[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Sep 14 22:31:02 UTC 2023
The branch, master has been updated
via 96e18e17748 s3:param: Remove unused lp_set_cmdline()
via c839a25d2cf s3:client: Use lpcfg_set_cmdline()
via f7a06f3a5db s3:libsmb: Use lpcfg_set_cmdline()
via 04d20c3aebd s3:netapi: Fix a leak in libnetapi_net_init()
via 9b6246737b9 libnetapi: Use lpcfg_set_cmdline()
via ea59632b3a7 s3:utils: Use lpcfg_set_cmdline() in smbpasswd
via 6f00a088266 s3:torture: Use lpcfg_set_cmdline()
via b6e4643274d s3:notifyd: Use lpcfg_set_cmdline()
via 58e45b35a3e build: Reduce heimdal_no_error_flags to a more minimal set
via 0e659702b09 build: Remove -Wno-error=missing-field-initializers from Heimdal build
via df3816eb711 s4:dsdb: Fix comment
via 41df712d18e s3:winbindd: Add zero digit to literal
via 9a9861b5f7d dsgetdcname: Remove excess zero digits from literals
via 9ef494c1558 fsrvp.idl: Remove excess zero digit from literal
via e4a81f268de tests/krb5: Rename ‘client_claims’ to ‘claims_metadata’
via 253ca78614b s3:net: Check return value of data_blob_talloc()
via fb17b170005 s4:kdc: Don’t prepend useless colon to MIT KDC logging messages
via d16337bd835 s4:wrepl_server: Correctly read ‘type’ element
via 477dc8f2467 ldb: Prefer explicit initialization to ZERO_STRUCT()
via 238b5a8ad09 s4:kdc: Remove ks_is_tgs_principal()
via 208f452e800 testprogs: Fix script usage lines
via 2ff2d9bfa15 s4:setup: Fix script usage line
via 31212b0c146 s4:selftest: Fix script usage lines
via 74624bd98de s3:script: Fix script usage lines
via 716c3a25368 nsswitch: Fix script usage
via 187d74d9c08 lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation
via 7e62f3921f2 s4:rpc_server: Switch to using smb_krb5_princ_component()
via cec4ebbec8b s4:kdc: Switch to using smb_krb5_princ_component()
via 9bb80c27385 s4:dsdb: Switch to using smb_krb5_princ_component()
via 229d26e25eb lib:krb5_wrap: Add Heimdal‐specific smb_krb5_princ_component() implementation
via eec9e545923 lib:krb5_wrap: Add smb_krb5_princ_component()
via d901fe9c671 lib:krb5_wrap: Have smb_krb5_principal_get_realm() check the return values of intermediate functions
via b8ca4dead24 lib:krb5_wrap: Eliminate redundant code from smb_krb5_sockaddr_to_kaddr()
via aa56750f97b s4:kdc: Fix leaks
via d902c134d72 s4:kdc: Be sure not to pass a NULL pointer into strcmp()
via 41d974389e9 s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
via 617f87a97e1 s4:kdc: Make RODC ID checks easier to understand with more clearly‐named variables
via ed8d7497cf0 s4:kdc: Rename ‘status’ variables to ‘reply_status’
via b8368ed358b s4:kdc: Have samba_krbtgt_is_in_db() take a const KDC entry
via c72d784a4f3 s4:kdc: Have samba_krbtgt_is_in_db() return a krb5_error_code
via a5308a2d904 s4:kdc: Make pac_blobs_remove_blob() never fail
via ed8436092b1 s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent
via cb400950791 s4:kdc: Don’t corrupt pac_blobs structure if talloc_realloc() fails
via e9590ac7bb5 s4:kdc: Add common out path to pac_blobs_from_krb5_pac()
via cbf1e0c8384 s4:kdc: Introduce a temporary talloc context in samba_kdc_update_pac()
via 8b49e05831d s4:kdc: Use temporary memory context in samba_kdc_verify_pac()
via 0d2d3a90985 s4:kdc: Fix leak
via cf2bde738d6 s4:kdc: Allocate variables on to more suitable memory context
via 953af6c3a3d s4:kdc: Increment PAC_DEVICE_INFO::domain_group_count only after SID has been successfully added
via 446e45be450 s4:kdc: Directly zero‐initialize PAC_DOMAIN_GROUP_MEMBERSHIP structure
via d4ceac448b6 s4:kdc: Assign RID and attribute together
via 6dae90bdd95 s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails
via d045809c0c2 s4:kdc: Check for overflow when adding a domain group SID
via 19b616d1699 s4:kdc: Avoid potential use‐after‐free
via bf9b16884b4 s4:kdc: Fix leak
via 7718a9d61b1 s4:kdc: Use common exit point for functions
via e48df09175a s4:kdc: Fix leaks
via 5c580dbdb3e s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
via c4933dd4b77 s4:auth: Fix leaks
via 8b2e14052c7 s4:auth: Check return values of talloc functions
via bd05237de4d s4:dsdb: Prefer explicit initialization to ZERO_STRUCT()
via 2e8bbaea70f s4:dsdb: Parenthesize macro expression
via b96c55c28a2 s4:scripting: Prefer ‘x not in y’ to ‘not x in y’
via 4954443e565 s4:scripting: Fix comments
via 2d736bd9e92 s4:kdc: Inline samba_get_pac_attrs_blob()
via 0669af30992 s3:rpc_server: Fix inverted error messages
via bd8c3afe106 python:tests: Fix invalid escape sequence
via 3fca94cd691 python:tests: Remove unused variables
via fb071bc33db docs-xml: Add missing paragraph section
via 30db01269c1 s4:kdc: Fix leaks
via bac02f087c9 s4:kdc: Don’t operate directly on caller‐owned pointer
via 2981a7f0598 s4:kdc: Allocate contents of PAC blobs on blob talloc contexts
via 3387140df83 s4:kdc: Inline samba_get_requester_sid_pac_blob()
via afd48f8dcde s4:kdc: Fix error message
via e427b5b796e s4:kdc: Initialize pointers to NULL
via acda12a7e2c s4:kdc: Correct error message
via 1f4438c5a2f s4:kdc: Check return value of smb_krb5_principal_get_comp_string()
via 2d929f1391c s4:kdc: Remove unused talloc context
via 49b96243b52 s4:kdc: Check return value of samdb_result_dom_sid()
via ba1750082ad claims.idl: Be more lenient in our expectations for the compression of claims
via 571ff5f3141 claims.idl: Allow empty claim value buffers
via 7ac99b197f7 s4:kdc: Make functions to add special SIDs non‐static
via 1f20e557fc6 s4:kdc: Check result of talloc_realloc()
via 3ef5e6554b9 s4:kdc: Handle invalid enum values
via 39340f65189 s4:kdc: Check result of dom_sid_parse()
via 716bf29d2d8 s4:kdc: Remove unused flags
via ffbd95e6f19 s4:kdc: Use smb_krb5_data_from_blob()
via 97906d275d0 s4:kdc: Remove duplicate function signature
via c92fac94cd6 s4:kdc: Prefer explicit initialization to ZERO_STRUCT()
via b208c8e8489 libcli:security: Prefer explicit initialization to ZERO_STRUCTP()
via 9846da6f4be s4:scripting: Remove unused imports
via 9f5667032c2 python:tests: Remove unused imports
via 9f78cc3b11c librpc:ndr: Avoid overflow in size calculation
via c86038095e3 libgpo: Remove unnecessary cast
via 0bcf44c8b77 lib:tdr: Remove unnecessary cast
via 74e1bb05712 lib:mscat: Remove unnecessary casts
from 4af3faace48 nsswitch/wb_common.c: fix socket fd and memory leaks of global state
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 96e18e17748d851fc785178fdcc3e38ddeea2fe0
Author: Andreas Schneider <asn at samba.org>
Date: Tue Sep 5 10:06:24 2023 +0200
s3:param: Remove unused lp_set_cmdline()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Sep 14 22:30:06 UTC 2023 on atb-devel-224
commit c839a25d2cf1e9d7d232687ce9cfa3caaa6cc93e
Author: Andreas Schneider <asn at samba.org>
Date: Wed Aug 2 09:23:44 2023 +0200
s3:client: Use lpcfg_set_cmdline()
This lp_set_cmdline() leaks memory and we want to get rid of it.
