[SCM] Samba Shared Repository - branch master updated
Douglas Bagnall
dbagnall at samba.org
Fri Oct 21 04:54:01 UTC 2022
The branch, master has been updated
via 37831c9e507 docs-xml: Fix outdated comment in documentation
via f50e0c3cb43 s4:gensec Avoid memory leak in error case in gensec_gssapi
via a503162ea4d python: Remove unused imports in auth_log tests
via 12b53e0d431 python: Fix invalid escape by using a raw string
via a2ba0fa3ad3 python: Use list comprehension in string_to_byte_array()
via 6231c09ff29 samba-tool: Fix double-word in samba-tool domain passwordsettings
via a4212081546 docs: Fix double-word in "prefork backoff increment"
via 6b7fd9bb82d docs: Fix double-word in "inherit owner" manpage
via e131450bfd7 testprogs: fix CVE reference in kpassed test
via ca6cb0c69d0 s4-join: Fix typos in recent GET_ANC patch set
via 19895c9389e ldb: don't call comparison() directly in LDB_TYPESAFE_QSORT
via 1716efc0db6 s4-dsdb: Remove unused variables in token_group python test
via 81c23aa0151 s4-dsdb: simplify conditional in python token_group test
via 0042ace33d1 s4-dsdb: Remove unused import in token_group python test
via 31eb2986da6 s3-utils: Fix typo in error message in net groupmap
via 16746593db5 libcli/security: Make null_sid static const, not just const
via 7ec569b3a60 libcli/security: Fix function header comments in SID handling
via f7d94c67811 s4-dsdb: Use Python 'del' rather than assigning over with None
via f5ed2936caf s4-dsdb: remove unused Python variables
via cc38a61442d s4-dsdb: Use a raw python string to avoid creating and invalid escape sequence
via 16b7c1f3d8a s4-dsdb: Make tdo_attrs static const
via fb1718094d0 s4-dsdb: Rename user_attrs to attrs to avoid conflict and add static const
via 1b550258ef3 s4-auth: Mention correct PAC buffer in error msg
via 2b331c67040 s4-auth: Fix typo in erberos_pac_to_user_info_dc()
via 349c5794d30 librpc/ndr: Fix incorrect error string in SID parser
via 549f3f85c43 s4-kdc: Correct MIT talloc ctx names
via 2ccb69e0ba6 s4-kdc: Fix typo in MIT glue
via ed35f40d756 krb5: Add compatability for krb5_const_pac type
from 50cbdecf2e2 tests/krb5: Add test requesting a TGT expiring post-2038
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 37831c9e5075c46b1e74a6134d865178d71462c9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Oct 13 14:48:07 2022 +1300
docs-xml: Fix outdated comment in documentation
This was written prior to the release of Windows Vista and later
versions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Oct 21 04:53:47 UTC 2022 on sn-devel-184
commit f50e0c3cb4369ca564479a60314cfe27cd2ec6cd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:55 2022 +1300
s4:gensec Avoid memory leak in error case in gensec_gssapi
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a503162ea4d3a2e6b3e4c0c00fedd44131161641
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:42 2022 +1300
python: Remove unused imports in auth_log tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 12b53e0d431847294d32c14e2dde0bd1dc8754aa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:32 2022 +1300
python: Fix invalid escape by using a raw string
These escapes are meant for the regular expression engine
not the string parser.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a2ba0fa3ad30bb1c9a010849a8f6a79bfc5ca543
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 12 13:56:19 2022 +1300
python: Use list comprehension in string_to_byte_array()
Samba is now a mature user of Python and can cope with a
list comprehension from time to time.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 6231c09ff29a84d8afdc6f94394a35f252b55e36
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 15:40:43 2022 +1300
samba-tool: Fix double-word in samba-tool domain passwordsettings
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit a4212081546bb186db6786b074d436570bfc44b8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 15:38:57 2022 +1300
