The branch, master has been updated
via 0e17b9cb19a selftest: Fix code spelling
via b415d736f06 s4:dsdb: Fix code formatting
via cf978d3e9fe s4:dsdb: Avoid buffer overflow in samdb_result_hashes()
via 3c01d9a6ea6 s4:dsdb: Mark hash returned by samdb_result_hash() as
secret
via 3a7f4da6c47 s4:dsdb: Correct reference to source file
via 7145993929a s4:dsdb: Remove trailing whitespace
via 8c9344ea02d s4:dsdb: Correct NDR push error message
via 2113f1c3178 s4:dsdb: Fix code spelling
via 3b54546de66 s4:dsdb: Remove trailing whitespace
via 75d9f5332d6 s4:auth: Fix code spelling
via 76b9c9a8a66 s4:libcli: Remove unnecessary uses of discard_const_p()
via e8497f13430 s4:dsdb: Remove duplicate userAccountControl array entry
via def0cd0fd4e s3:smbd: Fix code spelling
via 14da75c4e12 librpc:idl: Fix code spelling
via 19870248c06 librpc:idl: Remove trailing whitespace
via 437e3dd1e6a libcli/security: Make ‘replace_sid’ parameter const
via 0b287f2e4e9 lib:util: Remove trailing whitespace
via 160727acde8 ldb: Fix code spelling
via 0c1f421c107 ndr: ignore trailing bytes in ndr_pull_security_ace()
via a72c198921f ndr: ndr_push_security_ace: calculate coda size once
via ecb5da3e492 ndr: avoid object ACE push overhead for non-object ACE
via fce4d51eb49 ndr: avoid object ACE pull overhead for non-object ACE
via 2a60ec98409 ndr: do not push ACE->coda.ignored blob
via 4face258dee ndr: mark invalid pull ndr_flags as unlikely
via c2673b02a7a ndr: skip talloc when pulling empty DATA_BLOB
via ee1b8ae04b1 ndr: ACE push avoids no-op coda pushes
via dc08e7924c2 ndr: make security_ace push manual
via ac0c8ee01ea ndr: short-circuit ace coda if no bytes left
via 1e6a876c2cc ndr: shift ndr_pull_security_ace to manual code
via 9811762775b pidl: calculate subcontext_size only once per pull
via 5fa66376654 perftest: ndr_pack runs in none environment
via 93e6ea4cff2 perftest:ndr_pack: spin in do_nothing for a while
via 2f68545087f perftest:ndr_pack: use a valid dummy SID
via ceb5389260c perftest:ndr_pack_performance: remove irrelevant
imports, options
via d25fe2447b5 perftest:ndr_pack: slightly reduce python overhead
via e802611743a perftest: ndr_pack_performance gets more SD types
via d5371f6bcd2 perftest:ndr_pack: rename SD tests with object ACEs
via a3641b323b7 netcmd: models: mark some hidden fields on the base
Model as readonly
via dcb3dd59147 netcmd: models: tests: add tests for NtTimeField
via 37855511f63 netcmd: models: add new NtTimeField model field
via 4c08b420ddf netcmd: models: model field DateTimeField returns
datetime in UTC
via 10ef49b0491 netcmd: models: move enum import to correct place
via 21667b9b512 netcmd: models: fix build_expression on SIDField
handles security.dom_sid
via cbcc8039d15 netcmd: models: fix build_expression did not work with
EnumField
via 9bd7a56364d netcmd: models: fix BooleanField filtering didn't work
on FALSE value
via e11aa29ef85 netcmd: models: move expression code to Field class
via d8251cc0ea9 netcmd: models: add AccountType enum to User model
via 884b24dc6d8 netcmd: models: add AccountType IntFlag field
via 4595a1dae37 netcmd: models: EnumField now also supports IntFlag
via 3c8d449ad3d netcmd: models: check for None in build_expression
instead
via c2b63fe85ea netcmd: models: change import style to use brackets
via d046f71878e netcmd: models: enums and constants also brought forward
via 05f90fe1e4b netcmd: models: fix docstring was missing param
via d6fe66ddeeb python: Remove ‘typing.Final’
via ecc84aa448a python: do not make use of typing.Final for python 3.6
from 9b2f2302ee4 s3/rpc_client: cleanup unmarshalling of variant types
from row columns
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0e17b9cb19ae1c222ce86855bb348b9bef4dab63
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Fri Jan 12 13:28:55 2024 +1300
selftest: Fix code spelling
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Thu Feb 8 03:51:51 UTC 2024 on atb-devel-224
commit b415d736f0688d6f6aab982e12a3dc9c15fa2723
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Fri Jan 12 11:39:11 2024 +1300
s4:dsdb: Fix code formatting
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cf978d3e9fef1db1b5200de500c81d9de7f87572
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Fri Jan 12 10:43:39 2024 +1300
s4:dsdb: Avoid buffer overflow in samdb_result_hashes()
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 3c01d9a6ea672309e0291333893fdf05ee6e6629
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Fri Jan 12 10:42:51 2024 +1300
s4:dsdb: Mark hash returned by samdb_result_hash() as secret
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 3a7f4da6c47312e8235d0b0f6029776a9da04abf
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Thu Jan 11 15:05:22 2024 +1300
s4:dsdb: Correct reference to source file
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 7145993929ab3d45467436c528c00cabbf51c2c4
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Thu Jan 11 15:05:07 2024 +1300
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 8c9344ea02d5b8579fdadd7ff89c27c0db0f3e4e
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 8 15:05:11 2024 +1300
s4:dsdb: Correct NDR push error message
