summaryrefslogtreecommitdiff
path: root/libcli
Commit message (Collapse)AuthorAgeFilesLines
* libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_IDStefan Metzmacher2019-09-111-0/+17
| | | | | | | | | | | | | | | | | | Note: Unlike the current documentation, the utf16 string is not null-terminated, that matches Windows Server 1903 as a client. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055 RN: Add the target server name of SMB 3.1.1 connections as a hint to load balancers or servers with "multi-tenancy" support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com> (similar to commit 21f6cece543dd791e0f4636458bfe9819823420c) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Wed Sep 11 13:27:24 UTC 2019 on sn-devel-144
* libcli/smb: add new COMPRESSION and NETNAME negotiate context idsStefan Metzmacher2019-09-111-0/+2
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Aurelien Aptel <aaptel@suse.com> (cherry picked from commit e10b90f33bb812600886656a1124e2d434416563)
* libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES ↵Philipp Gesang2019-04-021-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | of negotiate response Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES structures containing DataLength field that includes the padding [0]. Microsoft has since clarified that only values smaller than the size are considered invalid [1]. While parsing the NegotiateContext it is ensured that DataLength does not exceed the message bounds. Also, the value is not actually used anywhere outside the validation. Thus values greater than the actual data size are safe to use. This patch makes Samba fail only on values that are too small for the (fixed size) payload. [0] https://lists.samba.org/archive/samba/2019-February/221139.html [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869 Signed-off-by: Philipp Gesang <philipp.gesang@intra2net.com> Reviewed-by: Ralph Böhme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144 (cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Tue Apr 2 13:44:38 UTC 2019 on sn-devel-144
* lib: Add dom_sid_str_bufVolker Lendecke2019-03-122-0/+12
| | | | | | | | | | | | | | | | | This is modeled after server_id_str_buf, which as an API to me is easier to use: I can rely on the compiler to get the buffer size right. It is designed to violate README.Coding's "Make use of helper variables", but as this API is simple enough and the output should never be a surprise at all, I think that's worth it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 2 20:11:11 CET 2018 on sn-devel-144 (cherry picked from commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7)
* libcli/security: fix handling of deny type ACEs in access_check_max_allowed()Ralph Boehme2019-03-111-1/+1
| | | | | | | | | | | | | | Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 8d355dd9769e8990ce998b4c9f28977669b43616) Autobuild-User(v4-9-test): Karolin Seeger <kseeger@samba.org> Autobuild-Date(v4-9-test): Mon Mar 11 12:25:05 UTC 2019 on sn-devel-144
* libcli/security: correct access check and maximum access calculation for ↵Ralph Boehme2019-03-111-67/+73
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Owner Rights ACEs We basically must process the Owner Rights ACEs as any other ACE wrt to the order of adding granted permissions and checking denied permissions. According to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over the ACEs in an ACL and the corresponding access_mask must be directly applied to bits_remaining. We currently defer this to after the loop over the ACEs in ACL, this is wrong. We just have to do some initial magic to determine if an ACL contains and Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP: -- the owner of an object is always granted READ_CONTROL and WRITE_DAC. CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst) IF SidInToken returns True THEN IF DACL does not contain ACEs from object owner THEN Remove READ_CONTROL and WRITE_DAC from RemainingAccess Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER END IF END IF BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 9722f75757c0e38c7f42c7cc310d56aa6eaf6392)
* libcli/security: add "Owner Rights" calculation to access_check_max_allowed()Ralph Boehme2019-03-111-5/+28
| | | | | | | | | | | | | | This was missing in 44590c1b70c0a24f853c02d5fcdb3c609401e2ca. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144 (cherry picked from commit 5cf0764bc4b65dbc59d8626760dbe946a2234833)
* libcli: Add error log if insufficient SMB2 creditsTim Beale2019-02-011-0/+3
| | | | | | | | | | | | | Although it's unusual to hit this case, I was seeing it happen while working on the SMB python bindings. Even with debug level 10, there was nothing coming out to help pin down the source of the NT_STATUS_INTERNAL_ERROR. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit bf229de7926f12e329cdb3201f68f20ae776fe32)
* libcli/security: add dom_sid_lookup_is_predefined_domain()Ralph Boehme2018-12-102-0/+34
| | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: David Mulder <dmulder@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1)
* libcli/smb: don't overwrite status codeRalph Boehme2018-12-041-5/+7
| | | | | | | | | | | | | | | | The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug 9175 never worked, as the preceeding signing check overwrote the status variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 (cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99)
* libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()Ralph Boehme2018-11-201-1/+16
