IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We don't need the full power of NTSTATUS here. This was the only
NTSTATUS in asn1.h, so I think it's worth removing it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The special error is not NT_STATUS_BUFFER_TOO_SMALL, but STATUS_BUFFER_OVERFLOW.
Tested using TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE == 20 and running
the following commands against a Windows 2012R2 server:
bin/smbtorture ncacn_np:SERVER[] rpc.lsa-getuser
bin/smbtorture ncacn_np:SERVER[smb2] rpc.lsa-getuser
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 1 03:42:52 CET 2015 on sn-devel-104
Found by valgrind, reported by Noel Power <nopower@suse.com>:
==7913== Invalid read of size 1
==7913== at 0xC4F23EE: smb2cli_ioctl_done (smb2cli_ioctl.c:245)
==7913== by 0x747A744: _tevent_req_notify_callback (tevent_req.c:112)
==7913== by 0x747A817: tevent_req_finish (tevent_req.c:149)
==7913== by 0x747A93C: tevent_req_trigger (tevent_req.c:206)
==7913== by 0x7479B2B: tevent_common_loop_immediate
(tevent_immediate.c:135)
==7913== by 0xA9CB4BE: run_events_poll (events.c:192)
==7913== by 0xA9CBB32: s3_event_loop_once (events.c:303)
==7913== by 0x7478C72: _tevent_loop_once (tevent.c:533)
==7913== by 0x747AACD: tevent_req_poll (tevent_req.c:256)
==7913== by 0x505315D: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==7913== by 0xA7201F2: cli_tree_connect (cliconnect.c:2764)
==7913== by 0x165FF7: cm_prepare_connection (winbindd_cm.c:1276)
==7913== Address 0x16ce24ec is 764 bytes inside a block of size 813 alloc'd
==7913== at 0x4C29110: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7913== by 0x768A0C1: __talloc_with_prefix (talloc.c:668)
==7913== by 0x768A27E: _talloc_pool (talloc.c:721)
==7913== by 0x768A41E: _talloc_pooled_object (talloc.c:790)
==7913== by 0x747A594: _tevent_req_create (tevent_req.c:66)
==7913== by 0xCF6E2FA: read_packet_send (async_sock.c:414)
==7913== by 0xCF6EB54: read_smb_send (read_smb.c:54)
==7913== by 0xC4DA146: smbXcli_conn_receive_next (smbXcli_base.c:1027)
==7913== by 0xC4DA02D: smbXcli_req_set_pending (smbXcli_base.c:978)
==7913== by 0xC4DF776: smb2cli_req_compound_submit (smbXcli_base.c:3166)
==7913== by 0xC4DFC1D: smb2cli_req_send (smbXcli_base.c:3268)
==7913== by 0xC4F2210: smb2cli_ioctl_send (smb2cli_ioctl.c:149)
==7913==
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11622
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This removes some duplicated code.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 18 04:04:17 CET 2015 on sn-devel-104
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING
This asserts that this is the case.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We need this to see if a share supports access-based enumeration.
https://bugzilla.samba.org/show_bug.cgi?id=10252
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This turned out to be all that was needed to enable cd to handle multiple
directory levels.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 7 04:16:24 CEST 2015 on sn-devel-104
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Callgrind showed that we use 28,165,720,719 cpu cycles to send
a 100MB file to a client using aes-ccm.
With aes-gcm this is raises up to 723,094,413,831 cpu cycles.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This gives us overflow protection.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Aug 14 13:56:49 CEST 2015 on sn-devel-104
This should trigger the behaviour where the server requires
signing when the client supports it, but does not reject
clients that don't support it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This maps to NT_STATUS_CONNECTION_DISCONNECTED instead of
NT_STATUS_IO_DEVICE_ERROR.
EPIPE, NT_STATUS_CONNECTION_DISCONNECTED matches what other tstream backends
e.g. tcp and unix report.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 16 04:16:13 CEST 2015 on sn-devel-104
This way smbXcli_conn_disconnect() removes all tevent_fd structures attached to
the sock_fd before closing it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This way we have a change to destroy the pending writev_send request before
closing the socket in smbXcli_conn_disconnect().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
The tevent epoll backend supports separate read and write tevent_fd structure
on a single fd, so there's no need for a dup() anymore.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
We need to cancel all pending requests before closing the socket fds,
otherwise we cause problem with the interaction with the epoll event backend.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
When we have a large RPC reply, we can't block in the RPC server.
Test: Do rpcclient netshareenumall with a thousand shares defined
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Introduce a new operation, splice, which copies data from one SMBCFILE
to another. Implement this operation using FSCTL_SRV_COPYCHUNK_WRITE for
SMB2+ protocols and using read+write for older protocols. Since the
operation may be long running, it takes a callback which gets called
periodically to indicate progress to the application and given an
opportunity to stop it.
Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
We need to make sure smb2cli_req_get_sent_iov() returns what was sent
over the wire. This is required in order to correctly perform
the preauth calculation for SMB >= 3.1.
