[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Wed Oct 5 05:24:02 UTC 2022
The branch, master has been updated
via 3ad0fa69255 pyldb: Fix typos in function names
via b32a3d715bc s4:kdc: Don't copy data for empty PAC buffer
via d4ce0a0e982 s4:kdc: Make use of smb_krb5_data_from_blob() helper function
via f86404b7ab8 s4:kdc: Refactor samba_make_krb5_pac()
via 84796220965 lib:krb5_wrap: Add helper functions to make krb5_data structure
via 27a2ee0d1d9 dbcheck: Fix truncation of warning messages
via b346a369117 docs-xml: Remove nested calls to translate()
via 2344af97406 docs-xml: Remove reference to invalid 'user' parameter
via ffdf0177b52 docs-xml: 'security = auto' is now the default parameter
via 534bc646d7e docs-xml: Fix references to 'encrypt passwords' parameter
via 2a26dd3aab3 docs-xml: Fix reference to 'wide links' parameter
via 112e43fcb3f docs-xml: Fix reference to 'read only' parameter
via 728fabea683 docs-xml: Remove references to obsolete 'write cache size' parameter
via e9f4528d727 docs-xml: Fix reference to obsolete 'lock spin count' parameter
via de23fd66e46 docs-xml: Fix section links
via 90c371d6cd1 pytest: samba-tool: Fix undefined escape sequence
via 352064979be pyldb: Fix tests going unused
via c52f5ee84ba lib:crypto: Change error return to SMB_ASSERT()
via 01b6c87c4fa lib:krb5_wrap: Use case-sensitive comparison against 'krbtgt'
via d2c5a297f25 s4-auth: Add missing newlines to log messages
via ccbce565ebf tests/krb5: Add create_ccache_with_ticket()
via 0c78480837f tests/krb5: Make use of client_opts for TGS-REQs
via 12677ff65e9 python: Handle LdbError thrown from functions operating on DNs
via a68428a9510 pyldb: Have functions operating on DNs raise LdbError
via 0c19fca3f9d python/samba: Fix typos in error messages
via 8f3cbf30a9f pdb_samba_dsdb: Handle dsdb_search_one() errors
via ab7b16428d1 selftest: Simplify krb5 test environments
from 37406b9d97f CVE-2007-4559 python: ensure sanity in our tarfiles
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3ad0fa692556b5544307110b179626bfb4b4381f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 23 10:41:32 2022 +1200
pyldb: Fix typos in function names
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Oct 5 05:23:50 UTC 2022 on sn-devel-184
commit b32a3d715bcf1ffc8078eba06ebded02049251d6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 12:25:10 2022 +1200
s4:kdc: Don't copy data for empty PAC buffer
Heimdal's 'data->length > 0' assertion in krb5_pac_add_buffer() is gone
as of f33f73f82fb2d5d96928ce5910e2d0d939c2ff57, so we no longer need to
specify a non-zero length.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d4ce0a0e982ed6b2cf1a0980270196c80c8eecb9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 21 10:42:54 2022 +1200
s4:kdc: Make use of smb_krb5_data_from_blob() helper function
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f86404b7ab8a557cd3d3366b6567867065c2e28e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 21 10:26:38 2022 +1200
s4:kdc: Refactor samba_make_krb5_pac()
This function is longwinded and needlessly allocates intermediary
buffers. Simplify it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 84796220965527a56ac492d04f220b39ce279cf4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 12:36:25 2022 +1200
lib:krb5_wrap: Add helper functions to make krb5_data structure
These will be used in following commits.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 27a2ee0d1d9a7f3360537a0a806e827272242823
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 20 09:28:27 2022 +1200
dbcheck: Fix truncation of warning messages
We are stripping off one too many characters.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b346a3691173e70d560a69539cc89dabcd14bbbf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:53:08 2022 +1200
docs-xml: Remove nested calls to translate()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2344af97406c9f56bdadf8957f7e2da3e4694b35
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:52:31 2022 +1200
docs-xml: Remove reference to invalid 'user' parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ffdf0177b5202dc7aad5ae0d98e70e1f21c07775
