summaryrefslogtreecommitdiffstats
path: root/source/winbindd
Commit message (Collapse)AuthorAgeFilesLines
* Fix denial of service - memory corruption.Karolin Seeger2011-02-272-1/+18
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* s3:winbind: Fix bug 5626Volker Lendecke2010-02-243-29/+23
| | | | | Apparently the AIX compiler can't deal with sizeless array declarations (cherry picked from commit dd4194bc43cc5efd7517783e5e524d252d1f82c7)
* s3:winbindd: never mark external domains as internal!Stefan Metzmacher2010-02-241-4/+1
| | | | | | | | | | | This way we can endup with silently using builtin_passdb_methods for an ad domain without an inbound trust. This fixes bug #7170. metze (cherry picked from commit f924b7749280b31ece19885de1c3ad1bd71942ac) (cherry picked from commit 40f359476d7ec3aec252f79bd2127dd08b305a9f)
* Prevent NULL dereference if group has no membersJim McDonough2010-01-131-4/+4
| | | | | Fix bug #7014 (domain mode winbind crashes retriveing empty group members). (cherry picked from commit 5fd32614f147a045aaee30ed9cf62e42ac6e30d8)
* s3-kerberos: only use krb5 headers where required.Günther Deschner2010-01-132-0/+4
| | | | | | | | This seems to be the only way to deal with mixed heimdal/MIT setups during merged build. Guenther (cherry picked from commit 60262369fc2ae19f6d9263e35b5db9b09b603a1b)
* s3:idmap_ldap: trim the " chars from the location string in idmap_ldap_db_initMichael Adam2010-01-131-0/+2
| | | | | | | | | | | | | Fix bug #6910 (idmap_ldap stumbles over idmap backend = ldap:"ldap://ldap1 ldap://ldap2"=. When idmap backend is specified as idmap backend = ldap:"ldap://server1 ldap://server2" then currently "ldap://server1 ldap://server2" was passed to ldap_initialize including the quotes, leading to an ldap error. Michael (cherry picked from commit 67f1d0ac6edecec4efb100ae61bc23bd321f518f)
* s3:winbind: Fix bug 6793 -- segfault in winbindd_pam_authVolker Lendecke2010-01-131-7/+8
| | | | (cherry picked from commit 96b600d429561f3ea155ffcb51a87c0d74151f52)
* s3:winbind: Only ever handle one event after a select callVolker Lendecke2009-10-081-2/+6
| | | | | | | | While handling an fd event, the situation with other fds can change. I've just seen a winbind stuck in the accept() call on the privileged pipe. I can only imagine this happen because under high load we first handled other requests and meanwhile the client on the privileged pipe went away. (cherry picked from commit a4df4406f12281db60fd6612c6ebf93d77af9152)
* s3:winbindd_cm: don't invalidate the whole connection when just samr gave ↵Stefan Metzmacher2009-10-081-1/+12
| | | | | | | ACCCESS_DENIED metze (cherry picked from commit c6d485583aba69b38b2972224e27edb60c3bf09a)
* s3:winbind: Fix an uninitialized variable (cherry picked from commit ↵Volker Lendecke2009-10-081-1/+1
| | | | | | 0724649a8a7c04d015317d9dc2ae43ee87c1bd25) (cherry picked from commit b50ae28be07b93eef04e6e4b9eeb9fc440e21bd4)
* s3-winbindd: Fix Bug #6711: trusts to windows 2008 (2008 r2) not working.Günther Deschner2009-10-083-5/+63
| | | | | | | | | | | | | Winbindd should always try to use LSA via an schannel authenticated ncacn_ip_tcp connection when talking to AD for LSA lookup calls. In Samba <-> W2k8 interdomain trust scenarios, LookupSids3 and LookupNames4 via an schannel ncacn_ip_tcp LSA connection are the *only* options to successfully resolve sids and names. Guenther (cherry picked from commit 6a8ef6c424c52be861ed2a9806f917a64ec892a6) (cherry picked from commit acc5e6012adca290ddc067a4ed25a8161b74250e)
* s3-winbindd: add cm_connect_lsa_tcp().Günther Deschner2009-10-083-0/+63