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f7a06f3a5db2694b0bb3f44b019a70e595e6a8af
Author: Pavel Kalugin <pkalugin at inno.tech>
Date: Sun Sep 3 23:21:35 2023 +0300
s3:libsmb: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 04d20c3aebd229ba6150950ad46356189b3384bb
Author: Pavel Kalugin <pkalugin at inno.tech>
Date: Sun Aug 20 23:50:38 2023 +0300
s3:netapi: Fix a leak in libnetapi_net_init()
Allow libnetapi_net_init() to be called more than once without
leaking libnetapi_ctx allocated on a previous call, which is
currently the case in the `net rpc` code.
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9b6246737b98a3f84d3f6aa54296d5a60477e4ef
Author: Pavel Kalugin <pkalugin at inno.tech>
Date: Sun Aug 20 23:06:56 2023 +0300
libnetapi: Use lpcfg_set_cmdline()
Replace lp_set_cmdline() with lpcfg_set_cmdline() in netapi.c.
For this purpose:
1. Add loadparm_context to the libnetapi_ctx because we need it
in libnetapi_set_debuglevel() and libnetapi_set_logfile().
2. Move loadparm_context creation from libnetapi_net_init()
to libnetapi_init() and add the lp_ctx parameter to the former.
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ea59632b3a704f883dfafa709d1eb2f729d71e9b
Author: Pavel Kalugin <pkalugin at inno.tech>
Date: Mon Aug 14 06:57:27 2023 +0300
s3:utils: Use lpcfg_set_cmdline() in smbpasswd
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6f00a088266d71f1ee94ee3c78ca695edc457467
Author: Pavel Kalugin <pkalugin at inno.tech>
Date: Mon Aug 14 06:01:28 2023 +0300
s3:torture: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b6e4643274dcdb58ca1706ba6cfd512ef0c31974
Author: Pavel Kalugin <pkalugin at inno.tech>
Date: Mon Aug 14 04:37:16 2023 +0300
s3:notifyd: Use lpcfg_set_cmdline()
Signed-off-by: Pavel Kalugin <pkalugin at inno.tech>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 58e45b35a3e18f61d390d95992eced2afb6a3eff
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 14 08:14:55 2023 +1200
build: Reduce heimdal_no_error_flags to a more minimal set
Heimdal does not seem to give as many errors as in the past, so we
can reduce the set of errors we ignore warnings for.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit 0e659702b09de0d14498a8cb515447be905bc2a4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 14 08:02:50 2023 +1200
build: Remove -Wno-error=missing-field-initializers from Heimdal build
This allows this warning (error) to be used in Samba for cases where a
non-designated initialiser is under-specified. We can do this now as
the GCC versions we build on do not regard foo = {} as an error.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
commit df3816eb711214e9adf94b0df76207fd54ebb67e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 16:35:03 2023 +1200
s4:dsdb: Fix comment
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 41df712d18ec94bc73ff6f2e8c357e1c0bde3d2f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 16:34:00 2023 +1200
s3:winbindd: Add zero digit to literal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9a9861b5f7dd56e118b098462e904f298f9a6a11
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 16:33:03 2023 +1200
dsgetdcname: Remove excess zero digits from literals
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9ef494c1558d4a302cc57cac7f1e94120bf1f131
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 16:32:31 2023 +1200
fsrvp.idl: Remove excess zero digit from literal
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e4a81f268deb6f3c7a5043e504897804f7bc36aa
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 15:09:00 2023 +1200
tests/krb5: Rename ‘client_claims’ to ‘claims_metadata’
This variable is used not only for client claims, but for device claims
as well.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 253ca78614ba1ba40f275fddda438a0d4858e94c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 13:32:55 2023 +1200
s3:net: Check return value of data_blob_talloc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fb17b170005c5429877c864cd277bb4b66124bd3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 13:09:24 2023 +1200
s4:kdc: Don’t prepend useless colon to MIT KDC logging messages
If we pass an empty string as the ‘whoami’ parameter, MIT’s logging
facilities will prepend a mysterious colon to the message. Printing
“mitkdc: ” ought at least to be more sensible, and perhaps more closely
to match our behaviour prior to commit
dd8138236bec3635c25e5b482b7a14faa0a9c36b.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d16337bd835712196ca8315de997978451ce129d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 11:03:02 2023 +1200
s4:wrepl_server: Correctly read ‘type’ element
winsdb_message() stores this element as hexadecimal, which format
ldb_msg_find_attr_as_uint() cannot cope with. Permit this element to be
in either decimal or hexadecimal format.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 477dc8f2467500a771fef88521d9f4163af11d89
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Sep 6 10:54:25 2023 +1200
ldb: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 238b5a8ad0984102976a6a3c4c9d56355a22bd0b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 17:06:00 2023 +1200
s4:kdc: Remove ks_is_tgs_principal()
This function is a near‐duplicate of smb_krb5_principal_is_tgs().