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 2113f1c3178c0c494b19b126dadf73953c6baf55
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 8 15:04:47 2024 +1300
s4:dsdb: Fix code spelling
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 3b54546de66e7202a485f22bdf8ebd5052bd5836
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 8 15:04:17 2024 +1300
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 75d9f5332d6334b13548ef7854d41e9ffee5ca77
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 15 10:23:51 2024 +1300
s4:auth: Fix code spelling
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 76b9c9a8a6609e0d18136c84b68c4a6d6b136ed2
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Fri Dec 8 17:12:06 2023 +1300
s4:libcli: Remove unnecessary uses of discard_const_p()
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit e8497f13430f74926bb3ad1a4775f2558a7d0cbb
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 8 11:41:30 2024 +1300
s4:dsdb: Remove duplicate userAccountControl array entry
This entry is identical to the third array entry.
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit def0cd0fd4e00516d2f4fdfac3c56a6076a85faa
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Wed Jan 10 12:25:25 2024 +1300
s3:smbd: Fix code spelling
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 14da75c4e12f42a2ba80d3f9d610f98cc02a155d
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 8 12:30:11 2024 +1300
librpc:idl: Fix code spelling
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 19870248c0676c08240cb30407c5182f70dd1d7e
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Jan 8 12:29:50 2024 +1300
librpc:idl: Remove trailing whitespace
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 437e3dd1e6aa985f3d731a1be15baae34d9ded62
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Tue Jan 9 15:33:38 2024 +1300
libcli/security: Make ‘replace_sid’ parameter const
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 0b287f2e4e9a7935b8b07872fe06454a5a85e489
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Mon Dec 4 14:29:08 2023 +1300
lib:util: Remove trailing whitespace
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 160727acde836533446409bf83cbe58cf4f02beb
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Wed Jan 10 12:01:26 2024 +1300
ldb: Fix code spelling
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Mon Jan 8 15:05:35 2024 +1300
ndr: ignore trailing bytes in ndr_pull_security_ace()
This returns the behaviour with ordinary ACEs to where it was with 4.19.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit a72c198921f64f2502f543c7158762c64cb3074e
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Mon Jan 8 14:50:30 2024 +1300
ndr: ndr_push_security_ace: calculate coda size once
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit ecb5da3e49283ca3a03dea81d22db4a081e192e4
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Mon Jan 1 10:21:55 2024 +1300
ndr: avoid object ACE push overhead for non-object ACE
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit fce4d51eb492a6fc807c6849cd4bd65ca7714509
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Mon Jan 1 10:21:33 2024 +1300
ndr: avoid object ACE pull overhead for non-object ACE
When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 2a60ec98409b161cfeb4b51414ba61feb26c01b9
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Sun Dec 31 17:45:36 2023 +1300
ndr: do not push ACE->coda.ignored blob
From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until
c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.
With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.
This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.
It may be that such ACEs no longer occur.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 4face258dee93dcd01dce71fcb7448b285ff4860
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Fri Dec 29 15:27:08 2023 +1300
ndr: mark invalid pull ndr_flags as unlikely
This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit c2673b02a7a51761e8b6631eb0c0e7062cbbed7b
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Fri Dec 29 15:15:48 2023 +1300
ndr: skip talloc when pulling empty DATA_BLOB
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit ee1b8ae04b10306c059174a5b4b637b080fe23fd
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Sun Dec 31 17:39:23 2023 +1300
ndr: ACE push avoids no-op coda pushes
We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.
This will not change the data on the wire.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit dc08e7924c2e359afeb4b86f306868cad00189a0
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Sun Dec 31 17:30:47 2023 +1300
ndr: make security_ace push manual
This will allow some optimisations; in this commit we just copy the
code.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit ac0c8ee01ea624e9c486251da2132710c2a43ddc
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Sun Dec 31 13:06:40 2023 +1300
ndr: short-circuit ace coda if no bytes left
The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.
We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.