| | | | | | | | | | | | This can be used by the upper layers to force checking a response is signed. It will be used to implement verification of session setup reauth responses in a torture test. That comes next. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 53fe148476a5566b7a8204d7e44b6e75ce7d45bc)
* libcli/smb: defer singing check a little bitRalph Boehme2018-11-201-6/+6
| | | | | | | | | | | | | | This allows adding an additional condition to the if check where the condition state may be modified in the "if (opcode == SMB2_OP_SESSSETUP)" case directly above. No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 7abf3900218e3d27c075b405735b2c38ec0fc4ca)
* libcli/smb: maintain require_signed_response in smbXcli_req_stateRalph Boehme2018-11-201-0/+3
| | | | | | | | | | Not used for now, that comes next. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit 67cfb01611869b7590ccd836dd13a80e53545714)
* libcli/smb: add smb2cli_session_require_signed_response()Ralph Boehme2018-11-202-0/+9
| | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> (cherry picked from commit d407201d9bd4ee5ae5609dd107e3ab9ee7afbeb0)
* libcli: fill endtime if smbXcli_req_create() timeout is non-zeroRalph Boehme2018-11-061-8/+4
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit e7eec24d27b8694fd7626577a2aca05e99045964)
* libcli: add smbXcli_req_endtimeRalph Boehme2018-11-062-0/+11
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=13667 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 94ad5ee662a5bfe1c79d8a9c3fcf51d0a1d652c7)
* libcli: Add debug message if fail to negoatiate SMB protocolTim Beale2018-11-051-0/+1
| | | | | | | | | | | | | | | | | | | | | | Currently if the client and server can't negotiate an SMB protocol, you just get the followiing error on the client-side, which doesn't tell you much. ERROR(runtime): uncaught exception - (3221225667, 'The network responded incorrectly.') This patch adds a debug message to help highlight what's actually going wrong. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13621 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Sep 28 11:25:29 CEST 2018 on sn-devel-144 (cherry picked from commit 34cbd89fec836f5de0cb5ba3f289b1f4ae00c5d7)
* CVE-2018-10919 security: Fix checking of object-specific CONTROL_ACCESS rightsTim Beale2018-08-141-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | An 'Object Access Allowed' ACE that assigned 'Control Access' (CR) rights to a specific attribute would not actually grant access. What was happening was the remaining_access mask for the object_tree nodes would be Read Property (RP) + Control Access (CR). The ACE mapped to the schemaIDGUID for a given attribute, which would end up being a child node in the tree. So the CR bit was cleared for a child node, but not the rest of the tree. We would then check the user had the RP access right, which it did. However, the RP right was cleared for another node in the tree, which still had the CR bit set in its remaining_access bitmap, so Samba would not grant access. Generally, the remaining_access only ever has one bit set, which means this isn't a problem normally. However, in the Control Access case there are 2 separate bits being checked, i.e. RP + CR. One option to fix this problem would be to clear the remaining_access for the tree instead of just the node. However, the Windows spec is actually pretty clear on this: if the ACE has a CR right present, then you can stop any further access checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-10919 security: Add more comments to the object-specific access checksTim Beale2018-08-141-8/+22
| | | | | | | | | | | Reading the spec and then reading the code makes sense, but we could comment the code more so it makes sense on its own. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-10919 security: Move object-specific access checks into separate ↵Tim Beale2018-08-141-27/+59
| | | | | | | | | | | | | | | | | | function Object-specific access checks refer to a specific section of the MS-ADTS, and the code closely matches the spec. We need to extend this logic to properly handle the Control-Access Right (CR), so it makes sense to split the logic out into its own function. This patch just moves the code, and should not alter the logic (apart from ading in the boolean grant_access return variable. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13434 Signed-off-by: Tim Beale <timbeale@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled ↵Günther Deschner2018-08-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | via "ntlm auth". This fixes a regression that came in via 00db3aba6cf9ebaafdf39ee2f9c7ba5ec2281ea0. Found by Vivek Das <vdas@redhat.com> (Red Hat QE). In order to demonstrate simply run: smbclient //server/share -U user%password -mNT1 -c quit \ --option="client ntlmv2 auth"=no \ --option="client use spnego"=no against a server that uses "ntlm auth = ntlmv2-only" (our default setting). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-1139 libcli/auth: fix debug messages in hash_password_check()Günther Deschner2018-08-141-4/+4
| | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 CVE-2018-1139: Weak authentication protocol allowed. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* CVE-2018-1139 libcli/auth: Add initial tests for ntlm_password_check()Andrew Bartlett2018-08-142-0/+426
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=13360 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
* libcli: Fix coverity warning in smb2cli_notify_send()Andreas Schneider2018-05-161-1/+4