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 208f452e8002476e0b3a8deae891f6ad88d1b554
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:22:01 2023 +1200
testprogs: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2ff2d9bfa15d7c9ab7d96e34a868bf74f1e37deb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:21:50 2023 +1200
s4:setup: Fix script usage line
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 31212b0c1460a7a7074524afd51356a4dfae2094
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:21:34 2023 +1200
s4:selftest: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 74624bd98debfe2d477c99cd470e75cce3d6a1b0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:21:19 2023 +1200
s3:script: Fix script usage lines
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 716c3a253685081a1b19367187e72bb42baf6238
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:20:53 2023 +1200
nsswitch: Fix script usage
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 187d74d9c08d4ccd1d964af22f73e85a39a0fd0e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 15:37:14 2023 +1200
lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation
This implementation is no longer called: using a variable of static
storage duration as a conduit for return values is only asking for
trouble.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7e62f3921f2d6776f857072b9f4dd2a3302a8bca
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:46:17 2023 +1200
s4:rpc_server: Switch to using smb_krb5_princ_component()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cec4ebbec8b07cd3643ab013980b926654cf77b9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:46:08 2023 +1200
s4:kdc: Switch to using smb_krb5_princ_component()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9bb80c27385bfa17a5d6f9b8a725b3cf7f4e7e76
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 16:38:23 2023 +1200
s4:dsdb: Switch to using smb_krb5_princ_component()
This function has the handy feature of being able to be called twice in
succession without mysteriously breaking your code. Now, doesn’t that
sound useful?
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 229d26e25eb4f31d72b6bf650b987e482a44dd32
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 15:07:05 2023 +1200
lib:krb5_wrap: Add Heimdal‐specific smb_krb5_princ_component() implementation
This implementation doesn’t rely on a variable of static storage
duration being used as a conduit for the return value.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit eec9e545923179626e047c897376499ec9348802
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:52:02 2023 +1200
lib:krb5_wrap: Add smb_krb5_princ_component()
For now this function is a mere wrapper round krb5_princ_component(),
but one whose interface allows for a more sensible implementation.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d901fe9c6716a8fcdc629795fb08c949f77eb661
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 15:47:06 2023 +1200
lib:krb5_wrap: Have smb_krb5_principal_get_realm() check the return values of intermediate functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b8ca4dead240eca6487ec77c2a505d90407e83bb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 15:27:29 2023 +1200
lib:krb5_wrap: Eliminate redundant code from smb_krb5_sockaddr_to_kaddr()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit aa56750f97bb8a18ff5909545255998631f087f1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:23:10 2023 +1200
s4:kdc: Fix leaks
Create a temporary memory context on which to allocate things.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d902c134d72d47ca92a3b71e1dc99d22d2ab5dbd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:17:36 2023 +1200
s4:kdc: Be sure not to pass a NULL pointer into strcmp()
To do so is to invoke undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 41d974389e9546e47fa6fff3a15e649c5c4c452b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:17:14 2023 +1200
s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 617f87a97e1f7f79d7ad13f1b1331f64b6123458
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:15:11 2023 +1200
s4:kdc: Make RODC ID checks easier to understand with more clearly‐named variables
No change in behaviour.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ed8d7497cf0fc1852b514928e8ea19dc043ea3a9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:08:25 2023 +1200
s4:kdc: Rename ‘status’ variables to ‘reply_status’
This makes it clearer what these variables are used for, and avoids
confusion with the similarly‐named ‘nt_status’ variables — also used in
these functions.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b8368ed358b3917316aa521a0a65935288e6a4fc
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:04:47 2023 +1200
s4:kdc: Have samba_krbtgt_is_in_db() take a const KDC entry
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c72d784a4f336d6c25989ca82349a84e0a761147
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 14:04:17 2023 +1200
s4:kdc: Have samba_krbtgt_is_in_db() return a krb5_error_code
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a5308a2d904ffb3b0abba36cf8a9b40382c6e14b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 12:55:04 2023 +1200
s4:kdc: Make pac_blobs_remove_blob() never fail
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ed8436092b1530047e9dd49d00d4318cb7649f9f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 13:23:35 2023 +1200
s4:kdc: Make ‘struct pac_blobs’ memory handling safer and more consistent
Having pac_blobs::type_blobs be managed both by talloc and by the
‘pac_blobs’ structure itself (with pac_blobs_destroy()) is very prone to
error. So is the current situation of having the other ‘pac_blobs’
functions each take in a memory context.
Improve these circumstances by requiring ‘pac_blobs’ to be managed by
talloc. Now the other functions can dispense with their ‘mem_ctx’
parameters, being instead able to allocate on to the ‘pac_blobs’
structure itself. pac_blobs_init() no longer must be a separate
function; inline it into pac_blobs_from_krb5_pac(). pac_blobs_destroy(),
being no longer of use, can go too.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cb4009507912eb9411c98a0d1d3d72fb213f619c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 13:04:50 2023 +1200
s4:kdc: Don’t corrupt pac_blobs structure if talloc_realloc() fails
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e9590ac7bb595e28b1188e54f55a487690a7ebd4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 13:02:59 2023 +1200
s4:kdc: Add common out path to pac_blobs_from_krb5_pac()
This helps to make error‐checking and cleanup more systematic.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cbf1e0c83848ef305a72bde157628d64b67afe31
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 12:44:54 2023 +1200
s4:kdc: Introduce a temporary talloc context in samba_kdc_update_pac()
This avoids allocating working structures on to a potentially long‐lived
context.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b49e05831d40ecfa7f800c27c89f46d4004347c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 12:35:27 2023 +1200
s4:kdc: Use temporary memory context in samba_kdc_verify_pac()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0d2d3a90985a59e6a814646b556b9d66d7b8732b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 12:28:55 2023 +1200
s4:kdc: Fix leak
Introduce a temporary memory context and allocate working structures on
to it.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit cf2bde738d62bd500f5b2a1115c8e3eecd466087
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 12:20:39 2023 +1200
s4:kdc: Allocate variables on to more suitable memory context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 953af6c3a3d6a4862676cda15fc59e8c58106a07
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 11:06:50 2023 +1200
s4:kdc: Increment PAC_DEVICE_INFO::domain_group_count only after SID has been successfully added
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 446e45be4507acc512ccafe7f96e752e87d1b4ce
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 11:04:59 2023 +1200
s4:kdc: Directly zero‐initialize PAC_DOMAIN_GROUP_MEMBERSHIP structure
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d4ceac448b6bbc0d1f51063156de960c5d2e98f1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 11:02:37 2023 +1200
s4:kdc: Assign RID and attribute together
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6dae90bdd952b2e6e2fe2759206a6b6617ac9ef5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 10:44:55 2023 +1200
s4:kdc: Don’t corrupt domain groups structure if talloc_realloc() fails
Introduce a temporary variable instead of assigning the result of
talloc_realloc() directly to samr_RidWithAttributeArray::rids. In this
way we avoid having a structure with a non‐zero ‘count’ but with ‘rids’
set to the NULL pointer.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d045809c0c22b2c41731415146a8cfc932e8c0d2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 10:32:26 2023 +1200
s4:kdc: Check for overflow when adding a domain group SID
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 19b616d1699c2b98d72522b60af55a4c4e7d4726
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 10:28:02 2023 +1200
s4:kdc: Avoid potential use‐after‐free
We must allocate the domain groups on to the correct memory context,
lest they get freed prematurely.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bf9b16884b42d7ea8c9d23dce3cdb12597e681f9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 10:24:43 2023 +1200
s4:kdc: Fix leak
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7718a9d61b1a4e4a422903d5744da967ea56b44f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Sep 5 10:20:04 2023 +1200
s4:kdc: Use common exit point for functions
This makes it less likely that we forget to clean up resources.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e48df09175a6e8cfae52596baec52cc5e05a5c17
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 4 17:00:04 2023 +1200
s4:kdc: Fix leaks
Allocate variables on to a temporary context rather than on to the
potentially long‐lived context passed in by the caller.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 5c580dbdb3e6a70c8d2f5059e2b7293a7e780414
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 4 13:20:34 2023 +1200
s4:kdc: Add correct Asserted Identity SID in response to an S4U2Self request
I’m not sure exactly how this check was supposed to work. But in any
case, within fast_unwrap_request() the Heimdal KDC replaces the outer
padata with the padata from the inner FAST request. Hence, this check
does not accomplish anything useful: at no point should the KDC plugin
see the outer padata.
