[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Dec 21 21:20:02 UTC 2023
The branch, master has been updated
via 080a62bba87 tests/krb5: Add Python implementation and tests for Group Key Distribution Service
via f6bb2d40108 python: Add NT Time utility functions
via a5a58918f79 pyglue: Export some GKDI constants
via e19d74bb259 pyglue: Export some more HRESULT constants
via 9ed2544d9fa pyglue: Fix code spelling
via 6369f2cf1be lib:crypto: Add GKDI module with some constants
via 44f6bfea5a2 gkdi.idl: Verify magic numbers of pulled GKDI structures
via f86d65117ba s4:libcli: Fix conversion from HRESULT and WERROR to Python objects
via 1e67be78554 s4:libcli: Remove trailing whitespace
via 858f70037bd python:tests: Catch strings passed to utf16_encoded_len() with embedded nulls
via 27231a965e3 selftest: Rename ‘samba.unittests.test_gnutls_sp800_108’ to something more consistent with existing tests
via f5ae39548b9 gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
via 183fd79c381 gkdi.idl: Comment on domain and forest name fields
via 4b39a3e7753 s3:utils: Do not pass invalid file descriptor to close() (CID 1550131)
via dbfb19b7f90 tests/krb5: Remove redundant definitions
via 0a65dff4737 ldb: Fix code spelling
via dfefdcb1e00 buildtools: Use correct variable in error message
via e2146e4a755 lib:cmdline: Fix code spelling
via edb4c3b3dd2 pyglue: Remove unnecessary uses of discard_const_p()
via 74ca3134b1b python:tests: Don’t needlessly create single‐element tuple
via b7df67d0ae3 lib:util: Use portable integer constants
via 507ff192630 s3:param: Remove unnecessary use of discard_const_p()
via 10553111f0e python:tests: Rename parameter to be consistent with overridden method
via 6256ad74426 python:tests: Raise exception of more specific type NotImplementedError
via 3b150354534 python:tests: Use ‘False’ in boolean expression rather than ‘None’
via 93379df9778 librpc:ndr: Don’t unnecessarily parenthesize macro arguments
via a334ad85b82 lib:util: Remove redundant casts in PUSH_*() macros
via 7d88280baaa lib:util: Don’t unnecessarily parenthesize macro arguments
via 0a62d38b639 lib:util: Cast macro parameter ‘val’ to expected type
via 52c29ebc803 lib:util: Parenthesize macro parameters
via dac9cd00858 s4:auth: Clarify comment about requiring FAST armor
via 58c6e46adac s3:lib: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
via 26e704d1fa0 lib:util: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
from 828f3c99122 s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 080a62bba875c2a5df7c04703d095142200dad0e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 16:38:21 2023 +1300
tests/krb5: Add Python implementation and tests for Group Key Distribution Service
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Dec 21 21:19:30 UTC 2023 on atb-devel-224
commit f6bb2d40108417d8c163f07f8519ff9ed16dd078
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Dec 18 19:11:37 2023 +1300
python: Add NT Time utility functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a5a58918f790dd368470b1a22f718216425bb7d1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 12 18:31:34 2023 +1300
pyglue: Export some GKDI constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e19d74bb259c2f9436425587d86cbfcd45a0b144
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 12 18:31:19 2023 +1300
pyglue: Export some more HRESULT constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ed2544d9fa658847aef7edf781624dd9cb4f650
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 12 19:27:17 2023 +1300
pyglue: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6369f2cf1bec699296ca2c47b1f9a6a0d60878d0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 13 17:08:58 2023 +1300
lib:crypto: Add GKDI module with some constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 44f6bfea5a27303d8ffa2f454eb3d991ab5392c4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 12 18:27:46 2023 +1300
gkdi.idl: Verify magic numbers of pulled GKDI structures
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f86d65117ba0c964c64fb58b5a6845561156819c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 15:58:32 2023 +1300
s4:libcli: Fix conversion from HRESULT and WERROR to Python objects
The inner values of HRESULT and WERROR are 32‐bit unsigned integers,
which might not be representable in type ‘int’. We must then use the ‘k’
format specifier, which corresponds to ‘unsigned long’, a type
guaranteed to be at least 32 bits in size.
Commit c81aff362fe99a65385c6f8337ffcb47c9456829 fixed
PyErr_FromNTSTATUS(), but it did not attempt to fix the other cases.
PyErr_FromHRESULT() might return a tuple like this:
(-2147024809, 'One or more arguments are invalid.')
which, after this commit, will become this:
(2147942487, 'One or more arguments are invalid.')
