[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Mar 3 02:03:02 UTC 2023
The branch, master has been updated
via c28f61b6bbd Add a git-blame-ignore-revs file
via 8e830d76083 samba-tool: Clarify cse register command file dest
via 1fa162a13b4 librpc: Fix compile error for libnet_join.idl
via f2416493c0c s4: remove unused lib/com/*
via d128d401f0a s3:rpc_server/netlogon: Fix typo
via a470394f588 torture/backupkey: Fix possibly wrong typo'd array index
via aa90354e242 torture/backupkey: Fix flapping test
via 264351f5c35 pytest/delete_object: Remove unused variables
via 1f5e34bdaca pytest/getnc_exop: Remove unused variable
via e2df264e7c5 pytest/repl_move: Remove unused variables
via 44f05afe82a pytest/repl_rodc: Remove unused variable
via bf2daf79d68 pytest/replica_sync: Remove unused variable
via 13f386d7d77 pytest/ridalloc_exop: Remove unused variables
via c6f1b83e97d pytest/samba_tool_drs_critical: Remove unused variables
via 8042e3250d8 pytest/samba_tool_drs_no_dns: Remove unused variables
via 72a93e66a82 pytest/samba_tool_drs: Remove unused variables
via 7bf6fa05b02 pytest/samba_tool_drs: Convert bytes to UTF-8 string
via d2063568ceb lib:cmdline: Fix typo
via 16e6435b082 auth/credentials: Fix typos
via 4c6bd559ff2 python/schema: Fix conversion to UTF-8 string
via 9e6f3df5d82 python/samba/common: Fix typos
via 262b40d8330 auth/credentials: Fix off-by-one buffer write
via 1312b2d1699 samba-tool: Don't use invalid escape sequences
via 65ab33dffab gp: Don't use invalid escape sequences
via 5badceeee3f gp: Avoid shadowing import
via 8c06c7e2f7a s4:samba_spnupdate: Fix typo
via f4e4816fcd6 selftest: Fix typo
via fdc5f6ee995 s4:samba_dnsupdate: Avoid resource leaks
via 0d8836482a1 s4:samba_spnupdate: Avoid resource leak
via 60682e2aee4 python/samba: Avoid resource leak
via 8d48ca46980 selftest: Don't use invalid escape sequences
via fa4ddb887ab samba_version.py: Avoid resource leak
via d8d872e0950 wscript: Fix invalid escape sequences
via 433247a792a s3:modules: Fix invalid escape sequences
via 374a03eddd1 selftest: Fix invalid escape sequences
via 474674ac7db lib:pyldb: Throw error on invalid controls
via 207a212948f lib:ldb: Fix typo
via f414bead52d s4:dnsserver: Check all records, not just one
via a34e245bb28 nsswitch: Fix CID 1518966 Resource leaks (RESOURCE_LEAK)
via e7baac45a9d s4-dsdb: Make array static
via e8514527bed tests: Fix old-style function definitions
via b73622bf53f source3/wscript: Fix configure-time checks
via fb781f426b7 tests/krb5: Fix typo
via 533fb8fa0db tests/krb5: Add tests adding a user to a group prior to a TGS-REQ
via 646b62f7604 tests/krb5: Permit modifying claim attributes mid-test
via fe9aa394258 tests/krb5: Split out setup_claims()
via 5cc48da43ee tests/krb5: Generate more readable string representation
via abe36c2c716 tests/krb5: Add map_to_dn()
via 991958c9588 tests/krb5: Refactor out map_to_sid()
via 033e79d40c0 tests/krb5: Avoid duplicate group members
via 285f042e2ff tests/krb5: Move ticket_with_sids() to base class
via e94b4e8c77b tests/krb5: Support nested SID structures in map_sids()
via 61cc949a5e7 tests/krb5: Move some utility functions from group_tests to base class
via 3eac35212ec tests/krb5: Remove unused constant
via b4da5eaa2fc tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups
via 6d19f78cdd5 tests/krb5: Fix typo
via c00813b94b7 tests/krb5: Fix typo
via 9bec86229fd tests/krb5: Refactor claims tests to use get_target()
via 49605b5e89a tests/krb5: Move get_target() to base class
via 4ae7f1cb987 tests/krb5: Remove client_as_etypes parameter
via 3b522e23524 tests/krb5: Request only supported encryption types in get_tgt()
via d4d3f93470f tests/krb5: Lazily fetch SamDB in get_default_enctypes()
via 3861d7e09eb tests/krb5: Refactor decode_service_ticket()
from 682c77be74b s4:torture:basic: use milliseconds granularity in delayed_write_update7
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c28f61b6bbd5cc1caefcba4b00a6898c91403904
Author: Jelmer Vernooij <jelmer at jelmer.uk>
Date: Sat Jan 28 20:30:24 2023 +0000
Add a git-blame-ignore-revs file
'git blame' can ignore certain revisions when annotating, e.g. revisions that just reformatting.