| | | | | | | | | | | | | | result_independent_of_operands: "(uint16_t)(recursive ? 1 : 0) >> 8" is 0 regardless of the values of its operands. This occurs as the operand of assignment. Found by Coverity. Pair-Programmed-With: Ralph Boehme <slow@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix spelling s/conection/connection/Mathieu Parent2018-05-121-2/+2
| | | | | | Signed-off-by: Mathieu Parent <math.parent@gmail.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* libcli: remove unused se_create_child_secdesc_buf()Ralph Boehme2018-05-092-32/+0
| | | | | | | | | | | Commit e2c9ad93cb914186b89e2055f1bed3cceee1f768 removed the last caller of this. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Wed May 9 19:18:44 CEST 2018 on sn-devel-144
* libcli/nbt: Additionally accept unicode as string param in Py2Noel Power2018-04-301-3/+3
| | | | | | | | | | | | | | | | | With the changes to make samba python code Py2/Py3 compatible there now are many instances where string content is decoded. Decoded string variables in Py2 are returned as the unicode type. Many Py2 c-module functions that take string arguments only check for the string type. However now it's quite possibe the content formally passed as a string argument is now passed as unicode after being decoded, such arguments are rejected and code can fail subtly. This only affects places where the type is directly checked e.g. via PyStr_Check etc. arguments that are parsed by ParseTuple* functions generally already accept both string and unicode (if 's', 'z', 's*' format specifiers are used) Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* tevent: Fix callers of tevent_req_set_endtimeVolker Lendecke2018-04-242-2/+0
| | | | | | | | tevent_req_set_endtime internally already calls tevent_req_nomem and thus sets the error status correctly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* dbwrap: Remove calls to loadparmVolker Lendecke2018-04-242-2/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct tdb flagsVolker Lendecke2018-04-241-2/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct hash sizeVolker Lendecke2018-04-241-6/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct tdb_flagsVolker Lendecke2018-04-241-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* libcli: Call dbwrap_local_open with the correct hash sizeVolker Lendecke2018-04-241-4/+13
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* tstream: Fix CID 1167981 Unchecked return valueVolker Lendecke2018-04-161-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Apr 16 19:09:56 CEST 2018 on sn-devel-144
* tstream: Fix CID 1167982 Unchecked return valueVolker Lendecke2018-04-161-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libnbt: Align data typesVolker Lendecke2018-04-131-1/+1
| | | | | | | ARRAY_SIZE returns size_t Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libnbt: Add an explicit "mem_ctx" to name_request_sendVolker Lendecke2018-04-136-8/+10
| | | | | | | Implicitly hanging requests off nbtsock is too inflexible for future use Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nbt/pynbt: initialize optional parameter in nbt_name_refreshDouglas Bagnall2018-04-131-0/+1
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* nbt/pynbt: initialize optional parameter in nbt_name_registerDouglas Bagnall2018-04-131-0/+1
| | | | | | Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
* libsmb: Handle long-running smb2cli_notifyVolker Lendecke2018-04-051-9/+45
| | | | | | | | | | | | This likely runs into a timeout. Properly cancel the smb2 request, allowing the higher-level caller to re-issue this request on an existing handle. I did not see a proper way to achieve this with tevent_req_set_endtime or something like that. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* cldap: Avoid a ZERO_STRUCTPVolker Lendecke2018-04-041-1/+0
| | | | | | | | This is done implicitly by tevent_req_create Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* libcli: Fix CID 710748 Resource leakVolker Lendecke2018-04-041-2/+2
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* python3 port for netbios moduleNoel Power2018-03-232-23/+35
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* libcli/nbt: Fix illegal tuple index access.Noel Power2018-03-231-1/+1
| | | | | | Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
* libcli:smb: Fix size typesAndreas Schneider2018-03-201-3/+4
| | | | | | | This fixes compilation with -Wstrict-overflow=2 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* libcli/security: add dom_sid_is_valid_account_domain()Stefan Metzmacher2018-03-192-0/+64
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/security: fix some SID values in commentsStefan Metzmacher2018-03-161-3/+3
| | | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Mar 16 19:47:15 CET 2018 on sn-devel-144
* libcli/security: only announce a session as GUEST if 'Builtin\Guests' is ↵Ralph Boehme2018-03-151-7/+11
| | | | | | | | | there without 'Authenticated User' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13328 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* libsocket: Add "mem_ctx" to socket_create()Volker Lendecke2018-02-271-3/+2
| | | | | | | | Every caller did a talloc_steal() after socket_create(). Just pass in the correct memory context. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* libcli/security: add dom_sid_lookup_predefined_{sid,name}()Stefan Metzmacher2018-02-212-0/+512
| | | | | | | | | | This basically implements [MS-LSAT] 3.1.1.1.1 Predefined Translation Database and Corresponding View. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13286 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
View Lorry Controller Status