A couple of unwanted consequences resulted from this check. One was that
a client who sent empty FX‐FAST padata within the inner FAST request
would receive the *Authentication Authority* Asserted Identity SID
instead of the *Service* Asserted Identity SID. Another consequence was
that a client could in the same manner bypass the restriction on
performing S4U2Self with an RODC‐issued TGT.
Overall, samba_wdc_is_s4u2self_req() is somewhat of a hack. But the
Heimdal plugin API gives us nothing better to work with.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c4933dd4b771a3cbd29bf430c319b06f2c067d0f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 4 10:02:41 2023 +1200
s4:auth: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 8b2e14052c78ecd255cc7d8ef99ed55822ba7e8a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 4 10:02:28 2023 +1200
s4:auth: Check return values of talloc functions
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bd05237de4d385584b1dfc9b3b8a967f2f092820
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 1 13:29:17 2023 +1200
s4:dsdb: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2e8bbaea70f1e1416319ea1b9973edaa952ae2c2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 1 13:29:03 2023 +1200
s4:dsdb: Parenthesize macro expression
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b96c55c28a2f3e7a140c4b05903a54ea0577f3f0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 1 13:26:04 2023 +1200
s4:scripting: Prefer ‘x not in y’ to ‘not x in y’
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 4954443e565eaec37e2aaaf76d2d8b85542e0cc0
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 1 13:25:29 2023 +1200
s4:scripting: Fix comments
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2d736bd9e92aadc0e7d5423486f0713bd1a76e47
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Aug 31 12:32:42 2023 +1200
s4:kdc: Inline samba_get_pac_attrs_blob()
A wrapper doesn’t add much utility to a function this small. We might as
well join these two into a single function.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0669af309927ed7afdd502b909f36d09c9032450
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 30 13:58:18 2023 +1200
s3:rpc_server: Fix inverted error messages
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bd8c3afe1060b48fdf640560518d33ee50e675f6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 30 11:58:18 2023 +1200
python:tests: Fix invalid escape sequence
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3fca94cd691ea0391ab64f0c6c6e8a2a35870547
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 30 11:58:07 2023 +1200
python:tests: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit fb071bc33dbdc74bf80803495482fa5575fe3fe4
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 29 13:49:18 2023 +1200
docs-xml: Add missing paragraph section
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 30db01269c10a6d57ba9e926dc89b0870117f6c8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:53:28 2023 +1200
s4:kdc: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit bac02f087c966e7935206ca7593f405de071ced3
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:49:27 2023 +1200
s4:kdc: Don’t operate directly on caller‐owned pointer
This is more consistent with the other PAC blob functions, and easier to
reason about.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2981a7f0598150e270bff1b1d5d8f7460bc572a7
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:41:39 2023 +1200
s4:kdc: Allocate contents of PAC blobs on blob talloc contexts
The lifetime of a blob’s contents should be tied to the lifetime of the
blob itself.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3387140df838981b302c4bf72906d691b471b55d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:35:12 2023 +1200
s4:kdc: Inline samba_get_requester_sid_pac_blob()
A wrapper doesn’t add much utility to a function this small. We might as
well join these two into a single function.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit afd48f8dcde6c7e40e43a01f9d00da38758b92cc
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Sep 8 09:13:51 2023 +1200
s4:kdc: Fix error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit e427b5b796e074dd03eba8e1dac4bd9a3f8e089c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:30:27 2023 +1200
s4:kdc: Initialize pointers to NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit acda12a7e2cedc1253cd09c70ef11388eaa797cf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:29:24 2023 +1200
s4:kdc: Correct error message
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1f4438c5a2f067b97a5a95d1d9c7d045b828c0bb
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:28:07 2023 +1200
s4:kdc: Check return value of smb_krb5_principal_get_comp_string()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2d929f1391cbdbf5658a347aaba4c7532cf61314
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:18:34 2023 +1200
s4:kdc: Remove unused talloc context
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 49b96243b522bd2005148984505bbf6e805590fe
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:17:24 2023 +1200
s4:kdc: Check return value of samdb_result_dom_sid()
We should not pass a NULL pointer into dom_sid_split_rid().
Unlike samdb_result_dom_sid(), samdb_result_dom_sid_buf() produces an
error code on failure and does not require a heap allocation.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ba1750082adf87a700711f7b99573434f50fc41b
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:04:32 2023 +1200
claims.idl: Be more lenient in our expectations for the compression of claims
384 bytes is not a strict threshold below which claims are never to be
compressed. Windows has been known to compress claims a mere 368 bytes
in size.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 571ff5f31411689e9eb67ce8df837e79bb1fef2d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 25 11:01:09 2023 +1200
claims.idl: Allow empty claim value buffers
Windows doesn’t reject these, nor do we have any reason to do so.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7ac99b197f73ec5b48cfd48977df42bea725435d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 21 13:55:27 2023 +1200
s4:kdc: Make functions to add special SIDs non‐static
This allows us to call them from elsewhere.
