| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
|
|
When cli_credentials_get_kerberos_state returns CRED_USE_KERBEROS_REQUIRED
libsmbclient method SMBC_server_internal will still try to fallback to
anon NTLM. This patch prevents that.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Feb 17 16:06:18 UTC 2026 on atb-devel-224
|
|
There is a regression with code using cli_session_creds_init when
cli_credentials_get_kerberos_state() returns CRED_USE_KERBEROS_DESIRED
Authentication succeeds when boolean fallback_after_kerberos is false
and fails when true.
There doesn't seem to be a good reason why the value of
fallback_after_kerberos should initialise the krb5 ccache or not.
It would seems that krb5 cache should be setup for creds
for *any* kerberos auth (whether fallback is enabled or not)
Partial patch from <will69@gmx.de> (see bug referenced below)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15789
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Use of ads->config.flags is overloaded.
It is used to:
- pass DS_* flags down to cldap_netlogon()
- store the server_type from NETLOGON_SAM_LOGON_RESPONSE
Both cases use different values and cannot be combined.
E.g. flags mess up with value 0x00000080
NBT_SERVER_CLOSEST 0x00000080
DS_PDC_REQUIRED 0x00000080
Let's create two separate flags
nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */
uint32 required_flags; /* DS_* - Netlogon flags */
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15972
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Jan 22 09:14:25 UTC 2026 on atb-devel-224
|
|
The name and results are confusing. Rename the function and use a bool that it
is easier to understand.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 13 17:00:06 UTC 2026 on atb-devel-224
|
|
open_socket_out_send()
async_connect_send() already has these hooks now open_socket_out_send()
callers can pass them through.
This will be useful for IPPROTO_SMBDIRECT sockets to setup things
between the socket() and connect() syscalls.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 13 08:13:04 UTC 2026 on atb-devel-224
|
|
Looks like nobody ever tested this.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Without this, smbc_setOptionPosixExtensions() does nothing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15960
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Sweeping change, I know. Should not change compiled code in most
cases, the compiler should be smart enough to elide the assignment
right before a return. In the cases where this is not right before the
return, TALLOC_FREE() is safer as it makes use-after-free crash.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
With the patches coming before this patch, we can use main talloc
context to allocate the connections on and make sure we only free them
after we don't need them anymore.
This fixes a lot of memory leaks found by LeakSanitizer. One example is:
==838668==ERROR: LeakSanitizer: detected memory leaks
Indirect leak of 4784 byte(s) in 13 object(s) allocated from:
#0 0x7fdb1ef21c2b in malloc (/lib64/libasan.so.8+0x121c2b) (BuildId: cbfe49f3b7600c4f194d4c54774c977296e9d98a)
#1 0x7fdb1ebbb6a0 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7fdb1ebbcf75 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7fdb1ebbcf75 in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7fdb1ebbcf75 in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7fdb1cfd1b25 in idr_pre_get ../../lib/util/idtree.c:98
#6 0x7fdb1cfd1b25 in idr_get_new_above_int ../../lib/util/idtree.c:202
#7 0x7fdb1cfd2c30 in idr_get_new_above ../../lib/util/idtree.c:368
#8 0x7fdb1de3246f in map_smb2_handle_to_fnum ../../source3/libsmb/cli_smb2_fnum.c:95
#9 0x7fdb1de3246f in cli_smb2_create_fnum_done ../../source3/libsmb/cli_smb2_fnum.c:438
#10 0x7fdb1dbaca05 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#11 0x7fdb1dbacc3c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#12 0x7fdb1dbacca4 in _tevent_req_done ../../lib/tevent/tevent_req.c:240
#13 0x7fdb1ed0eb35 in smb2cli_create_done ../../libcli/smb/smb2cli_create.c:483
#14 0x7fdb1dbaca05 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#15 0x7fdb1dbacc3c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#16 0x7fdb1dbacd74 in tevent_req_trigger ../../lib/tevent/tevent_req.c:291
#17 0x7fdb1dbaad1e in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:190
#18 0x7fdb1dbaad5b in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:236
#19 0x7fdb1dbbe42f in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:908
#20 0x7fdb1dbb7787 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#21 0x7fdb1dba7466 in _tevent_loop_once ../../lib/tevent/tevent.c:860
#22 0x7fdb1dbad082 in tevent_req_poll ../../lib/tevent/tevent_req.c:342
#23 0x7fdb1eaa93d4 in tevent_req_poll_ntstatus ../../lib/util/tevent_ntstatus.c:109
#24 0x7fdb1de138bb in cli_list ../../source3/libsmb/clilist.c:1188
#25 0x000000239f0f in do_list ../../source3/client/client.c:853
#26 0x00000023a93a in cmd_dir ../../source3/client/client.c:936
#27 0x00000023f090 in process_stdin ../../source3/client/client.c:6215
#28 0x00000023f090 in process ../../source3/client/client.c:6269
#29 0x00000023f090 in main ../../source3/client/client.c:6811
#30 0x7fdb1ac2b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#31 0x7ffd7d5613af ([stack]+0x3a3af)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Nov 6 09:58:52 UTC 2025 on atb-devel-224
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
v
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
==556308==ERROR: AddressSanitizer: heap-use-after-free on address 0x7d2f14452360 at pc 0x7baf0a5c3a8b bp 0x7ffe6e1eb2e0 sp 0x7ffe6e1eb2d8 11:26:39 [1226/65848]
READ of size 4 at 0x7d2f14452360 thread T0
#0 0x7baf0a5c3a8a in py_cli_notify_get_changes ../../source3/libsmb/pylibsmb.c:2291
