sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-06 13:18:07 +03:00
Code
81,197 Commits 60 Branches 1,144 Tags 452 MiB
a0f6014517
Commit Graph

715 Commits

Author SHA1 Message Date
Michael Adam
ac43937ce4 smbXcli: add the possiblilty to negotiate client capabilites in smb >= 2.2 
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
 2012-03-03 17:03:07 +01:00
Michael Adam
76e6733344 libcli:smb: define SMB2_DHANDLE_FLAG_PERSISTENT 2012-03-03 17:03:06 +01:00
Michael Adam
db632fdd2c libcli:smb: add new SMB2 share flags 
* FORCE_LEVELII_OPLOCKS
* ENABLE_HASH_V1
* ENABLE_HASH_V2
* ENCRYPT_DATA
 2012-03-03 17:03:06 +01:00
Michael Adam
6f860837e5 libcli:smb: upgrade SMB2_CAP_ALL to include the newly known caps 2012-03-03 17:03:06 +01:00
Michael Adam
8c5d288ecf libcli:smb: add defines for SMB2.2 share capabilities 
* continuous avaliability
* cluster
* scaleout
 2012-03-03 17:03:06 +01:00
Michael Adam
29eed6359a libcli:smb: add defines for SMB2.2 global capabilities 
* multi channel
* persistent handles
* directory leasing
* encryption
 2012-03-03 17:03:06 +01:00
Michael Adam
0bdd18efc9 libcli:smb: define DH2Q and DH2C tags for smb2 extra create blobs 
These are the tags for the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2
and SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2, the second version
of the SMB2_CREATE_DURABLE_HANDLE_REQUEST (DHnQ) and
SMB2_CREATE_DURABLE_HANDLE_RECONNECT (DHnC), which are only
available for SMB 2.2 (and newer).
 2012-03-03 17:03:06 +01:00
Christian Ambach
dc24e229a5 smb2_constants: fix a typo 
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Sat Mar  3 09:04:40 CET 2012 on sn-devel-104
 2012-03-03 09:04:40 +01:00
Christian Ambach
583a53835b smb2_constants: add SMB2_WATCH_TREE 2012-03-02 21:47:09 -08:00
Michael Adam
f981257240 libcli/smb/smb2_signing: rename smb2_key_deviration -> smb2_key_derivation 
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Feb 29 09:01:54 CET 2012 on sn-devel-104
 2012-02-29 09:01:54 +01:00
Stefan Metzmacher
c9219fe585 libcli/smb/smbXcli: use smb2_key_deviration() to setup SMB 2.24 keys 
This uses the key diveration function from "NIST Special Publication 800-108"
in counter mode (section 5.1).

Thanks to Jeremy, Michael and Volker for the debugging!

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
 2012-02-29 04:54:46 +01:00
Stefan Metzmacher
39ae4737e0 libcli/smb/smb2_signing: implement aes_cmac_128 based signing for SMB 2.24 
metze
 2012-02-29 03:16:23 +01:00
Stefan Metzmacher
7f5e56971f libcli/smb/smb2_signing: add smb2_key_deviration() 
This implements a simplified version of "NIST Special Publication 800-108" section 5.1
using hmac-sha256.

Thanks to Jeremy, Michael and Volker for the debugging!

metze
 2012-02-29 03:16:23 +01:00
Stefan Metzmacher
615c41ce12 libcli/smb/smb2_signing: pass down 'protocol' to smb2_signing_[sign|check]_pdu() 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Feb 27 14:26:32 CET 2012 on sn-devel-104
 2012-02-27 14:26:32 +01:00
Stefan Metzmacher
7309e11ad5 libcli/smb/smb2_signing: rename session_key to signing_key 
metze
 2012-02-27 12:51:34 +01:00
Stefan Metzmacher
910251e8ed libcli/smb/smbXcli: remove unused if statement from smb2cli_conn_dispatch_incoming() 
metze
 2012-02-27 12:51:34 +01:00
Stefan Metzmacher
a1ef9c761a libcli/smb/smbXcli: add smb2cli_session_application_key() 
metze
 2012-02-27 12:51:34 +01:00
Stefan Metzmacher
aa4331be9e libcli/smb/smbXcli: maintain smb2 channel_signing_key separate from the signing_key 
The signing_key is fix across all channels and is used for session setups
on a channel binding.

