1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

831 Commits

Author SHA1 Message Date
Jeremy Allison
1111d46cc5 libcli/smb: smb1cli_inbuf_parse_chain() and smb1cli_conn_dispatch_incoming() should use smb_len_tcp.
They have to cope with large READX call replies that have
a length greater than smb_len_nbt() can handle.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-20 09:32:25 -07:00
Stefan Metzmacher
53d348dff0 libcli/smb: defer failing for missing NEGOTIATE_SECURITY_SIGNATURES_ENABLED
Windows servers take a look at the FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
flag during a session setup and turn on signing if the client requires it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-20 09:32:25 -07:00
Stefan Metzmacher
3d7a4db6bc libcli/smb: add SMB_CAP_LEGACY_CLIENT_MASK define
Older Samba releases (<= 3.6.x)
expect the client to send CAP_LARGE_READX
in order to let the client use large reads.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-20 09:32:25 -07:00
Jelmer Vernooij
87afc3aee1 Move python modules from source4/scripting/python/ to python/.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar  2 03:57:34 CET 2013 on sn-devel-104
2013-03-02 03:57:34 +01:00
Richard Sharpe
3e5acc155b Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry while W2K08 does not.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104
2013-02-23 19:28:15 +01:00
Stefan Metzmacher
4ea37dd521 libcli/smb: make use of samba_tevent_context_init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19 23:47:44 +01:00
Stefan Metzmacher
f40c93afcb libcli/cldap: make use of samba_tevent_context_init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19 23:47:44 +01:00
Jeremy Allison
1624d83fde Add new function smbXcli_session_copy(), to be used when creating compound SMB2 requests.
Copies the signing state needed to make client compound requests work
on signed connections.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-01-30 17:15:59 -08:00
Stefan Metzmacher
2413962d53 libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces (bug #9481)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-27 20:14:20 +11:00
Andrew Bartlett
988350ccef libcli/auth: fix void function cannot return value error
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104
2013-01-22 22:32:31 +01:00
Matthieu Patou
b1e231384a libcli-acl: add documentation
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22 21:14:05 +11:00
Matthieu Patou
7822952a11 security: Add documentation
Names seems to be a bit cryptic and misleading (at least for me).
So documenting them should remove at least partially this problem.

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 22:31:20 +01:00
Matthieu Patou
c0638dae6c libcli-security: Add documentation for object_tree_modify_access
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 22:31:20 +01:00
Andrew Bartlett
d36c03056f libcli/security: remove useless if (root->num_of_children > 0) statements
The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++)

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
853ecd418a libcli/security: add init_mask to existing children in insert_in_object_tree
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Andrew Bartlett
5b4e3de2bb libcli/security: handle node initialisation in one spot in insert_in_object_tree()
This removes special-case for initalising the children array in
insert_in_object_tree().  talloc_realloc() handles the intial allocate
case perfectly well, so there is no need to have this duplicated.

This also restores having just one place were the rest of the elements
are intialised, to ensure uniform behaviour.

To do this, we have to rework insert_in_object_tree to have only one
output variable, both because having both root and new_node as output
variables was too confusing, and because otherwise the two pointers
were being allowed to point at the same memory.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
a359aef083 libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
a3fffde368 libcli/security: simplify get_ace_object_type()
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
b0f731fc3b libcli/security: fix formating in access_check.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
10a90ce842 libcli/security: fix whitespaces in access_check.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21 16:12:45 +01:00
Stefan Metzmacher
629ce2a1ba libcli/security: don't look at the inherited type in get_ace_object_type()
The inherited_type is only used to decide if aces should be inherited
effectively or not (INHERIT_ONLY) for the specified object.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
2013-01-17 00:22:32 -08:00
David Disseldorp
14bd6c8b09 smb2_ioctl: split ioctl handler code on device type
Add per device type ioctl handler source files for FSCTL_DFS,
FSCTL_FILESYSTEM, FSCTL_NAMED_PIPE and FSCTL_NETWORK_FILESYSTEM.

Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16 23:15:06 +01:00
Andrew Bartlett
b26668c606 libcli/security: Ensure to fill in remaining_access for the initial case (bug #9554 - CVE-2013-0172)
It is critically important that we initialise this element as otherwise
all access is permitted.