#1 0x7faf165ba239 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1ba239) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#2 0x7faf1658c798 in PyObject_Vectorcall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18c798) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#3 0x7faf165a366e in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1a366e) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#4 0x7faf165db031 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1db031) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#5 0x7faf1659fa1d in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19fa1d) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#6 0x7faf1658ce9b (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18ce9b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#7 0x7faf1667a637 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x27a637) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#8 0x7faf1658a726 in _PyObject_MakeTpCall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18a726) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#9 0x7faf1659ae9b in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19ae9b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#10 0x7faf165db031 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1db031) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#11 0x7faf1659fa1d in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19fa1d) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#12 0x7faf1658ce9b (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18ce9b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#13 0x7faf1667a637 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x27a637) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#14 0x7faf1658a726 in _PyObject_MakeTpCall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18a726) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#15 0x7faf1659ae9b in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19ae9b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#16 0x7faf165db031 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1db031) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#17 0x7faf1659fa1d in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19fa1d) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#18 0x7faf1658ce9b (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18ce9b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#19 0x7faf1667a637 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x27a637) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#20 0x7faf1658a726 in _PyObject_MakeTpCall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18a726) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#21 0x7faf1659e0ae in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19e0ae) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#22 0x7faf165db031 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1db031) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#23 0x7faf1659fa1d in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19fa1d) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#24 0x7faf1658ce9b (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18ce9b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#25 0x7faf1667a637 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x27a637) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#26 0x7faf1658a726 in _PyObject_MakeTpCall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18a726) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#27 0x7faf1659e0ae in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19e0ae) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#28 0x7faf1658cf1b (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18cf1b) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#29 0x7faf165c3c5a (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1c3c5a) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#30 0x7faf1658a9b5 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18a9b5) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#31 0x7faf1658a726 in _PyObject_MakeTpCall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18a726) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#32 0x7faf165a366e in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1a366e) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#33 0x7faf1662f875 in PyEval_EvalCode (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x22f875) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#34 0x7faf166498fc (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x2498fc) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#35 0x7faf165b17fe (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1b17fe) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#36 0x7faf1658c798 in PyObject_Vectorcall (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x18c798) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#37 0x7faf1659e0ae in _PyEval_EvalFrameDefault (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x19e0ae) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#38 0x7faf16664a89 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x264a89) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#39 0x7faf16663a38 in Py_RunMain (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x263a38) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#40 0x7faf1661e3b5 in Py_BytesMain (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x21e3b5) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
#41 0x7faf1602b2fa in __libc_start_call_main (/lib64/libc.so.6+0x2b2fa) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#42 0x7faf1602b3ca in __libc_start_main_impl (/lib64/libc.so.6+0x2b3ca) (BuildId: 8523b213e7586a93ab00f6dd476418b1e521e62c)