This can save almost half the time of a security descriptor pull.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 1e6a876c2cc4b3b54895dde879492e756bb9b963
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Sun Dec 31 13:03:32 2023 +1300
ndr: shift ndr_pull_security_ace to manual code
This was manual until commit c73034cf7c4392f5d3505319948bc84634c20fa5
(a few months ago).
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 9811762775b28e16035afb2c319b55c4bf3699d3
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Thu Dec 28 23:07:56 2023 +1300
pidl: calculate subcontext_size only once per pull
For security_ace_coda in security.idl, the sub-context size is
involves a slightly non-trivial function call which returns a constant
value.
In all other cases, a constant expression is used, and this makes
no difference.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 5fa663766548eac2cc5932ae03d03b79ad1751b5
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Fri Jan 5 13:19:39 2024 +1300
perftest: ndr_pack runs in none environment
This is worth changing, because having a server running in the
background can only add noise to the results.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 93e6ea4cff2cb6bd084db27139addeea06945ea5
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Thu Jan 4 01:54:29 2024 +1300
perftest:ndr_pack: spin in do_nothing for a while
The idea was to get a less jittery idea of the underlying noise, but
ut is still almost instant. This I suppose is useful in indicating
that this much of the test has very little overhead.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit 2f68545087f25e5d4c7a7742d99527c7ebbd02ab
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Thu Jan 4 01:52:39 2024 +1300
perftest:ndr_pack: use a valid dummy SID
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit ceb5389260c4469a8f03ee884325ca981c18a36a
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Thu Jan 4 01:51:56 2024 +1300
perftest:ndr_pack_performance: remove irrelevant imports, options
This includes removing the ANCIENT_SAMBA switch for pre-4.3, as
nobody cares anymore and many tests would not run correctly anyway.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit d25fe2447b553087f6285c80907ca5d0debcd827
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Jan 3 09:43:01 2024 +1300
perftest:ndr_pack: slightly reduce python overhead
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit e802611743a9b899c18d6eeaa0a46323b676c296
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Mon Jan 1 21:48:15 2024 +1300
perftest: ndr_pack_performance gets more SD types
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit d5371f6bcd2fe991d08fcf2006ce62e6a7449ae9
Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Date: Wed Jan 3 09:26:51 2024 +1300
perftest:ndr_pack: rename SD tests with object ACEs
We are looking at an optimisation for non-object ACEs, which
are more common, but these tests are overwhelmed by object
(OA) ACEs.
Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
commit a3641b323b749275c5a55351346289b46b3ad881
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Wed Feb 7 13:53:03 2024 +1300
netcmd: models: mark some hidden fields on the base Model as readonly
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit dcb3dd59147a069a626af1f34afd4b46a44f5eeb
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Fri Feb 2 11:30:14 2024 +1300
netcmd: models: tests: add tests for NtTimeField
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 37855511f636f7bd0082d60d97db2a6113c3cd80
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Fri Feb 2 09:54:41 2024 +1300
netcmd: models: add new NtTimeField model field
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 4c08b420ddf8ce9b3ee28142ad32543eecd5d832
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Fri Feb 2 09:54:08 2024 +1300
netcmd: models: model field DateTimeField returns datetime in UTC
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 10ef49b0491bb59bcadd6af48c2318e1da4b2b53
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Fri Feb 2 09:45:19 2024 +1300
netcmd: models: move enum import to correct place
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 21667b9b512225bb74b375341e31c65dfec455a8
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Wed Feb 7 13:41:04 2024 +1300
netcmd: models: fix build_expression on SIDField handles security.dom_sid
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit cbcc8039d1525c2807b09818081f034bcb38a2a9
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Jan 18 15:47:52 2024 +1300
netcmd: models: fix build_expression did not work with EnumField
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 9bd7a56364db20ea5ec589d870822f2e43fd1e58
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Feb 1 16:16:11 2024 +1300
netcmd: models: fix BooleanField filtering didn't work on FALSE value
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit e11aa29ef85425c97f5f632ea292a8ac2a5681a6
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Feb 1 16:01:21 2024 +1300
netcmd: models: move expression code to Field class
This is necessary to deal with edge cases for specific fields.