We keep separate variables for the cancel information we got
from a STATUS_PENDING response.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
NT_STATUS_SMB_NO_PREAUTH_INTEGRITY_HASH_OVERLAP
NT_STATUS_SMB_BAD_CLUSTER_DIALECT
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Volker, apologies for the mistake.
Spotted by Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:20:23 CEST 2015 on sn-devel-104
This prepares a possibly stripped security descriptor for a client.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
TODO: we should import the whole lists from [MS-DTYP].
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
The values are the same, but WERR_INVALID_PASSWORD matches the documentation.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
WERR_INVALID_LEVEL is the documented name that should be printed
in logs.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
I have been building 4.2.0 with the GNU C compiler but I decided to see
how it works with the Sun C 5.11 compiler. The Sun compiler complains
about a identifier being redeclared in libcli/auth/netlogon_creds_cli.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11140
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We haven't added the req to the pending array yet, as SMB1 requests can
be one-way (no reply needed). So if we error out after the writev, but
before we add to the pending array we must rember to terminate our current
tevent req with a tevent_req_nterror call.
Fixes bug 11173 - SMB1 Server disconnect can cause timeout on client write error.
https://bugzilla.samba.org/show_bug.cgi?id=11173
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Mar 20 05:08:25 CET 2015 on sn-devel-104
As specified in the recent 20150129 revision of MS-FSCC.
Add a note regarding the FileHandle field, which was confirmed to
correspond to the volatile part of the fileid:
https://lists.samba.org/archive/samba-technical/2015-February/105454.html
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Sun Mar 8 00:43:08 CET 2015 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb 24 01:01:10 CET 2015 on sn-devel-104
They include the ip address information without setting
NETLOGON_NT_VERSION_5EX_WITH_IP, while using
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX instead of
ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10958
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 12 23:11:40 CET 2014 on sn-devel-104
This reverts commit a6affb7bb3.
This is not really needed. The caller should ignore this flag.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Required as some servers return zero when asked for
zero credits in an initial SMB2-only negprot.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 7 22:41:47 CET 2014 on sn-devel-104
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 16 21:53:32 CEST 2014 on sn-devel-104
enum protocol_types protocol was unused before
and cipher_id is unused as well for now.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
SMB 3.10 servers don't report SMB2_CAP_ENCRYPTION anymore.
So using conn->smb2.server.cipher != 0 is a more consistent way to decide if
encryption is supported on the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This allows SMB signing to work against many more DCs, and so improves network security.
The default for "client max protocol" remains NT1 in the rest of the code.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 8 01:08:40 CEST 2014 on sn-devel-104
If the connection starts with a SMB Negprot, the server only implies the
selected dialect, but not the clients security mode.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Make it identical to the check in libcli/smb/smb2cli_ioctl.c
https://bugzilla.samba.org/show_bug.cgi?id=10848
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: David Disseldorp <ddiss@suse.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 2 04:42:26 CEST 2014 on sn-devel-104
Some IOCTL requests change the behavior with new protocol versions.
E.g. FSCTL_VALIDATE_NEGOTIATE_INFO resulted in NT_STATUS_FILE_CLOSED
for old servers.
As SMB2 signing might be skipped for responses with NT_STATUS_FILE_CLOSED
we need to list it explicitly in the expected return values.
This way we'll get NT_STATUS_ACCESS_DENIED, if the server doesn't
sign the response to a signed requests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This can be used to force signing for individual requests.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
With SMB2_HDR_FLAG_SIGNED we make sure that we either use smb2 signing
or smb2 encryption for the request.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
The count is already checked for 0 above this line so it can never be 0
at this point.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 26 03:15:00 CEST 2014 on sn-devel-104
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10817
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 23 04:23:05 CEST 2014 on sn-devel-104
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
smb2cli_req_recv() should not report STATUS_PENDING if the
request isn't pending anymore (e.g. the connection was disconnected)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This piece of code pulls in talloc_stackframe and smb_panic into what
should be a very simple mapping library. I'm trying to reduce our
dependencies right now a bit, and I think the use cases that this fixes
(unknown NTSTATUS together with double nt_errstr() calls in the same
DEBUG) are rare enough that this is not justified.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 22 02:52:50 CEST 2014 on sn-devel-104
This is in dcerpc_netr_DsrUpdateReadOnlyServerDnsRecords, which has
status variables filled in by the server and placed in this in/out
array.
This showed up as a segfault in winbindd during RODC DNS update.
Andrew Bartlett
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
This will make it easier in the future to NDR_PRINT a lease and
a lease key
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ronnie Sahlberg <ronniesahlberg@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 12 03:34:41 CEST 2014 on sn-devel-104
Change-Id: Ib87933c318f510d95f7008e122216d73803ede68
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 10 21:46:15 CEST 2014 on sn-devel-104
This function is a duplicate of security_ace_equal(), and is no longer
used.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 29 03:34:38 CEST 2014 on sn-devel-104
Both offer the same functionality, sec_ace_equal() will be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This change cleans up the white-space damage, and converts the single
line if-then statements to match Samba's coding conventions.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With sec_desc_del_sid() now gone, this can also be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The function is unused, and shares mostly the same behaviour as
security_descriptor_acl_del().