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:52:12 2022 +1200
docs-xml: 'security = auto' is now the default parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 534bc646d7e6f46d29c5d2bb653d6e7f6e56bf31
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:51:22 2022 +1200
docs-xml: Fix references to 'encrypt passwords' parameter
It should be 'encrypt passwords', not 'encrypted passwords'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2a26dd3aab38c566cad8064be7f9fd27fda2bfc0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:50:01 2022 +1200
docs-xml: Fix reference to 'wide links' parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 112e43fcb3f35888d517268828c6ddff3741cf15
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:49:33 2022 +1200
docs-xml: Fix reference to 'read only' parameter
It should be 'read only', not 'read-only'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 728fabea68329d943c0e327c074f95619087ae13
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:49:16 2022 +1200
docs-xml: Remove references to obsolete 'write cache size' parameter
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e9f4528d7273f84ee0de33411ea035f5dec8d25f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:48:58 2022 +1200
docs-xml: Fix reference to obsolete 'lock spin count' parameter
We should not create a dangling link.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit de23fd66e46dcb0d8904b00862ebab12d1160556
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Sat Sep 24 11:48:37 2022 +1200
docs-xml: Fix section links
These are not valid smbconfoptions, so we end up with dangling links.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 90c371d6cd15a00e4b9cd93fc9e0d59a91d5d50b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 16 12:55:58 2022 +1200
pytest: samba-tool: Fix undefined escape sequence
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 352064979be1245c6eb4ebe28bd46907207e0b28
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 15 16:16:43 2022 +1200
pyldb: Fix tests going unused
These tests are redeclared later and so are never used. Give them new
names so that they will be run again.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c52f5ee84ba5b8e7c9d2c67151cf3a6b9a7a780b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 23 16:22:14 2022 +1200
lib:crypto: Change error return to SMB_ASSERT()
Getting an HMAC too long to fit our array is a programming error. It
should always be 64 bytes exactly.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 01b6c87c4faa8c484a4064872cd1cd918fa05da8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue May 17 20:25:19 2022 +1200
lib:krb5_wrap: Use case-sensitive comparison against 'krbtgt'
This matches the other comparisons against krbtgt, kadmin, etc., which
are all case-sensitive.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d2c5a297f25a48c74a9f93beb2a18d50f3352b43
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Apr 29 12:19:35 2022 +1200
s4-auth: Add missing newlines to log messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ccbce565ebfa2048bbecbe51925be32561def6a6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 6 15:21:20 2022 +1200
tests/krb5: Add create_ccache_with_ticket()
This function returns a ccache containing a previously obtained ticket.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c78480837fca684c2c64fe05d1e19aece302726
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri May 6 14:58:52 2022 +1200
tests/krb5: Make use of client_opts for TGS-REQs
Previously we would ignore 'client_opts' and always use the same user
and machine accounts for TGS-REQs. Use 'client_opts' and add a new
'armor_opts' parameter for specifying options of the armoring account.
Furthermore, our test-specific ticket caching is no longer of use, for
get_tgt() and get_service_ticket() now implement ticket caching. Remove
it and eliminate the possibility of mistakenly using stale tickets.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 12677ff65e97e6d3d3e51bac6e0430811d17c02b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 30 11:50:30 2022 +1300
