IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP
NT_STATUS_SMB_BAD_CLUSTER_DIALECT
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker, apologies for the mistake.
Spotted by Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:20:23 CEST 2015 on sn-devel-104
This prepares a possibly stripped security descriptor for a client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
TODO: we should import the whole lists from [MS-DTYP].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
WERR_INVALID_LEVEL is the documented name that should be printed
in logs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
I have been building 4.2.0 with the GNU C compiler but I decided to see
how it works with the Sun C 5.11 compiler. The Sun compiler complains
about a identifier being redeclared in libcli/auth/netlogon_creds_cli.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11140
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We haven't added the req to the pending array yet, as SMB1 requests can
be one-way (no reply needed). So if we error out after the writev, but
before we add to the pending array we must rember to terminate our current
tevent req with a tevent_req_nterror call.
Fixes bug 11173 - SMB1 Server disconnect can cause timeout on client write error.
https://bugzilla.samba.org/show_bug.cgi?id=11173
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 20 05:08:25 CET 2015 on sn-devel-104
As specified in the recent 20150129 revision of MS-FSCC.
Add a note regarding the FileHandle field, which was confirmed to
correspond to the volatile part of the fileid:
https://lists.samba.org/archive/samba-technical/2015-February/105454.html
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Mar 8 00:43:08 CET 2015 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
They include the ip address information without setting
NETLOGON_NT_VERSION_5EX_WITH_IP, while using
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104
This reverts commit a6affb7bb3.
This is not really needed. The caller should ignore this flag.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Required as some servers return zero when asked for
zero credits in an initial SMB2-only negprot.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 7 22:41:47 CET 2014 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 16 21:53:32 CEST 2014 on sn-devel-104
enum protocol_types protocol was unused before
and cipher_id is unused as well for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
SMB 3.10 servers don't report SMB2_CAP_ENCRYPTION anymore.
So using conn->smb2.server.cipher != 0 is a more consistent way to decide if
encryption is supported on the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows SMB signing to work against many more DCs, and so improves network security.
The default for "client max protocol" remains NT1 in the rest of the code.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 8 01:08:40 CEST 2014 on sn-devel-104
If the connection starts with a SMB Negprot, the server only implies the
selected dialect, but not the clients security mode.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make it identical to the check in libcli/smb/smb2cli_ioctl.c
https://bugzilla.samba.org/show_bug.cgi?id=10848
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 2 04:42:26 CEST 2014 on sn-devel-104
Some IOCTL requests change the behavior with new protocol versions.
E.g. FSCTL_VALIDATE_NEGOTIATE_INFO resulted in NT_STATUS_FILE_CLOSED
for old servers.
As SMB2 signing might be skipped for responses with NT_STATUS_FILE_CLOSED
we need to list it explicitly in the expected return values.
This way we'll get NT_STATUS_ACCESS_DENIED, if the server doesn't
sign the response to a signed requests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This can be used to force signing for individual requests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
With SMB2_HDR_FLAG_SIGNED we make sure that we either use smb2 signing
or smb2 encryption for the request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
The count is already checked for 0 above this line so it can never be 0
at this point.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10817
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 23 04:23:05 CEST 2014 on sn-devel-104
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
smb2cli_req_recv() should not report STATUS_PENDING if the
request isn't pending anymore (e.g. the connection was disconnected)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This piece of code pulls in talloc_stackframe and smb_panic into what
should be a very simple mapping library. I'm trying to reduce our
dependencies right now a bit, and I think the use cases that this fixes
(unknown NTSTATUS together with double nt_errstr() calls in the same
DEBUG) are rare enough that this is not justified.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
This is in dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords, which has
status variables filled in by the server and placed in this in/out
array.
This showed up as a segfault in winbindd during RODC DNS update.
Andrew Bartlett
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
This will make it easier in the future to NDR_PRINT a lease and
a lease key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
Change-Id: Ib87933c318f510d95f7008e122216d73803ede68
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
This function is a duplicate of security_ace_equal(), and is no longer
used.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 29 03:34:38 CEST 2014 on sn-devel-104
Both offer the same functionality, sec_ace_equal() will be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This change cleans up the white-space damage, and converts the single
line if-then statements to match Samba's coding conventions.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With sec_desc_del_sid() now gone, this can also be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The function is unused, and shares mostly the same behaviour as
security_descriptor_acl_del().
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With make_sec_desc() converted to use security_acl_dup(), which offers
the same behaviour, this function is no longer needed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It currently leaks memory onto the provided talloc context on error, fix
this.
Use X_acl_dup() functions provided by secuity_descriptor.c, rather than
the redundant secdesc.c calls. Also, use the IDL generated functions to
calculate the security descriptor structure size.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With all callers converted to use security_descriptor_copy(), this
function can be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This function adds a new allow-type ACE to an existing ACE list. With
the removal of sec_desc_add_sid(), this is no longer used internally.