docs: Fix double-word in "prefork backoff increment"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 6b7fd9bb82dba46bc4bb2251476d02344bd0ef70
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Oct 5 13:29:32 2022 +1300
docs: Fix double-word in "inherit owner" manpage
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14034
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit e131450bfd7879f489b01edeb113c89a627eab02
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 4 20:31:47 2022 +1300
testprogs: fix CVE reference in kpassed test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ca6cb0c69d0c7967538648063cc15448c96069dd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Oct 4 20:07:25 2022 +1300
s4-join: Fix typos in recent GET_ANC patch set
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 19895c9389e0109eeb84cdbbfe1fafafcbb516fe
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 14:17:30 2022 +1300
ldb: don't call comparison() directly in LDB_TYPESAFE_QSORT
The result is not used, it is only part of the macro to gain
type-checking.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 1716efc0db65764627b143047185030a969ab28d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:06:52 2022 +1300
s4-dsdb: Remove unused variables in token_group python test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 81c23aa01512f43f89709881b79030a5d4bb4a7a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:06:42 2022 +1300
s4-dsdb: simplify conditional in python token_group test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 0042ace33d1552e02c1dc30b0077857c1978aa96
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:06:33 2022 +1300
s4-dsdb: Remove unused import in token_group python test
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 31eb2986da6fcde44cb2d0ef5298f1c97bb430c3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:05:56 2022 +1300
s3-utils: Fix typo in error message in net groupmap
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 16746593db507ead2df227974b43c43c24b25340
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:05:16 2022 +1300
libcli/security: Make null_sid static const, not just const
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 7ec569b3a6023a8f7c673820920f0d740241b30e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 15:04:49 2022 +1300
libcli/security: Fix function header comments in SID handling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit f7d94c67811d1fd6c18866d46d55e2ba87640104
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 15:05:45 2022 +1300
s4-dsdb: Use Python 'del' rather than assigning over with None
This is the clearer way to trigger the destruction of this variable
and so the LDB connection under it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit f5ed2936caf9a110a96e317206bd1e9ef16211c7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:49:16 2022 +1300
s4-dsdb: remove unused Python variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit cc38a61442ddf8313225678ede19849a8388975a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:49:00 2022 +1300
s4-dsdb: Use a raw python string to avoid creating and invalid escape sequence
While the invalid escape sequence worked and was passed to the LDB
layer for it's use, linting tools will complain so we should not do
this. We don't want to get caught out when a future python version
becomes more strict.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 16b7c1f3d8a81113ca9f49d218e9e21309919780
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Oct 21 14:58:40 2022 +1300
s4-dsdb: Make tdo_attrs static const
This follows the same with 'attrs' in the previous commit.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit fb1718094d0f8b3f3cdf119eebb81f341a02d137
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:48:28 2022 +1300
s4-dsdb: Rename user_attrs to attrs to avoid conflict and add static const
This now local and static const list was otherwise a duplicate symbol
