[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Jun 14 08:19:01 UTC 2022
The branch, master has been updated
via 3dcdd13a250 tests/krb5: Use object() rather than auto() to initialise enums
via 48bff3c44f6 dsdb/common: Make some parameters const
via 0dad0e3fcdb lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string()
via 9bd4c8bd560 s4:kdc: Add space in error message
via 5045382c6dd python: Don't use deprecated escape sequences
via 45f2e3631e1 libcli/security: Fix typos
via 2c9a4ef86e5 libcli:util: Update werror table
from 89b7afa3bbc libgpo/admx/en-US/samba.adml spelling: authencication paramter
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3dcdd13a2506597d65af1efda76655206b3b3124
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed May 18 16:09:58 2022 +1200
tests/krb5: Use object() rather than auto() to initialise enums
This ensures that when an enum value is expected, a magic constant won't
be supplied instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun 14 08:18:06 UTC 2022 on sn-devel-184
commit 48bff3c44f6ed4fcf4671351801d3536115c7314
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Jun 3 19:29:00 2022 +1200
dsdb/common: Make some parameters const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 0dad0e3fcdbadddbe29351de0b72e633e12bd856
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon May 9 13:55:07 2022 +1200
lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 9bd4c8bd560aec84cdb26c4b7fdddcac9ef530b8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon May 2 09:38:47 2022 +1200
s4:kdc: Add space in error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5045382c6dd04b1bae0eaaae823be908213ff079
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Apr 28 20:31:50 2022 +1200
python: Don't use deprecated escape sequences
Certain escape sequences are not valid in Python string literals, and
will eventually result in a SyntaxError.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 45f2e3631e1424f99915a01bdf4808189bd8a6d7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Apr 28 20:32:51 2022 +1200
libcli/security: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 2c9a4ef86e5fa68091fc392740e7b04af759b698
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Apr 28 20:33:07 2022 +1200
libcli:util: Update werror table
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_cross.py | 2 +-
lib/krb5_wrap/krb5_samba.c | 4 ++--
lib/krb5_wrap/krb5_samba.h | 4 ++--
libcli/security/access_check.c | 2 +-
libcli/security/access_check.h | 2 +-
libcli/util/werror.h | 1 -
libcli/util/werror_err_table.txt | 20 +++++++++++++++++---
python/samba/drs_utils.py | 5 +----
python/samba/netcmd/ldapcmp.py | 2 +-
python/samba/tests/krb5/kdc_base_test.py | 10 +++++-----
source4/auth/ntlm/auth_sam.c | 2 +-
source4/dsdb/common/util.c | 6 +++---
source4/dsdb/tests/python/acl.py | 2 +-
source4/dsdb/tests/python/sec_descriptor.py | 6 +++---
source4/kdc/db-glue.c | 2 +-
15 files changed, 40 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py
index c6f8c2a0ef2..7ec1edc52ea 100644
--- a/buildtools/wafsamba/samba_cross.py
+++ b/buildtools/wafsamba/samba_cross.py
@@ -77,7 +77,7 @@ def cross_answer(ca_file, msg):
f.close()
return (0, ans.strip("'"))
else:
- m = re.match('\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans)
+ m = re.match(r'\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans)
if m:
f.close()
return (int(m.group(1)), m.group(2))
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 2351d172779..57ffdc72780 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -291,8 +291,8 @@ krb5_error_code smb_krb5_mk_error(krb5_context context,
*/
int smb_krb5_create_key_from_string(krb5_context context,
krb5_const_principal host_princ,
- krb5_data *salt,
- krb5_data *password,
+ const krb5_data *salt,
+ const krb5_data *password,
krb5_enctype enctype,
krb5_keyblock *key)
