summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2026-03-31libcli/smb: Call data_blob_clear() to zero MAC signing keyPavel Filipenský1-0/+2
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2026-03-31auth: Use secure variant data_blob_talloc_s() to zero sensitive data blobsPavel Filipenský4-43/+80
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2026-03-31auth: Call talloc_keep_secret() for sensitive memoryPavel Filipenský2-0/+5
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2026-03-31auth: Call ZERO_ARRAY()/ZERO_STRUCT() for sensitive variables on stackPavel Filipenský5-9/+103
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2026-02-25libcli: Avoid a talloc in ldap_encode_ndr_dom_sid()Volker Lendecke1-4/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2026-01-20lib: Remove &data_blob_null refsVolker Lendecke1-1/+2
The next patch will remove the data_blob_null global constant. The APIs here are a bit weird in that they don't work fine with a NULL pointer but require a reference to a NULL blob. But that's few enough to add the special case in the callers. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-01-13auth: Fix typo "pass-though" -> "pass-through"Pavel Filipenský1-2/+2
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2026-01-13libcli:auth: Fix trailing whitespaces in ntlm_check.cPavel Filipenský1-51/+51
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2026-01-07lib: Move a few smb-related constant #defines to common codeVolker Lendecke1-0/+45
No need to have two copies in source3 and source4 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Jan 7 11:00:48 UTC 2026 on atb-devel-224
2026-01-07libcli: Initialize a variable at declaration timeVolker Lendecke1-3/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-01-07lib: Don't call a function to initialize an empty DATA_BLOBVolker Lendecke3-6/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-01-07libcli: Add missing NULL checksVolker Lendecke1-0/+11
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2026-01-07libcli: Fix error path memleaksVolker Lendecke1-0/+2
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-12-08libcli/auth: Zero out password in smbencrypt.cPavel Filipenský1-1/+1
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org> Autobuild-Date(master): Mon Dec 8 18:21:45 UTC 2025 on atb-devel-224
2025-12-08auth: Use new data_blob_..._s() functions and remove talloc_keep_secret()Pavel Filipenský1-4/+2
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-11-24libcli:ldap: Do not declare cm_print_error()Andreas Schneider1-5/+0
This is part of the cmocka.h header file. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-10-17Add missing include needed for cmocka.hAndreas Schneider4-0/+4
This will be required in future. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-02libsmb: Remove sync smb1cli_trans and _echo wrappersVolker Lendecke3-113/+0
Unused. If someone wants them back, they're easy to recreate Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-02libsmb: Use tevent_req_nterror() properlyVolker Lendecke1-2/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-08-27libcli: Fix maybe-uninitialized warningJennifer Sutton1-2/+2
../../libcli/wsp/wsp_aqs.c: In function ‘create_size_range_shortcut’: ../../libcli/wsp/wsp_aqs.c:872:37: error: ‘upper_size’ may be used uninitialized [-Werror=maybe-uninitialized] 872 | right->value.number = upper_size; | ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~ ../../libcli/wsp/wsp_aqs.c:835:18: note: ‘upper_size’ was declared here 835 | uint32_t upper_size; | ^~~~~~~~~~ cc1: all warnings being treated as errors Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2025-08-26domsid: be less alarmed by non-SIDDouglas Bagnall1-1/+2
This has been causing log noise when something is trying to parse an identifier using a sequence of parsers, to see if it is a SID, a DN, an account name, etc. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-08-22libsmb: Avoid smb-level encryption if quic is trustedVolker Lendecke1-3/+19
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Aug 22 14:55:47 UTC 2025 on atb-devel-224
2025-08-22libsmb: Add "smb_encryption_over_quic" to smb311_capabilitiesVolker Lendecke2-6/+12
Put here from the "client smb encryption over quic" settings Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-22libsmb: Negotiate SMB2_ACCEPT_TRANSPORT_LEVEL_SECURITY over quicVolker Lendecke1-0/+40
If we trust quic, indicate to the server that we do so. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-22libcli: Add tls_verify_peer_state to smbXcli_transportVolker Lendecke2-23/+38
We have to carry a copy over from the tstream_tls_params used to connect, we can't get this information out once the tls-protected tstream is established Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-22libcli: Introduce helper var in smbXcli_negprot_smb2_subreq()Volker Lendecke1-20/+30
Saves a few bytes of code Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-13libcli/smb: Fix CID #710784 Resource leakGünther Deschner1-0/+1
buf was (re-)allocated on NULL context thus not part of frame that is freed. Guenther Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-08-07libcli/security: use talloc_free at the end of sub-testsRabinarayan Panigrahi2-1/+57