#43 0x564f2695f074 in _start (/usr/bin/python3.13+0x1074) (BuildId: 381e7a168bb2c479b5b88bcfd875777e342d6b45)
0x7d2f14452360 is located 736 bytes inside of 861-byte region [0x7d2f14452080,0x7d2f144523dd)
freed by thread T0 here:
#0 0x7faf16d208eb (/lib64/libasan.so.8+0x1208eb) (BuildId: 61b31c4760766f5f2552c32e175755894d8f6565)
#1 0x7faf14560a72 in _tc_free_poolmem ../../lib/talloc/talloc.c:1080
#2 0x7faf1455f71b in _tc_free_internal ../../lib/talloc/talloc.c:1215
#3 0x7faf1455ee1b in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#4 0x7faf1455ee1b in _tc_free_internal ../../lib/talloc/talloc.c:1184
#5 0x7faf14560315 in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#6 0x7faf14560315 in _talloc_free ../../lib/talloc/talloc.c:1792
#7 0x7baf0a5c3883 in py_cli_notify_get_changes ../../source3/libsmb/pylibsmb.c:2274
#8 0x7faf165ba239 (/lib64/glibc-hwcaps/x86-64-v3/libpython3.13.so.1.0+0x1ba239) (BuildId: 3925b60e845f4803e4de04e1fdf7845f2e54ecb0)
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 14 12:35:37 UTC 2025 on atb-devel-224
|
|
Fix: typecast changing from (unsigned int)expire to
(intmax_t)expire as intmax_t can hold epoch seconds
after 2038 year
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
We return in the if-branch
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
We have tevent_req_nomem() for this
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
We have reserved fields after those 16-bit ones. With little endian
those are set to 0 with PUSH_LE32. That is unnecessary here, the
fields are already set to 0. This patch is not for efficiency, I just
got a bit confused by the subtlety.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
"struct smb2_hnd" is talloced here, use talloc_get_type_abort()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Put here from the "client smb encryption over quic" settings
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
We have to carry a copy over from the tstream_tls_params used to
connect, we can't get this information out once the tls-protected
tstream is established
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15843
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail
if it can't contact X DCs. This is not really what we want. What we want is: we
want at least one DC, and up to X.
Change implemenentation in that sense and rename the min_servers argument to
wanted_servers to express this behaviour change.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15844
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Aug 13 19:31:10 UTC 2025 on atb-devel-224
|
|
This way we throw away blacklisted servers right away when learning about them
from the DNS SRV query.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul 30 10:10:21 UTC 2025 on atb-devel-224
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
|
|
~/.wireshark/smb2_seskey_list
This allows dumping the keys and quickly feeding them into Wireshark by adding
them to ~/.wireshark/smb2_seskey_list.
Example:
debug encryption: dumping generated session keys
Session Id [0000] 7D 00 00 E8 57 E0 31 01 }...W.1.
Session Key [0000] 71 54 77 50 C1 DD 66 68 A8 51 D8 DE 23 F4 91 01 qTwP..fh .Q..#...
Signing Key [0000] B1 29 AC EF 41 30 AE D2 43 00 1F 67 87 29 BF DB .)..A0.. C..g.)..
App Key [0000] 6A 88 5C 51 51 22 FF 5C 25 95 A2 5C E2 2C FC 5D j.\QQ".\ %..\.,.]
ServerIn Key [0000] 20 08 EB A2 14 99 17 03 9C A5 9A BB B8 48 88 3C ....... .....H.<
ServerOut Key [0000] 15 AA C2 0D 19 AB 4C 26 64 E8 FC 94 B1 FE 27 5A ......L& d.....'Z
Wireshark configuration line
7d0000e857e03101,71547750c1dd6668a851d8de23f49101,15aac20d19ab4c2664e8fc94b1fe275a,2008eba2149917039ca59abbb848883c
When setting
debug encryption = yes
debug encryption:wireshark keyfile = /home/slow/.wireshark/smb2_seskey_list
the keys are appended directly to Wireshark's keyfile. Wireshark has to be
restarted to pick them up.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
The server side already does that and I'm aiming for consolidating server and
client code for dumping the keys.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
By passing the individual keys directly instead of passing the wrapping state
objects, smbXcli_session_dump_keys() can later also be used by the server code.
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
More callers to come...
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
By default we fallback to ngtcp2 if the kernel has no quic.ko
support.
To force it the following option can be used:
client smb transport:force_ngtcp2_quic=yes
To disable it the following option can be used:
client smb transport:allow_ngtcp2_quic=no
From within libsmbclient.so we can't use it at all
as there's no way monitor the connection in order
to handle acked and keep alive pings.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'client smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls ca directories'
'tls trust system cas'
'tls cafile'
'tls crlfile'
'tls verify peer'
Note that tools like smbclient are able to take
--option='client smb transports = quic" --option='tls verify peer=no_check'
in order to test it without changing smb.conf,
You may not want to use 'tls verify peer=no_check' for
production, it would make the transport as unprotected
as a tcp connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15862
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15862
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Only used there
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
Only used there
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
|
|
This can be used to force the tstream based code path in smbXcli_conn.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This allows it to set the callers value to -1 when it was moved.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