The same behaviour can be achieved via the much cleaner
security_ace_create() function.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This function adds an ACE to a security descriptor DACL. The same can be
achieved via the more flexible and much cleaner security_ace_create()
and security_descriptor_dacl_add() functions.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
struct security_ace has a struct dom_sid, not a pointer to it. So we don't have
to talloc it first and then not free it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 27 12:54:55 CEST 2014 on sn-devel-104
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu May 15 15:16:34 CEST 2014 on sn-devel-104
fallocalte with the FALLOC_FL_ZERO_RANGE flag introduced
with Linux 3.15 should be able to do this soon
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Error codes and descriptions were autogenerated from [MS-ERREF]
see http://msdn.microsoft.com/en-us/library/cc704588.aspx
Additionally some missing error descriptions for existing errors were
identified and generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
error codes & string descriptions are generated from
http://msdn.microsoft.com/en-us/library/cc704587.aspx, additionally there
is a function to return the error description from the error code,
this function will also try to determine the error description
associated with a W_ERROR code translated as a HRESULT.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
If the tevent_req of tstream_smbXcli_np_disconnect_* is explicitly or
implicitly free'ed, we need to make sure we still deliver the
close request to the server! Otherwise the SMB signing sequence gets out of
sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This should be used to negotiate the may fragment size
of DCERPC connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This fixes some valgrind errors when the smbXcli_tcon disappears before the
smbXcli_conn.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Function, CPFunction, CPPFunction and VFunction typedefs are considered
old-style (deprecated) starting from readline 4.2 (circa 2001).
Compatibility typedefs have been in place up to readline 6.2 but were
removed with the 6.3 release thus causing builds to break.
Switch to the new-style specific prototyped typedef.
Return value is unused so the callback should still be void (see
readline/input.c around line 456 in version 6.3).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 13 00:21:47 CET 2014 on sn-devel-104
Change-Id: I49fec82e55b6bc59d5c0f157df90005f7d891c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Changed the if condtion to detect when we'd improperly overflow.
Coverity-Id: 1167990
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Feb 24 11:56:38 CET 2014 on sn-devel-104
The values have to be signed here to allow for the values to go negative,
to prevent the overflow.
Coverity-Id: 1167990
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Feb 24 07:23:03 CET 2014 on sn-devel-104
To be consistent with db_open() and prepare for future
possible extensions.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This matches Windows, it seems they use a fixed size field to store
netlogon_creds_CredentialState.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can be used to inject a db_context from dbwrap_ctdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is more better than a custom tevent_req destructor.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Until all callers are fixed to pass the same 'server_computer'
value, we try to calculate a server_netbios_name and use this
as unique identifier for a specific domain controller.
Otherwise winbind would use 'hostname.example.com'
while 'net rpc testjoin' would use 'HOSTNAME',
which leads to 2 records in netlogon_creds_cli.tdb
for the same domain controller.
Once all callers are fixed we can think about reverting this
commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.
Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.
We now use a node specific computer name in order to establish
individual netlogon sessions per node.
If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.
The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.
LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.
This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563https://bugzilla.samba.org/show_bug.cgi?id=7944https://bugzilla.samba.org/show_bug.cgi?id=7945https://bugzilla.samba.org/show_bug.cgi?id=7568https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This code is generic enough to have it in the top level now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
If the last usage of netlogon_creds_client_authenticator()
is in the past try to use the current timestamp and increment
more than just 2.
If we use netlogon_creds_client_authenticator() a lot within a
second, we increment keep incrementing by 2.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 24 13:18:18 CET 2013 on sn-devel-104
creds->sequence (timestamp) is the value that is used to increment the internal
state, it's not a real sequence number. The sequence comes
from adding all timestamps of the whole session.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is what windows returns, the value is ignored by the client anyway.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This avoids a complex if-expression
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Dec 14 00:10:21 CET 2013 on sn-devel-104
This utility is splitted of from cldap_netlogon_send.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
The subsections of [MS-SMB2] "3.2.5.14 Receiving an SMB2 IOCTL Response"
say the client should ignore the InputOffset/InputCount.
We do that only if we ask for max_input_length = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104
Restore and backup privileges are not relevant to ldap
access checks, and the TakeOwnership privilege should
grant write_owner right
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These are the attributes returned from the FileFsAttributeInformation
request.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We don't really use leases yet, so so far this went by unnoticed. It's
the V2 lease requests that hold the parent lease key, not the V1 ones.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is an update to commit af290a03ce
that skips the scary debug messages.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
Windows and Samba always sign the final session setup response
even if signing is not mendatory, but it ensures that the signing
key is correctly in place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
This way we can calculate the correct credit charge
for requests with large output buffers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Our cur_credit value had 1 credit too many in the case of
an SMB1 => SMB2 upgrade. When we max out the credits the server
disconnected the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>