1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

2420 Commits

Author SHA1 Message Date
Jeremy Allison
e639cf1040 s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-18 15:32:17 +02:00
Andrew Bartlett
d660e66a4a s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Michael Adam
c150234495 s4:libcli:resolve: fix O3 error unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Garming Sam
38e08d7174 typo: mplementation => implementation
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Noel Power
03302bcb86 s4:libcli: fix 'Conditional jump or move' valgrind error
smbtorture test base.tcondev.tcondev causes the following valgrind trace

==23282== Conditional jump or move depends on uninitialised value(s)
==23282==    at 0x9BE5632: smbcli_tconX (cliconnect.c:148)
==23282==    by 0x41021C: tcon_devtest (base.c:91)
==23282==    by 0x411A01: run_tcon_devtype_test (base.c:522)
==23282==    by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23282==    by 0x955368F: internal_torture_run_test (torture.c:442)
==23282==    by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23282==    by 0x2600A4: run_matching (smbtorture.c:110)
==23282==    by 0x25FF66: run_matching (smbtorture.c:95)
==23282==    by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23282==    by 0x261E44: main (smbtorture.c:665)
==23282==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:15 +02:00
Andreas Schneider
03e8152e39 s4:libcli:smb2: Use constant time memcmp() to verify the signature
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-19 09:37:14 +02:00
Stefan Metzmacher
68d6c10e5e CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
57f0b0c6c0 CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
5721234328 CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
35ce75ec9e CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
4b679c350a CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
64a9cd2a38 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
05692ec958 CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
1da744b2f9 CVE-2016-2112: s4:libcli/ldap: make sure we detect downgrade attacks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
ed863ef46a CVE-2016-2112: s4:libcli/ldap: honour "client ldap sasl wrapping" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
a711399d30 CVE-2016-2111: s4:libcli: don't send a raw NTLMv2 response when we want to use spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
c985ffd884 CVE-2016-2111: s4:libcli: don't allow the LANMAN2 session setup without "client lanman auth = yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
bbaba64329 CVE-2016-2110: auth/credentials: pass server_timestamp to cli_credentials_get_ntlm_response()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:23 +02:00
Garming Sam
7b431eba22 build: mark explicit dependencies on pytalloc-util
All subsystems that include pytalloc.h need to link against
pytalloc-util.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144
2016-03-15 07:08:16 +01:00
Stefan Metzmacher
d9d0d2d5a2 s4:libcli/ldap: fix retry authentication after a bad password
We need to start with an empty input buffer.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Stefan Metzmacher
d04663b8b0 s4:libcli/ldap: make use of GENSEC_FEATURE_LDAP_STYLE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:29 +01:00
Garming Sam
fe2bcf9d41 ldap VLV: correct ASN1 parsing of VLV requests
As with the encoding, the ASN1_CONTEXT tag isn't followed by an
ASN1_SEQUENCE, though you wouldn't think that from reading the
specification.

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Garming Sam
8b650a5ab3 ldap: fix search control rule identifiers ASN.1 type
Wireshark and Windows both expect matching rule identifiers to be
given the ContextSimple type identifier instead of the Octet String.

As far as we can tell this is not formally specified anywhere.

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Douglas Bagnall
d2c6f7624b ldap VLV: memdup, not strdup VLV context_id
The context ID is not a text string, it is an opaque binary field.

Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-09 10:32:16 +01:00
Garming Sam
5421d7070a ldap VLV: use correct ASN.1 encoding for requests
The search reference points (either an integer index or a string
for comparison) are  supposed to use ASN1_CONTEXT or ASN1_CONTEXT_SIMPLE
(respectively) ASN.1 types. We were using these types, but we also put
extra ones in too, which nobody else likes.

Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-09 10:32:16 +01:00
Andrew Bartlett
8440dda3cb pysmb: Use pytalloc_BaseObject_PyType_Ready()
This changes pysmb to use talloc.BaseObject() just like the PIDL output

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
c763253f05 pysmb: Do not use pytalloc_Object directly
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:30 +01:00
Andrew Bartlett
05b99bed8c pysmb: Rework py_smb_new() to use pytalloc_steal()
This avoids casting to pytalloc_Object directly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
9a34a1567b pysmb: Use pytalloc_get_mem_ctx()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Andrew Bartlett
a2013c3a5a pysmb: Use pytalloc_get_ptr()
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-08 01:58:29 +01:00
Volker Lendecke
2b26522e34 libwbclient: Make source4/ use nsswitch/libwbclient
Right now there's no async user of this, so I think it's okay to use the
sync libwbclient. If we really get async libwbclient users, we need to
put it there instead of calling the struct protocol directly.

