summaryrefslogtreecommitdiff
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
* s3: libcli: Add FSCTL_SMBTORTURE_FSP_ASYNC_SLEEP.Jeremy Allison2021-08-171-0/+2
| | | | | | | | | | Prepare for async FSCTL tests on an fsp. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14769 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 62cd95096a76d5064b105c1b4971fa3eabd5f85d)
* gnutls: allow gnutls_aead_cipher_encryptv2 with gcm before 3.6.15Stefan Metzmacher2021-08-061-13/+41
| | | | | | | | | | | | | | | The memory leak bug up to 3.6.14 was only related to ccm, but gcm was fine. This avoids talloc+memcpy on more systems, e.g. ubuntu 20.04, and brings ~ 20% less cpu overhead, see: https://hackmd.io/@asn/samba_crypto_benchmarks BUG: https://bugzilla.samba.org/show_bug.cgi?id=14764 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 5512416a8fbe00a7a5343afe0d50846e0a8f342b)
* libcli/smb: allow unexpected padding in SMB2 READ responsesStefan Metzmacher2021-07-211-4/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make use of smb2cli_parse_dyn_buffer() in smb2cli_read_done() as it was exactly introduced for a similar problem see: commit 4c6c71e1378401d66bf2ed230544a75f7b04376f Author: Stefan Metzmacher <metze@samba.org> AuthorDate: Thu Jan 14 17:32:15 2021 +0100 Commit: Volker Lendecke <vl@samba.org> CommitDate: Fri Jan 15 08:36:34 2021 +0000 libcli/smb: allow unexpected padding in SMB2 IOCTL responses A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an offset that's already 8 byte aligned. RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Pair-Programmed-With: Volker Lendecke <vl@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184 RN: Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 15 23:53:55 UTC 2021 on sn-devel-184 (cherry picked from commit 155348cda65b441a6c4db1ed84dbf1682d02973c)
* libcli/smb: make smb2cli_ioctl_parse_buffer() available as ↵Stefan Metzmacher2021-07-213-107/+116
| | | | | | | | | | | | smb2cli_parse_dyn_buffer() It will be used in smb2cli_read.c soon... BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 1faf15b3d0f41fa8a94b76d1616a4460ce0c6fa4)
* s4:torture/smb2: add smb2.read.bug14607 testStefan Metzmacher2021-07-211-0/+2
| | | | | | | | | | | | | | | This test will use a FSCTL_SMBTORTURE_GLOBAL_READ_RESPONSE_BODY_PADDING8 in order to change the server behavior of READ responses regarding the data offset. It will demonstrate the problem in smb2cli_read*() triggered by NetApp Ontap servers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit b3c9823d907b91632679e6f0ffce1b7192e4b9b6)
* libcli/smb: add support for SMB2_SIGNING_AES128_GMACStefan Metzmacher2021-07-153-1/+142
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: actually make use of "client/server smb3 signing algorithms"Stefan Metzmacher2021-07-153-1/+35
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: prepare support for SMB2_SIGNING_CAPABILITIES negotiationStefan Metzmacher2021-07-153-0/+159
| | | | | | | | For now client_sign_algos->num_algos will always be 0, but that'll change in the next commits. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: make sure smb2_signing_calc_signature() never generates a ↵Stefan Metzmacher2021-07-151-0/+32
| | | | | | | | | | | signature without a valid MID This is important as AES-128-GMAC signing will derive the NONCE from the MID. It also means a STATUS_PENDING response must never be signed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: make sure we always send a valid MID in cancel PDUsStefan Metzmacher2021-07-151-3/+21
| | | | | | | | This is important as with AES-128-GMAC signing, the nonce will be derived from the MID. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: skip session setup signing for REQUEST_OUT_OF_SEQUENCE, ↵Stefan Metzmacher2021-07-151-0/+40
| | | | | | | | | | | NOT_SUPPORTED and ACCESS_DENIED We should propagate these errors to the caller instead of masking them with ACCESS_DENIED. And for ACCESS_DENIED we should not disconnect the connection. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add smb2cli_conn_server_{signing,encryption}_algo()Stefan Metzmacher2021-07-152-0/+12
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add SMB2_SIGNING_CAPABILITIES related defines to smb2_constants.hStefan Metzmacher2021-07-151-0/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add SMB2_RDMA_TRANSFORM_CAPABILITIES related defines to ↵Stefan Metzmacher2021-07-151-0/+6
| | | | | | | smb2_constants.h Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add SMB2_TRANSPORT_CAPABILITIES related defines to smb2_constants.hStefan Metzmacher2021-07-151-0/+4
