IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It does this if we send a session ID of zero. The server still replied.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): Jim McDonough <jmcd@samba.org>
Autobuild-Date(master): Thu Nov 9 01:49:06 CET 2017 on sn-devel-144
This widens the lock range to cover the check for established
credentials. Before this patch it could happen that more than one
winbind finds no credentials and does the auth3. This can pile up.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996
Signed-off-by: Stefan Metzmacher <metze@samba.org>
The default debug level of smbclient is set to 'log level = 1'. So we
need to use at least NOTICE to not get the message when we do not force
kerberos.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12704
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 24 17:22:18 CEST 2017 on sn-devel-144
Also modify non-specified max_protocol to be PROTOCOL_LATEST
(currently PROTOCOL_SMB3_11).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12881
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is all we can do with when using we allow SMB2/3 and the server supports
it, 'smb://' can't work unless we implement LLMNR and maybe WSD.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
get_ipc_connect() is only used in code paths that require cli_NetServerEnum()
to work, so it must already require SMB1 only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12876
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We have to do the parsing manually. Looking at librpc/gen_ndr/ndr_notify.c we
have the following code snippet:
size_FileName1_0 = strlen_m(r->FileName1);
NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->FileName1,
size_FileName1_0, sizeof(uint16_t),
CH_UTF16));
which means that we take strlen_m(r->FileName1) before we pull
it off the wire. Not sure how to fix this, but that is clearly
broken pidl output. Once that is fixed, we can convert this
to ndr_pull_struct.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This removes duplicate code paths and ensures we have only one
function calling the underlying smb2cli_set_info() for setting
info levels by path.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Fix to prevent libsmbclient from accidently making SMB1 calls inside an SMB2
connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is only called from SMBC_setatr(), so bring it into line with
the specification for that function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12913
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
talloc_asprintf_append() might call realloc()
and therefore move the memory address of "path".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12927
Signed-off-by: Thomas Jarosch <thomas.jarosch@intra2net.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jul 22 22:45:05 CEST 2017 on sn-devel-144
SMB1 uses attr == 0 to clear all attributes
on a file (end up with FILE_ATTRIBUTE_NORMAL),
and attr == FILE_ATTRIBUTE_NORMAL to mean ignore
request attribute change.
SMB2 uses exactly the reverse. Unfortunately as the
cli_setatr() ABI is exposed inside libsmbclient,
we must make the SMB2 cli_smb2_setatr() call
export the same ABI as the SMB1 cli_setatr()
which calls it. This means reversing the sense
of the requested attr argument if it's zero
or FILE_ATTRIBUTE_NORMAL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12899
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
We use secrets_{prepare,failed,defer,finish}_password_change() to make
the process more robust.
Even if we just just verified the current password with the DC
it can still happen that the remote password change will fail.
If a server has the RefusePasswordChange=1 under
HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters,
it will reject NetrServerPasswordSet2() with NT_STATUS_WRONG_PASSWORD.
This results in a successful local change, but a failing remote change,
which means the domain membership is broken (as we don't fallback to
the previous password for ntlmssp nor kerberos yet).
An (at least Samba) RODC will also reject a password change,
see https://bugzilla.samba.org/show_bug.cgi?id=12773.
Even with this change we still have open problems, e.g. if the password was
changed, but we didn't get the servers response. In order to fix that we need
to use only netlogon and lsa over unprotected transports, just using schannel
authentication (which supports the fallback to the old password).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Even in the case where only the password is known to the server, we should
try to leave a valid authentication behind.
We have better ways to indentify which password worked than only using
the current one.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This way the caller can pass more than 2 hashes and can only
know which hash was used for a successful connection.
We allow up to 4 hashes (next, current, old, older).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12782
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
For now we only support SMB1, as most of the cli_*_send() function don't
support SMB2, it's only plugged into the sync wrapper functions currently.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
As we try to pass the path to an SMB2 server, we should have
just one leading backslash (which then gets ignored in
cli_smb2_create_fnum_send()).
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Treat them identically. Create them on demand after for a tcon call,
and delete them on a tdis call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Save and restore tcon pointers in smb1 or smb2 structs.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
This function updates cli->server_{os,type,domain} to valid values
after a session setup.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12779
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This fixes a regression and prints the session setup on connect again:
Domain=[SAMBA-TEST] OS=[Windows 6.1] Server=[Samba 4.7.0pre1-DEVELOPERBUILD]
smb: \>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12824
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pass down request flags and check they are respected with the response
flags. Otherwise, error out and pretend the connection never happened.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If smbXcli_session_is_guest() returns true, we should handle the authentication
as anonymous and don't touch the gensec context anymore.
Note that smbXcli_session_is_guest() always returns false, if signing is
required!
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
