summaryrefslogtreecommitdiffstats
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* libwbclient: Fix bug 8087 -- wbcChangeUserPasswordEx in RESPONSE mode does ↵Volker Lendecke2011-05-231-8/+8
| | | | | | | | | | not work This is 03115efae89c8c4f51dea1ce82613817bd9fcf5b from master Actually copy something in wbcChangeUserPasswordEx The length argument for memcpy was initialized to 0 and not initialized
* s3: Fix bug 8099 - setpwent() actually does endpwent() on FreeBSDSergey Korsak2011-04-201-4/+4
|
* nsswitch: fix a segfault in the krb5 locator pluginChristian Ambach2011-03-171-1/+1
| | | | | | | after the number of retries was exceeded, the loop did not bail out correctly with an error and went on using a null pointer Fix bug #8008 (winbind krb5 locator crash).
* Fix denial of service - memory corruption.Jeremy Allison2011-02-282-1/+15
| | | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date. (cherry picked from commit c3ad6eb506623435d3d9ce62d6f34ed1c960d4be)
* libwbclient: Fix a fd-leak at dlclose-timeVolker Lendecke2010-09-211-0/+3
| | | | | | | | | | | | | __attribute__((destructor)) makes winbind_close_sock() being called at dlclose() time. Found while testing apache on Linux with mod_auth_pam. Other platforms will have to find a different fix. One possibility would be to always close the socket after each operation, but this badly sucks performance-wise. Fix bug #7684 (fd leak in libwbclient.so).
* libwbclient: Re-Fix a bug that was fixed with e5741e27c4cVolker Lendecke2010-04-134-29/+56
| | | | | | | | | | | | | | | | | | | > r21878: Fix a bug with smbd serving a windows terminal server: If winbind > decides smbd to be idle it might happen that smbd needs to do a winbind > operation (for example sid2name) as non-root. This then fails to get the > privileged pipe. When later on on the same connection another authentication > request comes in, we try to do the CRAP auth via the non-privileged pipe. > > This adds a winbindd_priv_request_response() request that kills the existing > winbind pipe connection if it's not privileged. The fix for this was lost during the conversion to libwbclient. Thanks to Ira Cooper <samba@ira.wakeful.net> for pointing this out! Volker Fix bug #7357.
* s3: Fix bug 7202Volker Lendecke2010-03-221-0/+5
| | | | | | | | Make sure _nss_wins_gethostbyname_r has a talloc stackframe available Thanks to Sergey Tereschenko <serg.partizan@gmail.com> for reporting the bug! Volker
* s3: Fix malformed require_membership_of_sid.Bo Yang2010-02-081-0/+12
| | | | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 913a9f4e420c7a4177e6a7874e8ec2703f447918) Fix bug #7106.
* libwbclient: Actually implement wbcCredentialCache()Volker Lendecke2010-01-261-1/+129
|
* s3: Add the session key to the ccache_ntlm_auth responseVolker Lendecke2010-01-261-1/+3
|
* s3: Add wbinfo --ccache-saveVolker Lendecke2010-01-264-1/+82
| | | | | With this command you can give winbind your password for later use by the automatic ntlm_auth
* s3:winbind: Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dcVolker Lendecke2009-12-214-1/+96
| | | | | | This just does a NULL RPC call through an existing NETLOGON connection. If someone knows an operation that "just works" and does not return NOT_SUPPORTED, please tell me :-)
* s3: check for PAM_RADIO_TYPE.Bo Yang2009-12-101-3/+1
| | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit c7e3a2dc319cc6504356be7fa7970917404a69b5)
* s3: Fix build on non-linux platform.Bo Yang2009-12-101-0/+8
| | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit b386c3311d8c05ccbd075ab86be2ddace335b73b)
* s3: Give the user a chance to change password when password will expire soon.Bo Yang2009-12-101-11/+109
| | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit f7723293a07d1b7a4f3476939590fa8db6080d06)
* s3-kerberos: next step to resolve Bug #6929: build with recent heimdal.Günther Deschner2009-11-261-1/+5
| | | | | | | | | Based on patch from Allan <allan@archlinux.org>. Also should fix the FreeBSD build on the buildfarm. Guenther (cherry picked from commit 5b3a32be97a37c119e837bdee8f049684565458c)
* nsswitch: fix compile of winbind_krb5_locator with recent Heimdal versions.Günther Deschner2009-11-251-0/+1
| | | | | Guenther (cherry picked from commit 51864219cc12ceb66c281355f3e1191d5e32842d)
* pam_winbind: fix a printf type mismatch warningBjörn Jacke2009-11-141-2/+2
|
* s3: Fix crash in pam_winbind, another reference to freed memory.Bo Yang2009-10-241-3/+7
| | | | | Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit b9a3f1dd85d168c15df846dba525f4f882d1acf8)
* wbinfo: use wbcLookupDomainControllerEx for wbinfo --dsgetdcname.Günther Deschner2009-10-201-25/+18
| | | | | Guenther (cherry picked from commit 10bd52184959335d779aae52f9178c0441c70da9)
* libwbclient: fix wbcLookupDomainController().Günther Deschner2009-10-201-2/+3
| | | | | | | Found by WINBIND-WBCLIENT torture test. Guenther (cherry picked from commit 110a40d4bc043d2bb2316480e6ba66ece1bf04ad)
* s4-smbtorture: test wbcLookupDomainController{Ex} in WINBIND-WBCLIENT.Günther Deschner2009-10-201-0/+37
| | | | | Guenther (cherry picked from commit 71cfbf958cbb26dcc050bab9fd05b38556128d4f)
* s3: Don't fail authentication when one or some group of ↵Bo Yang2009-10-201-2/+23
| | | | | | | require-membership-of is invalid. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 31f1a36901b5b8959dc51401c09c114829b50392)
* nsswitch: increase libwbclient version after adding wbcChangeTrustCredentials().Günther Deschner2009-10-161-1/+2
| | | | | Guenther (cherry picked from commit 20c07674f6c0b9423c13b9876dbe4d12f86e0d72)
* s4-smbtorture: test wbcLookupUserSids in WINBIND-WBCLIENT as well.Günther Deschner2009-10-161-1/+4
| | | | | Guenther (cherry picked from commit c2966a0766998b732c190860879c001d6140863e)
* s4-smbtorture: test wbcGuidToString and friends as well in WINBIND-WBCLIENT.Günther Deschner2009-10-161-0/+34
| | | | | Guenther (cherry picked from commit 246597cb0d8d62c702841dfbb3fa257fc2da70da)
* s4-smbtorture: add very basic libwbclient testsuite.Günther Deschner2009-10-161-0/+252
| | | | | Guenther (cherry picked from commit 612deb2699c87fc05b98290e1791493603e7b686)
* Fix the build, missing ->.Jeremy Allison2009-10-141-2/+2
| | | | Jeremy.
