[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via c8b90d8d200 librpc: Fix typos in error messages via 464d86cac56 pidl: Use INT_MAX as enum constant for portability via acc614f28a3 librpc: Use portable format specifiers via 267464f6c6d librpc/ndr: Use portable format specifiers via fb39bb1953e pidl: Use portable format specifiers via ce43dd0571d ndr: Display values for failed range checks via 0078a330dc3 testdata: Mark compression test data as binary via 4839adf9da1 s4:auth: Add functions to convert between different claims formats via 58aa8d99c4f s4:auth: Include missing headers via 5e164cc2d66 s4:kdc: Move encode_claims_set() into the auth_session subsystem via ab227bbe8e4 s4:auth: Fix ‘user_info_dc_out’ leak via 0a9f2486420 s4:auth: Return a talloc‐allocated resource groups structure via 219ee05d6e6 s4:auth: Introduce helper variable ‘resource_groups_in’ via 842f845c8ac s4:auth: Make returning resource groups the last thing we do via a2700cf685f s4:torture: Initialize ‘tm’ structure via 9bd9b9bfd95 s4:kdc: Fix ldb_msg_find_krb5time_ldap_time() via bdf0e1be35a s4:kdc: Initialize ‘tm’ structure via 8ce4e3729f0 s3:smbd: Initialize ‘tm’ structure via c278a1d3e1c s3:rpc_server: Initialize ‘tm’ structure via 67f3fead5fe s3:passdb: Initialize ‘tm’ structure via 955fd832534 s3:modules: Initialize ‘tm’ structure via 31c7d7cfb32 s3:lib: Initialize ‘tm’ structure via 2f6083f59f0 lib:audit_logging: Initialize ‘tm’ structure via 58bd2f525b0 lib/krb5_wrap: Simplify assignments via 0bd7863ec0f lib/krb5_wrap: Make use of smb_krb5_make_data() via 48969305595 libcli/security: Test hex‐escapes that should be literals via c755bbd6bc6 libcli/security: Fix code formatting via ac34f48ab1a libcli/security: Use ACL revision constants via 37ed208701b libcli/security: Refer to UTF‐16 code units rather than to codepoints via a064e2f2589 libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP via 8d4f60c8449 libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL via 55e198fc6d1 libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR via e1a45ec341e libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END via 21f765c1b97 libcli/security: Remove unused macro via 37a32d3b40a python:tests: Remove unused import via c94db7d2e83 s4:auth: Correct error message via dc731603811 s4:torture: Use SID constants via 8b496331b9e s4:rpc_server: Use Builtin SID constant via 4bef3fd7e98 s4:ntvfs: Use World and System SID constants via 4405e709c05 s4:dsdb: Use Builtin SID constant via e6bb3a347f0 s4:auth: Use Anonymous and System SID constants via b1b7d33bd50 s4:kdc: Use Compounded Authentication and Claims Valid SID constants via 56def24b4c0 libcli:security: Add Compounded Authentication and Claims Valid SID constants via 89985f6fec2 s4:kdc: Use Asserted Identity SID constants via dcca6bba2aa s4:dsdb: Use NULL SID constant via 214f6c64621 libcli:security: Correct Asserted Identity SID definitions via 2782df62ad5 libcli:security: Use SELF SID constant via cdbb5ab7d0f libcli:security: Add SELF SID constant via 26ff87dcfea python:tests: Fix invalid escape sequences via c0795c807a0 tests/krb5: Match filter after transforming test name via 9cb3beee75c libcli/security: Emit error message if program is too large via f035985dbd2 libcli/security: Add function to convert token claims to security attribute claims via a4010c9b65f libcli/security: Add some missing declarations via 48606c8aedd libcli/security: Const‐qualify function parameters via f5568a0a5e5 libcli/security: Remove bool_value member via 40c5ed60baa libcli/security: Use correct union member via c9aab312b7f libcli/security: Add header guard from 3b6c1f1a9c4 libcli/security: condtional ACE recursive composites are not supported https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit c8b90d8d2003f2c27431874ac76bbc7f18bb7abf Author: Joseph Sutton Date: Tue May 4 15:08:53 2021 +1200 librpc: Fix typos in error messages Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Sep 27 03:38:00 UTC 2023 on atb-devel-224 commit 464d86cac5656c227b7cc1047f3f4b0d27340dea Author: Joseph Sutton Date: Fri Apr 23 16:37:01 2021 +1200 pidl: Use INT_MAX as enum constant for portability Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit acc614f28a39315a3d304919187dae2372fe60f9 Author: Joseph Sutton Date: Tue May 11 10:29:31 2021
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 3b6c1f1a9c4 libcli/security: condtional ACE recursive composites are not supported via 38247d39e1e libcli/security: conditional ace sddl: do not read nested composites via 96dbc71e137 libcli/security: conditional ace sddl: do not write nested composites via 3be69fc3dce fuzzing: fuzz_sddl_parse forgives bad utf-8 via e4da279b1c0 util/str: helper to check for utf-8 validity via 65674cde60c libcli/security: conditional ACE sddl doesn't have string escapes via 310c25404b9 libcl/security: conditional ACE sddl >= ops take literal parens only via 5650b511c1f libcli/security/sddl_conditional_ace: ban empty expressions in SDDL via b3f92b475c3 lib/fuzzing: fuzz_sddl_parse: allow non-round-trip with long strings via a2e6df03112 add comment