Signed-off-by: Jelmer Vernooij <jelmer at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 3 02:02:51 UTC 2023 on atb-devel-224
commit 8e830d760839eb16c2f6edc9d5395966d2f02f6f
Author: David Mulder <dmulder at samba.org>
Date: Mon Feb 27 08:37:10 2023 -0700
samba-tool: Clarify cse register command file dest
Signed-off-by: David Mulder <dmulder at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1fa162a13b4853bb4efd16bf6a9b1e53e9503e2f
Author: Christof Schmitt <cs at samba.org>
Date: Wed Mar 1 16:43:14 2023 -0700
librpc: Fix compile error for libnet_join.idl
Fix this compile error:
[753/756] Processing source3/librpc/idl/libnet_join.idl
source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory
#include "config.h"
^~~~~~~~~~
compilation terminated.
source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl
source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer
libnet_join.idl imports ads.idl which includes config.h. The build rule
for ads.idl provides the include directory for config.h, so add a new
rule to also specify that include directory for libnet_join.idl.
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f2416493c0c779356606aebf0aceca8fa416b55c
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Mar 2 12:28:13 2023 +1300
s4: remove unused lib/com/*
Maybe the following IDL files are now unused:
librpc/idl/oxidresolver.idl
librpc/idl/remact.idl
librpc/idl/dcom.idl
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d128d401f0ae5a140902bb6b7001f73fd8a0356f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 13:32:39 2023 +1300
s3:rpc_server/netlogon: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a470394f58832897a5eb2cd6c428e149c2ac497c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 11:39:56 2023 +1300
torture/backupkey: Fix possibly wrong typo'd array index
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aa90354e2426dc1af445f5b3243ad3cd7ebce902
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 11:37:03 2023 +1300
torture/backupkey: Fix flapping test
UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_default)
REASON: Exception: Exception: ../../source4/torture/rpc/backupkey.c:2219: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAMETER: decrypt should fail with WERR_INVALID_PARAMETER
As commit 664bde19bf1db1b3740621cdf3f46f9bfd0e8452 states:
"The use of the wrong key can still create structures that parse as a
SID, therefore we can sometimes get an unusual error, which becomes a
flapping test".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 264351f5c35f1b9bbecfc1c513334ef4eb0597c4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:35:14 2023 +1300
pytest/delete_object: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1f5e34bdaca9de52a77cf2caaa030415d72989f3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:34:26 2023 +1300
pytest/getnc_exop: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e2df264e7c5d279dcf08733f3954af802ff30921
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:31:45 2023 +1300
pytest/repl_move: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 44f05afe82a56af3bba4c00d2c9cb2af0228155b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:27:07 2023 +1300
pytest/repl_rodc: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bf2daf79d68ac169ed5c81cc921fa5cd47dc6bfa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:25:42 2023 +1300
pytest/replica_sync: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 13f386d7d772d29354563f48b19220189bb6d796
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:24:52 2023 +1300
pytest/ridalloc_exop: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c6f1b83e97d86be34bbc2ca35dcfd7aa6d7f1e01
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:23:41 2023 +1300
pytest/samba_tool_drs_critical: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8042e3250d8c94b39bda9d46687ea88b2c248345
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:23:09 2023 +1300
pytest/samba_tool_drs_no_dns: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 72a93e66a823c9077230236ddd608ca2d734e19c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 09:22:26 2023 +1300
pytest/samba_tool_drs: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7bf6fa05b020d1833d9f02218088cbbd31e1b7cc
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 28 17:02:52 2023 +1300
pytest/samba_tool_drs: Convert bytes to UTF-8 string
We later use this variable as part of a string substitution, and if we
leave it as bytes we will end up with b' ' quotes surrounding it, which
we do not want. Fix this by converting it to a string.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d2063568cebfbdd680a08f50f43155180487bd00
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 28 17:01:28 2023 +1300
lib:cmdline: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 16e6435b08233d8cebd4f45b4c1e1dc9b20ab5d3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 28 17:00:57 2023 +1300
auth/credentials: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4c6bd559ff20a4014a23b7a101591d860e561833
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 28 16:56:54 2023 +1300
python/schema: Fix conversion to UTF-8 string
str(b'foo') yields "b'foo'", which is wrong. Fix this to get "foo"
instead.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9e6f3df5d82e35399f7c6207aab4a092d3e0ab4d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 28 16:56:24 2023 +1300
python/samba/common: Fix typos
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 262b40d83304d219c4ffb4eadebb8d51c02ba025
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 28 16:55:06 2023 +1300
auth/credentials: Fix off-by-one buffer write
If p == pass + 127, assigning to '*++p' writes beyond the array.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1312b2d1699e544cff4f3f7dccd9a02a5bd295fa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Feb 24 14:54:02 2023 +1300
samba-tool: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 65ab33dffab2534e8bae7aa4f6a324d1381b0c9e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Feb 24 14:53:36 2023 +1300
gp: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5badceeee3f0cfba6062aeea33995bc602a8d050
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Feb 24 14:52:40 2023 +1300
gp: Avoid shadowing import
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8c06c7e2f7a5770c2526880ce13281723cb5e352
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Feb 22 12:07:30 2023 +1300
s4:samba_spnupdate: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f4e4816fcd67236bd7fe4f94fe4c759a6d5d7e80
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 12:44:41 2023 +1300
selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fdc5f6ee9950add6c0e357c636ab571663feee9b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 11:45:11 2023 +1300
s4:samba_dnsupdate: Avoid resource leaks
View with 'git show -b'.