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit d8251cc0ea95e82d3e648b3f39d70f5a706849b7
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Jan 18 15:44:18 2024 +1300
netcmd: models: add AccountType enum to User model
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 884b24dc6d82f72556192f102c882529e561d6ce
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Feb 1 16:53:17 2024 +1300
netcmd: models: add AccountType IntFlag field
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 4595a1dae3767309458080bc9df6b9ac2b492041
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Feb 1 16:52:17 2024 +1300
netcmd: models: EnumField now also supports IntFlag
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 3c8d449ad3d1285f0f87bcc5b17606f85b001ab4
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Jan 18 15:37:44 2024 +1300
netcmd: models: check for None in build_expression instead
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit c2b63fe85eaee8a130329ed03ef914cf556b9359
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Jan 18 15:30:04 2024 +1300
netcmd: models: change import style to use brackets
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit d046f71878e76a20dd5e880f186432a8fc3f8b45
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Jan 18 15:20:25 2024 +1300
netcmd: models: enums and constants also brought forward
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 05f90fe1e4b9f0ff6d87a0ee87e2f8dc1285db3e
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Thu Jan 18 11:33:11 2024 +1300
netcmd: models: fix docstring was missing param
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit d6fe66ddeeb99c550fa9a0f1abb845e6daf71f8a
Author: Jo Sutton <josut...@catalyst.net.nz>
Date: Fri Feb 2 12:23:58 2024 +1300
python: Remove ‘typing.Final’
This is only present in Python 3.8 and above.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Jo Sutton <josut...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit ecc84aa448a962f1a224144bbb65f0cef36a4279
Author: Rob van der Linde <r...@catalyst.net.nz>
Date: Fri Feb 2 12:54:41 2024 +1300
python: do not make use of typing.Final for python 3.6
Python 3.6 does not have typing.Final yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Rob van der Linde <r...@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/ldb/include/ldb.h | 12 +-
lib/util/time.h | 8 +-
libcli/security/access_check.c | 2 +-
libcli/security/access_check.h | 2 +-
librpc/idl/drsblobs.idl | 16 +--
librpc/idl/security.idl | 2 +-
librpc/ndr/libndr.h | 2 +-
librpc/ndr/ndr_basic.c | 6 +
librpc/ndr/ndr_sec_helper.c | 107 ++++++++++++++++-
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 5 +-
python/samba/gkdi.py | 16 +--
python/samba/netcmd/domain/auth/policy.py | 8 +-
python/samba/netcmd/domain/models/__init__.py | 4 +-
python/samba/netcmd/domain/models/fields.py | 63 ++++++++--
python/samba/netcmd/domain/models/model.py | 29 ++---
python/samba/netcmd/domain/models/types.py | 41 +++++++
python/samba/netcmd/domain/models/user.py | 4 +-
python/samba/nt_time.py | 8 +-
python/samba/tests/gkdi.py | 4 +-
python/samba/tests/samba_tool/domain_models.py | 75 ++++++++++--
selftest/expectedfail.d/encrypted_secrets | 2 +-
selftest/perf_tests.py | 4 +-
source3/smbd/msdfs.c | 2 +-
source3/smbd/smb2_ioctl_network_fs.c | 4 +-
source4/auth/sam.c | 2 +-
source4/dsdb/common/util.c | 12 +-
source4/dsdb/samdb/cracknames.c | 134 +++++++++++-----------
source4/dsdb/samdb/ldb_modules/acl.c | 2 +-
source4/dsdb/samdb/ldb_modules/password_hash.c | 32 +++---
source4/dsdb/samdb/ldb_modules/samldb.c | 5 -
source4/dsdb/tests/python/ndr_pack_performance.py | 121 +++++++++----------
source4/libcli/util/pyerrors.h | 8 +-
32 files changed, 502 insertions(+), 240 deletions(-)
create mode 100644 python/samba/netcmd/domain/models/types.py
Changeset truncated at 500 lines:
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 5d83a270573..dd6c9aa54c9 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -1160,8 +1160,8 @@ struct ldb_dn *ldb_get_default_basedn(struct ldb_context
*ldb);
from the ares reply passed on by the async core so that in the end all the
messages will be in the context (ldb_result) memory tree.
Freeing the passed context (ldb_result tree) will free all the resources
- (the request need to be freed separately and the result doe not depend on the
- request that can be freed as sson as the search request is finished)
+ (the request need to be freed separately and the result does not depend on
the
+ request that can be freed as soon as the search request is finished)
*/
int ldb_search_default_callback(struct ldb_request *req, struct ldb_reply
*ares);
@@ -1457,8 +1457,8 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn
*dn);
from the ares reply passed on by the async core so that in the end all the
messages will be in the context (ldb_result) memory tree.
Freeing the passed context (ldb_result tree) will free all the resources
- (the request need to be freed separately and the result doe not depend on the
- request that can be freed as sson as the search request is finished)
+ (the request need to be freed separately and the result does not depend on
the
+ request that can be freed as soon as the search request is finished)
*/
int ldb_extended_default_callback(struct ldb_request *req, struct ldb_reply
*ares);
@@ -1559,7 +1559,7 @@ void ldb_set_utf8_default(struct ldb_context *ldb);
\brief Casefold a string
Note that the callback needs to be ASCII compatible. So first ASCII needs
- to be handle before any UTF-8. This is needed to avoid issues with dotted
+ to be handled before any UTF-8. This is needed to avoid issues with dotted
languages.
