1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

4418 Commits

Author SHA1 Message Date
Stefan Metzmacher
e0069bd2a4 s3:libsmb: add cli_state_update_after_sesssetup() helper function
This function updates cli->server_{os,type,domain} to valid values
after a session setup.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12779

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-06-09 13:00:12 +02:00
Andreas Schneider
d18379fa00 Revert "s3:libsmb: Fix printing the session setup information"
This reverts commit b6f87af427.

A different fix will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-06-09 13:00:11 +02:00
Andreas Schneider
b6f87af427 s3:libsmb: Fix printing the session setup information
This fixes a regression and prints the session setup on connect again:

Domain=[SAMBA-TEST] OS=[Windows 6.1] Server=[Samba 4.7.0pre1-DEVELOPERBUILD]
smb: \>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-06-07 05:15:16 +02:00
Garming Sam
eaf2c3e21d libads: Check cldap flags in libads/ldap
Pass down request flags and check they are respected with the response
flags. Otherwise, error out and pretend the connection never happened.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-30 08:06:06 +02:00
Stefan Metzmacher
f4424579a0 s3:libsmb: don't rely on gensec_session_key() to work on an unfinished authentication
If smbXcli_session_is_guest() returns true, we should handle the authentication
as anonymous and don't touch the gensec context anymore.

Note that smbXcli_session_is_guest() always returns false, if signing is
required!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:08 +02:00
Volker Lendecke
aa3896f571 libsmb: proto.h does not need ads.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-05-17 01:47:17 +02:00
Günther Deschner
36f8f8e81b s3-libsmb: remove some dead prototype
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-10 15:53:20 +02:00
Uri Simchoni
26dbe684dc s3-libsmb: support rename and replace for SMB1
Add cli_smb1_rename_send() which renames a file via
setting FileRenameInformation.

Curretly this path is invoked only if replacing
an existing file is requested. This is because as far
as I can see, Windows uses CIFS rename for anything below
SMB2.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Uri Simchoni
057aa39e6a s3-libsmb: fail rename and replace inside cifs variant
Another refactoring step - fail request to rename and
replace existing file from within the CIFS version,
allowing the soon-to-be-added SMB version to succeed.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Uri Simchoni
3154c4cb70 s3-libsmb: cli_cifs_rename_send()
Pure refactoring - current rename is [MS-CIFS] - style
rename. In later patch we'll introduce [MS-SMB] rename.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Uri Simchoni
200dbca238 s3: libsmb: add replace support to cli_rename()
Adds support for replacing the destination file at
the higher-level cli_rename(). This is actually supported
only by SMB2, and fails with invalid parameter with SMB1.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Uri Simchoni
a67802fad5 s3: libsmb: add replace support to SMB2 rename
SMB2 rename operation supports replacing the
destination file if it exists.

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Andreas Schneider
c0e196b223 s3:libsmb: Only print error message if kerberos use is forced
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 21 14:25:54 CET 2017 on sn-devel-144
2017-03-21 14:25:54 +01:00
Volker Lendecke
455bbf1756 libsmb: Slightly simplify trustdom_cache_fetch
Also adapt to modern coding standards

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-14 15:22:12 +01:00
Volker Lendecke
d6a2893f45 libsmb: Use talloc in trustdom_cache_key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-14 15:22:12 +01:00
Volker Lendecke
5d763eb6ea libsmb: Simplify trustdom_cache_store
The additional arguments were never used

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-14 15:22:12 +01:00
Volker Lendecke
b9606514d0 libsmb: Make a few functions static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-14 15:22:12 +01:00
Volker Lendecke
92f37420cc libsmb: Remove some stale code
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-03-14 15:22:12 +01:00
Ralph Boehme
8cbdc6a6df libcli/smb: add max_credits arg to smbXcli_negprot_send()
This allows source4/torture code to set the option for tests by
preparing a struct smbcli_options with max_credits set to some value and
pass that to a torture_smb2_connection_ext().

This will be used in subsequent smbtorture test for SMB2 creditting.

Behaviour of existing upper layers is unchanged, they simply pass the
wanted max credits value to smbXcli_negprot_send() instead of
retrofitting it with a call to smb2cli_conn_set_max_credits().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-03 21:55:27 +01:00
Chris Lamb
5482e5426e Correct "existence" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:22 +01:00
Stefan Metzmacher
c21e9981d0 s3:libsmb: use trust_pw_new_value() in trust_pw_change()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
9e26ad86fb s3:libsmb: add trust_pw_new_value() helper function
This generates a new trust password based on the secure channel type
and lp_security().

