1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

4348 Commits

Author SHA1 Message Date
Jeremy Allison
97cde5dc92 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ctemp_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
e2d70551e1 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_chkpath_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
00551d7306 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setatr_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
461000c881 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_getatr_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
47c1314429 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_openx_create().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
d7ee917b16 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_nttrans_create_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
cd4a60bb1f s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntcreate1_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
17d1f19eda s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rmdir_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
3081604734 s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_mkdir_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
3242a0b9f0 s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_unlink_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
c2a1905abd s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_ntrename_internal_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
ae7047923e s3: libsmb: s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_rename_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
21a7bf428b s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_qpathinfo_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
75e4290b60 s3: libsmb: Plumb in additional_flags2 = FLAGS2_REPARSE_PATH to cli_setpathinfo_send().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
19696f3494 s3: libsmb: Add clistr_is_previous_version_path()
Looks for @GMT- token in pathname.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
79c8b75671 s3: libsmb: Add uint16_t addtional_flags2 to cli_smb_req_create().
Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
76bbc4c0c3 s3: libsmb: Add uint16_t addtional_flags2 to cli_trans_send().
Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:12 +02:00
Jeremy Allison
a876f915fd s3: libsmb: Add uint16_t additional_flags2 arg to cli_smb_send().
Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12165

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-19 20:03:11 +02:00
Jeremy Allison
27ebf64b34 s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-08-10 08:18:17 +02:00
Michael Adam
e8bab7e5b2 libsmb:namequery: fix typo in comment in get_dc_list()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-07-12 17:49:19 +02:00
Stefan Metzmacher
53a1248fb3 CVE-2016-2019: s3:libsmb: add comment regarding smbXcli_session_is_guest() with mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2016-07-07 11:22:27 +02:00
Stefan Metzmacher
171e87fae6 s3:libsmb/clirap: remove unused cli_get_server_*() functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  6 22:41:41 CEST 2016 on sn-devel-144
2016-07-06 22:41:41 +02:00
Jeremy Allison
c0704d99ce s3: libsmb: Correctly trim a trailing \\ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
We already trim any leading \\ characters in this function, so this is the simplest place
to clean the pathname.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11986

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Jun 22 10:33:29 CEST 2016 on sn-devel-144
2016-06-22 10:33:29 +02:00
Jeremy Allison
b4f9ac6a24 s3: libsmb: Widen the internal client smb1.pid to 32-bits as is used on the wire and in libcli/smb/smb1*.c
Note: This has *NO* effect on the lock context code, as on the
wire for all SMB1 locking requests, the pid used as the lock
context is already truncated down to 16-bits - the field is only
16-bits wide.

This allows the cli_XXX() calls to correctly set pidlow AND pidhigh
in SMB1 requests put on the wire by the libcli/smb/smb1*.c code.

Note that currently the smbd server doesn't correctly return
pidhigh yet - a fix (and tests) for that will follow.

As pidhigh is not checked in any client code (mid is used
to differentiate different requests) this has no effect
other than a correctness fix.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-18 15:32:17 +02:00
Volker Lendecke
08a78662e9 libsmb: Fix two CIDs for NULL dereference
This whole area is a known-to-be-broken mess, but this patch should fix
the immediate crash

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun  7 18:31:30 CEST 2016 on sn-devel-144
2016-06-07 18:31:30 +02:00
Jeremy Allison
46695fa2c8 s3: libsmb: Add sync and async cli_posix_whoami().
Will add as a command to smbclient, plus will be useful for testing.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-05-25 23:09:08 +02:00
Michael Adam
8f16d237b9 s3:samlogon_cache: fix O3 error unused result of truncate
in netsamlogon_cache_init()

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:16 +02:00
Christian Ambach
7efbe11397 s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs
Windows servers will refuse trans2 requests which use excessive
request parameters. From [MS-CIFS|:
<239> Section 3.3.5.2.5: Windows NT servers fail a transaction request with
STATUS_INSUFF_SERVER_RESOURCES, if (SetupCount + MaxSetupCount +
TotalParameterCount + MaxParameterCount + TotalDataCount + MaxDataCount)
is greater than 65*1024.

When attempting to set a large list of EAs for a file, this limit can be
hit when using CLI_BUFFER_SIZE as MaxDataCount
while the TRANS2_SET_PATH_INFORMATION response has no data reply,
only parameters (section 2.2.6.7.2).

