summaryrefslogtreecommitdiff
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
* libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_IDStefan Metzmacher2019-09-091-0/+17
| | | | | | | | | | | | | | | | | | Note: Unlike the current documentation, the utf16 string is not null-terminated, that matches Windows Server 1903 as a client. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055 RN: Add the target server name of SMB 3.1.1 connections as a hint to load balancers or servers with "multi-tenancy" support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com> (cherry picked from commit 21f6cece543dd791e0f4636458bfe9819823420c) Autobuild-User(v4-11-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-11-test): Mon Sep 9 12:03:55 UTC 2019 on sn-devel-184
* libcli/smb: add new COMPRESSION and NETNAME negotiate context idsStefan Metzmacher2019-09-091-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com> (cherry picked from commit e10b90f33bb812600886656a1124e2d434416563)
* libcli: Update all consumers of strtoul_err(), strtoull_err() to new APISwen Schillig2019-06-301-3/+3
| | | | | | Signed-off-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_arcfour_crypt()Andreas Schneider2019-06-274-28/+88
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_crypt_samlogon_logon()Andreas Schneider2019-06-271-13/+11
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_logon()Andreas Schneider2019-06-272-6/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_logon()Andreas Schneider2019-06-273-12/+24
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_server_step_check()Andreas Schneider2019-06-271-15/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_decrypt_samlogon_validation()Andreas Schneider2019-06-273-12/+22
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Return NTSTATUS for netlogon_creds_encrypt_samlogon_validation()Andreas Schneider2019-06-272-6/+8
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use GnuTLS RC4 for netlogon credentialsAndreas Schneider2019-06-271-4/+17
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: Use GnuTLS RC4 for samba_gnutls_arcfour_confounded_md5()Andrew Bartlett2019-06-271-2/+4
| | | | | | | This allows Samba to use GnuTLS for drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* liblic/drsupai: use samba_gnutls_arcfour_confounded_md5() wrapperAndrew Bartlett2019-06-271-65/+30
| | | | | | | | This common code will reduce duplication, particularly when we move arcfour_encrypt_buffer() calls to GnuTLS Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/drsuapi: Correct comment in drsuapi_decrypt_attribute_value()Andrew Bartlett2019-06-271-1/+1
| | | | | | | This is not a copy, it is just a pointer assignment. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/drsuapi: Add expected value unit tests for ↵Andrew Bartlett2019-06-272-0/+534
| | | | | | | drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/drsuapi: Add const to *in parameters to ↵Andrew Bartlett2019-06-271-2/+2
| | | | | | | drsuapi_{en,de}crypt_attribute_value() Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/drsuapi: Make drsuapi_decrypt_attribute_value() staticAndrew Bartlett2019-06-272-13/+6
| | | | | | | The last external user was removed in 0980a3471ed8fcc3a37296857285dc0235e0e0d2 in 2010 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:drsuapi: Use gnutls_error_to_werror() in repl_decryptAndreas Schneider2019-06-271-6/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use gnutls_error_to_werror() in smbencryptAndreas Schneider2019-06-271-3/+4
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib/crypto: move gnutls error wrapper to own subsystemAndrew Bartlett2019-06-279-108/+8
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* py3: Remove duplicated PyUnicode_Check() after the py3 compat macros were ↵Andrew Bartlett2019-06-241-3/+3
| | | | | | | | | | | | removed This came about because in py2 we had to check for strings and unicode. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Noel Power <npower@samba.org> Autobuild-Date(master): Mon Jun 24 18:48:53 UTC 2019 on sn-devel-184
* py3: Remove PyStr_AsString() compatability macroAndrew Bartlett2019-06-241-6/+6
| | | | | | | | We no longer need Samba to be py2/py3 compatible so we choose to return to the standard function names. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* py3: Remove PyStr_FromString() compatability macroAndrew Bartlett2019-06-241-7/+7
| | | | | | | | We no longer need Samba to be py2/py3 compatible so we choose to return to the standard function names. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* py3: Remove PyStr_Check() compatability macroAndrew Bartlett2019-06-241-3/+3
| | | | | | | | We no longer need Samba to be py2/py3 compatible so we choose to return to the standard function names. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
* libcli:smb: Use gnutls_error_to_ntstatus() in smb_signingAndreas Schneider2019-06-241-12/+7
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:auth: Use gnutls_error_to_ntstatus() in credentialsAndreas Schneider2019-06-241-11/+9
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Use gnutls_error_to_ntstatus() in smbXcli_base.cAndreas Schneider2019-06-241-9/+10
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_check_pdu()Andreas Schneider2019-06-241-4/+4
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Use gnutls_error_to_ntstatus() in smb2_signing_sign_pdu()Andreas Schneider2019-06-241-2/+2
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Return NSTATUS for smb2_signing_check_pdu()Andreas Schneider2019-06-243-36/+59