Andrew Bartlett

Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a75805490d)
2013-01-15 12:14:25 +01:00
Andreas Schneider
3bf3ab4f64 libcli: Fix smb2cli_ioctl_send() if clause.
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21 13:56:00 +01:00
Andreas Schneider
9981b857a5 libcli: Check schannel state return value of tdb_transaction_commit().
Found by Coverity.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-21 13:56:00 +01:00
Günther Deschner
301f69b0ca libcli/auth: add netlogon_creds_encrypt_samlogon_validation().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-15 21:50:36 +01:00
Günther Deschner
563cc67ac6 libcli/auth: rename netlogon_creds_decrypt_samlogon() to netlogon_creds_decrypt_samlogon_validation().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-12-15 21:50:36 +01:00
Stefan Metzmacher
d20c46a520 libcli/security: calculate the correct inherited_object GUID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:49:48 +01:00
Stefan Metzmacher
75729e6703 libcli/security: implement object_in_list()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-11 04:45:54 +01:00
Günther Deschner
f6cb8049b2 libcli/auth: support AES decryption in netlogon_creds_decrypt_samlogon().
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:08 +01:00
Günther Deschner
be296a21fc libcli/auth: remove trailing whitespace.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:08 +01:00
Günther Deschner
429600c5f3 libcli/auth: add netlogon_creds_aes_{en|de}crypt routines.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-12-09 19:39:07 +01:00
Stefan Metzmacher
cf60338ada libcli/security: remove duplicate aces in se_create_child_secdesc()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02 22:42:20 +01:00
Volker Lendecke
d5693d99b8 Fix Bug 9422 - large read requests cause server to issue malformed reply
Reviewed by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
2012-11-30 03:27:07 +01:00
Stefan Metzmacher
c5cd22b5bb libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175)
This should be a short term hack until the upper layers have implemented
re-authentication.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-01 16:25:33 +01:00
Stefan Metzmacher
2b4672f2d3 libcli/smb: fix unitialized padding in smb2_create_blob_push_one() (bug #9209)
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Oct 27 10:05:22 CEST 2012 on sn-devel-104
2012-10-27 10:05:22 +02:00
Kai Blin
05a5974891 libcli/dns: Time out requests after a while
Time out UDP requests after DNS_REQUEST_TIMEOUT seconds. Currently set
to 2 seconds.

This should fix bug #8878.

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 16 12:58:32 CEST 2012 on sn-devel-104
2012-10-16 12:58:31 +02:00
Stefan Metzmacher
b186fdd185 libcli/smb: add smb1cli_echo*
metze
2012-09-29 10:10:30 +02:00
Stefan Metzmacher
a7fa02664a libcli/smb: add smb2cli_echo*
metze
2012-09-29 10:10:03 +02:00
Stefan Metzmacher
faa039ef46 libcli/smb: use an explicit TALLOC_FREE(subreq) in smb2cli_*
metze
2012-09-29 10:09:25 +02:00
Jeremy Allison
322e3d42f6 Fix bug #9209 - Parse of invalid SMB2 create blob can cause smbd crash.
Ensure we correctly protect against blobs with data_offset==0
and data_length != 0.

Jeremy.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 22:07:02 CEST 2012 on sn-devel-104
2012-09-27 22:07:02 +02:00
Stefan Metzmacher
cc93a3004e libcli/echo: validate the message length
metze
2012-09-22 04:31:06 +02:00
Michael Adam
50c10cbdce libcli: add a define for the APP_INSTANCE_ID smb2 create context 2012-09-19 21:21:37 +02:00
Stefan Metzmacher
aa5caf1fe9 libcli/smb: fix padding in smb2_create_blob*
metze
2012-09-19 21:21:36 +02:00
Andreas Schneider
b29dff802a waf: Rename nmblookup manpage to nmblookup4. 2012-09-07 10:48:57 +02:00
Jeremy Allison
2b89e1a20a Factor out privilege checking code into se_file_access_check() which takes a bool priv_open_requested parameter. 2012-08-31 20:29:13 -07:00
Jeremy Allison
cf29863c69 Fix bug #9124 - Samba fails to set "inherited" bit on inherited ACE's.
Change se_create_child_secdesc() to handle inheritance correctly.
2012-08-30 10:08:50 -07:00
Stefan Metzmacher
28350aeaa1 libcli/smb: split out a smb_transport private library
metze
2012-08-25 01:39:41 +02:00
Stefan Metzmacher
5eec19bc83 libcli/smb: wscript_build => wscript
We'll need some configure checks in future.

metze
2012-08-25 01:39:41 +02:00
Jeremy Allison
aca444cbfc Remove useless bool "upper_case_domain" parameter from ntv2_owf_gen().
The code in SMBNTLMv2encrypt_hash() should not be requesting case
changes on the domain name.

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104
2012-08-24 21:39:41 +02:00