summaryrefslogtreecommitdiff
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
* libcli/smb: Fix compiler errors when building with --address-sanitizerAndrew Bartlett2016-06-161-2/+2
| | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* libcli/auth: let msrpc_parse() return talloc'ed empty stringsStefan Metzmacher2016-05-091-4/+20
| | | | | | | | | | | | | This make it more predictable for the callers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912 BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1334356 BUG: https://launchpad.net/bugs/1578576 Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144
* typo: mplementation => implementationGarming Sam2016-05-065-5/+5
| | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* libcli/security: implement SECURITY_GUESTStefan Metzmacher2016-04-284-0/+12
| | | | | | | | | | SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/smb: add smbXcli_session_is_guest() helper functionStefan Metzmacher2016-04-282-0/+25
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/smb: add SMB1 session setup action flagsStefan Metzmacher2016-04-281-0/+6
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/smb: add smb1cli_session_set_action() helper functionStefan Metzmacher2016-04-282-0/+9
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().Günther Deschner2016-04-281-0/+4
| | | | | | | | | | Guenther BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841 Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli:smb2: Use constant time memcmp() to verify the signatureAndreas Schneider2016-04-191-1/+1
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5370: libcli/smb: use a max timeout of 1 second in ↵Stefan Metzmacher2016-04-121-0/+4
| | | | | | | | | tstream_smbXcli_np_destructor() BUG: https://bugzilla.samba.org/show_bug.cgi?id=11344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULTRalph Boehme2016-04-122-0/+2
| | | | | | | | | | SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening RPC connections. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* CVE-2016-2114: libcli/smb: let mandatory signing imply allowed signingRalph Boehme2016-04-121-0/+4
| | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11687 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2111: libcli/auth: add NTLMv2_RESPONSE_verify_netlogon_creds() ↵Stefan Metzmacher2016-04-122-1/+138
| | | | | | | | | | | | helper function This is the function that prevents spoofing like Microsoft's CVE-2015-0005. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2110: libcli/auth: pass server_timestamp to SMBNTLMv2encrypt_hash()Stefan Metzmacher2016-04-122-9/+28
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2110: libcli/auth: add SPNEGO_REQUEST_MIC to enum spnego_negResultStefan Metzmacher2016-04-121-1/+5
| | | | | | | | | This is defined in http://www.ietf.org/rfc/rfc4178.txt. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* CVE-2016-2110: libcli/auth: use enum spnego_negResult instead of uint8_tStefan Metzmacher2016-04-122-2/+5
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
* libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.Günther Deschner2016-03-222-0/+6
| | | | | | | | Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* ASN1: use a talloc context in read_contextSimpleDouglas Bagnall2016-03-091-5/+5
| | | | | | | Pair-programmed-with: Garming Sam <garming@catalyst.net.nz> Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* s3:smbd: rework negprot remote arch detectionJustin Maggard2016-03-031-1/+0
| | | | | | | | | | Negprot remote arch detection is very cryptic. Rework it so it's easier to understand, and therefore more extensible, following the protocol table in inline comments. This also allows us to remove some hacks. Signed-off-by: Justin Maggard <jmaggard10@gmail.com> Reviewed-by: Ralph Boehme <rb@sernet.de> Reviewed-by: Jeremy Allison <jra@samba.org>
* netlogon_creds_cli: use dbwrap_purge instead of dbwrap_delete where appropriateMichael Adam2016-03-011-10/+4
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* libcli: Fix debug message, print sid string for new_ace trustee.Noel Power2016-02-161-1/+1
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Uri Simchoni <uri@samba.org> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
* dlist: remove unneeded type argument from DLIST_ADD_END()Michael Adam2016-02-063-8/+7
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* spnego: Some simplificationsVolker Lendecke2016-02-031-4/+3
| | | | | | | | asn1_tag_remaining already checks for has_error and only returns positive if there is error-free space left Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* ldap: Correctly check asn1_tag_remaining retvalVolker Lendecke2016-02-031-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* libcli/smb: add define SMB_ENCRYPTION_GSSAPI for CIFS encryption typeRalph Boehme2016-01-221-1/+1
| | | | | | | | | | | | | | | Add a define for the CIFS UNIX extensions encryption type. We store this in smbXsrv_channel and use it in smbstatus for showing the CIFS/SMB2/SMB3 encryption cipher used. The SMB3 encryption cipher constants start at 1, carefully choosing the highest available bit for the CIFS UNIX extensions encryption cipher should avoid collisions and leaves room for many SMB3 ciphers in the future. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* security: Add Asserted Identity sids (S-1-18)Günther Deschner2016-01-152-0/+11
| | | | | | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=11677 definitions taken from [MS-DTYP]: Windows Data Types, 2.4.2.4 Well-Known SID Structures. Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Rename 'errors' to 'samba-errors' and make it public.Jelmer Vernooij2016-01-134-5/+7
| | | | | | | | | | | This is necessary because it has public headers. Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Jan 13 07:47:04 CET 2016 on sn-devel-144
* libcli: Make headers for private libraries private.Jelmer Vernooij2016-01-132-5/+4