shadowing with the global user_attrs.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 1b550258ef3d0c453ec070952c9780f3759b1da1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:47:33 2022 +1300
s4-auth: Mention correct PAC buffer in error msg
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2b331c67040882cd3604f2b04851e6a811fad0b4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:47:23 2022 +1300
s4-auth: Fix typo in erberos_pac_to_user_info_dc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 349c5794d30b08dd4a086728768d3c7dac609e0f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:46:50 2022 +1300
librpc/ndr: Fix incorrect error string in SID parser
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 549f3f85c433e7348c4ba7457867a5905e834a02
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:46:23 2022 +1300
s4-kdc: Correct MIT talloc ctx names
The name of the context looks like it should match the name of the
function, but doesn't quite.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2ccb69e0ba67e5acd3e585cfa5cc3213dc6bdb58
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:46:14 2022 +1300
s4-kdc: Fix typo in MIT glue
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit ed35f40d756712345d889d08cc2f2818524df0e6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 27 14:45:36 2022 +1300
krb5: Add compatability for krb5_const_pac type
This allows this type to be used in Samba in the future for
both Kerberos implementations
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
-----------------------------------------------------------------------
Summary of changes:
.../smbdotconf/base/preforkbackoffincrement.xml | 2 +-
docs-xml/smbdotconf/protocol/disablenetbios.xml | 2 +-
docs-xml/smbdotconf/security/inheritowner.xml | 2 +-
lib/krb5_wrap/krb5_samba.h | 4 ++++
lib/ldb/include/ldb.h | 8 ++++++--
libcli/security/util_sid.c | 6 +++---
librpc/ndr/ndr_sec_helper.c | 2 +-
python/samba/__init__.py | 7 +------
python/samba/join.py | 2 +-
python/samba/netcmd/domain.py | 2 +-
python/samba/tests/auth_log.py | 2 +-
python/samba/tests/auth_log_base.py | 1 -
python/samba/tests/auth_log_pass_change.py | 1 -
source3/utils/net_groupmap.c | 2 +-
source4/auth/gensec/gensec_gssapi.c | 2 ++
source4/auth/kerberos/kerberos_pac.c | 4 ++--
source4/dsdb/common/util.c | 6 +++---
source4/dsdb/repl/replicated_objects.c | 4 ++--
source4/dsdb/tests/python/sam.py | 23 +++++++++++-----------
source4/dsdb/tests/python/token_group.py | 8 +++-----
source4/kdc/mit_samba.c | 6 +++---
testprogs/blackbox/test_kpasswd_heimdal.sh | 2 +-
third_party/heimdal_build/wscript_configure | 1 +
23 files changed, 50 insertions(+), 49 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/smbdotconf/base/preforkbackoffincrement.xml b/docs-xml/smbdotconf/base/preforkbackoffincrement.xml
index 2cb1cc32fd8..ba9d2a2e851 100644
--- a/docs-xml/smbdotconf/base/preforkbackoffincrement.xml
+++ b/docs-xml/smbdotconf/base/preforkbackoffincrement.xml
@@ -10,7 +10,7 @@
"prefork maximum backoff".
</para>
- <para>Additionally the the backoff for an individual service by using
+ <para>Additionally set the backoff for an individual service by using
"prefork backoff increment: service name"
i.e. "prefork backoff increment:ldap = 2" to set the
backoff increment to 2.</para>
diff --git a/docs-xml/smbdotconf/protocol/disablenetbios.xml b/docs-xml/smbdotconf/protocol/disablenetbios.xml
index ce398344c85..925861f52cc 100644
--- a/docs-xml/smbdotconf/protocol/disablenetbios.xml
+++ b/docs-xml/smbdotconf/protocol/disablenetbios.xml
@@ -5,7 +5,7 @@
<description>
<para>Enabling this parameter will disable netbios support
in Samba. Netbios is the only available form of browsing in
- all windows versions except for 2000 and XP. </para>
+ Windows versions prior to Windows 2000. </para>
<note><para>Clients that only support netbios won't be able to
see your samba server when netbios support is disabled.