Note:
 - the last session setup response is signed with the new channel signing key.
 - the reauth session setups are signed with the channel signing key.

It's also not needed to remember the main session key.

metze
 2012-02-27 12:51:33 +01:00
Stefan Metzmacher
b93f6ac79c libcli/smb/smbXcli: remove unused checks from smb2cli_session_create_channel() 
metze
 2012-02-27 12:51:33 +01:00
Volker Lendecke
bd6ff4dbab libcli: Remove a pointless check 
"n" is size_t, so it is always >=0.
 2012-02-25 22:14:38 +01:00
Richard Sharpe
1082532500 Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege 
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
 2012-02-22 19:19:32 +01:00
Andrew Bartlett
52ac479764 auth: Move the rest of the source4 gensec_ntlmssp code to the top level 
The ntlmssp_server code will be in common shortly, and aside from a
symbol name or two, moving the client code causes no harm and makes
less mess.  We will also get the client code in common very soon.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-02-17 10:48:09 +01:00
Andrew Bartlett
674278d5b0 auth/kerberos: Move gse_get_session_key() to common code and use in gensec_gssapi 
Thie ensures that both code bases use the same logic to determine the use
of NEW_SPNEGO.

Andrew Bartlett
 2012-02-17 17:36:38 +11:00
Andrew Bartlett
5ad7665b63 libcli/smb: Convert struct smb_trans_enc_state to talloc 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-31 20:17:10 +01:00
Andrew Bartlett
fce53e0e79 s3-libsmb: Remove unused enum smb_trans_enc_type 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-31 20:17:10 +01:00
Stefan Metzmacher
f6fb55aeae libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIRED 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
 2012-01-29 14:11:12 +01:00
Stefan Metzmacher
c543ce1028 libcli/smb: fix smbXcli_negprot(..., PROTOCOL_NT1, PROTOCOL_SMB2_02) 
The SMB1 negprot request already consumed the SMB2 sequence '0'.
This also happens for the SMB 2.02 case.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
 2012-01-27 15:27:40 +01:00
David Disseldorp
af6bf7714d lib: use differing NTSTATUS and WERROR struct members 
This allows the compiler to catch uses of incorrectly typed arguments
for [NT_STATUS|W_ERROR]_IS_OK() and [NT_STATUS|W_ERROR]_EQUAL(). I.e.

WERROR werr;