| | | | | | Signed-off-by: Jelmer Vernooij <jelmer@jelmer.uk> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org>
* Add a new header file for functions in lib/util/util.c.Jelmer Vernooij2016-01-131-0/+2
| | | | | | | | | This allows public headers to not include samba_util.h, but rather specific header files under lib/util. Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org>
* Avoid including libds/common/roles.h in public loadparm.h header.Jelmer Vernooij2016-01-131-0/+1
| | | | | | Signed-Off-By: Jelmer Vernooij <jelmer@samba.org> Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-By: Stefan Metzmacher <metze@samba.org>
* samdb: Add explicit dependency on ldb.Jelmer Vernooij2016-01-131-1/+1
| | | | | | This is needed to pull in the right -I flags. Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
* libcli: Remove a reference to asn1->ofsVolker Lendecke2016-01-061-7/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_current_ofs()Volker Lendecke2016-01-061-2/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_has_nestingVolker Lendecke2016-01-061-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_extract_blob()Volker Lendecke2016-01-062-6/+9
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_set_error()Volker Lendecke2016-01-061-10/+10
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib: Use asn1_has_error()Volker Lendecke2016-01-062-17/+21
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* asn1: Make asn1_peek_full_tag return 0/errnoVolker Lendecke2016-01-061-1/+8
| | | | | | | | We don't need the full power of NTSTATUS here. This was the only NTSTATUS in asn1.h, so I think it's worth removing it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* CVE-2015-5296: libcli/smb: make sure we require signing when we demand ↵Stefan Metzmacher2015-12-161-0/+11
| | | | | | | | | encryption on a session BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libdns: Small cleanupVolker Lendecke2015-12-081-2/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libdns: Convert dns_udp_request to 0/errnoVolker Lendecke2015-12-082-21/+20
| | | | | | | Replaces 5 calls to unix_to_werror with just one Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libdns: Properly set ENOMEMVolker Lendecke2015-12-081-0/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libdns: tsocket returns -1 and sets errnoVolker Lendecke2015-12-081-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: fix BUFFER_OVERFLOW handling in tstream_smbXcli_npStefan Metzmacher2015-12-011-3/+10
| | | | | | | | | | | | | | | | | | The special error is not NT_STATUS_BUFFER_TOO_SMALL, but STATUS_BUFFER_OVERFLOW. Tested using TSTREAM_SMBXCLI_NP_MAX_BUF_SIZE == 20 and running the following commands against a Windows 2012R2 server: bin/smbtorture ncacn_np:SERVER[] rpc.lsa-getuser bin/smbtorture ncacn_np:SERVER[smb2] rpc.lsa-getuser BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Dec 1 03:42:52 CET 2015 on sn-devel-104
* libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in smb1cli_readx*Stefan Metzmacher2015-12-011-18/+35
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in smb2cli_query_info*Stefan Metzmacher2015-12-011-5/+19
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: correctly handle STATUS_BUFFER_OVERFLOW in smb2cli_read*Stefan Metzmacher2015-12-011-5/+21
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11623 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: make sure we have a body size of 0x31 before dereferencing an ↵Stefan Metzmacher2015-12-011-37/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ioctl response Found by valgrind, reported by Noel Power <nopower@suse.com>: ==7913== Invalid read of size 1 ==7913== at 0xC4F23EE: smb2cli_ioctl_done (smb2cli_ioctl.c:245) ==7913== by 0x747A744: _tevent_req_notify_callback (tevent_req.c:112) ==7913== by 0x747A817: tevent_req_finish (tevent_req.c:149) ==7913== by 0x747A93C: tevent_req_trigger (tevent_req.c:206) ==7913== by 0x7479B2B: tevent_common_loop_immediate (tevent_immediate.c:135) ==7913== by 0xA9CB4BE: run_events_poll (events.c:192) ==7913== by 0xA9CBB32: s3_event_loop_once (events.c:303) ==7913== by 0x7478C72: _tevent_loop_once (tevent.c:533) ==7913== by 0x747AACD: tevent_req_poll (tevent_req.c:256) ==7913== by 0x505315D: tevent_req_poll_ntstatus (tevent_ntstatus.c:109) ==7913== by 0xA7201F2: cli_tree_connect (cliconnect.c:2764) ==7913== by 0x165FF7: cm_prepare_connection (winbindd_cm.c:1276) ==7913== Address 0x16ce24ec is 764 bytes inside a block of size 813 alloc'd ==7913== at 0x4C29110: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==7913== by 0x768A0C1: __talloc_with_prefix (talloc.c:668) ==7913== by 0x768A27E: _talloc_pool (talloc.c:721) ==7913== by 0x768A41E: _talloc_pooled_object (talloc.c:790) ==7913== by 0x747A594: _tevent_req_create (tevent_req.c:66) ==7913== by 0xCF6E2FA: read_packet_send (async_sock.c:414) ==7913== by 0xCF6EB54: read_smb_send (read_smb.c:54) ==7913== by 0xC4DA146: smbXcli_conn_receive_next (smbXcli_base.c:1027) ==7913== by 0xC4DA02D: smbXcli_req_set_pending (smbXcli_base.c:978) ==7913== by 0xC4DF776: smb2cli_req_compound_submit (smbXcli_base.c:3166) ==7913== by 0xC4DFC1D: smb2cli_req_send (smbXcli_base.c:3268) ==7913== by 0xC4F2210: smb2cli_ioctl_send (smb2cli_ioctl.c:149) ==7913== BUG: https://bugzilla.samba.org/show_bug.cgi?id=11622 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli/smb: Use helper function for finding sessionChristof Schmitt2015-11-181-19/+18
| | | | | | | | | | This removes some duplicated code. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 18 04:04:17 CET 2015 on sn-devel-104
* repl: Give an error if we get a secret when not expecting oneAndrew Bartlett2015-10-262-0/+7
| | | | | | | | | We should never get a secret from a server when we specify DRSUAPI_DRS_SPECIAL_SECRET_PROCESSING This asserts that this is the case. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
View Lorry Controller Status