sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Code
109,524 Commits 60 Branches 1,145 Tags 452 MiB
a826394a2f
Commit Graph

1319 Commits

Author SHA1 Message Date
Stefan Metzmacher
35ed3eeb06 libcli/smb: add smb1cli_session_setup_nt1_send/recv() 
This does a session setup for the NT1 protocol (without CAP_EXTENDED_SECURITY).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:26 +01:00
Andreas Schneider
2182817c97 libcli/smb: add smb1cli_session_setup_lm21_send/recv() 
This does a session setup for the LANMAN 2(.1) protocol.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:26 +01:00
Stefan Metzmacher
4334f2dad0 libcli/smb: reformat wscript 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:26 +01:00
Stefan Metzmacher
5b0a54d36c libcli/smb: Add smb_bytes_pull_str() helper function 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:26 +01:00
Stefan Metzmacher
7999e6f6c0 libcli/smb: move {smb,trans2}_bytes_push_{str,bytes}() to common code 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:26 +01:00
Stefan Metzmacher
00e417ffa0 libcli/smb: handle a talloc_free() on an unsent smb1 request 
When a the higher level does a TALLOC_FREE() on an already
queued request, we need to check whether we already sent a byte,
if not we can try to unwind the smb1 signing sequence number,
if there was only one pending request, in all other cases
we need to disconnect the connection.

I noticed that when seeing during an smb1cli_close()
from tstream_smbXcli_np_destructor().

TODO: we may want to have a similar smbXcli_conn_cancel_read_req() in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-10-26 11:20:12 +02:00
Jeremy Allison
44a7040500 s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address. 
Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>

Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.

Make sure cldap_search_send() copes with cldap parameter == NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144
 2016-10-18 02:16:20 +02:00
Moritz Beller
caff67082a libcli: Remove code clone 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12373
Signed-off-by: Moritz Beller <moritzbeller@gmx.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo <simo@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 13 18:13:45 CEST 2016 on sn-devel-144
 2016-10-13 18:13:45 +02:00
Ralph Boehme
6f3b421c4a s3/vfs: merge offline functionality into DOS attributes handling 
The offline VFS functions predate the SMB_VFS_{GET|SET}_DOS_ATTRIBUTES()
functions, now that we have these, we can use them for the offline
attribute as well.

The primary reason for this is: performance. Merging both functions has
the benefit that in VFS modules that use same backing store bits for
both offline attribute and DOS attributes (like gpfs), we avoid calling
the backing store twice in dos_mode() and file_set_dosmode().

This commit modifies all existing users of the offline attribute to
adapt to the change, the next commit will then remove the obsolete
offline functions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2016-10-11 11:01:10 +02:00
Steve French
cad43f2cd4 lib: Annotate well known SID names 
Add Samba specific well known SIDs for
Unix UID and GID owner.

