summaryrefslogtreecommitdiff
path: root/libcli
AgeCommit message (Collapse)AuthorFilesLines
2012-03-10Fix bug #8797 - Samba does not correctly handle DENY ACEs when privileges apply.Richard Sharpe1-26/+28
Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Mar 10 01:33:45 CET 2012 on sn-devel-104
2012-03-04libcli:smb: define SMB2_HDR_FLAG_REPLAY_OPERATIONMichael Adam1-0/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Sun Mar 4 15:10:38 CET 2012 on sn-devel-104
2012-03-03smbXcli: add the possiblilty to negotiate client capabilites in smb >= 2.2Michael Adam2-3/+11
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-03-03libcli:smb: define SMB2_DHANDLE_FLAG_PERSISTENTMichael Adam1-0/+5
2012-03-03libcli:smb: add new SMB2 share flagsMichael Adam1-1/+5
* FORCE_LEVELII_OPLOCKS * ENABLE_HASH_V1 * ENABLE_HASH_V2 * ENCRYPT_DATA
2012-03-03libcli:smb: upgrade SMB2_CAP_ALL to include the newly known capsMichael Adam1-1/+8
2012-03-03libcli:smb: add defines for SMB2.2 share capabilitiesMichael Adam1-1/+4
* continuous avaliability * cluster * scaleout
2012-03-03libcli:smb: add defines for SMB2.2 global capabilitiesMichael Adam1-4/+9
* multi channel * persistent handles * directory leasing * encryption
2012-03-03libcli:smb: define DH2Q and DH2C tags for smb2 extra create blobsMichael Adam1-0/+2
These are the tags for the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 and SMB2_CREATE_DURABLE_HANDLE_RECONNECT_V2, the second version of the SMB2_CREATE_DURABLE_HANDLE_REQUEST (DHnQ) and SMB2_CREATE_DURABLE_HANDLE_RECONNECT (DHnC), which are only available for SMB 2.2 (and newer).
2012-03-03smb2_constants: fix a typoChristian Ambach1-1/+1
Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Sat Mar 3 09:04:40 CET 2012 on sn-devel-104
2012-03-02smb2_constants: add SMB2_WATCH_TREEChristian Ambach1-0/+3
2012-02-29libcli/smb/smb2_signing: rename smb2_key_deviration -> smb2_key_derivationMichael Adam3-5/+5
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Feb 29 09:01:54 CET 2012 on sn-devel-104
2012-02-29libcli/smb/smbXcli: use smb2_key_deviration() to setup SMB 2.24 keysStefan Metzmacher1-2/+41
This uses the key diveration function from "NIST Special Publication 800-108" in counter mode (section 5.1). Thanks to Jeremy, Michael and Volker for the debugging! metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Feb 29 04:54:48 CET 2012 on sn-devel-104
2012-02-29libcli/smb/smb2_signing: implement aes_cmac_128 based signing for SMB 2.24Stefan Metzmacher1-18/+58
metze
2012-02-29libcli/smb/smb2_signing: add smb2_key_deviration()Stefan Metzmacher2-0/+37
This implements a simplified version of "NIST Special Publication 800-108" section 5.1 using hmac-sha256. Thanks to Jeremy, Michael and Volker for the debugging! metze
2012-02-27libcli/smb/smb2_signing: pass down 'protocol' to smb2_signing_[sign|check]_pdu()Stefan Metzmacher4-2/+11
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Mon Feb 27 14:26:32 CET 2012 on sn-devel-104
2012-02-27libcli/smb/smb2_signing: rename session_key to signing_keyStefan Metzmacher2-9/+9
metze
2012-02-27libcli/smb/smbXcli: remove unused if statement from ↵Stefan Metzmacher1-3/+1
smb2cli_conn_dispatch_incoming() metze
2012-02-27libcli/smb/smbXcli: add smb2cli_session_application_key()Stefan Metzmacher2-0/+28
metze
2012-02-27libcli/smb/smbXcli: maintain smb2 channel_signing_key separate from the ↵Stefan Metzmacher2-58/+131
signing_key The signing_key is fix across all channels and is used for session setups on a channel binding. Note: - the last session setup response is signed with the new channel signing key. - the reauth session setups are signed with the channel signing key. It's also not needed to remember the main session key. metze
2012-02-27libcli/smb/smbXcli: remove unused checks from smb2cli_session_create_channel()Stefan Metzmacher1-11/+0
metze
2012-02-25libcli: Remove a pointless checkVolker Lendecke1-3/+1
"n" is size_t, so it is always >=0.
