summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2013-08-15libcli/smb: fix the credit handling on a SMB1 => SMB2 negotiateStefan Metzmacher1-1/+6
Our cur_credit value had 1 credit too many in the case of an SMB1 => SMB2 upgrade. When we max out the credits the server disconnected the connection. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-12libsmb: Remove an unnecessary variable assignmentVolker Lendecke1-2/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-12libsmb: Avoid an unnecessary "else"Volker Lendecke1-1/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth: add more const to spnego_negTokenInit->mechTypesStefan Metzmacher3-13/+18
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Aug 10 11:11:54 CEST 2013 on sn-devel-104
2013-08-10libcli/auth: avoid possible mem leak in read_negTokenInit()Stefan Metzmacher1-4/+15
Also add error checks. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth/schannel: remove unused schannel_positionStefan Metzmacher1-7/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth/schannel: make struct schannel_state privateStefan Metzmacher2-13/+12
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth: add netsec_create_state()Stefan Metzmacher2-0/+26
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-10libcli/auth: maintain the sequence number for the NETLOGON SSP as 64bitStefan Metzmacher2-5/+14
See [MS-NPRC] 3.3.4.2 The Netlogon Signature Token. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-08-09lib: add FSCTL_[GET/SET]_COMPRESSION constantsDavid Disseldorp1-0/+3
Values taken from MS-FSCC. Signed-off-by: David Disseldorp <ddiss@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-08-06libcli: Add security_token_system_privilege().Andreas Schneider2-0/+23
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2013-08-05libcli/auth: add netlogon_creds_shallow_copy_logon()Stefan Metzmacher2-0/+76
This can be used before netlogon_creds_encrypt_samlogon_logon() in order to keep the provided buffers unchanged. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05libcli/auth: add netlogon_creds_[de|en]crypt_samlogon_logon()Stefan Metzmacher2-0/+124
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05libcli/auth: fix shadowed declaration in ↵Stefan Metzmacher1-4/+4
netlogon_creds_crypt_samlogon_validation() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05libcli/auth: make netlogon_creds_crypt_samlogon_validation more robustStefan Metzmacher1-1/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-08-05libcli/auth: also set secure channel type in netlogon_creds_client_init().Günther Deschner2-0/+3
Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
2013-07-31libcli: fix conversion logic in dom_sid_string_bufJeff Layton1-10/+18
Signed-off-by: Jeff Layton <jlayton@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31libcli: fix conversion logic in dom_sid_parse_endpJeff Layton1-14/+15
Signed-off-by: Jeff Layton <jlayton@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-31schannel: Fix an unused variableVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-07-19Add error map of STATUS_INVALID_EA_NAME -> ERRDOS, ERRbadfileJeremy Allison1-0/+1
(from Windows2012 tests). Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":" Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-06-24libcli/ldap: Cope with substring match with no chunks in ldap_push_filterAndrew Bartlett1-18/+21
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-06-21Add missing SMB2/SMB3 share capability flag defineSteve French1-0/+1
SMB3.02 adds SHARE_CAP_ASYMMETRIC Signed-off-by: Steve French <smfrench@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 21 22:57:16 CEST 2013 on sn-devel-104
2013-06-19build: Build with system md5.h on OpenIndianaAndrew Bartlett5-9/+9
This changes (again...) our system md5 detection to cope with how OpenIndiana does md5. I'm becoming increasingly convinced this isn't worth our while (we should have just done samba_md5...), but for now this change seems to work on FreeBSD, OpenIndiana and Linux with libbsd. This needs us to rename struct MD5Context -> MD5_CTX, but we provide a config.h define to rename the type bad if MD5_CTX does not exist (it does however exist in the md5.h from libbsd). Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 19 21:32:36 CEST 2013 on sn-devel-104
2013-05-20doserr: add mapping for WERR_PRINT_PROCESSOR_ALREADY_INSTALLED.Günther Deschner1-0/+1
Guenther Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-04-30libcli: Add smb2_lease marshallingVolker Lendecke3-0/+94
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-04-30libsmb: Move "struct smb2_lease" to commonVolker Lendecke3-0/+45
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-04-18libcli/smb: add SMB2_LEASE_FLAG_* definesStefan Metzmacher1-0/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
