summaryrefslogtreecommitdiffstats
path: root/source/libsmb
Commit message (Collapse)AuthorAgeFilesLines
* Probably fixes a crash during name resolution when log level >= 10Ted Percival2009-07-301-1/+1
| | | | | | and libc segfaults if printf is passed NULL for a "%s" arg (eg. Solaris). (cherry picked from commit d3220d9d58477f2a6ef7a78c3cf05cb232b57aff)
* s3:libsmb: handle the smb signing states the same in the krb5 and ntlmssp casesStefan Metzmacher2009-01-131-16/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | SMB signing works the same regardless of the used auth mech. We need to start with the temp signing ("BSRSPYL ") and the session setup response with NT_STATUS_OK is the first signed packet. Now we set the krb5 session key if we got the NT_STATUS_OK from the server and then recheck the packet. All this is needed to make the fallback from krb5 to ntlmssp possible. This commit also resets the cli->vuid value to 0, if the krb5 auth didn't succeed. Otherwise the server handles NTLMSSP packets as krb5 packets. The restructuring of the SMB signing code is needed to make sure the krb5 code only starts the signing engine on success. Otherwise the NTLMSSP fallback could not initialize the signing engine (again). metze (cherry picked from commit 7d9fd64f38aa5821b38c1223cf87979fc87bfb71) (cherry picked from commit 8e29070ccd0b5103af2e6da75644169f46700313) (cherry picked from commit 38b297f99ec166e5c40ba33774222b37b45b4fec) (a little bit modified to compile in v3-0) (cherry picked from commit db109da6b10a091593435e3f8b0d9adb57d3c972)
* libsmb/namequery.c: add saf_join_store() functionStefan Metzmacher2009-01-121-5/+67
| | | | | | | | | | | | saf_join_store() should be called after a successful domain join, the affinity to the dc used at join time has a larger ttl, to avoid problems with delayed replication. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 80e74a27c55c01221091e3eec930c2ac4433c22c)
* libsmb/namequery: fallback to returning all dcs, when none is available in ↵Stefan Metzmacher2009-01-121-0/+8
| | | | | | | | | | | | | | the requested site It could happen that all dcs in a site are unavailable (some sites have only one dc) and then we need to fallback to get all dcs. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit c127367b1dd622eeceb1f47de0a047c297dda222)
* Backport of bugfix for #5751, smbclient: cannot show ACLs on DFS, done byJeremy Allison2009-01-121-13/+34
| | | | | | SATOH Fumiyasu <fumiyas@osstech.co.jp>. Jeremy. (cherry picked from commit 5e73ddba11cbf9ea2d6ca63be098720ff0d5a0d1)
* Backport bugfix for bug #5710.Günther Deschner2009-01-121-13/+15
| | | | | | | | In order to successfully update a machine account password we need to use Netlogon ServerPasswordSet2 when NETLOGON_NEG_PASSWORD_SET2 has been negotiated. Guenther (cherry picked from commit 84fbac51ffc5f4a8a4f7b1baf5e9b1af174505f5)
* Merge branch 'v3-0-test' of ssh://jra@git.samba.org/data/git/samba into ↵Jeremy Allison2008-06-062-15/+33
|\ | | | | | | v3-0-test
| * More correct fix (hopefully :-) for any memory leaks.Jeremy Allison2008-06-051-12/+30
| | | | | | | | | | Jerry promised to check :-). Vl also please review. Jeremy.
| * Fix bug reported by David Eisner <deisner@gmail.com>. When allocating cliJeremy Allison2008-06-021-3/+3
| | | | | | | | | | | | buffers for large read/write - make sure we take account of the large read/write SMB headers as well as the buffer space. Jeremy.
* | minor memory leak fix from Chere Zhou <czhou@isilon.com>.Jeremy Allison2008-05-301-0/+1
|/ | | | Jeremy.
* Security: Patche for CVE-2008-1105.Gerald W. Carter2008-05-281-5/+4
| | | | | | | | | | | | | | | -- Summary -- Specifically crafted SMB responses can result in a heap overflow in the Samba client code. Because the server process, smbd, can itself act as a client during operations such as printer notification and domain authentication, this issue affects both Samba client and server installations. Ensure that we specify the buffer size used to store incoming SMB packets. This bug was originally introduced in Samba 2.2.4. Patch from Jeremy Allison.
* Memory leak fixes from Chere Zhou <czhou@isilon.com>.Jeremy Allison2008-05-271-0/+1
| | | | Jeremy.
* Merge branch 'v3-0-test' of git://git.samba.org/samba into 3.0-testJim McDonough2008-05-271-20/+22
|\
| * spnego SPN fix when contacting trusted domainsSteven Danneman2008-05-231-20/+22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | cli_session_setup_spnego() was not taking into consideration the situation where we're connecting to a trusted domain, specifically one (like W2K8) which doesn't return a SPN in the NegTokenInit. This caused two problems: 1) When guessing the SPN using kerberos_get_default_realm_from_ccache() we were always using our default realm, not the realm of the domain we're connecting to. 2) When falling back on NTLMSSP for authentication we were passing the name of the domain we're connecting to for use in our credentials when we should be passing our own workgroup name. The fix for both was to split the single "domain" parameter into "user_domain" and "dest_realm" parameters. We use the "user_domain" parameter to pass into the NTLM call, and we used "dest_realm" to create an SPN if none was returned in the NegTokenInit2 packet. If no "dest_realm" is provided we assume we're connecting to our own domain and use the credentials cache to build the SPN. Since we have a reasonable guess at the SPN, I removed the check that defaults us directly to NTLM when negHint is empty.
