[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Apr 19 19:08:01 UTC 2021
The branch, master has been updated
via 62782a1482c lib: Fix a typo
via bd0f6671c77 auth3: Make auth3_session_info_create() static
via 0f986790779 torture: Move sddl tests to python
via 439b7ccdc1b librpc: Add py_descriptor_richcmp() equality function
via d298623c85d librpc: Use GUID_buf_string() in python wrappers
via ebea5639cf7 py_security: Avoid casts in py_random_sid()
via dab8e9eb4a7 libcli: Simplify sddl_encode_ace()
via 015cfe2ecdf auth3: Add an error check to auth_generic_prepare()
via 1f4f6a4305c auth3: Remove unnecessary talloc_unlink() calls
via a20c4b183d7 dsdb: Slightly tune get_new_descriptor()
via d1454535724 auth3: Make load_auth_module() static
via 8b6c6fd17ca auth3: Remove auth_skel.c
via 1a696c9ae28 create_local_token: Add error checks
via 42906e971d6 auth3: Fix a few error path memleaks in create_local_token()
via 12b523223c7 auth3: Fix a typo
via 062a0c14c6e auth3: Simplify check_samba4_security()
via 218adb74e38 smbd: Fix a typo
via 8536bf7fce4 auth: Simplify DEBUG statements in make_auth3_context_for_ntlm()
via 44f6258ad08 lib: Remove two unused historic macros
via 529c5cb5782 vfs: Remove a call to TALLOC_ZERO()
via d30744265f1 vfs: Replace a call to TALLOC_ZERO()
via 17ba76b9794 lib: Replace a call to TALLOC_ZERO()
via 58645666274 auth3: Fix a error path memleak
via 999a412db9c auth3: Use talloc_move() instead of talloc_steal()
via c0edfd91e4b winbindd: Fix a typo
via bf87771f18f registry: Fix a typo
via 111118354a1 rpc_client: talloc_stackframe() aborts on failure
via 3a5c2582e12 rpc_client: Direct struct initialization in dcerpc_winreg_enumvals()
via ca078a71032 printing: talloc_stackframe() aborts on failure
via c61316c9467 printing: Straighten winreg_get_printer() slightly
via ea47224f653 printing: Make winreg_get_printer() a bit easier to understand
via 43dcca632a2 printing: Make winreg_get_printer() a bit easier to read
via 604c16453c7 lib: Simplify tdb_fetch_int32()
via 7f0a87990e5 lib: Simplify tdb_fetch_uint32_t()
via 047e9a0ce45 lib: Remove unused tdb_traverse_delete_fn()
via 60602dda406 lib: Fix nonempty line endings
via 8cdc09006f2 lib: Fix includes in util_tdb.h
via a5daae9a84c lib: Fix includes in strv.h
from cc4e6a900aa s3:script: Remove findsmb from default installation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 62782a1482c6bb2a7eed50d20572b1f3641979f8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Apr 12 09:43:06 2021 +0000
lib: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 19 19:07:01 UTC 2021 on sn-devel-184
commit bd0f6671c7732fbe184130fd47910cdf84ff6357
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 16 22:18:29 2021 +0200
auth3: Make auth3_session_info_create() static
Only used in the static artifical session creation
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0f9867907797d3f8611c2488a9dfb059076721fb
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 16 17:32:27 2021 +0200
torture: Move sddl tests to python
This kind of test is better hosted in python than in C. More lines,
but the ones in source4/libcli/security/tests/sddl.c were preeetty
long...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 439b7ccdc1b1c91c66c1a7c83e340fa044c26377
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 16 17:22:12 2021 +0200
librpc: Add py_descriptor_richcmp() equality function
Only a python3 version. Do we still need the python2 flavor?
