summaryrefslogtreecommitdiffstats
path: root/nsswitch
Commit message (Collapse)AuthorAgeFilesLines
* waf: fix the name of the WINBIND "nss" module on AIXBjörn Jacke2014-06-121-1/+1
| | | | | | | | | | | on AIX this is actually not called NSS and PAM, this is combined im LAM (loadable authentication module) Signed-off-by: Bjoern Jacke <bj@sernet.de> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Jun 12 13:32:28 CEST 2014 on sn-devel-104
* s3:lib/afs move afs_settoken.c to common lib dirChristian Ambach2014-06-041-0/+1
| | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Make test_wbinfo.sh work with s3-winbinddAndrew Bartlett2014-06-041-6/+5
| | | | | | Change-Id: I41ed850b6424eac3fb8b6603d5b87c66bb77dd51 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libwbclient-tests: No longer hardcoded password and test domainAndrew Bartlett2014-06-041-20/+23
| | | | | | | | | | | The password is made more complex, and the test domain is made to use the command line options. Andrew Bartlett Change-Id: Ia1ec24a9fc393e7f7b210f845bcf32dbc933d48f Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* selftest: Set winbind separator = /Andrew Bartlett2014-06-041-8/+8
| | | | | | | | | | This avoids a pile of shell-script escape pain, and fixes some tests. Andrew Bartlett Change-Id: Ie1d0e32ab484a5b0ddbc4073831fe6de27e38e92 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* nsswitch: Fix the check for the privileged pipe.Andreas Schneider2014-05-161-17/+19
| | | | | | | Change-Id: I8f23ecc8444c3b25d5be2a7fdbf51ba7fe4a5ed9 Signed-off-by: Andreas Schneider <asn@samba.org> Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wbclient: ensure response struct is initializedAlexander Bokovoy2014-05-081-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to asking for a winbindd private pipe we need to initialize response structure to deal with a possible response failure. winbind_open_pipe_sock() issues two winbindd requests: - asks for interface version - asks for a private pipe The first call returns interface version in a response structure (which is a union). The second call might fail -- in this case response structure will not be initialized or filled in with any information. As result, if the second call failed, response structure will have data from an interface string interpreted as a pointer to a string during SAFE_FREE() at the end of the winbind_open_pipe_sock(). To avoid that, ensure response struct is initialized before asking for a private pipe. https://bugzilla.samba.org/show_bug.cgi?id=10596 Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu May 8 04:24:53 CEST 2014 on sn-devel-104
* Remove special socket_wrapper code.Andreas Schneider2014-04-172-9/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Rename WINBINDD_SOCKET_DIR environment variable.Andreas Schneider2014-04-172-8/+1
| | | | | | | | It is very confusing if the env var uses the same name as the define in the source code. So prefix it with SELFTEST. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* wbclient: Check with nss_wrapper_enabled().Andreas Schneider2014-04-171-6/+6
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Remove special nss_wrapper codeAndreas Schneider2014-04-171-1/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libwbclient: Handle uid_wrapper for pipe access.Andreas Schneider2014-04-171-2/+33
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Remove uid_wrapper related code.Andreas Schneider2014-04-173-5/+0
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* selftest: Rename wbinfo_s3 to wbinfo_simple and reorder code for clarityAndrew Bartlett2014-04-021-0/+17
| | | | | | | | | Change-Id: Ic2e06e448fce1d91422b711abf663b9253009a53 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Apr 2 13:07:24 CEST 2014 on sn-devel-104
* nsswitch: Remove fallback setting of WINBINDD_SOCKET_DIRAndrew Bartlett2014-03-051-5/+9
| | | | | | | | | | | | | | This is the original cause of the wbc NT_STATUS_OBJECT_NAME_NOT_FOUND issues in recent git master, as the build was able to progress without the correct path being set as an override. Andrew Bartlett Change-Id: I1dbc7350695756356e869199b589eb781eb5c673 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Mar 5 18:34:48 CET 2014 on sn-devel-104
* nsswitch: Fix idmap rfc2307 test with system ldb.Andreas Schneider2014-02-211-2/+11