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1e67be78554b7692c96e9cfb1352f436b16be6b5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 15:54:14 2023 +1300
s4:libcli: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 858f70037bdc56d06b7fd2fae12b213caac8628a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 14:44:48 2023 +1300
python:tests: Catch strings passed to utf16_encoded_len() with embedded nulls
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 27231a965e37246ccda2bdbbadad9f09775b301b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 14:10:42 2023 +1300
selftest: Rename ‘samba.unittests.test_gnutls_sp800_108’ to something more consistent with existing tests
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f5ae39548b9f9b5f87a79530e5c2ee4c682a12fe
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 19 09:53:50 2023 +1300
gkdi.idl: Add ‘additional_info’ field to KeyEnvelope structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 183fd79c381961738587da6051677f20237cc2f7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 19 09:51:30 2023 +1300
gkdi.idl: Comment on domain and forest name fields
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4b39a3e77537715e8fd79b6014b97183a0a60cdb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Dec 18 09:31:11 2023 +1300
s3:utils: Do not pass invalid file descriptor to close() (CID 1550131)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dbfb19b7f9031b479d2396db18da764c915a5272
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 15 10:26:31 2023 +1300
tests/krb5: Remove redundant definitions
These items are already defined elsewhere.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0a65dff4737ef23d8f98134463933a69f9d84f2b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Dec 14 15:26:39 2023 +1300
ldb: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dfefdcb1e00c8e1c29b2fc2e61a21068b11d1f25
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Dec 14 08:25:38 2023 +1300
buildtools: Use correct variable in error message
When this error message was copied from CHECK_FUNCS_IN(), the variable
name was not changed. This results in messages like this:
“Mandatory library 'lib' not found for functions '<class 'list'>'”
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e2146e4a755bc0fc5b553a61b6fa71e90d8b2b56
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Dec 13 16:40:06 2023 +1300
lib:cmdline: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit edb4c3b3dd2d12c60e61864690d86025c6261dc0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 12 17:37:53 2023 +1300
pyglue: Remove unnecessary uses of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 74ca3134b1be550f4b5734ee772e46df3bca7130
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 12 19:34:11 2023 +1300
python:tests: Don’t needlessly create single‐element tuple
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b7df67d0ae380a4a67038d88ffdc0a5675d66c5d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Dec 11 12:55:05 2023 +1300
lib:util: Use portable integer constants
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 507ff192630d7fd29929dcee5dd08b8227d8d93f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Dec 11 10:23:23 2023 +1300
s3:param: Remove unnecessary use of discard_const_p()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 10553111f0ea1d09db5e1c67a807a8f76f447889
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 10:48:40 2023 +1300
python:tests: Rename parameter to be consistent with overridden method
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6256ad7442691f038856dd4fc09cf1e5c6f94fc1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 10:30:14 2023 +1300
python:tests: Raise exception of more specific type NotImplementedError
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3b150354534587c7719c62e21974612d798cc980
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Dec 8 08:34:38 2023 +1300
python:tests: Use ‘False’ in boolean expression rather than ‘None’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 93379df97781efb03d5fea39e89efcbcaacc2eba
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 30 15:31:32 2023 +1300
librpc:ndr: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a334ad85b820eb1613a0b58e71814bdf54f22f95
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 30 15:00:08 2023 +1300
lib:util: Remove redundant casts in PUSH_*() macros
The PUSH_*() macros already cast their arguments to the expected type,
so we don’t need to cast the arguments *again* prior to invoking the
macros.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7d88280baaa8289addcc50fa927a6ac856628871
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 30 15:11:10 2023 +1300
lib:util: Don’t unnecessarily parenthesize macro arguments
If we’re just passing a parameter to another macro which we know
