The branch, master has been updated via c28f61b6bbd Add a git-blame-ignore-revs file via 8e830d76083 samba-tool: Clarify cse register command file dest via 1fa162a13b4 librpc: Fix compile error for libnet_join.idl via f2416493c0c s4: remove unused lib/com/* via d128d401f0a s3:rpc_server/netlogon: Fix typo via a470394f588 torture/backupkey: Fix possibly wrong typo'd array index via aa90354e242 torture/backupkey: Fix flapping test via 264351f5c35 pytest/delete_object: Remove unused variables via 1f5e34bdaca pytest/getnc_exop: Remove unused variable via e2df264e7c5 pytest/repl_move: Remove unused variables via 44f05afe82a pytest/repl_rodc: Remove unused variable via bf2daf79d68 pytest/replica_sync: Remove unused variable via 13f386d7d77 pytest/ridalloc_exop: Remove unused variables via c6f1b83e97d pytest/samba_tool_drs_critical: Remove unused variables via 8042e3250d8 pytest/samba_tool_drs_no_dns: Remove unused variables via 72a93e66a82 pytest/samba_tool_drs: Remove unused variables via 7bf6fa05b02 pytest/samba_tool_drs: Convert bytes to UTF-8 string via d2063568ceb lib:cmdline: Fix typo via 16e6435b082 auth/credentials: Fix typos via 4c6bd559ff2 python/schema: Fix conversion to UTF-8 string via 9e6f3df5d82 python/samba/common: Fix typos via 262b40d8330 auth/credentials: Fix off-by-one buffer write via 1312b2d1699 samba-tool: Don't use invalid escape sequences via 65ab33dffab gp: Don't use invalid escape sequences via 5badceeee3f gp: Avoid shadowing import via 8c06c7e2f7a s4:samba_spnupdate: Fix typo via f4e4816fcd6 selftest: Fix typo via fdc5f6ee995 s4:samba_dnsupdate: Avoid resource leaks via 0d8836482a1 s4:samba_spnupdate: Avoid resource leak via 60682e2aee4 python/samba: Avoid resource leak via 8d48ca46980 selftest: Don't use invalid escape sequences via fa4ddb887ab samba_version.py: Avoid resource leak via d8d872e0950 wscript: Fix invalid escape sequences via 433247a792a s3:modules: Fix invalid escape sequences via 374a03eddd1 selftest: Fix invalid escape sequences via 474674ac7db lib:pyldb: Throw error on invalid controls via 207a212948f lib:ldb: Fix typo via f414bead52d s4:dnsserver: Check all records, not just one via a34e245bb28 nsswitch: Fix CID 1518966 Resource leaks (RESOURCE_LEAK) via e7baac45a9d s4-dsdb: Make array static via e8514527bed tests: Fix old-style function definitions via b73622bf53f source3/wscript: Fix configure-time checks via fb781f426b7 tests/krb5: Fix typo via 533fb8fa0db tests/krb5: Add tests adding a user to a group prior to a TGS-REQ via 646b62f7604 tests/krb5: Permit modifying claim attributes mid-test via fe9aa394258 tests/krb5: Split out setup_claims() via 5cc48da43ee tests/krb5: Generate more readable string representation via abe36c2c716 tests/krb5: Add map_to_dn() via 991958c9588 tests/krb5: Refactor out map_to_sid() via 033e79d40c0 tests/krb5: Avoid duplicate group members via 285f042e2ff tests/krb5: Move ticket_with_sids() to base class via e94b4e8c77b tests/krb5: Support nested SID structures in map_sids() via 61cc949a5e7 tests/krb5: Move some utility functions from group_tests to base class via 3eac35212ec tests/krb5: Remove unused constant via b4da5eaa2fc tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups via 6d19f78cdd5 tests/krb5: Fix typo via c00813b94b7 tests/krb5: Fix typo via 9bec86229fd tests/krb5: Refactor claims tests to use get_target() via 49605b5e89a tests/krb5: Move get_target() to base class via 4ae7f1cb987 tests/krb5: Remove client_as_etypes parameter via 3b522e23524 tests/krb5: Request only supported encryption types in get_tgt() via d4d3f93470f tests/krb5: Lazily fetch SamDB in get_default_enctypes() via 3861d7e09eb tests/krb5: Refactor decode_service_ticket() from 682c77be74b s4:torture:basic: use milliseconds granularity in delayed_write_update7
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit c28f61b6bbd5cc1caefcba4b00a6898c91403904 Author: Jelmer Vernooij <jel...@jelmer.uk> Date: Sat Jan 28 20:30:24 2023 +0000 Add a git-blame-ignore-revs file 'git blame' can ignore certain revisions when annotating, e.g. revisions that just reformatting. Signed-off-by: Jelmer Vernooij <jel...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Fri Mar 3 02:02:51 UTC 2023 on atb-devel-224 commit 8e830d760839eb16c2f6edc9d5395966d2f02f6f Author: David Mulder <dmul...@samba.org> Date: Mon Feb 27 08:37:10 2023 -0700 samba-tool: Clarify cse register command file dest Signed-off-by: David Mulder <dmul...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1fa162a13b4853bb4efd16bf6a9b1e53e9503e2f Author: Christof Schmitt <c...@samba.org> Date: Wed Mar 1 16:43:14 2023 -0700 librpc: Fix compile error for libnet_join.idl Fix this compile error: [753/756] Processing source3/librpc/idl/libnet_join.idl source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory #include "config.h" ^~~~~~~~~~ compilation terminated. source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer libnet_join.idl imports ads.idl which includes config.h. The build rule for ads.idl provides the include directory for config.h, so add a new rule to also specify that include directory for libnet_join.idl. Signed-off-by: Christof Schmitt <c...