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d298623c85dcf2d018c5ad83b9959b805ad42929
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 16 09:15:43 2021 +0200
librpc: Use GUID_buf_string() in python wrappers
No need for the talloc'ed strings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ebea5639cf75f6821bf9fd1a2efcfc086f8b4866
Author: Volker Lendecke <vl at samba.org>
Date: Thu Apr 15 12:05:34 2021 +0200
py_security: Avoid casts in py_random_sid()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit dab8e9eb4a704b141ff4355560cf94db45093793
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 17:44:54 2021 +0200
libcli: Simplify sddl_encode_ace()
Use GUID_buf_string() instead of GUID_string() for encoding objects,
no need to check for NULL anymore.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 015cfe2ecdfa18835cacbaeab3bc04eb08dd54b8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 20:42:27 2021 +0200
auth3: Add an error check to auth_generic_prepare()
gensec_set_credentials() can fail
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1f4f6a4305cc2d5d0b05bd8d1c77b589803093ef
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 20:37:39 2021 +0200
auth3: Remove unnecessary talloc_unlink() calls
The structures we unlinked have been talloc_reference()ed in gensec
and thus don't need the second talloc parent anymore. But this
talloc_unlink isn't necessary because tmp_ctx is free()ed a few lines
down.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a20c4b183d71b6e965221b59704c57df36ab8b1a
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 16:30:16 2021 +0200
dsdb: Slightly tune get_new_descriptor()
DBG_DEBUG only calls its arguments if required according to the debug
level. A simple talloc_new/TALLOC_FREE in the normal case should be
much cheaper than the full sddl_encode().
I just stumbled across this code, this is has not shown up in any
profiles. I just think it's cleaner this way.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d1454535724853ab3056e343ebc964f7b958539e
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 12:33:09 2021 +0200
auth3: Make load_auth_module() static
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8b6c6fd17ca48695783d12bf10a01f3c8e9ddce3
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 12:31:27 2021 +0200
auth3: Remove auth_skel.c
Authentication is a very complex topic, and someone who is able to
write a custom auth module turning a struct auth_usersupplied_info
into a struct auth_serversupplied_info should be able to live without
this skeleton module.
This module also gave an example to load a secondary authentication
module via a module parameter (the call to load_module()). We have
abandoned this practice, and since the "auth methods" parameter has
gone we don't use this anymore internally.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1a696c9ae28453bbf40f14c8f0175664a4ddf3b8
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 10:48:04 2021 +0200
create_local_token: Add error checks
add_sid_to_array_unique() only fails for ENOMEM, and other parts of
the auth stack would probably crash under ENOMEM anyway. But this is
authorization-related code that should be as clean as possible.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 42906e971d6f19b86e1d2440571df8eebd63dfbd
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 10:43:44 2021 +0200
auth3: Fix a few error path memleaks in create_local_token()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 12b523223c7771c3fd9cebdb0f247c7ccb9614bd
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 10:28:21 2021 +0200
auth3: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 062a0c14c6ee0b74e7619af73747df59c5e67672
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 14 10:05:59 2021 +0200
auth3: Simplify check_samba4_security()
First set up "server_info" in a local variable and once it's fully set
up, assign it to the out parameter "pserver_info".
Pointer dereferencing obfuscates the code for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 218adb74e38785703b7c0d0fc3228f985c3d0443
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 15:48:44 2021 +0000
smbd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8536bf7fce41c43bbed25f7ed4ce5775a1b9c0d5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 15:14:01 2021 +0000
auth: Simplify DEBUG statements in make_auth3_context_for_ntlm()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 44f6258ad080939921908d553ca19e982ee729fc
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 15:00:39 2021 +0000
lib: Remove two unused historic macros
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 529c5cb57829af2133bb875b374bcff414143fce
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 14:59:14 2021 +0000
vfs: Remove a call to TALLOC_ZERO()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d30744265f159afe03ee39c5960ab7825a04b5b4
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 14:57:26 2021 +0000
vfs: Replace a call to TALLOC_ZERO()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 17ba76b9794fc9afe3c2ae086d89867b96d7a581
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 14:55:47 2021 +0000
lib: Replace a call to TALLOC_ZERO()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 586456662749d86db91948e11bf52fe9a11fcab8
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 14:50:16 2021 +0000
auth3: Fix a error path memleak
(find the missing TALLOC_FREE() in the - part of the patch...)