NT4 really has a limit of 28 UTF16 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
a287754168 s3:libsmb: let trust_pw_change() verify the new password at the end.
We should notice problems as early as possible, it makes no
sense to keep things working for a while and later find out
the we lost our trust relationship with our domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
4185689dbf s3:libsmb: let trust_pw_change() debug more verbose information
Password changes caused much trouble in the past, so we better debug
them at log level 0 and may see them also in the syslog.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Volker Lendecke
ad15f5c0ca libsmb: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-02-15 02:28:16 +01:00
Stefan Metzmacher
5c7523890d s3:libsmb: use a local got_kerberos_mechanism variable in cli_session_creds_prepare_krb5()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-01-27 08:09:15 +01:00
Jeremy Allison
e0f1ed9f45 s3: libsmb: Add cli_smb2_ftruncate(), plumb into cli_ftruncate().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12479

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2017-01-04 12:22:12 +01:00
Volker Lendecke
ebdce3c489 libsmb: Add name_status_lmhosts
Don't ask... Oh, you did? :-)

Try to figure out a hosts' name from lmhosts. This is for a setup I've
come across where for several reasons kerberos and ldap were unusable
(very organically grown but unchangeable Solaris 10 installation with
tons of ancient libs that ./configure incorrectly finds and where tar xf
samba-4.5.3.tar takes 5 minutes...), so I had to fall back to compile
with --without-ads. Unfortunately in that environment NetBIOS was also
turned off, but the "winbind rpc only" code relies on name_status to
get a DC's name from its IP address for the netlogon calls. This walks
the local lmhosts file to scan for the same information.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:27 +01:00
Stefan Metzmacher
f7d249da4e s3:libsmb: Always use GENSEC_OID_SPNEGO in cli_smb1_setup_encryption_send()
Also old servers should be able to handle NTLMSSP via SPNEGO.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 21 22:21:08 CET 2016 on sn-devel-144
2016-12-21 22:21:08 +01:00
Stefan Metzmacher
f595031cb8 s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
0c52239868 s3:libsmb: make use of cli_cm_force_encryption_creds() where we already have creds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
ff23ee7ef2 s3:libsmb: split out cli_cm_force_encryption_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
b4340ea774 s3:libsmb: make use of cli_tree_connect_creds() in SMBC_server_internal()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
5fd8db91ef s3:libsmb: make use of cli_tree_connect_creds() in clidfs.c:do_connect()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
12212363bf s3:libsmb: remove now unused cli_session_setup()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
151e37b548 s3:libsmb: avoid using cli_session_setup() in SMBC_server_internal()
Using cli_session_creds_init() will allow it to be passed to other sub functions
later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
c478f688c2 s3:libsmb: make use of get_cmdline_auth_info_creds() in clidfs.c:do_connect()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
9e794330d0 s3:libsmb: remove unused cli_*_encryption* functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
b9ff137e03 s3:libsmb: make use of cli_smb1_setup_encryption() in cli_cm_force_encryption()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:13 +01:00
Stefan Metzmacher
b9b0815d0f s3:libsmb: add cli_smb1_setup_encryption*() functions
This will allow us to setup SMB1 encryption by just passing
cli_credentials.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-21 18:35:12 +01:00
Stefan Metzmacher
6e122eef71 s3:libsmb: Use cli_cm_force_encryption() instead of cli_force_encryption()
This allows SMB3 encryption instead of returning NT_STATUS_NOT_SUPPORTED.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-19 09:48:25 +01:00
Stefan Metzmacher
cb83be2f01 s3:libsmb: don't let cli_session_creds_init() overwrite the default domain with ""
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-19 09:48:24 +01:00
Stefan Metzmacher
a579151ee7 s3:libsmb: split out a cli_session_creds_prepare_krb5() function
This can be used temporarily to do the required kinit if we use kerberos
and the password has been specified.

In future this should be done in the gensec layer on demand, but there's
more work attached to doing it in the gensec_gse module.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-19 09:48:24 +01:00
Volker Lendecke
321dca7820 samlogon_cache: Rename "user_sid" to "sid"
This is no longer just a user, we can also check for domains

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-16 17:38:19 +01:00
Volker Lendecke
bedc5c0568 samlogon_cache: Add the user's domain sid into the samlogon_cache
This will be used by autorid and possibly others instead of the tdc
cache. The only reliable way to find a domain to be trusted is via a
successful login. We indicate successful login via a netsamlogon_cache.tdb
entry. This patch also adds the user's domain sid with an entry, so we
can check for that existence without traversing the cache.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-16 17:38:19 +01:00
Volker Lendecke
f4ca27f173 samlogon_cache: Simplify netsamlogon_cache_have
We're interested in existence only, we should be able to trust the data
format consistency for this type of query.

netsamlogon_cache_get calls netsamlogon_cache_init for us, now we have
to do it directly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-12-16 17:38:19 +01:00
Uri Simchoni
c0549aea68 cli-quotas: fix potential memory leak
Fix a memory leak in out-of-memory condition

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 13 22:30:44 CET 2016 on sn-devel-144
2016-12-13 22:30:44 +01:00
Jeremy Allison
2c02146a84 s3: libsmb: Ensure SMB2 operations correctly set cli->raw_status.
Needs to be done even on success (cli_is_error() checks if
cli->raw_status was NT_STATUS_OK).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-13 18:38:17 +01:00
Volker Lendecke
5927c82178 libsmb: Correctly report error for rename failure
This prevents renaming a file over an existing one with SMB2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12468

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-12 20:19:10 +01:00
Stefan Metzmacher
5ca59a1772 s3:libsmb: don't pass 'passlen' to cli_tree_connect[_send]() and allow pass=NULL
There're no callers which try to pass a raw lm_response directly anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec  9 13:09:37 CET 2016 on sn-devel-144
2016-12-09 13:09:37 +01:00