Be as minimal as possible here to allow a maximum number of EAs to
be written.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11354
Reviewed-by: Jeremy Allison <jra@samba.org>

Signed-off-by: Christian Ambach <ambi@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 11 18:35:59 CEST 2016 on sn-devel-144
2016-05-11 18:35:59 +02:00
Robin McCorkell
2a872e2b66 Correctly set cli->raw_status for libsmbclient in SMB2 code
The SMB2 file handling code wasn't correctly setting raw_status, which
is used by libsmbclient to report file open errors etc.

https://bugzilla.samba.org/show_bug.cgi?id=11276

Signed-off-by: Robin McCorkell <robin@mccorkell.me.uk>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-05-04 20:35:07 +02:00
Stefan Metzmacher
e72ad193a5 s3:libsmb: use anonymous authentication via spnego if possible
This makes the authentication consistent between
SMB1 with CAP_EXTENDED_SECURITY (introduced in Windows 2000)
and SNB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:16 +02:00
Stefan Metzmacher
fa5799207e s3:libsmb: don't finish the gensec handshake for guest logins
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:16 +02:00
Stefan Metzmacher
02c9021035 s3:libsmb: record the session setup action flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:16 +02:00
Stefan Metzmacher
53be474102 s3:libsmb: use password = NULL for anonymous connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11858

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-28 16:51:16 +02:00
Noel Power
43ea097461 s3:libsmb: Fix illegal memory access after memory has been deleted.
smbtorture with the libsmbclient test suite produces the following valgrind
trace

==31432== Invalid read of size 8
==31432==    at 0x99B8858: smbc_free_context (libsmb_context.c:260)
==31432==    by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432==    by 0x9553F42: wrap_simple_test (torture.c:632)
==31432==    by 0x955366F: internal_torture_run_test (torture.c:442)
==31432==    by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432==    by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432==    by 0x95531D7: torture_run_suite (torture.c:339)
==31432==    by 0x25FEFF: run_matching (smbtorture.c:93)
==31432==    by 0x260195: torture_run_named_tests (smbtorture.c:143)
==31432==    by 0x261E14: main (smbtorture.c:665)
==31432==  Address 0x18864a70 is 80 bytes inside a block of size 96 free'd
==31432==    at 0x4C2A37C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==31432==    by 0x99BCC46: SMBC_closedir_ctx (libsmb_dir.c:922)
==31432==    by 0x99C06CA: SMBC_close_ctx (libsmb_file.c:370)
==31432==    by 0x99B8853: smbc_free_context (libsmb_context.c:259)
==31432==    by 0x5E6401: torture_libsmbclient_opendir (libsmbclient.c:136)
==31432==    by 0x9553F42: wrap_simple_test (torture.c:632)
==31432==    by 0x955366F: internal_torture_run_test (torture.c:442)
==31432==    by 0x95538C3: torture_run_tcase_restricted (torture.c:506)
==31432==    by 0x9553278: torture_run_suite_restricted (torture.c:357)
==31432==    by 0x95531D7: torture_run_suite (torture.c:339)
==31432==    by 0x25FEFF: run_matching (smbtorture.c:93)
==31432==    by 0x260195: torture_run_named_tests (smbtorture.c:143)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11836

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 14 13:24:10 CEST 2016 on sn-devel-144
2016-04-14 13:24:10 +02:00
Ralph Boehme
1667e73ada CVE-2016-2115: s3:libsmb: use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol()
Use SMB_SIGNING_IPC_DEFAULT and lp_client_ipc_{min,max}_protocol() for RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
5c8721ebf3 CVE-2016-2115: s3:libsmb: let SMB_SIGNING_IPC_DEFAULT use "client ipc min/max protocol"
We need NT1 => LATEST in order to work against all servers which support
DCERPC over ncacn_np.

This is a mini step in using SMB2/3 in our client side by default.

