IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This utility is splitted of from cldap_netlogon_send.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
The subsections of [MS-SMB2] "3.2.5.14 Receiving an SMB2 IOCTL Response"
say the client should ignore the InputOffset/InputCount.
We do that only if we ask for max_input_length = 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10232
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104
Restore and backup privileges are not relevant to ldap
access checks, and the TakeOwnership privilege should
grant write_owner right
Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
These are the attributes returned from the FileFsAttributeInformation
request.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
We don't really use leases yet, so so far this went by unnoticed. It's
the V2 lease requests that hold the parent lease key, not the V1 ones.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This is an update to commit af290a03ce
that skips the scary debug messages.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
Windows and Samba always sign the final session setup response
even if signing is not mendatory, but it ensures that the signing
key is correctly in place.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
This way we can calculate the correct credit charge
for requests with large output buffers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Our cur_credit value had 1 credit too many in the case of
an SMB1 => SMB2 upgrade. When we max out the credits the server
disconnected the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This can be used before netlogon_creds_encrypt_samlogon_logon()
in order to keep the provided buffers unchanged.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(from Windows2012 tests).
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
SMB3.02 adds SHARE_CAP_ASYMMETRIC
Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jun 21 22:57:16 CEST 2013 on sn-devel-104
This changes (again...) our system md5 detection to cope with how
OpenIndiana does md5. I'm becoming increasingly convinced this isn't
worth our while (we should have just done samba_md5...), but for now
this change seems to work on FreeBSD, OpenIndiana and Linux with
libbsd.
This needs us to rename struct MD5Context -> MD5_CTX, but we provide a
config.h define to rename the type bad if MD5_CTX does not exist (it does
however exist in the md5.h from libbsd).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 28 19:43:41 CET 2013 on sn-devel-104
We're just writting a single record into a CLEAR_IF_FIRST|TDB_NOSYNC
tdb.
We just need to make sure we lock the record between reading and writting.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Mar 28 14:52:14 CET 2013 on sn-devel-104
They have to cope with large READX call replies that have
a length greater than smb_len_nbt() can handle.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Windows servers take a look at the FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
flag during a session setup and turn on signing if the client requires it.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Older Samba releases (<= 3.6.x)
expect the client to send CAP_LARGE_READX
in order to let the client use large reads.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104
Copies the signing state needed to make client compound requests work
on signed connections.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104
Names seems to be a bit cryptic and misleading (at least for me).
So documenting them should remove at least partially this problem.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++)
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This removes special-case for initalising the children array in
insert_in_object_tree(). talloc_realloc() handles the intial allocate
case perfectly well, so there is no need to have this duplicated.
This also restores having just one place were the rest of the elements
are intialised, to ensure uniform behaviour.
To do this, we have to rework insert_in_object_tree to have only one
output variable, both because having both root and new_node as output
variables was too confusing, and because otherwise the two pointers
were being allowed to point at the same memory.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
The inherited_type is only used to decide if aces should be inherited
effectively or not (INHERIT_ONLY) for the specified object.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
Add per device type ioctl handler source files for FSCTL_DFS,
FSCTL_FILESYSTEM, FSCTL_NAMED_PIPE and FSCTL_NETWORK_FILESYSTEM.
Reviewed by: Jeremy Allison <jra@samba.org>
It is critically important that we initialise this element as otherwise
all access is permitted.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a75805490d)
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
This should be a short term hack until the upper layers have implemented
re-authentication.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Oct 27 10:05:22 CEST 2012 on sn-devel-104
Time out UDP requests after DNS_REQUEST_TIMEOUT seconds. Currently set
to 2 seconds.
This should fix bug #8878.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 16 12:58:32 CEST 2012 on sn-devel-104
Ensure we correctly protect against blobs with data_offset==0
and data_length != 0.
Jeremy.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 22:07:02 CEST 2012 on sn-devel-104
The code in SMBNTLMv2encrypt_hash() should not be requesting case
changes on the domain name.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 24 21:39:42 CEST 2012 on sn-devel-104
OS/2 skips the DATA Block in SMB1 responses.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 13:16:49 CEST 2012 on sn-devel-104
We need to make sure we got a encrypted response if we asked
for it.
