1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

633 Commits

Author SHA1 Message Date
Andreas Schneider
5e89a23ffa krb5_plugin: Add winbind localauth plugin for MIT Kerberos
Applications (like OpenSSH) don't know about users and and
their relationship to Kerberos principals. This plugin allows that
Kerberos principals can be validated against local user accounts.

Administrator@WURST.WORLD -> WURST\Administrator

https://web.mit.edu/kerberos/krb5-latest/doc/plugindev/localauth.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13480

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 21 15:52:02 CEST 2018 on sn-devel-144
2018-06-21 15:52:02 +02:00
Mathieu Parent
f5b908d818 Fix spelling s/formated/formatted/
Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2018-05-12 02:09:26 +02:00
Andreas Schneider
2715f52f54 nsswitch:tests: Add test for wbinfo --user-info
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Andreas Schneider
4fa811ec7b nsswitch: Lookup the domain in tests with the wb seperator
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Andreas Schneider
0aceca6a94 nsswitch: Add a test looking up domain sid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Andreas Schneider
0d2f743d82 nsswitch: Add a test looking up the user using the upn
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-05-11 09:07:36 +02:00
Volker Lendecke
fdf0b2a784 nsswitch: Only connect to the priv socket if required
This should speed up calls like "wbinfo -p"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-04-24 14:32:10 +02:00
Stefan Metzmacher
ffe970007b nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2018-04-24 14:32:10 +02:00
Christof Schmitt
552a00ec1f Add test for wbinfo name lookup
This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Christof Schmitt
f4db4e86c3 nsswitch: Fix wbcListGroups test
With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format.  The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Christof Schmitt
3c146be404 nsswitch: Fix wbcListUsers test
With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format.  The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2018-04-06 17:58:38 +02:00
Stefan Metzmacher
dc160247d1 nsswitch: fix the developer build of nsswitch/wins.c on freebsd 11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2018-04-03 16:41:09 +02:00
Stefan Metzmacher
d5be3b3279 nsswitch: add some const to _nss_winbind_initgroups_dyn() prototype
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2018-04-03 16:41:09 +02:00
Stefan Metzmacher
b8c30abb02 nsswitch: maintain prototypes for the linux based functions only once
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2018-04-03 16:41:09 +02:00
Andreas Schneider
03617480d1 wbinfo: Improve the wording for --online-status
Currently it displays if a domain is online or offline which is wrong.
It tells us if we maintain an active connection to the domain or not.

Users are confused if they read offline because the think winbind is not
functional with that domain.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 16 14:46:43 CET 2018 on sn-devel-144
2018-03-16 14:46:43 +01:00
Ralph Boehme
f59f6cefa1 nsswitch: fix wbinfo -m --verbose trust type "Local"
Remove wrong "Local" strcmp(), there's another one, the correct one, a few lines
below. Since commit 95e3307917
WBC_DOMINFO_TRUSTTYPE_NONE, which corresponded to the string "None" in the
winbindd response, is not used anymore.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13313

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar  2 05:49:18 CET 2018 on sn-devel-144
2018-03-02 05:49:18 +01:00
Andreas Schneider
00defe7100 nsswitch: Add FALL_THROUGH statements in pam_winbind.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2018-03-01 04:37:43 +01:00
Stefan Metzmacher
da784305e7 nsswitch: fix double free errors in nsstest.c
We need to zero out static pointers on free.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13283

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-21 14:19:17 +01:00
Stefan Metzmacher
8b0e1a77ae wbinfo: avoid segfault in wbinfo_auth_crap() if winbindd is not available
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13256

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2018-02-10 08:35:16 +01:00
Ralph Boehme
95e3307917 libwbclient: add more trust types
Prepare libwbclient for additional trust types and trust routing.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Ralph Boehme
05558ddd7e wbinfo: support for local, workstation and routed trust types
Prepare wbinfo for additional trust types and trust routing.

This also modifies the output line for a "None" trust type by skipping
the transitivity and direction -- that just doesn't make sense without a
trust.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Ralph Boehme
ec85579d87 libwbclient: add trust routing and more trust-types
This adds the struct member and the defines, the implementation comes
later.

Signed-off-by: Ralph Boehme <slow@samba.org>
2018-01-13 12:55:08 +01:00
Ralph Boehme
c8f76bfd72 nsswitch: fill out wbcAuthUserInfo user_principal and dns_domain_name from info6
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-13 08:24:09 +01:00
Ralph Boehme
59cb1f6f9c nsswitch: add "validation_level" and "info6" to winbindd_response
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-01-13 08:24:09 +01:00
Uri Simchoni
06859547f0 pam_winbind: avoid non-literal-format warning
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 29 12:50:49 CET 2017 on sn-devel-144
2017-11-29 12:50:49 +01:00
Uri Simchoni
8990570121 winbind_nss_freebsd: fix const discard warning
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-24 01:13:15 +01:00
Uri Simchoni
786e3c1d82 pam_winbind: fix const discard warnings
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-11-24 01:13:15 +01:00
Volker Lendecke
d74c60807c nsswitch: Slightly simplify winbindd_request_response
We don't need a separate variable, C passes a copy on the stack

