sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-19 04:59:10 +03:00
Code Activity
107,003 Commits 62 Branches 1,163 Tags
b51a2712c1fe770a8d98c57e57b57ea83155ca57
Commit Graph

148 Commits

Author SHA1 Message Date
Stefan Metzmacher
105cc438c6 CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on() 
This will keep enforced encryption across dfs referrals.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2017-09-04 11:29:53 +02:00
Stefan Metzmacher
2850666328 CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was not requested 
With forced encryption or required signing we should also don't fallback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2017-09-04 11:29:28 +02:00
Jeremy Allison
fad0c0da85 s3: libsmb: Correctly save and restore connection tcon in smbclient, smbcacls and smbtorture3. 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit bd31d538a2)
 2017-06-28 11:20:13 +02:00
Jeremy Allison
8edc00ea28 s3: libsmb: Widen cli_state_get_tid() / cli_state_set_tid() to 32-bits. 
Copes with SMB2 connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12831

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
(cherry picked from commit 93fa0c8660)
 2017-06-28 11:20:13 +02:00
Stefan Metzmacher
f595031cb8 s3:libsmb: pass cli_credentials to cli_check_msdfs_proxy() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-12-21 18:35:13 +01:00
Stefan Metzmacher
0c52239868 s3:libsmb: make use of cli_cm_force_encryption_creds() where we already have creds 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-12-21 18:35:13 +01:00
Stefan Metzmacher
ff23ee7ef2 s3:libsmb: split out cli_cm_force_encryption_creds() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-12-21 18:35:13 +01:00
Stefan Metzmacher
5fd8db91ef s3:libsmb: make use of cli_tree_connect_creds() in clidfs.c:do_connect() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-12-21 18:35:13 +01:00
Stefan Metzmacher
c478f688c2 s3:libsmb: make use of get_cmdline_auth_info_creds() in clidfs.c:do_connect() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-12-21 18:35:13 +01:00
Stefan Metzmacher
b9ff137e03 s3:libsmb: make use of cli_smb1_setup_encryption() in cli_cm_force_encryption() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-12-21 18:35:13 +01:00
Stefan Metzmacher
5ca59a1772 s3:libsmb: don't pass 'passlen' to cli_tree_connect[_send]() and allow pass=NULL 
There're no callers which try to pass a raw lm_response directly anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec  9 13:09:37 CET 2016 on sn-devel-144
 2016-12-09 13:09:37 +01:00
Stefan Metzmacher
f70d1cfcc2 s3:libsmb: make use of cli_session_setup_anon() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:29 +01:00
Stefan Metzmacher
482d3b35e9 s3:libsmb: let the callers only pass the password string to cli_session_setup[_send]() 
There're no callers which tried to pass raw {lm,nt}_response any more.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 2016-11-15 11:00:26 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END() 
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2016-02-06 21:48:17 +01:00
Stefan Metzmacher
f8b0f7fd94 CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect() 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-12-16 12:56:48 +01:00
Har Gagan Sahai
12153af85d s3: dfs: Fix a crash when the dfs targets are disabled. 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11509

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@wakeful.net>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 11 06:39:19 CEST 2015 on sn-devel-104
 2015-09-11 06:39:19 +02:00
Richard Sharpe
e049943eba Convert three include files from uint32/16/8 to _t types as well as the source that includes them. 
The files that include them already seem clean.

Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-05-01 19:15:10 +02:00
David Disseldorp
6da86012a2 libsmb: provide authinfo domain for encrypted session referrals 
6c9de0cd05 requires this extra change.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 21 04:29:06 CET 2015 on sn-devel-104
 2015-01-21 04:29:06 +01:00
David Disseldorp
6c9de0cd05 libsmb: provide authinfo domain for DFS referral auth 
libsmbclient uses the smbc_init->smbc_get_auth_data_fn() provided
workgroup/domain in initial connections, but then switches to the
default smb.conf workgroup/domain when handling DFS referrals.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11059

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-01-19 06:48:05 +01:00
David Disseldorp
7b7d4f740f libsmb: reuse connections derived from DFS referrals 
[MS-DFSC] 3.2.1.1 and 3.2.1.2 states that DFS targets with the same site
location or relative cost are placed in random order in a DFS referral
response.

libsmbclient currently resolves DFS referrals on every API call, always
using the first entry in the referral response. With random ordering,
libsmbclient may open a new server connection, rather than reuse an
existing (cached) connection established in a previous DFS referred API
call.

This change sees libsmbclient check the connection cache for any of the
DFS referral response entries before creating a new connection.

This change is based on a patch by Har Gagan Sahai
<SHarGagan@novell.com>.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10123