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f2416493c0c779356606aebf0aceca8fa416b55c Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Thu Mar 2 12:28:13 2023 +1300 s4: remove unused lib/com/* Maybe the following IDL files are now unused: librpc/idl/oxidresolver.idl librpc/idl/remact.idl librpc/idl/dcom.idl Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d128d401f0ae5a140902bb6b7001f73fd8a0356f Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 13:32:39 2023 +1300 s3:rpc_server/netlogon: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a470394f58832897a5eb2cd6c428e149c2ac497c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 11:39:56 2023 +1300 torture/backupkey: Fix possibly wrong typo'd array index Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit aa90354e2426dc1af445f5b3243ad3cd7ebce902 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 11:37:03 2023 +1300 torture/backupkey: Fix flapping test UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_default) REASON: Exception: Exception: ../../source4/torture/rpc/backupkey.c:2219: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAMETER: decrypt should fail with WERR_INVALID_PARAMETER As commit 664bde19bf1db1b3740621cdf3f46f9bfd0e8452 states: "The use of the wrong key can still create structures that parse as a SID, therefore we can sometimes get an unusual error, which becomes a flapping test". BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 264351f5c35f1b9bbecfc1c513334ef4eb0597c4 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:35:14 2023 +1300 pytest/delete_object: Remove unused variables Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1f5e34bdaca9de52a77cf2caaa030415d72989f3 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:34:26 2023 +1300 pytest/getnc_exop: Remove unused variable Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e2df264e7c5d279dcf08733f3954af802ff30921 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:31:45 2023 +1300 pytest/repl_move: Remove unused variables Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 44f05afe82a56af3bba4c00d2c9cb2af0228155b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:27:07 2023 +1300 pytest/repl_rodc: Remove unused variable Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit bf2daf79d68ac169ed5c81cc921fa5cd47dc6bfa Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:25:42 2023 +1300 pytest/replica_sync: Remove unused variable Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 13f386d7d772d29354563f48b19220189bb6d796 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:24:52 2023 +1300 pytest/ridalloc_exop: Remove unused variables Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c6f1b83e97d86be34bbc2ca35dcfd7aa6d7f1e01 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:23:41 2023 +1300 pytest/samba_tool_drs_critical: Remove unused variables Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8042e3250d8c94b39bda9d46687ea88b2c248345 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:23:09 2023 +1300 pytest/samba_tool_drs_no_dns: Remove unused variables Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 72a93e66a823c9077230236ddd608ca2d734e19c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 09:22:26 2023 +1300 pytest/samba_tool_drs: Remove unused variables Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7bf6fa05b020d1833d9f02218088cbbd31e1b7cc Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 28 17:02:52 2023 +1300 pytest/samba_tool_drs: Convert bytes to UTF-8 string We later use this variable as part of a string substitution, and if we leave it as bytes we will end up with b' ' quotes surrounding it, which we do not want. Fix this by converting it to a string. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d2063568cebfbdd680a08f50f43155180487bd00 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 28 17:01:28 2023 +1300 lib:cmdline: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 16e6435b08233d8cebd4f45b4c1e1dc9b20ab5d3 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 28 17:00:57 2023 +1300 auth/credentials: Fix typos Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4c6bd559ff20a4014a23b7a101591d860e561833 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 28 16:56:54 2023 +1300 python/schema: Fix conversion to UTF-8 string str(b'foo') yields "b'foo'", which is wrong. Fix this to get "foo" instead. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9e6f3df5d82e35399f7c6207aab4a092d3e0ab4d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 28 16:56:24 2023 +1300 python/samba/common: Fix typos Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 262b40d83304d219c4ffb4eadebb8d51c02ba025 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 28 16:55:06 2023 +1300 auth/credentials: Fix off-by-one buffer write If p == pass + 127, assigning to '*++p' writes beyond the array. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1312b2d1699e544cff4f3f7dccd9a02a5bd295fa Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Feb 24 14:54:02 2023 +1300 samba-tool: Don't use invalid escape sequences Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 65ab33dffab2534e8bae7aa4f6a324d1381b0c9e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Feb 24 14:53:36 2023 +1300 gp: Don't use invalid escape sequences Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5badceeee3f0cfba6062aeea33995bc602a8d050 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Feb 24 14:52:40 2023 +1300 gp: Avoid shadowing import Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8c06c7e2f7a5770c2526880ce13281723cb5e352 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Feb 22 12:07:30 2023 +1300 s4:samba_spnupdate: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f4e4816fcd67236bd7fe4f94fe4c759a6d5d7e80 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 12:44:41 2023 +1300 selftest: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fdc5f6ee9950add6c0e357c636ab571663feee9b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 11:45:11 2023 +1300 s4:samba_dnsupdate: Avoid resource leaks View with 'git show -b'. The seek(0) call is unnecessary. Closing a file removes the lock held on it. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0d8836482a16607fd7f66adc6c315a52028393b0 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 11:44:07 2023 +1300 s4:samba_spnupdate: Avoid resource leak View with 'git show -b'. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 60682e2aee47bfccb4daa07b2ad96193d1b51bd9 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 11:42:27 2023 +1300 python/samba: Avoid resource leak View with 'git show -b'. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8d48ca46980978842226305cf4173c77ff1be71e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 11:41:34 2023 +1300 selftest: Don't use invalid escape sequences Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fa4ddb887ab3f88c65c21f6a55376e65a7447f27 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 11:38:54 2023 +1300 samba_version.py: Avoid resource leak View with 'git show -b'. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d8d872e09503fb6f636d7876573debcfa75c485e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Mar 2 16:43:26 2023 +1300 wscript: Fix invalid escape sequences Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 433247a792ad04a5f636021470648241684d1bd2 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Mar 2 16:42:47 2023 +1300 s3:modules: Fix invalid escape sequences Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 374a03eddd1219d91c257712c84b75dbf976f486 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 09:51:08 2023 +1300 selftest: Fix invalid escape sequences Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 474674ac7db997f678394d054f64a1d560f6b020 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Jan 17 12:33:17 2023 +1300 lib:pyldb: Throw error on invalid controls Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 207a212948f9b2bc978c68d9054c0a97f5420d2d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Jan 17 11:19:19 2023 +1300 lib:ldb: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f414bead52da1ab9dbe4f8ac90a97154730c21fd Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Jan 16 08:17:38 2023 +1300 s4:dnsserver: Check all records, not just one Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit a34e245bb28b6fa60599b5e090d9cac1f4e7215b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Jan 9 15:12:45 2023 +1300 nsswitch: Fix CID 1518966 Resource leaks (RESOURCE_LEAK) Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e7baac45a9dc63f727657be1e46c10b4cc85139f Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Dec 22 17:15:56 2022 +1300 s4-dsdb: Make array static Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e8514527bedf8958898d381d3f84f12dc3f3773e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Mar 2 16:36:07 2023 +1300 tests: Fix old-style function definitions These files are included into the source3/wscript configure checks and so need to avoid C89 features otherwise they may cause an incorrect configure failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b73622bf53f3f46ad6678f6b6a7f90e498c0e752 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Nov 2 14:57:03 2022 +1300 source3/wscript: Fix configure-time checks Compilers are getting strict about this C89 behaviour and this kind of thing is already causing some configure checks to fail with modern compilers like clang. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fb781f426b77ae192b97bd3f7b42260d1e315e29 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Mar 1 13:32:21 2023 +1300 tests/krb5: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 533fb8fa0db71ab49176e449b7bd2ff597398cf9 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Feb 24 13:12:44 2023 +1300 tests/krb5: Add tests adding a user to a group prior to a TGS-REQ Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 646b62f7604950afdc7bc2222783b8ed9e4e0f7b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 15:44:43 2023 +1300 tests/krb5: Permit modifying claim attributes mid-test We might want to find out what happens to claim values in the PAC if they change in the database. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit fe9aa3942588f8116c539cb7904fd44a72499716 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 15:44:14 2023 +1300 tests/krb5: Split out setup_claims() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 5cc48da43eea10130dac7e0eab24ae5c83a9642c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 14:00:16 2023 +1300 tests/krb5: Generate more readable string representation This makes assertion failure messages easier to decipher. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit abe36c2c71672b2dcbfa318e10ec16351ae6149e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 12:06:00 2023 +1300 tests/krb5: Add map_to_dn() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 991958c95884625a10b237a7cdcac7126d7ad302 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 12:07:40 2023 +1300 tests/krb5: Refactor out map_to_sid() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 033e79d40c0bd31693aa0c9a8c4dd5fe27add9b8 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Feb 21 12:04:38 2023 +1300 tests/krb5: Avoid duplicate group members Decode the existing members into strings, so that if we add additional members (that will also be strings), we won't try to add duplicates (and have samdb.modify() fail). Further, ensure callers don't try to pass in a bytes object for the DN. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 285f042e2ff9aa4a46f7e4acf9b8971fb5ebf18d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 20 15:19:01 2023 +1300 tests/krb5: Move ticket_with_sids() to base class We need to use this in another test. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e94b4e8c77bbab4314600c02717706f28d693139 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 20 15:08:21 2023 +1300 tests/krb5: Support nested SID structures in map_sids() The passed-in set of SIDs may now contain frozensets that themselves contain SIDs, enabling nested groups. This is necessary to test how resource SIDs are grouped together in the device info structure. 'git show -b' shows that we're not actually changing very much. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 61cc949a5e798fdd2246cb9bf727473d5232a1b4 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 20 14:30:49 2023 +1300 tests/krb5: Move some utility functions from group_tests to base class We'll want to make use of them later. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3eac35212ecea9e14363f65b0e9ddd505745a359 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 20 14:31:36 2023 +1300 tests/krb5: Remove unused constant Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b4da5eaa2fc2c9217e9578c1fe2a367b0d892ff1 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 20 14:16:31 2023 +1300 tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups instead of hardcoded user and trust user principals, and a single primary group. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6d19f78cdd583c3fd865dcd14388cd76126f5e12 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Feb 20 13:47:16 2023 +1300 tests/krb5: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c00813b94b773dbd9d6fcf9e0af74e044c18099b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Jan 31 11:53:13 2023 +1300 tests/krb5: Fix typo 'of', not 'on'. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9bec86229fdcae92e14baff02e0b59cf82591ceb Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Jan 11 14:17:53 2023 +1300 tests/krb5: Refactor claims tests to use get_target() This simplifies the code for getting the credentials of the target service. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 49605b5e89a1fd0c7c61fda403d6cd697f8ef576 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Jan 11 14:17:41 2023 +1300 tests/krb5: Move get_target() to base class Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4ae7f1cb987665c754a31954a13281d657c68fce Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Oct 11 14:53:21 2021 +1300 tests/krb5: Remove client_as_etypes parameter The client_as_etypes parameter previously indicated which etypes we thought the client supported. In practice, this was rarely specified, so we simply assumed that all three main enctypes were supported. Now that we have removed this parameter, rewrite the etype-info padata checking code to be simpler, and no longer to contain loops. Use get_default_enctypes() to determine which enctypes are supported. For tests that inherit from KDCBaseTest, this is based on the domain functional level, and will be more correct for tests that previously passed in client_as_etypes=None. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3b522e2352487cbc42bd77166217a67ba611d697 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Mar 2 14:46:27 2023 +1300 tests/krb5: Request only supported encryption types in get_tgt() If the domain uses functional level 2003, calling get_tgt() would request an AES256-encrypted ticket. The KDC would respond to that request with incorrect etype-info, and were it not for many tests lying (via client_as_etypes) about what etypes were supported, those tests would fail pointlessly. As this behaviour is not what get_tgt() is intended to test, we now only request etypes that are actually supported. