summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2023-03-09libcli: Shrink .data segment by 43264 bytesVolker Lendecke1-7/+4
A case statement only references const strings, pointers in an array need to be relocated at exec() time. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09libcli: Shrink .data segment by 43264 bytesVolker Lendecke2-8/+6
A case statement only references const strings, pointers in an array need to be relocated at exec() time. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09build: Fix a long lineVolker Lendecke1-1/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09lib: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09lib: Remove a talloc_stackframe()Volker Lendecke1-6/+0
This made sense before we used dom_sid_str_buf() in the DEBUG statements. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09libcli/util: Avoid an includes.hVolker Lendecke1-1/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09libcli/security: Avoid includes.hVolker Lendecke12-12/+20
Don't rebuild libcli/security when not necessary Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09lib: librpc/gen_ndr/security.h needs DATA_BLOBVolker Lendecke1-0/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09lib: Fix whitespaceVolker Lendecke10-83/+79
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-08auth: Make more liberal use of SID index constantsJoseph Sutton1-0/+2
Arrays of SIDs are handled not fully consistently throughout the codebase. Sometimes SIDs in the first and second positions represent a user and a primary group respectively; other times they don't mean anything in particular. Using these index constants in situations of the former sort can help to clarify our intent. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08named_pipe_auth: Bump info5 to info6Joseph Sutton2-59/+59
In the next commit, we shall replace the 'authenticated' field of named_pipe_auth_req_info.info5.session_info.session_info.info with a more general 'user_flags' field. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08libcli/security: Add auth_SidAttr utility functionsJoseph Sutton2-0/+75
These functions are modelled on add_sid_to_array() and add_sid_to_array_unique(). They differ in that they operate not on an array of dom_sid, but of auth_SidAttr, and take an additional 'attrs' parameter of type uint32_t. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-01-10lib: Remove idtree from samba_util.hVolker Lendecke2-0/+2
No need to recompile the world when only a few files need this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10lib: Add "starting_id" to idr_get_new_random()Volker Lendecke2-3/+4
To be used in smbXsrv_open.c, for this we need a lower bound. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14libcldap: Save lines in cldap_netlogon_create_filter() with ↵Volker Lendecke1-30/+12
talloc_asprintf_addbuf() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-13CVE-2022-37966 libcli/auth: let netlogon_creds_cli_warn_options() about ↵Stefan Metzmacher1-0/+15
"kerberos encryption types=legacy" BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yesStefan Metzmacher1-2/+2
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no reason to allow md5 servers by default. Note the change in netlogon_creds_cli_context_global() is only cosmetic, but avoids confusion while reading the code. Check with: git show -U35 libcli/auth/netlogon_creds_cli.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13CVE-2022-38023 libcli/auth: add/use netlogon_creds_cli_warn_options()Stefan Metzmacher2-0/+68
This warns the admin about insecure options BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13CVE-2022-38023 libcli/auth: pass lp_ctx to netlogon_creds_cli_set_global_db()Stefan Metzmacher2-2/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-05lib: Add symlink trust flags from dochelpVolker Lendecke1-0/+11
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: David Mulder <dmulder@samba.org>
2022-11-29s3: smbd: Add SMB2_FILE_POSIX_INFORMATION getinfo info level (100 on the wire).Jeremy Allison1-2/+4
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2022-11-22libcli: Add python wappers to reparse_symlink.cVolker Lendecke2-0/+171
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22libsmb: Factor out reparse_buffer_marshall from ↵Volker Lendecke2-22/+80
symlink_reparse_buffer_marshall() Make it easier to play with reparse points Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22libsmb: Return symlink error struct from smb2cli_create_recv()Volker Lendecke3-20/+36
Looks larger than it is, this just adds a parameter and while there adapts long lines to README.Coding Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22libsmb: Parse the smb2 symlink error response in smb2cli_create()Volker Lendecke2-0/+227
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22libsmb: Keep name_utf16 around in smb2cli_create()Volker Lendecke1-12/+18
This is needed to pass up the "unparsed" part of the smb2 symlink error response in unix charset form. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22smbd: Pass unparsed_path_length to symlink_reparse_buffer_marshall()Volker Lendecke2-5/+15
[MS-FSCC] 2.1.2.4 Symbolic Link Reparse Data Buffer lists this field as reserved, but [MS-SMB2] 2.2.2.2.1 Symbolic Link Error Response is the exact same format with the reserved field as UnparsedPathLength. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22libcli: Make "attr_strs" staticVolker Lendecke1-1/+1
