samba.git/source4/libcli, branch talloc-2.4.0 Unnamed repository; edit this file 'description' to name the repository. s3-librpc: add ads.idl and convert ads_struct to talloc. 2022-12-16T20:38:32+00:00 Günther Deschner gd@samba.org 2016-08-17T09:58:02+00:00 39e8489dfc51b2293afa13d58b167819b46918dc Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
s4: libcli: Ignore errors when getting A records after fetching AAAA records. 2022-11-09T20:34:07+00:00 Jeremy Allison jra@samba.org 2022-11-08T18:13:18+00:00 10537a89bb0b461ba31d614b7c9ed56a842422e7 The target may only be available over IPv6. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15226 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 9 20:34:07 UTC 2022 on sn-devel-184 
The target may only be available over IPv6.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15226

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  9 20:34:07 UTC 2022 on sn-devel-184
build: Remove unused dependencies 2022-11-08T02:39:37+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-11-03T04:31:20+00:00 77bb72d67204b58d0ae7a183e2a8988597faf15c We don't need to include these any more, and removing them allows us to simplify the build system for system Heimdal builds. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
We don't need to include these any more, and removing them allows us to
simplify the build system for system Heimdal builds.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CVE-2020-25720: s4-acl: Change behavior of Create Children check 2022-09-16T02:32:36+00:00 Nadezhda Ivanova nivanova@symas.com 2021-10-25T10:10:56+00:00 08187833fee57a8dba6c67546dfca516cd1f9d7a Up to now, the rights to modify an attribute were not checked during an LDAP add operation. This means that even if a user has no right to modify an attribute, they can still specify any value during object creation, and the validated writes were not checked. This patch changes this behavior. During an add operation, a security descriptor is created that does not include the one provided by the user, and is used to verify that the user has the right to modify the supplied attributes. Exception is made for an object's mandatory attributes, and if the user has Write DACL right, further checks are skipped. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810 Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz> Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Up to now, the rights to modify an attribute were not checked during an LDAP
add operation. This means that even if a user has no right to modify
an attribute, they can still specify any value during object creation,
and the validated writes were not checked.
This patch changes this behavior. During an add operation,
a security descriptor is created that does not include the one provided by the
user, and is used to verify that the user has the right to modify the supplied attributes.
Exception is made for an object's mandatory attributes, and if the user has Write DACL right,
further checks are skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Nadezhda Ivanova <nivanova@symas.com>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv 2022-08-26T19:54:03+00:00 Volker Lendecke vl@samba.org 2022-08-25T07:54:52+00:00 4ddd277c0b77c502ed6b11e07c92c91f24ac9c15 We already don't allow setting max_credits in the sync wrapper, so omit the contexts there as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184 
We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr() 2022-08-23T11:52:29+00:00 Ralph Boehme slow@samba.org 2022-08-14T16:51:30+00:00 66e40690bdd41800a01333ce4243bd62ee2b1894 smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can have unwanted side effects like breaking oplocks if the effective access includes [READ|WRITE]_DATA. For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> 
smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.

For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
lib/util: Change function to mem_equal_const_time() 2022-06-09T22:49:29+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-05-11T00:07:43+00:00 feb36dbebf1f0f48f4d9f2549471d355b4ead788 Since memcmp_const_time() doesn't act as an exact replacement for memcmp(), and its return value is only ever compared with zero, simplify it and emphasize the intention of checking equality by returning a bool instead. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
Since memcmp_const_time() doesn't act as an exact replacement for
memcmp(), and its return value is only ever compared with zero, simplify
it and emphasize the intention of checking equality by returning a bool
instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
auth: Use constant-time memcmp when comparing sensitive buffers 2022-06-09T22:49:29+00:00 Joseph Sutton josephsutton@catalyst.net.nz 2022-02-17T02:35:42+00:00 ae6634c78774d2368e815dea650ba71650dd1861 This helps to avoid timing attacks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
This helps to avoid timing attacks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15010

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
s4:libcli: Covscan: unchecked return value for file_save() 2022-05-14T03:49:32+00:00 Pavel Filipenský pfilipen@redhat.com 2022-05-11T09:39:28+00:00 6127509986b10a635ba623bc54f3d01d35de9b2e Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
s4:libcli: Fix trailing whitespace in browse.c 2022-05-14T03:49:32+00:00 Pavel Filipenský pfilipen@redhat.com 2022-05-11T09:38:45+00:00 238d3603be519f1fd99b21701540e27e0f219f01 Signed-off-by: Pavel Filipenský <pfilipen@redhat.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>