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add aes-256-{gcm,ccm} support to smb2_signing_[en|de]crypt_pdu()Stefan Metzmacher2021-07-155-3/+42
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add smb311_capabilities_check() helperStefan Metzmacher2021-07-152-0/+59
| | | | | | | | It checks that the resulting algorithms (most likely for dialects < 3.1.1) are actually allowed. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: let 'client smb3 encryption algorithms' disable aes-128-ccm for ↵Stefan Metzmacher2021-07-151-0/+29
| | | | | | | | | | SMB3_0* SMB 3.0 and 3.0.2 require aes-128-ccm, so we need to reject them unless 'client smb3 encryption algorithms' allows them. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: add helpers to parse client/server smb3 encryption algorithms ↵Stefan Metzmacher2021-07-152-0/+105
| | | | | | | into struct smb311_capabilities Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: remove unused PROTOCOL_SMB3_10 definitionStefan Metzmacher2021-07-152-3/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: replace PROTOCOL_SMB3_10 with PROTOCOL_SMB3_11Stefan Metzmacher2021-07-153-10/+10
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: remove unused PROTOCOL_SMB2_24 definitionStefan Metzmacher2021-07-152-3/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: replace PROTOCOL_SMB2_24 with PROTOCOL_SMB3_00Stefan Metzmacher2021-07-152-7/+7
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: remove unused PROTOCOL_SMB2_22 definitionStefan Metzmacher2021-07-152-3/+0
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: replace PROTOCOL_SMB2_22 with PROTOCOL_SMB3_00Stefan Metzmacher2021-07-151-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: no longer use experimental dialects 2.2.2, 2.2.4, 3.1.0 on the wireStefan Metzmacher2021-07-151-3/+0
| | | | | | | | These were only used in Windows development versions but not in production. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: let smb2_negotiate_context_parse() only parse the expected ↵Stefan Metzmacher2021-07-123-9/+21
| | | | | | | | | | | | | | | number of contexts Any garbage at the end needs to be ignored. This fixes the Negotiate_SMB311_ContextID_NetName test from: https://github.com/microsoft/WindowsProtocolTestSuites/blob/main/TestSuites/FileServer/src/SMB2/TestSuite/Negotiate/Negotiation.cs#L730 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Jul 12 21:25:21 UTC 2021 on sn-devel-184
* libcli: Move map_errno_from_nt_status from s3 lib to common libcliSamuel Cabrero2021-07-082-0/+145
| | | | | Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli:nbt: Migrate nmblookup4 to new cmdline option parserAndreas Schneider2021-06-202-11/+41
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix gcc11 compiler issue "-Werror=maybe-uninitialized"Günther Deschner2021-05-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14699 ../../source4/dsdb/common/util_links.c: In function ‘ndr_guid_compare’: ../../source4/dsdb/common/util_links.c:38:29: error: ‘v1_data’ may be used uninitialized [-Werror=maybe-uninitialized] 38 | struct ldb_val v1 = data_blob_const(v1_data, sizeof(v1_data)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/dsdb/common/util_links.c:22: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/dsdb/common/util_links.c:37:17: note: ‘v1_data’ declared here 37 | uint8_t v1_data[16]; | ^~~~~~~ cc1: all warnings being treated as errors [1729/3991] Compiling source3/smbd/smbXsrv_open.c ../../libcli/auth/smbencrypt.c: In function ‘decode_wkssvc_join_password_buffer’: ../../libcli/auth/smbencrypt.c:1045:32: error: ‘_confounder’ may be used uninitialized [-Werror=maybe-uninitialized] 1045 | DATA_BLOB confounder = data_blob_const(_confounder, 8); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../libcli/auth/smbencrypt.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../libcli/auth/smbencrypt.c:1044:17: note: ‘_confounder’ declared here 1044 | uint8_t _confounder[8]; | ^~~~~~~~~~~ cc1: all warnings being treated as errors [2624/3991] Compiling source4/torture/rpc/samr.c ../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user2’: ../../source3/rpc_client/cli_samr.c:158:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 158 | DATA_BLOB session_key = data_blob_const(old_nt_hash, 16); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source3/../lib/util/samba_util.h:48, from ../../source3/include/includes.h:256, from ../../source3/rpc_client/cli_samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source3/rpc_client/cli_samr.c:152:17: note: ‘old_nt_hash’ declared here 152 | uint8_t old_nt_hash[16]; | ^~~~~~~~~~~ ../../source3/rpc_client/cli_samr.c: In function ‘dcerpc_samr_chgpasswd_user3’: ../../source3/rpc_client/cli_samr.c:365:33: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 365 | DATA_BLOB session_key = data_blob_const(old_nt_hash, 16); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source3/../lib/util/samba_util.h:48, from ../../source3/include/includes.h:256, from ../../source3/rpc_client/cli_samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source3/rpc_client/cli_samr.c:358:17: note: ‘old_nt_hash’ declared here 358 | uint8_t old_nt_hash[16]; | ^~~~~~~~~~~ cc1: all warnings being treated as errors [3399/3991] Compiling source3/rpcclient/cmd_spotlight.c ../../source3/smbd/smbXsrv_open.c: In function ‘smbXsrv_open_set_replay_cache’: ../../source3/smbd/smbXsrv_open.c:936:26: error: ‘data’ may be used uninitialized [-Werror=maybe-uninitialized] 936 | DATA_BLOB blob = data_blob_const(data, ARRAY_SIZE(data)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source3/../lib/util/samba_util.h:48, from ../../source3/include/includes.h:256, from ../../source3/smbd/smbXsrv_open.c:21: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source3/smbd/smbXsrv_open.c:935:17: note: ‘data’ declared here 935 | uint8_t data[SMBXSRV_OPEN_REPLAY_CACHE_FIXED_SIZE]; | ^~~~ cc1: all warnings being treated as errors ../../source3/rpcclient/cmd_spotlight.c: In function ‘cmd_mdssvc_fetch_properties’: ../../source3/rpcclient/cmd_spotlight.c:60:18: error: ‘share_path’ may be used uninitialized [-Werror=maybe-uninitialized] 60 | status = dcerpc_mdssvc_open(b, mem_ctx, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 61 | &device_id, | ~~~~~~~~~~~ 62 | &unkn1, | ~~~~~~~ 63 | &unkn2, | ~~~~~~~ 64 | argv[2], | ~~~~~~~~ 65 | argv[1], | ~~~~~~~~ 66 | share_path, | ~~~~~~~~~~~ 67 | &share_handle); | ~~~~~~~~~~~~~~ In file included from ../../source3/rpcclient/cmd_spotlight.c:24: source3/../librpc/gen_ndr/ndr_mdssvc_c.h:26:10: note: by argument 8 of type ‘const char *’ to ‘dcerpc_mdssvc_open’ declared here 26 | NTSTATUS dcerpc_mdssvc_open(struct dcerpc_binding_handle *h, | ^~~~~~~~~~~~~~~~~~ ../../source3/rpcclient/cmd_spotlight.c:40:14: note: ‘share_path’ declared here 40 | char share_path[1025]; | ^~~~~~~~~~ cc1: all warnings being treated as errors ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2’: ../../source4/torture/rpc/samr.c:2266:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2266 | = data_blob_const(old_nt_hash, sizeof(old_nt_hash)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2263:17: note: ‘old_nt_hash’ declared here 2263 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser2_ntstatus’: ../../source4/torture/rpc/samr.c:2371:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2371 | = data_blob_const(old_nt_hash, sizeof(old_nt_hash)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2368:17: note: ‘old_nt_hash’ declared here 2368 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordUser3’: ../../source4/torture/rpc/samr.c:2478:38: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2478 | DATA_BLOB old_nt_hash_blob = data_blob_const(old_nt_hash, 16); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2473:17: note: ‘old_nt_hash’ declared here 2473 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ ../../source4/torture/rpc/samr.c: In function ‘test_ChangePasswordRandomBytes’: ../../source4/torture/rpc/samr.c:2794:19: error: ‘old_nt_hash’ may be used uninitialized [-Werror=maybe-uninitialized] 2794 | = data_blob_const(old_nt_hash, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ 2795 | sizeof(old_nt_hash)); | ~~~~~~~~~~~~~~~~~~~~ In file included from ../../source4/../lib/util/samba_util.h:48, from ../../source4/include/includes.h:62, from ../../source4/torture/rpc/samr.c:24: ../../lib/util/data_blob.h:116:20: note: by argument 1 of type ‘const void *’ to ‘data_blob_const’ declared here 116 | _PUBLIC_ DATA_BLOB data_blob_const(const void *p, size_t length); | ^~~~~~~~~~~~~~~ ../../source4/torture/rpc/samr.c:2792:17: note: ‘old_nt_hash’ declared here 2792 | uint8_t old_nt_hash[16], new_nt_hash[16]; | ^~~~~~~~~~~ cc1: all warnings being treated as errors Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* tests: Fix "-Werror=maybe-uninitialized" errors only seen with -O3 and ↵Andrew Bartlett2021-04-281-4/+4
| | | | | | | --enable-coverage Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* libcli: Fix parsing access flags from multiple tablesVolker Lendecke2021-04-211-9/+37
| | | | | | | | | | | | | | We have to look at all available mappings for parsing sddl for each special flag set. "GW" and "FX" come from two different tables, but the previous code settled on one table and then expected both "GW" and "FX" to come from that same table. Change the code to look at all tables per special flag set. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Apr 21 00:04:36 UTC 2021 on sn-devel-184
