IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Selecting encryption in 3.11 depends on the negprot contexts being present.
Setting SMB2_CAP_ENCRYPTION from the 3.11 client is optional. The absence
of it should not remove the negprot context.
Found by the Microsoft testsuites at the Redmond plugfest.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Steve French <sfrench@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 18 04:09:04 CEST 2015 on sn-devel-104
Nonce code was terminating connections where xconn->smb2.server.cipher == 0.
If no negotiated cipher (smb2.server.cipher is zero) set nonce_high_max to zero.
smb2_get_new_nonce() returns NT_STATUS_ENCRYPTION_FAILED if it is ever called with
session->nonce_high_max == 0.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Signed-off-by: Jeremy Allison <jra@samba.org>
This is the only exception, normally "replace.h" or "includes.h" need to be the
first include.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Mainly to have the new macros actually used in the code.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jun 11 04:34:50 CEST 2015 on sn-devel-104
Catch conversion error and log the path of the offending file.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jun 9 21:00:02 CEST 2015 on sn-devel-104
Disconnect the client if the request is not signed.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 6 03:19:33 CEST 2015 on sn-devel-104
This way we can remove the ctdb-specific includes from messages_ctdbd.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reuse of nonces with AES-CCM and AES-GCM leads to catastrophic failure,
so make sure the server drops the connection if that ever happens.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11300
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Simo Sorce <simo@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri May 29 22:38:50 CEST 2015 on sn-devel-104
Following Windows behaviour, the last command in a compound request
should be padded to an 8 byte boundary and OS X clients crash badly if
we don't pad.
[MS-SMB2] 3.3.4.1.3, "Sending Compounded Responses", doesn't make it
clear whether the padding requirement governs the last command in a
compound response, a future MS-SMB2 update will document Windwows
product behaviour in a footnote.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11277
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Move functionality out of ctdbd_conn to its right place into smbd
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 16 03:09:12 CEST 2015 on sn-devel-104
Note: SMB 3.1.0 was used in a early preview versions of Windows 10.
Was later superseded by 3.1.1.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
This protects the full connection setup including
a posteriori verification of the negotiate messages,
by signing the final session setup response with a signing key
derived from the preauth hash and the authentication session key.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Used for:
- preauthentication validation
- negotiation of ciphers for sigingn and encryprtion
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This replaces code in smbXsrv_session_logoff_all_callback()
and smbXsrv_session_clear_and_logoff().
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu May 7 10:43:29 CEST 2015 on sn-devel-104
The cleanup of a failing session setup is now handled in
smbd_smb2_session_setup_wrap_*().
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The wrapper calls smbXsrv_session_shutdown_send/recv() in case of an error,
this makes sure a failing reauth shuts down the session like an explicit logoff.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
smbXsrv_session_logoff_all_callback() is called when the last transport
connection is gone, which means we won't need to sign any response...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This won't be needed typically needed as the caller is supposted to cancel
the requests already, but this makes sure we don't keep dangling pointers.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11182
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
EA's and ACL paths are all post-stream name checks (and shouldn't
get stream names). This one took a *long* time to find.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11249
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
No longer used or needed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11249
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Streams implementing VFS modules may implement streams in a way that the
fsp will have the basefile open in the fsp fd, so lacking a distinct fd
for the stream, kernel_flock will apply on the basefile which is
wrong. The actual check is deffered to the VFS module implementing the
kernel_flock call.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11243
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Replace all callers with direct calls to server_id_str_buf without
talloc_tos()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We now have reset_delete_on_close_lck, this was called with "true"
everywhere now.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
smbd_reinit_after_fork is a simple wrapper around reinit_after_fork that
should be used after forking from the main smbd.
At the moment the only additional step it performs is resetting
am_parent to NULL.
A subsequent commit will make use of this function.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