correctly parenthesizes its arguments, then we don’t need to
parenthesize the parameter ourselves.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0a62d38b6392508c19142c41a3f1bf7eddfc4824
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 30 15:08:04 2023 +1300
lib:util: Cast macro parameter ‘val’ to expected type
These macros are now consistent with PUSH_BE_U8() and with the
PUSH_LE_*() macros.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 52c29ebc803a9fd01552a74cc0dc83f547328870
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Nov 30 15:06:15 2023 +1300
lib:util: Parenthesize macro parameters
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit dac9cd00858c3d8eb9a07a03dc2e12837a67f81a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Nov 29 10:42:36 2023 +1300
s4:auth: Clarify comment about requiring FAST armor
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 58c6e46adac2b195e3807fc10be2e42900b079fd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Dec 19 10:23:14 2023 +1300
s3:lib: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 26e704d1fa0b5a0a8facad5b9b4bee0dee5be778
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Nov 27 16:24:00 2023 +1300
lib:util: Define TIME_FIXUP_CONSTANT_INT using INT64_C() macro
This is more portable than using preprocessor conditionals.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_autoconf.py | 2 +-
lib/cmdline/cmdline_private.h | 2 +-
.../libnet/grouptest.h => lib/crypto/gkdi.c | 11 +-
lib/crypto/gkdi.h | 32 +
lib/crypto/wscript | 3 +
lib/ldb/include/ldb.h | 2 +-
lib/util/bytearray.h | 12 +-
lib/util/byteorder.h | 10 +-
lib/util/time.c | 12 +-
librpc/idl/gkdi.idl | 22 +-
librpc/ndr/ndr_basic.c | 6 +-
python/pyglue.c | 73 ++-
python/samba/__init__.py | 3 +
python/samba/gkdi.py | 397 ++++++++++++
python/samba/nt_time.py | 60 ++
python/samba/tests/__init__.py | 4 +-
python/samba/tests/domain_backup.py | 4 +-
python/samba/tests/gkdi.py | 644 ++++++++++++++++++
python/samba/tests/krb5/gkdi_tests.py | 716 +++++++++++++++++++++
python/samba/tests/krb5/raw_testcase.py | 8 +-
python/samba/tests/krb5/rfc4120.asn1 | 9 -
.../samba/tests/krb5/rfc4120_pyasn1_generated.py | 20 +-
python/samba/tests/ndr/gkdi.py | 9 +-
python/samba/tests/smbconf.py | 2 +-
python/wscript | 1 +
selftest/knownfail.d/gkdi | 18 +
selftest/tests.py | 2 +-
source3/lib/time.c | 6 +-
source3/param/pyparam_util.c | 2 +-
source3/utils/smbcacls.c | 2 +-
source4/auth/kerberos/kerberos_util.c | 6 +-
source4/libcli/util/pyerrors.h | 20 +-
source4/selftest/tests.py | 4 +
33 files changed, 2011 insertions(+), 113 deletions(-)
copy source4/torture/libnet/grouptest.h => lib/crypto/gkdi.c (60%)
create mode 100644 lib/crypto/gkdi.h
create mode 100644 python/samba/gkdi.py
create mode 100644 python/samba/nt_time.py
create mode 100644 python/samba/tests/gkdi.py
create mode 100755 python/samba/tests/krb5/gkdi_tests.py
create mode 100644 selftest/knownfail.d/gkdi
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 16f962ded60..7b383ea0b71 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -625,7 +625,7 @@ int foo()
if not res:
if mandatory:
- Logs.error("Mandatory library '%s' not found for functions '%s'" % (lib, list))
+ Logs.error("Mandatory library '%s' not found for functions '%s'" % (lib, libs))
sys.exit(1)
if empty_decl:
# if it isn't a mandatory library, then remove it from dependency lists
diff --git a/lib/cmdline/cmdline_private.h b/lib/cmdline/cmdline_private.h
index 9706b008b3e..e2d4e9563fb 100644
--- a/lib/cmdline/cmdline_private.h
+++ b/lib/cmdline/cmdline_private.h
@@ -51,7 +51,7 @@ typedef bool (*samba_cmdline_load_config)(void);
* initializes:
*
* - Crash setup
- * - logging system sening logs to stdout
+ * - logging system sending logs to stdout
* - talloc leak reporting
*
* @param[in] mem_ctx The talloc memory context to use for allocating memory.
diff --git a/source4/torture/libnet/grouptest.h b/lib/crypto/gkdi.c
similarity index 60%
copy from source4/torture/libnet/grouptest.h
copy to lib/crypto/gkdi.c
index 8b65e6e57aa..e049cf96bac 100644
--- a/source4/torture/libnet/grouptest.h
+++ b/lib/crypto/gkdi.c
@@ -1,11 +1,12 @@
/*
Unix SMB/CIFS implementation.
+ Group Key Distribution Protocol functions
- Copyright (C) Rafal Szczesniak 2007
+ Copyright (C) Catalyst.Net Ltd 2023
- This program is free software; you can redistribute it and/or modify
+ This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
+ the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
@@ -14,7 +15,7 @@
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-#define TEST_GROUPNAME "libnetgrptest"
+#include "lib/crypto/gkdi.h"
diff --git a/lib/crypto/gkdi.h b/lib/crypto/gkdi.h
new file mode 100644
index 00000000000..b6c18a8f6ae
--- /dev/null
+++ b/lib/crypto/gkdi.h
@@ -0,0 +1,32 @@
+/*
+ Unix SMB/CIFS implementation.