This gives us a higher chance that SMB signing is supported by the
server (as it can't be turned off for SMB2 and higher).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Ralph Boehme
b720575f16 CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
2c73047ecf CVE-2016-2111: s3:libsmb: don't send a raw NTLMv2 response when we want to use spnego
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Jeremy Allison
f63b9a73b0 s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.
Reported by Thomas Dvorachek <tdvorachek@yahoo.com> from a Windows 10 server.
Confirmed in MS-CIFS 2.2.8.1.7.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11822

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr  6 03:46:55 CEST 2016 on sn-devel-144
2016-04-06 03:46:55 +02:00
Volker Lendecke
f50c3fb1c5 libsmb: Fix CID 1356312 Explicit null dereferenced
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-18 00:29:14 +01:00
Stefan Metzmacher
1433501822 s3:libsmb: remove unused functions in clispnego.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
95b953950d s3:libsmb: remove unused cli_session_setup_kerberos*() functions
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
0e1b2ebf88 s3:libsmb: make use of cli_session_setup_gensec*() for Kerberos
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
907e2b1f66 s3:libsmb: call cli_state_remote_realm() within cli_session_setup_spnego_send()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
285c342f01 s3:libsmb: provide generic cli_session_setup_gensec_send/recv() pair
It will be possible to use this for more than just NTLMSSP in future.

This prepares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
576257f6e1 s3:libsmb: let cli_session_setup_ntlmssp*() use gensec_update_send/recv()
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
afffe79754 s3:libsmb: unused ntlmssp.c
Everything uses the top level ntlmssp code via gensec now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
4f6fe27c70 s3:libsmb: make use gensec based SPNEGO/NTLMSSP
This pares a fix for https://bugzilla.samba.org/show_bug.cgi?id=10288

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:30 +01:00
Stefan Metzmacher
8bcde9ec62 s3:auth_generic: add "ntlmssp_resume_ccache" backend in auth_generic_client_prepare()
This will be used by winbindd in order to correctly implement WINBINDD_CCACHE_NTLMAUTH.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:28 +01:00
Stefan Metzmacher
52c03c0715 s3:ntlmssp: remove unused libsmb/ntlmssp_wrap.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:28 +01:00
Stefan Metzmacher
0d66e2d34f s3:auth_generic: make use of the top level NTLMSSP client code
There's no reason to use gensec_ntlmssp3_client_ops, the
WINBINDD_CCACHE_NTLMAUTH isn't available via gensec anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:28 +01:00
Stefan Metzmacher
79a6fc0532 s3:auth_generic: add auth_generic_client_start_by_sasl()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:27 +01:00
Stefan Metzmacher
ccfd2647c7 s3:auth_generic: add auth_generic_client_start_by_name()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-03-10 06:52:27 +01:00
Jeremy Allison
6b61b5448a CVE-2015-7560: s3: libsmb: Add SMB1-only POSIX cli_posix_setacl() functions. Needed for tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-03-10 06:52:23 +01:00
Jeremy Allison
e7e23e9647 CVE-2015-7560: s3: libsmb: Rename cli_posix_getfaclXX() functions to cli_posix_getacl() as they operate on pathnames.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11648

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-03-10 06:52:23 +01:00
Uri Simchoni
6d717402e4 dsgetdcname: fix flag check
Fix the check for zero requseted flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-07 22:16:20 +01:00
Uri Simchoni
ef84f4c018 dsgetdcname: return an IP address on rediscovery
When dsgetdcname return its result based on discovery
process (instead of retrieving cached value), always
return the found server's IP address in dc_address field,
rather than its netbios name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11769

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-07 22:16:20 +01:00
Aurelien Aptel
9dfd531c19 s3/libsmb/clirap2.c: use actual buffer size
data used to be a stack allocated array but was changed to a heap
allocated buffer by commit 95a81a3. Update sizeof(data) to data_size.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb 27 05:25:40 CET 2016 on sn-devel-144
2016-02-27 05:25:40 +01:00
Michael Adam
476672b647 dlist: remove unneeded type argument from DLIST_ADD_END()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-02-06 21:48:17 +01:00
Volker Lendecke
024c619fa8 spnego: Correctly check asn1_tag_remaining retval
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2016-02-03 15:04:11 +01:00
Stefan Metzmacher
14f1a94b6f s3:clispnego: fix confusing warning in spnego_gen_krb5_wrap()
asn1_extract_blob() stops further asn1 processing by setting has_error.