* libcli: Factor out sddl_map_flag()Volker Lendecke2021-04-201-14/+37
| | | | | | | | | We have to look at more than one map, "FRSD" is not correctly handled right now for example. This factors out walking a map to make walking multiple maps easier. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Simplify sddl_encode_ace()Volker Lendecke2021-04-191-10/+10
| | | | | | | | Use GUID_buf_string() instead of GUID_string() for encoding objects, no need to check for NULL anymore. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* librpc: Remove the gensec dependency from library dcerpc-bindingVolker Lendecke2021-04-061-1/+9
| | | | | | | | | | | | This means yet another library, but having to depend on gensec just for dcerpc_parse_binding() and basic packet parsing seems like a bit overkill to me. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Apr 6 23:33:14 UTC 2021 on sn-devel-184
* tstream: Add tstream_npa_existing_stream()Volker Lendecke2021-04-012-14/+32
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Apr 1 20:36:19 UTC 2021 on sn-devel-184
* tstream_npa: Allow NULL output parametersVolker Lendecke2021-04-011-7/+19
| | | | | | | | When reading the info4, the substructs might not be interesting for you. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tstream_npa: Return named_pipe_auth_req_info4 from accept_existingVolker Lendecke2021-04-012-20/+83
| | | | | | | | Callers might want the full picture. We need to make named_pipe_auth_req_info4 public for that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tstream_npa: Keep "named_pipe_auth_req" around in ↵Volker Lendecke2021-04-011-13/+9
| | | | | | | | | | tstream_npa_accept_existing_send()/recv() This will make it simpler to return a copy of the struct named_pipe_auth_req_info4 in the next commit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli smb smb2: Use correct enumeration typeGary Lockyer2021-03-291-1/+1
| | | | | | | | | | | | | | | | | | Clang gives the following error: ../../libcli/smb/smb2_signing.c:547:48: error: implicit conversion from enumeration type 'gnutls_mac_algorithm_t' to different enumeration type 'gnutls_digest_algorithm_t' [-Werror,-Wenum-conversion] const size_t digest_len = gnutls_hash_get_len(GNUTLS_MAC_SHA256); ~~~~~~~~~~~~~~~~~~~ ^~~~~~~~~~~~~~~~~ Should be using GNUTLS_DIG_SHA256, which is set to GNUTLS_MAC_SHA256. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon Mar 29 23:19:24 UTC 2021 on sn-devel-184
* libcli: Add file specific access flags to sddlVolker Lendecke2021-03-241-1/+11
| | | | | | | | | | | | | | See https://docs.microsoft.com/en-us/windows/win32/secauthz/ace-strings for reference. We can only use them for decoding, many of our tests depend on our string representation of the flags. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: make use of smb3_capabilities.encryptionStefan Metzmacher2021-03-171-18/+63
| | | | | | | | | This avoids a hardcoded list of possible ciphers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: introduce struct smb3_encryption_capabilitiesStefan Metzmacher2021-03-171-1/+7
| | | | | | | | | | This will allow us to control the offered ciphers from the callers later. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: pass smb3_capabilities to smbXcli_conn_create()Stefan Metzmacher2021-03-172-2/+9
| | | | | | | | | Passing NULL means use none. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: introduce struct struct smb311_capabilitiesStefan Metzmacher2021-03-171-0/+4
| | | | | | | | | | This will be filled later with supported ciphers and other things that can be negotiated in SMB >= 3.1.1. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: don't copy the key to a stack variable in ↵Stefan Metzmacher2021-03-171-20/+14
| | | | | | | | | smb2_signing_{encrypt,decrypt}_pdu() The key size should always match now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()Stefan Metzmacher2021-03-173-6/+4
| | | | | | | | | | The cipher algorithm is already passed via smb2_signing_key->chipher_algo_id. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()Stefan Metzmacher2021-03-173-18/+2
| | | | | | | | | | The signing algorithm is already passed via smb2_signing_key->sign_algo_id. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: make smb2_signing_key_destructor staticStefan Metzmacher2021-03-172-3/+1
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() ↵Stefan Metzmacher2021-03-171-124/+62
| | | | | | | | | in smbXcli_base. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status