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 999a412db9c2b8e46d87972ad357a8345fde1810
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 14:45:54 2021 +0000
auth3: Use talloc_move() instead of talloc_steal()
More recent coding style, avoid ambiguities about ownership
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c0edfd91e4be447f7d4ec59e4c049eadba227008
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 13 13:42:37 2021 +0000
winbindd: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit bf87771f18f0c63f2c50ac6070de14936180e6e1
Author: Volker Lendecke <vl at samba.org>
Date: Tue Apr 6 19:29:06 2021 +0000
registry: Fix a typo
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 111118354a1ad956d36bf7e4963dc9c4ac969849
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 15:45:18 2021 +0000
rpc_client: talloc_stackframe() aborts on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3a5c2582e12b712590b1ff679e8a46154da03c31
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 15:44:35 2021 +0000
rpc_client: Direct struct initialization in dcerpc_winreg_enumvals()
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ca078a7103292b36cdac3d383620e98d4aae03c1
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 15:42:46 2021 +0000
printing: talloc_stackframe() aborts on failure
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit c61316c94676da40c54d9db421f350f02871c4c1
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 15:41:11 2021 +0000
printing: Straighten winreg_get_printer() slightly
Use the common done: exit for everything. This involves initializing
the handles on the stack, but this is good practice anyway.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ea47224f6530f15f92c9e122ae535720a685306c
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 15:37:35 2021 +0000
printing: Make winreg_get_printer() a bit easier to understand
This is more lines, but the FILL_STRING macro did not really gain much
in clarity for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 43dcca632a221f6469f0fc0c34c714b7765f1f3b
Author: Volker Lendecke <vl at samba.org>
Date: Wed Apr 7 15:25:09 2021 +0000
printing: Make winreg_get_printer() a bit easier to read
EMPTY_STRING does not gain clarity over "" for me.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 604c16453c7cee96e23cec52cbc061a15e78b703
Author: Volker Lendecke <vl at samba.org>
Date: Mon Apr 12 08:37:11 2021 +0000
lib: Simplify tdb_fetch_int32()
With tdb_parse_record we don't need malloc/SAFE_FREE.
The semantics are a bit different from tdb_parse_uint32: We just return
-1 on error, but this could be overloaded with a valid -1 record value.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7f0a87990e5e98a28ce677cc91fe339ca4e301c8
Author: Volker Lendecke <vl at samba.org>
Date: Mon Apr 12 08:29:02 2021 +0000
lib: Simplify tdb_fetch_uint32_t()
With tdb_parse_record() we don't need malloc/SAFE_FREE
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 047e9a0ce45a1c8f0371d5f2d421cf27c3e15f74
Author: Volker Lendecke <vl at samba.org>
Date: Mon Apr 12 08:06:18 2021 +0000
lib: Remove unused tdb_traverse_delete_fn()
We have tdb_wipe_all() for that now.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 60602dda406fdc14186e85cae40d1cf2f598e4be
Author: Volker Lendecke <vl at samba.org>
Date: Sun Apr 11 21:43:51 2021 +0200
lib: Fix nonempty line endings
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8cdc09006f2759111b3ad8c300f800f6cebdeb4d
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 9 07:59:48 2021 +0000
lib: Fix includes in util_tdb.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a5daae9a84c979dd207872d4d3b0b6491df51109
Author: Volker Lendecke <vl at samba.org>
Date: Fri Apr 9 07:59:26 2021 +0000
lib: Fix includes in strv.h
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
examples/auth/Makefile | 31 -----
examples/auth/auth_skel.c | 77 ------------
examples/auth/wscript_build | 10 --
lib/util/strv.h | 3 +-
lib/util/tfork.c | 2 +-
lib/util/util_tdb.c | 81 ++++++-------
lib/util/util_tdb.h | 12 +-
libcli/security/sddl.c | 20 ++--
python/samba/tests/sddl.py | 180 ++++++++++++++++++++++++++++
source3/auth/auth.c | 22 ++--
source3/auth/auth_generic.c | 62 +++++-----
source3/auth/auth_samba4.c | 29 +++--
source3/auth/auth_util.c | 90 ++++++++------
source3/auth/proto.h | 8 --
source3/auth/server_info.c | 2 +-
source3/auth/server_info_sam.c | 4 +-
source3/include/smb_macros.h | 3 -
source3/lib/string_replace.c | 2 +-
source3/modules/vfs_catia.c | 2 +-
source3/registry/reg_objects.c | 2 +-
source3/rpc_client/cli_winreg.c | 14 +--
source3/rpc_client/cli_winreg_spoolss.c | 86 +++++++------