If we don't get a encrypted response, we use a similar logic
as with signing to propagated wellknown errors to the higher
layer and set state->smb2.signing_skipped = true.
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 15 16:26:26 CEST 2012 on sn-devel-104
One SMB2_TRANSFORM pdu wraps multiple SMB2 pdus.
We inject the SMB2_TRANSFORM header to each response which was wrapped
inside. This allows the next layer to verify if the SMB2 pdu was encrypted.
metze
there is a libsecurity on OSF1 which clasheѕ with our security lib. see bug #9023.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 10 14:22:21 CEST 2012 on sn-devel-104
This is not needed and breaks the build on AIX:
[ 988/3309] Compiling source4/smb_server/smb/reply.c
"../source4/smb_server/smb/reply.c", line 1093.42: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1093.42: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1093.42: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1093.42: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1109.13: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1110.13: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1111.13: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
"../source4/smb_server/smb/reply.c", line 1113.38: 1506-022 (S) "lseek64" is not a member of "union smb_seek".
Waf: Leaving directory `/opt/home/build/build_farm/samba_4_0_test/bin'
Build failed: -> task failed (err #1):
{task: cc reply.c -> reply_1.o}
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 11 10:32:51 CEST 2012 on sn-devel-104
After discussion with Kai move dns_hosts_file to a separate subsystem
and merge it into libaddns private library for s3/s4 client use.
Also remove dependency in libcli/nbt, the code from libcli/dns subsystems
is not used there at all.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Fri May 25 22:22:44 CEST 2012 on sn-devel-104
After consolidating DNS resolver code to lib/addns, there is one piece
that still needs to be moved into a common DNS resolver library: DNS_HOSTS_FILE
subsystem. Unfortunately, direct move would require lib/addns to depend on
libcli/util/{ntstatus.h,werror.h} (provided by errors subsystem).
In addition, moving libcli/dns/* code to lib/addns/ would make conflicting
the dns_tkey_record struct. The conflict comes from source4/dns_server/ and is due
to use of IDL to define the struct. lib/addns/ library also provides its own definition
so we either need to keep them in sync (rewrite code in lib/addns/ a bit) or
depend on generated IDL headers.
Thus, making a private library and subsystem clidns is an intermediate step
that allows to buy some time fore refactoring.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 15 20:17:01 CEST 2012 on sn-devel-104
With waf build include directories are defined by dependencies specified to subsystems.
Without proper dependency <gssapi/gssapi.h> cannot be found for embedded Heimdal builds
when there are no system-wide gssapi/gssapi.h available.
Split out GSSAPI header includes in a separate replacement header and use that explicitly
where needed.
Autobuild-User: Alexander Bokovoy <ab@samba.org>
Autobuild-Date: Wed Apr 25 00:18:33 CEST 2012 on sn-devel-104
The remaining gssapi_parse functions were used exclusively in
gensec_krb5. Move them there and make them static.
Signed-off-by: Andreas Schneider <asn@samba.org>
This is clearly a utiliy function generic to gensec. Also the 3 callers
had identical implementations. Provide a generic implementation for all
of them and avoid duplicating the code everywhere.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 14 02:26:34 CET 2012 on sn-devel-104
It's a bit confusing to mix low-level and high-level libraries. We had
multiple libraries in one directory, and there were have circular
dependencies with other libraries outside that directory (in this case,
samba-hostconfig).
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 10 23:13:01 CET 2012 on sn-devel-104
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
These are the tags for the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2
and SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2, the second version
of the SMB2_CREATE_DURABLE_HANDLE_REQUEST (DHnQ) and
SMB2_CREATE_DURABLE_HANDLE_RECONNECT (DHnC), which are only
available for SMB 2.2 (and newer).
This uses the key diveration function from "NIST Special Publication 800-108"
in counter mode (section 5.1).
Thanks to Jeremy, Michael and Volker for the debugging!
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
This implements a simplified version of "NIST Special Publication 800-108" section 5.1
using hmac-sha256.
Thanks to Jeremy, Michael and Volker for the debugging!
metze
The signing_key is fix across all channels and is used for session setups
on a channel binding.
Note:
- the last session setup response is signed with the new channel signing key.
- the reauth session setups are signed with the channel signing key.
It's also not needed to remember the main session key.
metze