* s3: Fix reference to freed memory in pam_winbind.Bo Yang2009-10-141-2/+3
| | | | Signed-off-by: Bo Yang <boyang@samba.org>
* nsswitch: add wbinfo -c (change trust account passwords).Günther Deschner2009-10-131-0/+39
| | | | | Guenther (cherry picked from commit 0a468fbe36e6049f8d7f971c1aa111e1573a406c)
* libwbclient: add wbcChangeTrustCredentials.Günther Deschner2009-10-133-0/+50
| | | | | Guenther (cherry picked from commit 74948c979ab19f20c7e5824aee50828e9bda0e35)
* s3: Fix a memleak reported by dmarkeyVolker Lendecke2009-10-091-0/+4
|
* Fix builds with external tallocSimo Sorce2009-10-091-2/+2
| | | | | | Make sure we do not reference our internal talloc directly. Let configure define what talloc.h file to use so that builds that use an extrenal talloc do not include 2 different versions of the talloc header.
* wbinfo: allow to check trusts via "wbinfo -t --domain DOMAINNAME".Günther Deschner2009-10-091-5/+13
| | | | | Guenther (cherry picked from commit 7b3501200c55d7844c4d697456dbfa2b86cfdcc8)
* libwbclient: implement secure channel verification for specific domains in ↵Günther Deschner2009-10-092-12/+6
| | | | | | | wbcCheckTrustCredentials(). Guenther (cherry picked from commit 2df47b0a54ad0a973b81911ee507ab50555b24a6)
* s3: Don't overwrite password in pam_winbind, subsequent pam modulesBo Yang2009-09-161-4/+0
| | | | | | might use the old password and new password. Signed-off-by: Bo Yang <boyang@samba.org>
* nss_winbind: remove unused variableBjörn Jacke2009-09-151-1/+0
|
* s4: Pass WINBINDD_SOCKET_DIR var in order to overide the location of the ↵Matthieu Patou2009-09-111-0/+2
| | | | Winbind socket
* wbinfo: fix various valgrind warnings and an invalid free.Günther Deschner2009-09-041-7/+1
| | | | | | Kai, please check. Guenther
* wbclient: Fix Bug #6680: always activate handling of large (> 256 byte) ntlmv2Günther Deschner2009-09-011-4/+15
| | | | | | blobs in wbcAuthenticateUserEx(). Guenther
* s3:libwbclient: Fix bug 6349, initialize domain info structVolker Lendecke2009-08-301-0/+2
|
* wbinfo: Reduce test noise in the wbinfo blackbox testKai Blin2009-08-181-3/+7
| | | | | | | | | | | With the switch to libwbclient the previously stubbed out --trusted-domains and --all-domains calls now fail. Set them to knownfail. The previously knownfail -D test is now stubbed out, test it now. This does not fix the issues with wbinfo -a and wbinfo -K not working on the build farm. I have no idea whatsoever what is causing this, as those are broken on my local machine even without my changes.
* wbinfo: Use one codebase for Samba3 and Samba4.Kai Blin2009-08-183-1335/+8
| | | | There can be only one....wbinfo that is.
* s3 wbinfo: Only call afs_settoken_str if compiled with WITH_FAKE_KASERVERKai Blin2009-08-181-0/+8
|
* s3 wbinfo: use wbcSidTypeString instead of sid_type_lookupKai Blin2009-08-181-2/+2
|
* libwbclient: Add wbcSidTypeString function.Kai Blin2009-08-182-1/+28
|
* s3 wbinfo: Remove unused functions, use C99-typesKai Blin2009-08-181-6/+1
|
* s3 wbinfo: Explicitly include popt header, remove unused common options.Kai Blin2009-08-181-1/+5
|
* s3 wbinfo: Use talloc_strdup instead of SMB_STRDUPKai Blin2009-08-181-21/+23
|
* s3 wbinfo: Don't use global_myname()Kai Blin2009-08-181-2/+17
|
generated by cgit (git 2.34.1) at 2025-08-28 22:11:08 +0000