summaryrefslogtreecommitdiff
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
* lib: Add dom_sid_str_bufVolker Lendecke2019-03-122-0/+12
| | | | | | | | | | | | | | | | | This is modeled after server_id_str_buf, which as an API to me is easier to use: I can rely on the compiler to get the buffer size right. It is designed to violate README.Coding's "Make use of helper variables", but as this API is simple enough and the output should never be a surprise at all, I think that's worth it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144 (cherry picked from commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7)
* libcli/security: fix handling of deny type ACEs in access_check_max_allowed()Ralph Boehme2019-03-111-1/+1
| | | | | | | | | | | | | | Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8d355dd9769e8990ce998b4c9f28977669b43616) Autobuild-User(v4-8-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-8-test): Mon Mar 11 13:04:13 UTC 2019 on sn-devel-144
* libcli/security: correct access check and maximum access calculation for ↵Ralph Boehme2019-03-111-67/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Owner Rights ACEs We basically must process the Owner Rights ACEs as any other ACE wrt to the order of adding granted permissions and checking denied permissions. According to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over the ACEs in an ACL and the corresponding access_mask must be directly applied to bits_remaining. We currently defer this to after the loop over the ACEs in ACL, this is wrong. We just have to do some initial magic to determine if an ACL contains and Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP: -- the owner of an object is always granted READ_CONTROL and WRITE_DAC. CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst) IF SidInToken returns True THEN IF DACL does not contain ACEs from object owner THEN Remove READ_CONTROL and WRITE_DAC from RemainingAccess Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER END IF END IF BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9722f75757c0e38c7f42c7cc310d56aa6eaf6392)
* libcli/security: add "Owner Rights" calculation to access_check_max_allowed()Ralph Boehme2019-03-111-5/+28
| | | | | | | | | | | | | | This was missing in 44590c1b70c0a24f853c02d5fcdb3c609401e2ca. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144 (cherry picked from commit 5cf0764bc4b65dbc59d8626760dbe946a2234833)
* libcli: Add error log if insufficient SMB2 creditsTim Beale2019-02-011-0/+3
| | | | | | | | | | | | | Although it's unusual to hit this case, I was seeing it happen while working on the SMB python bindings. Even with debug level 10, there was nothing coming out to help pin down the source of the NT_STATUS_INTERNAL_ERROR. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit bf229de7926f12e329cdb3201f68f20ae776fe32)
* libcli/security: add dom_sid_lookup_is_predefined_domain()Ralph Boehme2018-12-072-0/+34
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1)
* libcli/smb: don't overwrite status codeRalph Boehme2018-12-041-5/+7
| | | | | | | | | | | | | | | | The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug 9175 never worked, as the preceeding signing check overwrote the status variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 (cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
* libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()Ralph Boehme2018-11-231-1/+16
| | | | | | | | | | | | This can be used by the upper layers to force checking a response is signed. It will be used to implement verification of session setup reauth responses in a torture test. That comes next. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 53fe148476a5566b7a8204d7e44b6e75ce7d45bc)
* libcli/smb: defer singing check a little bitRalph Boehme2018-11-231-6/+6
| | | | | | | | | | | | | | This allows adding an additional condition to the if check where the condition state may be modified in the "if (opcode == SMB2_OP_SESSSETUP)" case directly above. No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 7abf3900218e3d27c075b405735b2c38ec0fc4ca)
* libcli/smb: maintain require_signed_response in smbXcli_req_stateRalph Boehme2018-11-231-0/+3
| | | | | | | | | | Not used for now, that comes next. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 67cfb01611869b7590ccd836dd13a80e53545714)
* libcli/smb: add smb2cli_session_require_signed_response()Ralph Boehme2018-11-232-0/+9
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)
* libcli: fill endtime if smbXcli_req_create() timeout is non-zeroRalph Boehme2018-11-061-8/+4
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e7eec24d27b8694fd7626577a2aca05e99045964)
* libcli: add smbXcli_req_endtimeRalph Boehme2018-11-062-0/+11
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 94ad5ee662a5bfe1c79d8a9c3fcf51d0a1d652c7)
* CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled ↵Günther Deschner2018-08-111-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | via "ntlm auth". This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0. Found by Vivek Das <vdas@redhat.com> (Red Hat QE). In order to demonstrate simply run: smbclient //server/share -U user%password -mNT1 -c quit \ --option="client ntlmv2 auth"=no \ --option="client use spnego"=no against a server that uses "ntlm auth = ntlmv2-only" (our default setting). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check()Günther Deschner2018-08-111-4/+4