This saves 70 bytes of .text, we don't need this on the stack. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-21libcli/security: Make null_sid static const, not just constJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21libcli/security: Fix function header comments in SID handlingJoseph Sutton1-2/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-03libsmb: Centralize the SMB2 protocol checkVolker Lendecke1-0/+6
Instead of checking protocol correctness in every highlevel routine, we should rely on the lowerlevel one in smbXcli_base.c to give the INVALID_PARAMETER error return when running on SMB1 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-03smbXcli: Align smb2cli_req_create() with tevent_req conventionsVolker Lendecke1-3/+2
We don't return NULL if tevent_req_create() succeeded, and elsewhere in this function we already pass tevent_req_nterror or tevent_req_nomem (via set_endtime). Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27libcli security/sddl: Make sddl_encode_ace visibleChristian Merten2-3/+4
Removed static flag from sddl_encode_ace and added to headers. Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org> Signed-off-by: Christian Merten <christian@merten.dev>
2022-09-27libcli security_descriptor: Compare object type and inherited object type ↵Christian Merten1-0/+35
when comparing ACEs Fixed security_ace_equal returning true, despite differing object type, by checking (inherited) object type of both ACEs is equal. Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-27libcli security_descriptor: Add function to delete a given ace from a ↵Christian Merten2-0/+70
security descriptor Two functions have been added to delete a given ace from the SACL or the DACL of a security descriptor. Signed-off-by: Christian Merten <christian@merten.dev> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-20s3:g_lock: add callback function to g_lock_lock_send()Stefan Metzmacher1-2/+4
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-19source3: A few whitespace fixesVolker Lendecke1-18/+18
review with git sh -w Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-16libcli/auth/proto.h: remove unneeded path details.Douglas Bagnall2-5/+5
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16CVE-2020-25720: s4-acl: Owner no longer has implicit Write DACLNadezhda Ivanova2-53/+122
The implicit right of an object's owner to modify its security descriptor no longer exists, according to the new access rules. However, we continue to grant this implicit right for fileserver access checks. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810 Signed-off-by: Nadezhda Ivanova <nivanova@symas.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12libcli:auth: Keep passwords from convert_string_talloc() secretJoseph Sutton1-0/+2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-02smbXcli: Detect the SMB311 posix negotiate contextVolker Lendecke2-0/+25
The server will only return this if the client requested in via smbXcli_negprot_send()'s in_ctx parameter. This adds knowledge about SMB2_CREATE_TAG_POSIX to smbXcli_base.c with a function to query it. The alternative would have been to detect this in the caller, but this would have meant that we also would need a smbXcli_conn_set_have_posix() function or something similar. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2022-08-29smbd: cache DOS attributes in struct smb_filename.cached_dos_attributesRalph Boehme1-0/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14215 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-26smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recvVolker Lendecke2-16/+73
We already don't allow setting max_credits in the sync wrapper, so omit the contexts there as well. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184
2022-08-22libcli/smb: Set error status if 'iov' pointer is NULLJoseph Sutton1-1/+5
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Aug 22 09:03:29 UTC 2022 on sn-devel-184
2022-08-22libcli/smb: Ensure we call tevent_req_nterror() on failureJoseph Sutton1-1/+5
Commit 3594c3ae202688fd8aae5f7f5e20464cb23feea9 added a NULL check for 'inhdr', but it meant we didn't always call tevent_req_nterror() when we should. Now we handle connection errors. We now also set an error status if the NULL check fails. I noticed this when an ECONNRESET error from a server refusing SMB1 wasn't handled, and the client subsequently hung in epoll_wait(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15152 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-08-17waf: Fix SO version number of libsamba-errorsAndreas Schneider1-1/+1
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15141 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2022-07-28libcli:auth: Add test for decode_pwd_string_from_buffer514()Andreas Schneider1-0/+17
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28libcli:auth: Add decode_pwd_string_from_buffer514()Andreas Schneider2-0/+49
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28libcli:auth: Add test for extract_pwd_blob_from_buffer514()Andreas Schneider1-0/+17
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28libcli:auth: Add extract_pwd_blob_from_buffer514()Andreas Schneider2-0/+48
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-13 20:40:07 +0000