f58a2b511b7abf4332da)
* s3: Fix reference to freed memory in pam_winbind.Bo Yang2009-11-261-2/+3
| | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit a94f0a5d8b2fa10972aef379a7137817c2ec0deb)
* nsswitch: add wbinfo -c (change trust account passwords).Günther Deschner2009-11-261-0/+39
| | | | | | Guenther (cherry picked from commit 0a468fbe36e6049f8d7f971c1aa111e1573a406c) (cherry picked from commit e816b11d564df42a467c7c330f4b75db923d497e)
* libwbclient: add wbcChangeTrustCredentials.Günther Deschner2009-11-263-0/+50
| | | | | | Guenther (cherry picked from commit 74948c979ab19f20c7e5824aee50828e9bda0e35) (cherry picked from commit 507de11191b28b8d14eda43084621e731e7a82f7)
* s3: Fix a memleak reported by dmarkeyVolker Lendecke2009-11-261-0/+4
| | | | (cherry picked from commit 1f1c293d541fc2ab6dff5932ae1c9ffc1e8b58d3)
* Fix builds with external tallocSimo Sorce2009-11-261-2/+2
| | | | | | | Make sure we do not reference our internal talloc directly. Let configure define what talloc.h file to use so that builds that use an extrenal talloc do not include 2 different versions of the talloc header. (cherry picked from commit 030fbf28fc963065853c08015c34827656c29bfd)
* wbinfo: allow to check trusts via "wbinfo -t --domain DOMAINNAME".Günther Deschner2009-11-261-5/+13
| | | | | | Guenther (cherry picked from commit 7b3501200c55d7844c4d697456dbfa2b86cfdcc8) (cherry picked from commit 69ba747df1b861da70da6682e36b095ac565f83e)
* libwbclient: implement secure channel verification for specific domains in ↵Günther Deschner2009-11-262-12/+6
| | | | | | | | wbcCheckTrustCredentials(). Guenther (cherry picked from commit 2df47b0a54ad0a973b81911ee507ab50555b24a6) (cherry picked from commit 63acae34cfe65577437b75e668d22400eb47a88c)
* s3: Don't overwrite password in pam_winbind, subsequent pam modulesBo Yang2009-09-161-4/+0
| | | | | | might use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org>
* nss_winbind: remove unused variableBjörn Jacke2009-09-151-1/+0
|
* s4: Pass WINBINDD_SOCKET_DIR var in order to overide the location of the ↵Matthieu Patou2009-09-111-0/+2
| | | | Winbind socket
* wbinfo: fix various valgrind warnings and an invalid free.Günther Deschner2009-09-041-7/+1
| | | | | | Kai, please check. Guenther
* wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2Günther Deschner2009-09-011-4/+15
| | | | | | blobs in wbcAuthenticateUserEx(). Guenther
* s3:libwbclient: Fix bug 6349, initialize domain info structVolker Lendecke2009-08-301-0/+2
|
* wbinfo: Reduce test noise in the wbinfo blackbox testKai Blin2009-08-181-3/+7
| | | | | | | | | | | With the switch to libwbclient the previously stubbed out --trusted-domains and --all-domains calls now fail. Set them to knownfail. The previously knownfail -D test is now stubbed out, test it now. This does not fix the issues with wbinfo -a and wbinfo -K not working on the build farm. I have no idea whatsoever what is causing this, as those are broken on my local machine even without my changes.
* wbinfo: Use one codebase for Samba3 and Samba4.Kai Blin2009-08-183-1335/+8
| | | | There can be only one....wbinfo that is.
* s3 wbinfo: Only call afs_settoken_str if compiled with WITH_FAKE_KASERVERKai Blin2009-08-181-0/+8
|
* s3 wbinfo: use wbcSidTypeString instead of sid_type_lookupKai Blin2009-08-181-2/+2
|
* libwbclient: Add wbcSidTypeString function.Kai Blin2009-08-182-1/+28
|
* s3 wbinfo: Remove unused functions, use C99-typesKai Blin2009-08-181-6/+1
|
* s3 wbinfo: Explicitly include popt header, remove unused common options.Kai Blin2009-08-181-1/+5
|
* s3 wbinfo: Use talloc_strdup instead of SMB_STRDUPKai Blin2009-08-181-21/+23
|
* s3 wbinfo: Don't use global_myname()Kai Blin2009-08-181-2/+17
|
generated by cgit (git 2.34.1) at 2025-09-01 10:13:10 +0000