1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

336 Commits

Author SHA1 Message Date
Stefan Metzmacher
334089c101 Revert "libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1"
This reverts commit a6affb7bb3.

This is not really needed. The caller should ignore this flag.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-11-27 16:45:05 +01:00
Jeremy Allison
c426f97238 libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does.
Required as some servers return zero when asked for
zero credits in an initial SMB2-only negprot.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
2014-11-26 19:05:37 +01:00
Jeremy Allison
dbb191f35b libcli/smb: Add smb2_lease_equal() which compares client_guids and keys.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  7 22:41:47 CET 2014 on sn-devel-104
2014-11-07 22:41:47 +01:00
Volker Lendecke
2fc8f761c1 libcli/smb: add smb2_lease_key_equal() helper function
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-11-07 20:13:09 +01:00
Volker Lendecke
a6affb7bb3 libcli/smb: mask off SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET for version 1
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-11-07 20:13:09 +01:00
Volker Lendecke
171cefe48f libcli/smb: remember the lease_version in struct smb2_lease
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-11-07 20:13:09 +01:00
Stefan Metzmacher
71cb5749f4 libcli/smb: try to negotiate SMB2_ENCRYPTION_AES128_GCM
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 16 21:53:32 CEST 2014 on sn-devel-104
2014-10-16 21:53:32 +02:00
Stefan Metzmacher
778ff0c65c libcli/smb: support SMB2_ENCRYPTION_AES128_GCM in smb2_signing_[de|en]crypt_pdu()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Stefan Metzmacher
6fb2a982d7 libcli/smb: prepare smb2_signing_[de|en]crypt_pdu() to support multiple ciphers
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Stefan Metzmacher
2ed2f00831 libcli/smb: pass the negotiated cipher to smb2_signing_[de|en]ncrypt_pdu()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Stefan Metzmacher
ed38abb0a9 libcli/smb: pass 'uint16_t cipher_id' to smb2_signing_[de|en]crypt_pdu()
enum protocol_types protocol was unused before
and cipher_id is unused as well for now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Stefan Metzmacher
1ab23ac1e7 libcli/smb: use conn->smb2.server.cipher != 0 instead of conn->smb2.server.capabilities & SMB2_CAP_ENCRYPTION
SMB 3.10 servers don't report SMB2_CAP_ENCRYPTION anymore.
So using conn->smb2.server.cipher != 0 is a more consistent way to decide if
encryption is supported on the connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-16 19:30:04 +02:00
Günther Deschner
b8fce2c65b libcli/smb: use lib/crypto SHA512 functions, do not depend on heimdal.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Oct 14 13:13:08 CEST 2014 on sn-devel-104
2014-10-14 13:13:08 +02:00
Andrew Bartlett
14f6256c51 s3-winbindd: Allow winbindd to connect over SMB2 to servers
This allows SMB signing to work against many more DCs, and so improves network security.

The default for "client max protocol" remains NT1 in the rest of the code.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-10-08 01:09:51 +02:00
Stefan Metzmacher
3e2d4199c3 libcli/smb: remove unused SMB2_TF_ALGORITHM define
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  8 01:08:40 CEST 2014 on sn-devel-104
2014-10-08 01:08:40 +02:00
Stefan Metzmacher
72d3f931d7 libcli/smb: use SMB 3.10 flags for the transform header
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
d021a2d90f libcli/smb: pass tcon flags to the server for SMB 3.10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
2a4290fa00 libcli/smb: avoid validate info after tcon for SMB 3.10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
c290ece1f6 libcli/smb: implement SMB 3.10 session setup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
2f732db742 libcli/smb: implement SMB 3.10 negprot
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
a00fe90c3c libcli/smb: add smb2cli_req_get_send_iov()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
5c5a33cfcb libcli/smb: add smb2_negotiate_context.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
9d92074769 libcli/smb: add SMB 3.10 related defines
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
664ca0e3ee libcli/smb: negotiate SMB3_DIALECT_REVISION_310 if PROTOCOL_SMB3_10 is requested
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
d22fd000c9 libcli/smb: add PROTOCOL_SMB3_10
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
1fa8861f15 libcli/smb: add SMB3_DIALECT_REVISION_310 define
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
3eef853f74 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
If the connection starts with a SMB Negprot, the server only implies the
selected dialect, but not the clients security mode.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Jeremy Allison
6c05cd3e89 s3: smb2cli: query info return length check was reversed.
Make it identical to the check in libcli/smb/smb2cli_ioctl.c