werr = my_fn();        /* XXX returns WERROR type */

if (NT_STATUS_EQUAL(werr, NT_STATUS_OBJECT_NAME_COLLISION)) {
 2012-01-23 12:18:20 -08:00
Andrew Bartlett
e175d25c68 s3-libsmb: Always allow SMB_TRANS_ENC_GSS to be defined 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Jan 21 01:28:54 CET 2012 on sn-devel-104
 2012-01-21 01:28:53 +01:00
Andrew Bartlett
58916c047d s3-libsmb: Remove unused smb_tran_enc_state_gss and gssapi headers 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-20 23:55:55 +01:00
Andrew Bartlett
41ed715d42 s3-libsmb: use struct gensec_security directly 
This is rather than via a now one-element union.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-20 23:55:55 +01:00
Andrew Bartlett
06f7105490 s3-libcli Change krb5 smb sealing to call via gensec and gensec_gse 
This also fixes the support for smb sealing with krb5 in make test, as
this now relies on secrets.tdb rather than /etc/krb5.keytab.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-01-20 23:55:54 +01:00
Andrew Bartlett
b69c40ffce auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksum 2012-01-12 18:02:54 +11:00
Jeremy Allison
f15cf9176d Second part of fix for bug #8673 - NT ACL issue. 
Ensure we process the entire ACE list instead of returning ACCESS_DENIED
and terminating the walk - ensure we only return the exact bits that cause
the access to be denied. Some of the S3 fileserver needs to know if we
are only denied DELETE access before overriding it by looking at the
containing directory ACL.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
 2012-01-11 19:24:53 +01:00
Andrew Bartlett
19deda26d0 krb5: Require krb5_string_to_key be available to build with krb5 2012-01-10 21:50:07 +01:00
Andrew Bartlett
0c6af1e2da krb5: Require krb5_principal_compare_any_realm be available to build with krb5 2012-01-10 21:50:07 +01:00
Andrew Bartlett
6b2e742d6c krb5: Require krb5_c_verify_checksum is available to build with krb5 2012-01-10 21:50:07 +01:00
Volker Lendecke
f1432d14a4 libcli/smb: Add smbXcli_conn_samba_suicide 
This is a pure test tool against Samba servers
 2012-01-05 13:09:36 +01:00
Volker Lendecke
48804e40d4 Fix the build without kerberos 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan  1 23:56:24 CET 2012 on sn-devel-104
 2012-01-01 23:56:24 +01:00
Andrew Bartlett
9a085b0b80 auth/kerberos: Move gssapi_parse.c to the top level 
This will help with writing a gensec module for the s3 gse layer.

Andrew Bartlett
 2011-12-28 22:39:19 +11:00
Volker Lendecke
d4e834ec6c lib: Fix NT_STATUS_ALL_SIDS_FILTERED definition 
This seems to be more in line with all the other NT_STATUS definitions.

Metze, please check.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Dec 23 23:19:17 CET 2011 on sn-devel-104
 2011-12-23 23:19:17 +01:00
Stefan Metzmacher
2bd2f3880e libcli/smb: add PROTOCOL_SMB2_24 support 
metze
 2011-12-22 15:58:45 +01:00
Stefan Metzmacher
5bc242f4a2 libcli/smb: add SMB2_DIALECT_REVISION_224 
This is specified in the new [MS-SMB2] preview document.

metze
 2011-12-22 15:58:45 +01:00
Stefan Metzmacher
23a034335c libcli/util: add NT_STATUS_NETWORK_SESSION_EXPIRED and NT_STATUS_ALL_SIDS_FILTERED 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Dec 17 14:24:40 CET 2011 on sn-devel-104
 2011-12-17 14:24:40 +01:00
Volker Lendecke
a77b0dd7b8 libcli: Remove an unused variable 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Dec 12 23:21:49 CET 2011 on sn-devel-104
 2011-12-12 23:21:49 +01:00
Andrew Bartlett
c9d929af8b s4-lsarpc handle more info levels in SetInfoTrustedDomain calls 
This uses the very helpful conversion functions written for the s3 lsa server
and places these in common.

Andrew Bartlett
 2011-12-12 12:57:07 +01:00
Stefan Metzmacher
13dbef241b smbXcli: add support for SMBreadBraw 
metze
 2011-11-29 16:00:08 +01:00
Stefan Metzmacher
e450c45e67 smbXcli: add smb1cli_conn_server_{readbraw,writebraw,lockread,writeunlock}() 
metze
 2011-11-29 16:00:08 +01:00
Stefan Metzmacher
51a7201a12 smb1cli_trans: add support for tevent_req_cancel() 
metze
 2011-11-29 16:00:08 +01:00
Stefan Metzmacher
524d06615f smb1cli_trans: return the status from the server if possible 
metze
 2011-11-29 16:00:08 +01:00
Stefan Metzmacher
f0d8038ed8 smbXcli: rebuild smb1.recv_iov array if we expect more than one response 
metze
 2011-11-29 16:00:07 +01:00
Stefan Metzmacher
8c7e7ee91b smbXcli: allow up to 10 iovec elements for the bytes in smb1cli_req_create() 
The smb1cli_trans_* code uses up to 6 elements, which was too much for
the current limit of 5.