source3/smbd/sesssetup.c | 2 +-
source3/smbd/vfs.c | 2 +-
source3/winbindd/winbindd_pam.c | 6 +-
source3/wscript | 2 +-
source3/wscript_build | 1 -
source4/dsdb/samdb/ldb_modules/descriptor.c | 10 +-
source4/libcli/security/tests/sddl.c | 107 -----------------
source4/librpc/ndr/py_misc.c | 27 +++--
source4/librpc/ndr/py_security.c | 47 +++++++-
source4/selftest/tests.py | 8 ++
source4/torture/local/local.c | 1 -
source4/torture/local/wscript_build | 2 +-
testsuite/unittests/test_lib_util_modules.c | 10 --
35 files changed, 482 insertions(+), 485 deletions(-)
delete mode 100644 examples/auth/Makefile
delete mode 100644 examples/auth/auth_skel.c
delete mode 100644 examples/auth/wscript_build
create mode 100644 python/samba/tests/sddl.py
delete mode 100644 source4/libcli/security/tests/sddl.c
Changeset truncated at 500 lines:
diff --git a/examples/auth/Makefile b/examples/auth/Makefile
deleted file mode 100644
index d6dbc28f40e..00000000000
--- a/examples/auth/Makefile
+++ /dev/null
@@ -1,31 +0,0 @@
-# Makefile for samba-pdb examples
-# Variables
-
-CC = gcc
-LIBTOOL = libtool
-
-SAMBA_SRC = ../../source
-SAMBA_INCL = ../../source/include
-UBIQX_SRC = ../../source/ubiqx
-SMBWR_SRC = ../../source/smbwrapper
-CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g
-AUTH_OBJS = auth_skel.la
-
-# Default target
-
-default: $(AUTH_OBJS)
-
-# Pattern rules
-
-%.la: %.lo
- $(LIBTOOL) --mode=link $(CC) -module -o $@ $< $(LDFLAGS)
-
-%.lo: %.c
- $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) -c $<
-
-# Misc targets
-
-clean:
- rm -rf .libs
- rm -f core *~ *% *.bak \
- $(AUTH_OBJS) $(AUTH_OBJS:.la=.o) $(AUTH_OBJS:.la=.lo)
diff --git a/examples/auth/auth_skel.c b/examples/auth/auth_skel.c
deleted file mode 100644
index 8734383aeeb..00000000000
--- a/examples/auth/auth_skel.c
+++ /dev/null
@@ -1,77 +0,0 @@
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2001
- Copyright (C) Jelmer Vernooij 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "includes.h"
-#include "auth.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_AUTH
-
-static NTSTATUS check_skel_security(const struct auth_context *auth_context,
- void *my_private_data,
- TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
- struct auth_serversupplied_info **server_info)
-{
- if (!user_info || !auth_context) {
- return NT_STATUS_LOGON_FAILURE;
- }
-
- /* Insert your authentication checking code here,
- * and return NT_STATUS_OK if authentication succeeds */
-
- /* For now, just refuse all connections */
- return NT_STATUS_LOGON_FAILURE;
-}
-
-/* module initialisation */
-static NTSTATUS auth_init_skel(
- struct auth_context *auth_context,
- const char *param,
- struct auth_methods **auth_method)
-{
- struct auth_methods *result;
-
- result = talloc_zero(auth_context, struct auth_methods);
- if (result == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- result->name = "skel";
- result->auth = check_skel_security;
-
- if (param && *param) {
- /* we load the 'fallback' module - if skel isn't here, call this
- module */
- struct auth_methods *priv;
- if (!load_auth_module(auth_context, param, &priv)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
- result->private_data = (void *)priv;
- }
-
- *auth_method = result;
- return NT_STATUS_OK;
-}
-
-NTSTATUS auth_skel_init(TALLOC_CTX *ctx);
-NTSTATUS auth_skel_init(TALLOC_CTX *ctx)
-{
- return smb_register_auth(AUTH_INTERFACE_VERSION, "skel", auth_init_skel);
-}
diff --git a/examples/auth/wscript_build b/examples/auth/wscript_build
deleted file mode 100644
index 03221238e5f..00000000000
--- a/examples/auth/wscript_build
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env python
-
-bld.SAMBA3_MODULE('auth_skel',
- subsystem='auth',
- source='auth_skel.c',
- deps='samba-util',
- init_function='',
- internal_module=bld.SAMBA3_IS_STATIC_MODULE('auth_skel'),
- enabled=bld.SAMBA3_IS_ENABLED_MODULE('auth_skel'),
- install=False)
diff --git a/lib/util/strv.h b/lib/util/strv.h
index 89f04023e44..a6197e55095 100644
--- a/lib/util/strv.h
+++ b/lib/util/strv.h
@@ -20,7 +20,8 @@
#ifndef _STRV_H_
#define _STRV_H_
-#include "talloc.h"
+#include "replace.h"
+#include <talloc.h>
int strv_add(TALLOC_CTX *mem_ctx, char **strv, const char *string);
int strv_addn(TALLOC_CTX *mem_ctx, char **strv, const char *src, size_t srclen);
diff --git a/lib/util/tfork.c b/lib/util/tfork.c
index 5a5d449ecf8..d64c7174fbf 100644
--- a/lib/util/tfork.c
+++ b/lib/util/tfork.c
@@ -612,7 +612,7 @@ static pid_t tfork_start_waiter_and_worker(struct tfork_state *state,
/*
* We're going to stay around until child2 exits, so lets close all fds
- * other then the pipe fd we may have inherited from the caller.
