1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

645 Commits

Author SHA1 Message Date
Mathieu Parent
ad5debcbe5 nsswitch: Add try_authtok option to pam_winbind
Same as the use_authtok option, except that if the new password is not
valid, PAM will prompt for a password.

Bug-Debian: https://bugs.debian.org/858923
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/570944

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2018-10-02 14:12:13 +02:00
Alexander Bokovoy
d00ba40031 nsswitch/libwbclient/wscript: import from waflib
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:25 +02:00
Alexander Bokovoy
8a7411633e nsswitch/wscript_build: update to handle waf 2.0.4
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-09-05 06:37:23 +02:00
Andreas Schneider
e6689c3e14 wbinfo: Free memory when we leave wbinfo_dsgetdcname()
Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13567

Pair-Programmed-With: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-08-11 01:49:16 +02:00
Volker Lendecke
da179b1e4c nsswitch: Correct users of "ctx->is_privileged"
winbindd_context->is_privileged is a bool

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-07-24 20:36:50 +02:00
Volker Lendecke
d4c6b00922 nsswitch: Make two functions static
nss_irix was the only external user

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-07-24 20:36:50 +02:00
Volker Lendecke
3c9b88ba1c nsswitch: Remove IRIX support
According to wikipedia, IRIX has seen the last patch update in August 2006. As
of now, www.sgi.com is unreachable. Probably this code has not been built in
years. If someone wants to revive it, it can be found in the git history.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2018-07-24 20:36:50 +02:00
Andreas Schneider
e8b7aecf46 winbind_krb5_localauth: Fix a compiler warning
This can't used uninitialized but some compiler complains about it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Jul  7 16:24:30 CEST 2018 on sn-devel-144
2018-07-07 16:24:30 +02:00
Andreas Schneider
77be96379b nsswitch: Use a swtich in the wbinfo test to lookup users
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul  6 17:14:44 CEST 2018 on sn-devel-144
2018-07-06 17:14:44 +02:00
Andreas Schneider
8e96e9ea46 nsswitch: Add tests to lookup user via getpwnam
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13503

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-07-04 21:07:10 +02:00
Andreas Schneider
4a7e0f259b krb5_plugin: Move krb5 locator plugin to krb5_plugin subdir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-06-27 16:00:19 +02:00
Andreas Schneider
eba2eb8a15 krb5_plugin: Install plugins to krb5 modules dir
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13489

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2018-06-27 16:00:19 +02:00
Andreas Schneider
5e89a23ffa krb5_plugin: Add winbind localauth plugin for MIT Kerberos
Applications (like OpenSSH) don't know about users and and
their relationship to Kerberos principals. This plugin allows that
Kerberos principals can be validated against local user accounts.

Administrator@WURST.WORLD -> WURST\Administrator

https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13480

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 21 15:52:02 CEST 2018 on sn-devel-144
2018-06-21 15:52:02 +02:00
Mathieu Parent
f5b908d818 Fix spelling s/formated/formatted/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:26 +02:00
Andreas Schneider
2715f52f54 nsswitch:tests: Add test for wbinfo --user-info
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Andreas Schneider
4fa811ec7b nsswitch: Lookup the domain in tests with the wb seperator
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Andreas Schneider
0aceca6a94 nsswitch: Add a test looking up domain sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Andreas Schneider
0d2f743d82 nsswitch: Add a test looking up the user using the upn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Volker Lendecke
fdf0b2a784 nsswitch: Only connect to the priv socket if required
This should speed up calls like "wbinfo -p"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-04-24 14:32:10 +02:00
Stefan Metzmacher
ffe970007b nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-04-24 14:32:10 +02:00
Christof Schmitt
552a00ec1f Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Christof Schmitt
f4db4e86c3 nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format.  The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Christof Schmitt
3c146be404 nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format.  The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Stefan Metzmacher
dc160247d1 nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2018-04-03 16:41:09 +02:00
Stefan Metzmacher
d5be3b3279 nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2018-04-03 16:41:09 +02:00
Stefan Metzmacher
b8c30abb02 nsswitch: maintain prototypes for the linux based functions only once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2018-04-03 16:41:09 +02:00
Andreas Schneider
03617480d1 wbinfo: Improve the wording for --online-status
Currently it displays if a domain is online or offline which is wrong.
It tells us if we maintain an active connection to the domain or not.

