IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This can never have been tested....
Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We don't need to change the protocol version because:
1. An old client may provide the "initial_blob"
(which was and is still ignored when going
via the wbcCredentialCache() function)
and the new winbindd won't use new_spnego.
2. A new client will just get a zero byte
from an old winbindd. As it uses talloc_zero() to
create struct winbindd_response.
3. Changing the version number would introduce problems
with backports to older Samba versions.
New clients which are capable of using the new_spnego field
will use "negotiate_blob" instead of "initial_blob".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
pam_winbind depends on talloc, which depends on libreplace, so we have asprintf
available.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
PAM sessions are long running. If we create a pam session a connection
to winbind is established and only closed by the destructor of the
libwbclient library. If we create a wbcContext, we will free it in the
end of the PAM function being called and the socket will be closed. This
decreases the amount of allocated 'winbindd_cli_state' structures in
winbind for every logged in user.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Mar 22 07:59:35 CET 2016 on sn-devel-144
The previous use was safe, but having *any* use of strcpy inside
our code sets off security flags. Replace with an explicit length
calculation and memcpy.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
An implementation of https://lists.samba.org/archive/samba/2012-March/166497.html (which has been discussed in 2012, but was never implemented).
It has been tested on a Debian Jessie system with this patch added to the Debian package (which is currently 4.1.17). Even though this is Samba 4, the ntlm_auth installed is the one from Samba 3 (yes, it surprised me too). The backend was a machine with Windows 2012R2.
It was first tested with the local security policy 'Network Security: LAN Manager authentication level' setting changed to 'Send NTLMv2 Response Only' (allow ntlm v1). This way we are able to authenticate with and without the MSV1_0_ALLOW_MSVCHAPV2 flag (as expected).
After the basic step has been verified, the local security policy 'Network Security: LAN Manager authentication level' setting was changed to 'Send NTLMv2 Response Only. Refuse LM & NTLM' (only allow ntlm v2). The behaviour now changed according to the MSV1_0_ALLOW_MSVCHAPV2 flag (again: as expected).
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain=
Logon failure (0xc000006d)
$ ntlm_auth --request-nt-key --username=XXXXXXXXXXXXX --challenge=XXXXXXXXXXXXXXXXX --nt-response=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX --domain= --allow-mschapv2
NT_KEY: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The changes in `wbclient.h` are intended for programs that use libwinbind directly instead of authenticating via `ntlm_auth`. I intend to use that within FreeRADIUS (see https://bugzilla.samba.org/show_bug.cgi?id=11149).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11694
Signed-off-by: Herwin Weststrate <herwin@quarantainenet.nl>
Reviewed-by: Kai Blin <kai@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 22 23:39:13 CET 2016 on sn-devel-144
To do a proper xids2sids conversion I need a build environment.
Everyone who needs this and can build AIX please speak up!
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 11 04:43:53 CET 2016 on sn-devel-144
These functions were meant as a standard interface before libwbclient was
developed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
...instead of using "if (ret)" or similar.
This is just a code cleanup, no changes in behaviour.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
The test gets handed a name, so we first need
to resolve the name to an IP before we can
pass that on to ResolveWinsByIp.
Bug uncovered by the new nss_wrapper code (1.1.2).
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 6 13:43:45 CET 2015 on sn-devel-104
This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This allows us to use them in talloc as well.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Adrian Cochrane <adrianc@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
The problem with large groups on Solaris in the the NSS winbind module is
Solaris wants the return value to be NSS_UNAVAIL if the buffer given is too
small for getgrnam_r. The current code return NSS_TRYAGAIN which causes
Solaris/Illumos to loop without trying to resize the buffer.
Thanks to Nathan Huff <nhuff@acm.org> for finding this out.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10365
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Thanks to Timur Bakeyev <timur@FreeBSD.org> for the patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11493
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep 8 21:39:21 CEST 2015 on sn-devel-104
This patch cancels the retry policy of the winbind client.
When winbindd fails to respond to a request within 30 seconds,
the winbind client closes the connection and retries up to 10
times.
In some cases, delayed response is a result of multiple
requests from multiple clients piling up on the winbind domain
child process. Retrying just piles more and more requests,
creating a vicious cycle.
Even in the case of a single request taking long to complete,
there's no point in retrying because the retry request would just
wait for the current request to complete. Better to wait patiently.