+ * other than the pipe fd we may have inherited from the caller.
*
* Dup event_sp_waiter_fd and status_sp_waiter_fd onto fds 0 and 1 so we
* can then call closefrom(2).
diff --git a/lib/util/util_tdb.c b/lib/util/util_tdb.c
index 7b57e83395d..70eeceff391 100644
--- a/lib/util/util_tdb.c
+++ b/lib/util/util_tdb.c
@@ -1,4 +1,4 @@
-/*
+/*
Unix SMB/CIFS implementation.
tdb utility functions
@@ -10,12 +10,12 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -89,7 +89,7 @@ TDB_DATA tdb_data_talloc_copy(TALLOC_CTX* mem_ctx, TDB_DATA data) {
int tdb_lock_bystring(struct tdb_context *tdb, const char *keyval)
{
TDB_DATA key = string_term_tdb_data(keyval);
-
+
return tdb_chainlock(tdb, key);
}
@@ -111,7 +111,7 @@ void tdb_unlock_bystring(struct tdb_context *tdb, const char *keyval)
int tdb_read_lock_bystring(struct tdb_context *tdb, const char *keyval)
{
TDB_DATA key = string_term_tdb_data(keyval);
-
+
return tdb_chainlock_read(tdb, key);
}
@@ -122,7 +122,7 @@ int tdb_read_lock_bystring(struct tdb_context *tdb, const char *keyval)
void tdb_read_unlock_bystring(struct tdb_context *tdb, const char *keyval)
{
TDB_DATA key = string_term_tdb_data(keyval);
-
+
tdb_chainunlock_read(tdb, key);
}
@@ -132,20 +132,19 @@ void tdb_read_unlock_bystring(struct tdb_context *tdb, const char *keyval)
Output is int32_t in native byte order.
****************************************************************************/
-static int32_t tdb_fetch_int32_byblob(struct tdb_context *tdb, TDB_DATA key)
+static int fetch_int32_parser(TDB_DATA key, TDB_DATA data, void *private_data)
{
- TDB_DATA data;
- int32_t ret;
-
- data = tdb_fetch(tdb, key);
- if (!data.dptr || data.dsize != sizeof(int32_t)) {
- SAFE_FREE(data.dptr);
- return -1;
+ if (data.dsize == sizeof(int32_t)) {
+ *((int32_t *)private_data) = PULL_LE_I32(data.dptr, 0);
}
+ return 0;
+}
- ret = IVAL(data.dptr,0);
- SAFE_FREE(data.dptr);
- return ret;
+static int32_t tdb_fetch_int32_byblob(struct tdb_context *tdb, TDB_DATA key)
+{
+ int v = -1;
+ tdb_parse_record(tdb, key, fetch_int32_parser, &v);
+ return v;
}
/****************************************************************************
@@ -191,20 +190,20 @@ int tdb_store_int32(struct tdb_context *tdb, const char *keystr, int32_t v)
Output is uint32_t in native byte order.