diff --git a/docs-xml/smbdotconf/security/inheritowner.xml b/docs-xml/smbdotconf/security/inheritowner.xml
index 2a7a4b8b61d..c081e561216 100644
--- a/docs-xml/smbdotconf/security/inheritowner.xml
+++ b/docs-xml/smbdotconf/security/inheritowner.xml
@@ -39,7 +39,7 @@
<para>The <constant>unix only</constant> option effectively
breaks the tie between the Windows owner of a file and the
UNIX owner. As a logical consequence, in this mode,
- setting the the Windows owner of a file does not modify the UNIX
+ setting the Windows owner of a file does not modify the UNIX
owner. Using this mode should typically be combined with a
backing store that can emulate the full NT ACL model without
affecting the POSIX permissions, such as the acl_xattr
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 2bb04ba5a46..d082ed43f03 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -134,6 +134,10 @@ typedef struct {
#define KRB5_ERROR_CODE(k) ((k)->error)
#endif /* HAVE_E_DATA_POINTER_IN_KRB5_ERROR */
+#ifndef HAVE_KRB5_CONST_PAC
+typedef krb5_pac krb5_const_pac;
+#endif
+
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 1b3021b0fba..68cbfdb6f7a 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -2296,7 +2296,9 @@ void ldb_qsort (void *const pbase, size_t total_elems, size_t size, void *opaque
do { \
if (numel > 1) { \
ldb_qsort(base, numel, sizeof((base)[0]), discard_const(opaque), (ldb_qsort_cmp_fn_t)comparison); \
- comparison(&((base)[0]), &((base)[1]), opaque); \
+ if (0) { \
+ comparison(&((base)[0]), &((base)[1]), opaque); \
+ } \
} \
} while (0)
@@ -2306,7 +2308,9 @@ do { \
do { \
if (numel > 1) { \
qsort(base, numel, sizeof((base)[0]), (int (*)(const void *, const void *))comparison); \
- comparison(&((base)[0]), &((base)[1])); \
+ if (0) { \
+ comparison(&((base)[0]), &((base)[1])); \
+ } \
} \
} while (0)
#endif
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 15dc50339d1..242d7dd9dd1 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -339,7 +339,7 @@ int sid_compare_domain(const struct dom_sid *sid1, const struct dom_sid *sid2)
}
/********************************************************************
- Add SID to an array SIDs
+ Add SID to an array of SIDs
********************************************************************/
NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
@@ -366,7 +366,7 @@ NTSTATUS add_sid_to_array(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
/********************************************************************
- Add SID to an array SIDs ensuring that it is not already there
+ Add SID to an array of SIDs ensuring that it is not already there
********************************************************************/
NTSTATUS add_sid_to_array_unique(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
@@ -438,7 +438,7 @@ bool add_rid_to_array_unique(TALLOC_CTX *mem_ctx,
bool is_null_sid(const struct dom_sid *sid)
{
- const struct dom_sid null_sid = {0};
+ static const struct dom_sid null_sid = {0};
return dom_sid_equal(sid, &null_sid);
}
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index f14660fa36e..4d91be89c3b 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -178,7 +178,7 @@ enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct
NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid));
if (sid->num_auths != num_auths) {
return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE,
- "Bad array size %u should exceed %u",
+ "Bad num_auths %u; should equal %u",
num_auths, sid->num_auths);
}
return NDR_ERR_SUCCESS;
diff --git a/python/samba/__init__.py b/python/samba/__init__.py
index ec540a61521..54c67fed233 100644
--- a/python/samba/__init__.py
+++ b/python/samba/__init__.py
@@ -334,12 +334,7 @@ def current_unix_time():
def string_to_byte_array(string):
- blob = [0] * len(string)
-
- for i in range(len(string)):
- blob[i] = string[i] if isinstance(string[i], int) else ord(string[i])
-
- return blob
+ return [c if isinstance(c, int) else ord(c) for c in string]
def arcfour_encrypt(key, data):
diff --git a/python/samba/join.py b/python/samba/join.py
index 650bb5a08ae..70b3c9729b0 100644
--- a/python/samba/join.py
+++ b/python/samba/join.py
@@ -987,7 +987,7 @@ class DCJoinContext(object):
"not possible due to a missing parent object. "
"This is typical of a Samba "
"4.5 or earlier server. "
- "We will replicate the all objects instead.")