\param ldb the ldb context
@@ -1637,7 +1637,7 @@ void ldb_ldif_read_free(struct ldb_context *ldb, struct
ldb_ldif *msg);
integer corresponding to the next byte read (or EOF if there is no
more data to be read).
\param private_data pointer that will be provided back to the read
- function. This is udeful for maintaining state or context.
+ function. This is useful for maintaining state or context.
\return the LDIF message that has been read in
diff --git a/lib/util/time.h b/lib/util/time.h
index 4870c84de62..bfbd1b811dd 100644
--- a/lib/util/time.h
+++ b/lib/util/time.h
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
time utility functions
@@ -11,12 +11,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -273,7 +273,7 @@ struct timeval timeval_current_ofs_msec(uint32_t msecs);
struct timeval timeval_current_ofs_usec(uint32_t usecs);
/**
- compare two timeval structures.
+ compare two timeval structures.
Return -1 if tv1 < tv2
Return 0 if tv1 == tv2
Return 1 if tv1 > tv2
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index e3dfe3df49c..3dc982332da 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -946,7 +946,7 @@ NTSTATUS sec_access_check_ds(const struct
security_descriptor *sd,
uint32_t access_desired,
uint32_t *access_granted,
struct object_tree *tree,
- struct dom_sid *replace_sid)
+ const struct dom_sid *replace_sid)
{
return sec_access_check_ds_implicit_owner(sd,
token,
diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h
index 7c424b9e05a..efe3d97f210 100644
--- a/libcli/security/access_check.h
+++ b/libcli/security/access_check.h
@@ -82,7 +82,7 @@ NTSTATUS sec_access_check_ds(const struct security_descriptor
*sd,
uint32_t access_desired,
uint32_t *access_granted,
struct object_tree *tree,
- struct dom_sid *replace_sid);
+ const struct dom_sid *replace_sid);
bool insert_in_object_tree(TALLOC_CTX *mem_ctx,
const struct GUID *guid,
diff --git a/librpc/idl/drsblobs.idl b/librpc/idl/drsblobs.idl
index 9d495698716..002c04f7903 100644
--- a/librpc/idl/drsblobs.idl
+++ b/librpc/idl/drsblobs.idl
@@ -39,7 +39,7 @@ interface drsblobs {
typedef [nodiscriminant] union {
[case(1)] replPropertyMetaDataCtr1 ctr1;
} replPropertyMetaDataCtr;
-
+
typedef [public] struct {
uint32 version;
[value(0)] uint32 reserved;
@@ -256,7 +256,7 @@ interface drsblobs {
NTTIME time;
uint32 u2;
uint32 u3;
- [value(ndr_size_ldapControlDirSyncExtra(&extra,
extra.uptodateness_vector.version, 0))]
+ [value(ndr_size_ldapControlDirSyncExtra(&extra,
extra.uptodateness_vector.version, 0))]
uint32 extra_length;
drsuapi_DsReplicaHighWaterMark highwatermark;
GUID guid1;
@@ -273,12 +273,12 @@ interface drsblobs {
[value(strlen(data))] uint16 data_len;
uint16 reserved; /* 2 for 'Packages', 1 for 'Primary:*', but
should be ignored */
[charset(UTF16)] uint8 name[name_len];
- /*
+ /*
* the data field contains data as HEX strings
*
* 'Packages':
* data contains the list of packages
- * as non termiated UTF16 strings with
+ * as non terminated UTF16 strings with
* a UTF16 NULL byte as separator
*
* 'Primary:Kerberos-Newer-Keys':
@@ -408,7 +408,7 @@ interface drsblobs {
[value(0x01)] uint8 unknown2;
uint8 num_hashes;
[value(0)] uint32 unknown3;
- [value(0)] udlong uuknown4;
+ [value(0)] udlong unknown4;
package_PrimaryWDigestHash hashes[num_hashes];
} package_PrimaryWDigestBlob;
@@ -422,7 +422,7 @@ interface drsblobs {
* Primary:userPassword each calculated hash,
* which is typically calculated via crypt(), the scheme is stored.
* The scheme name and the {scheme} format is re-used from OpenLDAP's
- * use for userPassword to aid interopability when exported.
+ * use for userPassword to aid interoperability when exported.
*
* The currently supported scheme so far is {CRYPT}, which may
* be specified multiple times if both CryptSHA256 ($5$) and
@@ -455,10 +455,10 @@ interface drsblobs {
samr_Password password;
} AuthInfoNT4Owf;
- /*
+ /*
* the secret value is encoded as UTF16 if it's a string
* but depending the AuthType, it might also be krb5 trusts have random
bytes here, so converting to UTF16
- * mayfail...
+ * may fail...
