samba.git/libcli, branch talloc-2.3.2 Unnamed repository; edit this file 'description' to name the repository. http_conn.c: fix "void function cannot return value" error 2020-11-10T06:53:42+00:00 Björn Jacke bj@sernet.de 2020-10-18T18:43:26+00:00 a4e90cfec4966b9cebcab65ae26ecbe6d85868c0 this made the studio compiler build break Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
this made the studio compiler build break

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Add smb2cli_session_get_encryption_cipher() 2020-11-06T10:02:35+00:00 Isaac Boukris iboukris@gmail.com 2020-08-20T10:09:05+00:00 f0f8de9d4a4e05445e427f00bb10eb34e1110a97 When 'session->smb2->should_encrypt' is true, the client MUST encrypt all transport messages (see also MS-SMB2 3.2.4.1.8). Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> 
When 'session->smb2->should_encrypt' is true, the client MUST encrypt
all transport messages (see also MS-SMB2 3.2.4.1.8).

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send() 2020-10-02T22:50:43+00:00 Volker Lendecke vl@samba.org 2020-09-29T08:55:07+00:00 666d2a38fcf62eda3529ae21575381e43b2c046f Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 2 22:50:43 UTC 2020 on sn-devel-184 
Avoid a talloc/free

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  2 22:50:43 UTC 2020 on sn-devel-184
libcli: Use GUID_to_ndr_buf() in smbXcli_negprot_smb2_subreq() 2020-10-02T21:30:34+00:00 Volker Lendecke vl@samba.org 2020-09-29T08:53:42+00:00 63ab004e38b24929b3f578e5db0574938c63aeb5 Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Avoid a talloc/free

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli: Use GUID_to_ndr_buf() in ldap_encode_ndr_GUID() 2020-10-02T21:30:33+00:00 Volker Lendecke vl@samba.org 2020-09-29T08:13:20+00:00 77877cfed19ea98bfac3ba43529589f4cdd33714 Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Avoid a talloc/free

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli: Align some integer types 2020-10-02T21:30:33+00:00 Volker Lendecke vl@samba.org 2020-09-29T07:55:22+00:00 a61ed4df0e050e3558820945808c5b67caac0ccb Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli: Don't leave a pointer uninitialized 2020-10-02T21:30:32+00:00 Volker Lendecke vl@samba.org 2020-08-24T20:31:01+00:00 bb8d3330704cc3e411a9b1805a042b02d3d80a93 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
libcli: Remove a pointless if-expression 2020-10-02T21:30:32+00:00 Volker Lendecke vl@samba.org 2020-08-24T20:29:19+00:00 9b453f475fe08db369c5dec6446b988f92d58951 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init() 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:17:29+00:00 d3123858fb59046e826cf2c7ec2a3839e6508624 This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values 2020-09-18T12:48:38+00:00 Stefan Metzmacher metze@samba.org 2020-09-16T14:15:26+00:00 53528c71ffdb3377c4e73ac596c8507bc3898e83 This is the check Windows is using, so we won't generate challenges, which are rejected by Windows DCs (and future Samba DCs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>