summaryrefslogtreecommitdiff
path: root/source4/lib
AgeCommit message (Collapse)AuthorFilesLines
2025-09-02lib: Fix Coverity ID 1509061 Use of 32-bit time_tVolker Lendecke1-1/+4
"man gnutls_x509_crt_set_serial" says that the serial number should be a big-endian positive integer of up to 20 bytes.... Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-02tls: Reorder macro for easier readabilityVolker Lendecke1-5/+5
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-02tls: Make tstream_tls_params_quic_enabled a bit easier to readVolker Lendecke1-3/+7
YMMV Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-02tls: Fix a printf sign mismatchVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-09-02tls: Fix whitespaceVolker Lendecke1-4/+4
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
2025-08-26s4:libsocket: better diagnostics for no interfacesDouglas Bagnall1-3/+8
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
2025-08-26s4:lib/tls: add additional dns hostnames as GNUTLS_SAN_DNSNAME for ↵Stefan Metzmacher3-0/+18
self-signed certificates It's better to include X509v3 Subject Alternative Name with DNS names also for additional dns hostnames. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15899 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Aug 26 22:00:26 UTC 2025 on atb-devel-224
2025-08-26s4:lib/tls: set GNUTLS_SAN_DNSNAME for self-signed certificatesStefan Metzmacher1-0/+3
It's better to include X509v3 Subject Alternative Name with DNS names in the self-signed certificate... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15899 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-26s4:lib/tls: let tstream_tls_params_server_lpcfg() use lpcfg_dns_hostname() ↵Stefan Metzmacher2-3/+1
internally This is simpler and the next step will also make use of lpcfg_additional_dns_hostnames() too... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15899 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-22lib: tstream_tls_verify_peer_trusted()Volker Lendecke2-0/+6
We can only trust a tls connection if at connection setup we checked the certificates Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-08-22tls: Add tstream_tls_params_verify_peer()Volker Lendecke2-0/+18
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-07-17s4:lib/tls: add tstream_tls_ngtcp2_connect_send/recvStefan Metzmacher3-0/+2023
This implemented a tstream_context for a single QUIC stream using libngtcp2 over an udp socket. This will allow us to support the SMB over QUIC protocol on the client side even without quic.ko kernel support. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-07-17s4:lib/tls: add tstream_tls_params_quic_{prepare,enabled() and ↵Stefan Metzmacher3-3/+391
tstream_tls_quic_handshake[_{send,recv}]() This requires https://github.com/lxin/quic, which provides a kernel module quic.ko for Linux (tested with Linux 6.8 and 6.14). The userspace libquic is mirrored under third_party/quic for now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2025-05-19s4:libnet: pass an explicit talloc parent to libnet_context_init()Stefan Metzmacher1-1/+1
We should not implicitly use the tevent_context as talloc parent. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-05-19s4:messaging/tests: correctly teardown imessage contextsStefan Metzmacher1-2/+13
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2025-04-18s4:libcli: pass struct loadparm_context to smbcli_full_connection()Stefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-04-18s4:lib/tls: introduce tstream_tls_params_server_lpcfg()Stefan Metzmacher2-0/+27
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-04-18s4:libcli: remove unused ports from smbcli_full_connection()Stefan Metzmacher1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2025-01-29s4:lib/messaging: make use of CHECK_DEBUGLVLC(DBGC_RPC_PARSE, ...) in ↵Stefan Metzmacher1-1/+1
irpc_bh_do_ndr_print() This makes sure the debug class rpc_parse is used for ndr dump output. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2024-11-19smbpasswd4: Simplify smbpasswd_sethexpwd()Volker Lendecke1-5/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-11-12lib: simplify smbpasswd_sethexpwd() with hex_encode_buf()Volker Lendecke1-4/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-11-12lib: simplify smbpasswd_gethexpwd() with strhex_to_str()Volker Lendecke1-24/+20
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-11-11tstream_tls: Add tstream_tls_params_peer_name()Volker Lendecke2-0/+8
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2024-11-06s4:reg: s/the there/there/ in commentsDouglas Bagnall1-3/+3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
2024-09-26s4:lib/messaging: implement irpc_bh_get_binding()Stefan Metzmacher1-2/+42
We just use NCACN_INTERNAL here... Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
2024-09-18s4:lib/messaging: fix interaction between imessaging_reinit and irpc_destructorStefan Metzmacher1-0/+9
This was missing in commit 0d096931196524a2d1bf59470bc629dc9231131e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15280 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Sep 18 19:45:56 UTC 2024 on atb-devel-224