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d4d3f93470fa9c26a1ede32a036289731cc932cf Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Mar 2 14:45:40 2023 +1300 tests/krb5: Lazily fetch SamDB in get_default_enctypes() There's no need to get a connection to SamDB if we already have the domain functional level. connect_kdc() in lockout_tests.py is one place where we already have the domain functional level, but deliberately drop our SamDB connection. If we need to call get_default_enctypes(), that shouldn't cause us to try to connect again. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3861d7e09eb084289ac64d39ed746d90617b440b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Oct 18 14:29:29 2021 +1300 tests/krb5: Refactor decode_service_ticket() TicketDecryptionKey_from_creds() is a simpler way to create the key. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: .git-blame-ignore-revs | 9 + auth/credentials/credentials.c | 8 +- buildtools/wafsamba/samba_version.py | 32 +- lib/cmdline/cmdline.c | 2 +- lib/ldb/common/ldb_controls.c | 2 +- lib/ldb/pyldb.c | 27 +- nsswitch/stress-nss-libwbclient.c | 2 + python/samba/common.py | 4 +- python/samba/gp/gpclass.py | 16 +- python/samba/ms_display_specifiers.py | 6 +- python/samba/netcmd/gpo.py | 10 +- python/samba/schema.py | 2 +- python/samba/tests/krb5/as_req_tests.py | 13 +- python/samba/tests/krb5/claims_tests.py | 201 +++--- python/samba/tests/krb5/fast_tests.py | 1 - python/samba/tests/krb5/group_tests.py | 508 ++++----------- python/samba/tests/krb5/kdc_base_test.py | 410 +++++++++++- python/samba/tests/krb5/kdc_tgs_tests.py | 2 - python/samba/tests/krb5/lockout_tests.py | 1 - python/samba/tests/krb5/protected_users_tests.py | 4 - python/samba/tests/krb5/raw_testcase.py | 66 +- python/samba/tests/krb5/s4u_tests.py | 2 +- selftest/knownfail_heimdal_kdc | 8 + selftest/knownfail_mit_kdc | 8 + selftest/wscript | 2 +- source3/librpc/idl/wscript_build | 9 +- source3/modules/wscript_build | 2 +- source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +- source3/wscript | 10 +- source4/dns_server/dns_update.c | 1 - source4/dsdb/common/util_groups.c | 2 +- source4/lib/com/README | 9 - source4/lib/com/classes/simple.c | 137 ---- source4/lib/com/com.h | 53 -- source4/lib/com/dcom/dcom.h | 85 --- source4/lib/com/dcom/main.c | 706 --------------------- source4/lib/com/dcom/tables.c | 94 --- source4/lib/com/main.c | 90 --- source4/lib/com/rot.c | 35 - source4/lib/com/tables.c | 112 ---- source4/lib/com/wscript_build | 28 - source4/scripting/bin/samba_dnsupdate | 30 +- source4/scripting/bin/samba_spnupdate | 23 +- source4/selftest/tests.py | 22 +- source4/torture/drs/python/delete_object.py | 2 - source4/torture/drs/python/getnc_exop.py | 1 - source4/torture/drs/python/repl_move.py | 117 ++-- source4/torture/drs/python/repl_rodc.py | 5 - source4/torture/drs/python/replica_sync.py | 2 +- source4/torture/drs/python/ridalloc_exop.py | 8 - source4/torture/drs/python/samba_tool_drs.py | 57 +- .../torture/drs/python/samba_tool_drs_critical.py | 10 +- .../torture/drs/python/samba_tool_drs_no_dns.py | 11 +- source4/torture/rpc/backupkey.c | 12 +- tests/oldquotas.c | 2 +- tests/summary.c | 2 +- wscript | 4 +- wscript_build | 1 - 58 files changed, 909 insertions(+), 2121 deletions(-) create mode 100644 .git-blame-ignore-revs delete mode 100644 source4/lib/com/README delete mode 100644 source4/lib/com/classes/simple.c delete mode 100644 source4/lib/com/com.h delete mode 100644 source4/lib/com/dcom/dcom.h delete mode 100644 source4/lib/com/dcom/main.c delete mode 100644 source4/lib/com/dcom/tables.c delete mode 100644 source4/lib/com/main.c delete mode 100644 source4/lib/com/rot.c delete mode 100644 source4/lib/com/tables.c delete mode 100644 source4/lib/com/wscript_build Changeset truncated at 500 lines: diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs new file mode 100644 index 00000000000..d3323dbeb04 --- /dev/null +++ b/.git-blame-ignore-revs @@ -0,0 +1,9 @@ +# This file contains a list of git revisions that "git blame" should ignore. +# It's mostly useful to ignore commits that just do reformatting. + +# See https://michaelheap.com/git-ignore-rev/ + +# To use locally, run: +# git config --global blame.ignoreRevsFile .git-blame-ignore-revs + +bfa9624946a35e5645effbb20e02abba2c34a8c2 diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c index 67644e806e4..521951ff957 100644 --- a/auth/credentials/credentials.c +++ b/auth/credentials/credentials.c @@ -1556,7 +1556,7 @@ _PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credenti char pass[128]; for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */ - p && p - pass < sizeof(pass);) { + p && p - pass < sizeof(pass) - 1;) { switch (read(fd, p, 1)) { case 1: if (*p != '\n' && *p != '\0') { @@ -1619,7 +1619,7 @@ _PUBLIC_ bool cli_credentials_set_smb_signing(struct cli_credentials *creds, * @param[in] creds The credential structure to obtain the SMB signing state * from. * - * @return The SMB singing state. + * @return The SMB signing state. */ _PUBLIC_ enum smb_signing_setting cli_credentials_get_smb_signing(struct cli_credentials *creds) @@ -1658,7 +1658,7 @@ cli_credentials_set_smb_ipc_signing(struct cli_credentials *creds, * @param[in] creds The credential structure