IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
More size_t != uintmax_t issues:
../source4/libcli/ldap/ldap_bind.c: In function ‘ldap_bind_sasl’:
../source4/libcli/ldap/ldap_bind.c:237:3: error: format ‘%ju’ expects argument of type ‘uintmax_t’, but argument 2 has type ‘size_t’ [-Werror=format=]
DEBUG(1, ("SASL bind triggered with non empty send_queue[%ju]: %s\n",
^
cc1: all warnings being treated as errors
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We need to make sure that we remove any pending writev_send or read_smb_send
request before closing the socket fd. As a side effect we always close the
socket fd if we don't return success for any any reason.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is a subtle bug that causes CLDAP pings to fail if SRV records
discovered cannot be resolved or connection to them cannot be
established. The code that fires up CLDAP ping will silently cancel
the whole tevent request without going to the next server in the queue.
This may happen, for example, when connection to IPv6 addresses couldn't
be established, or when IPv4 address is not online or blocked by
firewall.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11284
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
This macro was used for compatibility with broken compilers.
Since Python 2.3, it is always defined as `static`, and only exists
"for source compatibility with old C extensions".
Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This will be used in smb2/create AAPL context torture tests, where the
server returns an Mac OS X specific data blob in the short name
buffer. It's not a string, so the existing string extraction doesn't
cut it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The default is still PROTOCOL_LATEST. As smb2_connect*() is about SMB2/3 only
we upgrade to PROTOCOL_LATEST if PROTOCOL_NT1 or lower is given.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows the caller to pass PROTOCOL_DEFAULT,
which results in PROTOCOL_NT1.
As smbcli_transport_init() is about SMB1 only we downgrade
to PROTOCOL_NT1 if a higher value (for SMB2 or SMB3) was given.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
These are the options which really belong to the connection
and might not be the the same as the hints given from the caller.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
Without this we would hang forever if the connection was already disconnected,
instead of directly propagating NT_STATUS_CONNECTION_DISCONNECTED;
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This will make it easier in the future to NDR_PRINT a lease and
a lease key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
It is very confusing if the env var uses the same name as the define in
the source code. So prefix it with SELFTEST.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This uses the fact that we know the end of the string in p to avoid
needing a strlen() call. Otherwise the winbindd validation that the
extra_data is terminated may fail, if the un-initiliased memory is not
zero.
Andrew Bartlett
Change-Id: I9b28068e4fbd3754c8d14724af93638d657810dd
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Apr 9 18:26:40 CEST 2014 on sn-devel-104
Change-Id: I8eaf858f9e9e55eec20aa2c585db5459fb73b887
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 8 12:53:13 CEST 2014 on sn-devel-104
Change-Id: I2a730e41f45cff0f4836fbc8f993947e3a30aa18
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Feb 19 16:25:42 CET 2014 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Oct 13 17:58:23 CEST 2013 on sn-devel-104
and initialize them in lpcfg_smbcli_options() instead of
in smb2_transport_init() as previously.
This will allow us to control them from callers later.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
and initialize it in lpcfg_smbcli_options() instead of
in smb2_transport_init() as previously.
Having the client guid in the smbcli_options will allow
us to control them from callers later.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is an issue found by Codenomicon, with a malicious packet with 0
bytes UDP payload we will continiously be looping trying to react from
the socket event and continiously do nothing as we will bail out
thinking that we had a memory allocation error.
Original fix comes from Volker Lendecke <vl@samba.org>
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 20 04:46:47 CEST 2013 on sn-devel-104
[MS-SMB2], 2.2.13 says: In the request, the Buffer field MUST be at least one
byte in length. Implement that for the 0-length filename without create blobs.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This way we can calculate the correct credit charge
for requests with large output buffers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
tevent_req_simple_recv_ntstatus is just for the simple return without
anything to do after it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We should treat most gensec related structures private.
It's a long way, but this is a start.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Fix client-side parsing also. Found by David Disseldorp <ddiss@suse.de>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Aug 5 14:39:04 CEST 2013 on sn-devel-104
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5. I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.
This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
If open fails ctemp.out.name probably won't be valid and strdup
will cause a segv. Only set the path if open succeeds.
Signed-off-by: Sam Lang <sam.lang@inktank.com>
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 24 23:58:44 CEST 2013 on sn-devel-104
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Feb 17 11:25:34 CET 2013 on sn-devel-104
On Linux, non-RFC 1034-complaint names (such as gc._msdsc.example.org)
will result in the resolver returning the non-POSIX EAI_NODATA. In that
case, the case statement here would fall back on the internal resolver,
allowing resolution to complete successfully.
On FreeBSD, the libc resolver uses the same validation code, but
the POSIX result of EAI_FAIL is returned instead of EAI_NODATA. Since
there was no case for this error code, no fallback to the internal
resolver would occur. This led to replication failing on FreeBSD.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sun Feb 17 07:06:36 CET 2013 on sn-devel-104
MS-SMB2 3.3.4.4 documents cases where a ntstatus indicating an error
should not be considered a failure. In such a case the output data
buffer should be sent to the client rather than an error response
packet.