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* krb5_locator: Slightly simplify codeVolker Lendecke2014-02-201-2/+1
| | | | | | | This makes it a bit easier to read for me Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
* param: rename lp function and variable from 'lockdir' to 'lock_directory'Garming Sam2014-02-071-1/+1
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Revert "pam_winbind: fix segfault in pam_sm_authenticate()"Garming Sam2014-01-151-4/+3
| | | | | | | | | | | | | This reverts commit ec0f51b200d6e5b99bbd872e169621c17f33524c. A more generic fix is now in use. Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jan 15 01:37:38 CET 2014 on sn-devel-104
* pam_winbind: Do not honour require_membership_of in the acct module parametersGarming Sam2014-01-141-16/+41
| | | | | | | | This needs a password to work, and it confuses users for it to appear to be valid here. Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: David Disseldorp <ddiss@samba.org>
* pam_winbind: Fix segfault caused by invalid configuration optionsGarming Sam2014-01-141-3/+3
| | | | | | | | | | This is a better fix for 8564 and will allow ec0f51b200d6e5b99bbd872e169621c17f33524c to be reverted. BUG: https://bugzilla.samba.org/show_bug.cgi?id=8564 Pair-programmed-with: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: David Disseldorp <ddiss@samba.org>
* wbinfo: Fix a memory leak in wbinfo_ping_dc().Andreas Schneider2014-01-091-0/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2013-4408:s3:Ensure LookupSids replies arrays are range checked.Jeremy Allison2013-12-092-2/+19
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org>
* fail authentication for single group name which cannot be converted to sidNoel Power2013-11-291-0/+6
| | | | | | | | | | | | | | furthermore if more than one name is supplied and no sid is converted then also fail. Bug: https://bugzilla.samba.org/show_bug.cgi?id=8598 Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Nov 29 15:45:11 CET 2013 on sn-devel-104
* pam_winbind: Use strlcat in safe_append_stringVolker Lendecke2013-11-281-9/+3
| | | | | | | | | | We have that available via libreplace, so use it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Nov 28 14:33:32 CET 2013 on sn-devel-104
* handle later iniparser version assigning a zero length string value for 'key='Noel Power2013-11-201-4/+19
| | | | | | | | | | | | | | | | | | | | older iniparser versions ( like that used in upstream samba ) ignore 'key=' entries, the key is not entered into the dictionary at all. Later versions of iniparse specifically handle the following special cases * key= * key=; * key=# by assigning a value of "" ( a zero length string ) to the key in the dictionary. Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Nov 20 16:12:13 CET 2013 on sn-devel-104
* wbinfo: fix output of wbinfo --sid-to-name for sids of type DOMAINMichael Adam2013-11-131-2/+6
| | | | | | | to print only the domain name and not "DOMIN\<SID>". Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* wbinfo: fix output of "--lookup-sids" to use the configured winbind separatorMichael Adam2013-11-131-1/+2
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* wbinfo: fix ouptput of --lookup-sids for sids of type DOMAINMichael Adam2013-11-131-3/+9
| | | | | | | To print only the domain name and not "DOMIN\<SID>". Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* nsswitch: Fix short writes in winbind_write_sockVolker Lendecke2013-10-211-2/+2
| | | | | | | | | We set the socket to nonblocking and don't handle EAGAIN right. We do a poll anyway, so wait for writability, which should fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* waf: replace dependency to libintl with samba_intlChristian Ambach2013-08-121-1/+1
| | | | | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104
* wbclient: fix conversion logic in wbcSidToStringBufJeff Layton2013-07-311-14/+17
| | | | | | | | Might as well fix it to handle large authority values properly. Also correct some of the formatting. Signed-off-by: Jeff Layton <jlayton@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* wbclient: fix conversion logic in wbcStringToSidJeff Layton2013-07-311-17/+20
| | | | | Signed-off-by: Jeff Layton <jlayton@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch: Add OPT_KRB5CCNAME to avoid an error message.Andreas Schneider2013-07-261-2/+4
| | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=10048 Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Jul 26 17:40:26 CEST 2013 on sn-devel-104
* wbinfo: allow to define a custom krb5ccname for kerberized pam auth.Günther Deschner2013-07-231-2/+4
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nsswitch: Don't enumerate all domains with wbinfo -u|-g.Andreas Schneider2013-07-181-4/+18
| | | | | | | | | | | | | | | | | | By default wbinfo -u|-g should only enumerate the domain winbindd is joined to. The command can be harmfull if you have e.g. 30 domains and 700k users. Then the parent will collect all information and the oom-killer will kill winbind. As we still want to support it, you can enable it the old behaviour with wbinfo --domain='*' -u. This is a measure that sysadmins don't shoot themself. https://bugzilla.samba.org/show_bug.cgi?id=10034 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104
* Fix bug 10025 - Lack of Sanity Checking in calls to malloc()/calloc().Bill Parker2013-07-171-0/+4
| | | | | | | | | | | | | In reviewing various files in Samba-4.0.7, I found a number of instances where malloc()/calloc() were called without the checking the return value for a value of NULL, which would indicate failure. (NB. The changes needed to ccan, iniparser, popt and heimdal will be reported upstream, not patched inside Samba). Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Source <idra@samba.org>
* nsswitch: fix a commentChristian Ambach2013-06-251-1/+1
| | | | | | | the beginning if is only ifdef LINUX now, not the long list this comment refers to Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* nsswitch: Remove #if SAMBA_BUILD_ >= 4 now we only have the waf buildAndrew Bartlett2013-05-281-4/+0
| | | | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
* nsswitch: fix some typosChristian Ambach2013-05-171-2/+2
| | | | | | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104
* Bug 9807 - wbinfo: fix segfault in wbinfo_pam_logonDavid Disseldorp2013-04-171-4/+3
| | | | | | | | | | | wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always returns an allocated wbcAuthErrorInfo struct on failure. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
* BUG 9735: Fix winbind seperator in upn to username conversion.Andreas Schneider2013-03-221-1/+1
| | | | | | | Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 22 16:18:06 CET 2013 on sn-devel-104
* Add testcase for idmap_rfc2307 moduleChristof Schmitt2013-03-091-0/+94
| | | | | | | | | | | Create a new test environment with 'idmap config DOMAIN : backend = rfc2307'. A new test script adds LDAP records and queries them again for the mapped uid and gid. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
* Correct the name of the nss_winbind module for FreeBSD by creating a symlinkRichard Sharpe2013-03-081-1/+1
| | | | | | | | | | | from the FreeBSD required name to the built module. Signed-off-by: Timur Bakeyev <timur@FreeBSD.org> Reviewed-by: Andrew Bartlett <abartlett@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104
* wbinfo: Fix several memory leaks.Andreas Schneider2013-02-221-0/+8
| | | | Reviewed-by: Alexander Bokovoy <ab@samba.org>
* build: Remove includes.h dep in winbind client librariesAndrew Bartlett2013-02-221-1/+0
| | | | | | | | | | | | Our LGPL winbind client libs do not link against our server-side code, and should not use the server-side includes.h. This removes a build-time dep on talloc that was brought in via includes.h as this code also does not use talloc. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nsswitch: Fix two bitfield constants being the same.Ira Cooper2013-01-181-3/+1
| | | | | | | | | | | WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB are the same causing errors in NTLMv2 authentication. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104
* Sort winbind request flags. Ira saw we have a duplicate.Jeremy Allison2013-01-181-9/+9
| | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed by: Ira Cooper <ira@wakeful.net> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Add test for rfc2307 mapping handlingAndrew Bartlett2013-01-101-0/+181
| | | | Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libwbclient: Fix null check in process_domain_info_string().Andreas Schneider2012-12-211-5/+0
| | | | | | | Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>