| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
CVE-2016-2119: Client side SMB2 signing downgrade.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
| |
CVE-2016-2119: Client side SMB2 signing downgrade.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
|
| |
mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
| |
with mandatory signing
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
| |
Note real anonymous sessions (with "" as username) don't hit this
as we don't even call smb2cli_session_set_session_key() in that case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11860
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11770
From man page of packet(7):
protocol is the IEEE 802.3
protocol number in network byte order. See the <linux/if_ether.h>
include file for a list of allowed protocols. When protocol is set to
htons(ETH_P_ALL), then all protocols are received.
Protocol argument was changed from network order to host order wrongly
in commit 9f8395cb7d49b63a82f75bf504f5f83920102b29.
Specifying "protocol" field to socket(AF_PACKET, ...) call only affects
the packets that are recevied. So use protocol = 0 when sending raw
packets.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar 4 12:58:50 CET 2016 on sn-devel-144
(cherry picked from commit f5b6a5b13406c245ab9cc8c1699483af9eb21f88)
|
|
|
|
|
|
|
|
|
|
| |
Instead of using PF_*, use AF_*.
https://bugzilla.samba.org/show_bug.cgi?id=11705
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9f94620a308a3b17c1886c2c4807b34b8d5edacb)
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11705
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9f8395cb7d49b63a82f75bf504f5f83920102b29)
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d9e242e9035c15e49b041afc61e5a4a08877f289)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We still use the same limit of 4 MByte (DCERPC_NCACN_REQUEST_DEFAULT_MAX_SIZE)
by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Jun 23 04:51:16 CEST 2016 on sn-devel-144
(cherry picked from commit 3f36d31c848496bf509db573e4c12821905b448d)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
The limit of DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte) was too
strict for some workloads, e.g. DRSUAPI replication with large objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7413e73c5331b760dc84b3843059230ec5fcfc7b)
|
|
|
|
|
|
|
|
|
|
|
|
| |
This will replace DCERPC_NCACN_PAYLOAD_MAX_SIZE (4 MByte),
this limit is too strict for some workloads, e.g. DRSUAPI replication
with large objects.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11948
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 281e11b53f676647997fb9ce21227782529a62ad)
|
|
|
|
|
|
|
| |
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit c32d2de98c099c6707ad3314ea14d1de2358615d)
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure we don't crash in this case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11959
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Thu Jun 9 13:18:56 CEST 2016 on sn-devel-144
(cherry picked from commit e46cb9b835eb8f2bd998def82baf6f07fda9fe5c)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Jun 15 14:26:39 CEST 2016 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
| |
This might stumble over stale entries
Signed-off-by: Volker Lendecke <vl@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11844
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Jun 2 15:08:18 CEST 2016 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
scope.
It's referred to outside of the {} brace scope it was defined in by
the following code:
uid_to_unix_users_sid(*uid, &tmp_sid);
user_sid = &tmp_sid;
As tmp_sid was going out of scope, user_sid was
being incorrectly set in the token sid list.
I think this *may* be the root cause of:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10618
But even if not this is an obvious error that must
be fixed.
Back-port from master: 1b3b89345480d16222da00753f973e36e2e0f92d
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Jun 1 12:35:23 CEST 2016 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".
The following can be used to alter the max protocol
rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144
(cherry picked from commit 2eb824fbaf61dfc5e9c735589c80c41379dabe86)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon May 30 13:55:41 CEST 2016 on sn-devel-104
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2b67554e6ccca6dd4616dea672890e0a56bed8bd)
|
|
|
|
|
|
|
|
|
|
|
|
| |
The generate_session_info() function maybe called more than once
per session.
Some may try to look/dereference session_info->security_token,
so we provide simplified token.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This make it more predictable for the callers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1334356
BUG: https://launchpad.net/bugs/1578576
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144
(cherry picked from commit 58a83236294117d32d9883ac3024f81fa1730a87)
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue May 17 13:47:41 CEST 2016 on sn-devel-104
|
|
|
|
|
|
| |
and re-enable git snapshots.
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Apr 29 14:52:04 CEST 2016 on sn-devel-104
|
|
|
|
| |
Signed-off-by: Karolin Seeger <kseeger@samba.org>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We test all combinations of NT1 with and without spnego and SMB3
for user, anonymous and guest authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 20:16:45 CEST 2016 on sn-devel-144
(similar to commit eee88e07b3e68efb467b390536eea4155b5ced7e)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit 4de43387235cb17a185fdd1afd658972e8c174ef)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit 587b5db7979c1ca1055f5bfd81ab79606cd3c2dd)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 70910334caa176bf98fece7d638ed599979dc173)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit b8055cb42cadf48367867213a35635f3391c9b8d)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 7a2cb2c97611171613fc677a534277839348c56f)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit db9c01a51975a0a3ec2564357617958c2f466091)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d667520568996471b55007a42b503edbabb1eee0)
|
|
|
|
|
|
|
|
|
|
|
| |
Real anonymous sessions don't get it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(similar to commit 79a71545bfc87525c6ba6c8fe9fa7d8a9da33441)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 25ce97892ad3ce5028e4dbbbdd844ef6619ac396)
|
|
|
|
|
|
|
|
|
|
|
| |
SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 837e6176329330893d5a1e4ce4ac67dbac758e56)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit ead483b0c0ec746c0869162024c97f2e08df7f4b)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d247dceaaab24b568425f2360e40f5e91be452cc)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 65462958522baee6eedcedd4193cfcc8cf0f510e)
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the authentication consistent between
SMB1 with CAP_EXTENDED_SECURITY (introduced in Windows 2000)
and SNB2.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit e72ad193a53e20b769f798d02c0610f91859bd38)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit fa5799207e55ee8e329f36f784d027845eaf0e34)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 02c902103521e5a2b1d221db83e6c59d0ce31099)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 8f4a4bec089b46bbeb0e0f37bb682acb88702bf2)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit cceaa61cf064926baca6db4b303d34ea90d40d52)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit e6f9e176f2bb0e3e7451ac58e84ff55328219fcd)
|
|
|
|
|
|
|
|
|
|
|
| |
Guenther
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8e016ffeb01167bb8dec66cf9e4bc8605461c15a)
|
|
|
|
|
|
|
|
|
| |
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11858
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 53be47410236ef7c90fe895f49f300e3fe47a8bf)
|
|
|
|
|
|
|
|
|
|
|
| |
Enforcement of SMB signing is done at the SMB layer.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d97b347d041f9b5c0aa71f35526cbefd56f3500b)
|