Change their names accordingly to start with ‘samba_kdc_’.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 1f20e557fc6099c4669cc4650291634fcef1026a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 21 13:52:14 2023 +1200
s4:kdc: Check result of talloc_realloc()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3ef5e6554b9847740910c774bf6b81d5957e40d9
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 21 13:51:27 2023 +1200
s4:kdc: Handle invalid enum values
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 39340f6518933e6de70ac19d97d0124009ed75af
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 21 13:49:38 2023 +1200
s4:kdc: Check result of dom_sid_parse()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 716bf29d2d8cd6a6c304c02f722b9f457ac26417
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Aug 21 13:46:57 2023 +1200
s4:kdc: Remove unused flags
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ffbd95e6f19314253ed0d140e38a47cd3072f277
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 18 15:00:20 2023 +1200
s4:kdc: Use smb_krb5_data_from_blob()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 97906d275d0a3217f134c5e0bacd3e339a1f7465
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 18 15:00:04 2023 +1200
s4:kdc: Remove duplicate function signature
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c92fac94cd6dc2981e47ea2ae7b55d73dc171579
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 7 16:35:39 2023 +1200
s4:kdc: Prefer explicit initialization to ZERO_STRUCT()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b208c8e848986bc0d3ce07980d03a3ac25b5c314
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Fri Aug 18 12:33:01 2023 +1200
libcli:security: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9846da6f4be6ed3e556ad630e8689e7f5ef684c2
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 30 11:58:34 2023 +1200
s4:scripting: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9f5667032c25e143b324e5f2aaddafb60994bc9f
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Aug 17 11:10:06 2023 +1200
python:tests: Remove unused imports
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9f78cc3b11ccc8a1e35c99168df92de5918b53ad
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Tue Aug 15 12:38:35 2023 +1200
librpc:ndr: Avoid overflow in size calculation
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c86038095e3aa18ef965cd6b7922fd85f758523e
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 9 16:52:46 2023 +1200
libgpo: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 0bcf44c8b7711d177616685187b1fb381a912af8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 9 16:51:46 2023 +1200
lib:tdr: Remove unnecessary cast
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 74e1bb05712c82d683ab600d93a7a42b871dee4a
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Wed Aug 9 16:51:33 2023 +1200
lib:mscat: Remove unnecessary casts
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/net.8.xml | 2 +
lib/krb5_wrap/krb5_samba.c | 91 ++--
lib/ldb/common/ldb_msg.c | 14 +-
lib/mscat/mscat_ctl.c | 10 +-
lib/tdr/tdr.c | 2 +-
libcli/security/dom_sid.c | 2 +-
libgpo/gpo_ini.c | 2 +-
librpc/idl/claims.idl | 9 +-
librpc/idl/fsrvp.idl | 2 +-
librpc/ndr/ndr_claims.c | 2 +-
librpc/ndr/ndr_string.c | 8 +
nsswitch/tests/test_wbinfo_name_lookup.sh | 2 +-
python/samba/tests/krb5/raw_testcase.py | 22 +-
python/samba/tests/samba_tool/dnscmd.py | 4 +-
python/samba/tests/samba_tool/dsacl.py | 1 -
python/samba/tests/samba_tool/ntacl.py | 4 +-
python/samba/tests/samba_tool/visualize.py | 3 +-
python/samba/tests/segfault.py | 5 +-
python/samba/tests/smbd_fuzztest.py | 1 -
source3/client/client.c | 16 +-
source3/include/libsmb_internal.h | 4 +-
source3/lib/netapi/netapi.c | 37 +-
source3/lib/netapi/netapi_private.h | 1 +
source3/libsmb/dsgetdcname.c | 6 +-
source3/libsmb/libsmb_context.c | 20 +-
source3/libsmb/libsmb_setget.c | 11 +-
source3/param/loadparm.c | 18 -
source3/param/loadparm.h | 1 -
source3/rpc_server/svcctl/srv_svcctl_reg.c | 4 +-
source3/script/tests/test_bug15435_widelink_dfs.sh | 2 +-
source3/script/tests/test_chdir_cache.sh | 2 +-
source3/script/tests/test_forceuser_validusers.sh | 2 +-
source3/script/tests/test_net_registry_check.sh | 2 +-
source3/script/tests/test_printing_var_exp.sh | 2 +-
source3/script/tests/test_rpcclient_lookup.sh | 2 +-
source3/script/tests/test_rpcclientsrvsvc.sh | 2 +-
source3/script/tests/test_smbclient_krb5.sh | 2 +-
source3/script/tests/test_smbclient_large_file.sh | 2 +-
.../script/tests/test_smbclient_netbios_aliases.sh | 2 +-
source3/script/tests/test_smbspool.sh | 2 +-
source3/script/tests/test_testparm_s3.sh | 2 +-
source3/smbd/notifyd/notifydd.c | 11 +-
source3/torture/torture.c | 12 +-
source3/utils/net_offlinejoin.c | 10 +
source3/utils/smbpasswd.c | 18 +-
source3/winbindd/idmap_hash/idmap_hash.c | 2 +-
source4/auth/kerberos/kerberos.h | 7 +-
source4/auth/sam.c | 12 +
source4/dsdb/common/util.c | 6 +-
source4/dsdb/samdb/cracknames.c | 62 ++-
source4/dsdb/samdb/ldb_modules/password_hash.c | 12 +-
source4/dsdb/samdb/ldb_modules/samldb.c | 2 +-
source4/kdc/db-glue.c | 108 ++--
source4/kdc/mit_samba.c | 34 +-
source4/kdc/pac-blobs.c | 109 ++--
source4/kdc/pac-blobs.h | 16 +-
source4/kdc/pac-glue.c | 583 ++++++++++-----------
source4/kdc/pac-glue.h | 17 +-
source4/kdc/wdc-samba4.c | 60 +--
source4/rpc_server/drsuapi/writespn.c | 12 +-
source4/scripting/bin/gen_werror.py | 4 +-
source4/scripting/bin/samba_dnsupdate | 8 +-
source4/selftest/win/wintest_base.sh | 2 +-
source4/selftest/win/wintest_net.sh | 2 +-
source4/selftest/win/wintest_raw.sh | 2 +-
source4/selftest/win/wintest_rpc.sh | 2 +-
source4/setup/tests/blackbox_spn.sh | 2 +-
source4/wrepl_server/wrepl_server.c | 40 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 2 +-
testprogs/blackbox/demote-saveddb.sh | 2 +-
testprogs/blackbox/runtime-links.sh | 2 +-
testprogs/blackbox/test_chgdcpass.sh | 2 +-
testprogs/blackbox/test_kinit_export_keytab.sh | 2 +-
testprogs/blackbox/test_ktpass.sh | 2 +-
testprogs/blackbox/test_net_ads.sh | 2 +-
testprogs/blackbox/test_net_offline.sh | 2 +-
testprogs/blackbox/test_net_rpc_user.sh | 2 +-
testprogs/blackbox/test_old_enctypes.sh | 2 +-
testprogs/blackbox/test_pkinit_simple.sh | 2 +-
testprogs/blackbox/test_s4u_heimdal.sh | 2 +-
testprogs/blackbox/upgradeprovision-oldrelease.sh | 2 +-
third_party/heimdal_build/wscript_configure | 15 +-
82 files changed, 820 insertions(+), 704 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index 95bbac7a827..4ff99e238a2 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -2202,12 +2202,14 @@ defined share. This parameter is only allowed if the global parameter
"usershare allow guests" has been set to true in the &smb.conf;.