| | | | | | Guenther (cherry picked from commit 58f2deb94024f002e3c3df47f45454edc97f47e1) (cherry picked from commit 7e4e12f120c666f31af042ab59fd9478017740ea)
* s3-winbindd: add and use winbindd_lookup_names().Günther Deschner2009-10-082-20/+47
| | | | | | Guenther (cherry picked from commit 99c3fc19587431efda1ae6161453d84673b32071) (cherry picked from commit afbe7c3605edcb8f7dfc64399681f23fa947fe57)
* s3-winbindd: add and use winbindd_lookup_sids().Günther Deschner2009-10-083-96/+78
| | | | | | Guenther (cherry picked from commit f0b52b8c3133e3696db361d9d0e7d1fff0fab991) (cherry picked from commit 5c2c17ffd62010f4590502f40aee9e40997a647a)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_schannel().Günther Deschner2009-10-081-3/+4
| | | | | | Guenther (cherry picked from commit bea8e5fa6038d5abd2ec1e12f9005c4a04abb79f) (cherry picked from commit 864c0b58aec55e37cf304b28c762a5259fc0ec67)
* s3-rpc_client: add dcerpc_transport_t to cli_rpc_pipe_open_spnego_ntlmssp ↵Günther Deschner2009-10-081-1/+2
| | | | | | | and cli_rpc_pipe_open_ntlmssp. Guenther (cherry picked from commit 41158d10cdad5b923d0bfa608f73c0daf8ccd352)
* s3-winbindd: Fix Bug #6700: Use dns domain name when needing to guess server ↵Günther Deschner2009-10-071-1/+1
| | | | | | | | | | | principal. Patch from Robert LeBlanc <robert@leblancnet.us>. Thanks! Guenther (cherry picked from commit cd920dcff320a097bcc46a9468a78cedca6fb2be)
* s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.Stefan Metzmacher2009-10-072-1/+57
| | | | | | | | metze (cherry picked from commit 1e1445bc7672b17a1d689fa0f0732b05b6e04da5) Fixes bug #6627. (cherry picked from commit 8d57806544dade748aaac9cc493deb75d4e95735)
* handling upnBo Yang2009-07-272-1/+7
| | | | | | | | | | lookupname failed, cannot find domain when attempt to change password. This addresses bug #6560. Signed-off-by: Bo Yang <boyang@samba.org> (cherry picked from commit 830c4da460bcad919421acf9d537cf577b231de7)
* s3:idmap_tdb: filter out of range mappings in default idmap configMichael Adam2009-06-101-16/+57
| | | | | | | | This fixes bug #6415 Michael (cherry picked from commit 3d3f39838261ddc401053dadcc5bd8e6317a3a8e) (cherry picked from commit 307c73ce8bc29803230c22e3f8abd579c5d90ba2)
* s3:idmap_ldap: filter out of range mappings in default idmap configMichael Adam2009-06-101-16/+55
| | | | | | | | This fixes bug #6417 Michael (cherry picked from commit e381c13b023f2b512b3f6aec133db9f323bc8132) (cherry picked from commit 06cab60eb0ba966174f493fcbe25bede0c5d2125)
* s3:idmap_tdb2: filter out of range mappings in default idmap configMichael Adam2009-06-101-12/+49
| | | | | | | | This fixes bug #6416 Michael (cherry picked from commit e12670a1053edf57af137026bd3fdb9fc7dfb0b2) (cherry picked from commit a74cb0ca04d61df6f01f3d737e52a8b7349d5a73)
* Fix a race condition in winbind leading to a panicVolker Lendecke2009-06-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | In winbind, we do multiple events in one select round. This needs fixing, but as long as we're still using it, for efficiency reasons we need to do that. What can happen is the following: We have outgoing data pending for a client, thus state->fd_event.flags == EVENT_FD_WRITE Now a new client comes in, we go through the list of clients to find an idle one. The detection for idle clients in remove_idle_client does not take the pending data into account. We close the socket that has pending outgoing data, the accept(2) one syscall later gives us the same socket. In new_connection(), we do a setup_async_read, setting up a read fde. The select from before however had found the socket (that we had already closed!!) to be writable. In rw_callback we only want to see a readable flag, and we panic in the SMB_ASSERT(flags == EVENT_FD_READ). Found using bin/smbtorture //127.0.0.1/tmp -U% -N 500 -o 2 local-wbclient Volker (commit 68c5c6df in master) (cherry picked from commit c9df9c68da21610d9c32a57e24f45d36ebe432c5)