metze
 2011-11-29 16:00:07 +01:00
Stefan Metzmacher
3453665bcb smbXcli: s/smb2cli_writev_done/smb2cli_req_writev_done 
This is a better name and it matches smb1cli_req_writev_done

metze
 2011-11-29 16:00:07 +01:00
Stefan Metzmacher
c9ca3bb492 smbXcli: call tevent_queue_stop() for the outgoing queue on disconnect 
metze
 2011-11-29 16:00:07 +01:00
Stefan Metzmacher
91cb09fa0c smbXcli: use talloc_stackframe() instead of talloc_tos() in smb1cli_conn_signv() 
metze
 2011-11-29 16:00:07 +01:00
Stefan Metzmacher
9f6454af39 libcli/smb: remove unused smb_signing_set_bsrspyl() prototype 
metze
 2011-11-29 16:00:07 +01:00
Volker Lendecke
7491bd78d6 Fix Coverity ID 2638: OVERRUN_STATIC 2011-11-28 14:52:32 +01:00
Volker Lendecke
f094cc3ade Fix Coverity ID 2639: UNUSED_VALUE 2011-11-28 14:52:31 +01:00
Volker Lendecke
d287fe5399 s3:libsmb: Fix a typo 2011-11-24 19:02:33 +01:00
Stefan Metzmacher
a210d9fa05 s3:smbXcli: keep two fd per connection in order to work with the epoll tevent backend 
metze
 2011-11-24 19:02:33 +01:00
Stefan Metzmacher
da2027faf7 smbXcli: rework smb1cli_trans.c to use smbXcli_conn/smbXcli_req 
metze
 2011-11-24 19:02:32 +01:00
Stefan Metzmacher
c1db4a0d9f smbXcli: cp source3/libsmb/clitrans.c libcli/smb/smb1cli_trans.c 
metze
 2011-11-24 19:02:32 +01:00
Stefan Metzmacher
bda3d491b4 smbXcli: add smb2cli_req_set_notify_async() 
That can be used if the caller wants to be notified if
the async interim response arrives.

metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
0995d68d59 smbXcli: add support for tevent_req_cancel() on smbXcli_req 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
91ffe696aa smbXcli: fix smb signing for SMBntcancel 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
c2a39f4ecd smbXcli: add smb2cli_session_create_channel() 
This makes it possible to implement SMB 2.22 Multi-Channel
for testing.

metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
99b3d57fc3 s3:smb2cli: make use of smbXcli_session and setup the session key for SMB2 signing 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
396d7a7dd3 smbXcli: add support for smb2 signing 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
3fd54b57c1 smbXcli: add smbXcli_session infrastructure 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
4435dad827 smbXcli: add support for PROTOCOL_SMB2_22 in smbXcli_negprot() 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
9d06e0fcc7 smbXcli: add support for SMB2 multi-credit requests 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
d533543166 smbXcli: add support for 2.??? negprot and PROTOCOL_SMB2_10 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
1cfeb3f8a0 smbXcli: pass client_guid to smbXcli_conn_create() 
metze
 2011-11-24 19:02:31 +01:00
Stefan Metzmacher
ceb063ca7d smbXcli: add smbXcli_negprot_* 
This supports negotiation of any SMB1 or SMB2 dialect.

metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
b958498c2a smbXcli: add helper functions to access the negotiated features 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
1a0ce02a23 smbXcli: also notify chained requests about broken connections 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
4d8e151779 smbXcli: simplify smb1cli_req_chain_submit() 
We should hang everything on the first request in the chain,
as that's the one that gets added to the pending array.

metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
e2912fa853 smbXcli: remove unused smb1cli_have_andx_command() 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
fee3a0a657 smbXcli: reorder smb1cli_conn_dispatch_incoming() to avoid too much nesting 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
0f194e35a6 smbXcli: rework smb1cli_req_recv() to expose an iov with 3 elements 
Each smb1cli_req has 3 iov elements
[SMB HDR, SMB Parameter Block, SMB Data Block].