*
* TODO: We should try handle the case of a random buffer in all places
* we deal with cleartext passwords from windows
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index d1552475b63..8783b678157 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -715,7 +715,7 @@ interface security
[default][flag(NDR_REMAINING)] DATA_BLOB ignored;
} security_ace_coda;
- typedef [public,gensize,nosize] struct {
+ typedef [public,gensize,nosize,nopush,nopull] struct {
security_ace_type type; /* SEC_ACE_TYPE_* */
security_ace_flags flags; /* SEC_ACE_FLAG_* */
[value(ndr_size_security_ace(r,ndr->flags))] uint16 size;
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 70dd01e49a6..03d1aead01a 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -367,7 +367,7 @@ enum ndr_compression_alg {
};
#define NDR_PULL_CHECK_FLAGS(ndr, ndr_flags) do { \
- if ((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS)) { \
+ if (unlikely((ndr_flags) & ~(NDR_SCALARS|NDR_BUFFERS))) { \
return ndr_pull_error(ndr, NDR_ERR_FLAGS, "Invalid pull struct
ndr_flags 0x%"PRI_NDR_FLAGS_TYPE, ndr_flags); \
} \
} while (0)
diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c
index fc8620f28c7..5fd15730a74 100644
--- a/librpc/ndr/ndr_basic.c
+++ b/librpc/ndr/ndr_basic.c
@@ -1453,6 +1453,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_DATA_BLOB(struct
ndr_pull *ndr, ndr_flags_ty
} else {
NDR_CHECK(ndr_pull_uint3264(ndr, NDR_SCALARS, &length));
}
+ if (length == 0) {
+ /* skip the talloc for an empty blob */
+ blob->data = NULL;
+ blob->length = 0;
+ return NDR_ERR_SUCCESS;
+ }
NDR_PULL_NEED_BYTES(ndr, length);
*blob = data_blob_talloc(ndr->current_mem_ctx, ndr->data+ndr->offset,
length);
ndr->offset += length;
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index d74d31b2823..f870a17aafc 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -64,7 +64,11 @@ size_t ndr_size_security_ace(const struct security_ace *ace,
libndr_flags flags)
} else if (ace->type == SEC_ACE_TYPE_SYSTEM_RESOURCE_ATTRIBUTE) {
ret += ndr_size_security_ace_coda(&ace->coda, ace->type, flags);
} else {
- ret += ace->coda.ignored.length;
+ /*
+ * Normal ACEs have a coda.ignored blob that is always or
+ * almost always empty. We aren't going to push it (it is
+ * ignored), so we don't add that length to the size.
+ */
}
/* round up to a multiple of 4 (MS-DTYP 2.4.4.1) */
ret = (ret + 3ULL) & ~3ULL;
@@ -75,6 +79,107 @@ size_t ndr_size_security_ace(const struct security_ace
*ace, libndr_flags flags)
return ret;
}
+
+static inline enum ndr_err_code ndr_maybe_pull_security_ace_object_ctr(struct
ndr_pull *ndr,
+
ndr_flags_type ndr_flags,
+ struct
security_ace *r)
+{
+ /*
+ * If this is not an object ACE (as is usually common),
+ * ndr_pull_security_ace_object_ctr() will do nothing.
+ *
+ * By avoiding calling the function in that case, we avoid some
+ * tallocing and ndr token busywork.
+ */
+ bool is_object = sec_ace_object(r->type);
+ if (is_object) {
+ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object,
is_object));
+ NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, ndr_flags,
&r->object));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+
+_PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr,
ndr_flags_type ndr_flags, struct security_ace *r)
+{
+ NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
+ ssize_t sub_size;
+ NDR_CHECK(ndr_pull_align(ndr, 5));
+ NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS,
&r->type));
+ NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS,
&r->flags));
+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask));
+ NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr,
NDR_SCALARS, r));
+ NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee));
+ sub_size = ndr_subcontext_size_of_ace_coda(r, r->size,
ndr->flags);
+ if (!sec_ace_has_extra_blob(r->type) || sub_size == 0) {
+ r->coda.ignored.data = NULL;
+ r->coda.ignored.length = 0;
+ } else {
+ struct ndr_pull *_ndr_coda;
+ NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_coda, 0,
sub_size));
+ NDR_CHECK(ndr_pull_set_switch_value(_ndr_coda,
&r->coda, r->type));
+ NDR_CHECK(ndr_pull_security_ace_coda(_ndr_coda,
NDR_SCALARS|NDR_BUFFERS, &r->coda));
+ NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_coda, 0,
sub_size));
+ }
+ NDR_CHECK(ndr_pull_trailer_align(ndr, 5));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr,
NDR_BUFFERS, r));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+
+static inline enum ndr_err_code ndr_maybe_push_security_ace_object_ctr(struct
ndr_push *ndr,
+
ndr_flags_type ndr_flags,
+ const
struct security_ace *r)
+{
+ /*
+ * ndr_push_security_ace_object_ctr() does nothing (except tallocing
+ * and ndr_token fiddling) unless the ACE is an object ACE, which is
+ * usually very unlikely.