Signed-off-by: Steve French <smfrench@gmail.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2016-09-29 08:02:18 +02:00
Günther Deschner
f82cbd1703 werror: removed WERR_RPC_E_INVALID_HEADER (unused, already known as HRES_RPC_E_INVALID_HEADER) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:36 +02:00
Günther Deschner
5dfd783136 werror: removed WERR_RPC_E_REMOTE_DISABLED (replaced with HRES_RPC_E_REMOTE_DISABLED) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:36 +02:00
Günther Deschner
5ad3a95f46 werror: removed WERR_SEC_E_ALGORITHM_MISMATCH (unused, already known as HRES_SEC_E_ALGORITHM_MISMATCH) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
d013dc4af1 werror: replace WERR_SEC_E_DECRYPT_FAILURE with HRES_SEC_E_DECRYPT_FAILURE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
08586e2824 werror: remove WERR_SEC_E_ENCRYPT_FAILURE (there is HRES_SEC_E_ENCRYPT_FAILURE) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
6b1c5b485c werror: replace WERR_CLASS_NOT_REGISTERED with HRES_REGDB_E_CLASSNOTREG 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
05f272f492 werror: remove two duplicate error mappings. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
3ffd4cb274 werror: use autogenerated error codes. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
68368c69f8 werror: removed WERR_SHUTDOWN_ALREADY_IN_PROGRESS (unused, already known as WERR_SHUTDOWN_IN_PROGRESS) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
d60f3f0554 werror: removed WERR_UNKNOWN_LEVEL 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:35 +02:00
Günther Deschner
bf03690ca6 werror: removed WERR_FRS_INVALID_SERVICE_PARAMETER 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:34 +02:00
Günther Deschner
21a343121a werror: removed WERR_FRS_SYSVOL_IS_BUSY (unused, already known as WERR_FRS_ERR_SYSVOL_IS_BUSY) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:33 +02:00
Günther Deschner
0dee591174 werror: removed WERR_FRS_INSUFFICIENT_PRIV (unused, already known as WERR_FRS_ERR_INSUFFICIENT_PRIV) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:33 +02:00
Günther Deschner
9ec24a0e0c werror: removed WERR_DEFAULT_JOIN_REQUIRED 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:33 +02:00
Günther Deschner
44672feef2 werror: removed WERR_SETUP_DOMAIN_CONTROLLER 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:32 +02:00
Günther Deschner
be7a2a89ae werror: removed WERR_SETUP_NOT_JOINED 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:32 +02:00
Günther Deschner
9f44fad7af werror: removed WERR_SETUP_ALREADY_JOINED 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:31 +02:00
Günther Deschner
7263f9ca1c werror: removed WERR_DFS_CANT_CREATE_JUNCT 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:30 +02:00
Günther Deschner
90b6153ec9 werror: removed WERR_DFS_INTERNAL_ERROR 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:30 +02:00
Günther Deschner
73be92bbba werror: removed WERR_DFS_NO_SUCH_SERVER 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:30 +02:00
Günther Deschner
318dbc4f53 werror: removed WERR_DFS_NO_SUCH_SHARE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:30 +02:00
Günther Deschner
e92e86ffbc werror: removed WERR_DFS_NO_SUCH_VOL 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:29 +02:00
Günther Deschner
de8e685f3f werror: removed WERR_TIME_DIFF_AT_DC (unused, already known as WERR_NERR_TIMEDIFFATDC) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:29 +02:00
Günther Deschner
d5cef966ce werror: removed WERR_DCNOTFOUND 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:29 +02:00
Günther Deschner
610cd200d9 werror: removed WERR_NOT_LOCAL_DOMAIN (unused, already known as WERR_NERR_NOTLOCALDOMAIN) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:29 +02:00
Günther Deschner
3c362cc9cb werror: removed WERR_FID_NOT_FOUND (unused, already known as WERR_NERR_FILEIDNOTFOUND) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:29 +02:00
Günther Deschner
6d2065dee0 werror: removed WERR_DEVICE_NOT_SHARED 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:28 +02:00
Günther Deschner
3411cf7c36 werror: removed WERR_SESSION_NOT_FOUND (unused, already known as WERR_NERR_CLIENTNAMENOTFOUND) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:27 +02:00
Günther Deschner
5f31152616 werror: removed WERR_NET_NAME_NOT_FOUND 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:27 +02:00
Günther Deschner
9d675b82f7 werror: removed WERR_NAME_NOT_FOUND (unused, already known as WERR_NERR_NAMENOTFOUND) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:26 +02:00
Günther Deschner
ebf028a6c5 werror: removed WERR_NOT_CONNECTED 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:26 +02:00
