1
0
mirror of https://github.com/samba-team/samba.git synced 2025-03-16 06:50:24 +03:00

2457 Commits

Author SHA1 Message Date
Ralph Boehme
021321f5a8 s4:libcli: remember return code from maximum access
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 9f4ee05295827c9a607e1f63694a17906f777176)
2019-03-11 07:52:24 +00:00
Ralph Boehme
8ae8c56700 s4:libcli/smb2: reapply request endtime
tevent_req_finish() removed a possible request timeout, make sure to
reinstall it. This happened when an interim SMB2 response was received.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a6de555c51ca34ef24ac4b4cb672cd748d3197a1)
2018-11-06 09:10:22 +01:00
Stefan Metzmacher
5b60ffce18 s4:libcli: add smb_connect_nego_{send,recv}()
This can be used to create a connection up to a negotiated
smbXcli_conn.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e4910f35eab008a41cfcac3d97b3647c721ac679)
2018-08-13 12:56:34 +02:00
Stefan Metzmacher
dcaa67ffa4 s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not supported locally
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5188454bdce80f6e2bfc45deca18bd1b7289a7a6)
2018-08-13 12:56:34 +02:00
Stefan Metzmacher
3212bc7694 s4:libcli: add fallback_to_anonymous to smb2_connect_send()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit ca000d8901e6acb8a7c59d26d4f75c9d92bafece)
2018-08-13 12:56:34 +02:00
Stefan Metzmacher
2fd61b0e86 s4:libcli: allow passing an already negotiated connection to smb2_connect_send()
It will just do the session setup and tree connect steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit f20e607c15b4c8ae56ade5d7e68d832542a2cd5e)
2018-08-13 12:56:34 +02:00
Stefan Metzmacher
2635c62553 s4:libcli: split out smb2_connect_session_start()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 5ad5b81b6ef601596583b4ad7d6a14241fa99a71)
2018-08-13 12:56:33 +02:00
Stefan Metzmacher
dbf268e6e6 s4:libcli: add smb2_transport_raw_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit ce2248c4b5aad2d00155a2e77b3e6340ce824979)
2018-08-13 12:56:33 +02:00
Stefan Metzmacher
1136ff225f s4:libcli: allow passing an already negotiated connection to smb_composite_connect()
It will just do the session setup and tree connect steps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 2b68f9b8b0dd944fa89b9e0037886ddd4fb4e5f9)
2018-08-13 12:56:33 +02:00
Stefan Metzmacher
77ab463cba s4:libcli: use talloc_zero() for struct smb_composite_connect in fetchfile.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 87d73397f9a9dee8fa0055a2ff08244b2c85e120)
2018-08-13 12:56:33 +02:00
Stefan Metzmacher
19e65aff16 s4:libcli: add smbcli_transport_raw_init()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit b7e99c2571e31971a6d7f1898e7458c16dc1031e)
2018-08-13 12:56:33 +02:00
Stefan Metzmacher
92b6b9098c s4:libcli: split out smb_raw_negotiate_fill_transport()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13308

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 17b12a9b9a9dfd859679de77aa0c7ffbc782f1bc)
2018-08-13 12:56:33 +02:00
Ralph Boehme
6335660ea2 CVE-2018-1057: s4:dsdb/samdb: define DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2018-03-13 10:23:10 +01:00
Stefan Metzmacher
f60af3b61c s4:torture: add smb2.session.expire2 test
This demonstrates the interaction of NT_STATUS_NETWORK_SESSION_EXPIRED
and various SMB2 opcodes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-12-21 19:12:08 +01:00
Richard Sharpe
2d97c8a4a5 Make sure smbtorture tests can run if someone has set their min protocol above NT1.
This code is SMB1 only, and already modifies
maxprotocol, so this change is appropriate.

Signed-off-by: Richard Sharpe <richard.sharpe@primarydata.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-09-20 22:48:15 +02:00
Lumir Balhar
c81aff362f python: Fix bad type in conversion of NTSTATUS.
More info: https://lists.samba.org/archive/samba-technical/2017-August/122574.html

Signed-off-by: Lumir Balhar <lbalhar@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-09-06 11:35:18 +02:00
Stefan Metzmacher
156fe6e4d6 s4:libcli/smb_composite: make the additional gensec_update steps async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jun 17 20:54:59 CEST 2017 on sn-devel-144
2017-06-17 20:54:59 +02:00
Stefan Metzmacher
664b2ed36b s4:libcli/smb_composite: add early returns to sesssetup.c:request_handler()
This makes it much clearer under which condutions the following code
operates.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
21c088dac6 s4:libcli/smb_composite: make the first round to gensec async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
043753702c s4:libcli/smb_composite: move gensec_update_ev() out of session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
3420a5c391 s4:libcli/smb_composite: move session_setup_spnego_restart() to the callers of session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
048ed2926f s4:libcli/smb_composite: split out session_setup_spnego_restart() from session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
068817a914 s4:libcli/smb_composite: move chosen_oid to state->chosen_oid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
4b88f6a88c s4:libcli/smb_composite: simplify gensec_update_ev() handling in session_setup_spnego()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-06-17 16:48:11 +02:00
Stefan Metzmacher
27324112b6 s4:libcli/ldap: just use gensec_update() in ldap_bind_sasl()
We're in a blocking/sync call, we should avoid using nested event loops for
this. As far as I can see ldap_bind_sasl() is only called from command line
tools, which are ok to block.