Don't call asn1_has_error() after asn1_extract_blob() has been successful
otherwise we get an "Failed to build krb5 wrapper at" message
on success.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11702

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-02-01 09:53:09 +01:00
Volker Lendecke
812e07418e libsmb: Remove ip_service based resolve_lmhosts
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-01-13 07:48:30 +01:00
Volker Lendecke
c29188f501 libsmb: Convert resolve_hosts to sockaddr_storage
Eventually I want to  get rid of struct ip_service.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-01-13 07:48:30 +01:00
Volker Lendecke
5021974f2a lib: Introduce util_tsock.h
This avoids includes.h in source3/lib/util_tsock.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-01-10 22:24:17 +01:00
Andrew Bartlett
0064f1d3a6 pylibsmb: Adjust to use of PY_SSIZE_T_CLEAN
This changes the type used for # arguments to PyArg_ParseTupleAndKeywords

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
2016-01-07 23:33:10 +01:00
Jeremy Allison
8108f0d320 s3: smbclient: asn1_extract_blob() stops further asn1 processing by setting has_error.
Don't call asn1_has_error() after asn1_extract_blob() has been successful
otherwise we get an "Failed to build negTokenInit at offset" message
on success.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan  7 16:00:02 CET 2016 on sn-devel-144
2016-01-07 16:00:02 +01:00
Uri Simchoni
275da6c5c7 smbclient: query disk usage relative to current directory
When querying disk usage in the "dir" and "du" commands,
use the current directory. This behavior is compatible
with Windows command shell "dir" command.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11662

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
b7f0e29fd2 lib: Use asn1_current_ofs()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
a93946b2fe lib: Use asn1_extract_blob()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
8cfb6a3139 lib: Use asn1_set_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Volker Lendecke
57a0bc9a9f lib: Use asn1_has_error()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-01-06 00:54:18 +01:00
Jeremy Allison
d7feb1879e s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.
Greatly helped by <shargagan@novell.com> to
track down this issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144
2015-12-18 01:02:55 +01:00
Stefan Metzmacher
55d8bfca9b s3:libsmb: remove unused spnego related includes
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 17 17:49:14 CET 2015 on sn-devel-144
2015-12-17 17:49:14 +01:00
Stefan Metzmacher
aef4113823 CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-16 12:56:48 +01:00
Stefan Metzmacher
f8b0f7fd94 CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-16 12:56:48 +01:00
Volker Lendecke
557169d1a0 lib: Use GUID_buf_string in discover_dc_dns
One talloc call less..

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-08 23:01:27 +01:00
Volker Lendecke
9bc3f48298 lib: Lift lp_disable_netbios one level
This should fix an error code when neither DS_IS_FLAT_NAME nor
DS_IS_DNS_NAME are specified. If netbios is disabled and the DC
can't be found via DNS we should not return NOT_SUPPORTED but
DOMAIN_CONTROLLER_NOT_FOUND.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-08 23:01:27 +01:00
Volker Lendecke
7e5b4cd097 lib: make debug_dsdcinfo_flags static
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-12-08 23:01:27 +01:00
Mathieu Parent
c315fce17e Fix various spelling errors
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  6 13:43:45 CET 2015 on sn-devel-104
2015-11-06 13:43:45 +01:00
Volker Lendecke
258ce91f31 lib: Move sys_rw* to lib/util
genrand.c will require it soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-10-13 01:23:07 +02:00
Har Gagan Sahai
12153af85d s3: dfs: Fix a crash when the dfs targets are disabled.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11509