2013-04-12schannel_store.tdb: make it schannel_store.ntdb if 'use ntdb'.Rusty Russell1-1/+1
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-12libcli/auth: convert to dbwrap.Rusty Russell3-39/+37
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-04-02Add a comment about why we are removing the INHERITED bit so people understand.Richard Sharpe1-0/+9
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Apr 2 20:05:13 CEST 2013 on sn-devel-104
2013-03-28Make sure that we only propogate the INHERITED flag when we are allowed to.Richard Sharpe1-1/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 28 19:43:41 CET 2013 on sn-devel-104
2013-03-28libcli/auth: avoid using transactions a chainlock is enoughStefan Metzmacher1-10/+26
We're just writting a single record into a CLEAR_IF_FIRST|TDB_NOSYNC tdb. We just need to make sure we lock the record between reading and writting. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Mar 28 14:52:14 CET 2013 on sn-devel-104
2013-03-20libcli/smb: smb1cli_inbuf_parse_chain() and smb1cli_conn_dispatch_incoming() ↵Jeremy Allison1-2/+2
should use smb_len_tcp. They have to cope with large READX call replies that have a length greater than smb_len_nbt() can handle. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-03-20libcli/smb: defer failing for missing NEGOTIATE_SECURITY_SIGNATURES_ENABLEDStefan Metzmacher1-0/+9
Windows servers take a look at the FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED flag during a session setup and turn on signing if the client requires it. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-20libcli/smb: add SMB_CAP_LEGACY_CLIENT_MASK defineStefan Metzmacher1-0/+10
Older Samba releases (<= 3.6.x) expect the client to send CAP_LARGE_READX in order to let the client use large reads. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-03-02Move python modules from source4/scripting/python/ to python/.Jelmer Vernooij1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Mar 2 03:57:34 CET 2013 on sn-devel-104
2013-02-23Fix bug #9674 - Samba denies owner Read Control when there is a DENY entry ↵Richard Sharpe1-3/+3
while W2K08 does not. Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Feb 23 19:28:15 CET 2013 on sn-devel-104
2013-02-19libcli/smb: make use of samba_tevent_context_init()Stefan Metzmacher14-15/+15
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-02-19libcli/cldap: make use of samba_tevent_context_init()Stefan Metzmacher1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-01-30Add new function smbXcli_session_copy(), to be used when creating compound ↵Jeremy Allison2-0/+29
SMB2 requests. Copies the signing state needed to make client compound requests work on signed connections. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-01-27libcli/security: calculate INHERIT_ONLY correcty for AUDIT and ALARM aces ↵Stefan Metzmacher1-4/+16
(bug #9481) Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-22libcli/auth: fix void function cannot return value errorAndrew Bartlett1-2/+2
Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 22 22:32:31 CET 2013 on sn-devel-104
2013-01-22libcli-acl: add documentationMatthieu Patou1-1/+19
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21security: Add documentationMatthieu Patou1-0/+9
Names seems to be a bit cryptic and misleading (at least for me). So documenting them should remove at least partially this problem. Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli-security: Add documentation for object_tree_modify_accessMatthieu Patou1-2/+12
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: remove useless if (root->num_of_children > 0) statementsAndrew Bartlett1-8/+4
The for loop does this implicitly when comparing for (i = 0; i < root->num_of_children; i++) Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: add init_mask to existing children in insert_in_object_treeStefan Metzmacher1-0/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: handle node initialisation in one spot in ↵Andrew Bartlett2-38/+37
insert_in_object_tree() This removes special-case for initalising the children array in insert_in_object_tree(). talloc_realloc() handles the intial allocate case perfectly well, so there is no need to have this duplicated. This also restores having just one place were the rest of the elements are intialised, to ensure uniform behaviour. To do this, we have to rework insert_in_object_tree to have only one output variable, both because having both root and new_node as output variables was too confusing, and because otherwise the two pointers were being allowed to point at the same memory. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: avoid usage of dom_sid_parse_talloc() in sec_access_check_ds()Stefan Metzmacher1-8/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-21libcli/security: simplify get_ace_object_type()Stefan Metzmacher1-8/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>