</para>
+<para>
There is no separate command to modify an existing user defined share,
just use the "net usershare add [sharename]" command using the same
sharename as the one you wish to modify and specify the new options
you wish. The Samba smbd daemon notices user defined share modifications
at connect time so will see the change immediately, there is no need
to restart smbd on adding, deleting or changing a user defined share.
+</para>
</refsect3>
<refsect3>
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 20f3000c277..a1884853c61 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -126,29 +126,52 @@ void krb5_free_string(krb5_context context, char *val) {
}
#endif
+krb5_error_code smb_krb5_princ_component(krb5_context context,
+ krb5_const_principal principal,
+ int i,
+ krb5_data *data);
+krb5_error_code smb_krb5_princ_component(krb5_context context,
+ krb5_const_principal principal,
+ int i,
+ krb5_data *data)
+{
#if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) && !defined(HAVE_KRB5_PRINC_COMPONENT)
-const krb5_data *krb5_princ_component(krb5_context context,
- krb5_principal principal, int i);
+ const char *component = NULL;
-const krb5_data *krb5_princ_component(krb5_context context,
- krb5_principal principal, int i)
-{
- static krb5_data kdata;
+ if (i < 0) {
+ return EINVAL;
+ }
- kdata.data = discard_const_p(char, krb5_principal_get_comp_string(context, principal, i));
- kdata.length = strlen((const char *)kdata.data);
- return &kdata;
-}
-#endif
+ component = krb5_principal_get_comp_string(context, principal, i);
+ if (component == NULL) {
+ return ENOENT;
+ }
+
+ *data = smb_krb5_make_data(discard_const_p(char, component), strlen(component));
+ return 0;
+#else
+ const krb5_data *kdata = NULL;
+
+ if (i < 0) {
+ return EINVAL;
+ }
+
+ kdata = krb5_princ_component(context, principal, i);
+ if (kdata == NULL) {
+ return ENOENT;
+ }
+
+ *data = *kdata;
+
+ return 0;
+#endif
+}
/**********************************************************
* WRAPPING FUNCTIONS
**********************************************************/
-#if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
-/* HEIMDAL */
-
/**
* @brief Stores the address of a 'struct sockaddr_storage' into a krb5_address
*
@@ -163,6 +186,8 @@ bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
krb5_address *pkaddr)
{
memset(pkaddr, '\0', sizeof(krb5_address));
+#if defined(HAVE_ADDR_TYPE_IN_KRB5_ADDRESS)
+/* HEIMDAL */
#ifdef HAVE_IPV6
if (paddr->ss_family == AF_INET6) {
pkaddr->addr_type = KRB5_ADDRESS_INET6;
@@ -177,25 +202,8 @@ bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
pkaddr->address.data = (char *)&(((struct sockaddr_in *)paddr)->sin_addr);
return true;
}
- return false;
-}
#elif defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS)
/* MIT */
-
-/**
- * @brief Stores the address of a 'struct sockaddr_storage' into a krb5_address
- *
- * @param[in] paddr A pointer to a 'struct sockaddr_storage to extract the
- * address from.
- *
- * @param[in] pkaddr A Kerberos address to store the address in.
- *
- * @return True on success, false if an error occurred.
- */
-bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
- krb5_address *pkaddr)
-{
- memset(pkaddr, '\0', sizeof(krb5_address));
#ifdef HAVE_IPV6
if (paddr->ss_family == AF_INET6) {
pkaddr->addrtype = ADDRTYPE_INET6;
@@ -210,11 +218,11 @@ bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
pkaddr->contents = (krb5_octet *)&(((struct sockaddr_in *)paddr)->sin_addr);
return true;
}
- return false;
-}
#else
#error UNKNOWN_ADDRTYPE
#endif
+ return false;
+}
krb5_error_code smb_krb5_mk_error(krb5_context context,
krb5_error_code error_code,
@@ -3180,11 +3188,22 @@ char *smb_krb5_principal_get_realm(TALLOC_CTX *mem_ctx,
krb5_const_principal principal)
{
#ifdef HAVE_KRB5_PRINCIPAL_GET_REALM /* Heimdal */
- return talloc_strdup(mem_ctx,
- krb5_principal_get_realm(context, principal));
+ const char *realm = NULL;
+
+ realm = krb5_principal_get_realm(context, principal);
+ if (realm == NULL) {
+ return NULL;
+ }
+
+ return talloc_strdup(mem_ctx, realm);
#elif defined(krb5_princ_realm) /* MIT */
- const krb5_data *realm;
+ const krb5_data *realm = NULL;
+
realm = krb5_princ_realm(context, principal);
+ if (realm == NULL) {
+ return NULL;
+ }
+
return talloc_strndup(mem_ctx, realm->data, realm->length);
#else
#error UNKNOWN_GET_PRINC_REALM_FUNCTIONS
diff --git a/lib/ldb/common/ldb_msg.c b/lib/ldb/common/ldb_msg.c
index a9f59006173..afddbe40ef6 100644
--- a/lib/ldb/common/ldb_msg.c
+++ b/lib/ldb/common/ldb_msg.c
@@ -346,7 +346,7 @@ static int _ldb_msg_add_el(struct ldb_message *msg,
return LDB_ERR_OPERATIONS_ERROR;
}
- ZERO_STRUCT(els[msg->num_elements]);
+ els[msg->num_elements] = (struct ldb_message_element) {};
msg->elements = els;
msg->num_elements++;
@@ -848,7 +848,7 @@ int ldb_msg_find_attr_as_int(const struct ldb_message *msg,
int default_value)
{
const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name);
- char buf[sizeof("-2147483648")];