The seek(0) call is unnecessary.
Closing a file removes the lock held on it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0d8836482a16607fd7f66adc6c315a52028393b0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 11:44:07 2023 +1300
s4:samba_spnupdate: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 60682e2aee47bfccb4daa07b2ad96193d1b51bd9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 11:42:27 2023 +1300
python/samba: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8d48ca46980978842226305cf4173c77ff1be71e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 11:41:34 2023 +1300
selftest: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fa4ddb887ab3f88c65c21f6a55376e65a7447f27
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 11:38:54 2023 +1300
samba_version.py: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d8d872e09503fb6f636d7876573debcfa75c485e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Mar 2 16:43:26 2023 +1300
wscript: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 433247a792ad04a5f636021470648241684d1bd2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Mar 2 16:42:47 2023 +1300
s3:modules: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 374a03eddd1219d91c257712c84b75dbf976f486
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 09:51:08 2023 +1300
selftest: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 474674ac7db997f678394d054f64a1d560f6b020
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jan 17 12:33:17 2023 +1300
lib:pyldb: Throw error on invalid controls
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 207a212948f9b2bc978c68d9054c0a97f5420d2d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jan 17 11:19:19 2023 +1300
lib:ldb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f414bead52da1ab9dbe4f8ac90a97154730c21fd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Jan 16 08:17:38 2023 +1300
s4:dnsserver: Check all records, not just one
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a34e245bb28b6fa60599b5e090d9cac1f4e7215b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Jan 9 15:12:45 2023 +1300
nsswitch: Fix CID 1518966 Resource leaks (RESOURCE_LEAK)
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e7baac45a9dc63f727657be1e46c10b4cc85139f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Dec 22 17:15:56 2022 +1300
s4-dsdb: Make array static
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e8514527bedf8958898d381d3f84f12dc3f3773e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Mar 2 16:36:07 2023 +1300
tests: Fix old-style function definitions
These files are included into the source3/wscript configure
checks and so need to avoid C89 features otherwise they
may cause an incorrect configure failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b73622bf53f3f46ad6678f6b6a7f90e498c0e752
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Nov 2 14:57:03 2022 +1300
source3/wscript: Fix configure-time checks
Compilers are getting strict about this C89 behaviour and this
kind of thing is already causing some configure checks to fail with
modern compilers like clang.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fb781f426b77ae192b97bd3f7b42260d1e315e29
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Mar 1 13:32:21 2023 +1300
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 533fb8fa0db71ab49176e449b7bd2ff597398cf9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Feb 24 13:12:44 2023 +1300
tests/krb5: Add tests adding a user to a group prior to a TGS-REQ
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 646b62f7604950afdc7bc2222783b8ed9e4e0f7b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 15:44:43 2023 +1300
tests/krb5: Permit modifying claim attributes mid-test
We might want to find out what happens to claim values in the PAC if
they change in the database.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fe9aa3942588f8116c539cb7904fd44a72499716
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 15:44:14 2023 +1300
tests/krb5: Split out setup_claims()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5cc48da43eea10130dac7e0eab24ae5c83a9642c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 14:00:16 2023 +1300
tests/krb5: Generate more readable string representation
This makes assertion failure messages easier to decipher.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit abe36c2c71672b2dcbfa318e10ec16351ae6149e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 12:06:00 2023 +1300
tests/krb5: Add map_to_dn()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 991958c95884625a10b237a7cdcac7126d7ad302
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 12:07:40 2023 +1300
tests/krb5: Refactor out map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 033e79d40c0bd31693aa0c9a8c4dd5fe27add9b8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Feb 21 12:04:38 2023 +1300
tests/krb5: Avoid duplicate group members
Decode the existing members into strings, so that if we add additional
members (that will also be strings), we won't try to add duplicates (and
have samdb.modify() fail).
Further, ensure callers don't try to pass in a bytes object for the DN.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 285f042e2ff9aa4a46f7e4acf9b8971fb5ebf18d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Feb 20 15:19:01 2023 +1300
tests/krb5: Move ticket_with_sids() to base class
We need to use this in another test.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e94b4e8c77bbab4314600c02717706f28d693139
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Feb 20 15:08:21 2023 +1300
tests/krb5: Support nested SID structures in map_sids()
The passed-in set of SIDs may now contain frozensets that themselves
contain SIDs, enabling nested groups. This is necessary to test how
resource SIDs are grouped together in the device info structure.