Günther Deschner
245c436947 werror: removed WERR_USEREXISTS 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:26 +02:00
Günther Deschner
df576c5536 werror: removed WERR_USER_NOT_FOUND 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:26 +02:00
Günther Deschner
104154c0af werror: removed WERR_GROUPNOTFOUND 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
28f5d32b85 werror: removed WERR_DEST_NOT_FOUND 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
8cfff62eab werror: removed WERR_JOB_NOT_FOUND (unused, already known as WERR_NERR_JOBNOTFOUND) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
6ea4c3165f werror: removed WERR_ALREADY_SHARED (unused, already known as WERR_NERR_DUPLICATESHARE) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
b792d0c122 werror: removed WERR_BUF_TOO_SMALL (unused, already known as WERR_NERR_BUFTOOSMALL) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
e27aee8f30 werror: removed WERR_SERVER_UNAVAILABLE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
c388fc0435 werror: removed WERR_INVALID_SECURITY_DESCRIPTOR (unused, already known as WERR_INVALID_SECURITY_DESCR) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
00bf5323e0 werror: removed WERR_USER_NOT_IN_GROUP (unused, already known as WERR_MEMBER_NOT_IN_GROUP) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
cbc3adffe7 werror: removed WERR_USER_ALREADY_EXISTS (unused, already known as WERR_USER_EXISTS) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:25 +02:00
Günther Deschner
5ffa3d862a werror: removed WERR_NO_SUCH_SERVICE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:24 +02:00
Günther Deschner
52c8e96201 werror: removed WERR_OBJECT_PATH_INVALID 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:24 +02:00
Günther Deschner
846db3aad0 werror: removed WERR_REG_FILE_INVALID 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:24 +02:00
Günther Deschner
d83233825c werror: removed WERR_REG_IO_FAILURE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:24 +02:00
Günther Deschner
c80ac76f81 werror: removed WERR_REG_CORRUPT 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:23 +02:00
Günther Deschner
643f905891 werror: removed WERR_INVALID_PARAM 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:23 +02:00
Günther Deschner
c9e42d7a06 werror: removed WERR_NO_SUCH_SHARE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:22 +02:00
Günther Deschner
eb875ca9ee werror: removed WERR_DEVICE_NOT_EXIST (unused, already known as WERR_DEV_NOT_EXIST 0x00000037) 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:21 +02:00
Günther Deschner
8c6d67c4e8 werror: removed WERR_GENERAL_FAILURE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:21 +02:00
Günther Deschner
3e0b394536 werror: removed WERR_NOMEM 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:20 +02:00
Günther Deschner
29b9b1c04d werror: replace WERR_NOMEM with WERR_NOT_ENOUGH_MEMORY in libcli/drsuapi/repl_decrypt.c 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:18 +02:00
Günther Deschner
4e9207c486 werror: removed WERR_BADFID 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
 2016-09-28 00:04:18 +02:00
Günther Deschner
7f0ff3cfd0 werror: removed WERR_BADFILE 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:17 +02:00
Günther Deschner
2c5de98659 werror: removed WERR_BADFUNC 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:17 +02:00
Günther Deschner
b2ab826ccb werror: use (generated) WERR_GEN_FAILURE as alias for WERR_FOOBAR 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:16 +02:00
Günther Deschner
91046e562d werror: use WERR_NOT_ENOUGH_MEMORY in WERROR macros. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:16 +02:00
Günther Deschner
217ae44f8a werror: add new DS error codes. 
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-28 00:04:16 +02:00
Günther Deschner
2d2e336575 hresult: re-generate hresult error code definitions from MS-ERREF. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
 2016-09-26 20:24:18 +02:00
David Disseldorp
dd02a5c917 libcli: add FILE_SUPPORTS_BLOCK_REFCOUNTING 
This FS attribute is used to advertise whether the server supports
FSCTL_DUP_EXTENTS_TO_FILE requests.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-09-22 20:40:08 +02:00
Günther Deschner
9c5cd9922b hresult: create enough space for the hresult_errstr message. 
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-08-23 01:06:24 +02:00
Jeremy Allison
f8caadfc78 s3: libsmb: Correctly align create contexts in a create call. 
SMB2 shadow copy requests are the first time we've used
create contexts in anger in this codepath. This took me
longer than I'd like to admit to find :-).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12166