{
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 653cd561406..942f787d12a 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -361,8 +361,8 @@ int smb_krb5_salt_principal2data(krb5_context context,
int smb_krb5_create_key_from_string(krb5_context context,
krb5_const_principal host_princ,
- krb5_data *salt,
- krb5_data *password,
+ const krb5_data *salt,
+ const krb5_data *password,
krb5_enctype enctype,
krb5_keyblock *key);
diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c
index 322f4fdb0c6..f5051b0fa93 100644
--- a/libcli/security/access_check.c
+++ b/libcli/security/access_check.c
@@ -497,7 +497,7 @@ static NTSTATUS check_object_specific_access(struct security_ace *ace,
* of the entry in the tree grants all the requested rights for the given GUID
* FIXME
* tree can be null if not null it's the
- * Lots of code duplication, it will ve united in just one
+ * Lots of code duplication, it will be united in just one
* function eventually */
NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h
index 952589dacb7..96e33c6624f 100644
--- a/libcli/security/access_check.h
+++ b/libcli/security/access_check.h
@@ -66,7 +66,7 @@ NTSTATUS se_file_access_check(const struct security_descriptor *sd,
uint32_t *access_granted);
/* modified access check for the purposes of DS security
- * Lots of code duplication, it will ve united in just one
+ * Lots of code duplication, it will be united in just one
* function eventually */
NTSTATUS sec_access_check_ds(const struct security_descriptor *sd,
diff --git a/libcli/util/werror.h b/libcli/util/werror.h
index 0370a0618c1..d3d3327aef9 100644
--- a/libcli/util/werror.h
+++ b/libcli/util/werror.h
@@ -100,7 +100,6 @@ typedef uint32_t WERROR;
#define WERR_INVALID_PRIMARY_GROUP W_ERROR(0x0000051C)
#define WERR_DS_DRA_SECRETS_DENIED W_ERROR(0x000021B6)
-#define WERR_DS_DRA_RECYCLED_TARGET W_ERROR(0x000021BF)
#define WERR_DNS_ERROR_KEYMASTER_REQUIRED W_ERROR(0x0000238D)
#define WERR_DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE W_ERROR(0x0000238E)
diff --git a/libcli/util/werror_err_table.txt b/libcli/util/werror_err_table.txt
index 75e8020f36e..5796afcb6c1 100644
--- a/libcli/util/werror_err_table.txt
+++ b/libcli/util/werror_err_table.txt
@@ -1762,7 +1762,7 @@ The Netlogon service cannot start because another Netlogon service running in th
ERROR_SYNCHRONIZATION_REQUIRED
-The Security Accounts Manager (SAM) database on a Windows Server operating system is significantly out of synchronization with the copy on the domain controller. A complete synchronization is required.
+On applicable Windows Server releases, the Security Accounts Manager (SAM) database is significantly out of synchronization with the copy on the domain controller. A complete synchronization is required.
0x0000023A
@@ -1846,7 +1846,7 @@ An event pair synchronization operation was performed using the thread-specific
ERROR_DOMAIN_CTRLR_CONFIG_ERROR
-A Windows Server has an incorrect configuration.
+A domain server has an incorrect configuration.
0x00000246
@@ -8111,7 +8111,7 @@ The logon processor did not add the message alias.
NERR_UnableToDelName_W
- at W The logoff processor did not delete the message alias.
+The logoff processor did not delete the message alias.
0x0000089F
@@ -9925,6 +9925,13 @@ ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED
The specified printer driver was not found on the system and needs to be downloaded.
+0x00000BCE
+
+ERROR_PRINTER_NOT_SHAREABLE
+
+
+The specified printer cannot be shared.
+
0x00000F6E
ERROR_IO_REISSUE_AS_CACHED
@@ -15623,6 +15630,13 @@ ERROR_DS_INVALID_SEARCH_FLAG_TUPLE
The search flags for the attribute are invalid. The tuple index bit is valid only on attributes of Unicode strings.
+0x000021BF
+
+ERROR_DS_DRA_RECYCLED_TARGET
+
+
+The replication operation failed because the target object referenced by a link value is recycled.