The code before this patch did not look at the _NO_WINBIND environment
variable. So ignore it here too.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-02-22 20:29:16 +01:00
Andreas Schneider
3f428caed4 s4-libcli: Add missing ldb header
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-02-19 15:58:22 +01:00
Stefan Metzmacher
d104d6e04f s4:libcli/ldap: add support for LDB_CONTROL_DIRSYNC_EX_OID
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:23 +01:00
Stefan Metzmacher
cd77b0bba4 s4:libcli/ldap: send AbandonRequests for cancelled requests
This happens on a local timeout of an talloc_free() of the request.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-02-17 03:43:22 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Volker Lendecke
9039f1f29e libcli: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-01-13 07:48:30 +01:00
Jelmer Vernooij
da8674c72a Rename 'errors' to 'samba-errors' and make it public.
This is necessary because it has public headers.

Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
2016-01-13 07:47:04 +01:00
Jelmer Vernooij
512d15de56 Make libcli-smb-raw private, for now.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
2016-01-13 04:43:23 +01:00
Volker Lendecke
a93946b2fe lib: Use asn1_extract_blob()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Andrew Bartlett
374d73617d lib/tls: Add new 'tls priority' option
This adds a new option to the smb.conf to allow administrators to disable
TLS protocols in GnuTLS without changing the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11076
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2015-07-20 03:08:26 +02:00
Douglas Bagnall
9658112e10 Fix ldap_bind compilation for i386
More size_t != uintmax_t issues:

../source4/libcli/ldap/ldap_bind.c: In function ‘ldap_bind_sasl’:
../source4/libcli/ldap/ldap_bind.c:237:3: error: format ‘%ju’ expects argument of type ‘uintmax_t’, but argument 2 has type ‘size_t’ [-Werror=format=]

   DEBUG(1, ("SASL bind triggered with non empty send_queue[%ju]: %s\n",
      ^
      cc1: all warnings being treated as errors

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-07-09 00:42:15 +02:00
Stefan Metzmacher
f036683896 s4:libcli/clilsa: only remember the dcerpc_binding_handle
We don't need the 'dcerpc_pipe'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2015-07-07 14:05:28 +02:00
Volker Lendecke
e1a87d8676 libldap: Fix CID 1308982 Unchecked return value from library
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul  1 00:11:41 CEST 2015 on sn-devel-104
2015-07-01 00:11:41 +02:00
Stefan Metzmacher
67c5d5849e s4:libcli/ldap: conversion to tstream
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-06-23 22:12:08 +02:00
Stefan Metzmacher
dd037b0be4 s4:libcli/raw: make sure smbcli_transport_connect_send/recv correctly cleanup on error
We need to make sure that we remove any pending writev_send or read_smb_send
request before closing the socket fd. As a side effect we always close the
socket fd if we don't return success for any any reason.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-06-12 17:08:17 +02:00
Alexander Bokovoy
eb029b32e9 s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used
This is a subtle bug that causes CLDAP pings to fail if SRV records
discovered cannot be resolved or connection to them cannot be
established. The code that fires up CLDAP ping will silently cancel
the whole tevent request without going to the next server in the queue.

This may happen, for example, when connection to IPv6 addresses couldn't
be established, or when IPv4 address is not online or blocked by
firewall.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11284

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-05-20 19:29:30 +02:00
Richard Sharpe
f0e9ba91c0 Rename SMB2_OP_FIND to SMB2_OP_QUERY_DIRECTORY so that it conforms with the MS document MS-SMB2.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 27 01:24:47 CET 2015 on sn-devel-104
2015-03-27 01:24:47 +01:00
David Disseldorp
d1e664f154 s4/ntvfs: support FS_SECTOR_SIZE_INFORMATION query-info
Return the same values as used by s3fs.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-18 18:57:21 +01:00
David Disseldorp
664dca2b44 s4/client: add FS_SECTOR_SIZE_INFORMATION query support
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-03-18 18:57:20 +01:00
Günther Deschner
87054a5355 pidl/python: support HRESULT errors in generated python bindings.
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-03-13 23:58:07 +01:00