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
 2016-08-22 19:10:22 +02:00
Jeremy Allison
66650e6769 s3: SMB1: Add missing FLAGS2 definitions from MS-SMB. 
https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
 2016-08-19 20:03:11 +02:00
Stefan Metzmacher
d81bffa0fb CVE-2016-2019: libcli/smb: don't allow guest sessions if we require signing 
Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2016-07-07 11:22:27 +02:00
Stefan Metzmacher
b74ff8c4da libcli/auth: remove unused variable in msrpc_parse() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2016-07-06 19:07:16 +02:00
Andrew Bartlett
9dcf1d4826 libcli/smb: Fix compiler errors when building with --address-sanitizer 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
 2016-06-16 04:40:12 +02:00
Stefan Metzmacher
58a8323629 libcli/auth: let msrpc_parse() return talloc'ed empty strings 
This make it more predictable for the callers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1334356
BUG: https://launchpad.net/bugs/1578576

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May  9 22:27:21 CEST 2016 on sn-devel-144
 2016-05-09 22:27:21 +02:00
Garming Sam
38e08d7174 typo: mplementation => implementation 
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
 2016-05-06 05:03:16 +02:00
Stefan Metzmacher
837e617632 libcli/security: implement SECURITY_GUEST 
SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-28 16:51:17 +02:00
Stefan Metzmacher
8f4a4bec08 libcli/smb: add smbXcli_session_is_guest() helper function 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-28 16:51:16 +02:00
Stefan Metzmacher
cceaa61cf0 libcli/smb: add SMB1 session setup action flags 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-28 16:51:16 +02:00
Stefan Metzmacher
e6f9e176f2 libcli/smb: add smb1cli_session_set_action() helper function 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-28 16:51:16 +02:00
Günther Deschner
8e016ffeb0 libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated(). 
Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-04-28 16:51:16 +02:00
Andreas Schneider
5035f1afa9 libcli:smb2: Use constant time memcmp() to verify the signature 
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-04-19 09:37:14 +02:00
Stefan Metzmacher
e31d8ded95 CVE-2015-5370: libcli/smb: use a max timeout of 1 second in tstream_smbXcli_np_destructor() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:32 +02:00
Ralph Boehme
b720575f16 CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT 
SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2016-04-12 19:25:26 +02:00
Ralph Boehme
80adeb01fe CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signing 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:26 +02:00
Stefan Metzmacher
423e95b430 CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() helper function 
This is the function that prevents spoofing like
Microsoft's CVE-2015-0005.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:24 +02:00
Stefan Metzmacher
4c4829634f CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:23 +02:00
Stefan Metzmacher
574535c74d CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResult 
This is defined in http://www.ietf.org/rfc/rfc4178.txt.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:22 +02:00
Stefan Metzmacher
001735a804 CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_t 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
 2016-04-12 19:25:22 +02:00
Günther Deschner
ccda60ed9b libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call. 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-22 00:23:21 +01:00
Douglas Bagnall
8ca1e349eb ASN1: use a talloc context in read_contextSimple 
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
 2016-03-09 10:32:16 +01:00
Justin Maggard
b69b96fc14 s3:smbd: rework negprot remote arch detection 
Negprot remote arch detection is very cryptic.  Rework it so it's easier
to understand, and therefore more extensible, following the protocol table
in inline comments.  This also allows us to remove some hacks.

Signed-off-by: Justin Maggard <jmaggard10@gmail.com>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-03-03 05:50:17 +01:00
Michael Adam
bebd35f439 netlogon_creds_cli: use dbwrap_purge instead of dbwrap_delete where appropriate 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2016-03-01 21:50:24 +01:00
Noel Power
c4cd56c484 libcli: Fix debug message, print sid string for new_ace trustee. 
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
 2016-02-16 00:55:23 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END() 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-02-06 21:48:17 +01:00
Volker Lendecke
ceb75ad09e spnego: Some simplifications 
asn1_tag_remaining already checks for has_error and only
returns positive if there is error-free space left

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2016-02-03 15:04:11 +01:00
Volker Lendecke
7d8006f3b4 ldap: Correctly check asn1_tag_remaining retval 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2016-02-03 15:04:11 +01:00
Ralph Boehme
f95549957e libcli/smb: add define SMB_ENCRYPTION_GSSAPI for CIFS encryption type 
Add a define for the CIFS UNIX extensions encryption type. We store this
in smbXsrv_channel and use it in smbstatus for showing the
CIFS/SMB2/SMB3 encryption cipher used.