The 'inbuf' is still exposed if the caller requires it
(until we fix all legacy callers).

The can now pass an array of expected [status,wct] combinations,
instead of just one expected min_wct.

metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
ce224f4d25 smbXcli: use smb1cli_inbuf_parse_chain() and remember more details per chain response 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
7c5651c3f6 smbXcli: add smb1cli_inbuf_parse_chain() 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
94cb738dd4 smbXcli: pass hdr to smb1cli_pull_raw_error() 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
4529395d3c smbXcli: add state->smb1.recv_{cmd,status,iov} 
In the following commits we will need to remember a few more things.

metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
5e7cf194d2 smbXcli: split out a smb1cli_req_flags() function 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
2a570e6305 smbXcli: set message id to UINT64_MAX for BREAK in smb2cli_req_create() 
This way the caller can register an oplock handler.

Note that smb2cli_req_compound_submit() will overwrite this
if a request is send over the wire.

metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
349977e1a0 s3:smb2cli: replace smb2cli_base.c code with the more generic smbXcli_base.c code 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
84806eceb2 smbXcli: rework smb2cli_req to smbXcli_conn/smbXcli_req 
metze
 2011-11-24 19:02:30 +01:00
Stefan Metzmacher
21b5f1c185 libcli/smb: copy smb2cli_req_* code to smbXcli_base.c 
metze
 2011-11-24 19:02:29 +01:00
Stefan Metzmacher
26892a9783 smbXcli: rework smbXcli_base.c to use smbXcli_conn/smbXcli_req 
This splits the low level smb code from 'struct cli_state'
and makes it much more generic and useful for testing.

metze
 2011-11-24 19:02:29 +01:00
Stefan Metzmacher
012dee3803 smbXcli: cp source3/libsmb/async_smb.c libcli/smb/smbXcli_base.c 
metze
 2011-11-24 19:02:29 +01:00
Christian Ambach
53ad886f75 security: add local authority well-known SIDs 
add the S-1-2 well-known SID family

Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
 2011-11-24 19:01:08 +01:00
Matthias Dieter Wallnöfer
4cafcf0e6b libcli/cldap/cldap.c - remove outdated comment 
Reviewed-by: metze

Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date: Thu Nov 10 20:32:08 CET 2011 on sn-devel-104
 2011-11-10 20:32:08 +01:00
Stefan Metzmacher
17f1a97a61 libcli/cldap: fix a crash bug in cldap_socket_recv_dgram() (bug #8593) 
After a calling any wrapper of tevent_req_notify_callback(),
e.g. tevent_req_nterror(), tevent_req_done(), tevent_req_nomem(),
a function has to return immediately otherwise it is very likely to
crash, unless in calls tevent_req_defer_callback() before.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 10 16:31:59 CET 2011 on sn-devel-104
 2011-11-10 16:31:59 +01:00
Günther Deschner
6e67073900 waf: convert NDR_NBT into shared library. 
Guenther
 2011-11-03 18:35:09 +01:00
Günther Deschner
768b42f334 nbt: move netlogon_samlogon_response into librpc/ndr/ndr_nbt.h. 
Guenther
 2011-11-03 18:35:08 +01:00
Günther Deschner
0de2bf97ff nbt: move nbt_string ndr functions to ndr/ndr_nbt.c helper. 
Guenther
 2011-11-03 18:35:08 +01:00
Günther Deschner
72879f491f nbt: merge in LIBCLI_NDR_NETLOGON helper into NDR_NBT. 
Guenther
 2011-11-03 18:35:08 +01:00
Günther Deschner
2417ea4923 librpc: remove nbt dependency to svcctl. 
Guenther
 2011-11-03 18:35:08 +01:00
Günther Deschner
2ecd50116c librpc: remove nbt dependency to samr. 
Guenther
 2011-11-03 18:35:08 +01:00