* s3-idmap: Fix bug #6286: Call init function for builtin idmap modules before ↵Günther Deschner2009-04-281-0/+2
| | | | | | | | | | probing for them as shared modules. idmap-gurus of the world, please check. Guenther (cherry picked from commit 67588ca80d654183b8b7b062b9660a506a825f94) (cherry picked from commit a552aa1c3f67b76692e26a5560640dcfae0831b6)
* =?utf-8?q?=D1=953/winbind=5Fpam:=20fix=20gcc=204.4=20compile=20warningBjörn Jacke2009-03-271-1/+1
| | | | | | | | =20(cherry=20picked=20from=20commit=20f4aec7b5907065a2f48d1b19065c6673aff6a190)?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit (cherry picked from commit 86abc613f119e7685f0664033317b5d191cc88e8)
* Fix #6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped membersVolker Lendecke2009-03-271-7/+8
| | | | | Thanks to François Legal <devel@thom.fr.eu.org> for reporting this bug (cherry picked from commit db811fbc3570f55b170567dbfd8882d270c10d83)
* Fix a valgrind errorVolker Lendecke2009-03-271-1/+1
| | | | | Found in "make test" -- if we can't connect at all, "cli" is uninitialized (cherry picked from commit c863f8c767c9112a31da7b9f8a84c6c07bfb9d37)
* Fix #6167: winbindd -n should disable the winbind idmap cacheVolker Lendecke2009-03-121-20/+50
| | | | (cherry picked from commit 1bdd91cfab96a478de39bd44c8c3362eedef7f36)
* Make opt_nocache static to winbindd.cVolker Lendecke2009-03-124-7/+17
| | | | (cherry picked from commit 9ad5e570625acc76fad7f5cb8134461662ba857a)
* More fix to initialize idmap statusesBo Yang2009-03-067-0/+70
| | | | (cherry picked from commit 3480224cef289ef0915787d735cd79adad4815fe)
* Initialize the id_map status in idmap_ldap to avoid surpriseBo Yang2009-03-061-0/+8
| | | | (cherry picked from commit 13a13122f40221edd76aeaaff47c8964a692301a)
* More warning fixes for Solaris.Jeremy Allison2009-02-243-11/+11
| | | | | Jeremy. (cherry picked from commit aea38950ff4865f1d791cd19619fadcd59eaf480)
* Revert "s3:winbindd_user: create domain connection in winbindd_fill_pwent if ↵Michael Adam2009-02-161-1/+1
| | | | | | | | | | | | | | | necessary." This reverts commit 3981603761a1cc6fb74ff135fadf4ab3340be1c5. I was confused about the real meaning of find_domain_from_name_noinit() vs. find_domain_from_name(). We don't need the connection established here, just the domain struct which gets initialized by rescan_trusted_domains(). Sorry for the noise. Michael (cherry picked from commit c8e295a1b5216c1190ec5d555606b3eadabab82a)
* s3:winbindd_user: create domain connection in winbindd_fill_pwent if necessary.Michael Adam2009-02-161-1/+1
| | | | | | | | | | Calling find_domain_from_name_noinit() might not be enough here. This makes winbindd_getpwent() behave the same as winbindd_getgrent(). Michael Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit 3981603761a1cc6fb74ff135fadf4ab3340be1c5)
* s3:winbindd_user: fix a debug message.Michael Adam2009-02-161-2/+2
| | | | | | | | | | find_domain_from_name_noinit() is no longer called only for name alias support. Michael Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit ca6e3ee1e52b16e88f3906dc4cf64e977e165663)
* Fix coverity ID 876 (FORWARD_NULL)Volker Lendecke2009-02-161-0/+1
| | | | | | | Michael, please check! Signed-off-by: Michael Adam <obnox@samba.org> (cherry picked from commit bd0febbd1b390b2890df13fbfed5bf26dede658f)