There's one possible benefit in the retry, namely that winbindd typically
caches the results, and therefore a retry might take a cached result, so
the net effect of the retry may be to increase the timeout to 300 seconds.
But a more straightforward way to have a 300 second timeout is to modify the
timeout. Therefore the timeout is modified from 30 seconds to 300 seconds
(IMHO 300 seconds is too much, but we have "winbind rquest timeout"
with a default of 60 to make sure the request completes or fails
within 60 seconds)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jun 8 19:48:18 CEST 2015 on sn-devel-104
Also test the codepaths to map UID and GID back to SID and names. Use
different user and group to avoid returning results cached from the
previous lookups.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11313
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 5 01:24:32 CEST 2015 on sn-devel-104
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Stops segfault when a context is passed. Internal Samba code will
currently always call this with NULL so won't trigger the bug.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 18 01:41:32 CET 2015 on sn-devel-104
Increment the minor version of the libwbclient library after new
context functions added. (Major version increase not required as
the only two functions with changed parameters are private to the
library.)
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 10 03:24:45 CET 2015 on sn-devel-104
There are some global variables in use in the libwbclient
library. Now that we have a context, move these into it so that
they are thread-safe when the wbcCtx* functions are used.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To make the libwbclient library thread-safe, all functions
that call through to wb_common winbindd_request_response need
to have context that they can use. This commit adds all the
necessary functions.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
To enable libwbclient to pass winbindd context through
to the winbind client library in wb_common.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The basic context structure and functions for libwbclient so that
libwbclient can be made thread-safe.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Updating API call in libwbclient, wbinfo, ntlm_auth and
winbind_nss_* as per previous commit to wb_common.c.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Rather than keep state in global variables, store the current
context such as the winbind file descriptor in a struct that is
passed in. This makes the winbind client library thread-safe.
Signed-off-by: Matthew Newton <matthew-git@newtoncomputing.co.uk>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 3 20:03:25 CET 2015 on sn-devel-104
Otherwise a bad read can sometimes cause the function to return -1 with
an invalid pointer in extra_data.data, which is attempted to be freed
by the caller (e.g. libwbclient/wbc_pam.c wbcAuthenticateUserEx())
by calling winbindd_free_response().
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9056
warn_pwd_expire parameter is not working as documented in pam_winbind manual
page. This patch adds missing bit and allows disabling warning message fully,
i.e. setting warn time to zero days.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Dec 3 21:36:49 CET 2014 on sn-devel-104
Fixes this test when bin/ldbmodify isn't built because we're using the
system ldbmodify.
Change-Id: I2ff0d9808245353006c6be4989976a3edad8f98e
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The getgroupmembership call on FreeBSD is needed for "winbind expand groups=0"
(the new default in 4.2) to work.
Thanks to Timur I. Bakeyev for the enhancement patch.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10835
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Oct 18 12:41:07 CEST 2014 on sn-devel-104
If we have configured the idmap_ad backend it is possible that the user
is in a group without a gid set. This will result in (uid_t)-1 as the
gid. We return this invalid gid to NSS which is wrong.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Sep 19 17:57:14 CEST 2014 on sn-devel-104
We are not allowed to reach around behind the system's back and
include the wrong headerfiles.
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
https://bugzilla.samba.org/show_bug.cgi?id=10692
Revert "libwbclient: reject unknown named blobs in wbcCredentialCache()"
This reverts commit 740d12d1e7.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 14 21:54:08 CEST 2014 on sn-devel-104
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10692
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 10 22:30:45 CEST 2014 on sn-devel-104
on AIX this is actually not called NSS and PAM, this is combined im LAM (loadable
authentication module)
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jun 12 13:32:28 CEST 2014 on sn-devel-104
Change-Id: I41ed850b6424eac3fb8b6603d5b87c66bb77dd51
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
The password is made more complex, and the test domain is made to
use the command line options.
Andrew Bartlett
Change-Id: Ia1ec24a9fc393e7f7b210f845bcf32dbc933d48f
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This avoids a pile of shell-script escape pain, and fixes some tests.