python: Handle LdbError thrown from functions operating on DNs
None of these functions can return False now. Instead we must catch the
LdbError if we want to perform further error handling.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a68428a9510a7d536e6e488323211e972bdd214d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 30 11:46:40 2022 +1300
pyldb: Have functions operating on DNs raise LdbError
The return codes of these functions are not often checked. Throwing an
exception ensures we won't continue blindly on if DN manipulation fails.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0c19fca3f9d0d135aaf7a9e1d97c66ee2bc9611f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jul 27 14:12:07 2022 +1200
python/samba: Fix typos in error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8f3cbf30a9f9ca874c42ccc8187cf5eca96e4c8a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 26 11:32:50 2022 +1200
pdb_samba_dsdb: Handle dsdb_search_one() errors
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ab7b16428d1327c68172f8a9de11cfea5e6dd878
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Mar 4 16:57:27 2022 +1300
selftest: Simplify krb5 test environments
We don't need the local configuration here.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/smbdotconf/filename/casesensitive.xml | 2 +-
docs-xml/smbdotconf/filename/defaultcase.xml | 2 +-
docs-xml/smbdotconf/filename/manglednames.xml | 2 +-
docs-xml/smbdotconf/filename/manglingchar.xml | 2 +-
docs-xml/smbdotconf/generate-context.xsl | 4 +-
docs-xml/smbdotconf/locking/lockspintime.xml | 2 +-
docs-xml/smbdotconf/locking/smb2leases.xml | 1 -
docs-xml/smbdotconf/misc/defaultservice.xml | 2 +-
docs-xml/smbdotconf/printing/loadprinters.xml | 2 +-
docs-xml/smbdotconf/security/rootdirectory.xml | 2 +-
docs-xml/smbdotconf/security/security.xml | 15 +--
docs-xml/smbdotconf/security/serverrole.xml | 6 +-
docs-xml/smbdotconf/tuning/aioreadsize.xml | 1 -
docs-xml/smbdotconf/tuning/aiowritesize.xml | 3 +-
docs-xml/xslt/expand-sambadoc.xsl | 2 +-
docs-xml/xslt/expand-smbconfdoc.xsl | 8 +-
lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c | 14 ++-
lib/krb5_wrap/krb5_samba.c | 32 ++++++-
lib/krb5_wrap/krb5_samba.h | 5 +
lib/ldb-samba/pyldb.c | 6 +-
lib/ldb/pyldb.c | 31 ++++++-
lib/ldb/tests/python/api.py | 38 +++-----
python/samba/dbchecker.py | 2 +-
python/samba/domain_update.py | 8 +-
python/samba/forest_update.py | 8 +-
python/samba/netcmd/group.py | 18 +++-
python/samba/remove_dc.py | 16 +++-
python/samba/sites.py | 12 ++-
python/samba/subnets.py | 44 ++++++---
python/samba/tests/krb5/fast_tests.py | 82 +++++++---------
python/samba/tests/krb5/kdc_base_test.py | 34 ++++---
python/samba/tests/samba_tool/dsacl.py | 2 +-
source3/passdb/pdb_samba_dsdb.c | 12 +++
source4/auth/ntlm/auth_sam.c | 4 +-
source4/kdc/kpasswd-service-mit.c | 3 +-
source4/kdc/kpasswd-service.c | 3 +-
source4/kdc/mit-kdb/kdb_samba.h | 2 -
source4/kdc/mit-kdb/kdb_samba_common.c | 11 ---
source4/kdc/mit-kdb/kdb_samba_policies.c | 4 +-
source4/kdc/pac-glue.c | 113 ++---------------------
source4/selftest/tests.py | 2 +-
41 files changed, 271 insertions(+), 291 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/filename/casesensitive.xml b/docs-xml/smbdotconf/filename/casesensitive.xml
index f0e53be9428..f19aa1c3d9e 100644
--- a/docs-xml/smbdotconf/filename/casesensitive.xml
+++ b/docs-xml/smbdotconf/filename/casesensitive.xml
@@ -6,7 +6,7 @@
<synonym>casesignames</synonym>
<description>
- <para>See the discussion in the section <smbconfoption name="name mangling"/>.</para>
+ <para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">name mangling</link>.</para>
</description>
<value type="default">auto</value>
diff --git a/docs-xml/smbdotconf/filename/defaultcase.xml b/docs-xml/smbdotconf/filename/defaultcase.xml
index 988bad95734..3be5b84a8a3 100644
--- a/docs-xml/smbdotconf/filename/defaultcase.xml
+++ b/docs-xml/smbdotconf/filename/defaultcase.xml
@@ -4,7 +4,7 @@
enumlist="enum_case"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>See the section on <smbconfoption name="name mangling"/>.
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">name mangling</link>.