+
0x000021C2
ERROR_DS_HIGH_DSA_VERSION
diff --git a/python/samba/drs_utils.py b/python/samba/drs_utils.py
index feab89b0d8e..a71da6eedd3 100644
--- a/python/samba/drs_utils.py
+++ b/python/samba/drs_utils.py
@@ -200,10 +200,7 @@ class drs_Replicate(object):
# (if we support it and haven't already tried that)
supports_ext = self.supports_ext
- # TODO fix up the below line when we next update werror_err_table.txt
- # and pull in the new error-code
- # return (error_code == werror.WERR_DS_DRA_RECYCLED_TARGET and
- return (error_code == 0x21bf and
+ return (error_code == werror.WERR_DS_DRA_RECYCLED_TARGET and
supports_ext & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 and
(req.more_flags & drsuapi.DRSUAPI_DRS_GET_TGT) == 0)
diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py
index 762047c467b..dddd5a894be 100644
--- a/python/samba/netcmd/ldapcmp.py
+++ b/python/samba/netcmd/ldapcmp.py
@@ -279,7 +279,7 @@ class Descriptor(object):
res = re.search(r"D:(.*?)(\(.*\))", self.sddl).group(2)
except AttributeError:
return []
- return re.findall("(\(.*?\))", res)
+ return re.findall(r"(\(.*?\))", res)
def fix_sid(self, ace):
res = "%s" % ace
diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py
index 7d180380d13..22db004f879 100644
--- a/python/samba/tests/krb5/kdc_base_test.py
+++ b/python/samba/tests/krb5/kdc_base_test.py
@@ -23,7 +23,7 @@ import tempfile
import binascii
import collections
import secrets
-from enum import Enum, auto
+from enum import Enum
from collections import namedtuple
import ldb
@@ -98,10 +98,10 @@ class KDCBaseTest(RawKerberosTest):
"""
class AccountType(Enum):
- USER = auto()
- COMPUTER = auto()
- SERVER = auto()
- RODC = auto()
+ USER = object()
+ COMPUTER = object()
+ SERVER = object()
+ RODC = object()
@classmethod
def setUpClass(cls):
diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c
index 2900a4e374d..2a024564417 100644
--- a/source4/auth/ntlm/auth_sam.c
+++ b/source4/auth/ntlm/auth_sam.c
@@ -318,7 +318,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con
for (i = 1; i < MIN(history_len, 3); i++) {
struct samr_Password zero_string_hash;
- struct samr_Password *nt_history_pwd = NULL;
+ const struct samr_Password *nt_history_pwd = NULL;
NTTIME pwdLastSet;
struct timeval tv_now;
NTTIME now;
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index bd59de5cb32..54997c2ad75 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -518,10 +518,10 @@ unsigned int samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message *
NTSTATUS samdb_result_passwords_from_history(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
- struct ldb_message *msg,
+ const struct ldb_message *msg,
unsigned int idx,
- struct samr_Password **lm_pwd,
- struct samr_Password **nt_pwd)
+ const struct samr_Password **lm_pwd,
+ const struct samr_Password **nt_pwd)
{
struct samr_Password *lmPwdHash, *ntPwdHash;
diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py
index 70dca9b7678..1271dfcc957 100755
--- a/source4/dsdb/tests/python/acl.py
+++ b/source4/dsdb/tests/python/acl.py
@@ -695,7 +695,7 @@ class AclSearchTests(AclTests):
# Make sure there are inheritable ACEs initially
self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
# Find and remove all inherit ACEs
- res = re.findall("\(.*?\)", desc_sddl)
+ res = re.findall(r"\(.*?\)", desc_sddl)
res = [x for x in res if ("CI" in x) or ("OI" in x)]
for x in res:
desc_sddl = desc_sddl.replace(x, "")
diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py
index b67bf33b5f7..6471fc15c55 100755
--- a/source4/dsdb/tests/python/sec_descriptor.py
+++ b/source4/dsdb/tests/python/sec_descriptor.py
@@ -1248,7 +1248,7 @@ class DaclDescriptorTests(DescriptorTests):
# Make sure there are inheritable ACEs initially
self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl)
# Find and remove all inherit ACEs
- res = re.findall("\(.*?\)", desc_sddl)
+ res = re.findall(r"\(.*?\)", desc_sddl)
res = [x for x in res if ("CI" in x) or ("OI" in x)]
for x in res:
desc_sddl = desc_sddl.replace(x, "")
@@ -1315,12 +1315,12 @@ class DaclDescriptorTests(DescriptorTests):
# also make sure the added above non-inheritable ACEs are absent too
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
self.assertFalse("ID" in desc_sddl)
- for x in re.findall("\(.*?\)", mod):
+ for x in re.findall(r"\(.*?\)", mod):
self.assertFalse(x in desc_sddl)
self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded)
desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn)
self.assertFalse("ID" in desc_sddl)
- for x in re.findall("\(.*?\)", mod):
+ for x in re.findall(r"\(.*?\)", mod):
self.assertFalse(x in desc_sddl)
def test_203(self):
diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c
index ea329b7edab..6965ca68563 100644
--- a/source4/kdc/db-glue.c
+++ b/source4/kdc/db-glue.c
@@ -3128,7 +3128,7 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd(
data = ldb_msg_find_ldb_val(proxy_skdc_entry->msg,
"msDS-AllowedToActOnBehalfOfOtherIdentity");
if (data == NULL) {
- DBG_ERR("Could not find security descriptor"
+ DBG_ERR("Could not find security descriptor "
"msDS-AllowedToActOnBehalfOfOtherIdentity in "
"proxy[%s]\n",
proxy_dn);
--
Samba Shared Repository
More information about the samba-cvs
mailing list