Add a new fsctl copy_chunk test to confirm field limits are sent back
in response to an oversize chunk request.
Reviewed by: Jeremy Allison <jra@samba.org>
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
similar to what was done for rpc and cifs, we now retry once on logon
failure for ldap, allowing for a new ticket to be fetched when a
server password changes while we have a valid ticket for the old
password
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
if a server changes while we have a valid ticket we want to retry
after removing the ccache entry.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
Server might return STATUS_BUFFER_OVERFLOW, which is not caught by NT_STATUS_IS_ERR
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Aug 6 20:01:01 CEST 2012 on sn-devel-104
This reverts commit 06c90cb6f5.
There is genuine interest in using this currently unused code, so put
it back into the tree to avoid folks having to rewrite it.
It should be carefully hooked back into libnet at some point, and
possibly told how to talk to the s3 nmbd socket if nbt_server isn't
running.
The wscript patches are skipped, due to the way the extra
dep interacted with the build system. When used, this will be resolved.
Andrew Bartlett
This would only do the NBT getdc lookup for a single DC (but would
find multiple DCs at first stage), but more particular it of course
uses Netbios rather than DNS names.
In any case it was also unused, as we use CLDAP for reliable DC
location these days.
Found by callcatcher
Andrew Bartlett
After migrating to use libaddns, reply_to_addrs() needed to change the
way answers are iterated through. Originally libroken implementation
gave all answers as separate records with last one being explicitly NULL.
libaddns unmarshalling code gives all non-NULL answers and should be
iterated with explicit reply->num_answers in use.
This is preliminary in that it is implemented as a no-op for a start
just to be able to successfully answer the request, which seems to be
sufficient in order to e.g. survive the exchange schema extensions.
Signed-off-by: Matthieu Patou <mat@matws.net>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Apr 18 02:48:28 CEST 2012 on sn-devel-104
Windows server doesn't set the SMB2_SESSION_FLAG_IS_GUEST nor
SMB2_SESSION_FLAG_IS_NULL flag.
This fix makes sure we don't try to verify a signature on the
final session setup response.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 16 14:44:46 CEST 2012 on sn-devel-104
changed again, especially when I figure out how to return the file as an
object.
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Mon Apr 2 01:43:44 CEST 2012 on sn-devel-104
We only need the session, and under some circumstances, it might complicate
things for the caller to have to cope with the whole structure (talloc...).
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
This GUID is used in the smb2 negprot when max protocol is bigger than 0x0202.
According to section 2.2.3 of the MS-SMB2 document, the Client GUID filed in the
SMB2 negotiate request must be filled with a (non-zero) GUID if there are other
dialects than 0x0202 in the dialects field.
http://msdn.microsoft.com/en-us/library/cc246543%28v=prot.13%29.aspx
Apart from corresponding to the docs, this change makes some of our durable-open
tests (e.g reopen2 and open-oplock) _not_ hang when running against windows 8
preview (which might be still buggy).
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Feb 23 03:23:57 CET 2012 on sn-devel-104
Without this, netbios name lookups do not work, as we never fall back to them.
This caused segfaults from e38d97e042 to
251209bd6f and then name lookup failure
or timeouts until this patch.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Dec 14 01:16:37 CET 2011 on sn-devel-104
This matches the source3 code, I want to have the behavior
in common before I put the config options in common.
Later we may change this consitently in all code.
metze
It turns out that if there is no AAAA record the dns server (bind and MS
windows at least) do not return the A record when just asked for AAAA.
Autobuild-User: Matthieu Patou <mat@samba.org>
Autobuild-Date: Wed Nov 2 11:15:34 CET 2011 on sn-devel-104
Currently there are a lot of duplicate ioctl function field definitions
between source3 and source4.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This avoids keeping the event context around on a the gensec_security
context structure long term.
In the Samba3 server, the event context we either supply is a NULL
pointer as no server-side modules currently use the event context.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
Also, skip samba4.smb2.ioctl for now. Snapshots are not supported by
default.
Autobuild-User: David Disseldorp <ddiss@samba.org>
Autobuild-Date: Thu Sep 29 14:47:05 CEST 2011 on sn-devel-104
If there're a problem with signing or the session doesn't exists
any more the server responses with a failure, instead of not
sending a response.
For now we ignore the reponse, as there's not much we could do with it
and it's not likely that we generate bad requests, which trigger
that behavior, except for testing.
metze
This is slightly less efficient, because we no longer keep a cache on
the gensec structures, but much clearer in terms of memory ownership.
Both gensec_session_info() and gensec_session_key() now take a mem_ctx
and put the result only on that context.
Some duplication of memory in the callers (who were rightly uncertain
about who was the rightful owner of the returned memory) has been
removed to compensate for the internal copy.
Andrew Bartlett
The startup and runtime functions that have no dependencies are moved
into the top level.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug 3 07:49:12 CEST 2011 on sn-devel-104