summaryrefslogtreecommitdiffstats
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
...
* libcli/auth: fix usage of an uninitialized variable in ↵Stefan Metzmacher2014-01-081-2/+2
| | | | | | | | | | netlogon_creds_cli_check_caps() If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/auth: remove unused netlogon_creds_cli_context_copy()Stefan Metzmacher2014-01-072-51/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: make use of real options in netlogon_creds_cli_context_global()Stefan Metzmacher2014-01-071-15/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: use unique key_name values in netlogon_creds_cli_context_common()Stefan Metzmacher2014-01-071-10/+48
| | | | | | | | | | | | | | | | | Until all callers are fixed to pass the same 'server_computer' value, we try to calculate a server_netbios_name and use this as unique identifier for a specific domain controller. Otherwise winbind would use 'hostname.example.com' while 'net rpc testjoin' would use 'HOSTNAME', which leads to 2 records in netlogon_creds_cli.tdb for the same domain controller. Once all callers are fixed we can think about reverting this commit. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: add netlogon_creds_cli* infrastructureStefan Metzmacher2014-01-073-0/+2738
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This provides an abstraction to hide netlogon_creds_CredentialState, which is stored in a node local tdb. Where the global state (netlogon_creds_CredentialState) between client and server was only kept in memory (on the client side), we now use the abstracted netlogon_creds_cli_context. We now use a node specific computer name in order to establish individual netlogon sessions per node. If the caller wants to use some netlogon calls with credential chain (struct netr_Authenticator), netlogon_creds_cli_lock*() is used to get the current netlogon_creds_CredentialState in a g_lock'ed fashion, a talloc_free() will release the lock. The locking is needed as there might be more than one process (multiple winbindd child, cmdline tools) which want to talk to a specific domain controller. The usage of netlogon_creds_CredentialState needs to be serialized as it uses sequence numbers. LogonSamLogonEx doesn't use the credential chain, but for some operations it needs the global session in order to de/encrypt individual fields. It uses the lockless netlogon_creds_cli_get() and netlogon_creds_cli_validate() functions, which just make sure the session hasn't changed between get and validate. This is prepares the proper fix for a large number of bugs: https://bugzilla.samba.org/show_bug.cgi?id=6563 https://bugzilla.samba.org/show_bug.cgi?id=7944 https://bugzilla.samba.org/show_bug.cgi?id=7945 https://bugzilla.samba.org/show_bug.cgi?id=7568 https://bugzilla.samba.org/show_bug.cgi?id=8599 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/smb: s/tstream_cli_np/tstream_smbXcli_npStefan Metzmacher2014-01-072-224/+226
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: s/TSTREAM_CLI_NP/TSTREAM_SMBXCLI_NPStefan Metzmacher2014-01-071-11/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: move source3/libsmb/cli_np_tstream.c to tstream_smbXcli_np.cStefan Metzmacher2014-01-073-0/+1389
| | | | | | | This code is generic enough to have it in the top level now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: add smb1cli_readx*Gregor Beck2014-01-073-0/+238
| | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: add smb1cli_writex*Gregor Beck2014-01-073-0/+312
| | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: add smb1cli_close*Gregor Beck2014-01-073-0/+206
| | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: add smb1cli_ntcreatex*Gregor Beck2014-01-073-0/+405
| | | | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Gregor Beck <gbeck@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: move some *TRANSACT_* flags to smb_constants.hStefan Metzmacher2014-01-071-0/+34
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: move some FILE_* flags to smb_constants.hStefan Metzmacher2014-01-071-0/+50
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* auth/gensec: move libcli/auth/schannel_sign.c into schannel.cStefan Metzmacher2014-01-073-419/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: try to use the current timestamp creds->sequenceStefan Metzmacher2013-12-241-0/+22
| | | | | | | | | | | | | | | If the last usage of netlogon_creds_client_authenticator() is in the past try to use the current timestamp and increment more than just 2. If we use netlogon_creds_client_authenticator() a lot within a second, we increment keep incrementing by 2. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 24 13:18:18 CET 2013 on sn-devel-104
* libcli/auth: remove bogus comment regarding replay attacksStefan Metzmacher2013-12-241-2/+0
| | | | | | | | | creds->sequence (timestamp) is the value that is used to increment the internal state, it's not a real sequence number. The sequence comes from adding all timestamps of the whole session. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/auth: set the return_authenticator->timestamp = 0Stefan Metzmacher2013-12-241-1/+1
| | | | | | | This is what windows returns, the value is ignored by the client anyway. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* secacl: Slightly simplify make_sec_aclVolker Lendecke2013-12-141-3/+6
| | | | | | | | | | This avoids a complex if-expression Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Dec 14 00:10:21 CET 2013 on sn-devel-104
* secacl: Fix a memleak in an error pathVolker Lendecke2013-12-131-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* secacl: Don't use talloc_zeroVolker Lendecke2013-12-131-1/+4
| | | | | | | We initialize all but one field anyway Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* secacl: Fix whitespaceVolker Lendecke2013-12-131-11/+11