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@wakeful.net>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 11 06:39:19 CEST 2015 on sn-devel-104
2015-09-11 06:39:19 +02:00
Anoop C S
a44a0c47cb libsmb: Fix CID 1034606 Incorrect pointer comparison
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Sep  9 21:33:49 CEST 2015 on sn-devel-104
2015-09-09 21:33:49 +02:00
Anoop C S
b63b53c842 libsmb: Fix CID 1034605 Incorrect pointer comparison
Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-09-09 18:33:08 +02:00
Volker Lendecke
c9d97e3a2e lib: Make sid_linearize take a uint8_t
We marshall into a binary buffer, uint8_t better reflects that.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 00:40:58 CEST 2015 on sn-devel-104
2015-08-27 00:40:58 +02:00
Volker Lendecke
4a442e2eb7 lib: Make sid_parse take a uint8_t
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-08-26 21:41:12 +02:00
Douglas Bagnall
d61ba23c36 Use uintptr_t for pointer int cast in SMBC_getdents_ctx()
On i386, unsigned long long is 64 bit while the pointer is 32, and
this fails under autobuild with -WError.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 21 05:14:20 CEST 2015 on sn-devel-104
2015-07-21 05:14:20 +02:00
Andreas Schneider
2bfe12e96e CID 1311771: Fix a null pointer dereference
We check for dir == NULL but dereference it during variable declaration.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-07-15 01:47:21 +02:00
Volker Lendecke
8a58a48f86 libsmb: Implement smbc_notify
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 10 09:35:13 CEST 2015 on sn-devel-104
2015-07-10 09:35:13 +02:00
Michael Adam
2b644e3d5d s3:libsmb: fix resolve_ads return if there were no answers
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-07-01 23:05:55 +02:00
Volker Lendecke
c5be94c5da libsmb: Use fstr_sprint in convert_sid_to_string
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 26 22:35:02 CEST 2015 on sn-devel-104
2015-06-26 22:35:02 +02:00
Anubhav Rakshit
5af2e3eed2 s3:libsmb: Fix a bug in conversion of ea list to ea array.
Bug 11361 - Reading of EA's (Extended Attributes) fails using SMB2 and above
protocols

Tested against Win2k12r2 server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11361

Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-06-26 19:32:19 +02:00
Uri Simchoni
625550c32a namequery: remove dead code
When composing the list of servers out of the server affinity cache
and "password server" parameter, there's fallback to DNS-SRV-record-
based search if the "password server" + session affinity yield an empty
list. However:
1. The way the code is written, it never gets executed because the empty list
   is not an empty string (it contains a comma)
2. This fallback is doe in any case just a few lines down the function

Therefore this patch simply removes this fallback code.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-06-16 01:29:24 +02:00
Uri Simchoni
2f1b847199 namequery: correctly merge kdc ip address list
When finding DCs, there are three sources of addresses:
1. "Last good server"
2. Configured password server
3. SRV DNS queries

Since those different sources may return the same addresses, the
IP list is checked for duplicates, e.g. in order to save on
the LDAP ping that usually follows. Both IP address and port are
compared.

This change fixes the address duplicate removal for the case of KDC
search, where the "last good server" or configured password server
also appears in the DNS SRV query response.

An (undocumented?) assumption is that the "password server" parameter
is applicable to KDCs as well, but if a port is specified (e.g.
dc1.example.com:390), then this is the ldap port.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-06-16 01:29:24 +02:00
Uri Simchoni
507817881c namequery: fix get_kdc_list() to look for _kerberos records
get_kdc_list() should look for _kerberos.xxx SRV records rather
than _ldap.xxx records. This has significance in two cases:
- Non-default DNS configurations
- When building a custom krb5.conf file for a domain, an attempt is
  made to get site-specific as well as site-less records, but the
  search for _ldap records yields a cached site-specific result even
  for the site-less query.

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2015-06-16 01:29:24 +02:00
Anoop C S
1c9ff50891 source/libsmb: Fix CID 1272955 Logically dead code
Signed-off-by: Anoop C S <achiraya@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2015-06-15 19:56:45 +02:00
Stefan Metzmacher
a3282911f6 s3:libsmb: convert nb_trans_send/recv internals to tdgram
This simplifies/fixes the cleanup, because we need to remove any
tevent_fd object before closing the socket fd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-06-12 17:08:17 +02:00
Stefan Metzmacher
ecb4d041de s3:libsmb: convert nb_packet_reader to tstream_* functions
By using the tstream abstraction we don't need to take care
error handling regarding dangling tevent_fd structures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-06-12 17:08:17 +02:00
Stefan Metzmacher
3ecf4ec657 s3:libsmb: convert nb_packet_client to tstream_* functions
By using the tstream abstraction we don't need to take care
error handling regarding dangling tevent_fd structures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-06-12 17:08:17 +02:00
Stefan Metzmacher
9ccf8e6d36 s3:libsmb: let nb_packet_server_destructor() explicitly destroy the tevent_fd
The need to destroy the tevent_fd before closing the socket fd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-06-12 17:08:17 +02:00
Stefan Metzmacher
058d84747e s3:libsmb: remove pending requests as early as possible via a smbsock_any_connect_cleanup() hook
Once we got an error or a valid connection we should destroy all other
connection attempts as early as possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2015-06-12 17:08:17 +02:00