The SMB3 encryption cipher constants start at 1, carefully choosing the
highest available bit for the CIFS UNIX extensions encryption cipher
should avoid collisions and leaves room for many SMB3 ciphers in the
future.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-22 07:52:21 +01:00
Günther Deschner
cf163ac359 security: Add Asserted Identity sids (S-1-18) 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677

definitions taken from [MS-DTYP]: Windows Data Types,
2.4.2.4 Well-Known SID Structures.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-15 22:19:07 +01:00
Jelmer Vernooij
da8674c72a Rename 'errors' to 'samba-errors' and make it public. 
This is necessary because it has public headers.

Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
 2016-01-13 07:47:04 +01:00
Jelmer Vernooij
218f96f2bf libcli: Make headers for private libraries private. 
Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
 2016-01-13 04:43:23 +01:00
Jelmer Vernooij
ffbd9c4584 Add a new header file for functions in lib/util/util.c. 
This allows public headers to not include samba_util.h, but rather
specific header files under lib/util.

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
 2016-01-13 04:43:23 +01:00
Jelmer Vernooij
773cfba9af Avoid including libds/common/roles.h in public loadparm.h header. 
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
 2016-01-13 04:43:23 +01:00
Jelmer Vernooij
fddca39f19 samdb: Add explicit dependency on ldb. 
This is needed to pull in the right -I flags.

Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
 2016-01-13 04:43:22 +01:00
Volker Lendecke
3c340d81d8 libcli: Remove a reference to asn1->ofs 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:18 +01:00
Volker Lendecke
b7f0e29fd2 lib: Use asn1_current_ofs() 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:18 +01:00
Volker Lendecke
1282f6063d lib: Use asn1_has_nesting 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:18 +01:00
Volker Lendecke
a93946b2fe lib: Use asn1_extract_blob() 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:18 +01:00
Volker Lendecke
8cfb6a3139 lib: Use asn1_set_error() 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:18 +01:00
Volker Lendecke
57a0bc9a9f lib: Use asn1_has_error() 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:18 +01:00
Volker Lendecke
ad630a681e asn1: Make asn1_peek_full_tag return 0/errno 
We don't need the full power of NTSTATUS here. This was the only
NTSTATUS in asn1.h, so I think it's worth removing it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-01-06 00:54:17 +01:00
Stefan Metzmacher
bc2d8592f4 CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-16 12:56:48 +01:00
Volker Lendecke
ea6de66b9c libdns: Small cleanup 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-08 23:01:28 +01:00
Volker Lendecke
dfceb51da8 libdns: Convert dns_udp_request to 0/errno 
Replaces 5 calls to unix_to_werror with just one

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-08 23:01:27 +01:00
Volker Lendecke
190e2c013b libdns: Properly set ENOMEM 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-08 23:01:27 +01:00
Volker Lendecke
a0fcb7bd80 libdns: tsocket returns -1 and sets errno 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-08 23:01:27 +01:00
Stefan Metzmacher
3bbd8d3614 libcli/smb: fix BUFFER_OVERFLOW handling in tstream_smbXcli_np 
The special error is not NT_STATUS_BUFFER_TOO_SMALL, but STATUS_BUFFER_OVERFLOW.

Tested using TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE == 20 and running
the following commands against a Windows 2012R2 server:

bin/smbtorture ncacn_np:SERVER[] rpc.lsa-getuser
bin/smbtorture ncacn_np:SERVER[smb2] rpc.lsa-getuser

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec  1 03:42:52 CET 2015 on sn-devel-104
 2015-12-01 03:42:51 +01:00
Stefan Metzmacher
0e8d33fb5f libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in smb1cli_readx* 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-01 00:38:23 +01:00
Stefan Metzmacher
68850f3f56 libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in smb2cli_query_info* 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-01 00:38:23 +01:00
Stefan Metzmacher
b47bfce678 libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in smb2cli_read* 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-01 00:38:23 +01:00
Stefan Metzmacher
91e12e04fc libcli/smb: make sure we have a body size of 0x31 before dereferencing an ioctl response 
Found by valgrind, reported by Noel Power <nopower@suse.com>:

