[SCM] Samba Shared Repository - branch master updated
Douglas Bagnall
dbagnall at samba.org
Fri Oct 4 04:02:01 UTC 2024
The branch, master has been updated
via 3766b6a126f netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
from dea292c2fdb auth4: Fix CID 1034877 Resource leak
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 3766b6a126f659a43e2e36c66689c136fc22dbc4
Author: Andréas Leroux <aleroux at tranquil.it>
Date: Wed Sep 25 14:42:25 2024 +0200
netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15692
Signed-off-by: Andréas Leroux <aleroux at tranquil.it>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Oct 4 04:01:22 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
python/samba/netcmd/domain/auth/policy/policy.py | 18 ++++++++++++------
python/samba/tests/samba_tool/domain_auth_policy.py | 19 +++++++++++++------
2 files changed, 25 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/netcmd/domain/auth/policy/policy.py b/python/samba/netcmd/domain/auth/policy/policy.py
index 207aa33c8d3..a1552c20fc5 100644
--- a/python/samba/netcmd/domain/auth/policy/policy.py
+++ b/python/samba/netcmd/domain/auth/policy/policy.py
@@ -26,7 +26,13 @@ from samba.domain.models import (MAX_TGT_LIFETIME, MIN_TGT_LIFETIME,
from samba.domain.models.exceptions import ModelError
from samba.netcmd import Command, CommandError, Option
from samba.netcmd.validators import Range
+from samba.nt_time import NT_TICKS_PER_SEC
+def mins_to_tgt_lifetime(minutes):
+ """Convert minutes to the tgt_lifetime attributes unit which is 10^-7 seconds"""
+ if minutes is not None:
+ return minutes * 60 * NT_TICKS_PER_SEC
+ return minutes
class UserOptions(options.OptionGroup):
"""User options used by policy create and policy modify commands."""
@@ -238,14 +244,14 @@ class cmd_domain_auth_policy_create(Command):
description=description,
strong_ntlm_policy=StrongNTLMPolicy[strong_ntlm_policy.upper()],
user_allow_ntlm_auth=useropts.allow_ntlm_auth,
- user_tgt_lifetime=useropts.tgt_lifetime,
+ user_tgt_lifetime=mins_to_tgt_lifetime(useropts.tgt_lifetime),
user_allowed_to_authenticate_from=useropts.allowed_to_authenticate_from,
user_allowed_to_authenticate_to=useropts.allowed_to_authenticate_to,
service_allow_ntlm_auth=serviceopts.allow_ntlm_auth,
- service_tgt_lifetime=serviceopts.tgt_lifetime,
+ service_tgt_lifetime=mins_to_tgt_lifetime(serviceopts.tgt_lifetime),
service_allowed_to_authenticate_from=serviceopts.allowed_to_authenticate_from,
service_allowed_to_authenticate_to=serviceopts.allowed_to_authenticate_to,
- computer_tgt_lifetime=computeropts.tgt_lifetime,
+ computer_tgt_lifetime=mins_to_tgt_lifetime(computeropts.tgt_lifetime),
computer_allowed_to_authenticate_to=computeropts.allowed_to_authenticate_to,
)
@@ -346,7 +352,7 @@ class cmd_domain_auth_policy_modify(Command):
StrongNTLMPolicy[strong_ntlm_policy.upper()]
if useropts.tgt_lifetime is not None:
- policy.user_tgt_lifetime = useropts.tgt_lifetime
+ policy.user_tgt_lifetime = mins_to_tgt_lifetime(useropts.tgt_lifetime)
if useropts.allowed_to_authenticate_from is not None:
policy.user_allowed_to_authenticate_from = \
@@ -360,7 +366,7 @@ class cmd_domain_auth_policy_modify(Command):
##################
if serviceopts.tgt_lifetime is not None:
- policy.service_tgt_lifetime = serviceopts.tgt_lifetime
+ policy.service_tgt_lifetime = mins_to_tgt_lifetime(serviceopts.tgt_lifetime)
if serviceopts.allowed_to_authenticate_from is not None:
policy.service_allowed_to_authenticate_from = \