to obtain the SMB IPC signing * state from. * - * @return The SMB singing state. + * @return The SMB signing state. */ _PUBLIC_ enum smb_signing_setting cli_credentials_get_smb_ipc_signing(struct cli_credentials *creds) @@ -1858,7 +1858,7 @@ _PUBLIC_ void cli_credentials_dump(struct cli_credentials *creds) * @param[in] creds The credential structure to obtain the SMB encryption state * from. * - * @return The SMB singing state. + * @return The SMB signing state. */ _PUBLIC_ enum smb_encryption_setting cli_credentials_get_smb_encryption(struct cli_credentials *creds) diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py index 5df7ddbcb3d..54ae62f38bd 100644 --- a/buildtools/wafsamba/samba_version.py +++ b/buildtools/wafsamba/samba_version.py @@ -235,22 +235,22 @@ also accepted as dictionary entries here def samba_version_file(version_file, path, env=None, is_install=True): '''Parse the version information from a VERSION file''' - f = open(version_file, 'r') - version_dict = {} - for line in f: - line = line.strip() - if line == '': - continue - if line.startswith("#"): - continue - try: - split_line = line.split("=") - if split_line[1] != "": - value = split_line[1].strip('"') - version_dict[split_line[0]] = value - except: - print("Failed to parse line %s from %s" % (line, version_file)) - raise + with open(version_file, 'r') as f: + version_dict = {} + for line in f: + line = line.strip() + if line == '': + continue + if line.startswith("#"): + continue + try: + split_line = line.split("=") + if split_line[1] != "": + value = split_line[1].strip('"') + version_dict[split_line[0]] = value + except: + print("Failed to parse line %s from %s" % (line, version_file)) + raise return SambaVersion(version_dict, path, env=env, is_install=is_install) diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c index 9f4e964f289..106be10aa0f 100644 --- a/lib/cmdline/cmdline.c +++ b/lib/cmdline/cmdline.c @@ -779,7 +779,7 @@ static void popt_common_credentials_callback(poptContext popt_ctx, * This calls cli_credentials_set_conf() to get the defaults * form smb.conf and set the winbind separator. * - * Just warn that we can't read the smb.conf. The might not be + * Just warn that we can't read the smb.conf. There might not be * one available or we want to ignore it. */ ok = cli_credentials_guess(creds, lp_ctx); diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c index 266aa90b224..47e113a5129 100644 --- a/lib/ldb/common/ldb_controls.c +++ b/lib/ldb/common/ldb_controls.c @@ -361,7 +361,7 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr return NULL; } res = talloc_asprintf(mem_ctx, "%s:%d:%d", - LDB_CONTROL_SORT_RESP_NAME, + LDB_CONTROL_ASQ_NAME, control->critical, rep_control->result); diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c index 7a95a58fa67..da60572ff0f 100644 --- a/lib/ldb/pyldb.c +++ b/lib/ldb/pyldb.c @@ -1291,6 +1291,11 @@ static PyObject *py_ldb_modify(PyLdbObject *self, PyObject *args, PyObject *kwar return NULL; } parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls); + if (controls[0] != NULL && parsed_controls == NULL) { + talloc_free(mem_ctx); + PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx); + return NULL; + } talloc_free(controls); } @@ -1440,6 +1445,11 @@ static PyObject *py_ldb_add(PyLdbObject *self, PyObject *args, PyObject *kwargs) return NULL; } parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls); + if (controls[0] != NULL && parsed_controls == NULL) { + talloc_free(mem_ctx); + PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx); + return NULL; + } talloc_free(controls); } @@ -1533,6 +1543,11 @@ static PyObject *py_ldb_delete(PyLdbObject *self, PyObject *args, PyObject *kwar return NULL; } parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls); + if (controls[0] != NULL && parsed_controls == NULL) { + talloc_free(mem_ctx); + PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx); + return NULL; + } talloc_free(controls); } @@ -1611,6 +1626,11 @@ static PyObject *py_ldb_rename(PyLdbObject *self, PyObject *args, PyObject *kwar return NULL; } parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls); + if (controls[0] != NULL && parsed_controls == NULL) { + talloc_free(mem_ctx); + PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx); + return NULL; + } talloc_free(controls); } @@ -1973,6 +1993,11 @@ static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwar return NULL; } parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls); + if (controls[0] != NULL && parsed_controls == NULL) { + talloc_free(mem_ctx); + PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx); + return NULL; + } talloc_free(controls); } @@ -2179,7 +2204,7 @@ static PyObject *py_ldb_search_iterator(PyLdbObject *self, PyObject *args, PyObj controls); if (controls[0] != NULL && parsed_controls == NULL) { Py_DECREF(py_iter); - PyErr_NoMemory(); + PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx); return NULL; } talloc_free(controls); diff --git a/nsswitch/stress-nss-libwbclient.c b/nsswitch/stress-nss-libwbclient.c index 35818530886..d9dc3b53869 100644 --- a/nsswitch/stress-nss-libwbclient.c +++ b/nsswitch/stress-nss-libwbclient.c @@ -216,6 +216,7 @@ static void *query_wbc_thread(void *ptr) assert(nwritten == sizeof(int)); exit(1); } + wbcFreeMemory(ppwd); printf("child: wbcGetpwnam in child succeeded\n"); rc = 0; nwritten = write(p[0], &rc, sizeof(int)); @@ -253,6 +254,7 @@ static void *query_wbc_thread(void *ptr) state->fail = true; return NULL; } + wbcFreeMemory(ppwd); printf("parent: wbcGetpwnam in parent succeeded\n"); return NULL; } diff --git a/python/samba/common.py b/python/samba/common.py index d5945307c3a..7cad8d30f08 100644 --- a/python/samba/common.py +++ b/python/samba/common.py @@ -89,7 +89,7 @@ def get_bytes(bytesorstring): if isinstance(bytesorstring, str): tmp = bytesorstring.encode('utf8') elif not isinstance(bytesorstring, bytes): - raise ValueError('Expected byte or string for %s:%s' % (type(bytesorstring), bytesorstring)) + raise ValueError('Expected bytes or string for %s:%s' % (type(bytesorstring), bytesorstring)) return tmp # helper function to get a string from a variable that maybe 'str' or @@ -103,5 +103,5 @@ def get_string(bytesorstring): if isinstance(bytesorstring, bytes): tmp = bytesorstring.decode('utf8') elif not isinstance(bytesorstring, str): - raise ValueError('Expected byte of string for %s:%s' % (type(bytesorstring), bytesorstring)) + raise ValueError('Expected bytes or string for %s:%s' % (type(bytesorstring), bytesorstring)) return tmp diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index 68c1050f632..605f94f3317 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -624,10 +624,10 @@ def check_refresh_gpo_list(dc_hostname, lp, creds, gpos): # Reset signing state creds.set_smb_signing(saved_signing_state) cache_path = lp.cache_path('gpo_cache') - for gpo in gpos: - if not gpo.file_sys_path: + for gpo_obj in gpos: + if not gpo_obj.file_sys_path: continue - cache_gpo_dir(conn, cache_path, check_safe_path(gpo.file_sys_path)) + cache_gpo_dir(conn, cache_path, check_safe_path(gpo_obj.file_sys_path)) def get_deleted_gpos_list(gp_db, gpos): @@ -740,21 +740,21 @@ def rsop(lp, creds, store, gp_extensions, username, target): print('Resultant Set of Policy') print('%s Policy\n' % target) term_width = shutil.get_terminal_size(fallback=(120, 50))[0] - for gpo in gpos: - if gpo.display_name.strip() == 'Local Policy': + for gpo_obj in gpos: + if gpo_obj.display_name.strip() == 'Local Policy': continue # We never apply local policy - print('GPO: %s' % gpo.display_name) + print('GPO: %s' % gpo_obj.display_name) print('='*term_width) for ext in gp_extensions: ext = ext(lp, creds, username, store) - cse_name_m = re.findall("'([\w\.]+)'", str(type(ext))) + cse_name_m = re.findall(r"'([\w\.]+)'", str(type(ext))) if len(cse_name_m) > 0: cse_name = cse_name_m[-1].split('.')[-1] else: cse_name = ext.__module__.split('.')[-1] print(' CSE: %s' % cse_name) print(' ' + ('-'*int(term_width/2))) - for section, settings in ext.rsop(gpo).items(): + for section, settings in ext.rsop(gpo_obj).items(): print(' Policy Type: %s' % section) print(' ' + ('-'*int(term_width/2))) print(__rsop_vals(settings).lstrip('\n')) diff --git a/python/samba/ms_display_specifiers.py b/python/samba/ms_display_specifiers.py index be9891d7437..ae48dce4ffb 100644 --- a/python/samba/ms_display_specifiers.py +++ b/python/samba/ms_display_specifiers.py @@ -176,9 +176,9 @@ def read_ms_ldif(filename): out = [] from io import open - f = open(filename, "r", encoding='latin-1') - for entry in __read_raw_entries(f): - out.append(__write_ldif_one(__transform_entry(entry))) + with open(filename, "r", encoding='latin-1') as f: + for entry in __read_raw_entries(f): + out.append(__write_ldif_one(__transform_entry(entry))) return "\n\n".join(out) + "\n\n" diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py index 9b00a9016c3..05202a63f48 100644 --- a/python/samba/netcmd/gpo.py +++ b/python/samba/netcmd/gpo.py @@ -1651,7 +1651,7 @@ class cmd_restore(cmd_create): entities_content = entities_file.read() # Do a basic regex test of the entities file format - if re.match('(\s*<!ENTITY\s*[a-zA-Z0-9_]+\s*.*?>)+\s*\Z', + if re.match(r'(\s*<!ENTITY\s*[a-zA-Z0-9_]+\s*.*?>)+\s*\Z', entities_content, flags=re.MULTILINE) is None: raise CommandError("Entities file does not appear to " "conform to format\n" @@ -4286,10 +4286,14 @@ samba-tool gpo manage access remove {31B2F340-016D-11D2-945F-00C04FB984F9} allow class cmd_cse_register(Command): """Register a Client Side Extension (CSE) on the current host -This command takes a CSE filename as an arguement, and registers it for +This command takes a CSE filename as an argument, and registers it for applying policy on the current host. This is not necessary for CSEs which are distributed with the current version of Samba, but is useful for installing experimental CSEs or custom built CSEs. +The <cse_file> argument MUST be a permanent location for the CSE. The register +command does not copy the file to some other directory. The samba-gpupdate +command will execute the CSE from the exact location specified from this +command. Example: samba-tool gpo cse register ./gp_chromium_ext.py gp_chromium_ext --machine @@ -4359,7 +4363,7 @@ samba-tool gpo cse list class cmd_cse_unregister(Command): """Unregister a Client Side