==7913== Invalid read of size 1
==7913==    at 0xC4F23EE: smb2cli_ioctl_done (smb2cli_ioctl.c:245)
==7913==    by 0x747A744: _tevent_req_notify_callback (tevent_req.c:112)
==7913==    by 0x747A817: tevent_req_finish (tevent_req.c:149)
==7913==    by 0x747A93C: tevent_req_trigger (tevent_req.c:206)
==7913==    by 0x7479B2B: tevent_common_loop_immediate
(tevent_immediate.c:135)
==7913==    by 0xA9CB4BE: run_events_poll (events.c:192)
==7913==    by 0xA9CBB32: s3_event_loop_once (events.c:303)
==7913==    by 0x7478C72: _tevent_loop_once (tevent.c:533)
==7913==    by 0x747AACD: tevent_req_poll (tevent_req.c:256)
==7913==    by 0x505315D: tevent_req_poll_ntstatus (tevent_ntstatus.c:109)
==7913==    by 0xA7201F2: cli_tree_connect (cliconnect.c:2764)
==7913==    by 0x165FF7: cm_prepare_connection (winbindd_cm.c:1276)
==7913==  Address 0x16ce24ec is 764 bytes inside a block of size 813 alloc'd
==7913==    at 0x4C29110: malloc (in
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==7913==    by 0x768A0C1: __talloc_with_prefix (talloc.c:668)
==7913==    by 0x768A27E: _talloc_pool (talloc.c:721)
==7913==    by 0x768A41E: _talloc_pooled_object (talloc.c:790)
==7913==    by 0x747A594: _tevent_req_create (tevent_req.c:66)
==7913==    by 0xCF6E2FA: read_packet_send (async_sock.c:414)
==7913==    by 0xCF6EB54: read_smb_send (read_smb.c:54)
==7913==    by 0xC4DA146: smbXcli_conn_receive_next (smbXcli_base.c:1027)
==7913==    by 0xC4DA02D: smbXcli_req_set_pending (smbXcli_base.c:978)
==7913==    by 0xC4DF776: smb2cli_req_compound_submit (smbXcli_base.c:3166)
==7913==    by 0xC4DFC1D: smb2cli_req_send (smbXcli_base.c:3268)
==7913==    by 0xC4F2210: smb2cli_ioctl_send (smb2cli_ioctl.c:149)
==7913==

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11622

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-01 00:38:23 +01:00
Christof Schmitt
fd05d617a8 libcli/smb: Use helper function for finding session 
This removes some duplicated code.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 18 04:04:17 CET 2015 on sn-devel-104
 2015-11-18 04:04:15 +01:00
Andrew Bartlett
4b25650577 repl: Give an error if we get a secret when not expecting one 
We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING

This asserts that this is the case.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
 2015-10-26 05:11:21 +01:00
Jeremy Allison
b1bd84e9c9 lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags. 
We need this to see if a share supports access-based enumeration.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-10-14 15:58:19 +02:00
Volker Lendecke
8eedd5c48b libdap: Fix a '\0' vs NULL mixup 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-10-14 02:19:14 +02:00
Richard Sharpe
9893888c51 Change the libreadline word-break character set to only space, TAB and NL so that we can attempt to do tab completion across backslashes. 
This turned out to be all that was needed to enable cd to handle multiple
directory levels.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct  7 04:16:24 CEST 2015 on sn-devel-104
 2015-10-07 04:16:24 +02:00
Volker Lendecke
de421d8826 lib: Remove unused sid_blob_parse 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-08-26 21:41:12 +02:00
Volker Lendecke
4a442e2eb7 lib: Make sid_parse take a uint8_t 
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-08-26 21:41:12 +02:00
Volker Lendecke
796c77d43d lib: Use dom_sid_equal where appropriate 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
 2015-08-20 12:49:22 +02:00
Stefan Metzmacher
05dbd3b47a libcli/smb: prefer AES128_CCM 
Callgrind showed that we use 28,165,720,719 cpu cycles to send
a 100MB file to a client using aes-ccm.

