summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2020-11-10http_conn.c: fix "void function cannot return value" errorBjörn Jacke1-2/+1
this made the studio compiler build break Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-11-06Add smb2cli_session_get_encryption_cipher()Isaac Boukris2-0/+14
When 'session->smb2->should_encrypt' is true, the client MUST encrypt all transport messages (see also MS-SMB2 3.2.4.1.8). Signed-off-by: Isaac Boukris <iboukris@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2020-10-02libcli: Use GUID_to_ndr_buf() in smb2cli_validate_negotiate_info_send()Volker Lendecke1-4/+4
Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 2 22:50:43 UTC 2020 on sn-devel-184
2020-10-02libcli: Use GUID_to_ndr_buf() in smbXcli_negprot_smb2_subreq()Volker Lendecke1-4/+4
Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02libcli: Use GUID_to_ndr_buf() in ldap_encode_ndr_GUID()Volker Lendecke1-3/+3
Avoid a talloc/free Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02libcli: Align some integer typesVolker Lendecke1-2/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02libcli: Don't leave a pointer uninitializedVolker Lendecke1-4/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-10-02libcli: Remove a pointless if-expressionVolker Lendecke1-3/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-09-18CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in ↵Stefan Metzmacher2-2/+17
netlogon_creds_server_init() This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation: 7. If none of the first 5 bytes of the client challenge is unique, the server MUST fail session-key negotiation without further processing of the following steps. It lets ./zerologon_tester.py from https://github.com/SecuraBV/CVE-2020-1472.git report: "Attack failed. Target is probably patched." BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18CVE-2020-1472(ZeroLogon): libcli/auth: add ↵Stefan Metzmacher2-1/+23
netlogon_creds_is_random_challenge() to avoid weak values This is the check Windows is using, so we won't generate challenges, which are rejected by Windows DCs (and future Samba DCs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18CVE-2020-1472(ZeroLogon): libcli/auth: make use of ↵Stefan Metzmacher1-2/+1
netlogon_creds_random_challenge() in netlogon_creds_cli.c This will avoid getting rejected by the server if we generate a weak challenge. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-18CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()Stefan Metzmacher2-0/+8
It's good to have just a single isolated function that will generate random challenges, in future we can add some logic in order to avoid weak values, which are likely to be rejected by a server. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-09-15libcli: nbt: Fix resolve_lmhosts_file_as_sockaddr() to return size_t * count ↵Jeremy Allison2-7/+2
of addresses. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org>
2020-09-15libcli: nbt: cleanup resolve_lmhosts_file_as_sockaddr() - don't change ↵Jeremy Allison1-10/+21
return values on fail. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <npower@samba.org>
2020-08-28lib/util: remove extra safe_string.h fileMatthew DeVore4-0/+9
lib/util/safe_string.h is similar to source3/include/safe_string.h, but the former has fewer checks. It is missing bcopy, strcasecmp, and strncasecmp. Add the missing elements to lib/util/safe_string.h remove the other safe_string.h which is in the source3-specific path. To accomodate existing uses of str(n?)casecmp, add #undef lines to source files where they are used. Signed-off-by: Matthew DeVore <matvore@google.com> Reviewed-by: David Mulder <dmulder@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 28 02:18:40 UTC 2020 on sn-devel-184
2020-08-19libcli:smb: Add smb_encryption_setting_translate()Andreas Schneider3-0/+40
Add encryption enum and function to avoid confusion when reading the code. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19libcli:smb: Add smb_signing_setting_translate()Andreas Schneider4-0/+96
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19param: Create and use enum_smb_encryption_valsAndreas Schneider1-0/+9
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19libcli:smb2: Use talloc NULL context if we don't have a stackframeAndreas Schneider1-4/+26
If we execute this code from python we don't have a talloc stackframe around and segfault with talloc_tos(). To fix the crash we use the NULL context as we take care for freeing the memory as soon as possible. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-19libcli:smb2: Do not leak ptext on errorAndreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-08-06libcli/ldap: Fix CID 1462695 Resource leakVolker Lendecke1-0/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-06libcli/ldap: Fix CID 1462696 Resource leakVolker Lendecke1-0/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-06libcli/ldap: Fix CID 1465278 Resource leakVolker Lendecke1-0/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-08-04s3/s4: Cleanup. Move TALLOC_CTX * parameter to be first in ↵Jeremy Allison2-6/+8
resolve_lmhosts_file_as_sockaddr() to match modern conventions. No logic changes. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Isaac Boukris <iboukris@samba.org>
2020-08-03lib: relicense smb_strtoul(l) under LGPLv3Ralph Boehme1-0/+1
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Swen Schillig <swen@linux.ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon Aug 3 22:21:04 UTC 2020 on sn-devel-184