Andrew Bartlett
Change-Id: Ie1d0e32ab484a5b0ddbc4073831fe6de27e38e92
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Change-Id: I8f23ecc8444c3b25d5be2a7fdbf51ba7fe4a5ed9
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Prior to asking for a winbindd private pipe we need to initialize
response structure to deal with a possible response failure.
winbind_open_pipe_sock() issues two winbindd requests:
- asks for interface version
- asks for a private pipe
The first call returns interface version in a response structure (which
is a union). The second call might fail -- in this case response
structure will not be initialized or filled in with any information.
As result, if the second call failed, response structure will have data
from an interface string interpreted as a pointer to a string during
SAFE_FREE() at the end of the winbind_open_pipe_sock().
To avoid that, ensure response struct is initialized before asking for
a private pipe.
https://bugzilla.samba.org/show_bug.cgi?id=10596
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 8 04:24:53 CEST 2014 on sn-devel-104
It is very confusing if the env var uses the same name as the define in
the source code. So prefix it with SELFTEST.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Change-Id: Ic2e06e448fce1d91422b711abf663b9253009a53
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Apr 2 13:07:24 CEST 2014 on sn-devel-104
This is the original cause of the wbc NT_STATUS_OBJECT_NAME_NOT_FOUND issues in recent git master, as the
build was able to progress without the correct path being set as an override.
Andrew Bartlett
Change-Id: I1dbc7350695756356e869199b589eb781eb5c673
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 5 18:34:48 CET 2014 on sn-devel-104
This reverts commit ec0f51b200.
A more generic fix is now in use.
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 15 01:37:38 CET 2014 on sn-devel-104
This needs a password to work, and it confuses users for it to appear to be valid here.
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
This is a better fix for 8564 and will allow ec0f51b200 to be reverted.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=8564
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
furthermore if more than one name is supplied and no sid is converted
then also fail.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=8598
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Nov 29 15:45:11 CET 2013 on sn-devel-104
We have that available via libreplace, so use it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Nov 28 14:33:32 CET 2013 on sn-devel-104
older iniparser versions ( like that used in upstream samba ) ignore 'key='
entries, the key is not entered into the dictionary at all. Later
versions of iniparse specifically handle the following special cases
* key=
* key=;
* key=#
by assigning a value of "" ( a zero length string ) to the key
in the dictionary.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Nov 20 16:12:13 CET 2013 on sn-devel-104
We set the socket to nonblocking and don't handle EAGAIN right. We do
a poll anyway, so wait for writability, which should fix this.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10195
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Aug 12 00:46:34 CEST 2013 on sn-devel-104
Might as well fix it to handle large authority values properly. Also
correct some of the formatting.
Signed-off-by: Jeff Layton <jlayton@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
By default wbinfo -u|-g should only enumerate the domain winbindd is
joined to. The command can be harmfull if you have e.g. 30 domains and
700k users. Then the parent will collect all information and the
oom-killer will kill winbind. As we still want to support it, you can
enable it the old behaviour with wbinfo --domain='*' -u. This is
a measure that sysadmins don't shoot themself.
https://bugzilla.samba.org/show_bug.cgi?id=10034
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 18 11:54:58 CEST 2013 on sn-devel-104
In reviewing various files in Samba-4.0.7, I found a number
of instances where malloc()/calloc() were called without the
checking the return value for a value of NULL, which would
indicate failure.
(NB. The changes needed to ccan, iniparser, popt and heimdal
will be reported upstream, not patched inside Samba).
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Source <idra@samba.org>
the beginning if is only ifdef LINUX now, not the long list this comment refers to
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri May 17 01:09:33 CEST 2013 on sn-devel-104
wbinfo_pam_logon() incorrectly assumes that wbcLogonUser() always
returns an allocated wbcAuthErrorInfo struct on failure.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 17 21:29:29 CEST 2013 on sn-devel-104
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 22 16:18:06 CET 2013 on sn-devel-104
Create a new test environment with 'idmap config DOMAIN : backend =
rfc2307'. A new test script adds LDAP records and queries them again for
the mapped uid and gid.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 9 08:18:43 CET 2013 on sn-devel-104
from the FreeBSD required name to the built module.
Signed-off-by: Timur Bakeyev <timur@FreeBSD.org>
Reviewed-by: Andrew Bartlett <abartlett@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Fri Mar 8 05:04:04 CET 2013 on sn-devel-104
Our LGPL winbind client libs do not link against our server-side code, and
should not use the server-side includes.h.