Also note the <smbconfoption name="short preserve case"/> parameter.</para>
</description>
<value type="default">lower</value>
diff --git a/docs-xml/smbdotconf/filename/manglednames.xml b/docs-xml/smbdotconf/filename/manglednames.xml
index aac0a6dbe00..1a6a57e6b66 100644
--- a/docs-xml/smbdotconf/filename/manglednames.xml
+++ b/docs-xml/smbdotconf/filename/manglednames.xml
@@ -9,7 +9,7 @@
should be mapped to DOS-compatible names ("mangled") and made visible,
or whether non-DOS names should simply be ignored.</para>
- <para>See the section on <smbconfoption name="name mangling"/> for
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">name mangling</link> for
details on how to control the mangling process.</para>
<para>Possible option settings are</para>
diff --git a/docs-xml/smbdotconf/filename/manglingchar.xml b/docs-xml/smbdotconf/filename/manglingchar.xml
index 374d1eeccf4..75b5ea1629c 100644
--- a/docs-xml/smbdotconf/filename/manglingchar.xml
+++ b/docs-xml/smbdotconf/filename/manglingchar.xml
@@ -5,7 +5,7 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>This controls what character is used as
- the <emphasis>magic</emphasis> character in <smbconfoption name="name mangling"/>. The
+ the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The
default is a '~' but this may interfere with some software. Use this option to set
it to whatever you prefer. This is effective only when mangling method is hash.</para>
</description>
diff --git a/docs-xml/smbdotconf/generate-context.xsl b/docs-xml/smbdotconf/generate-context.xsl
index 6204ddbd3a4..690d1039bf3 100644
--- a/docs-xml/smbdotconf/generate-context.xsl
+++ b/docs-xml/smbdotconf/generate-context.xsl
@@ -24,8 +24,8 @@
</xsl:template>
<xsl:template match="//samba:parameter">
- <xsl:variable name="name"><xsl:value-of select="translate(translate(string(@name),' ',''),
- 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
+ <xsl:variable name="name"><xsl:value-of select="translate(string(@name),
+ 'abcdefghijklmnopqrstuvwxyz ','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
</xsl:variable>
<xsl:if test="contains(@context,$smb.context) or $smb.context='ALL'">
diff --git a/docs-xml/smbdotconf/locking/lockspintime.xml b/docs-xml/smbdotconf/locking/lockspintime.xml
index 689d7ddb7a6..692b4deafe2 100644
--- a/docs-xml/smbdotconf/locking/lockspintime.xml
+++ b/docs-xml/smbdotconf/locking/lockspintime.xml
@@ -7,7 +7,7 @@
keep waiting to see if a failed lock request can
be granted. This parameter has changed in default
value from Samba 3.0.23 from 10 to 200. The associated
- <smbconfoption name="lock spin count"/> parameter is
+ <command moreinfo="none">lock spin count</command> parameter is
no longer used in Samba 3.0.24. You should not need
to change the value of this parameter.</para>
</description>
diff --git a/docs-xml/smbdotconf/locking/smb2leases.xml b/docs-xml/smbdotconf/locking/smb2leases.xml
index 65873001ed8..5a490875af7 100644
--- a/docs-xml/smbdotconf/locking/smb2leases.xml
+++ b/docs-xml/smbdotconf/locking/smb2leases.xml
@@ -22,6 +22,5 @@
<related>oplocks</related>
<related>kernel oplocks</related>
<related>level2 oplocks</related>
-<related>write cache size</related>
<value type="default">yes</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/misc/defaultservice.xml b/docs-xml/smbdotconf/misc/defaultservice.xml
index 2da968b9c2f..54203969620 100644
--- a/docs-xml/smbdotconf/misc/defaultservice.xml
+++ b/docs-xml/smbdotconf/misc/defaultservice.xml
@@ -17,7 +17,7 @@
<para>
Typically the default service would be a <smbconfoption name="guest ok"/>, <smbconfoption
- name="read-only"/> service.</para> <para>Also note that the apparent service name will be changed to equal
+ name="read only"/> service.</para> <para>Also note that the apparent service name will be changed to equal
that of the requested service, this is very useful as it allows you to use macros like <parameter
moreinfo="none">%S</parameter> to make a wildcard service.
</para>
diff --git a/docs-xml/smbdotconf/printing/loadprinters.xml b/docs-xml/smbdotconf/printing/loadprinters.xml
index 83e0f4c3d2f..cc6dbaf835d 100644
--- a/docs-xml/smbdotconf/printing/loadprinters.xml
+++ b/docs-xml/smbdotconf/printing/loadprinters.xml
@@ -5,7 +5,7 @@
<description>
<para>A boolean variable that controls whether all
printers in the printcap will be loaded for browsing by default.