+ */
+ bool is_object = sec_ace_object(r->type);
+ if (is_object) {
+ NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object,
is_object));
+ NDR_CHECK(ndr_push_security_ace_object_ctr(ndr, ndr_flags,
&r->object));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr,
ndr_flags_type ndr_flags, const struct security_ace *r)
+{
+ NDR_PUSH_CHECK_FLAGS(ndr, ndr_flags);
+ if (ndr_flags & NDR_SCALARS) {
+ NDR_CHECK(ndr_push_align(ndr, 5));
+ NDR_CHECK(ndr_push_security_ace_type(ndr, NDR_SCALARS,
r->type));
+ NDR_CHECK(ndr_push_security_ace_flags(ndr, NDR_SCALARS,
r->flags));
+ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS,
ndr_size_security_ace(r, ndr->flags)));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->access_mask));
+ NDR_CHECK(ndr_maybe_push_security_ace_object_ctr(ndr,
NDR_SCALARS, r));
+ NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->trustee));
+ if (sec_ace_has_extra_blob(r->type)) {
+ struct ndr_push *_ndr_coda;
+ size_t coda_size = ndr_subcontext_size_of_ace_coda(
+ r,
+ ndr_size_security_ace(r, ndr->flags),
+ ndr->flags);
+ NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_coda, 0,
coda_size));
+ NDR_CHECK(ndr_push_set_switch_value(_ndr_coda,
&r->coda, r->type));
+ NDR_CHECK(ndr_push_security_ace_coda(_ndr_coda,
NDR_SCALARS|NDR_BUFFERS, &r->coda));
+ NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_coda, 0,
coda_size));
+ }
+ NDR_CHECK(ndr_push_trailer_align(ndr, 5));
+ }
+ if (ndr_flags & NDR_BUFFERS) {
+ NDR_CHECK(ndr_maybe_push_security_ace_object_ctr(ndr,
NDR_BUFFERS, r));
+ }
+ return NDR_ERR_SUCCESS;
+}
+
+
/*
* An ACE coda can't be bigger than the space allowed for by
* ace->size, so we need to check this from the context of the ACE.
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 859da0a914f..d7386d5b2cc 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -603,7 +603,8 @@ sub ParseSubcontextPullStart($$$$$)
$self->pidl("{");
$self->indent;
$self->pidl("struct ndr_pull *$subndr;");
- $self->pidl("NDR_CHECK(ndr_pull_subcontext_start($ndr, &$subndr,
$l->{HEADER_SIZE}, $subcontext_size));");
+ $self->pidl("ssize_t sub_size = $subcontext_size;");
+ $self->pidl("NDR_CHECK(ndr_pull_subcontext_start($ndr, &$subndr,
$l->{HEADER_SIZE}, sub_size));");
if (defined $l->{COMPRESSION}) {
$subndr = $self->ParseCompressionPullStart($e, $l, $subndr,
$env);
@@ -622,7 +623,7 @@ sub ParseSubcontextPullEnd($$$$$)
$self->ParseCompressionPullEnd($e, $l, $subndr, $env);
}
- $self->pidl("NDR_CHECK(ndr_pull_subcontext_end($ndr, $subndr,
$l->{HEADER_SIZE}, $subcontext_size));");
+ $self->pidl("NDR_CHECK(ndr_pull_subcontext_end($ndr, $subndr,
$l->{HEADER_SIZE}, sub_size));");
$self->deindent;
$self->pidl("}");
}
diff --git a/python/samba/gkdi.py b/python/samba/gkdi.py
index 9e3abb58a2f..4179263b769 100644
--- a/python/samba/gkdi.py
+++ b/python/samba/gkdi.py
@@ -20,7 +20,7 @@
from enum import Enum
from functools import total_ordering
-from typing import Final, Optional, Tuple
+from typing import Optional, Tuple
from cryptography.hazmat.primitives import hashes
@@ -30,14 +30,14 @@ from samba.ndr import ndr_pack, ndr_unpack
from samba.nt_time import NtTime, NtTimeDelta
-uint64_max: Final[int] = 2**64 - 1
+uint64_max: int = 2**64 - 1
-L1_KEY_ITERATION: Final[int] = _glue.GKDI_L1_KEY_ITERATION
-L2_KEY_ITERATION: Final[int] = _glue.GKDI_L2_KEY_ITERATION
-KEY_CYCLE_DURATION: Final[NtTimeDelta] = _glue.GKDI_KEY_CYCLE_DURATION
-MAX_CLOCK_SKEW: Final[NtTimeDelta] = _glue.GKDI_MAX_CLOCK_SKEW
+L1_KEY_ITERATION: int = _glue.GKDI_L1_KEY_ITERATION
+L2_KEY_ITERATION: int = _glue.GKDI_L2_KEY_ITERATION
+KEY_CYCLE_DURATION: NtTimeDelta = _glue.GKDI_KEY_CYCLE_DURATION
+MAX_CLOCK_SKEW: NtTimeDelta = _glue.GKDI_MAX_CLOCK_SKEW