+ "We will replicate all the objects instead.")
else:
raise
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 83cbc1b810f..4a75c3762aa 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -1352,7 +1352,7 @@ class cmd_domain_passwordsettings_set(Command):
Option("--max-pwd-age",
help="The maximum password age (<integer in days> | default). Default is 43.", type=str),
Option("--account-lockout-duration",
- help="The the length of time an account is locked out after exeeding the limit on bad password attempts (<integer in mins> | default). Default is 30 mins.", type=str),
+ help="The length of time an account is locked out after exeeding the limit on bad password attempts (<integer in mins> | default). Default is 30 mins.", type=str),
Option("--account-lockout-threshold",
help="The number of bad password attempts allowed before locking out the account (<integer> | default). Default is 0 (never lock out).", type=str),
Option("--reset-account-lockout-after",
diff --git a/python/samba/tests/auth_log.py b/python/samba/tests/auth_log.py
index 9949b0abe4d..d166b93d90a 100644
--- a/python/samba/tests/auth_log.py
+++ b/python/samba/tests/auth_log.py
@@ -92,7 +92,7 @@ class AuthLogTests(samba.tests.auth_log_base.AuthLogTestBase):
# lambda x: x removes anything that evaluates to False,
# including empty strings, so we handle "" as well
binding_list = \
- list(filter(lambda x: x, re.compile('[\[,\]]').split(binding)))
+ list(filter(lambda x: x, re.compile(r'[\[,\]]').split(binding)))
# Handle explicit smb2, smb1 or auto negotiation
if "smb2" in binding_list:
diff --git a/python/samba/tests/auth_log_base.py b/python/samba/tests/auth_log_base.py
index 58bc817440d..2026bc97a83 100644
--- a/python/samba/tests/auth_log_base.py
+++ b/python/samba/tests/auth_log_base.py
@@ -26,7 +26,6 @@ import time
import json
import os
import re
-from samba import param
class AuthLogTestBase(samba.tests.TestCase):
diff --git a/python/samba/tests/auth_log_pass_change.py b/python/samba/tests/auth_log_pass_change.py
index cb4c42167d2..972af2158dd 100644
--- a/python/samba/tests/auth_log_pass_change.py
+++ b/python/samba/tests/auth_log_pass_change.py
@@ -26,7 +26,6 @@ import samba.tests.auth_log_base
from samba.tests import delete_force
from samba.net import Net
import samba
-from subprocess import call
from ldb import LdbError
from samba.tests.password_test import PasswordCommon
from samba.dcerpc.windows_event_ids import (
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index 68765a21fc8..4f36d450f8e 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -157,7 +157,7 @@ static int net_groupmap_list(struct net_context *c, int argc, const char **argv)
/* Get the current mapping from the database */
if(!pdb_getgrsid(map, sid)) {
d_fprintf(stderr,
- _("Failure to local group SID in the "
+ _("Failure to find local group SID in the "
"database\n"));
TALLOC_FREE(map);
return -1;
diff --git a/source4/auth/gensec/gensec_gssapi.c b/source4/auth/gensec/gensec_gssapi.c
index e33c78462e2..cca19646dfc 100644
--- a/source4/auth/gensec/gensec_gssapi.c
+++ b/source4/auth/gensec/gensec_gssapi.c
@@ -836,6 +836,7 @@ init_sec_context_done:
}
if (output_token.length < 4) {
+ gss_release_buffer(&min_stat, &output_token);
return NT_STATUS_INVALID_PARAMETER;
}
@@ -989,6 +990,7 @@ init_sec_context_done:
}
if (output_token.length < 4) {
+ gss_release_buffer(&min_stat, &output_token);
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 156a140b1de..ffb201ca3c9 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -385,7 +385,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