- See the <smbconfoption name="printers"/> section for
+ See the <link linkend="PRINTERSSECT">printers</link> section for
more details.</para>
</description>
diff --git a/docs-xml/smbdotconf/security/rootdirectory.xml b/docs-xml/smbdotconf/security/rootdirectory.xml
index 008ec5086fc..0eb7c154557 100644
--- a/docs-xml/smbdotconf/security/rootdirectory.xml
+++ b/docs-xml/smbdotconf/security/rootdirectory.xml
@@ -13,7 +13,7 @@
It may also check for, and deny access to, soft links to other
parts of the filesystem, or attempts to use ".." in file names
to access other directories (depending on the setting of the
- <smbconfoption name="wide smbconfoptions"/> parameter).
+ <smbconfoption name="wide links"/> parameter).
</para>
<para>Adding a <parameter moreinfo="none">root directory</parameter> entry other
diff --git a/docs-xml/smbdotconf/security/security.xml b/docs-xml/smbdotconf/security/security.xml
index 86f5f2acf01..be2e9fdc4c9 100644
--- a/docs-xml/smbdotconf/security/security.xml
+++ b/docs-xml/smbdotconf/security/security.xml
@@ -5,17 +5,18 @@
enumlist="enum_security"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<when_value value="security">
- <requires option="encrypted passwords">/(yes|true)/</requires>
+ <requires option="encrypt passwords">/(yes|true)/</requires>
</when_value>
<description>
<para>This option affects how clients respond to
Samba and is one of the most important settings in the <filename moreinfo="none">
smb.conf</filename> file.</para>
- <para>The default is <command moreinfo="none">security = user</command>, as this is
+ <para>Unless <smbconfoption name="server role"/> is specified,
+ the default is <command moreinfo="none">security = user</command>, as this is
the most common setting, used for a standalone file server or a DC.</para>
- <para>The alternatives are
+ <para>The alternatives to <command moreinfo="none">security = user</command> are
<command moreinfo="none">security = ads</command> or <command moreinfo="none">security = domain
</command>, which support joining Samba to a Windows domain</para>
@@ -37,8 +38,8 @@
<para>If <smbconfoption name="server role"/> is not specified, this is the default security setting in Samba.
With user-level security a client must first "log-on" with a
valid username and password (which can be mapped using the <smbconfoption name="username map"/>
- parameter). Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) can also
- be used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+ parameter). Encrypted passwords (see the <smbconfoption name="encrypt passwords"/> parameter) can also
+ be used in this security mode. Parameters such as <smbconfoption name="force user"/> and <smbconfoption
name="guest only"/> if set are then applied and
may change the UNIX user to use on this connection, but only after
the user has been successfully authenticated.</para>
@@ -54,7 +55,7 @@
<para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> has been used to add this
- machine into a Windows NT Domain. It expects the <smbconfoption name="encrypted passwords"/>
+ machine into a Windows NT Domain. It expects the <smbconfoption name="encrypt passwords"/>
parameter to be set to <constant>yes</constant>. In this
mode Samba will try to validate the username/password by passing
it to a Windows NT Primary or Backup Domain Controller, in exactly
@@ -78,7 +79,7 @@
See the <smbconfoption name="map to guest"/> parameter for details on doing this.</para>
<para>See also the <smbconfoption name="password server"/> parameter and
- the <smbconfoption name="encrypted passwords"/> parameter.</para>
+ the <smbconfoption name="encrypt passwords"/> parameter.</para>
<para><anchor id="SECURITYEQUALSADS"/><emphasis>SECURITY = ADS</emphasis></para>
diff --git a/docs-xml/smbdotconf/security/serverrole.xml b/docs-xml/smbdotconf/security/serverrole.xml
index b8b83a127b5..1ccc8c5ebe8 100644
--- a/docs-xml/smbdotconf/security/serverrole.xml
+++ b/docs-xml/smbdotconf/security/serverrole.xml
@@ -32,8 +32,8 @@
<para>If <smbconfoption name="security"/> is also not specified, this is the default security setting in Samba.