+ char buf[sizeof("-2147483648")] = {};
char *end = NULL;
int ret;
@@ -856,7 +856,6 @@ int ldb_msg_find_attr_as_int(const struct ldb_message *msg,
return default_value;
}
- ZERO_STRUCT(buf);
if (v->length >= sizeof(buf)) {
return default_value;
}
@@ -878,7 +877,7 @@ unsigned int ldb_msg_find_attr_as_uint(const struct ldb_message *msg,
unsigned int default_value)
{
const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr_name);
- char buf[sizeof("-2147483648")];
+ char buf[sizeof("-2147483648")] = {};
char *end = NULL;
unsigned int ret;
@@ -886,7 +885,6 @@ unsigned int ldb_msg_find_attr_as_uint(const struct ldb_message *msg,
return default_value;
}
- ZERO_STRUCT(buf);
if (v->length >= sizeof(buf)) {
return default_value;
}
@@ -919,7 +917,7 @@ int64_t ldb_msg_find_attr_as_int64(const struct ldb_message *msg,
int ldb_val_as_int64(const struct ldb_val *v, int64_t *val)
{
- char buf[sizeof("-9223372036854775808")];
+ char buf[sizeof("-9223372036854775808")] = {};
char *end = NULL;
int64_t result;
@@ -927,7 +925,6 @@ int ldb_val_as_int64(const struct ldb_val *v, int64_t *val)
return LDB_ERR_OPERATIONS_ERROR;
}
- ZERO_STRUCT(buf);
if (v->length >= sizeof(buf)) {
return LDB_ERR_OPERATIONS_ERROR;
}
@@ -958,7 +955,7 @@ uint64_t ldb_msg_find_attr_as_uint64(const struct ldb_message *msg,
int ldb_val_as_uint64(const struct ldb_val *v, uint64_t *val)
{
- char buf[sizeof("-9223372036854775808")];
+ char buf[sizeof("-9223372036854775808")] = {};
char *end = NULL;
uint64_t result;
@@ -966,7 +963,6 @@ int ldb_val_as_uint64(const struct ldb_val *v, uint64_t *val)
return LDB_ERR_OPERATIONS_ERROR;
}
- ZERO_STRUCT(buf);
if (v->length >= sizeof(buf)) {
return LDB_ERR_OPERATIONS_ERROR;
}
diff --git a/lib/mscat/mscat_ctl.c b/lib/mscat/mscat_ctl.c
index 1fed8854c4b..292aa9aa6d5 100644
--- a/lib/mscat/mscat_ctl.c
+++ b/lib/mscat/mscat_ctl.c
@@ -315,7 +315,7 @@ static int ctl_get_member_checksum_string(struct mscat_ctl *ctl,
CH_UNIX,
chksum_ucs2.data,
chksum_ucs2.length,
- (void **)&checksum,
+ &checksum,
&converted_size);
if (!ok) {
rc = -1;
@@ -450,7 +450,7 @@ static int ctl_parse_name_value(struct mscat_ctl *ctl,
CH_UNIX,
name_blob.data,
name_blob.length,
- (void **)pname,
+ pname,
&converted_size);
if (!ok) {
rc = ASN1_MEM_ERROR;
@@ -464,7 +464,7 @@ static int ctl_parse_name_value(struct mscat_ctl *ctl,
CH_UNIX,
value_blob.data,
value_blob.length,
- (void **)pvalue,
+ pvalue,
&converted_size);
if (!ok) {
rc = ASN1_MEM_ERROR;
@@ -543,7 +543,7 @@ static int ctl_parse_member_info(struct mscat_ctl *ctl,
CH_UNIX,
name_blob.data,
name_blob.length,
- (void **)pname,
+ pname,
&converted_size);
if (!ok) {
rc = ASN1_MEM_ERROR;
@@ -679,7 +679,7 @@ static int ctl_spc_pe_image_data(struct mscat_ctl *ctl,
CH_UNIX,
file_blob.data,
file_blob.length,
- (void **)&file,
+ &file,
&converted_size);
if (!ok) {
rc = -1;
diff --git a/lib/tdr/tdr.c b/lib/tdr/tdr.c
index 401e1ccf6ef..6c87aa0b89d 100644
--- a/lib/tdr/tdr.c
+++ b/lib/tdr/tdr.c
@@ -163,7 +163,7 @@ NTSTATUS tdr_pull_charset(struct tdr_pull *tdr, TALLOC_CTX *ctx, const char **v,
TDR_PULL_NEED_BYTES(tdr, el_size*length);
- if (!convert_string_talloc(ctx, chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, discard_const_p(void *, v), &ret)) {
+ if (!convert_string_talloc(ctx, chset, CH_UNIX, tdr->data.data+tdr->offset, el_size*length, v, &ret)) {
return NT_STATUS_INVALID_PARAMETER;
}
diff --git a/libcli/security/dom_sid.c b/libcli/security/dom_sid.c
index 4a726aae7b4..eaece2a55f5 100644
--- a/libcli/security/dom_sid.c
+++ b/libcli/security/dom_sid.c
@@ -146,7 +146,7 @@ bool dom_sid_parse_endp(const char *sidstr,struct dom_sid *sidout,
uint64_t conv;
int error = 0;
- ZERO_STRUCTP(sidout);
+ *sidout = (struct dom_sid) {};
if ((sidstr[0] != 'S' && sidstr[0] != 's') || sidstr[1] != '-') {
goto format_error;
diff --git a/libgpo/gpo_ini.c b/libgpo/gpo_ini.c
index c1b1698b184..66f743e52a0 100644
--- a/libgpo/gpo_ini.c
+++ b/libgpo/gpo_ini.c
@@ -119,7 +119,7 @@ static NTSTATUS convert_file_from_ucs2(TALLOC_CTX *mem_ctx,
}
if (!convert_string_talloc(mem_ctx, CH_UTF16LE, CH_UNIX, data_in, n,
- (void *)&data_out, &converted_size))
+ &data_out, &converted_size))
{
status = NT_STATUS_INVALID_BUFFER_SIZE;
goto out;
diff --git a/librpc/idl/claims.idl b/librpc/idl/claims.idl
index 196db5785a0..618a620ef87 100644
--- a/librpc/idl/claims.idl
+++ b/librpc/idl/claims.idl
@@ -27,7 +27,8 @@ interface claims
#define wchar_t uint16
#define CLAIM_ID [string, charset(UTF16)] wchar_t *
- const int CLAIM_MINIMUM_BYTES_TO_COMPRESS = 384;
+ const int CLAIM_LOWER_COMPRESSION_THRESHOLD = 368;
+ const int CLAIM_UPPER_COMPRESSION_THRESHOLD = 384;
typedef enum {
CLAIM_TYPE_INT64 = 1,
@@ -49,17 +50,17 @@ interface claims
} CLAIMS_COMPRESSION_FORMAT;
typedef struct {
- [range(1, 10*1024*1024)] uint32 value_count;
+ [range(0, 10*1024*1024)] uint32 value_count;
[size_is(value_count)] int64 *values;
} CLAIM_INT64;
typedef struct {
- [range(1, 10*1024*1024)] uint32 value_count;
+ [range(0, 10*1024*1024)] uint32 value_count;
[size_is(value_count)] hyper *values;