'git show -b' shows that we're not actually changing very much.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 61cc949a5e798fdd2246cb9bf727473d5232a1b4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Feb 20 14:30:49 2023 +1300
tests/krb5: Move some utility functions from group_tests to base class
We'll want to make use of them later.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3eac35212ecea9e14363f65b0e9ddd505745a359
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Feb 20 14:31:36 2023 +1300
tests/krb5: Remove unused constant
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b4da5eaa2fc2c9217e9578c1fe2a367b0d892ff1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Feb 20 14:16:31 2023 +1300
tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups
instead of hardcoded user and trust user principals, and a single
primary group.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6d19f78cdd583c3fd865dcd14388cd76126f5e12
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Feb 20 13:47:16 2023 +1300
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c00813b94b773dbd9d6fcf9e0af74e044c18099b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Jan 31 11:53:13 2023 +1300
tests/krb5: Fix typo
'of', not 'on'.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9bec86229fdcae92e14baff02e0b59cf82591ceb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jan 11 14:17:53 2023 +1300
tests/krb5: Refactor claims tests to use get_target()
This simplifies the code for getting the credentials of the target
service.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 49605b5e89a1fd0c7c61fda403d6cd697f8ef576
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Jan 11 14:17:41 2023 +1300
tests/krb5: Move get_target() to base class
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4ae7f1cb987665c754a31954a13281d657c68fce
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Oct 11 14:53:21 2021 +1300
tests/krb5: Remove client_as_etypes parameter
The client_as_etypes parameter previously indicated which etypes we
thought the client supported. In practice, this was rarely specified, so
we simply assumed that all three main enctypes were supported.
Now that we have removed this parameter, rewrite the etype-info padata
checking code to be simpler, and no longer to contain loops.
Use get_default_enctypes() to determine which enctypes are supported.
For tests that inherit from KDCBaseTest, this is based on the domain
functional level, and will be more correct for tests that previously
passed in client_as_etypes=None.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3b522e2352487cbc42bd77166217a67ba611d697
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Mar 2 14:46:27 2023 +1300
tests/krb5: Request only supported encryption types in get_tgt()
If the domain uses functional level 2003, calling get_tgt() would
request an AES256-encrypted ticket. The KDC would respond to that
request with incorrect etype-info, and were it not for many tests lying
(via client_as_etypes) about what etypes were supported, those tests
would fail pointlessly.
As this behaviour is not what get_tgt() is intended to test, we now only
request etypes that are actually supported.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d4d3f93470fa9c26a1ede32a036289731cc932cf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Mar 2 14:45:40 2023 +1300
tests/krb5: Lazily fetch SamDB in get_default_enctypes()
There's no need to get a connection to SamDB if we already have the
domain functional level.
connect_kdc() in lockout_tests.py is one place where we already have the
domain functional level, but deliberately drop our SamDB connection. If
we need to call get_default_enctypes(), that shouldn't cause us to try
to connect again.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3861d7e09eb084289ac64d39ed746d90617b440b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Oct 18 14:29:29 2021 +1300
tests/krb5: Refactor decode_service_ticket()
TicketDecryptionKey_from_creds() is a simpler way to create the key.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
.git-blame-ignore-revs | 9 +
auth/credentials/credentials.c | 8 +-
buildtools/wafsamba/samba_version.py | 32 +-
lib/cmdline/cmdline.c | 2 +-
lib/ldb/common/ldb_controls.c | 2 +-
lib/ldb/pyldb.c | 27 +-
nsswitch/stress-nss-libwbclient.c | 2 +
python/samba/common.py | 4 +-
python/samba/gp/gpclass.py | 16 +-
python/samba/ms_display_specifiers.py | 6 +-
python/samba/netcmd/gpo.py | 10 +-
python/samba/schema.py | 2 +-
python/samba/tests/krb5/as_req_tests.py | 13 +-
python/samba/tests/krb5/claims_tests.py | 201 +++---
python/samba/tests/krb5/fast_tests.py | 1 -
python/samba/tests/krb5/group_tests.py | 508 ++++-----------
python/samba/tests/krb5/kdc_base_test.py | 410 +++++++++++-
python/samba/tests/krb5/kdc_tgs_tests.py | 2 -
python/samba/tests/krb5/lockout_tests.py | 1 -
python/samba/tests/krb5/protected_users_tests.py | 4 -
python/samba/tests/krb5/raw_testcase.py | 66 +-
python/samba/tests/krb5/s4u_tests.py | 2 +-
selftest/knownfail_heimdal_kdc | 8 +
selftest/knownfail_mit_kdc | 8 +
selftest/wscript | 2 +-
source3/librpc/idl/wscript_build | 9 +-
source3/modules/wscript_build | 2 +-
source3/rpc_server/netlogon/srv_netlog_nt.c | 2 +-
source3/wscript | 10 +-
source4/dns_server/dns_update.c | 1 -
source4/dsdb/common/util_groups.c | 2 +-
source4/lib/com/README | 9 -
source4/lib/com/classes/simple.c | 137 ----
source4/lib/com/com.h | 53 --
source4/lib/com/dcom/dcom.h | 85 ---
source4/lib/com/dcom/main.c | 706 ---------------------
source4/lib/com/dcom/tables.c | 94 ---
source4/lib/com/main.c | 90 ---
source4/lib/com/rot.c | 35 -
source4/lib/com/tables.c | 112 ----
source4/lib/com/wscript_build | 28 -
source4/scripting/bin/samba_dnsupdate | 30 +-
source4/scripting/bin/samba_spnupdate | 23 +-
source4/selftest/tests.py | 22 +-
source4/torture/drs/python/delete_object.py | 2 -
source4/torture/drs/python/getnc_exop.py | 1 -
source4/torture/drs/python/repl_move.py | 117 ++--
source4/torture/drs/python/repl_rodc.py | 5 -
source4/torture/drs/python/replica_sync.py | 2 +-
source4/torture/drs/python/ridalloc_exop.py | 8 -
source4/torture/drs/python/samba_tool_drs.py | 57 +-
.../torture/drs/python/samba_tool_drs_critical.py | 10 +-
.../torture/drs/python/samba_tool_drs_no_dns.py | 11 +-
source4/torture/rpc/backupkey.c | 12 +-
tests/oldquotas.c | 2 +-
tests/summary.c | 2 +-
wscript | 4 +-
wscript_build | 1 -
58 files changed, 909 insertions(+), 2121 deletions(-)
create mode 100644 .git-blame-ignore-revs
delete mode 100644 source4/lib/com/README
delete mode 100644 source4/lib/com/classes/simple.c
delete mode 100644 source4/lib/com/com.h
delete mode 100644 source4/lib/com/dcom/dcom.h
delete mode 100644 source4/lib/com/dcom/main.c
delete mode 100644 source4/lib/com/dcom/tables.c
delete mode 100644 source4/lib/com/main.c
delete mode 100644 source4/lib/com/rot.c
delete mode 100644 source4/lib/com/tables.c
delete mode 100644 source4/lib/com/wscript_build
Changeset truncated at 500 lines:
diff --git a/.git-blame-ignore-revs b/.git-blame-ignore-revs
new file mode 100644
index 00000000000..d3323dbeb04
--- /dev/null
+++ b/.git-blame-ignore-revs
@@ -0,0 +1,9 @@
+# This file contains a list of git revisions that "git blame" should ignore.