+ Group Key Distribution Protocol functions
+
+ Copyright (C) Catalyst.Net Ltd 2023
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+#ifndef LIB_CRYPTO_GKDI_H
+#define LIB_CRYPTO_GKDI_H
+
+#include <stdint.h>
+
+static const int gkdi_l1_key_iteration = 32;
+static const int gkdi_l2_key_iteration = 32;
+
+static const int64_t gkdi_key_cycle_duration = 360000000000;
+static const int64_t gkdi_max_clock_skew = 3000000000;
+
+#endif /* LIB_CRYPTO_GKDI_H */
diff --git a/lib/crypto/wscript b/lib/crypto/wscript
index 23017fbd637..d39e7cbc8cb 100644
--- a/lib/crypto/wscript
+++ b/lib/crypto/wscript
@@ -27,6 +27,9 @@ def build(bld):
LIBCRYPTO
''')
+ bld.SAMBA_SUBSYSTEM('gkdi',
+ source='gkdi.c')
+
bld.SAMBA_PYTHON('python_crypto',
source='py_crypto.c',
deps='gnutls talloc LIBCLI_AUTH',
diff --git a/lib/ldb/include/ldb.h b/lib/ldb/include/ldb.h
index 95c7d527f84..5d83a270573 100644
--- a/lib/ldb/include/ldb.h
+++ b/lib/ldb/include/ldb.h
@@ -2054,7 +2054,7 @@ int ldb_msg_element_compare_name(struct ldb_message_element *el1,
Find elements in a message.
This function finds elements and converts to a specific type, with
- a give default value if not found. Assumes that elements are
+ a given default value if not found. Assumes that elements are
single valued.
*/
const struct ldb_val *ldb_msg_find_ldb_val(const struct ldb_message *msg, const char *attr_name);
diff --git a/lib/util/bytearray.h b/lib/util/bytearray.h
index ecab90b067d..0af8a82c2c1 100644
--- a/lib/util/bytearray.h
+++ b/lib/util/bytearray.h
@@ -59,17 +59,17 @@
PUSH_LE_U8(data, pos, val)
#define PUSH_LE_U16(data, pos, val) \
- (PUSH_LE_U8((data), (pos), (uint8_t)((uint16_t)(val) & 0xff)), PUSH_LE_U8((data), (pos) + 1, (uint8_t)((uint16_t)(val) >> 8)))
+ (PUSH_LE_U8(data, pos, (uint16_t)(val) & 0xff), PUSH_LE_U8(data, (pos) + 1, (uint16_t)(val) >> 8))
#define PUSH_LE_I16(data, pos, val) \
PUSH_LE_U16(data, pos, val)
#define PUSH_LE_U32(data, pos, val) \
- (PUSH_LE_U16((data), (pos), (uint16_t)((uint32_t)(val) & 0xffff)), PUSH_LE_U16((data), (pos) + 2, (uint16_t)((uint32_t)(val) >> 16)))
+ (PUSH_LE_U16(data, pos, (uint32_t)(val) & 0xffff), PUSH_LE_U16(data, (pos) + 2, (uint32_t)(val) >> 16))
#define PUSH_LE_I32(data, pos, val) \
PUSH_LE_U32(data, pos, val)
#define PUSH_LE_U64(data, pos, val) \
- (PUSH_LE_U32((data), (pos), (uint32_t)((uint64_t)(val) & 0xffffffff)), PUSH_LE_U32((data), (pos) + 4, (uint32_t)((uint64_t)(val) >> 32)))
+ (PUSH_LE_U32(data, pos, (uint64_t)(val) & 0xffffffff), PUSH_LE_U32(data, (pos) + 4, (uint64_t)(val) >> 32))
#define PUSH_LE_I64(data, pos, val) \
PUSH_LE_U64(data, pos, val)
@@ -107,17 +107,17 @@
PUSH_BE_U8(data, pos, val)
#define PUSH_BE_U16(data, pos, val) \
- (PUSH_BE_U8((data), (pos), (uint8_t)(((uint16_t)(val)) >> 8)), PUSH_BE_U8((data), (pos) + 1, (uint8_t)((val) & 0xff)))
+ (PUSH_BE_U8(data, pos, ((uint16_t)(val)) >> 8), PUSH_BE_U8(data, (pos) + 1, (uint16_t)(val) & 0xff))
