1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

1260 Commits

Author SHA1 Message Date
Jeremy Allison
5098636c78 s4: nmblookup: Allocate event context off NULL instead of talloc_autofree_context().
It's already correctly freed on exit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 13 21:01:25 CEST 2017 on sn-devel-144
2017-05-13 21:01:25 +02:00
Jeremy Allison
e7e56bcc72 s4: torture: Change torture_register_suite() to add a TALLOC_CTX *.
Change callers to use the passed in TALLOC_CTX *
instead of talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
2017-05-05 15:52:11 +02:00
Jeremy Allison
306783d6f5 lib: modules: Change XXX_init interface from XXX_init(void) to XXX_init(TALLOC_CTX *)
Not currently used - no logic changes inside.

This will make it possible to pass down a long-lived talloc
context from the loading function for modules to use instead
of having them internally all use talloc_autofree_context()
which is a hidden global.

Updated all known module interface numbers, and added a
WHATSNEW.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Böhme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Apr 22 01:17:00 CEST 2017 on sn-devel-144
2017-04-22 01:17:00 +02:00
Ralph Boehme
1fcb66efe0 lib/util: add and use iov_concat
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2017-04-18 22:54:15 +02:00
Ralph Boehme
a58b54a334 libcli/security: fix dom_sid_in_domain()
Ensure the SID has exactly one component more then the domain SID, eg

Domain SID: S-1-5-21-1-2-3
SID:        S-1-5-21-1-2-3-4

This will return true. If the SID has more components, eg

SID: S-1-5-21-1-2-3-4-5, or
SID: S-1-5-21-1-2-3-4-5-6-7-8

dom_sid_in_domain() must return false.

This was verified against Windows:

     lsa_LookupSids: struct lsa_LookupSids
        out: struct lsa_LookupSids
            domains                  : *
                domains                  : *
                    domains: struct lsa_RefDomainList
                        count                    : 0x00000002 (2)
                        domains                  : *
                            domains: ARRAY(2)
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x000e (14)
                                        size                     : 0x0010 (16)
                                        string                   : *
                                            string                   : 'BUILTIN'
                                    sid                      : *
                                        sid                      : S-1-5-32
                                domains: struct lsa_DomainInfo
                                    name: struct lsa_StringLarge
                                        length                   : 0x0012 (18)
                                        size                     : 0x0014 (20)
                                        string                   : *
                                            string                   : 'W4EDOM-L4'
                                    sid                      : *
                                        sid                      : S-1-5-21-278041429-3399921908-1452754838
                        max_size                 : 0x00000020 (32)
            names                    : *
                names: struct lsa_TransNameArray
                    count                    : 0x00000004 (4)
                    names                    : *
                        names: ARRAY(4)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_USER (1)
                                name: struct lsa_String
                                    length                   : 0x001a (26)
                                    size                     : 0x001a (26)
                                    string                   : *
                                        string                   : 'Administrator'
                                sid_index                : 0x00000001 (1)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_UNKNOWN (8)
                                name: struct lsa_String
                                    length                   : 0x005c (92)
                                    size                     : 0x005e (94)
                                    string                   : *
                                        string                   : 'S-1-5-21-278041429-3399921908-1452754838-500-1'
                                sid_index                : 0xffffffff (4294967295)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_ALIAS (4)
                                name: struct lsa_String
                                    length                   : 0x001c (28)
                                    size                     : 0x001c (28)
                                    string                   : *
                                        string                   : 'Administrators'
                                sid_index                : 0x00000000 (0)
                            names: struct lsa_TranslatedName
                                sid_type                 : SID_NAME_UNKNOWN (8)
                                name: struct lsa_String
                                    length                   : 0x001c (28)
                                    size                     : 0x001e (30)
                                    string                   : *
                                        string                   : 'S-1-5-32-544-9'
                                sid_index                : 0xffffffff (4294967295)
            count                    : *
                count                    : 0x00000002 (2)
            result                   : STATUS_SOME_UNMAPPED

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-04-12 01:41:14 +02:00
Gary Lockyer
68200d0d88 named_pipe_auth: Rename client -> remote_client and server -> local_server
While these names may have been clear, much of Samba uses
remote_address and local_address, and this difference has hidden bugs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:28 +02:00
Uri Simchoni
ae17989de4 libcli: introduce smbXcli_conn_support_passthrough()
This routine queries the client connenction whether
it supports query/set InfoLevels beyond 1000 (which,
in Windows OS, is a pass-through mechanism to the
file system).