that ace_condition_composite is not representative of the wire format via 0ac979b2cc6 conditional_aces: Avoid manual parsing for ace_condition_unicode via 5f4197bfab5 libndr: Add support for pulling strings with LIBNDR_FLAG_STR_SIZE4|LIBNDR_FLAG_STR_NOTERM|LIBNDR_FLAG_STR_BYTESIZE via b9e90bae699 conditional_aces: Avoid manual parsing for ace_condition_int via ab531abc52f libcli/security: Check for sddl_from_conditional_ace() failure in test_sddl_conditional_ace via 03d63fb09b8 libcli/security: Make failure parsing where consumed == -1 clear via fe835fc3482 Make blob->data pointer in ace_sid_to_claim_v1_sid() a child of the DATA_BLOB via 793b86f4cbf conditional_aces: Avoid manual parsing for ace_condition_bytes, use DATA_BLOB via 94d1cfbd85b conditional_aces: Avoid manual parsing for ace_condition_sid via 1e45a4d10a5 libcli/security: access_check handles CALLBACK_OBJECT types via c5345f18d71 libcli/security: se_access_check uses new callback checks via 5d6f0927f54 libcli/security: sec_access_check_ds uses new callback ACE checks via 117d4c55006 libcli/security: access_check with MAXIMUM_ALLOWED checks callbacks via 588a339df7c libcli/security: adjust tests for evaluate_claims flag via e3f28c2ecf6 libcli/security: Hook in ability to disable conditional ACE evaluation via c8c86b81036 s3-lib: Modify merge_nt_token() into a GPO-specifc merge with SYSTEM via d9e268db0cf python: Change the generic merge_nt_token() to being specific to the system_token via d027200a02e libgpo: Reimplmeent registry_create_system_token() using get_system_token() via dc7dc6f549b libcli/security: Rename dup_nt_token() -> security_token_duplicate() via 13d3c6156f9 libcli/security: Move dup_nt_token() to libcli/security via 4e8e35de7fe s3-winbind: Use token as parent for token->sids in check_info3_in_group() via 934b0335500 s3-net_rpc: Make the struct user_token array the parent talloc context via a8210ab1ae4 s3-net_rpc: Use security_token_initialise() to create struct security_token via e2cc29d132b libcli/security: Pass in claims evaluation state when building any security token via f1fcbc0f101 s4-auth: pass lp_ctx to auth_generate_session_info() where possible via 1223b89d818 docs-xml: Add new parameter "acl claims evaluation" via 5696f66d1dd librpc: Add context as to if this token should be used for claims evaluation via c9cf90aee86 s3-lib/util_nttoken: Reimplement dup_nt_token() with NDR pull/push via f8215ed3434 librpc/ndr_claims: avoid 'bin/default' in #include via 978a9e46bb6 pytest: conditional_ace assembler assembles full descriptor via 14492945429 libcli/security: beginning of tests for conditional ACE bytes via 15fe49a2f9b pytest: assembler for conditional ACEs via cc17c3e21df lib/fuzzing: adjust access-check seed patch via ea4caa45ab3 lib/fuzzing: fuzz_conditional_ace_blob via c6a62d69ca9 lib/fuzzing: adapt fuzz_sddl_access_check for claims via b7bd1f438be libcli/security: conditional ace access checks for file server via 327861dc1fc libcli/security: conditional ace access checks for AD via b65ac10096b pytest:conditional_ace_claims: ease export of failing tests to C via 30e6249d228 pytest: tests for conditional ACEs with security tokens via 044370a0e19 pytest: tools for creating security tokens via b7ae4304b14 libcli/security: cmocka test for running conditional ACEs via e2a4f20d409 libcli/security/conditional ACEs: compare composites as sets via 924d59fd82a security.idl: drop claim v1 reserved field via fabc2f351eb pytest: sddl tests with conditional ACEs via c13684e672f libcli/security/tests: add some test strings via 2a4fc3fedf4 pytest: sddl strings dir can be defined in class via 2f30103f922 pytest: sddl tests can be only externally defined via d7c0948d1a6
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d7394a90f51 testparm: Allow idmap ranges overlap for idmap_nss from fab08854af3 libsmb: Pass neg contexts through sync smbXcli_negprot_recv() https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d7394a90f51e9a2caac58d280e2ec3331f45a315 Author: Samuel Cabrero Date: Tue Sep 26 13:01:03 2023 +0200 testparm: Allow idmap ranges overlap for idmap_nss Signed-off-by: Samuel Cabrero Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Tue Sep 26 19:28:08 UTC 2023 on atb-devel-224 --- Summary of changes: source3/utils/testparm.c | 11 --- 1 file changed, 8 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c index 4a19f888632..fd90e8d734a 100644 --- a/source3/utils/testparm.c +++ b/source3/utils/testparm.c @@ -229,16 +229,21 @@ static bool do_idmap_check(void) if ((c->low >= x->low && c->low <= x->high) || (c->high >= x->low && c->high <= x->high)) { - /* Allow overlapping ranges for idmap_ad */ + /* +* Allow overlapping ranges for idmap_ad +* and idmap_nss +*/ ok = strequal(c->backend, x->backend); if (ok) { - ok = strequal(c->backend, "ad"); + ok = strequal(c->backend, "ad") || +strequal(c->backend, "nss"); if (ok) { fprintf(stderr, - "NOTE: The idmap_ad " + "NOTE: The idmap_%s " "range for the domain " "%s overlaps with the " "range of %s.\n\n", + c->backend, c->domain_name, x->domain_name); continue; -- Samba Shared Repository