* | In libsmbclient, map NT_STATUS_OBJECT_PATH_NOT_FOUND to ENOENTVolker Lendecke2008-05-211-0/+1
|/ | | | | | Thanks to SATOH Fumiyasu! This fixes bug 4974
* Fix a "may be used uninitialized" error.Jeremy Allison2008-05-141-1/+1
| | | | Jeremy.
* Fix signing problem in the client with transs requestsVolker Lendecke2008-05-131-0/+3
| | | | | | | | | | | This is a different fix than Jeremy put into 3-0-test with 040db1ce85 and other branches with different hashes. Jeremy, I think your fix led to bug 5436, so I reverted your fix. This fixes the original problem I found with the transs requests for large rpc queries in a different way. Please check! Thanks, Volker
* Revert "Fix signing bug found by Volker. That one was *subtle*."Volker Lendecke2008-05-132-5/+88
| | | | This reverts commit 040db1ce851909704d093538ba063863fa11f73e.
* Fix typos.Karolin Seeger2008-04-091-1/+1
| | | | Karolin
* When using plaintext ucs2 passwords clistr_push calls ucs2_align, which causesJeremy Allison2008-04-041-4/+9
| | | | | | | | | the space taken by the unicode password to be one byte too long (as we're on an odd byte boundary here). Reduce the count by 1 to cope with this. Fixes smbclient against NetApp servers which can't cope. Fix from bryan.kolodziej@allenlund.com in bug #3840. Jeremy.
* Fix NETLOGON credential chain with Windows 2008 all over the place.Günther Deschner2008-04-041-1/+1
| | | | | | | | | | | In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther
* Fix bug #5326 - OS/2 servers give strange "high word" replies for print jobs.Jeremy Allison2008-03-281-2/+6
| | | | Jeremy.
* Add NT_STATUS_DOWNGRADE_DETECTED (thanks to Magnus Mertens).Günther Deschner2008-03-261-0/+1
| | | | | Guenther (cherry picked from commit 970daaa0a620d8e47475909cd7b5e54869602530)
* Fix from Guenter Kukkukk <linux@kukkukk.com> to fix listing againstJeremy Allison2008-02-282-1/+27
| | | | | | OS/2 servers. OS/2 returns eclass == ERRDOS && ecode == ERRnofiles for a zero entry directory listing. Jeremy.
* Back-port from vl.Jeremy Allison2008-02-111-1/+1
| | | | | | | | | | | | | | Author: Volker Lendecke <vl@samba.org> Date: Mon Feb 11 18:36:06 2008 +0100 Add a missing return If I'm not completely blind, we should return here. Not doing it here seems not to be a major flaw, as far as I can see we're only missing the error code. This might account for some of the very unhelpful NT_STATUS_UNSUCCESSFUL error messages people see during joins. All with stake in Samba client, please check!
* Enable v3-0-test to successfully join a windows 2008 domain controller.Günther Deschner2008-01-311-2/+1
| | | | | | | This is hand-merged from a couple of commits from 3-2-test, cherry-picking was hardly possible without importing all the ldap sign/seal work from metze. Guenther
* Added :Jeremy Allison2008-01-232-2/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Author: Jeremy Allison <jra@samba.org> Date: Wed Jan 23 15:23:16 2008 -0800 Don't leak memory in error path. Jeremy. Author: Jeremy Allison <jra@samba.org> Date: Wed Jan 23 15:00:40 2008 -0800 Use strchr_m in seaching for '.' in the hostname to make sure we're mb safe. Jeremy. Author: Andreas Schneider <anschneider@suse.de> Date: Thu Jan 17 11:35:40 2008 +0100 Fix Windows 2008 (Longhorn) join. During 'net ads join' the cli->desthost is a hostname (e.g. rupert.galaxy.site). Check if we have a hostname and use only the first part, the machine name, of the string. Author: Andreas Schneider <anschneider@suse.de> Date: Thu Jan 17 10:11:11 2008 +0100 Windows 2008 (Longhorn) auth2 flag fixes. Interop fixes for AD specific flags. Original patch from Todd Stetcher.
* libsmb: Do not upper-case target name on NTLMv2 hash generationKai Blin2008-01-151-1/+1
| | | | | | | | This makes our NTLMv2 hash generation compatible to the Davenport example and fixes a bug when ntlm_auth is called with a non-upper-case --domain parameter and client ntlmv2 auth = yes Jerry, please consider for 3.0.28a
* packet_struct is used in several places as raw memoryVolker Lendecke2007-12-191-0/+2
| | | | -> Fix more uninitialized variable warnings
* Some paranoia checksVolker Lendecke2007-12-191-0/+8
|
* Zero the tdb key, there might be paddingVolker Lendecke2007-12-191-0/+2
| | | | This leads to uninitialized variable warnings if nmbd is run under valgrind.