@@ -374,7 +380,7 @@ class cmd_domain_auth_policy_modify(Command):
###########
if computeropts.tgt_lifetime is not None:
- policy.computer_tgt_lifetime = computeropts.tgt_lifetime
+ policy.computer_tgt_lifetime = mins_to_tgt_lifetime(computeropts.tgt_lifetime)
if computeropts.allowed_to_authenticate_to is not None:
policy.computer_allowed_to_authenticate_to = \
diff --git a/python/samba/tests/samba_tool/domain_auth_policy.py b/python/samba/tests/samba_tool/domain_auth_policy.py
index 864979608ea..d5fa295ecd1 100644
--- a/python/samba/tests/samba_tool/domain_auth_policy.py
+++ b/python/samba/tests/samba_tool/domain_auth_policy.py
@@ -27,12 +27,19 @@ from unittest.mock import patch
from samba.dcerpc import security
from samba.domain.models.exceptions import ModelError
from samba.ndr import ndr_pack, ndr_unpack
+from samba.nt_time import NT_TICKS_PER_SEC
from samba.samdb import SamDB
from samba.sd_utils import SDUtils
from .silo_base import SiloTest
+def mins_to_tgt_lifetime(minutes):
+ """Convert minutes to the tgt_lifetime attributes unit which is 10^-7 seconds"""
+ if minutes is not None:
+ return minutes * 60 * NT_TICKS_PER_SEC
+ return minutes
+
class AuthPolicyCmdTestCase(SiloTest):
def test_list(self):
@@ -135,7 +142,7 @@ class AuthPolicyCmdTestCase(SiloTest):
# Check policy fields.
policy = self.get_authentication_policy(name)
self.assertEqual(str(policy["cn"]), name)
- self.assertEqual(str(policy["msDS-UserTGTLifetime"]), "60")
+ self.assertEqual(str(policy["msDS-UserTGTLifetime"]), str(mins_to_tgt_lifetime(60)))
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
@@ -169,7 +176,7 @@ class AuthPolicyCmdTestCase(SiloTest):
# Check policy fields.
policy = self.get_authentication_policy(name)
self.assertEqual(str(policy["cn"]), name)
- self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), "60")
+ self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), str(mins_to_tgt_lifetime(60)))
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
@@ -203,7 +210,7 @@ class AuthPolicyCmdTestCase(SiloTest):
# Check policy fields.
policy = self.get_authentication_policy(name)
self.assertEqual(str(policy["cn"]), name)
- self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), "60")
+ self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), str(mins_to_tgt_lifetime(60)))
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "create",
@@ -644,7 +651,7 @@ class AuthPolicyCmdTestCase(SiloTest):
# Verify field was changed.
policy = self.get_authentication_policy(name)
- self.assertEqual(str(policy["msDS-UserTGTLifetime"]), "120")
+ self.assertEqual(str(policy["msDS-UserTGTLifetime"]), str(mins_to_tgt_lifetime(120)))
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
@@ -680,7 +687,7 @@ class AuthPolicyCmdTestCase(SiloTest):
# Verify field was changed.
policy = self.get_authentication_policy(name)
- self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), "120")
+ self.assertEqual(str(policy["msDS-ServiceTGTLifetime"]), str(mins_to_tgt_lifetime(120)))
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
@@ -716,7 +723,7 @@ class AuthPolicyCmdTestCase(SiloTest):
# Verify field was changed.
policy = self.get_authentication_policy(name)
- self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), "120")
+ self.assertEqual(str(policy["msDS-ComputerTGTLifetime"]), str(mins_to_tgt_lifetime(120)))
# check lower bounds (45)
result, out, err = self.runcmd("domain", "auth", "policy", "modify",
--
Samba Shared Repository
More information about the samba-cvs
mailing list