Extension (CSE) from the current host -This command takes a unique GUID as an arguement (representing a registered +This command takes a unique GUID as an argument (representing a registered CSE), and unregisters it for applying policy on the current host. Use the `samba-tool gpo cse list` command to determine the unique GUIDs of CSEs. diff --git a/python/samba/schema.py b/python/samba/schema.py index 1aa5a530d00..2e8219ace93 100644 --- a/python/samba/schema.py +++ b/python/samba/schema.py @@ -221,7 +221,7 @@ def get_linked_attributes(schemadn, schemaldb): attribute="lDAPDisplayName", scope=SCOPE_SUBTREE) if target is not None: - attributes[str(res[i]["lDAPDisplayName"])] = str(target) + attributes[str(res[i]["lDAPDisplayName"])] = target.decode('utf-8') return attributes diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index 4c0acd5936d..2b94bf5d218 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -52,7 +52,6 @@ class AsReqBaseTest(KDCBaseTest): user_name = client_creds.get_username() if client_account is None: client_account = user_name - client_as_etypes = self.get_default_enctypes() client_kvno = client_creds.get_kvno() krbtgt_creds = self.get_krbtgt_creds(require_strongest_key=True) krbtgt_account = krbtgt_creds.get_username() @@ -76,7 +75,7 @@ class AsReqBaseTest(KDCBaseTest): till = self.get_KerberosTime(offset=36000) if etypes is None: - etypes = client_as_etypes + etypes = self.get_default_enctypes() if kdc_options is None: kdc_options = krb5_asn1.KDCOptions('forwardable') if expected_error is not None: @@ -89,7 +88,6 @@ class AsReqBaseTest(KDCBaseTest): realm, sname, till, - client_as_etypes, initial_error_mode, expected_crealm, expected_cname, @@ -137,7 +135,6 @@ class AsReqBaseTest(KDCBaseTest): realm, sname, till, - client_as_etypes, preauth_error_mode, expected_crealm, expected_cname, @@ -180,7 +177,6 @@ class AsReqKerberosTests(AsReqBaseTest): initial_kdc_options=None): client_creds = self.get_client_creds() client_account = client_creds.get_username() - client_as_etypes = self.get_default_enctypes() krbtgt_creds = self.get_krbtgt_creds(require_keys=False) krbtgt_account = krbtgt_creds.get_username() realm = krbtgt_creds.get_realm() @@ -196,10 +192,8 @@ class AsReqKerberosTests(AsReqBaseTest): expected_sname = sname expected_salt = client_creds.get_salt() - if any(etype in client_as_etypes and etype in initial_etypes - for etype in (kcrypto.Enctype.AES256, - kcrypto.Enctype.AES128, - kcrypto.Enctype.RC4)): + if any(etype in initial_etypes + for etype in self.get_default_enctypes()): expected_error_mode = KDC_ERR_PREAUTH_REQUIRED else: expected_error_mode = KDC_ERR_ETYPE_NOSUPP @@ -213,7 +207,6 @@ class AsReqKerberosTests(AsReqBaseTest): check_error_fn=self.generic_check_kdc_error, check_rep_fn=None, expected_error_mode=expected_error_mode, - client_as_etypes=client_as_etypes, expected_salt=expected_salt, kdc_options=str(initial_kdc_options), pac_request=pac) diff --git a/python/samba/tests/krb5/claims_tests.py b/python/samba/tests/krb5/claims_tests.py index 9ca87d6b189..9d5121e69ec 100755 --- a/python/samba/tests/krb5/claims_tests.py +++ b/python/samba/tests/krb5/claims_tests.py @@ -77,6 +77,86 @@ class ClaimsTests(KDCBaseTest): def get_binary_dn(self): return 'B:8:01010101:' + self.get_sample_dn() + def setup_claims(self, all_claims): + expected_claims = {} + unexpected_claims = set() + + details = {} + mod_msg = ldb.Message() + + for claim in all_claims: + # Make a copy to avoid modifying the original. + claim = dict(claim) + + claim_id = self.get_new_username() + + expected = claim.pop('expected', False) + expected_values = claim.pop('expected_values', None) + if not expected: + self.assertIsNone(expected_values, + 'claim not expected, ' + 'but expected values provided') + + values = claim.pop('values', None) + if values is not None: + def get_placeholder(val): + if val is self.sample_dn: + return self.get_sample_dn() + elif val is self.binary_dn: + return self.get_binary_dn() + else: + return val + + def ldb_transform(val): + if val is True: + return 'TRUE' + elif val is False: + return 'FALSE' + elif isinstance(val, int): + return str(val) + else: + return val + + values_type = type(values) + values = values_type(map(get_placeholder, values)) + transformed_values = values_type(map(ldb_transform, values)) + + attribute = claim['attribute'] + if attribute in details: + self.assertEqual(details[attribute], transformed_values, + 'conflicting values set for attribute') + details[attribute] = transformed_values + + if expected_values is None: + expected_values = values + + mod_values = claim.pop('mod_values', None) + if mod_values is not None: + flag = (ldb.FLAG_MOD_REPLACE + if values is not None else ldb.FLAG_MOD_ADD) + mod_msg[attribute] = ldb.MessageElement(mod_values, + flag, + attribute) + + if expected: + self.assertIsNotNone(expected_values, + 'expected claim, but no value(s) set') + value_type = claim['value_type'] + + expected_claims[claim_id] = { + 'source_type': claims.CLAIMS_SOURCE_TYPE_AD, + 'type': value_type, + 'values': expected_values, + } + else: + unexpected_claims.add(claim_id) + + self.create_claim(claim_id, **claim) + -- Samba Shared Repository