Resolving this requires also resolving the general case in LDB, as that is the
API this is used from.  We would need ldb_connect_send() and ldb_connect_recv()
at a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 22 01:12:23 CEST 2017 on sn-devel-144
2017-05-22 01:12:23 +02:00
Stefan Metzmacher
3c2e02968e s4:libcli/smb2: make smb2_session_setup_spnego_* completely async
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-05-21 21:05:13 +02:00
Günther Deschner
86c9a0228d s4-libcli: remove some dead prototypes
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2017-05-10 15:53:20 +02:00
Gary Lockyer
b57e3cf1df pysmb: Check for credentials using same method as pyrpc
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
2017-03-29 02:37:25 +02:00
Andrew Bartlett
6fcb61b791 pysmb: Extend py_smb_new to allow use_ntlmv2 and use_spnego to be set by callers
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2017-03-29 02:37:25 +02:00
Ralph Boehme
8cbdc6a6df libcli/smb: add max_credits arg to smbXcli_negprot_send()
This allows source4/torture code to set the option for tests by
preparing a struct smbcli_options with max_credits set to some value and
pass that to a torture_smb2_connection_ext().

This will be used in subsequent smbtorture test for SMB2 creditting.

Behaviour of existing upper layers is unchanged, they simply pass the
wanted max credits value to smbXcli_negprot_send() instead of
retrofitting it with a call to smb2cli_conn_set_max_credits().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-03-03 21:55:27 +01:00
Stefan Metzmacher
e9c184088c s4:libcli/raw: remove unused DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12262

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2017-02-21 16:09:22 +01:00
Stefan Metzmacher
4b295b106c wscript: remove executable bits for all wscript* files
These files should not be executable.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 11 20:21:01 CET 2017 on sn-devel-144
2017-01-11 20:21:01 +01:00
Andrew Bartlett
e737171f6e pyerrors: Add PyErr_Set{WERROR,HRESULT,NTSTATUS}_and_string()
This varient allows control of the text explaination string

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
2016-11-04 04:41:19 +01:00
Andrew Bartlett
c8505c53da python: create NTSTATUSError, HRESULTError and WERRORError
The advantage of these over the previous use of just RuntimeError is that we can
catch just the errors we want, without having to catch all possible RuntimeError
cases and assume they decode to a tuple

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12398
2016-11-04 04:41:19 +01:00
Volker Lendecke
77b447bfdc wbclient: "ev" is no longer used in wbc_xids_to_sids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
Volker Lendecke
0a42a4c14b wbclient: "ev" is no longer used in wbc_sids_to_xids
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-09-28 00:04:36 +02:00
ouyang.xu
98ea4a2219 pvfs_open win10 fix, need return SMB2_CREATE_TAG_QFID
Signed-off-by: kkhaike <kkhaike@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Fri Aug 19 09:35:15 CEST 2016 on sn-devel-144
2016-08-19 09:35:14 +02:00
Jeremy Allison
e639cf1040 s4: libcli: Internal SMB1 pid is already stored as and uses 32-bits. Correct getpid() cast.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-06-18 15:32:17 +02:00
Andrew Bartlett
d660e66a4a s4-libcli/raw: Fix compiler errors when building with --address-sanitizer
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-06-16 04:40:13 +02:00
Michael Adam
c150234495 s4:libcli:resolve: fix O3 error unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Garming Sam
38e08d7174 typo: mplementation => implementation
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Noel Power
03302bcb86 s4:libcli: fix 'Conditional jump or move' valgrind error
smbtorture test base.tcondev.tcondev causes the following valgrind trace

==23282== Conditional jump or move depends on uninitialised value(s)
==23282==    at 0x9BE5632: smbcli_tconX (cliconnect.c:148)
==23282==    by 0x41021C: tcon_devtest (base.c:91)
==23282==    by 0x411A01: run_tcon_devtype_test (base.c:522)
==23282==    by 0x16B21D: wrap_simple_1smb_test (util_smb.c:856)
==23282==    by 0x955368F: internal_torture_run_test (torture.c:442)
==23282==    by 0x9553A6B: torture_run_test_restricted (torture.c:542)
==23282==    by 0x2600A4: run_matching (smbtorture.c:110)
==23282==    by 0x25FF66: run_matching (smbtorture.c:95)
==23282==    by 0x2601C5: torture_run_named_tests (smbtorture.c:143)
==23282==    by 0x261E44: main (smbtorture.c:665)
==23282==

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:15 +02:00
Andreas Schneider
03e8152e39 s4:libcli:smb2: Use constant time memcmp() to verify the signature
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-19 09:37:14 +02:00
Stefan Metzmacher
68d6c10e5e CVE-2016-2115: s4:libcli/raw: pass the minprotocol to smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
57f0b0c6c0 CVE-2016-2115: s4:libcli/raw: limit maxprotocol to NT1 in smb_raw_negotiate*()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
5721234328 CVE-2016-2115: s4:libcli/smb2: use the configured min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
35ce75ec9e CVE-2016-2115: s4:libcli/raw: add smbcli_options.min_protocol
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
4b679c350a CVE-2016-2113: s4:libcli/ldap: verify the server certificate and hostname if configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
64a9cd2a38 CVE-2016-2113: s4:lib/tls: implement infrastructure to do peer verification
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
05692ec958 CVE-2016-2112: s4:libcli/ldap: auto upgrade to SIGN after STRONG_AUTH_REQUIRED
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00