#define PUSH_BE_I16(data, pos, val) \
PUSH_BE_U16(data, pos, val)
#define PUSH_BE_U32(data, pos, val) \
- (PUSH_BE_U16((data), (pos), (uint16_t)(((uint32_t)(val)) >> 16)), PUSH_BE_U16((data), (pos) + 2, (uint16_t)((val) & 0xffff)))
+ (PUSH_BE_U16(data, pos, (uint32_t)(val) >> 16), PUSH_BE_U16(data, (pos) + 2, (uint32_t)(val) & 0xffff))
#define PUSH_BE_I32(data, pos, val) \
PUSH_BE_U32(data, pos, val)
#define PUSH_BE_U64(data, pos, val) \
- (PUSH_BE_U32((data), (pos), (uint32_t)(((uint64_t)(val)) >> 32)), PUSH_BE_U32((data), (pos) + 4, (uint32_t)((val) & 0xffffffff)))
+ (PUSH_BE_U32(data, pos, (uint64_t)(val) >> 32), PUSH_BE_U32(data, (pos) + 4, (uint64_t)(val) & 0xffffffff))
#define PUSH_BE_I64(data, pos, val) \
PUSH_BE_U64(data, pos, val)
diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h
index e8664e95538..65023f93b06 100644
--- a/lib/util/byteorder.h
+++ b/lib/util/byteorder.h
@@ -109,8 +109,8 @@ it also defines lots of intermediate macros, just ignore those :-)
#define SVAL(buf,pos) (uint32_t)PULL_LE_U16(buf, pos)
#define IVAL(buf,pos) PULL_LE_U32(buf, pos)
-#define SSVALX(buf,pos,val) (CVAL_NC(buf,pos)=(uint8_t)((val)&0xFF),CVAL_NC(buf,pos+1)=(uint8_t)((val)>>8))
-#define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16))
+#define SSVALX(buf,pos,val) (CVAL_NC(buf,pos)=(uint8_t)((val)&0xFF),CVAL_NC(buf,(pos)+1)=(uint8_t)((val)>>8))
+#define SIVALX(buf,pos,val) (SSVALX(buf,pos,(val)&0xFFFF),SSVALX(buf,(pos)+2,(val)>>16))
#define SVALS(buf,pos) ((int16_t)SVAL(buf,pos))
#define IVALS(buf,pos) ((int32_t)IVAL(buf,pos))
#define SSVAL(buf,pos,val) PUSH_LE_U16(buf, pos, val)
@@ -128,7 +128,7 @@ it also defines lots of intermediate macros, just ignore those :-)
#define BVAL(p, ofs) PULL_LE_U64(p, ofs)
#define BVALS(p, ofs) ((int64_t)BVAL(p,ofs))
#define SBVAL(p, ofs, v) PUSH_LE_U64(p, ofs, v)
-#define SBVALS(p, ofs, v) (SBVAL(p,ofs,(uint64_t)v))
+#define SBVALS(p, ofs, v) (SBVAL(p,ofs,(uint64_t)(v)))
/****************************************************************************
*
@@ -138,8 +138,8 @@ it also defines lots of intermediate macros, just ignore those :-)
/* now the reverse routines - these are used in nmb packets (mostly) */
#define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF))
-#define IREV(x) ((SREV((uint32_t)x)<<16) | (SREV(((uint32_t)x)>>16)))
-#define BREV(x) ((IREV((uint64_t)x)<<32) | (IREV(((uint64_t)x)>>32)))
+#define IREV(x) ((SREV((uint32_t)(x))<<16) | (SREV(((uint32_t)(x))>>16)))
+#define BREV(x) ((IREV((uint64_t)(x))<<32) | (IREV(((uint64_t)(x))>>32)))
/****************************************************************************
*
diff --git a/lib/util/time.c b/lib/util/time.c
index c2a77d664d3..31bb0a7aad9 100644
--- a/lib/util/time.c
+++ b/lib/util/time.c
@@ -36,11 +36,7 @@
* @brief time handling functions
*/
-#if (SIZEOF_LONG == 8)
-#define TIME_FIXUP_CONSTANT_INT 11644473600L