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check()Andrew Bartlett2018-08-112-0/+426
| | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rightsTim Beale2018-08-111-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | An 'Object Access Allowed' ACE that assigned 'Control Access' (CR) rights to a specific attribute would not actually grant access. What was happening was the remaining_access mask for the object_tree nodes would be Read Property (RP) + Control Access (CR). The ACE mapped to the schemaIDGUID for a given attribute, which would end up being a child node in the tree. So the CR bit was cleared for a child node, but not the rest of the tree. We would then check the user had the RP access right, which it did. However, the RP right was cleared for another node in the tree, which still had the CR bit set in its remaining_access bitmap, so Samba would not grant access. Generally, the remaining_access only ever has one bit set, which means this isn't a problem normally. However, in the Control Access case there are 2 separate bits being checked, i.e. RP + CR. One option to fix this problem would be to clear the remaining_access for the tree instead of just the node. However, the Windows spec is actually pretty clear on this: if the ACE has a CR right present, then you can stop any further access checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
* CVE-2018-10919 security: Add more comments to the object-specific access checksTim Beale2018-08-111-8/+22
| | | | | | | | | Reading the spec and then reading the code makes sense, but we could comment the code more so it makes sense on its own. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
* CVE-2018-10919 security: Move object-specific access checks into separate ↵Tim Beale2018-08-111-27/+59
| | | | | | | | | | | | | | | | function Object-specific access checks refer to a specific section of the MS-ADTS, and the code closely matches the spec. We need to extend this logic to properly handle the Control-Access Right (CR), so it makes sense to split the logic out into its own function. This patch just moves the code, and should not alter the logic (apart from ading in the boolean grant_access return variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
* libsmb: Handle long-running smb2cli_notifyVolker Lendecke2018-04-191-9/+45
| | | | | | | | | | | | | | This likely runs into a timeout. Properly cancel the smb2 request, allowing the higher-level caller to re-issue this request on an existing handle. I did not see a proper way to achieve this with tevent_req_set_endtime or something like that. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13382 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 91c0f497816bb88d8935a8a79c146c08379ecf53)
* libcli/security: only announce a session as GUEST if 'Builtin\Guests' is ↵Ralph Boehme2018-03-201-7/+11
| | | | | | | | | | there without 'Authenticated User' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit f564847c8e9d31fe07dd3cbf435986b36f097fa3)
* libcli/security: add dom_sid_lookup_predefined_{sid,name}()Stefan Metzmacher2018-02-272-0/+512
| | | | | | | | | | | This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit d7780c66866144eba59408c03af50256825165ba)
* smbXcli: Add "force_channel_sequence"Volker Lendecke2018-01-142-1/+18
| | | | | | | | | | | This enables use of the channel sequence number even for non-multi-channel servers. This makes our client invalid, but we need to protect against broken clients with tests. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* dnscli: Make a few functions staticVolker Lendecke2018-01-062-56/+18
| | | | | | | | We might want to use the tcp flavor in the future in the forwarder for a single, persistent TCP connection. Then we can easily re-publish it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libdns: Add dns_cli_requestVolker Lendecke2018-01-043-2/+209
| | | | | | First UDP, then TCP if truncation happened Signed-off-by: Volker Lendecke <vl@samba.org>
* libdns: dns/tcp clientVolker Lendecke2018-01-042-0/+229
| | | | | | | | | | | Same signature as the UDP client in the same file. This opens and closes the socket per request. In the future, we might want to create a persistent TCP connection for our internal DNS server's forwarder. That will require proper handling of in-flight requests. Something for another day. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libdns: Fix a typoVolker Lendecke2018-01-041-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* lib/smbreadline: detect picky compile issue with readline.hUri Simchoni2017-11-241-0/+33
| | | | | | | | | | | | | | readline.h has build issues with clang if -Wstrict-prototypes is enabled. Detect this and also detect whether the known workaround works. Fix suggested by Timur I. Bakeyev <timur@freebsd.org> cf. https://lists.gnu.org/archive/html/bug-readline/2014-04/msg00018.html cf. https://lists.samba.org/archive/samba-technical/2017-November/123923.html Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* lib: Save a few bytes of .textVolker Lendecke2017-11-131-1/+1