With aes-gcm this is raises up to 723,094,413,831 cpu cycles.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
 2015-08-17 17:43:36 +02:00
Volker Lendecke
e6c8452093 libcli: Use iov_buflen in smb2_signing.c 
This gives us overflow protection.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Aug 14 13:56:49 CEST 2015 on sn-devel-104
 2015-08-14 13:56:49 +02:00
Volker Lendecke
5d141a32f3 lib: Remove some unused code 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
 2015-08-14 07:46:12 +02:00
Volker Lendecke
f0f23d6a92 lib: Remove some unused code 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
 2015-08-14 07:46:12 +02:00
Michael Adam
204cbe3645 Introduce setting "desired" for 'smb encrypt' and 'client/server signing' 
This should trigger the behaviour where the server requires
signing when the client supports it, but does not reject
clients that don't support it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-07-07 14:05:27 +02:00
Stefan Metzmacher
7e095eb334 libcli/smb: let tstream_smbXcli_np report connection errors as EPIPE instead of EIO 
This maps to NT_STATUS_CONNECTION_DISCONNECTED instead of
NT_STATUS_IO_DEVICE_ERROR.

EPIPE, NT_STATUS_CONNECTION_DISCONNECTED matches what other tstream backends
e.g. tcp and unix report.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
 2015-07-03 02:00:28 +02:00
Volker Lendecke
994d08e420 libsmb: Streamline smb1cli_trans a bit 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2015-06-26 19:32:19 +02:00
Jeremy Allison
95fc7fbe82 lib: ldap: Properly check talloc error returns. 
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 16 04:16:13 CEST 2015 on sn-devel-104
 2015-06-16 04:16:13 +02:00
Stefan Metzmacher
006042ac12 libcli/smb: make sure we remove the writev_send() request when a request is destroyed 
This way smbXcli_conn_disconnect() removes all tevent_fd structures attached to
the sock_fd before closing it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-12 17:08:18 +02:00
Stefan Metzmacher
f3982eb2c7 libcli/smb: add smb1 requests to the pending array before writev_send() 
This way we have a change to destroy the pending writev_send request before
closing the socket in smbXcli_conn_disconnect().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-12 17:08:18 +02:00
Stefan Metzmacher
5933843427 libcli/smb: make sure the writev_send of smbXcli_conn_samba_suicide() is removed before closing the socket 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-12 17:08:18 +02:00
Stefan Metzmacher
8f42df235d libcli/smb: remove unused split of read_fd and write_fd 
The tevent epoll backend supports separate read and write tevent_fd structure
on a single fd, so there's no need for a dup() anymore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-12 17:08:18 +02:00
Stefan Metzmacher
46e1aa22b1 libcli/smb: close the socket fd at the end of smbXcli_conn_disconnect() 
We need to cancel all pending requests before closing the socket fds,
otherwise we cause problem with the interaction with the epoll event backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-12 17:08:18 +02:00
Stefan Metzmacher
26c4b3fc9d libcli/smb: use tevent_req_received(req) in read_smb_recv() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-12 17:08:18 +02:00
Stefan Metzmacher
fcf0d3ebef libcli/named_pipe_auth: call smb_set_close_on_exec() in tstream_npa_socketpair() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11312

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
 2015-06-05 14:33:19 +02:00
Volker Lendecke
ab26e84da1 tstream: Make socketpair nonblocking 
When we have a large RPC reply, we can't block in the RPC server.

Test: Do rpcclient netshareenumall with a thousand shares defined

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-06-04 01:02:26 +02:00
Stefan Metzmacher
477ecfbdaf libcli/smb: In CCM and GCM mode we can't reuse nonces 
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
 2015-05-29 19:50:25 +02:00
Ross Lagerwall
f73bcf4934 s3: libsmbclient: Add server-side copy support 
Introduce a new operation, splice, which copies data from one SMBCFILE
to another. Implement this operation using FSCTL_SRV_COPYCHUNK_WRITE for
SMB2+ protocols and using read+write for older protocols. Since the
operation may be long running, it takes a callback which gets called
periodically to indicate progress to the application and given an
opportunity to stop it.

Signed-off-by: Ross Lagerwall <rosslagerwall@gmail.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-05-29 02:37:18 +02:00