upn_dns_info = &_upn_dns_info.upn_dns_info;
}
- /* Pull this right into the normal auth sysstem structures */
+ /* Pull this right into the normal auth system structures */
nt_status = make_user_info_dc_pac(mem_ctx,
info.logon_info.info,
upn_dns_info,
@@ -416,7 +416,7 @@ krb5_error_code kerberos_pac_to_user_info_dc(TALLOC_CTX *mem_ctx,
smb_krb5_free_data_contents(context, &k5pac_srv_checksum_in);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
nt_status = ndr_map_error2ntstatus(ndr_err);
- DEBUG(0,("can't parse the KDC signature: %s\n",
+ DEBUG(0,("can't parse the server signature: %s\n",
nt_errstr(nt_status)));
return EINVAL;
}
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index be0a2cd4a33..f5de9d82cdf 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -2544,7 +2544,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
{
TALLOC_CTX *frame = talloc_stackframe();
NTSTATUS nt_status;
- const char * const user_attrs[] = {
+ static const char * const attrs[] = {
"userAccountControl",
"sAMAccountName",
NULL
@@ -2561,7 +2561,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
}
ret = dsdb_search_one(ldb, frame, &user_msg, ldb_get_default_basedn(ldb),
- LDB_SCOPE_SUBTREE, user_attrs, 0,
+ LDB_SCOPE_SUBTREE, attrs, 0,
"(&(objectSid=%s)(objectClass=user))",
ldap_encode_ndr_dom_sid(frame, user_sid));
if (ret != LDB_SUCCESS) {
@@ -2587,7 +2587,7 @@ NTSTATUS samdb_set_password_sid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx,
}
if (uac & UF_INTERDOMAIN_TRUST_ACCOUNT) {
- const char * const tdo_attrs[] = {
+ static const char * const tdo_attrs[] = {
"trustAuthIncoming",
"trustDirection",
NULL
diff --git a/source4/dsdb/repl/replicated_objects.c b/source4/dsdb/repl/replicated_objects.c
index 6a07a88961b..83d1b421c45 100644
--- a/source4/dsdb/repl/replicated_objects.c
+++ b/source4/dsdb/repl/replicated_objects.c
@@ -748,7 +748,7 @@ WERROR dsdb_replicated_objects_convert(struct ldb_context *ldb,
out->num_objects++;
}
- DBG_INFO("Proceesed %"PRIu32" DRS objects, saw %"PRIu32" objects "
+ DBG_INFO("Processed %"PRIu32" DRS objects, saw %"PRIu32" objects "
"and expected %"PRIu32" objects\n",
out->num_objects, i, object_count);
@@ -764,7 +764,7 @@ WERROR dsdb_replicated_objects_convert(struct ldb_context *ldb,
}
if (i != object_count) {
DBG_ERR("FAILURE: saw %"PRIu32" DRS objects, server said we "
- "should expected to see %"PRIu32" objects!\n",
+ "should expect to see %"PRIu32" objects!\n",
i, object_count);
talloc_free(out);
return WERR_FOOBAR;
diff --git a/source4/dsdb/tests/python/sam.py b/source4/dsdb/tests/python/sam.py
index 8565fe4f675..08365beb2c6 100755
--- a/source4/dsdb/tests/python/sam.py
+++ b/source4/dsdb/tests/python/sam.py
@@ -87,7 +87,7 @@ class SamTests(samba.tests.TestCase):
delete_force(self.ldb, "cn=ldaptestuser,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestuser2,cn=users," + self.base_dn)
- delete_force(self.ldb, "cn=ldaptest\,specialuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, r"cn=ldaptest\,specialuser,cn=users," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestcomputer,cn=computers," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestcomputer2,cn=computers," + self.base_dn)
delete_force(self.ldb, "cn=ldaptestgroup,cn=users," + self.base_dn)
@@ -632,9 +632,9 @@ class SamTests(samba.tests.TestCase):
# Make also a small test for accounts with special DNs ("," in this case)
ldb.add({
- "dn": "cn=ldaptest\,specialuser,cn=users," + self.base_dn,
+ "dn": r"cn=ldaptest\,specialuser,cn=users," + self.base_dn,