-#elif (SIZEOF_LONG_LONG == 8)
-#define TIME_FIXUP_CONSTANT_INT 11644473600LL
-#endif
+#define TIME_FIXUP_CONSTANT_INT INT64_C(11644473600)
#define NSEC_PER_SEC 1000000000
@@ -140,7 +136,7 @@ _PUBLIC_ void unix_to_nt_time(NTTIME *nt, time_t t)
uint64_t t2;
if (t == (time_t)-1) {
- *nt = (NTTIME)-1LL;
+ *nt = UINT64_MAX;
return;
}
@@ -901,7 +897,7 @@ struct timespec nt_time_to_unix_timespec(NTTIME nt)
{
struct timespec ret;
- if (nt == 0 || nt == (int64_t)-1) {
+ if (nt == 0 || nt == UINT64_MAX) {
ret.tv_sec = 0;
ret.tv_nsec = 0;
return ret;
@@ -1053,7 +1049,7 @@ _PUBLIC_ NTTIME unix_timespec_to_nt_time(struct timespec ts)
return 0x7fffffffffffffffLL;
}
if (ts.tv_sec == (time_t)-1) {
- return (uint64_t)-1;
+ return UINT64_MAX;
}
d = ts.tv_sec;
diff --git a/librpc/idl/gkdi.idl b/librpc/idl/gkdi.idl
index 4f035273cf4..e57e95b6c6e 100644
--- a/librpc/idl/gkdi.idl
+++ b/librpc/idl/gkdi.idl
@@ -36,22 +36,28 @@ interface gkdi
*/
typedef [public] struct {
uint32 version;
- [value(0x4b53444b)] uint32 magic; /* ‘KDSK’ */
+ [value(0x4b53444b), range(0x4b53444b, 0x4b53444b)] uint32 magic; /* ‘KDSK’ */
EnvelopeFlags flags;
uint32 l0_index;
[range(0, 31)] uint32 l1_index;
[range(0, 31)] uint32 l2_index;
GUID root_key_id;
- uint32 unknown; /* This might be the length of a key that is rarely or never present. */
+ uint32 additional_info_len;
[value(2 * ndr_charset_length(domain_name, CH_UTF16))] uint32 domain_name_len;
[value(2 * ndr_charset_length(forest_name, CH_UTF16))] uint32 forest_name_len;
- nstring domain_name;
- nstring forest_name;
+ /*
+ * https://lists.samba.org/archive/cifs-protocol/2023-December/004170.html
+ * This is the public key blob of an ephemeral public key used in secret
+ * agreement, or a random number used in deriving a symmetric key.
+ */
+ [flag(NDR_SECRET)] uint8 additional_info[additional_info_len];
+ nstring domain_name; /* DNS name of the domain which generated the key. */
+ nstring forest_name; /* DNS name of the forest which generated the key. */
} KeyEnvelope;
typedef [public] struct {
uint32 version; /* The version (msKds-Version) of the root key ADM element. */
- [value(0x4b53444b)] uint32 magic; /* ‘KDSK’ */
+ [value(0x4b53444b), range(0x4b53444b, 0x4b53444b)] uint32 magic; /* ‘KDSK’ */
EnvelopeFlags flags;
uint32 l0_index;
[range(0, 31)] uint32 l1_index;
@@ -71,8 +77,8 @@ interface gkdi
uint8 kdf_parameters[kdf_parameters_len];
nstring secret_agreement_algorithm;
uint8 secret_agreement_parameters[secret_agreement_parameters_len];
- nstring domain_name;
- nstring forest_name;
+ nstring domain_name; /* DNS name of the domain which generated the key. */
+ nstring forest_name; /* DNS name of the forest which generated the key. */
[flag(NDR_SECRET)] uint8 l1_key[l1_key_len];
[flag(NDR_SECRET)] uint8 l2_key[l2_key_len];
} GroupKeyEnvelope;
@@ -92,7 +98,7 @@ interface gkdi
* ‘key_length’ bytes each.