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:16 +01:00
Volker Lendecke
87c4432562 libwbclient: Fix two signed/unsigned hickups
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:16 +01:00
Volker Lendecke
df5a534198 nsswitch: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-11-18 00:09:15 +01:00
Ralph Boehme
76a1c5a162 wbinfo: return "NOT MAPPED" instead of "S-0-0" for unmapped id-to-sid
Currently wbinfo --unix-ids-to-sids prints "S-0-0" for failed
mappings. Let it print "NOT MAPPED" instead.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 10 02:57:40 CEST 2017 on sn-devel-144
2017-10-10 02:57:40 +02:00
Volker Lendecke
bebf90f7a1 libwbclient: Fix CID 1414781 Dereference null return value
Basically a cut&paste error from somewhere else

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul 12 22:12:22 CEST 2017 on sn-devel-144
2017-07-12 22:12:21 +02:00
Ralph Boehme
b3d14dae18 selftest: add some basic tests for idmap_ad
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-07-12 09:01:17 +02:00
Andrew Bartlett
0cfef7f50e selftest: Prime the netlogon cache during test_idmap_rfc2307
This ensures that the group memberships just created are reflected in the test
comparison.  Otherwise we are trusting that no caches are primed, which is
simply not safe in a test.

(The login will put a list of groups, as obtained by the login over NETLOGON or
via the PAC, into the samlogon cache).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Jul  2 21:59:18 CEST 2017 on sn-devel-144
2017-07-02 21:59:18 +02:00
Andrew Bartlett
8b97a0af32 selftest: Use tree_delete control in idmap_rfc2307 test
This control removes an entire subtree, which was the intention of the previouse code
but much more effectively.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-07-02 17:35:20 +02:00
Andreas Schneider
776ed55a89 nsswitch: Add ad_member tests for wbinfo --domain-info and --dc-info
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jun 29 02:33:48 CEST 2017 on sn-devel-144
2017-06-29 02:33:48 +02:00
Jeremy Allison
b2de5a81bf s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().
Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-11 20:30:13 +02:00
Volker Lendecke
ee3b17ba46 idmap_rfc2307: Test unix-ids-to-sids with 35 groups
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00
Volker Lendecke
e663357b4d test_idmap_rfc2307: Test wbinfo -r for 35 supplementary group memberships
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00
Volker Lendecke
1f5097e3fb test_idmap_rfc2307: Do a recursive delete in ou=idmap
We'll create more posix objects soon

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00
Volker Lendecke
f34ff621ed test_idmap_rfc2307: Correct usage
We already have 13 args at this point, and growing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00
Volker Lendecke
1893bb9bc4 test_idmap_rfc2307: Avoid a tmpfile
We can << directly into ldbadd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00
Volker Lendecke
9e816ea2f8 test_idmap_rfc2307: Remove the correct file
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12757

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-05-08 21:08:23 +02:00
Jeremy Allison
6a53ce5dd7 s4: torture: Add TALLOC_CTX * to torture_winbind_init().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-05-05 15:52:11 +02:00
Ralph Boehme
b680ceebf8 selftest: tests idmap mapping with idmap_rid
This adds two blackbox tests that run wbinfo --sids-to-unix-ids:

o a non-existing SID from the primary domain should return a mapping

o a SID with a bogus (and therefor unknown) domain must not return a mapping

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Apr  7 00:05:02 CEST 2017 on sn-devel-144
2017-04-07 00:05:02 +02:00
Ralph Boehme
d8fd56a824 selftest: fix for wbinfo -s tests for wellknown SIDs
Rework while loop to not use a pipe as that uses a subshell for the loop
which means assigning to the variable failed is not visible in the
main script.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-06 20:08:19 +02:00
Stefan Metzmacher
fba7ed9a3f pam_winbind: no longer use wbcUserPasswordPolicyInfo when authenticating
The expiry time for the specific user comes from
info->pass_must_change_time and nothing else.

The authenticating DC knows which password policy applies
to the user, that's nothing the client can do, as
domain trusts and fine-grained password policies makes
this a very complex task.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12725

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
2017-04-06 10:07:39 +02:00
Ralph Boehme
78403a8a71 selftest: fix SID composition in a test script
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr  5 17:59:32 CEST 2017 on sn-devel-144
2017-04-05 17:59:32 +02:00
Ralph Boehme
2150de3a73 selftest: wbinfo -s tests for wellknown SIDs
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12727

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-01 17:33:14 +02:00
Andreas Schneider
5f49795099 selftest: Define template homedir for 'ad_member' env
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12699

With this set, the samba3.local.nss test for ad_member will ensure that
we correctly substitute those smb.conf options.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 30 04:26:18 CEST 2017 on sn-devel-144
2017-03-30 04:26:17 +02:00