****************************************************************************/
-static bool tdb_fetch_uint32_byblob(struct tdb_context *tdb, TDB_DATA key,
- uint32_t *value)
+static int fetch_uint32_parser(TDB_DATA key, TDB_DATA data, void *private_data)
{
- TDB_DATA data;
-
- data = tdb_fetch(tdb, key);
- if (!data.dptr || data.dsize != sizeof(uint32_t)) {
- SAFE_FREE(data.dptr);
- return false;
+ if (data.dsize != sizeof(uint32_t)) {
+ return -1;
}
+ *((uint32_t *)private_data) = PULL_LE_U32(data.dptr, 0);
+ return 0;
+}
- *value = IVAL(data.dptr,0);
- SAFE_FREE(data.dptr);
- return true;
+static bool tdb_fetch_uint32_byblob(struct tdb_context *tdb, TDB_DATA key,
+ uint32_t *value)
+{
+ int ret = tdb_parse_record(tdb, key, fetch_uint32_parser, value);
+ return ret;
}
/****************************************************************************
@@ -256,7 +255,7 @@ bool tdb_store_uint32(struct tdb_context *tdb, const char *keystr, uint32_t valu
int tdb_store_bystring(struct tdb_context *tdb, const char *keystr, TDB_DATA data, int flags)
{
TDB_DATA key = string_term_tdb_data(keystr);
-
+
return tdb_store(tdb, key, data, flags);
}
@@ -273,7 +272,7 @@ TDB_DATA tdb_fetch_bystring(struct tdb_context *tdb, const char *keystr)
}
/****************************************************************************
- Delete an entry using a null terminated string key.
+ Delete an entry using a null terminated string key.
****************************************************************************/
int tdb_delete_bystring(struct tdb_context *tdb, const char *keystr)
@@ -284,7 +283,7 @@ int tdb_delete_bystring(struct tdb_context *tdb, const char *keystr)
}
/****************************************************************************
- Atomic integer change. Returns old value. To create, set initial value in *oldval.
+ Atomic integer change. Returns old value. To create, set initial value in *oldval.
****************************************************************************/
int32_t tdb_change_int32_atomic(struct tdb_context *tdb, const char *keystr, int32_t *oldval, int32_t change_val)
@@ -301,7 +300,7 @@ int32_t tdb_change_int32_atomic(struct tdb_context *tdb, const char *keystr, int
/* but not because it didn't exist */
goto err_out;
}
-
+
/* Start with 'old' value */
val = *oldval;
@@ -312,7 +311,7 @@ int32_t tdb_change_int32_atomic(struct tdb_context *tdb, const char *keystr, int
/* Increment value for storage and return next time */
val += change_val;
-
+
if (tdb_store_int32(tdb, keystr, val) != 0)
goto err_out;
@@ -325,7 +324,7 @@ int32_t tdb_change_int32_atomic(struct tdb_context *tdb, const char *keystr, int
}
/****************************************************************************
- Atomic unsigned integer change. Returns old value. To create, set initial value in *oldval.
+ Atomic unsigned integer change. Returns old value. To create, set initial value in *oldval.
****************************************************************************/
bool tdb_change_uint32_atomic(struct tdb_context *tdb, const char *keystr, uint32_t *oldval, uint32_t change_val)
@@ -338,7 +337,7 @@ bool tdb_change_uint32_atomic(struct tdb_context *tdb, const char *keystr, uint3
if (!tdb_fetch_uint32(tdb, keystr, &val)) {
/* It failed */
- if (tdb_error(tdb) != TDB_ERR_NOEXIST) {
+ if (tdb_error(tdb) != TDB_ERR_NOEXIST) {
/* and not because it didn't exist */
goto err_out;
}
@@ -354,7 +353,7 @@ bool tdb_change_uint32_atomic(struct tdb_context *tdb, const char *keystr, uint3
/* get a new value to store */
val += change_val;
-
+
if (!tdb_store_uint32(tdb, keystr, val))
goto err_out;
@@ -366,16 +365,6 @@ bool tdb_change_uint32_atomic(struct tdb_context *tdb, const char *keystr, uint3
return ret;
}
-/****************************************************************************
- Allow tdb_delete to be used as a tdb_traversal_fn.