"objectclass": "user"})
- delete_force(self.ldb, "cn=ldaptest\,specialuser,cn=users," + self.base_dn)
+ delete_force(self.ldb, r"cn=ldaptest\,specialuser,cn=users," + self.base_dn)
def test_sam_attributes(self):
"""Test the behaviour of special attributes of SAM objects"""
@@ -1806,13 +1806,13 @@ class SamTests(samba.tests.TestCase):
sasl_ldb = SamDB(url=host, credentials=sasl_creds, lp=lp)
self.assertIsNotNone(sasl_ldb)
- sasl_ldb = None
+ del sasl_ldb
requires_strong_auth = False
try:
simple_ldb = SamDB(url=host, credentials=simple_creds, lp=lp)
self.assertIsNotNone(simple_ldb)
- simple_ldb = None
+ del simple_ldb
except LdbError as e55:
(num, msg) = e55.args
if num != ERR_STRONG_AUTH_REQUIRED:
@@ -1825,7 +1825,7 @@ class SamTests(samba.tests.TestCase):
msg, expected_msg))
try:
- ldb_fail = SamDB(url=host, credentials=sasl_wrong_creds, lp=lp)
+ SamDB(url=host, credentials=sasl_wrong_creds, lp=lp)
self.fail()
except LdbError as e56:
(num, msg) = e56.args
@@ -1834,7 +1834,7 @@ class SamTests(samba.tests.TestCase):
if not requires_strong_auth:
try:
- ldb_fail = SamDB(url=host, credentials=simple_wrong_creds, lp=lp)
+ SamDB(url=host, credentials=simple_wrong_creds, lp=lp)
self.fail()
except LdbError as e4:
(num, msg) = e4.args
@@ -1853,7 +1853,7 @@ class SamTests(samba.tests.TestCase):
self.assertEqual(int(res1[0]["pwdLastSet"][0]), 0)
try:
- ldb_fail = SamDB(url=host, credentials=sasl_wrong_creds, lp=lp)
+ SamDB(url=host, credentials=sasl_wrong_creds, lp=lp)
self.fail()
except LdbError as e57:
(num, msg) = e57.args
@@ -1861,7 +1861,7 @@ class SamTests(samba.tests.TestCase):
assertLDAPErrorMsg(msg, error_msg_sasl_wrong_pw)
try:
- ldb_fail = SamDB(url=host, credentials=sasl_creds, lp=lp)
+ SamDB(url=host, credentials=sasl_creds, lp=lp)
self.fail()
except LdbError as e58:
(num, msg) = e58.args
@@ -1870,7 +1870,7 @@ class SamTests(samba.tests.TestCase):
if not requires_strong_auth:
try:
- ldb_fail = SamDB(url=host, credentials=simple_wrong_creds, lp=lp)
+ SamDB(url=host, credentials=simple_wrong_creds, lp=lp)
self.fail()
except LdbError as e5:
(num, msg) = e5.args
@@ -1878,7 +1878,7 @@ class SamTests(samba.tests.TestCase):
assertLDAPErrorMsg(msg, error_msg_simple_wrong_pw)
try:
- ldb_fail = SamDB(url=host, credentials=simple_creds, lp=lp)
+ SamDB(url=host, credentials=simple_creds, lp=lp)
self.fail()
except LdbError as e6:
(num, msg) = e6.args
@@ -2666,7 +2666,6 @@ class SamTests(samba.tests.TestCase):
self.assertEqual(int(res[0]["userAccountControl"][0]),
UF_NORMAL_ACCOUNT |UF_SMARTCARD_REQUIRED)
self.assertEqual(int(res[0]["pwdLastSet"][0]), lastset)
- lastset1 = int(res[0]["pwdLastSet"][0])
self.assertEqual(int(res[0]["msDS-KeyVersionNumber"][0]), 2)
self.assertTrue(len(res[0]["replPropertyMetaData"]) == 1)
rpmd = ndr_unpack(drsblobs.replPropertyMetaDataBlob,
diff --git a/source4/dsdb/tests/python/token_group.py b/source4/dsdb/tests/python/token_group.py
index f066dcc3c8f..bc2c4c71350 100755
--- a/source4/dsdb/tests/python/token_group.py
+++ b/source4/dsdb/tests/python/token_group.py
@@ -23,7 +23,7 @@ from samba.credentials import Credentials, DONT_USE_KERBEROS, MUST_USE_KERBEROS,
from samba.dsdb import GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP
import samba.tests
from samba.tests import delete_force
-from samba.dcerpc import samr, security
+from samba.dcerpc import security
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES, AUTH_SESSION_INFO_NTLM
@@ -189,7 +189,7 @@ class StaticTokenTest(samba.tests.TestCase):
server_to_client = b""