2012-02-22Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but ↵Richard Sharpe1-0/+5
has no permission for that, but token has SeTakeOwnershipPrivilege Autobuild-User: Richard Sharpe <sharpe@samba.org> Autobuild-Date: Wed Feb 22 19:19:32 CET 2012 on sn-devel-104
2012-02-17auth: Move the rest of the source4 gensec_ntlmssp code to the top levelAndrew Bartlett2-3/+3
The ntlmssp_server code will be in common shortly, and aside from a symbol name or two, moving the client code causes no harm and makes less mess. We will also get the client code in common very soon. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-02-17auth/kerberos: Move gse_get_session_key() to common code and use in ↵Andrew Bartlett1-0/+17
gensec_gssapi Thie ensures that both code bases use the same logic to determine the use of NEW_SPNEGO. Andrew Bartlett
2012-01-31libcli/smb: Convert struct smb_trans_enc_state to tallocAndrew Bartlett3-22/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3-libsmb: Remove unused enum smb_trans_enc_typeAndrew Bartlett1-7/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-29libcli/util: fix typo in nt_errs[] for NT_STATUS_NETWORK_SESSION_EXPIREDStefan Metzmacher1-1/+1
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sun Jan 29 14:11:12 CET 2012 on sn-devel-104
2012-01-27libcli/smb: fix smbXcli_negprot(..., PROTOCOL_NT1, PROTOCOL_SMB2_02)Stefan Metzmacher1-3/+6
The SMB1 negprot request already consumed the SMB2 sequence '0'. This also happens for the SMB 2.02 case. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Fri Jan 27 15:27:41 CET 2012 on sn-devel-104
2012-01-23lib: use differing NTSTATUS and WERROR struct membersDavid Disseldorp1-2/+2
This allows the compiler to catch uses of incorrectly typed arguments for [NT_STATUS|W_ERROR]_IS_OK() and [NT_STATUS|W_ERROR]_EQUAL(). I.e. WERROR werr; werr = my_fn(); /* XXX returns WERROR type */ if (NT_STATUS_EQUAL(werr, NT_STATUS_OBJECT_NAME_COLLISION)) {
2012-01-21s3-libsmb: Always allow SMB_TRANS_ENC_GSS to be definedAndrew Bartlett1-4/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Jan 21 01:28:54 CET 2012 on sn-devel-104
2012-01-20s3-libsmb: Remove unused smb_tran_enc_state_gss and gssapi headersAndrew Bartlett1-15/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libsmb: use struct gensec_security directlyAndrew Bartlett2-7/+5
This is rather than via a now one-element union. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libcli Change krb5 smb sealing to call via gensec and gensec_gseAndrew Bartlett2-199/+4
This also fixes the support for smb sealing with krb5 in make test, as this now relies on secrets.tdb rather than /etc/krb5.keytab. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-12auth/kerberos: Remove unused TALLOC_CTX argument to check_pac_checksumAndrew Bartlett1-2/+1
2012-01-11Second part of fix for bug #8673 - NT ACL issue.Jeremy Allison1-3/+4
Ensure we process the entire ACE list instead of returning ACCESS_DENIED and terminating the walk - ensure we only return the exact bits that cause the access to be denied. Some of the S3 fileserver needs to know if we are only denied DELETE access before overriding it by looking at the containing directory ACL. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
2012-01-10krb5: Require krb5_string_to_key be available to build with krb5Andrew Bartlett1-1/+1
2012-01-10krb5: Require krb5_principal_compare_any_realm be available to build with krb5Andrew Bartlett1-28/+0
2012-01-10krb5: Require krb5_c_verify_checksum is available to build with krb5Andrew Bartlett1-63/+20
2012-01-05libcli/smb: Add smbXcli_conn_samba_suicideVolker Lendecke2-0/+105
This is a pure test tool against Samba servers
2012-01-01Fix the build without kerberosVolker Lendecke1-0/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Sun Jan 1 23:56:24 CET 2012 on sn-devel-104
2011-12-28auth/kerberos: Move gssapi_parse.c to the top levelAndrew Bartlett1-0/+4
This will help with writing a gensec module for the s3 gse layer. Andrew Bartlett
2011-12-23lib: Fix NT_STATUS_ALL_SIDS_FILTERED definitionVolker Lendecke1-1/+1
This seems to be more in line with all the other NT_STATUS definitions. Metze, please check. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Dec 23 23:19:17 CET 2011 on sn-devel-104
2011-12-22libcli/smb: add PROTOCOL_SMB2_24 supportStefan Metzmacher2-1/+3
metze
2011-12-22libcli/smb: add SMB2_DIALECT_REVISION_224Stefan Metzmacher1-0/+1
This is specified in the new [MS-SMB2] preview document. metze
2011-12-17libcli/util: add NT_STATUS_NETWORK_SESSION_EXPIRED and ↵Stefan Metzmacher2-0/+4
NT_STATUS_ALL_SIDS_FILTERED metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Sat Dec 17 14:24:40 CET 2011 on sn-devel-104
2011-12-12libcli: Remove an unused variableVolker Lendecke1-1/+0
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Mon Dec 12 23:21:49 CET 2011 on sn-devel-104
2011-12-12s4-lsarpc handle more info levels in SetInfoTrustedDomain callsAndrew Bartlett4-1/+403
This uses the very helpful conversion functions written for the s3 lsa server and places these in common. Andrew Bartlett
2011-11-29smbXcli: add support for SMBreadBrawStefan Metzmacher1-7/+54
metze
2011-11-29smbXcli: add smb1cli_conn_server_{readbraw,writebraw,lockread,writeunlock}()Stefan Metzmacher2-0/+24
metze