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:util: Add gnutls_errorAndreas Schneider2019-06-243-2/+103
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/smb: harden smbXcli_session_shallow_copy against nonce reusageStefan Metzmacher2019-06-121-0/+19
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jun 12 13:56:19 UTC 2019 on sn-devel-184
* libcli/smb: s/smbXcli_session_copy/smbXcli_session_shallow_copyStefan Metzmacher2019-06-122-2/+7
| | | | | | | | We should make clear that this is a function for testing only, with possible strange side effects. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: only fallback to the global smb2 signing key if we should signAndreas Schneider2019-06-121-4/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only sign if we're asked for it. The signing keys are always generated, so we were always using global signing key and signed with it when signing was not asked for. By luck this was the correct signing key for the 1st channel. But multi channel connections where broken is the server nor the client require/desire signing. It seems the tests only ever run against Windows domain controllers, which always require signing. Note that the following code in smb2cli_req_create() makes sure that we always sign session binds: if (cmd == SMB2_OP_SESSSETUP && !smb2_signing_key_valid(session->smb2_channel.signing_key) && smb2_signing_key_valid(session->smb2->signing_key)) { /* * a session bind needs to be signed */ state->smb2.should_sign = true; } This removed a logic changed introduced in commit 17e22e020fcb84fb9ddda350915369dc9ea28ef1. As if (!smb2_signing_key_valid(signing_key)) { is not the same as: if (signing_key && signing_key->length == 0) { it's the same as: if (signing_key == NULL || signing_key->length == 0) { so we need: if (signing_key != NULL && !smb2_signing_key_valid(signing_key)) { Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/smb: make sure the session->{smb2->,smb2_channel.}signing_key is ↵Stefan Metzmacher2019-06-121-17/+27
| | | | | | | | | | | | | | | | | | | | | | never NULL! Before commit 17e22e020fcb84fb9ddda350915369dc9ea28ef1 they we not a pointer and always be present. We used the local pointer variable 'signing_key = NULL' and logic like this: if (state->smb2.should_sign) { signing_key = state->session->smb2_channel.signing_key; } if (signing_key != NULL ... In order to keep this we need to nake sure state->session->smb2_channel.signing_key is never NULL! Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "libcli:smb: Fix signing with multichannel"Stefan Metzmacher2019-06-121-8/+4
| | | | | | | | | This reverts commit 1817db965dc0caf55e4308fa4d9203ab4381dc90. This was pushed to fast, the corrected commit follows. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "libcli/smb: add missing struct smb2_signing_key allocation in ↵Stefan Metzmacher2019-06-121-9/+0
| | | | | | | | | | | smb2cli_session_set_channel_key()" This reverts commit 08750166542f46644038d1ff9d839b270436addf. This was pushed to fast, the corrected commit follows. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/smb: add missing struct smb2_signing_key allocation in ↵Stefan Metzmacher2019-06-111-0/+9
| | | | | | | | | | | | | smb2cli_session_set_channel_key() This was missing in commit 17e22e020fcb84fb9ddda350915369dc9ea28ef1 and causes all multi-channel tests to segfault. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Jun 11 15:25:56 UTC 2019 on sn-devel-184
* libcli:smb: Fix signing with multichannelAndreas Schneider2019-06-111-4/+8
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* lib: Only compile resolvconftest if fmemopen existsVolker Lendecke2019-05-251-0/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13961 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Böhme <slow@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat May 25 00:05:25 UTC 2019 on sn-devel-184
* libcli/security: Remove unused dup_sec_desc_buf()Andrew Bartlett2019-05-222-17/+0
| | | | | | | | | | This has been unused since before 762e7e1dff89cc14b0130fc9a22038b0845630a2 in 2003. Found by callcatcher Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libcli/auth: Remove des_crypt64() from smbdesAndrew Bartlett2019-05-222-12/+0
| | | | | | | | | | This has been unused since it was introduced by ad8b47a2ba4e81420bc2272e8438a727cc2223ee in 2006 Found by callcatcher Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libcli:smb: Return NTSTATUS for smb_key_derivation()Andreas Schneider2019-05-213-13/+29
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Check return code of smb_signing_md5()Andreas Schneider2019-05-211-2/+11
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Return NTSTATUS for smb_signing_sign_pdu()Andreas Schneider2019-05-213-11/+18
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Return NTSTATUS for smb_signing_md5()Andreas Schneider2019-05-211-11/+24
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Use GnuTLS HMAC MD5 in smb_key_derivation()Andreas Schneider2019-05-211-7/+7
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:smb: Use GnuTLS MD5 and HMAC MD5 in smb_signing_md5()Andreas Schneider2019-05-211-22/+40
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:drsuapi: Use GnuTLS MD5 in drsuapi_encrypt_attribute_value()Andreas Schneider2019-05-211-8/+28
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli:drsuapi: Use GnuTLS MD5 in drsuapi_decrypt_attribute_value()Andreas Schneider2019-05-211-8/+35
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status