# Run the actual call loop.
- while client_finished == False and server_finished == False:
+ while not client_finished and not server_finished:
if not client_finished:
print("running client gensec_update")
(client_finished, client_to_server) = gensec_client.update(server_to_client)
@@ -461,7 +461,7 @@ class DynamicTokenTest(samba.tests.TestCase):
server_to_client = b""
# Run the actual call loop.
- while client_finished == False and server_finished == False:
+ while not client_finished and not server_finished:
if not client_finished:
print("running client gensec_update")
(client_finished, client_to_server) = gensec_client.update(server_to_client)
@@ -530,7 +530,6 @@ class DynamicTokenTest(samba.tests.TestCase):
res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroups"])
self.assertEqual(len(res), 1)
- dn_tokengroups = []
for sid in res[0]['tokenGroups']:
sid = ndr_unpack(samba.dcerpc.security.dom_sid, sid)
res3 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
@@ -617,7 +616,6 @@ class DynamicTokenTest(samba.tests.TestCase):
res = self.ldb.search(self.user_sid_dn, scope=ldb.SCOPE_BASE, attrs=["tokenGroupsGlobalAndUniversal"])
self.assertEqual(len(res), 1)
- dn_tokengroups = []
for sid in res[0]['tokenGroupsGlobalAndUniversal']:
sid = ndr_unpack(samba.dcerpc.security.dom_sid, sid)
res3 = self.admin_ldb.search(base="<SID=%s>" % sid, scope=ldb.SCOPE_BASE,
diff --git a/source4/kdc/mit_samba.c b/source4/kdc/mit_samba.c
index e316c57ee31..a3d28d71d56 100644
--- a/source4/kdc/mit_samba.c
+++ b/source4/kdc/mit_samba.c
@@ -56,7 +56,7 @@ void mit_samba_context_free(struct mit_samba_context *ctx)
}
/*
- * Implemant a callback to log to the MIT KDC log facility
+ * Implement a callback to log to the MIT KDC log facility
*
* http://web.mit.edu/kerberos/krb5-devel/doc/plugindev/general.html#logging-from-kdc-and-kadmind-plugin-modules
*/
@@ -183,7 +183,7 @@ int mit_samba_generate_random_password(krb5_data *pwd)
tmp_ctx = talloc_named(NULL,
0,
- "mit_samba_create_principal_password context");
+ "mit_samba_generate_random_password context");
if (tmp_ctx == NULL) {
return ENOMEM;
}
@@ -485,7 +485,7 @@ int mit_samba_get_pac(struct mit_samba_context *smb_ctx,
tmp_ctx = talloc_named(smb_ctx,
0,
- "mit_samba_get_pac_data_blobs context");
+ "mit_samba_get_pac context");
if (tmp_ctx == NULL) {
return ENOMEM;
}
diff --git a/testprogs/blackbox/test_kpasswd_heimdal.sh b/testprogs/blackbox/test_kpasswd_heimdal.sh
index b401eec9ba8..617b1cc2d72 100755
--- a/testprogs/blackbox/test_kpasswd_heimdal.sh
+++ b/testprogs/blackbox/test_kpasswd_heimdal.sh
@@ -145,7 +145,7 @@ TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS at 03%"
--
Samba Shared Repository
More information about the samba-cvs
mailing list