1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

130 Commits

Author SHA1 Message Date
Stefan Metzmacher
c290ece1f6 libcli/smb: implement SMB 3.10 session setup
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
2f732db742 libcli/smb: implement SMB 3.10 negprot
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
a00fe90c3c libcli/smb: add smb2cli_req_get_send_iov()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
664ca0e3ee libcli/smb: negotiate SMB3_DIALECT_REVISION_310 if PROTOCOL_SMB3_10 is requested
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
3eef853f74 libcli/smb: fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02
If the connection starts with a SMB Negprot, the server only implies the
selected dialect, but not the clients security mode.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2014-10-07 22:47:04 +02:00
Stefan Metzmacher
7729ba5849 libcli/smb: add smb2cli_validate_negotiate_info*()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
8c846f78ed libcli/smb: add smb2cli_tcon_{should_sign,is_signing_on}()
This can be used to force signing for individual requests.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
e954f9290c libcli/smb: add smb2cli_tcon_should_encrypt()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
ca1081ef5e libcli/smb: add smbXcli_session_is_authenticated()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Stefan Metzmacher
aa4310b0af libcli/smb: support additional_flags = SMB2_HDR_FLAG_SIGNED
With SMB2_HDR_FLAG_SIGNED we make sure that we either use smb2 signing
or smb2 encryption for the request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-30 23:35:08 +02:00
Anubhav Rakshit
4c64d41cfc libcli/smb: Add routines to enable/disable SMB2_HDR_FLAG_REPLAY_OPERATION flag.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Anubhav Rakshit
2a8a6edfef libcli/smb: Add routine to reset the Channel Sequence number.
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Stefan Metzmacher
dfcc683e38 libcli/smb: correctly report disconnect errors after getting STATUS_PENDING
smb2cli_req_recv() should not report STATUS_PENDING if the
request isn't pending anymore (e.g. the connection was disconnected)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2014-09-19 09:15:10 +02:00
Stefan Metzmacher
f08c0b2ef1 libcli/smb: make use of tevent_req_set_cleanup_fn()
This is more better than a custom tevent_req destructor.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2014-01-17 12:38:08 +01:00
Stefan Metzmacher
b16b469f3f libcli/smb: add FLAG_CASELESS_PATHNAMES based on FILE_CASE_SENSITIVE_SEARCH to smb1 requests
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-17 16:09:10 +02:00
Stefan Metzmacher
44224cd40f libcli/smb: add FLAGS2_DFS_PATHNAMES for SMB1 operations against dfs shares
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-17 16:06:22 +02:00
Stefan Metzmacher
1c4e95cbd8 libcli/smb: add smbXcli_tcon_{set,get}_fs_attributes()
These are the attributes returned from the FileFsAttributeInformation
request.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-17 16:04:35 +02:00
Stefan Metzmacher
e0fe97c543 libcli/smb: add smbXcli_tcon_is_dfs_share()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-17 16:03:25 +02:00
Luk Claes
24e7be87d1 libcli/smb: Introduce smbXcli_conn_dfs_supported
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Luk Claes <luk@debian.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-10-17 16:01:39 +02:00
Michael Adam
f643961343 libcli/smb: add smb2cli_tcon_is_encryption_on()
https://bugzilla.samba.org/show_bug.cgi?id=10208

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-10-15 11:49:01 -07:00
Stefan Metzmacher
4879d0810a libcli/smb: only check the SMB2 session setup signature if required and valid
This is an update to commit af290a03ce
that skips the scary debug messages.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
2013-09-18 04:46:00 +02:00
Stefan Metzmacher
af290a03ce libcli/smb: fix non mendatory signing against some vendor SMB2 servers.
Windows and Samba always sign the final session setup response
even if signing is not mendatory, but it ensures that the signing
key is correctly in place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
2013-09-17 09:40:10 +02:00
Stefan Metzmacher
1d54d8c501 libcli/smb: use SMB1 MID=0 for the initial Negprot
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10144

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 07:52:29 +02:00
Stefan Metzmacher
f8b3c712f0 libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requested
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-09-17 04:00:33 +02:00
Jeremy Allison
81e1058e20 As SMB3 has transport level encryption, allow smbclient -e to force encryted SMB3 transport.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-08-21 17:28:55 +02:00
Stefan Metzmacher
7efdc323d1 libcli/smb: add smb2cli_conn_req_possible()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 09:07:06 +02:00
Stefan Metzmacher
111f529a2a libcli/smb: add smb1cli_conn_req_possible()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 09:07:06 +02:00
Stefan Metzmacher
44b53937d5 libcli/smb: pass max_dyn_len to smb2cli_req_send()
This way we can calculate the correct credit charge
for requests with large output buffers.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 09:07:06 +02:00
Stefan Metzmacher
4a3352020d libcli/smb: pass max_dyn_len to smb2cli_req_create()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 09:07:06 +02:00
Stefan Metzmacher
318735fd5e libcli/smb: calculate the credit charge on the input and output dyn_len
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 09:07:06 +02:00
Stefan Metzmacher
97288b7f10 libcli/smb: fix the credit handling on a SMB1 => SMB2 negotiate
Our cur_credit value had 1 credit too many in the case of
an SMB1 => SMB2 upgrade. When we max out the credits the server
disconnected the connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-15 09:07:05 +02:00
Volker Lendecke
2e59d6c370 libsmb: Remove an unnecessary variable assignment
Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-12 17:25:56 +12:00
Volker Lendecke
f584474d7d libsmb: Avoid an unnecessary "else"
Signed-off-by: Volker Lendecke <vl@samba.org>

Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-12 17:25:55 +12:00
Jeremy Allison
1111d46cc5 libcli/smb: smb1cli_inbuf_parse_chain() and smb1cli_conn_dispatch_incoming() should use smb_len_tcp.
They have to cope with large READX call replies that have
a length greater than smb_len_nbt() can handle.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-20 09:32:25 -07:00
Stefan Metzmacher
53d348dff0 libcli/smb: defer failing for missing NEGOTIATE_SECURITY_SIGNATURES_ENABLED
Windows servers take a look at the FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED
flag during a session setup and turn on signing if the client requires it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-20 09:32:25 -07:00
Stefan Metzmacher
4ea37dd521 libcli/smb: make use of samba_tevent_context_init()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19 23:47:44 +01:00
Jeremy Allison
1624d83fde Add new function smbXcli_session_copy(), to be used when creating compound SMB2 requests.
Copies the signing state needed to make client compound requests work
on signed connections.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-01-30 17:15:59 -08:00
Stefan Metzmacher
c5cd22b5bb libcli/smb: add smbXcli_session_set_disconnect_expired() (bug #9175)
This should be a short term hack until the upper layers have implemented
re-authentication.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-01 16:25:33 +01:00
Stefan Metzmacher
abf018e8b6 libcli/smb: make sure the SMB2_TRANSFORM pdu is complete
metze
2012-08-17 14:51:57 +02:00
Stefan Metzmacher
56fc7bc661 libcli/smb: support broken OS/2 error responses bug #9096
OS/2 skips the DATA Block in SMB1 responses.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 16 13:16:49 CEST 2012 on sn-devel-104
2012-08-16 13:16:48 +02:00
Stefan Metzmacher
d2d5fb1abf libcli/smb: verify decrypted SMB2 pdus correctly
We need to make sure we got a encrypted response if we asked
for it.

If we don't get a encrypted response, we use a similar logic
as with signing to propagated wellknown errors to the higher
layer and set state->smb2.signing_skipped = true.

metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 15 16:26:26 CEST 2012 on sn-devel-104
2012-08-15 16:26:26 +02:00
Stefan Metzmacher
7a7e9b1c76 libcli/smb: fix parsing of compounded messages within a SMB2_TRANSFORM pdu
One SMB2_TRANSFORM pdu wraps multiple SMB2 pdus.

We inject the SMB2_TRANSFORM header to each response which was wrapped
inside. This allows the next layer to verify if the SMB2 pdu was encrypted.

metze
2012-08-15 14:45:21 +02:00
Stefan Metzmacher
84f6b0f962 libcli/smb: fix smb2cli_req_compound_submit for multiple encrypted messages
There should be only one SMB2_TRANSFORM header for all compound requests.

metze
2012-08-15 14:45:05 +02:00
Stefan Metzmacher
7ffee47bc6 libcli/smb: all flags except SMB2_HDR_FLAG_ASYNC should be cleared in a cancel request.
metze
2012-08-15 14:45:04 +02:00
Stefan Metzmacher
528d3fe2ae libcli/smb: do not set SMB2_TF_MSG_SIZE in the caller
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug  8 07:32:55 CEST 2012 on sn-devel-104
2012-08-08 07:32:55 +02:00
Stefan Metzmacher
97be49c4d4 libcli/smb: add smb1cli_session_protect_session_key()
metze
2012-08-04 09:10:21 +02:00
Stefan Metzmacher
b1a0fda73d libcli/smb: pass hdr/len to smb_signing_check/sign_pdu() and skip the nbt header
metze
2012-08-04 09:10:21 +02:00
Stefan Metzmacher
2f4f2144f4 libcli/smb: remove unused smb2cli_session_application_key()
metze
2012-08-01 14:17:13 +02:00
Stefan Metzmacher
5f25567c2e libcli/smb: add smbXcli_session_application_key()
metze
2012-08-01 14:17:12 +02:00
Stefan Metzmacher
7af537e66f libcli/smb: allow resetting of the smb1 application_key
We need this untill we have fixed all callers...

metze
2012-08-01 14:16:01 +02:00