IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Fixes:
libcli/smb/smb2_create_blob.c:146:3: warning: Value stored to 'next_offset' is never read <--[clang]
next_offset += next_pad;
^ ~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Fixes:
libcli/smb/smb1cli_session.c:226:2: warning: Value stored to 'p' is never read <--[clang]
p += ret;
^ ~~~
libcli/smb/smb1cli_session.c:517:2: warning: Value stored to 'p' is never read <--[clang]
p += ret;
^ ~~~
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 12 13:56:19 UTC 2019 on sn-devel-184
We should make clear that this is a function for testing only,
with possible strange side effects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
We should only sign if we're asked for it. The signing keys are
always generated, so we were always using global signing key
and signed with it when signing was not asked for.
By luck this was the correct signing key for the 1st channel.
But multi channel connections where broken is the server nor the client
require/desire signing. It seems the tests only ever run against
Windows domain controllers, which always require signing.
Note that the following code in smb2cli_req_create() makes
sure that we always sign session binds:
if (cmd == SMB2_OP_SESSSETUP &&
!smb2_signing_key_valid(session->smb2_channel.signing_key) &&
smb2_signing_key_valid(session->smb2->signing_key))
{
/*
* a session bind needs to be signed
*/
state->smb2.should_sign = true;
}
This removed a logic changed introduced in commit
17e22e020f. As
if (!smb2_signing_key_valid(signing_key)) {
is not the same as:
if (signing_key && signing_key->length == 0) {
it's the same as:
if (signing_key == NULL || signing_key->length == 0) {
so we need:
if (signing_key != NULL && !smb2_signing_key_valid(signing_key)) {
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Before commit 17e22e020f they we not a
pointer and always be present.
We used the local pointer variable 'signing_key = NULL' and logic like
this:
if (state->smb2.should_sign) {
signing_key = state->session->smb2_channel.signing_key;
}
if (signing_key != NULL ...
In order to keep this we need to nake sure
state->session->smb2_channel.signing_key is never NULL!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This reverts commit 1817db965d.
This was pushed to fast, the corrected commit follows.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This reverts commit 0875016654.
This was pushed to fast, the corrected commit follows.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This was missing in commit 17e22e020f
and causes all multi-channel tests to segfault.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 11 15:25:56 UTC 2019 on sn-devel-184
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This caches the gnutls hmac handle in the struct so we only allocate it
once.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This also adds a new function to validate the structure.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This struct will be of interest when we add locking capabilities to
libcli/smb/smb2cli*
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].
While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.
[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869
Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com>
Reviewed-by: Ralph Böhme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144
There's a few ways to initialize a DATA_BLOB to NULL. There's the
variable data_blob_null, there's ZERO_STRUCTP, and the explicit
initializer. And there's the data_blob() macro which calls into
data_blob_talloc_named. You have to look at that routine to see that
this is nothing more than a ZERO_STRUCT() and not calling into
talloc. Choose the more direct way.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Every caller did a data_blob_const() right before calling
smb2_negotiate_context_add(). Avoid that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 25 21:07:22 CET 2019 on sn-devel-144
Although it's unusual to hit this case, I was seeing it happen while
working on the SMB python bindings. Even with debug level 10, there was
nothing coming out to help pin down the source of the
NT_STATUS_INTERNAL_ERROR.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736
Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The original commit c5cd22b5bb from bug
9175 never worked, as the preceeding signing check overwrote the status
variable.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144
This can be used by the upper layers to force checking a response is
signed. It will be used to implement verification of session setup
reauth responses in a torture test. That comes next.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This allows adding an additional condition to the if check where the
condition state may be modified in the "if (opcode ==
SMB2_OP_SESSSETUP)" case directly above.
No change in behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>