2020-07-09libcli/ldap: Fix decoding struct ldap_ExtendedResponseVolker Lendecke1-2/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-07-09libcli/ldap: Test decoding an exop responseVolker Lendecke2-0/+43
ldap-starttls-response.dat is a reply to a starttls extended operation. Right now ldap_decode() does not handle this correctly. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2020-07-08libcli/smb: define FSCTL_SMBTORTURE_FORCE_UNACKED_TIMEOUTStefan Metzmacher1-0/+8
This will be used by smbtorture in order to simulate channel failures without relying on iptables. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11897 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2020-07-02CVE-2020-14303: s4 nbt: fix busy loop on empty UDP packetGary Lockyer1-1/+16
An empty UDP packet put the nbt server into a busy loop that consumes 100% of a cpu. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14417 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Jul 2 10:26:24 UTC 2020 on sn-devel-184
2020-06-23libcli ldap tests: remove use of zero length arrayGary Lockyer1-1/+1
libcli/ldap/tests/ldap_message_test.c defines a zero length array (uint8_t buf[0]), which is a GCC extension and breaks the build with some strict compilers like xlc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14387 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Jun 23 02:15:35 UTC 2020 on sn-devel-184
2020-06-22libcli: Remove define STATUS_EA_LIST_INCONSISTENTChristof Schmitt2-2/+0
The auto-generated define NT_STATUS_EA_LIST_INCONSISTENT is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Jun 22 13:30:51 UTC 2020 on sn-devel-184
2020-06-22libcli: Remove define STATUS_STOPPED_ON_SYMLINKChristof Schmitt2-2/+0
The auto-generated define NT_STATUS_STOPPED_ON_SYMLINK is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Remove define for STATUS_PENDINGChristof Schmitt1-1/+0
The auto-generated define NT_STATUS_PENDING is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Use NT_STATUS_PENDING instead of STATUS_PENDINGChristof Schmitt1-3/+3
Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Remove define for STATUS_NOTIFY_ENUM_DIRChristof Schmitt2-2/+0
The auto-generated define NT_STATUS_NOTIFY_ENUM_DIR is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Remove define for STATUS_NOTIFY_CLEANUPChristof Schmitt2-2/+0
The auto-generated NT_STATUS_NOTIFY_CLEANUP is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Remove define for STATUS_INVALID_EA_FLAGChristof Schmitt2-2/+0
The auto-generated define NT_STATUS_INVALID_EA_FLAG is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Remove define STATUS_NO_MORE_EASChristof Schmitt2-2/+0
The auto-generated define NT_STATUS_NO_MORE_EAS is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-22libcli: Remove define for ERROR_INVALID_DATATYPEChristof Schmitt1-1/+0
The auto-generated define WERR_INVALID_DATATYPE is still available. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
2020-06-15libcli: Add tevent_req_received() calls to smb2cli_create_recv()Volker Lendecke1-0/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-15libcli: Move IO_REPARSE_TAG definitions to smb_constants.hVolker Lendecke1-0/+16
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-06-15libcli: Slightly simplify smb2cli_req_recv() with an early returnVolker Lendecke1-6/+1
One if-condition less Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-30libcli: simplify an if conditionRalph Boehme1-1/+4
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2020-05-19add some missing FSCTL definesBjörn Jacke1-0/+8
as dodumented in https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/a64e55aa-1152-48e4-8206-edd96444e7f7 FSCTL_SET_OBJECT_ID_EXTENDED FSCTL_READ_FILE_USN_DATA FSCTL_WRITE_USN_CLOSE_RECORD FSCTL_QUERY_ON_DISK_VOLUME_INFO FSCTL_QUERY_SPARING_INFO FSCTL_DUPLICATE_EXTENTS_TO_FILE_EX FSCTL_STORAGE_QOS_CONTROL Signed-off-by: Bjoern Jacke <bjacke@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Björn Jacke <bjacke@samba.org> Autobuild-Date(master): Tue May 19 15:57:08 UTC 2020 on sn-devel-184
2020-05-08Fix clang 9 missing-field-initializer warningsGary Lockyer2-2/+2
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
2020-05-04CVE-2020-10704 libcli ldap: Check search request lengths.Gary Lockyer1-0/+4
Check the search request lengths against the limits passed to ldap_decode. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Gary Lockyer <gary@samba.org> Autobuild-Date(master): Mon May 4 04:40:10 UTC 2020 on sn-devel-184
2020-05-04CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decodeGary Lockyer4-7/+41
Add search request size limits to ldap_decode calls. The ldap server uses the smb.conf variable "ldap max search request size" which defaults to 250Kb. For cldap the limit is hard coded as 4096. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-04CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_treeGary Lockyer4-0/+286
Add tests to check that ASN.1 ldap requests with deeply nested elements are rejected. Previously there was no check on the on the depth of nesting and excessive nesting could cause a stack overflow. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-05-04CVE-2020-10704: lib util asn1: Add ASN.1 max tree depthGary Lockyer3-5/+5
Add maximum parse tree depth to the call to asn1_init, which will be used to limit the depth of the ASN.1 parse tree. Credit to OSS-Fuzz REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334 Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2020-03-26libcli: Use ARRAY_DEL_ELEMENT() in security_descriptor_acl_del()Volker Lendecke1-2/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-07 05:13:24 +0000