-****************************************************************************/
-
-int tdb_traverse_delete_fn(struct tdb_context *the_tdb, TDB_DATA key, TDB_DATA dbuf,
- void *state)
-{
- return tdb_delete(the_tdb, key);
-}
-
/****************************************************************************
Return an NTSTATUS from a TDB_ERROR
****************************************************************************/
diff --git a/lib/util/util_tdb.h b/lib/util/util_tdb.h
index de82660f6ea..010521d9606 100644
--- a/lib/util/util_tdb.h
+++ b/lib/util/util_tdb.h
@@ -22,7 +22,9 @@
#ifndef _____LIB_UTIL_UTIL_TDB_H__
#define _____LIB_UTIL_UTIL_TDB_H__
+#include "replace.h"
#include <tdb.h>
+#include "libcli/util/ntstatus.h"
/***************************************************************
Make a TDB_DATA and keep the const warning in one place
@@ -96,21 +98,15 @@ TDB_DATA tdb_fetch_bystring(struct tdb_context *tdb, const char *keystr);
int tdb_delete_bystring(struct tdb_context *tdb, const char *keystr);
/****************************************************************************
- Atomic integer change. Returns old value. To create, set initial value in *oldval.
+ Atomic integer change. Returns old value. To create, set initial value in *oldval.
****************************************************************************/
int32_t tdb_change_int32_atomic(struct tdb_context *tdb, const char *keystr, int32_t *oldval, int32_t change_val);
/****************************************************************************
- Atomic unsigned integer change. Returns old value. To create, set initial value in *oldval.
+ Atomic unsigned integer change. Returns old value. To create, set initial value in *oldval.
****************************************************************************/
bool tdb_change_uint32_atomic(struct tdb_context *tdb, const char *keystr, uint32_t *oldval, uint32_t change_val);
-/****************************************************************************
- Allow tdb_delete to be used as a tdb_traversal_fn.
-****************************************************************************/
-int tdb_traverse_delete_fn(struct tdb_context *the_tdb, TDB_DATA key, TDB_DATA dbuf,
- void *state);
-
/****************************************************************************
Return an NTSTATUS from a TDB_ERROR
****************************************************************************/
diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c
index 47223515a62..618b2a91be5 100644
--- a/libcli/security/sddl.c
+++ b/libcli/security/sddl.c
@@ -506,6 +506,7 @@ static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace
{
char *sddl = NULL;
TALLOC_CTX *tmp_ctx;
+ struct GUID_txt_buf object_buf, iobject_buf;
const char *sddl_type="", *sddl_flags="", *sddl_mask="",
*sddl_object="", *sddl_iobject="", *sddl_trustee="";
@@ -540,19 +541,18 @@ static char *sddl_encode_ace(TALLOC_CTX *mem_ctx, const struct security_ace *ace
ace->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT ||
ace->type == SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT ||
ace->type == SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT) {
+ const struct security_ace_object *object = &ace->object.object;
+
if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) {
- sddl_object = GUID_string(
- tmp_ctx, &ace->object.object.type.type);
- if (sddl_object == NULL) {
- goto failed;
- }
+ sddl_object = GUID_buf_string(
+ &object->type.type, &object_buf);
}
- if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
- sddl_iobject = GUID_string(tmp_ctx, &ace->object.object.inherited_type.inherited_type);
- if (sddl_iobject == NULL) {
- goto failed;
- }
+ if (ace->object.object.flags &
+ SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) {
+ sddl_iobject = GUID_buf_string(
+ &object->inherited_type.inherited_type,
+ &iobject_buf);
}
}
diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py
new file mode 100644
index 00000000000..006a49dbee3
--- /dev/null
+++ b/python/samba/tests/sddl.py
@@ -0,0 +1,180 @@
+# Unix SMB/CIFS implementation.
+# Copyright (C) Volker Lendecke <vl at samba.org> 2021
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests for samba.dcerpc.security"""
+
+from samba.dcerpc import security
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.tests import TestCase
+
+class SddlDecodeEncode(TestCase):
+ strings = [
+ "D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)",
+
+ "D:(A;;GA;;;SY)",
+
+ "D:(A;;GA;;;RS)",
+
+ "D:(A;;RP;;;WD)"
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)"
+ "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)"
+ "(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)"
+ "(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)"
+ "(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)"
+ "(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)"
+ "(A;;RPLCLORC;;;AU)"
+ "(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)"
+ "(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)"
+ "(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)"
+ "(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)"
+ "(A;CI;LC;;;RU)"
+ "(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)"
+ "(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)"
+ "(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)"
+ "(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)"
--
Samba Shared Repository
More information about the samba-cvs
mailing list