In standalone operation, a client must first "log-on" with a
valid username and password (which can be mapped using the <smbconfoption name="username map"/>
- parameter) stored on this machine. Encrypted passwords (see the <smbconfoption name="encrypted passwords"/> parameter) are by default
- used in this security mode. Parameters such as <smbconfoption name="user"/> and <smbconfoption
+ parameter) stored on this machine. Encrypted passwords (see the <smbconfoption name="encrypt passwords"/> parameter) are by default
+ used in this security mode. Parameters such as <smbconfoption name="force user"/> and <smbconfoption
name="guest only"/> if set are then applied and
may change the UNIX user to use on this connection, but only after
the user has been successfully authenticated.</para>
@@ -42,7 +42,7 @@
<para>This mode will only work correctly if <citerefentry><refentrytitle>net</refentrytitle>
<manvolnum>8</manvolnum></citerefentry> has been used to add this
- machine into a Windows Domain. It expects the <smbconfoption name="encrypted passwords"/>
+ machine into a Windows Domain. It expects the <smbconfoption name="encrypt passwords"/>
parameter to be set to <constant>yes</constant>. In this
mode Samba will try to validate the username/password by passing
it to a Windows or Samba Domain Controller, in exactly
diff --git a/docs-xml/smbdotconf/tuning/aioreadsize.xml b/docs-xml/smbdotconf/tuning/aioreadsize.xml
index 4785d2abad9..71120a80388 100644
--- a/docs-xml/smbdotconf/tuning/aioreadsize.xml
+++ b/docs-xml/smbdotconf/tuning/aioreadsize.xml
@@ -9,7 +9,6 @@
reads and when not using write cache.</para>
<para>The only reasonable values for this parameter are 0 (no async I/O) and
1 (always do async I/O).</para>
- <related>write cache size</related>
<related>aio write size</related>
</description>
diff --git a/docs-xml/smbdotconf/tuning/aiowritesize.xml b/docs-xml/smbdotconf/tuning/aiowritesize.xml
index 1d649fe7c2c..cdc079d13dc 100644
--- a/docs-xml/smbdotconf/tuning/aiowritesize.xml
+++ b/docs-xml/smbdotconf/tuning/aiowritesize.xml
@@ -13,8 +13,7 @@
a smaller effect, most writes should end up in the
file system cache. Writes that require space allocation might
benefit most from going asynchronous.</para>
-
- <related>write cache size</related>
+
<related>aio read size</related>
</description>
diff --git a/docs-xml/xslt/expand-sambadoc.xsl b/docs-xml/xslt/expand-sambadoc.xsl
index 97aaafbb027..65b22fc125c 100644
--- a/docs-xml/xslt/expand-sambadoc.xsl
+++ b/docs-xml/xslt/expand-sambadoc.xsl
@@ -48,7 +48,7 @@
<xsl:value-of select="$linkcontent"/>
</xsl:when>
<xsl:otherwise>
- <xsl:variable name="newid"><xsl:value-of select="translate(translate(string($name),' ',''),'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/></xsl:variable>
+ <xsl:variable name="newid"><xsl:value-of select="translate(string($name),'abcdefghijklmnopqrstuvwxyz ','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/></xsl:variable>
<xsl:element name="link">
<xsl:attribute name="linkend">
<xsl:value-of select="$newid"/>
diff --git a/docs-xml/xslt/expand-smbconfdoc.xsl b/docs-xml/xslt/expand-smbconfdoc.xsl
index 778b80c0cc5..4e788ff9241 100644
--- a/docs-xml/xslt/expand-smbconfdoc.xsl
+++ b/docs-xml/xslt/expand-smbconfdoc.xsl
@@ -32,8 +32,8 @@
</xsl:template>
<xsl:template match="samba:parameter">
- <xsl:variable name="cname"><xsl:value-of select="translate(translate(string(@name),' ',''),
- 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
+ <xsl:variable name="cname"><xsl:value-of select="translate(string(@name),
+ 'abcdefghijklmnopqrstuvwxyz ','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
</xsl:variable>
<xsl:variable name="name"><xsl:value-of select="@name"/></xsl:variable>
@@ -140,7 +140,7 @@
<xsl:text>
</xsl:text>
<xsl:element name="anchor">
<xsl:attribute name="id">
- <xsl:value-of select="translate(translate(string(.),' ',''), 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
+ <xsl:value-of select="translate(string(.), 'abcdefghijklmnopqrstuvwxyz ','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
</xsl:attribute>
</xsl:element>
<xsl:value-of select="."/>
@@ -153,7 +153,7 @@
<xsl:text>This parameter is a synonym for </xsl:text>
<xsl:element name="link">
<xsl:attribute name="linkend">
- <xsl:value-of select="translate(translate(string($name),' ',''), 'abcdefghijklmnopqrstuvwxyz','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
+ <xsl:value-of select="translate(string($name), 'abcdefghijklmnopqrstuvwxyz ','ABCDEFGHIJKLMNOPQRSTUVWXYZ')"/>
</xsl:attribute>
<xsl:value-of select="$name"/>
</xsl:element>
diff --git a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
index e0877a03f52..2e37dcd23aa 100644
--- a/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
+++ b/lib/crypto/gnutls_aead_aes_256_cbc_hmac_sha512.c
@@ -113,6 +113,12 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx,
NTSTATUS status;
int rc;
+ /*
+ * We don't want to overflow 'pauth_tag', which is 64 bytes in
+ * size.