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: fix compiler warningsChristian Ambach2013-12-121-0/+1
| | | | | | | about missing prototypes Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/clap fix compiler warningsChristian Ambach2013-12-121-2/+1
| | | | | | | about set but unused variable Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2013-4408:libcli/util: add some size verification to ↵Stefan Metzmacher2013-12-091-0/+5
| | | | | | | | | tstream_read_pdu_blob_done() Bug: https://bugzilla.samba.org/show_bug.cgi?id=10185 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* docs: remove duplicate word "name" in nmblookup4 manpage.Günther Deschner2013-11-191-1/+1
| | | | | | | Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/cldap: Add utility to create netlogon filterBenjamin Franzke2013-11-112-40/+52
| | | | | | | This utility is splitted of from cldap_netlogon_send. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Nadezhda Ivanova <nivanova@symas.com>
* libcli/smb: fix smb2cli_ioctl*() against Windows 2008.Stefan Metzmacher2013-10-311-4/+29
| | | | | | | | | | | | | | | The subsections of [MS-SMB2] "3.2.5.14 Receiving an SMB2 IOCTL Response" say the client should ignore the InputOffset/InputCount. We do that only if we ask for max_input_length = 0. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10232 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 31 01:16:10 CET 2013 on sn-devel-104
* libcli: Add tstream_npa_socketpair() function.Andreas Schneider2013-10-292-0/+67
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s4-dsacl: Fixed incorrect handling of privileges in sec_access_check_dsNadezhda Ivanova2013-10-251-8/+4
| | | | | | | | | | Restore and backup privileges are not relevant to ldap access checks, and the TakeOwnership privilege should grant write_owner right Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/smb: add SMB2_HDR_FLAG_DFS for SMB2 Create operations on dfs sharesStefan Metzmacher2013-10-171-1/+9
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: add FLAG_CASELESS_PATHNAMES based on FILE_CASE_SENSITIVE_SEARCH ↵Stefan Metzmacher2013-10-171-0/+7
| | | | | | | | | to smb1 requests Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: move Filesystem Attributes defines to smb_constants.hStefan Metzmacher2013-10-171-0/+19
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: add FLAGS2_DFS_PATHNAMES for SMB1 operations against dfs sharesStefan Metzmacher2013-10-171-0/+6
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: add smbXcli_tcon_{set,get}_fs_attributes()Stefan Metzmacher2013-10-172-0/+17
| | | | | | | | | | These are the attributes returned from the FileFsAttributeInformation request. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: add smbXcli_tcon_is_dfs_share()Stefan Metzmacher2013-10-172-0/+27
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: Introduce smbXcli_conn_dfs_supportedLuk Claes2013-10-172-0/+11
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10200 Signed-off-by: Luk Claes <luk@debian.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: add smb2cli_tcon_is_encryption_on()Michael Adam2013-10-152-0/+6
| | | | | | | https://bugzilla.samba.org/show_bug.cgi?id=10208 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Correct smb2_lease_pullVolker Lendecke2013-10-061-4/+4
| | | | | | | | We don't really use leases yet, so so far this went by unnoticed. It's the V2 lease requests that hold the parent lease key, not the V1 ones. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli: Add const to smb2_lease_pullVolker Lendecke2013-10-062-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli/smb: only check the SMB2 session setup signature if required and validStefan Metzmacher2013-09-181-5/+21
| | | | | | | | | | | | | This is an update to commit af290a03cef63c3b08446c1980de064a3b1c8804 that skips the scary debug messages. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Sep 18 04:46:00 CEST 2013 on sn-devel-104
* libcli/smb: fix non mendatory signing against some vendor SMB2 servers.Stefan Metzmacher2013-09-171-1/+10
| | | | | | | | | | | | | | Windows and Samba always sign the final session setup response even if signing is not mendatory, but it ensures that the signing key is correctly in place. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10146 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 17 09:40:10 CEST 2013 on sn-devel-104
* libcli/smb: use SMB1 MID=0 for the initial NegprotStefan Metzmacher2013-09-171-0/+8
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10144 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: negotiate SMB3_DIALECT_REVISION_302 if PROTOCOL_SMB3_02 is requestedStefan Metzmacher2013-09-171-0/+1
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add PROTOCOL_SMB3_02Stefan Metzmacher2013-09-171-2/+3
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add SMB3_DIALECT_REVISION_302Stefan Metzmacher2013-09-171-0/+1
| | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* As SMB3 has transport level encryption, allow smbclient -e to force encryted ↵Jeremy Allison2013-08-212-0/+22
| | | | | | | SMB3 transport. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* libcli/smb: add smb2cli_conn_req_possible()Stefan Metzmacher2013-08-152-0/+23
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add smb1cli_conn_req_possible()Stefan Metzmacher2013-08-152-0/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: pass max_dyn_len to smb2cli_req_send()Stefan Metzmacher2013-08-1513-16/+50
| | | | | | | | This way we can calculate the correct credit charge for requests with large output buffers. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-05-25 01:04:57 +0000