* s3 build: Fix "assignment discards qualifiers from pointer target type" warningsTim Prouty2009-02-162-13/+6
| | | | (cherry picked from commit 1aa6c76dd003b0c625c6910bb78798a7d98c5a8c)
* s3:winbind_group: fix "getent group" to allocate new gids.Michael Adam2009-02-161-2/+8
| | | | | | | | | | | | | | | | | | | "getent group" used to fill the idmap cache with negative cache entries for unmapped group sids. Don't pass domain name unconditionally to idmap_sid_to_gid(). idmap_sid_to_gid() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_gid() functions here, in the main winbindd. The correct fix would be to send a sid_to_gid request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael (cherry picked from commit 8c64302915bde8a5400b575389b12e0eaf2cf140)
* s3:winbind_user: fix "getent passwd" to allocate new uids.Michael Adam2009-02-161-2/+7
| | | | | | | | | | | | | | | | | | | "getent passwd" used to fill the idmap cache with negative cache entries for unmapped user sids. Don't pass domain name unconditionally to idmap_sid_to_[ug]id(). idmap_sid_to_[ug]id() only creates new mappings (allocating idmap backends tdb, tdb2, ldap...) when the domain name passed in is "". Note that it is _wrong_ to directly call the idmap_sid_to_[ug]id() functions here, in the main winbindd. The correct fix would be to send a sid_to_[ug]id request to winbindd itself, but this needs more work to prepare the async mechanisms, and we nee a quick fix for getent passwd now. Michael (cherry picked from commit 877808450bb108ed306ef77db97a3acc7297e579)
* s3:winbind_user: move initialization of domain up in winbindd_fill_pwent()Michael Adam2009-02-161-11/+9
| | | | | | | and streamline logic some Michael (cherry picked from commit f2acdca4ded8646752d154d55a0ade405f159e17)
* Memory leaks and other fixes found by Coveritytodd stecher2009-01-234-6/+32
| | | | (cherry picked from commit ba576efa8f884f3dd37bb5035fbb47ae0305c0b0)
* Fix bug in get_dc_name_via_netlogon(), null pointer refrence.Bo Yang2009-01-201-1/+1
| | | | (cherry picked from commit 43d6aabfa58cda95f362e86c324c7f2ae21aec53)
* Don't send message to any other child in child process.Bo Yang2009-01-201-1/+33
| | | | (cherry picked from commit d521529b3fcbcd7b183eb466bc06497998fd7e28)
* From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison2009-01-202-5/+5
| | | | | Jeremy. (cherry picked from commit c2515026807e08c7836ef1bd6220bd7eab3a1a5b)
* Don't set child->requests to NULL in parent after forkBo Yang2009-01-121-1/+0
| | | | (cherry picked from commit e4505156522560fb0c7ee3aadd75d4fc9d446609)
* refresh sequence number as soon as possible when domain->sequence_number == ↵boyang2009-01-081-3/+8
| | | | | | -1 or domain->last_status is not ok. (cherry picked from commit 0e058da2ee3f70e66cdf5d27f7deb479fb4ccae0)
* Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison2009-01-084-31/+37
| | | | | Jeremy. (cherry picked from commit 77a4a3976af353f517b5193bae9cfbe0f3ad6f4c)
* Add winbindd_reinit_after_fork(), cleaning out all possible eventsJeremy Allison2009-01-081-52/+76
| | | | | | in a forked child. Jeremy. (cherry picked from commit e7433112f4f05aeaf9a3c03ec58962c4d9e16c7d)
* Factor out lots of common code into a function.Jeremy Allison2009-01-081-37/+27
| | | | | Jeremy. (cherry picked from commit 995fb1dc9c0aaa909dc5928bdffa756ea9402f2d)
* s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher2009-01-083-27/+8
| | | | | metze (cherry picked from commit a632a1bcd694cff03de3456dac582800e94c451e)
generated by cgit (git 2.34.1) at 2025-08-28 23:47:06 +0000