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With make_sec_desc() converted to use security_acl_dup(), which offers
the same behaviour, this function is no longer needed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
It currently leaks memory onto the provided talloc context on error, fix
this.
Use X_acl_dup() functions provided by secuity_descriptor.c, rather than
the redundant secdesc.c calls. Also, use the IDL generated functions to
calculate the security descriptor structure size.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
With all callers converted to use security_descriptor_copy(), this
function can be removed.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Use security_descriptor_copy() instead, which is also provided by
libcli.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This function adds a new allow-type ACE to an existing ACE list. With
the removal of sec_desc_add_sid(), this is no longer used internally.
The same behaviour can be achieved via the much cleaner
security_ace_create() function.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This function adds an ACE to a security descriptor DACL. The same can be
achieved via the more flexible and much cleaner security_ace_create()
and security_descriptor_dacl_add() functions.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
struct security_ace has a struct dom_sid, not a pointer to it. So we don't have
to talloc it first and then not free it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 27 12:54:55 CEST 2014 on sn-devel-104
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Thu May 15 15:16:34 CEST 2014 on sn-devel-104
fallocalte with the FALLOC_FL_ZERO_RANGE flag introduced
with Linux 3.15 should be able to do this soon
Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Error codes and descriptions were autogenerated from [MS-ERREF]
see http://msdn.microsoft.com/en-us/library/cc704588.aspx
Additionally some missing error descriptions for existing errors were
identified and generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
error codes & string descriptions are generated from
http://msdn.microsoft.com/en-us/library/cc704587.aspx, additionally there
is a function to return the error description from the error code,
this function will also try to determine the error description
associated with a W_ERROR code translated as a HRESULT.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
If the tevent_req of tstream_smbXcli_np_disconnect_* is explicitly or
implicitly free'ed, we need to make sure we still deliver the
close request to the server! Otherwise the SMB signing sequence gets out of
sync.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This should be used to negotiate the may fragment size
of DCERPC connections.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This fixes some valgrind errors when the smbXcli_tcon disappears before the
smbXcli_conn.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Function, CPFunction, CPPFunction and VFunction typedefs are considered
old-style (deprecated) starting from readline 4.2 (circa 2001).
Compatibility typedefs have been in place up to readline 6.2 but were
removed with the 6.3 release thus causing builds to break.
Switch to the new-style specific prototyped typedef.
Return value is unused so the callback should still be void (see
readline/input.c around line 456 in version 6.3).
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 13 00:21:47 CET 2014 on sn-devel-104
Change-Id: I49fec82e55b6bc59d5c0f157df90005f7d891c66
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Changed the if condtion to detect when we'd improperly overflow.
Coverity-Id: 1167990
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Feb 24 11:56:38 CET 2014 on sn-devel-104
The values have to be signed here to allow for the values to go negative,
to prevent the overflow.
Coverity-Id: 1167990
Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ira Cooper <ira@samba.org>
Autobuild-Date(master): Mon Feb 24 07:23:03 CET 2014 on sn-devel-104
To be consistent with db_open() and prepare for future
possible extensions.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This matches Windows, it seems they use a fixed size field to store
netlogon_creds_CredentialState.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can be used to inject a db_context from dbwrap_ctdb.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This is more better than a custom tevent_req destructor.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Until all callers are fixed to pass the same 'server_computer'
value, we try to calculate a server_netbios_name and use this
as unique identifier for a specific domain controller.
Otherwise winbind would use 'hostname.example.com'
while 'net rpc testjoin' would use 'HOSTNAME',
which leads to 2 records in netlogon_creds_cli.tdb
for the same domain controller.
Once all callers are fixed we can think about reverting this
commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This provides an abstraction to hide netlogon_creds_CredentialState,
which is stored in a node local tdb.
Where the global state (netlogon_creds_CredentialState) between client and
server was only kept in memory (on the client side), we now use
the abstracted netlogon_creds_cli_context.
We now use a node specific computer name in order to establish
individual netlogon sessions per node.
If the caller wants to use some netlogon calls with credential chain
(struct netr_Authenticator), netlogon_creds_cli_lock*() is used
to get the current netlogon_creds_CredentialState in a g_lock'ed
fashion, a talloc_free() will release the lock.
The locking is needed as there might be more than one process
(multiple winbindd child, cmdline tools) which want to talk
to a specific domain controller. The usage of netlogon_creds_CredentialState
needs to be serialized as it uses sequence numbers.
LogonSamLogonEx doesn't use the credential chain, but for some operations
it needs the global session in order to de/encrypt individual fields.
It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate()
functions, which just make sure the session hasn't changed between
get and validate.
This is prepares the proper fix for a large number of bugs:
https://bugzilla.samba.org/show_bug.cgi?id=6563https://bugzilla.samba.org/show_bug.cgi?id=7944https://bugzilla.samba.org/show_bug.cgi?id=7945https://bugzilla.samba.org/show_bug.cgi?id=7568https://bugzilla.samba.org/show_bug.cgi?id=8599
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
