IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Without this, it can happen that tldap will look at a possibly wrong
/etc/krb5.conf. I have not reliably reproduced this, because a
set_domain_online_request() in the idmap child might interfere with
this, so I could not write a comprehensive test for this. Manual
testing however fixes the issue that wbinfo --sid-to-uid can take ages
asking a potentially nonexisting KDC.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
All parent-child communication is based in NDR and dispatched as a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 19 18:50:24 UTC 2022 on sn-devel-184
Next commits will convert InitConnection from struct based to NDR based
and this call will be directly issued to a domain child so create a 'wbint'
binding handle for domain childs too.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
It will be converted later to a local RPC call handler so it must be in
the file including ndr_winbind_scompat.c
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Next commits will convert from struct based to NDR based. The
samr_DomInfo1 struct will be returned by the child to the parent inside
the 'r' struct and the parent will just fill the winbindd_respone.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Bumping WINBIND_INTERFACE_VERSION to 32
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 10 18:25:01 UTC 2022 on sn-devel-184
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 30 01:07:12 UTC 2022 on sn-devel-184
The winbindd_dual_pam_auth_crap() will be converted to a local RPC call
handler and the winbindd_response won't be filled by the child process
but in the parent's winbindd_pam_auth_crap_recv() function.
Move all code filling the winbindd_response struct to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Move the code filling the winbindd_response to a common place,
winbindd_pam_auth_crap_recv().
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The winbindd_dual_pam_auth_crap() function will be converted to a local
RPC call handler and it won't receive a winbindd_cli_state struct. Move
the checks accessing this struct to the parent.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Next commits will covert the winbindd_dual_pam_auth_crap() function to a
local RPC call handler receiving the challenge as a DATA_BLOB in the 'r'
struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The ADS_STRUCT is not allocated using talloc and there are many places
casting this pointer directly so use a typed pointer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The domain's private_data pointer is also used to store a ADS_STRUCT,
which is not allocated using talloc and there are many places casting
this pointer directly.
The recently added samba.tests.pam_winbind_setcred was randomly failing
and after debugging it the problem was that kerberos authentication was
failing because the time_offset passed to kerberos_return_pac() was
wrong. This time_offset was retrieved from ads->auth.time_offset, where
the ads pointer was directly casted from domain->private_data but
private_data was pointing to a winbind_internal_pipes struct.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15046
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Found by oss-fuzz:
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:3: note: remove the 'if' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: error: variable 'validation_level' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:3003:6: note: uninitialized use occurs here
validation_level,
^~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2879:7: note: remove the '||' if its condition is always false
if (!(state->request->flags & WBFLAG_BIG_NTLMV2_BLOB) ||
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/winbindd/winbindd_pam.c:2853:27: note: initialize the variable 'validation_level' to silence this warning
uint16_t validation_level;
^
= 0
1 warning and 2 errors generated.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15044
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 12 18:54:50 UTC 2022 on sn-devel-184
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and the parent will call this function to fill the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state parameter. Avoid
passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will return a netr_Validation from the child. This
function will be moved to the parent to fill the winbindd_response
struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Map netr_SamInfo3 to netr_Validation in this function instead of doing
it in the caller.
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will return the netr_Validation in the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Later winbindd_dual_pam_auth() will be converted to a local RPC
handler and it will not receive a winbindd_cli_state struct as parameter.
Avoid passing around this struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Delay the assignment of the out varible and assign it only if
returning NT_STATUS_OK, the caller does not use the returned
netr_SamInfo3 if the function does not return NT_STATUS_OK.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This function allocates a lot of intermedite variables, use a temporary
memory context.
The out variable info3 is assigned using talloc_steal() because the
local my_info3 is used below.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Map netr_SamInfo6 to netr_Validation in winbindd_dual_pam_auth_kerberos()
instead of doing it in the caller.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Refactor winbindd_dual_pam_auth_kerberos() to do not take a
winbindd_cli_state struct as parameter but its members. The kerberos
ccache name is returned as an out parameter and the caller is
responsible for copying it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC call
handler and it will not receive a winbindd_cli_state as argument so
reduce passing this struct around.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Refactor the append_afs_token() function to do not take a
winbindd_response as a parameter but its members directly. The AFS token
is returned as an out parameter in a DATA_BLOB, and the caller is
responsible for setting it the extra_data winbindd_response field and
extending the winbindd_response length.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Refactor the append_unix_username() function to do not take a
winbindd_response struct as parameter but its members. The
unix username is returned as an out parameter and the caller is
responsible for setting it in the winbindd_response struct.
Later winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the netr_Validation will be returned in the 'r' struct
from the child to the parent. The parent will then fill the
winbindd_response struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Refactor the check_info3_in_group() function to take a wbint_SidArray
struct. The sid strings stored in extra_data are parsed into a
wbint_SidArray in a separated function.
Later, winbindd_dual_pam_auth() will be converted to a local RPC
call handler and the wbint_SidArray containing the required membership
will be part of the 'r' struct.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The source3/winbindd/winbindd.c file does not belong to 'winbindd-lib'
subsystem. Funtions called from winbindd-lib must be part of it.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