-KEY_LEN_BYTES: Final = 64
+KEY_LEN_BYTES = 64
class Algorithm(Enum):
@@ -107,7 +107,7 @@ class UndefinedStartTime(Exception):
class Gkid:
__slots__ = ["_l0_idx", "_l1_idx", "_l2_idx"]
- max_l0_idx: Final = 0x7FFF_FFFF
+ max_l0_idx = 0x7FFF_FFFF
def __init__(self, l0_idx: int, l1_idx: int, l2_idx: int) -> None:
if not -1 <= l0_idx <= Gkid.max_l0_idx:
diff --git a/python/samba/netcmd/domain/auth/policy.py
b/python/samba/netcmd/domain/auth/policy.py
index de9ce4b004f..f65cff27381 100644
--- a/python/samba/netcmd/domain/auth/policy.py
+++ b/python/samba/netcmd/domain/auth/policy.py
@@ -22,10 +22,10 @@
import samba.getopt as options
from samba.netcmd import Command, CommandError, Option, SuperCommand
-from samba.netcmd.domain.models import AuthenticationPolicy,\
- AuthenticationSilo, Group
-from samba.netcmd.domain.models.auth_policy import MIN_TGT_LIFETIME,\
- MAX_TGT_LIFETIME, StrongNTLMPolicy
+from samba.netcmd.domain.models import (AuthenticationPolicy,
+ AuthenticationSilo, Group,
+ MAX_TGT_LIFETIME, MIN_TGT_LIFETIME,
+ StrongNTLMPolicy)
from samba.netcmd.domain.models.exceptions import ModelError
from samba.netcmd.validators import Range
diff --git a/python/samba/netcmd/domain/models/__init__.py
b/python/samba/netcmd/domain/models/__init__.py
index 8a6b254c70a..332d3cb907c 100644
--- a/python/samba/netcmd/domain/models/__init__.py
+++ b/python/samba/netcmd/domain/models/__init__.py
@@ -20,7 +20,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-from .auth_policy import AuthenticationPolicy
+from .auth_policy import (AuthenticationPolicy, StrongNTLMPolicy,
+ MIN_TGT_LIFETIME, MAX_TGT_LIFETIME)
from .auth_silo import AuthenticationSilo
from .claim_type import ClaimType
from .group import Group
@@ -28,5 +29,6 @@ from .model import MODELS
from .schema import AttributeSchema, ClassSchema
from .site import Site
from .subnet import Subnet
+from .types import AccountType
from .user import User
from .value_type import ValueType
diff --git a/python/samba/netcmd/domain/models/fields.py
b/python/samba/netcmd/domain/models/fields.py
index 0b7e1eb83e4..89bbe76734d 100644
--- a/python/samba/netcmd/domain/models/fields.py
+++ b/python/samba/netcmd/domain/models/fields.py
@@ -20,17 +20,17 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
-from enum import IntEnum
-
import io
from abc import ABCMeta, abstractmethod
-from datetime import datetime
+from datetime import datetime, timezone
+from enum import IntEnum, IntFlag
from xml.etree import ElementTree
-from ldb import Dn, MessageElement, string_to_time, timestring
+from ldb import Dn, MessageElement, binary_encode, string_to_time, timestring
from samba.dcerpc import security
from samba.dcerpc.misc import GUID
from samba.ndr import ndr_pack, ndr_unpack
+from samba.nt_time import datetime_from_nt_time, nt_time_from_datetime
class Field(metaclass=ABCMeta):
@@ -91,6 +91,10 @@ class Field(metaclass=ABCMeta):
"""
pass
+ def expression(self, value):
+ """Returns the ldb search expression for this field."""
+ return f"({self.name}={binary_encode(value)})"
+
class IntegerField(Field):
"""A simple integer field, can be an int or list of int."""
@@ -181,7 +185,7 @@ class EnumField(Field):
Has a special case for IntEnum as the constructor only accepts int.
"""
- if issubclass(self.enum, IntEnum):
+ if issubclass(self.enum, (IntEnum, IntFlag)):
return self.enum(int(str(value)))
else:
return self.enum(str(value))
@@ -205,6 +209,10 @@ class EnumField(Field):
else:
return MessageElement(str(value.value), flags, self.name)
+ def expression(self, value):
+ """Returns the ldb search expression for this field."""
+ return f"({self.name}={binary_encode(str(value.value))})"
+
--
Samba Shared Repository