Memory should be free by talloc_free() if it is allocated using talloc_new() Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Autobuild-User(master): Anoop C S <anoopcs@samba.org> Autobuild-Date(master): Thu Aug 7 09:02:29 UTC 2025 on atb-devel-224
2025-07-22libcli/smb: use talloc_asprintf_addbuf() in smbXcli_session_dump_keys()Ralph Boehme1-22/+63
Avoids DEBUGADD() which can lead to intersected output in the logfile. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Jul 22 15:09:11 UTC 2025 on atb-devel-224
2025-07-22libcli/smb2: dump encryption key in format for Wireshark ↵Ralph Boehme2-2/+47
~/.wireshark/smb2_seskey_list This allows dumping the keys and quickly feeding them into Wireshark by adding them to ~/.wireshark/smb2_seskey_list. Example: debug encryption: dumping generated session keys Session Id [0000] 7D 00 00 E8 57 E0 31 01 }...W.1. Session Key [0000] 71 54 77 50 C1 DD 66 68 A8 51 D8 DE 23 F4 91 01 qTwP..fh .Q..#... Signing Key [0000] B1 29 AC EF 41 30 AE D2 43 00 1F 67 87 29 BF DB .)..A0.. C..g.).. App Key [0000] 6A 88 5C 51 51 22 FF 5C 25 95 A2 5C E2 2C FC 5D j.\QQ".\ %..\.,.] ServerIn Key [0000] 20 08 EB A2 14 99 17 03 9C A5 9A BB B8 48 88 3C ....... .....H.< ServerOut Key [0000] 15 AA C2 0D 19 AB 4C 26 64 E8 FC 94 B1 FE 27 5A ......L& d.....'Z Wireshark configuration line 7d0000e857e03101,71547750c1dd6668a851d8de23f49101,15aac20d19ab4c2664e8fc94b1fe275a,2008eba2149917039ca59abbb848883c When setting debug encryption = yes debug encryption:wireshark keyfile = /home/slow/.wireshark/smb2_seskey_list the keys are appended directly to Wireshark's keyfile. Wireshark has to be restarted to pick them up. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-07-22libcli/smb: also dump signing_algo in smbXcli_session_dump_keys()Ralph Boehme2-0/+3
The server side already does that and I'm aiming for consolidating server and client code for dumping the keys. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-07-22libcli/smb: make smbXcli_session_dump_keys() usable for the server sideRalph Boehme2-42/+18
By passing the individual keys directly instead of passing the wrapping state objects, smbXcli_session_dump_keys() can later also be used by the server code. No change in behaviour. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-07-22libcli/smb: move cli_session_dump_keys() to libsmbRalph Boehme2-0/+55
More callers to come... Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-07-17libcli/smb: define SMB_TRANSPORT_TYPE_QUICStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-06-18libcli/smb: add smbXcli_transport_bsd_tstream()Stefan Metzmacher2-0/+47
This can be used to force the usage of the tstream code path even for bsd sockets. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: add smbXcli_transport_tstream()Stefan Metzmacher3-2/+131
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: make read_smb_more non-staticStefan Metzmacher2-2/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: abstract transport function callsStefan Metzmacher1-31/+127
In future we'll have transports without a bsd socket fd. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: add smbXcli_conn_monitor_{send,recv,once}()Stefan Metzmacher2-0/+185
smbXcli_conn_monitor_{send,recv} can be used to monitor a connection over a long time. It will only come back if there's a connection error. smbXcli_conn_monitor_once() will be used by sync callers without a long term tevent context and needs to be called multiple times per second in order to work correctly. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: let smbXcli_transport_bsd() take an fd by referenceStefan Metzmacher2-2/+4
This allows it to set the callers value to -1 when it was moved. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: pass smbXcli_transport to smbXcli_conn_create()Stefan Metzmacher2-7/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: let smbXcli_conn_create() call smbXcli_transport_bsd()Stefan Metzmacher1-39/+38
The next step will pass struct smbXcli_transport from the caller. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: introduce smbXcli_transport_bsdStefan Metzmacher2-0/+63
The next commits will pass an smbXcli_transport to smbXcli_conn_create() instead of a plain 'int fd'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/smb: merge smb_transport library into cli_smb_commonStefan Metzmacher1-14/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-18libcli/named_pipe_auth: add tstream_npa_monitor_send/recvStefan Metzmacher1-0/+85
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-06-14libcli: Avoid a ZERO_STRUCT with a direct initializationVolker Lendecke1-3/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
2025-05-28Fix clang 20 unused-but-set-variables warningsGary Lockyer2-0/+11
Suppress error: variable 'yynerrs' set but not used [-Werror,-Wunused-but-set-variable] for the code generated from the yacc files. Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-05-19libcli/smb: create explicit talloc stackframe in reparse_data_buffer_marshall()Stefan Metzmacher1-0/+2
This is needed in order to allow helper functions to use talloc_tos(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-05-15libsmb: Move 192 bytes from R/W .data to R/O (shared) .textVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2025-04-18libcli/util: map EPROTONOSUPPORT to NT_STATUS_PROTOCOL_NOT_SUPPORTEDStefan Metzmacher1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 17:06:32 +0000