+# It's mostly useful to ignore commits that just do reformatting.
+
+# See https://michaelheap.com/git-ignore-rev/
+
+# To use locally, run:
+# git config --global blame.ignoreRevsFile .git-blame-ignore-revs
+
+bfa9624946a35e5645effbb20e02abba2c34a8c2
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 67644e806e4..521951ff957 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1556,7 +1556,7 @@ _PUBLIC_ bool cli_credentials_parse_password_fd(struct cli_credentials *credenti
char pass[128];
for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */
- p && p - pass < sizeof(pass);) {
+ p && p - pass < sizeof(pass) - 1;) {
switch (read(fd, p, 1)) {
case 1:
if (*p != '\n' && *p != '\0') {
@@ -1619,7 +1619,7 @@ _PUBLIC_ bool cli_credentials_set_smb_signing(struct cli_credentials *creds,
* @param[in] creds The credential structure to obtain the SMB signing state
* from.
*
- * @return The SMB singing state.
+ * @return The SMB signing state.
*/
_PUBLIC_ enum smb_signing_setting
cli_credentials_get_smb_signing(struct cli_credentials *creds)
@@ -1658,7 +1658,7 @@ cli_credentials_set_smb_ipc_signing(struct cli_credentials *creds,
* @param[in] creds The credential structure to obtain the SMB IPC signing
* state from.
*
- * @return The SMB singing state.
+ * @return The SMB signing state.
*/
_PUBLIC_ enum smb_signing_setting
cli_credentials_get_smb_ipc_signing(struct cli_credentials *creds)
@@ -1858,7 +1858,7 @@ _PUBLIC_ void cli_credentials_dump(struct cli_credentials *creds)
* @param[in] creds The credential structure to obtain the SMB encryption state
* from.
*
- * @return The SMB singing state.
+ * @return The SMB signing state.
*/
_PUBLIC_ enum smb_encryption_setting
cli_credentials_get_smb_encryption(struct cli_credentials *creds)
diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py
index 5df7ddbcb3d..54ae62f38bd 100644
--- a/buildtools/wafsamba/samba_version.py
+++ b/buildtools/wafsamba/samba_version.py
@@ -235,22 +235,22 @@ also accepted as dictionary entries here
def samba_version_file(version_file, path, env=None, is_install=True):
'''Parse the version information from a VERSION file'''
- f = open(version_file, 'r')
- version_dict = {}
- for line in f:
- line = line.strip()
- if line == '':
- continue
- if line.startswith("#"):
- continue
- try:
- split_line = line.split("=")
- if split_line[1] != "":
- value = split_line[1].strip('"')
- version_dict[split_line[0]] = value
- except:
- print("Failed to parse line %s from %s" % (line, version_file))
- raise
+ with open(version_file, 'r') as f:
+ version_dict = {}
+ for line in f:
+ line = line.strip()
+ if line == '':
+ continue
+ if line.startswith("#"):
+ continue
+ try:
+ split_line = line.split("=")
+ if split_line[1] != "":
+ value = split_line[1].strip('"')
+ version_dict[split_line[0]] = value
+ except:
+ print("Failed to parse line %s from %s" % (line, version_file))
+ raise
return SambaVersion(version_dict, path, env=env, is_install=is_install)
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 9f4e964f289..106be10aa0f 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -779,7 +779,7 @@ static void popt_common_credentials_callback(poptContext popt_ctx,
* This calls cli_credentials_set_conf() to get the defaults
* form smb.conf and set the winbind separator.
*
- * Just warn that we can't read the smb.conf. The might not be
+ * Just warn that we can't read the smb.conf. There might not be
* one available or we want to ignore it.