+ */
+ SMB_ASSERT(hmac_size == 64);
+
if (plaintext->length == 0 || cek->length == 0 ||
key_salt->length == 0 || mac_salt->length == 0 || iv->length == 0) {
return NT_STATUS_INVALID_PARAMETER;
@@ -124,14 +130,6 @@ samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt(TALLOC_CTX *mem_ctx,
* TODO: Use gnutls_cipher_encrypt3()
*/
- if (hmac_size > 64) {
- /*
- * We don't want to overflow 'pauth_tag', which is 64 bytes in
- * size.
- */
- return NT_STATUS_INVALID_BUFFER_SIZE;
- }
-
if (plaintext->length + aes_block_size < plaintext->length) {
return NT_STATUS_INVALID_BUFFER_SIZE;
}
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 0e70b696948..4afec815b0d 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -938,6 +938,36 @@ krb5_error_code smb_krb5_copy_data_contents(krb5_data *p,
#endif
}
+/*
+ * @brief put a buffer reference into a krb5_data struct
+ *
+ * @param[in] data The data to reference
+ * @param[in] length The length of the data to reference
+ * @return krb5_data
+ *
+ * Caller should not free krb5_data.
+ */
+krb5_data smb_krb5_make_data(void *data,
+ size_t len)
+{
+ krb5_data d;
+
+#ifdef SAMBA4_USES_HEIMDAL
+ d.data = (uint8_t *)data;
+ d.length = len;
+#else
+ d.magic = KV5M_DATA;
+ d.data = data;
+ d.length = len;
+#endif
+ return d;
+}
+
+krb5_data smb_krb5_data_from_blob(DATA_BLOB blob)
+{
+ return smb_krb5_make_data(blob.data, blob.length);
+}
+
bool smb_krb5_get_smb_session_key(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_auth_context auth_context,
@@ -3370,7 +3400,7 @@ int smb_krb5_principal_is_tgs(krb5_context context,
}
eq = krb5_princ_size(context, principal) == 2 &&
- (strequal(p, KRB5_TGS_NAME));
+ (strcmp(p, KRB5_TGS_NAME) == 0);
talloc_free(p);
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 942f787d12a..2bb04ba5a46 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -383,6 +383,11 @@ krb5_error_code smb_krb5_copy_data_contents(krb5_data *p,
const void *data,
size_t len);
+krb5_data smb_krb5_make_data(void *data,
+ size_t len);
+
+krb5_data smb_krb5_data_from_blob(DATA_BLOB blob);
+
int smb_krb5_principal_get_type(krb5_context context,
krb5_const_principal principal);
diff --git a/lib/ldb-samba/pyldb.c b/lib/ldb-samba/pyldb.c
index bea489489ef..01ed065947a 100644
--- a/lib/ldb-samba/pyldb.c
+++ b/lib/ldb-samba/pyldb.c
@@ -245,16 +245,16 @@ static PyObject *py_ldb_register_samba_handlers(PyObject *self,
static PyMethodDef py_samba_ldb_methods[] = {
{ "set_loadparm", (PyCFunction)py_ldb_set_loadparm, METH_VARARGS,
- "ldb_set_loadparm(session_info)\n"
+ "set_loadparm(session_info)\n"
"Set loadparm context to use when connecting." },
{ "set_credentials", (PyCFunction)py_ldb_set_credentials, METH_VARARGS,
- "ldb_set_credentials(credentials)\n"
+ "set_credentials(credentials)\n"
"Set credentials to use when connecting." },
{ "set_opaque_integer", (PyCFunction)py_ldb_set_opaque_integer,
METH_VARARGS, NULL },
{ "set_utf8_casefold", (PyCFunction)py_ldb_set_utf8_casefold,
METH_NOARGS,
- "ldb_set_utf8_casefold()\n"
+ "set_utf8_casefold()\n"
"Set the right Samba casefolding function for UTF8 charset." },