*/
[value(12 + 2 * key_length)] uint32 length;
- [value(0x4d504844)] uint32 magic; /* ‘DHPM’ */
+ [value(0x4d504844), range(0x4d504844, 0x4d504844)] uint32 magic; /* ‘DHPM’ */
uint32 key_length;
uint8 field_order[key_length];
uint8 generator[key_length];
diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c
index eae0fd062cb..fc8620f28c7 100644
--- a/librpc/ndr/ndr_basic.c
+++ b/librpc/ndr/ndr_basic.c
@@ -37,7 +37,7 @@
(int32_t)(NDR_BE(ndr) ? PULL_BE_U32(ndr->data,ofs) : PULL_LE_U32(ndr->data,ofs))
#define NDR_PULL_I64(ndr, ofs) \
- (NDR_BE(ndr) ? PULL_BE_I64((ndr)->data, (ofs)) : PULL_LE_I64((ndr)->data, (ofs)))
+ (NDR_BE(ndr) ? PULL_BE_I64((ndr)->data, ofs) : PULL_LE_I64((ndr)->data, ofs))
#define NDR_PUSH_U16(ndr, ofs, v) \
do { \
@@ -69,9 +69,9 @@
#define NDR_PUSH_I64(ndr, ofs, v) \
do { \
if (NDR_BE(ndr)) { \
- PUSH_BE_I64((ndr)->data, (ofs), (v)); \
+ PUSH_BE_I64((ndr)->data, ofs, v); \
} else { \
- PUSH_LE_I64((ndr)->data, (ofs), (v)); \
+ PUSH_LE_I64((ndr)->data, ofs, v); \
} \
} while (0)
diff --git a/python/pyglue.c b/python/pyglue.c
index 47e162a8631..77cd556e0da 100644
--- a/python/pyglue.c
+++ b/python/pyglue.c
@@ -28,6 +28,7 @@
#include "librpc/ndr/ndr_private.h"
#include "lib/cmdline/cmdline.h"
#include "libcli/util/hresult.h"
+#include "lib/crypto/gkdi.h"
void init_glue(void);
static PyObject *PyExc_NTSTATUSError;
@@ -430,8 +431,8 @@ static PyObject *py_interface_ips(PyObject *self, PyObject *args)
static PyObject *py_strcasecmp_m(PyObject *self, PyObject *args)
{
- const char *s1 = NULL;
- const char *s2 = NULL;
+ char *s1 = NULL;
+ char *s2 = NULL;
long cmp_result = 0;
if (!PyArg_ParseTuple(args, PYARG_STR_UNI
PYARG_STR_UNI,
@@ -440,15 +441,15 @@ static PyObject *py_strcasecmp_m(PyObject *self, PyObject *args)
}
cmp_result = strcasecmp_m(s1, s2);
- PyMem_Free(discard_const_p(char, s1));
- PyMem_Free(discard_const_p(char, s2));
+ PyMem_Free(s1);
+ PyMem_Free(s2);
return PyLong_FromLong(cmp_result);
}
static PyObject *py_strstr_m(PyObject *self, PyObject *args)
{
- const char *s1 = NULL;
- const char *s2 = NULL;
+ char *s1 = NULL;
+ char *s2 = NULL;
char *strstr_ret = NULL;
PyObject *result = NULL;
if (!PyArg_ParseTuple(args, PYARG_STR_UNI
@@ -458,13 +459,13 @@ static PyObject *py_strstr_m(PyObject *self, PyObject *args)
strstr_ret = strstr_m(s1, s2);
if (!strstr_ret) {
- PyMem_Free(discard_const_p(char, s1));
- PyMem_Free(discard_const_p(char, s2));
+ PyMem_Free(s1);
+ PyMem_Free(s2);
Py_RETURN_NONE;
}
result = PyUnicode_FromString(strstr_ret);
- PyMem_Free(discard_const_p(char, s1));
- PyMem_Free(discard_const_p(char, s2));
+ PyMem_Free(s1);
+ PyMem_Free(s2);
return result;
}
@@ -572,7 +573,7 @@ static PyMethodDef py_misc_methods[] = {
{ "is_ntvfs_fileserver_built", (PyCFunction)py_is_ntvfs_fileserver_built, METH_NOARGS,
"is the NTVFS file server built in this installation?" },
{ "is_heimdal_built", (PyCFunction)py_is_heimdal_built, METH_NOARGS,
- "is Samba built with Heimdal Kerberbos?" },
+ "is Samba built with Heimdal Kerberos?" },
{ "generate_random_bytes",
(PyCFunction)py_generate_random_bytes,
METH_VARARGS,
@@ -600,6 +601,8 @@ static struct PyModuleDef moduledef = {
MODULE_INIT_FUNC(_glue)
{
PyObject *m;
+ PyObject *py_obj = NULL;
+ int ret;
debug_setup_talloc_log();
@@ -609,33 +612,73 @@ MODULE_INIT_FUNC(_glue)