*/
ok = cli_credentials_guess(creds, lp_ctx);
diff --git a/lib/ldb/common/ldb_controls.c b/lib/ldb/common/ldb_controls.c
index 266aa90b224..47e113a5129 100644
--- a/lib/ldb/common/ldb_controls.c
+++ b/lib/ldb/common/ldb_controls.c
@@ -361,7 +361,7 @@ char *ldb_control_to_string(TALLOC_CTX *mem_ctx, const struct ldb_control *contr
return NULL;
}
res = talloc_asprintf(mem_ctx, "%s:%d:%d",
- LDB_CONTROL_SORT_RESP_NAME,
+ LDB_CONTROL_ASQ_NAME,
control->critical,
rep_control->result);
diff --git a/lib/ldb/pyldb.c b/lib/ldb/pyldb.c
index 7a95a58fa67..da60572ff0f 100644
--- a/lib/ldb/pyldb.c
+++ b/lib/ldb/pyldb.c
@@ -1291,6 +1291,11 @@ static PyObject *py_ldb_modify(PyLdbObject *self, PyObject *args, PyObject *kwar
return NULL;
}
parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls);
+ if (controls[0] != NULL && parsed_controls == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx);
+ return NULL;
+ }
talloc_free(controls);
}
@@ -1440,6 +1445,11 @@ static PyObject *py_ldb_add(PyLdbObject *self, PyObject *args, PyObject *kwargs)
return NULL;
}
parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls);
+ if (controls[0] != NULL && parsed_controls == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx);
+ return NULL;
+ }
talloc_free(controls);
}
@@ -1533,6 +1543,11 @@ static PyObject *py_ldb_delete(PyLdbObject *self, PyObject *args, PyObject *kwar
return NULL;
}
parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls);
+ if (controls[0] != NULL && parsed_controls == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx);
+ return NULL;
+ }
talloc_free(controls);
}
@@ -1611,6 +1626,11 @@ static PyObject *py_ldb_rename(PyLdbObject *self, PyObject *args, PyObject *kwar
return NULL;
}
parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls);
+ if (controls[0] != NULL && parsed_controls == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx);
+ return NULL;
+ }
talloc_free(controls);
}
@@ -1973,6 +1993,11 @@ static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwar
return NULL;
}
parsed_controls = ldb_parse_control_strings(ldb_ctx, mem_ctx, controls);
+ if (controls[0] != NULL && parsed_controls == NULL) {
+ talloc_free(mem_ctx);
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx);
+ return NULL;
+ }
talloc_free(controls);
}
@@ -2179,7 +2204,7 @@ static PyObject *py_ldb_search_iterator(PyLdbObject *self, PyObject *args, PyObj
controls);
if (controls[0] != NULL && parsed_controls == NULL) {
Py_DECREF(py_iter);
- PyErr_NoMemory();
+ PyErr_SetLdbError(PyExc_LdbError, LDB_ERR_OPERATIONS_ERROR, ldb_ctx);
return NULL;
}
talloc_free(controls);
diff --git a/nsswitch/stress-nss-libwbclient.c b/nsswitch/stress-nss-libwbclient.c
index 35818530886..d9dc3b53869 100644
--- a/nsswitch/stress-nss-libwbclient.c
+++ b/nsswitch/stress-nss-libwbclient.c
@@ -216,6 +216,7 @@ static void *query_wbc_thread(void *ptr)
assert(nwritten == sizeof(int));
exit(1);
}
+ wbcFreeMemory(ppwd);
printf("child: wbcGetpwnam in child succeeded\n");
rc = 0;
nwritten = write(p[0], &rc, sizeof(int));
@@ -253,6 +254,7 @@ static void *query_wbc_thread(void *ptr)
state->fail = true;
return NULL;
}
+ wbcFreeMemory(ppwd);
printf("parent: wbcGetpwnam in parent succeeded\n");
return NULL;
}
diff --git a/python/samba/common.py b/python/samba/common.py
index d5945307c3a..7cad8d30f08 100644
--- a/python/samba/common.py
+++ b/python/samba/common.py
@@ -89,7 +89,7 @@ def get_bytes(bytesorstring):
if isinstance(bytesorstring, str):
tmp = bytesorstring.encode('utf8')
elif not isinstance(bytesorstring, bytes):
- raise ValueError('Expected byte or string for %s:%s' % (type(bytesorstring), bytesorstring))
+ raise ValueError('Expected bytes or string for %s:%s' % (type(bytesorstring), bytesorstring))
return tmp
# helper function to get a string from a variable that maybe 'str' or
@@ -103,5 +103,5 @@ def get_string(bytesorstring):
if isinstance(bytesorstring, bytes):
tmp = bytesorstring.decode('utf8')
elif not isinstance(bytesorstring, str):
- raise ValueError('Expected byte of string for %s:%s' % (type(bytesorstring), bytesorstring))
+ raise ValueError('Expected bytes or string for %s:%s' % (type(bytesorstring), bytesorstring))