This removes a build-time dep on talloc that was brought in via includes.h as
this code also does not use talloc.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
WBFLAG_PAM_AUTH_PAC and WBFLAG_BIG_NTLMV2_BLOB
are the same causing errors in NTLMv2 authentication.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 18 22:13:09 CET 2013 on sn-devel-104
In the code you normally use:
BAIL_ON_WBC_ERROR;
but the last ; is statement never reached, so dead code.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
These binaries are for developer or selftest use, and are not
supported for installation onto the system. The autoconf build does
not install these binaries, and so neither should the waf build.
Andrew Bartlett
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 22 12:00:36 CET 2012 on sn-devel-104
Ensure the potentially null winbind context is not dereferenced on
cleanup.
https://bugzilla.samba.org/show_bug.cgi?id=8564
Signed-off-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 26 22:40:57 CEST 2012 on sn-devel-104
Due to not building and linking in the winbind_nss_solaris bits in addition
to the linux bits, nss was broken on Solaris.
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Sep 30 22:56:30 CEST 2012 on sn-devel-104
These are in configure.in for autoconf. Found in the config.h comparison on
the smbtorture4 build.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 11:50:10 CEST 2012 on sn-devel-104
With this new interface, external applications that have authenticated
to an ADS can pass the PAC from the Kerberos ticket to
wbcAuthenticateUserEx. winbindd decodes and extracts the info3
information for the external application. If winbindd can verify the PAC
signature, the info3 from the PACis also added to the netsamlogon_cache.
The info3 data can be used by the external application to get the uid
and primary gid. The data in netsamlogon_cache allows to retrieve the
complete group list through the NSS function getgrouplist.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This is required to properly return PAM_USER_UNKNOWN in case winbind had a
problem.
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Sep 19 15:06:10 CEST 2012 on sn-devel-104
The function _pam_winbind_change_pwd crashes due to a null value passed
to the function strcasecmp and denies to login via graphical login
manager. Check for a null value before doing a strcasecmp.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1003296
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9013
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Sep 12 00:07:28 CEST 2012 on sn-devel-104
Microsoft documentation states that maximum fqdn length is 64 characters, so extending DNS Domain column to 65 characters.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 23 03:49:00 CEST 2012 on sn-devel-104
The internal domain used in 'make test' does not report a DC name, so
just add tests similar to the old wbcPingDc call.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Use wbcPingDc2 to get the DC name and print it.
Cleanup error messages: Remove "Could not ping our DC", there is always
a more specific message. Avoid printing "failed to call wbcPingDc" in
case the ping has been attempted and it returns an error, the error is
already printed.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Add wbcPingDc2 that optionally returns the DC that was attempted to
ping. wbcPing is implemented as a wrapper around wbcPingDc2.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This will ensure that we do not unintentionally break the ABI.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 10 04:08:54 CEST 2012 on sn-devel-104
Don't ask the DC for an IP list when locating kdc's. Ask for the
name and use getaddrinfo to get all possible addresses instead.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Apr 25 22:01:18 CEST 2012 on sn-devel-104
iniparser_getstr is deprecated and has been removed in newer libraries
available in Fedora. Use iniparse_getstring instead.
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Tue Apr 24 02:56:10 CEST 2012 on sn-devel-104
This effectively reverts commit 2c49782dc1
This also adds explaination about what would need to be done to
support a system libwbclient
Andrew Bartlett
This may help me chase down the failure in my idmap rework.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 20 09:51:35 CEST 2012 on sn-devel-104
Found by chance due to a re-order of the tests to start s3member
earlier and chasing down a malloc Abort into a valgrind error. Only
happens when a user has more than 4 groups.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Feb 20 05:23:04 CET 2012 on sn-devel-104
Add "system/passwd.h" so struct group is declared.
Autobuild-User: Ira Cooper <ira@samba.org>
Autobuild-Date: Mon Feb 6 18:28:53 CET 2012 on sn-devel-104
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
the Samba4 winbindd allows for a single SID to map to both a user and
group id. This is used to support files with the owner_sid set to a
group
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Only build pam_winbind.so if we want pam modules _and_ have the libs
Autobuild-User: Kai Blin <kai@samba.org>
Autobuild-Date: Sun May 8 23:56:33 CEST 2011 on sn-devel-104
This function is problematic because a string may expand in size when
changed into upper or lower case. This will then push characters off
the end of the string in the s3 implementation, or panic in the former
s4 implementation.
Andrew Bartlett