{ "register_samba_handlers", (PyCFunction)py_ldb_register_samba_handlers,
METH_NOARGS,
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index 3f4b0c7a45c..238a7550deb 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -639,6 +639,7 @@ static PyObject *py_ldb_dn_add_child(PyLdbDnObject *self, PyObject *args)
{
PyObject *py_other;
struct ldb_dn *dn, *other;
+ bool ok;
if (!PyArg_ParseTuple(args, "O", &py_other))
return NULL;
@@ -647,13 +648,20 @@ static PyObject *py_ldb_dn_add_child(PyLdbDnObject *self, PyObject *args)
if (!pyldb_Object_AsDn(NULL, py_other, ldb_dn_get_ldb_context(dn), &other))
return NULL;
- return PyBool_FromLong(ldb_dn_add_child(dn, other));
+ ok = ldb_dn_add_child(dn, other);
+ if (!ok) {
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, NULL);
+ return NULL;
+ }
+
+ Py_RETURN_TRUE;
}
static PyObject *py_ldb_dn_add_base(PyLdbDnObject *self, PyObject *args)
{
PyObject *py_other;
struct ldb_dn *other, *dn;
+ bool ok;
if (!PyArg_ParseTuple(args, "O", &py_other))
return NULL;
@@ -662,19 +670,32 @@ static PyObject *py_ldb_dn_add_base(PyLdbDnObject *self, PyObject *args)
if (!pyldb_Object_AsDn(NULL, py_other, ldb_dn_get_ldb_context(dn), &other))
return NULL;
- return PyBool_FromLong(ldb_dn_add_base(dn, other));
+ ok = ldb_dn_add_base(dn, other);
+ if (!ok) {
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, NULL);
+ return NULL;
+ }
+
+ Py_RETURN_TRUE;
}
static PyObject *py_ldb_dn_remove_base_components(PyLdbDnObject *self, PyObject *args)
{
struct ldb_dn *dn;
int i;
+ bool ok;
if (!PyArg_ParseTuple(args, "i", &i))
return NULL;
dn = pyldb_Dn_AS_DN((PyObject *)self);
- return PyBool_FromLong(ldb_dn_remove_base_components(dn, i));
+ ok = ldb_dn_remove_base_components(dn, i);
+ if (!ok) {
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, NULL);
+ return NULL;
+ }
+
+ Py_RETURN_TRUE;
}
static PyObject *py_ldb_dn_is_child_of(PyLdbDnObject *self, PyObject *args)
@@ -819,10 +840,10 @@ static PyMethodDef py_ldb_dn_methods[] = {
"S.parent() -> dn\n"
"Get the parent for this DN." },
{ "add_child", (PyCFunction)py_ldb_dn_add_child, METH_VARARGS,
- "S.add_child(dn) -> None\n"
+ "S.add_child(dn) -> bool\n"
"Add a child DN to this DN." },
{ "add_base", (PyCFunction)py_ldb_dn_add_base, METH_VARARGS,
- "S.add_base(dn) -> None\n"
+ "S.add_base(dn) -> bool\n"
"Add a base DN to this DN." },
{ "remove_base_components", (PyCFunction)py_ldb_dn_remove_base_components, METH_VARARGS,
"S.remove_base_components(int) -> bool\n"
diff --git a/lib/ldb/tests/python/api.py b/lib/ldb/tests/python/api.py
index bf6f7ef993d..75abd0e3acc 100755
--- a/lib/ldb/tests/python/api.py
+++ b/lib/ldb/tests/python/api.py
@@ -1258,14 +1258,6 @@ class SearchTests(LdbBaseTest):
expression="(ou=ou10)")
self.assertEqual(len(res11), 0)
- def test_subtree_unique_elsewhere2(self):
- """Testing a search"""
-
- res11 = self.l.search(base="DC=EXAMPLE,DC=COM",
- scope=ldb.SCOPE_SUBTREE,
- expression="(ou=ou10)")
- self.assertEqual(len(res11), 0)
--
Samba Shared Repository
More information about the samba-cvs
mailing list