| | | | | | | | Looks surprising, but this does save bytes if you look at the object with "size". Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Fix a signed/unsigned hickupVolker Lendecke2017-11-131-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Fix a typoVolker Lendecke2017-11-101-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Richard Sharpe <sharpe@samba.org>
* vfs_fruit: Add Time Machine supportKevin Anderson2017-10-041-0/+1
| | | | | | | | | Add a configuration option to disable/enable Time Machine support via the FULLSYNC AAPL flag. Signed-off-by: Kevin Anderson <andersonkw2@gmail.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* netlogon_creds_cli: Pass "capabilities" up from creds_cli_checkVolker Lendecke2017-09-252-5/+15
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Protect netlogon_creds_cli_auth by _lckVolker Lendecke2017-09-251-60/+2
| | | | | | | | | This widens the lock range to cover the check for established credentials. Before this patch it could happen that more than one winbind finds no credentials and does the auth3. This can pile up. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Protect netlogon_creds_cli_check by _lckVolker Lendecke2017-09-251-63/+38
| | | | | | | netlogon_creds_cli_lck provides the locking around the operation Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Add netlogon_creds_cli_delete_lckVolker Lendecke2017-09-252-0/+15
| | | | | | | | Like netlogon_creds_cli_delete, protected by netlogon_creds_cli_lck instead of netlogon_creds_cli_lock. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Add netlogon_creds_cli_lckVolker Lendecke2017-09-252-0/+163
| | | | | | | | | | This adds an external locking scheme to protect our netlogon_creds_CredentialState. This is needed because the routines exposed by netlogon_creds_cli.h need a more flexible locking to set up our credentials in a properly protected way. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* rpc_client3: Avoid "cli_credentials" in cli_rpc_pipe_open_schannel_with_credsVolker Lendecke2017-09-251-0/+1
| | | | | | | | | This provides cleaner data dependencies. A netlogon_creds_ctx contains everything required to open an schannel, there is no good reason to require cli_credentials here. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Create cli_credentials from netlogon creds ctxVolker Lendecke2017-09-252-0/+36
| | | | | | | | A netlogon_creds_cli_context holds all information required to do an schannel bind. Used in the next commit. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Factor out netlogon_creds_cli_delete_internalVolker Lendecke2017-09-251-7/+10
| | | | | | | | In a future commit we'll need a version that does not check for context->db.locked_state Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Factor out netlogon_creds_cli_store_internalVolker Lendecke2017-09-251-16/+26
| | | | | | | | In a future commit we'll need a version that does not check for context->db.locked_state Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Print netlogon_creds_CredentialStateVolker Lendecke2017-09-251-0/+8
| | | | | | | Add some debugging for the tdb records Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Simplify netlogon_creds_cli_getVolker Lendecke2017-09-251-70/+11
| | | | | | | | netlogon_creds_cli_get_internal almost does everything needed, only the invalidating for credential chain use is missing. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Rename netlogon_creds_cli_lock_fetch->get_internalVolker Lendecke2017-09-251-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Transfer a commentVolker Lendecke2017-09-251-0/+32
| | | | | | | This part of from netlogon_creds_cli_get will go Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Remove tevent_req handling from ↵Volker Lendecke2017-09-251-21/+26
| | | | | | | | | | netlogon_creds_cli_lock_fetch Disentangle concerns, make netlogon_creds_cli_lock_fetch usable for other callers Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Remove unused codeVolker Lendecke2017-09-252-51/+0
| | | | | | | According to metze this was meant for test code that never materialized Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Simplify netlogon_creds_cli_deleteVolker Lendecke2017-09-252-15/+16
| | | | | | | Don't implicitly TALLOC_FREE(creds) in the pure delete routine Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Simplify netlogon_creds_cli_storeVolker Lendecke2017-09-252-17/+18
| | | | | | | | | Don't implicitly TALLOC_FREE(creds) in the pure store routine. This mixes up responsibilities, and there's not enough callers to justify the TALLOC_FREE to be centralized. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* netlogon_creds_cli: Simplify netlogon_creds_cli_context_globalVolker Lendecke2017-09-251-7/+0
| | | | | | | netlogon_creds_cli_open_global_db() already contains the NULL check. Use that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
View Lorry Controller Status