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2015-01-19 06:48:05 +01:00
Stefan Metzmacher
98f2946dd1 s3:libsmb: avoid calling cli_set_username() in clidfs 
Change-Id: I8b32be8a10d2bff33bb468cc68c98e555b220bde
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
 2014-10-17 12:57:07 +02:00
Stefan Metzmacher
71432b9eda s3:libsmb: Remove unused domain copy stored in cli_state 
Change-Id: I7333140906bb3a487205b5760396dcc00a9f49b0
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2014-10-17 12:57:07 +02:00
Andrew Bartlett
2b9d6d3d9b s3:libsmb: Remove unused password copy stored in cli_state 
Change-Id: Ia6b33a25628ae08be8a8c6baeb71ce390315cb45
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2014-10-17 12:57:07 +02:00
Har Gagan Sahai
f34ffd0d09 Fixed a memory leak in cli_set_mntpoint(). 
Fixes bug #10759 - Memory leak in libsmbclient in cli_set_mntpoint function

https://bugzilla.samba.org/show_bug.cgi?id=10759

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 13 04:36:50 CEST 2014 on sn-devel-104
 2014-08-13 04:36:49 +02:00
Garming Sam
5be5acb736 param: rename lp function and variable from "cli_minprotocol" to "client_min_protocol" 
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2014-02-07 16:19:15 -08:00
Stefan Metzmacher
c5c717fe31 s3:libsmb: add SMB2/3 support to cli_dfs_get_referral() 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2013-10-17 16:23:15 +02:00
Stefan Metzmacher
37f0e3722c s3/libsmb: make use of smbXcli_tcon_is_dfs_share() 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2013-10-17 16:17:27 +02:00
Luk Claes
114e33717d s3/libsmb: Use smbXcli_conn_dfs_supported instead of test on CAP_DFS 
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200

Signed-off-by: Luk Claes <luk@debian.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
 2013-10-17 16:15:05 +02:00
Luk Claes
d9d5744bc3 s3/libsmb: Use smbXcli_conn_use_unicode instead of smb1 specific test 
Signed-off-by: Luk Claes <luk@debian.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2013-10-17 15:54:12 +02:00
Jeremy Allison
81e1058e20 As SMB3 has transport level encryption, allow smbclient -e to force encryted SMB3 transport. 
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
 2013-08-21 17:28:55 +02:00
Stefan Metzmacher
42a493dff0 s3:libsmb: use lp_cli_minprotocol() in do_connect() 
https://bugzilla.samba.org/show_bug.cgi?id=9514

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2013-08-15 09:07:05 +02:00
Jeremy Allison
14421323d1 s3:libsmb: Ensure we ask for DEFAULT_SMB2_MAX_CREDITS on successful negprot. 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
 2013-08-15 09:07:05 +02:00
Volker Lendecke
080c1ca64b s3: Make --pw-nt-hash useable in smbclient 
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jun 12 12:41:10 CEST 2012 on sn-devel-104
 2012-06-12 12:41:10 +02:00
Luk Claes
4688107800 s3:libsmb: get rid of cli_ucs2 
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon May 28 16:58:03 CEST 2012 on sn-devel-104
 2012-05-28 16:58:03 +02:00
Luk Claes
764b5e5610 s3:libsmb: get rid of cli_negprot 
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-05-28 14:49:49 +02:00
Luk Claes
ab052c7ff0 s3:libsmb: get rid of cli_state_encryption_on 
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-05-28 14:49:47 +02:00
Luk Claes
3c9c06ac05 s3:libsmb: get rid of cli_state_capabilities 
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-05-28 14:49:46 +02:00
Luk Claes
d8c0646a5d s3:libsmb: get rid of cli_state_protocol 
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-05-28 14:49:45 +02:00
Luk Claes
4f6f4ea93c s3:libsmb: get rid of cli_state_remote_name 
Signed-off-by: Luk Claes <luk@debian.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2012-05-28 14:49:45 +02:00
Stefan Metzmacher
ee36217c40 s3:libsmb: make use of cli_tree_connect() 
metze
 2011-11-24 19:02:32 +01:00
Björn Baumbach
6003debf7e s3-libsmb/clidfs.c: remove cli_nt_error() 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-11-16 19:02:12 +01:00
Stefan Metzmacher
3f00cce9b3 s3:libsmb: pass max_protocol to cli_negprot() 
metze
 2011-09-15 10:25:17 +02:00
Stefan Metzmacher
3e227d8544 s3:libsmb: pass CLI_FULL_CONNECTION_* flags via cli_connect_nb() 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Sep  8 10:21:50 CEST 2011 on sn-devel-104
 2011-09-08 10:21:50 +02:00
Stefan Metzmacher
81e765582b s3:libsmb/cli*: use CLI_BUFFER_SIZE instead of cli->max_xmit 
The max_data parameter of trans2/nttrans calls are not bound
to cli->max_xmit. Even with cli->max_xmit, which means the max
size of the whole SMB pdu, we would get fragmented trans2/nttrans
replies. That's why we can also use our maximum, which is CLI_BUFFER_SIZE.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Aug  9 18:14:38 CEST 2011 on sn-devel-104
 2011-08-09 18:14:38 +02:00
Stefan Metzmacher
b7d5cd90d5 s3:libsmb/clidfs: make use of cli_state_encryption_on() 
metze
 2011-08-03 09:01:39 +02:00
Stefan Metzmacher
91b0aab3fc s3:libsmb/cli*: make use of cli_state_protocol() 
metze
 2011-08-02 04:54:29 +02:00
Stefan Metzmacher
6e8a6e033f s3:libsmb/cli*: make use of cli_state_capabilities() 
metze
 2011-08-02 04:54:28 +02:00
Volker Lendecke
57a0f344a1 s3: Fix Coverity ID 2596, REVERSE_INULL 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jul 24 16:37:19 CEST 2011 on sn-devel-104
 2011-07-24 16:37:19 +02:00
Stefan Metzmacher
ad40515d17 s3:libsmb/clidfs: make use of cli_state_remote_name() 
metze
 2011-07-22 17:06:09 +02:00
Stefan Metzmacher
b3e0b73280 s3:libsmb: remove const from cli_cm_display() 
metze
 2011-07-22 17:06:09 +02:00