* Added patch originally by Andreas Schneider <anschneider@suse.de>Jeremy Allison2007-12-151-8/+41
| | | | | | to cause us to behave like Vista when looking for remote machine principal. Modified by me. Jeremy.
* Make sure this is fixed for both MIT and Heimdal.Jeremy Allison2007-12-121-2/+2
| | | | Jeremy.
* Vista SP1-rc1 appears to break against Samba-3.0.27aGuenther Deschner2007-12-121-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Jason, Jason Haar wrote: > Patched 3.0.28, compiled, installed and here's the log file. > > Hope it helps. BTW I don't think it matters, but this is on 32bit > CentOS4.5 systems. yes, it helps. Thanks for that. Very interesting, there are two auth data structures where the first one is a PAC and the second something unknown (yet). Can you please try the attached fix ? It should make it work again. Guenther - -- Günther Deschner GPG-ID: 8EE11688 Red Hat gdeschner@redhat.com Samba Team gd@samba.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFHX9ZESOk3aI7hFogRAivSAJ9bMcD+PcsIzjYYLtAUoLNfVVEl1QCfV/Qd MPsZW4G31VOVu64SPjgnJiI= =Co+H -----END PGP SIGNATURE-----
* Merge branch 'v3-0-stable' into v3-0-testGerald (Jerry) Carter2007-12-101-0/+6
|\ | | | | | | Resolved conflicts in source/VERSION.
| * Fix from Jeremy for CVE-2007-6015 (send_mailslot() buffer overrun).Gerald (Jerry) Carter2007-12-061-0/+6
| | | | | | | | | | This one fixes cli_send_mailslot() which could be called from the nmbd server code.
* | Fix signing bug found by Volker. That one was *subtle*.Jeremy Allison2007-12-042-88/+5
|/ | | | Jeremy
* Ensure every use of push_ascii checks for error -1 condition.Jeremy Allison2007-11-191-1/+6
| | | | | | Ensure that is zero termination is requested that it is applied if there's space. Jeremy.
* Fix for CVE-2007-4572Gerald (Jerry) Carter2007-11-151-1/+2
| | | | | | | | | | | | | | | | == Subject: Stack buffer overflow in nmbd's logon == request processing. == == CVE ID#: CVE-2007-4572 == == Versions: Samba 3.0.0 - 3.0.26a (inclusive) ... Samba developers have discovered what is believed to be a non-exploitable buffer over in nmbd during the processing of GETDC logon server requests. This code is only used when the Samba server is configured as a Primary or Backup Domain Controller.
* [GLUE] Rsync SAMBA_3_0 SVN r25598 in order to create the v3-0-test branch.samba-misc-tags/initial-v3-0-testGerald (Jerry) Carter2007-10-1035-1862/+664
|
* r23726: Explicitly pass down the FLAGS2 field to srvstr_pull_buf. The nextVolker Lendecke2007-10-103-11/+17
| | | | | | checkin will pull this up to srvstr_get_path. At that point we can get more independent of the inbuf, the base_ptr in pull_string will only be used to satisfy UCS2 alignment constraints.
* r23723: Alexander Larsson pointed me at a missing mapping in clierror.cSimo Sorce2007-10-101-1/+3
| | | | | | | When renaming a file across 2 filesystem a samba server returns NT_STATUS_NOT_SAME_DEVICE but thius is not translated to EXDEV, and the generic EINVAL is returned instead. This should fix it, Jeremy or Derrel please check if this is ok.
* r23710: Remove some code duplication, we do have a random number generatorVolker Lendecke2007-10-101-7/+3
|
* r23651: Always, always, always compile before commit...Günther Deschner2007-10-101-1/+1
| | | | Guenther
* r23650: Fix remaining callers of krb5_kt_default().Günther Deschner2007-10-101-3/+3
| | | | Guenther
* r23649: Fix the build (by moving smb_krb5_open_keytab() to clikrb5.c).Günther Deschner2007-10-101-1/+137
| | | | Guenther
* r23627: Allow to pass down the lookup-level to rpccli_lsa_lookup_names().Günther Deschner2007-10-101-1/+1
| | | | Guenther
* r23624: Merge dos error code from samba4 (returned from dfs_Enum against ↵Günther Deschner2007-10-101-0/+1
| | | | | | | | w2k3 as soon as a one DFS_VOLUME_FLAVOR_AD_BLOB dfsroot exists). Guenther
* r23609: Removing more redundant codepaths out of smb_krb5_renew_ticket().Günther Deschner2007-10-101-38/+26
| | | | | | Thanks Volker for the pointer hint :) Guenther
* r23588: Some more cleanups and error checks in the krb5 renew function.Günther Deschner2007-10-101-6/+12
| | | | Guenther
generated by cgit (git 2.34.1) at 2025-08-28 23:42:32 +0000