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-28 17:45:19 +02:00
Stefan Metzmacher
ac2622ee86 libcli/security: add SID_NAME_LABEL to sid_type_lookup()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-23 09:01:21 +01:00
Garming Sam
b0d37f6ca1 getncchanges: Return correct denied REPL_SECRET error code
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-03-13 05:10:11 +01:00
Ralph Boehme
cce2240f08 libcli/smb: add smb2cli_conn_get_mid and smb2cli_conn_set_mid
This will be needed for a torture test in the next commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-03 21:55:27 +01:00
Ralph Boehme
799b7e75c3 libcli/smb: add smb2cli_conn_get_cur_credits
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-03 21:55:27 +01:00
Ralph Boehme
8cbdc6a6df libcli/smb: add max_credits arg to smbXcli_negprot_send()
This allows source4/torture code to set the option for tests by
preparing a struct smbcli_options with max_credits set to some value and
pass that to a torture_smb2_connection_ext().

This will be used in subsequent smbtorture test for SMB2 creditting.

Behaviour of existing upper layers is unchanged, they simply pass the
wanted max credits value to smbXcli_negprot_send() instead of
retrofitting it with a call to smb2cli_conn_set_max_credits().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-03 21:55:27 +01:00
Chris Lamb
a2fbe8b915 Correct "intialise" typos.
Signed-off-by: Chris Lamb <chris@chris-lamb.co.uk>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-22 08:26:23 +01:00
Stefan Metzmacher
abe427775e libcli/auth: add netlogon_creds_cli_debug_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
8a209e5a0c libcli/auth: check E_md4hash() result in netlogon_creds_cli_ServerPasswordSet_send()
We need to make sure we can convert the given string to an nthash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Stefan Metzmacher
0ed2a65593 libcli/auth: use the correct creds value against servers without LogonSamLogonEx
If we use the credential chain we need to use the value from
netlogon_creds_client_authenticator() to make sure we have the current
value to encrypt in logon info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12586

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:21 +01:00
Bob Campbell
c6dcac954e errors: add WERROR generation to build system
Parts of doserr.c and werror.h are now generated into werror_gen.c and
werror_gen.h, respectively. Also, py_werror.c is now generated.

Some errors were not included in the list which we now generate WERRORs
from. These errors have been manually included.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-14 09:46:23 +01:00
Bob Campbell
ea49c56f46 errors: add table to generate WERRORs from
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-14 09:46:23 +01:00
Bob Campbell
aad57f9f1f errors: pull out code into common file
This is a precursor to generating other types of errors.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-14 09:46:23 +01:00
Bob Campbell
3ba25569b1 python: Add python module with NTSTATUS constants
This has been generated by gen_ntstatus.py

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-14 09:46:23 +01:00
Bob Campbell
b7b289f372 errors: add gen_ntstatus.py to build system
nterr_gen.c, ntstatus_gen.h and py_ntstatus.c are now generated files.
Errors which are now generated have been removed from nterr.c and
ntstatus.h. Errors which existed previously but are not in the table we
generated from have been manually added.

Some errors are incorrectly named; e.g. STATUS_MORE_ENTRIES should be
NT_STATUS_MORE_ENTRIES. These are simply remapped to the correct names.

Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-14 09:46:23 +01:00
Bob Campbell
c465f5f3a1 errors/gen_ntstatus: add error table for generation script
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2017-02-14 09:46:23 +01:00
Ralph Boehme
76a2999744 libcli/smb: outbuf length is a IVAL ie a uint32_t
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 31 04:34:29 CET 2017 on sn-devel-144
2017-01-31 04:34:29 +01:00
Volker Lendecke
a4733c7fde libcli: Add an overflow check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Volker Lendecke
a3737ef6bc libcli: Do not overwrite pointer on realloc failure
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-01-23 22:46:13 +01:00
Stefan Metzmacher
4b295b106c wscript: remove executable bits for all wscript* files
These files should not be executable.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 11 20:21:01 CET 2017 on sn-devel-144
2017-01-11 20:21:01 +01:00
Volker Lendecke
577418c87e libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:28 +01:00
Volker Lendecke
0eea65d372 libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:28 +01:00
Volker Lendecke
38884b2b2b libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:28 +01:00
Volker Lendecke
3d9b1bdf6c libcli: Use "all_zero" where appropriate
... Saves a few bytes of footprint

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-01-03 16:04:28 +01:00
Volker Lendecke
c66f57d1de lib: Add required prerequisites for librpc/gen_ndr/security.h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-12-28 20:17:12 +01:00
Volker Lendecke
92daaa9790 lib: Fix whitespace in lmhosts.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
2016-12-27 14:21:27 +01:00
Douglas Bagnall
a7598fb53b rpc_server:netlogon Move from memcache to a tdb cache
This allows the netlogon server to be moved into a multi-process model
while still supporting clients that use a challenge from a different
network connection.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 20:12:14 CET 2016 on sn-devel-144
2016-12-14 20:12:13 +01:00
Björn Jacke
69f10080c3 pam: map more NT password errors to PAM errors
NT_STATUS_ACCOUNT_DISABLED,
NT_STATUS_PASSWORD_RESTRICTION,
NT_STATUS_PWD_HISTORY_CONFLICT,
NT_STATUS_PWD_TOO_RECENT,
NT_STATUS_PWD_TOO_SHORT

now map to PAM_AUTHTOK_ERR (Authentication token manipulation error), which is
the closest match.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=2210