Users are confused if they read offline because the think winbind is not
functional with that domain.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 16 14:46:43 CET 2018 on sn-devel-144
2018-03-16 14:46:43 +01:00
Ralph Boehme
f59f6cefa1 nsswitch: fix wbinfo -m --verbose trust type "Local"
Remove wrong "Local" strcmp(), there's another one, the correct one, a few lines
below. Since commit 95e3307917
WBC_DOMINFO_TRUSTTYPE_NONE, which corresponded to the string "None" in the
winbindd response, is not used anymore.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13313

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar  2 05:49:18 CET 2018 on sn-devel-144
2018-03-02 05:49:18 +01:00
Andreas Schneider
00defe7100 nsswitch: Add FALL_THROUGH statements in pam_winbind.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:43 +01:00
Stefan Metzmacher
da784305e7 nsswitch: fix double free errors in nsstest.c
We need to zero out static pointers on free.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13283

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-21 14:19:17 +01:00
Stefan Metzmacher
8b0e1a77ae wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-10 08:35:16 +01:00
Ralph Boehme
95e3307917 libwbclient: add more trust types
Prepare libwbclient for additional trust types and trust routing.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Ralph Boehme
05558ddd7e wbinfo: support for local, workstation and routed trust types
Prepare wbinfo for additional trust types and trust routing.

This also modifies the output line for a "None" trust type by skipping
the transitivity and direction -- that just doesn't make sense without a
trust.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Ralph Boehme
ec85579d87 libwbclient: add trust routing and more trust-types
This adds the struct member and the defines, the implementation comes
later.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Ralph Boehme
c8f76bfd72 nsswitch: fill out wbcAuthUserInfo user_principal and dns_domain_name from info6
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-13 08:24:09 +01:00
Ralph Boehme
59cb1f6f9c nsswitch: add "validation_level" and "info6" to winbindd_response
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-13 08:24:09 +01:00
Uri Simchoni
06859547f0 pam_winbind: avoid non-literal-format warning
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144
2017-11-29 12:50:49 +01:00
Uri Simchoni
8990570121 winbind_nss_freebsd: fix const discard warning
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-24 01:13:15 +01:00
Uri Simchoni
786e3c1d82 pam_winbind: fix const discard warnings
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-24 01:13:15 +01:00
Volker Lendecke
d74c60807c nsswitch: Slightly simplify winbindd_request_response
We don't need a separate variable, C passes a copy on the stack

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:16 +01:00
Volker Lendecke
87c4432562 libwbclient: Fix two signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:16 +01:00
Volker Lendecke
df5a534198 nsswitch: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:15 +01:00
Ralph Boehme
76a1c5a162 wbinfo: return "NOT MAPPED" instead of "S-0-0" for unmapped id-to-sid
Currently wbinfo --unix-ids-to-sids prints "S-0-0" for failed
mappings. Let it print "NOT MAPPED" instead.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 10 02:57:40 CEST 2017 on sn-devel-144
2017-10-10 02:57:40 +02:00
Volker Lendecke
bebf90f7a1 libwbclient: Fix CID 1414781 Dereference null return value
Basically a cut&paste error from somewhere else

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul 12 22:12:22 CEST 2017 on sn-devel-144
2017-07-12 22:12:21 +02:00
Ralph Boehme
b3d14dae18 selftest: add some basic tests for idmap_ad
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-12 09:01:17 +02:00
Andrew Bartlett
0cfef7f50e selftest: Prime the netlogon cache during test_idmap_rfc2307
This ensures that the group memberships just created are reflected in the test
comparison.  Otherwise we are trusting that no caches are primed, which is
simply not safe in a test.

(The login will put a list of groups, as obtained by the login over NETLOGON or
via the PAC, into the samlogon cache).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jul  2 21:59:18 CEST 2017 on sn-devel-144
2017-07-02 21:59:18 +02:00
Andrew Bartlett
8b97a0af32 selftest: Use tree_delete control in idmap_rfc2307 test
This control removes an entire subtree, which was the intention of the previouse code
but much more effectively.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-02 17:35:20 +02:00
Andreas Schneider
776ed55a89 nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 02:33:48 CEST 2017 on sn-devel-144
2017-06-29 02:33:48 +02:00
Jeremy Allison
b2de5a81bf s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Volker Lendecke
ee3b17ba46 idmap_rfc2307: Test unix-ids-to-sids with 35 groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00