return tmp
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 68c1050f632..605f94f3317 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -624,10 +624,10 @@ def check_refresh_gpo_list(dc_hostname, lp, creds, gpos):
# Reset signing state
creds.set_smb_signing(saved_signing_state)
cache_path = lp.cache_path('gpo_cache')
- for gpo in gpos:
- if not gpo.file_sys_path:
+ for gpo_obj in gpos:
+ if not gpo_obj.file_sys_path:
continue
- cache_gpo_dir(conn, cache_path, check_safe_path(gpo.file_sys_path))
+ cache_gpo_dir(conn, cache_path, check_safe_path(gpo_obj.file_sys_path))
def get_deleted_gpos_list(gp_db, gpos):
@@ -740,21 +740,21 @@ def rsop(lp, creds, store, gp_extensions, username, target):
print('Resultant Set of Policy')
print('%s Policy\n' % target)
term_width = shutil.get_terminal_size(fallback=(120, 50))[0]
- for gpo in gpos:
- if gpo.display_name.strip() == 'Local Policy':
+ for gpo_obj in gpos:
+ if gpo_obj.display_name.strip() == 'Local Policy':
continue # We never apply local policy
- print('GPO: %s' % gpo.display_name)
+ print('GPO: %s' % gpo_obj.display_name)
print('='*term_width)
for ext in gp_extensions:
ext = ext(lp, creds, username, store)
- cse_name_m = re.findall("'([\w\.]+)'", str(type(ext)))
+ cse_name_m = re.findall(r"'([\w\.]+)'", str(type(ext)))
if len(cse_name_m) > 0:
cse_name = cse_name_m[-1].split('.')[-1]
else:
cse_name = ext.__module__.split('.')[-1]
print(' CSE: %s' % cse_name)
print(' ' + ('-'*int(term_width/2)))
- for section, settings in ext.rsop(gpo).items():
+ for section, settings in ext.rsop(gpo_obj).items():
print(' Policy Type: %s' % section)
print(' ' + ('-'*int(term_width/2)))
print(__rsop_vals(settings).lstrip('\n'))
diff --git a/python/samba/ms_display_specifiers.py b/python/samba/ms_display_specifiers.py
index be9891d7437..ae48dce4ffb 100644
--- a/python/samba/ms_display_specifiers.py
+++ b/python/samba/ms_display_specifiers.py
@@ -176,9 +176,9 @@ def read_ms_ldif(filename):
out = []
from io import open
- f = open(filename, "r", encoding='latin-1')
- for entry in __read_raw_entries(f):
- out.append(__write_ldif_one(__transform_entry(entry)))
+ with open(filename, "r", encoding='latin-1') as f:
+ for entry in __read_raw_entries(f):
+ out.append(__write_ldif_one(__transform_entry(entry)))
return "\n\n".join(out) + "\n\n"
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index 9b00a9016c3..05202a63f48 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -1651,7 +1651,7 @@ class cmd_restore(cmd_create):
entities_content = entities_file.read()
# Do a basic regex test of the entities file format
- if re.match('(\s*<!ENTITY\s*[a-zA-Z0-9_]+\s*.*?>)+\s*\Z',
+ if re.match(r'(\s*<!ENTITY\s*[a-zA-Z0-9_]+\s*.*?>)+\s*\Z',
entities_content, flags=re.MULTILINE) is None:
raise CommandError("Entities file does not appear to "
"conform to format\n"
@@ -4286,10 +4286,14 @@ samba-tool gpo manage access remove {31B2F340-016D-11D2-945F-00C04FB984F9} allow
class cmd_cse_register(Command):
"""Register a Client Side Extension (CSE) on the current host
-This command takes a CSE filename as an arguement, and registers it for
+This command takes a CSE filename as an argument, and registers it for
applying policy on the current host. This is not necessary for CSEs which
are distributed with the current version of Samba, but is useful for installing
experimental CSEs or custom built CSEs.
+The <cse_file> argument MUST be a permanent location for the CSE. The register
+command does not copy the file to some other directory. The samba-gpupdate
+command will execute the CSE from the exact location specified from this
+command.
Example:
samba-tool gpo cse register ./gp_chromium_ext.py gp_chromium_ext --machine
@@ -4359,7 +4363,7 @@ samba-tool gpo cse list
class cmd_cse_unregister(Command):
"""Unregister a Client Side Extension (CSE) from the current host
-This command takes a unique GUID as an arguement (representing a registered
+This command takes a unique GUID as an argument (representing a registered
CSE), and unregisters it for applying policy on the current host. Use the
`samba-tool gpo cse list` command to determine the unique GUIDs of CSEs.