2024-06-05build: Remove incorrect pyembed=True from samba-policyAndrew Bartlett1-7/+3
This is a normal C library, used by python but does not use any python itself (nor by dependencies any longer). Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-06-05s4-libnet: Split up samba-net into samba-net and samba-net-joinAndrew Bartlett1-2/+1
samba-net-join links to python and so needs the variable name with the python ABI tag, while samba-net is a normal C library and can be included in a package without python dependencies. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
2024-04-23s4:lib/tls: add tstream_tls_sync_setup()Stefan Metzmacher2-0/+195
This operates in a non-async fashion and may block in the push and pull function. It will be used to plug into openldap transport layer, this is needed in order to have access to the channel bindings. And also use the same configuration for all our gnutls based tls code. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: add support for ↵Stefan Metzmacher2-5/+58
gnutls_certificate_set_x509_{system_trust,trust_dir}() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: add tstream_tls_channel_bindings()Stefan Metzmacher2-0/+68
This is based on GNUTLS_CB_TLS_SERVER_END_POINT and is the value that is required for channel bindings in LDAP of active directory domain controllers. For gnutls versions before 3.7.2 we basically copied the code from the GNUTLS_CB_TLS_SERVER_END_POINT implementation as it only uses public gnutls functions and it was easy to re-implement. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: add tstream_tls_params_client_lpcfg()Stefan Metzmacher2-0/+52
This will be able simplify the callers a lot... BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: split out tstream_tls_verify_peer() helperStefan Metzmacher1-66/+81
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: include a TLS server name indication in the client handshakeStefan Metzmacher1-0/+22
This is not strictly needed, but it might be useful for load balancers. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: we no longer need ifdef GNUTLS_NO_TICKETSStefan Metzmacher1-2/+0
We require gnutls 3.6.13 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: split out tstream_tls_prepare_gnutls()Stefan Metzmacher2-128/+106
Review with: git show --patience BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: assert that event contexts are not mixedStefan Metzmacher1-0/+18
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s3:lib/tls: we need to call tstream_tls_retry_handshake/disconnect() until ↵Stefan Metzmacher1-0/+25
all buffers are flushed Before the handshare or disconnect is over we need to wait until we delivered the lowlevel messages to the transport/kernel socket. Otherwise we'll have a problem if another tevent_context is used after the handshake. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23s4:lib/tls: remove tstream_tls_push_trigger_write stepStefan Metzmacher1-56/+5
At the time of https://bugzilla.samba.org/show_bug.cgi?id=7218, we tested this versions: 2.4.1 -> broken 2.4.2 -> broken 2.6.0 -> broken 2.8.0 -> broken 2.8.1 -> broken 2.8.2 -> OK 2.8.3 -> OK 2.8.4 -> OK 2.8.5 -> OK 2.8.6 -> OK 2.10.0 -> broken 2.10.1 -> broken 2.10.2 -> OK These seemed to be the fixes in gnutls upstream. Change 2.8.1 -> 2.8.2: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=28fb34099edaf62e5472cc6e5e2749fed369ea01 Change 2.10.1 -> 2.10.2: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=0d07d8432d57805a8354ebd6c1e7829f3ab159cb This shouldn't be a problem with recent (>= 3.6) versions of gnutls. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16lib: Give lib/util/util_file.c its own header fileVolker Lendecke4-1/+6
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2024-03-28lib: Use struct initialization in imessaging_client_init()Volker Lendecke1-8/+8
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Mar 28 09:13:43 UTC 2024 on atb-devel-224
2024-03-28lib: Fix whitespaceVolker Lendecke2-10/+9
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2023-12-08pymessaging: Remove trailing whitespaceJoseph Sutton1-6/+6
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-20Use python.h from libreplaceAndreas Schneider3-3/+3
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-01librpc:ndr: Introduce ‘ndr_flags_type’ typeJoseph Sutton1-1/+1
Instead of ‘int’ or ‘uint32_t’, neither of which convey much meaning, consistently use a newly added type to hold NDR_ flags. Update the NDR 4.0.0 ABI. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25s4/lib: remove packet_full_request_u16, not used anymoreRalph Boehme2-13/+0
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-25s4:lib: Fix code spellingJoseph Sutton1-1/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-10-13s4:messaging: Remove redundant codeJoseph Sutton1-3/+0
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-14s4:lib: Fix code spellingAndreas Schneider4-5/+5
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08s4:policy: Fix leakJoseph Sutton1-0/+1
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
generated by cgit v1.2.3 (git 2.25.1) at 2026-05-06 23:04:30 +0000