} CLAIM_UINT64;
typedef struct {
- [range(1, 10*1024*1024)] uint32 value_count;
+ [range(0, 10*1024*1024)] uint32 value_count;
[size_is(value_count), string, charset(UTF16)] wchar_t **values;
} CLAIM_STRING;
diff --git a/librpc/idl/fsrvp.idl b/librpc/idl/fsrvp.idl
index aebd6890d77..6158f43766d 100644
--- a/librpc/idl/fsrvp.idl
+++ b/librpc/idl/fsrvp.idl
@@ -36,7 +36,7 @@ import "misc.idl";
[default];
} fssagent_share_mapping;
- const uint32 FSRVP_RPC_VERSION_1 = 0x000000001;
+ const uint32 FSRVP_RPC_VERSION_1 = 0x00000001;
DWORD fss_GetSupportedVersion(
[out] uint32 *MinVersion,
[out] uint32 *MaxVersion);
diff --git a/librpc/ndr/ndr_claims.c b/librpc/ndr/ndr_claims.c
index c144d8985fa..e087679b967 100644
--- a/librpc/ndr/ndr_claims.c
+++ b/librpc/ndr/ndr_claims.c
@@ -26,7 +26,7 @@ enum ndr_compression_alg ndr_claims_compression_alg(enum CLAIMS_COMPRESSION_FORM
enum CLAIMS_COMPRESSION_FORMAT ndr_claims_actual_wire_compression_alg(enum CLAIMS_COMPRESSION_FORMAT specified_compression,
size_t uncompressed_claims_size) {
- if (uncompressed_claims_size < CLAIM_MINIMUM_BYTES_TO_COMPRESS) {
+ if (uncompressed_claims_size < CLAIM_UPPER_COMPRESSION_THRESHOLD) {
return CLAIMS_COMPRESSION_FORMAT_NONE;
}
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index 0a9d7ab8b9b..0aec7b66cb5 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -660,6 +660,14 @@ _PUBLIC_ enum ndr_err_code ndr_check_string_terminator(struct ndr_pull *ndr, uin
uint32_t i;
uint32_t save_offset;
+ if (count == 0) {
+ return NDR_ERR_RANGE;
+ }
+
+ if (element_size && count - 1 > UINT32_MAX / element_size) {
+ return NDR_ERR_RANGE;
+ }
+
save_offset = ndr->offset;
NDR_CHECK(ndr_pull_advance(ndr, (count - 1) * element_size));
NDR_PULL_NEED_BYTES(ndr, element_size);
diff --git a/nsswitch/tests/test_wbinfo_name_lookup.sh b/nsswitch/tests/test_wbinfo_name_lookup.sh
index 2b2b29a8e5d..048fdfcf6bc 100755
--- a/nsswitch/tests/test_wbinfo_name_lookup.sh
+++ b/nsswitch/tests/test_wbinfo_name_lookup.sh
@@ -2,7 +2,7 @@
# Blackbox test for wbinfo name lookup
if [ $# -lt 3 ]; then
cat <<EOF
-Usage: test_wbinfo.sh DOMAIN REALM DC_USERNAME
+Usage: test_wbinfo_name_lookup.sh DOMAIN REALM DC_USERNAME
EOF
exit 1
fi
diff --git a/python/samba/tests/krb5/raw_testcase.py b/python/samba/tests/krb5/raw_testcase.py
index 536803e7a1f..3ba0b9df08b 100644
--- a/python/samba/tests/krb5/raw_testcase.py
+++ b/python/samba/tests/krb5/raw_testcase.py
@@ -4571,34 +4571,36 @@ class RawKerberosTest(TestCase):
else:
empty_msg = ' for {claims_type} (should be missing)'
- client_claims = ndr_unpack(claims.CLAIMS_SET_METADATA_NDR,
- remaining)
- client_claims = client_claims.claims.metadata
- self.assertIsNotNone(client_claims,
+ claims_metadata_ndr = ndr_unpack(claims.CLAIMS_SET_METADATA_NDR,
+ remaining)
+ claims_metadata = claims_metadata_ndr.claims.metadata
+ self.assertIsNotNone(claims_metadata,
f'got empty CLAIMS_SET_METADATA_NDR '
f'inner structure {empty_msg}')
- self.assertIsNotNone(client_claims.claims_set,
+ self.assertIsNotNone(claims_metadata.claims_set,
f'got empty CLAIMS_SET_METADATA '
f'structure {empty_msg}')
- uncompressed_size = client_claims.uncompressed_claims_set_size
- compression_format = client_claims.compression_format
+ uncompressed_size = claims_metadata.uncompressed_claims_set_size
+ compression_format = claims_metadata.compression_format
- if uncompressed_size < claims.CLAIM_MINIMUM_BYTES_TO_COMPRESS:
+ if uncompressed_size < (
+ claims.CLAIM_LOWER_COMPRESSION_THRESHOLD):
self.assertEqual(claims.CLAIMS_COMPRESSION_FORMAT_NONE,
compression_format,
f'{claims_type} unexpectedly '
f'compressed ({uncompressed_size} '
f'bytes uncompressed)')
- else:
+ elif uncompressed_size >= (
+ claims.CLAIM_UPPER_COMPRESSION_THRESHOLD):
self.assertEqual(
claims.CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF,
compression_format,
f'{claims_type} unexpectedly not compressed '
f'({uncompressed_size} bytes uncompressed)')
- claims_set = client_claims.claims_set.claims.claims
+ claims_set = claims_metadata.claims_set.claims.claims
self.assertIsNotNone(claims_set,
f'got empty CLAIMS_SET_NDR inner '
f'structure {empty_msg}')
diff --git a/python/samba/tests/samba_tool/dnscmd.py b/python/samba/tests/samba_tool/dnscmd.py
index 0ce61de2a01..da8ff9a76b6 100644
--- a/python/samba/tests/samba_tool/dnscmd.py
+++ b/python/samba/tests/samba_tool/dnscmd.py
@@ -19,8 +19,6 @@ import os
import ldb
import re
-from samba.auth import system_session
-from samba.samdb import SamDB
from samba.ndr import ndr_unpack, ndr_pack
from samba.dcerpc import dnsp
from samba.tests.samba_tool.base import SambaToolCmdTest
@@ -208,7 +206,7 @@ class DnsCmdTestCase(SambaToolCmdTest):
self.assertTrue("testrecord" in out and record_str in out,
"Query for a record which had DNS_RANK_NONE"
"succeeded but produced no resulting records.")
- except AssertionError as e:
+ except AssertionError:
# Windows produces no resulting records
pass
--
Samba Shared Repository
More information about the samba-cvs
mailing list