diff --git a/python/samba/schema.py b/python/samba/schema.py
index 1aa5a530d00..2e8219ace93 100644
--- a/python/samba/schema.py
+++ b/python/samba/schema.py
@@ -221,7 +221,7 @@ def get_linked_attributes(schemadn, schemaldb):
attribute="lDAPDisplayName",
scope=SCOPE_SUBTREE)
if target is not None:
- attributes[str(res[i]["lDAPDisplayName"])] = str(target)
+ attributes[str(res[i]["lDAPDisplayName"])] = target.decode('utf-8')
return attributes
diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py
index 4c0acd5936d..2b94bf5d218 100755
--- a/python/samba/tests/krb5/as_req_tests.py
+++ b/python/samba/tests/krb5/as_req_tests.py
@@ -52,7 +52,6 @@ class AsReqBaseTest(KDCBaseTest):
user_name = client_creds.get_username()
if client_account is None:
client_account = user_name
- client_as_etypes = self.get_default_enctypes()
client_kvno = client_creds.get_kvno()
krbtgt_creds = self.get_krbtgt_creds(require_strongest_key=True)
krbtgt_account = krbtgt_creds.get_username()
@@ -76,7 +75,7 @@ class AsReqBaseTest(KDCBaseTest):
till = self.get_KerberosTime(offset=36000)
if etypes is None:
- etypes = client_as_etypes
+ etypes = self.get_default_enctypes()
if kdc_options is None:
kdc_options = krb5_asn1.KDCOptions('forwardable')
if expected_error is not None:
@@ -89,7 +88,6 @@ class AsReqBaseTest(KDCBaseTest):
realm,
sname,
till,
- client_as_etypes,
initial_error_mode,
expected_crealm,
expected_cname,
@@ -137,7 +135,6 @@ class AsReqBaseTest(KDCBaseTest):
realm,
sname,
till,
- client_as_etypes,
preauth_error_mode,
expected_crealm,
expected_cname,
@@ -180,7 +177,6 @@ class AsReqKerberosTests(AsReqBaseTest):
initial_kdc_options=None):
client_creds = self.get_client_creds()
client_account = client_creds.get_username()
- client_as_etypes = self.get_default_enctypes()
krbtgt_creds = self.get_krbtgt_creds(require_keys=False)
krbtgt_account = krbtgt_creds.get_username()
realm = krbtgt_creds.get_realm()
@@ -196,10 +192,8 @@ class AsReqKerberosTests(AsReqBaseTest):
expected_sname = sname
expected_salt = client_creds.get_salt()
- if any(etype in client_as_etypes and etype in initial_etypes
- for etype in (kcrypto.Enctype.AES256,
- kcrypto.Enctype.AES128,
- kcrypto.Enctype.RC4)):
+ if any(etype in initial_etypes
+ for etype in self.get_default_enctypes()):
expected_error_mode = KDC_ERR_PREAUTH_REQUIRED
else:
expected_error_mode = KDC_ERR_ETYPE_NOSUPP
@@ -213,7 +207,6 @@ class AsReqKerberosTests(AsReqBaseTest):
check_error_fn=self.generic_check_kdc_error,
check_rep_fn=None,
expected_error_mode=expected_error_mode,
- client_as_etypes=client_as_etypes,
expected_salt=expected_salt,
kdc_options=str(initial_kdc_options),
pac_request=pac)
diff --git a/python/samba/tests/krb5/claims_tests.py b/python/samba/tests/krb5/claims_tests.py
index 9ca87d6b189..9d5121e69ec 100755
--- a/python/samba/tests/krb5/claims_tests.py
+++ b/python/samba/tests/krb5/claims_tests.py
@@ -77,6 +77,86 @@ class ClaimsTests(KDCBaseTest):
def get_binary_dn(self):
return 'B:8:01010101:' + self.get_sample_dn()
+ def setup_claims(self, all_claims):
+ expected_claims = {}
+ unexpected_claims = set()
+
+ details = {}
+ mod_msg = ldb.Message()
+
+ for claim in all_claims:
+ # Make a copy to avoid modifying the original.
+ claim = dict(claim)
+
+ claim_id = self.get_new_username()
+
+ expected = claim.pop('expected', False)
+ expected_values = claim.pop('expected_values', None)
+ if not expected:
+ self.assertIsNone(expected_values,
+ 'claim not expected, '
+ 'but expected values provided')
+
+ values = claim.pop('values', None)
+ if values is not None:
+ def get_placeholder(val):
+ if val is self.sample_dn:
+ return self.get_sample_dn()
+ elif val is self.binary_dn:
+ return self.get_binary_dn()
+ else:
+ return val
+
+ def ldb_transform(val):
+ if val is True:
+ return 'TRUE'
+ elif val is False:
+ return 'FALSE'
+ elif isinstance(val, int):
+ return str(val)
+ else:
+ return val
+
+ values_type = type(values)
+ values = values_type(map(get_placeholder, values))
+ transformed_values = values_type(map(ldb_transform, values))
+
+ attribute = claim['attribute']
+ if attribute in details:
+ self.assertEqual(details[attribute], transformed_values,
+ 'conflicting values set for attribute')
+ details[attribute] = transformed_values
+
+ if expected_values is None:
+ expected_values = values
+
+ mod_values = claim.pop('mod_values', None)
+ if mod_values is not None:
+ flag = (ldb.FLAG_MOD_REPLACE
+ if values is not None else ldb.FLAG_MOD_ADD)
+ mod_msg[attribute] = ldb.MessageElement(mod_values,
+ flag,
+ attribute)
+
+ if expected:
+ self.assertIsNotNone(expected_values,
+ 'expected claim, but no value(s) set')
+ value_type = claim['value_type']
+
+ expected_claims[claim_id] = {
+ 'source_type': claims.CLAIMS_SOURCE_TYPE_AD,
+ 'type': value_type,
+ 'values': expected_values,
+ }
+ else:
+ unexpected_claims.add(claim_id)
+
+ self.create_claim(claim_id, **claim)
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list