https://bugzilla.samba.org/show_bug.cgi?id=10848

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  2 04:42:26 CEST 2014 on sn-devel-104
2014-10-02 04:42:26 +02:00
Stefan Metzmacher
26ff9f3487 libcli/smb: call smb2cli_validate_negotiate_info*() after each authenticated tcon
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
7729ba5849 libcli/smb: add smb2cli_validate_negotiate_info*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
6a82cb7b68 libcli/smb: list NT_STATUS_FILE_CLOSED as expected ioctl response.
Some IOCTL requests change the behavior with new protocol versions.
E.g. FSCTL_VALIDATE_NEGOTIATE_INFO resulted in NT_STATUS_FILE_CLOSED
for old servers.

As SMB2 signing might be skipped for responses with NT_STATUS_FILE_CLOSED
we need to list it explicitly in the expected return values.

This way we'll get NT_STATUS_ACCESS_DENIED, if the server doesn't
sign the response to a signed requests.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
b77bb5a2e3 libcli/smb: move smb2cli_tcon.c to the toplevel
removing use of cli_state from the code.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
8c846f78ed libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}()
This can be used to force signing for individual requests.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
e954f9290c libcli/smb: add smb2cli_tcon_should_encrypt()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
ca1081ef5e libcli/smb: add smbXcli_session_is_authenticated()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
aa4310b0af libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED
With SMB2_HDR_FLAG_SIGNED we make sure that we either use smb2 signing
or smb2 encryption for the request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Andreas Schneider
f92086f4a3 libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10817

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 23 04:23:05 CEST 2014 on sn-devel-104
2014-09-23 04:23:05 +02:00
Anubhav Rakshit
4c64d41cfc libcli/smb: Add routines to enable/disable SMB2_HDR_FLAG_REPLAY_OPERATION flag.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Anubhav Rakshit
2a8a6edfef libcli/smb: Add routine to reset the Channel Sequence number.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Stefan Metzmacher
dfcc683e38 libcli/smb: correctly report disconnect errors after getting STATUS_PENDING
smb2cli_req_recv() should not report STATUS_PENDING if the
request isn't pending anymore (e.g. the connection was disconnected)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Volker Lendecke
6a1c51ee80 lib: Reduce deps for "smb_transport"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2014-09-18 20:36:11 +02:00
Volker Lendecke
9f3e894468 libcli: Make smb2cli_create return blobs
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-06-30 22:28:14 +02:00
Volker Lendecke
0a2209c161 libsmb: Make smb2cli_create cancellable
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-06-21 20:38:11 +02:00
Volker Lendecke
1dda098401 libsmb: Put the "smb2_lease" struct into idl
This will make it easier in the future to NDR_PRINT a lease and
a lease key

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
2014-06-12 03:34:41 +02:00
Björn Jacke
accb76b9a8 add FSCTL_SET_ZERO_ON_DEALLOCATION define
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu May 15 15:16:34 CEST 2014 on sn-devel-104
2014-05-15 15:16:34 +02:00
Björn Jacke
fc49cc976b add FSCTL_SET_ZERO_DATA fsctl define
fallocalte with the FALLOC_FL_ZERO_RANGE flag introduced
with Linux 3.15 should be able to do this soon

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-15 12:51:21 +02:00
Jeremy Allison
2900dfa5b9 s3: client - rename 'struct smb2_create_returns' to 'struct smb_create_returns' so we can use this in SMB1 create returns as well.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2014-05-09 23:10:07 +02:00
Stefan Metzmacher
6d6bd9612c libcli/smb: add smb_signing_is_desired()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-04-16 07:50:05 +02:00
Stefan Metzmacher
d6794ec2aa libcli/smb: reuse tstream_smbXcli_np_disconnect_send/recv as helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00
Stefan Metzmacher
5b1d9f7a82 libcli/smb: add tstream_smbXcli_np_disconnect_cleanup() to handle talloc_free(req)
If the tevent_req of tstream_smbXcli_np_disconnect_* is explicitly or
implicitly free'ed, we need to make sure we still deliver the
close request to the server! Otherwise the SMB signing sequence gets out of
sync.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2014-03-25 00:45:28 +01:00