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed by: Jeremy Allison <jra@samba.org>
2016-12-13 14:12:06 +01:00
Volker Lendecke
899b0883c8 lib: smbreadline xfile->stdio
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-11 11:17:24 +01:00
Volker Lendecke
c07a9b5beb libnbt: lmhosts xfile->stdio
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-11 11:17:24 +01:00
Jeremy Allison
29b02cf22f lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries
Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.

When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.

E.g. The current logic has:

An ACL containining:

[0] SID: S-1-3-4
    TYPE: DENY
    MASK: WRITE_DATA
[1] SID: S-1-3-4
    TYPE: ALLOW
    MASK: ALLOW_ALL

prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.

Furthermore a non-canonical ACL containing:

[0] SID: User SID 1-5-21-something
    TYPE: ALLOW
    MASK: READ_DATA

[1] SID: S-1-3-4
    TYPE: DENY
    MASK: READ_DATA

[2] SID: User SID 1-5-21-something
    TYPE: ALLOW
    MASK: WRITE_DATA

prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-12-10 06:24:11 +01:00
Volker Lendecke
a5902383e3 lib: Make dom_sid_parse_endp init "endp" on all "ok" paths
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-12-06 20:24:22 +01:00
Volker Lendecke
df9e7c7ae5 lib: Remove global xfile.h includes
This makes it more obvious where this legacy code is used

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov 20 06:23:19 CET 2016 on sn-devel-144
2016-11-20 06:23:19 +01:00
Volker Lendecke
1314db09dd lib: Rename fgets_slash to x_fgets_slash
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-11-20 02:28:11 +01:00
Stefan Metzmacher
c01efce2dc libcli/smb: add smb1cli_session_setup_ext_send/recv()
This does a session setup for the NT1 protocol with CAP_EXTENDED_SECURITY.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-15 11:00:26 +01:00
Stefan Metzmacher
35ed3eeb06 libcli/smb: add smb1cli_session_setup_nt1_send/recv()
This does a session setup for the NT1 protocol (without CAP_EXTENDED_SECURITY).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-15 11:00:26 +01:00
Andreas Schneider
2182817c97 libcli/smb: add smb1cli_session_setup_lm21_send/recv()
This does a session setup for the LANMAN 2(.1) protocol.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-15 11:00:26 +01:00
Stefan Metzmacher
4334f2dad0 libcli/smb: reformat wscript
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-15 11:00:26 +01:00
Stefan Metzmacher
5b0a54d36c libcli/smb: Add smb_bytes_pull_str() helper function
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-15 11:00:26 +01:00
Stefan Metzmacher
7999e6f6c0 libcli/smb: move {smb,trans2}_bytes_push_{str,bytes}() to common code
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-11-15 11:00:26 +01:00
Stefan Metzmacher
00e417ffa0 libcli/smb: handle a talloc_free() on an unsent smb1 request
When a the higher level does a TALLOC_FREE() on an already
queued request, we need to check whether we already sent a byte,
if not we can try to unwind the smb1 signing sequence number,
if there was only one pending request, in all other cases
we need to disconnect the connection.

I noticed that when seeing during an smb1cli_close()
from tstream_smbXcli_np_destructor().

TODO: we may want to have a similar smbXcli_conn_cancel_read_req() in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-10-26 11:20:12 +02:00
Jeremy Allison
44a7040500 s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.
Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>

Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.

Make sure cldap_search_send() copes with cldap parameter == NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144
2016-10-18 02:16:20 +02:00
Moritz Beller
caff67082a libcli: Remove code clone
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12373
Signed-off-by: Moritz Beller <moritzbeller@gmx.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo <simo@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 13 18:13:45 CEST 2016 on sn-devel-144
2016-10-13 18:13:45 +02:00
Ralph Boehme
6f3b421c4a s3/vfs: merge offline functionality into DOS attributes handling
The offline VFS functions predate the SMB_VFS_{GET|SET}_DOS_ATTRIBUTES()
functions, now that we have these, we can use them for the offline
attribute as well.

The primary reason for this is: performance. Merging both functions has
the benefit that in VFS modules that use same backing store bits for
both offline attribute and DOS attributes (like gpfs), we avoid calling
the backing store twice in dos_mode() and file_set_dosmode().

This commit modifies all existing users of the offline attribute to
adapt to the change, the next commit will then remove the obsolete
offline functions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-10-11 11:01:10 +02:00