PyModule_AddObject(m, "version",
PyUnicode_FromString(SAMBA_VERSION_STRING));
- PyExc_NTSTATUSError = PyErr_NewException(discard_const_p(char, "samba.NTSTATUSError"), PyExc_RuntimeError, NULL);
+ PyExc_NTSTATUSError = PyErr_NewException("samba.NTSTATUSError", PyExc_RuntimeError, NULL);
if (PyExc_NTSTATUSError != NULL) {
Py_INCREF(PyExc_NTSTATUSError);
PyModule_AddObject(m, "NTSTATUSError", PyExc_NTSTATUSError);
}
- PyExc_WERRORError = PyErr_NewException(discard_const_p(char, "samba.WERRORError"), PyExc_RuntimeError, NULL);
+ PyExc_WERRORError = PyErr_NewException("samba.WERRORError", PyExc_RuntimeError, NULL);
if (PyExc_WERRORError != NULL) {
Py_INCREF(PyExc_WERRORError);
PyModule_AddObject(m, "WERRORError", PyExc_WERRORError);
}
- PyExc_HRESULTError = PyErr_NewException(discard_const_p(char, "samba.HRESULTError"), PyExc_RuntimeError, NULL);
+ PyExc_HRESULTError = PyErr_NewException("samba.HRESULTError", PyExc_RuntimeError, NULL);
if (PyExc_HRESULTError != NULL) {
Py_INCREF(PyExc_HRESULTError);
PyModule_AddObject(m, "HRESULTError", PyExc_HRESULTError);
}
- PyExc_DsExtendedError = PyErr_NewException(discard_const_p(char, "samba.DsExtendedError"), PyExc_RuntimeError, NULL);
+ PyExc_DsExtendedError = PyErr_NewException("samba.DsExtendedError", PyExc_RuntimeError, NULL);
if (PyExc_DsExtendedError != NULL) {
Py_INCREF(PyExc_DsExtendedError);
PyModule_AddObject(m, "DsExtendedError", PyExc_DsExtendedError);
}
+ PyModule_AddObject(m, "HRES_E_INVALIDARG",
+ PyLong_FromUnsignedLongLong(HRES_ERROR_V(HRES_E_INVALIDARG)));
+ PyModule_AddObject(m, "HRES_NTE_BAD_KEY",
+ PyLong_FromUnsignedLongLong(HRES_ERROR_V(HRES_NTE_BAD_KEY)));
+ PyModule_AddObject(m, "HRES_NTE_NO_KEY",
+ PyLong_FromUnsignedLongLong(HRES_ERROR_V(HRES_NTE_NO_KEY)));
PyModule_AddObject(m, "HRES_SEC_E_INVALID_TOKEN",
PyLong_FromUnsignedLongLong(HRES_ERROR_V(HRES_SEC_E_INVALID_TOKEN)));
PyModule_AddObject(m, "HRES_SEC_E_LOGON_DENIED",
PyLong_FromUnsignedLongLong(HRES_ERROR_V(HRES_SEC_E_LOGON_DENIED)));
+
+ ret = PyModule_AddIntConstant(m, "GKDI_L1_KEY_ITERATION", gkdi_l1_key_iteration);
+ if (ret) {
+ Py_DECREF(m);
+ return NULL;
+ }
+ ret = PyModule_AddIntConstant(m, "GKDI_L2_KEY_ITERATION", gkdi_l2_key_iteration);
+ if (ret) {
+ Py_DECREF(m);
+ return NULL;
+ }
+ py_obj = PyLong_FromLongLong(gkdi_key_cycle_duration);
+ if (py_obj == NULL) {
+ Py_DECREF(m);
+ return NULL;
+ }
+ ret = PyModule_AddObject(m, "GKDI_KEY_CYCLE_DURATION", py_obj);
+ if (ret) {
+ Py_DECREF(py_obj);
+ Py_DECREF(m);
+ return NULL;
+ }
+ py_obj = PyLong_FromLongLong(gkdi_max_clock_skew);
+ if (py_obj == NULL) {
+ Py_DECREF(m);
+ return NULL;
+ }
+ ret = PyModule_AddObject(m, "GKDI_MAX_CLOCK_SKEW", py_obj);
+ if (ret) {
+ Py_DECREF(py_obj);
+ Py_DECREF(m);
+ return NULL;
+ }
+
return m;
}
diff --git a/python/samba/__init__.py b/python/samba/__init__.py
index 13b646b65ae..d8eb16d204e 100644
--- a/python/samba/__init__.py
+++ b/python/samba/__init__.py
@@ -399,5 +399,8 @@ HRESULTError = _glue.HRESULTError
WERRORError = _glue.WERRORError
DsExtendedError = _glue.DsExtendedError
+HRES_E_INVALIDARG = _glue.HRES_E_INVALIDARG
+HRES_NTE_BAD_KEY = _glue.HRES_NTE_BAD_KEY
+HRES_NTE_NO_KEY = _glue.HRES_NTE_NO_KEY
--
Samba Shared Repository
More information about the samba-cvs
mailing list