The branch, master has been updated
via 92c726dc7a8 make some auth functions return an NTSTATUS like other
similar functions for better diagnostics.
via 959a4837b54 Spelling fixes s/verson/version/
via 882d8a5bf41 Spelling fixes s/conficts/conflicts/
via 6064543d64e Spelling fixes s/overrided/overridden/
via 720396f0fb4 Spelling fix s/informations/information/
via 2044ca0e20b s3:ldap: Leave add machine code early for pre-existing
accounts
via c016afc8325 s3:libads: Make sure we can lookup KDCs which are not
configured
via b7f0c64514a s3:libnet: Use more secure name for the JOIN krb5.conf
via 5c7f0a6902c auth:creds: Prefer the principal over DOMAIN/username
when using NTLM
via 9e92654899d auth:ntlmssp: Add back CRAP ndr debug output
via 3a33c360071 s3:libnet: Fix debug message in libnet_DomainJoin()
via 011a47f04da s3:libsmb: Add some useful debug output to cliconnect
via 40669e3739e s3:libads: Print more information when LDAP fails
from 0876712ce8f libsmb: Make cli_posix_chown/chmod proper tevent_req
functions
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 92c726dc7a83834ee0e49d83e676b02f7687f5cd
Author: Kristján Valur <krist...@rvx.is>
Date: Tue Mar 12 09:33:15 2019 +0000
make some auth functions return an NTSTATUS like other similar functions
for better diagnostics.
Signed-off-by: Kristján Valur <krist...@rvx.is>
Reviewed-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Tue Apr 2 02:12:48 UTC 2019 on sn-devel-144
commit 959a4837b54a4c504930fecaa0648ae4e586577b
Author: Mathieu Parent <math.par...@gmail.com>
Date: Mon Mar 25 15:22:55 2019 +0100
Spelling fixes s/verson/version/
Signed-off-by: Mathieu Parent <math.par...@gmail.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
commit 882d8a5bf416b6574daa8dafa145740fa6b10d6d
Author: Mathieu Parent <math.par...@gmail.com>
Date: Mon Mar 25 15:22:49 2019 +0100
Spelling fixes s/conficts/conflicts/
Signed-off-by: Mathieu Parent <math.par...@gmail.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
commit 6064543d64e1694f44d583a69a6ee105a3c1c922
Author: Mathieu Parent <math.par...@gmail.com>
Date: Mon Mar 25 15:20:44 2019 +0100
Spelling fixes s/overrided/overridden/
Signed-off-by: Mathieu Parent <math.par...@gmail.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
commit 720396f0fb499d587062d7b2ce7c3a62ee3b6dd3
Author: Mathieu Parent <math.par...@gmail.com>
Date: Mon Mar 25 15:02:45 2019 +0100
Spelling fix s/informations/information/
Signed-off-by: Mathieu Parent <math.par...@gmail.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Reviewed-by: Martin Schwenke <mar...@meltin.net>
commit 2044ca0e20bd3180720a82506b3af041d14b5c68
Author: Guenther Deschner <g...@samba.org>
Date: Mon Apr 1 17:40:03 2019 +0200
s3:ldap: Leave add machine code early for pre-existing accounts
This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Pair-Programmed-With: Andreas Schneider <a...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit c016afc832543514ebf7ecda1fbe6b272ea533d6
Author: Andreas Schneider <a...@samba.org>
Date: Mon Apr 1 16:47:26 2019 +0200
s3:libads: Make sure we can lookup KDCs which are not configured
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Pair-Programmed-With: Guenther Deschner <g...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit b7f0c64514a28cfb5d2cdee683c18943b97ea753
Author: Andreas Schneider <a...@samba.org>
Date: Mon Apr 1 16:39:45 2019 +0200
s3:libnet: Use more secure name for the JOIN krb5.conf
Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 5c7f0a6902cfdd698e5f4159d37537bb4c9c1cc3
Author: Andreas Schneider <a...@samba.org>
Date: Mon Apr 1 15:59:10 2019 +0200
auth:creds: Prefer the principal over DOMAIN/username when using NTLM
If we want to authenticate using -Wadmin@otherdomain the DC should do
take care of the authentication with the right DC for us.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Pair-Programmed-With: Guenther Deschner <g...@samba.org>
Signed-off-by: Guenther Deschner <g...@samba.org>
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 9e92654899db3c951bee0203415a15737402e7b7
Author: Guenther Deschner <g...@samba.org>
Date: Wed Mar 27 17:51:04 2019 +0100
auth:ntlmssp: Add back CRAP ndr debug output
This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 3a33c360071bb7cada58f1f71ccd8949fda70662
Author: Guenther Deschner <g...@samba.org>
Date: Mon Apr 1 17:46:39 2019 +0200
s3:libnet: Fix debug message in libnet_DomainJoin()
A newline is missing but also use DBG_INFO macro and cleanup spelling.
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 011a47f04dabe22095a30d284662d8ca50463ee8
Author: Andreas Schneider <a...@samba.org>
Date: Wed Mar 27 16:45:39 2019 +0100
s3:libsmb: Add some useful debug output to cliconnect
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 40669e3739eb5cde135c371e2c8134d3f11a16a5
Author: Andreas Schneider <a...@samba.org>
Date: Fri Mar 29 11:34:53 2019 +0100
s3:libads: Print more information when LDAP fails
Currently we just get an error but don't know what exactly we tried to
do in 'net ads join -d10'.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 2 +-
auth/ntlmssp/ntlmssp_client.c | 32 ++++++++++
lib/ldb/ldb_key_value/ldb_kv_cache.c | 2 +-
lib/ldb/ldb_key_value/ldb_kv_index.c | 4 +-
lib/ldb/man/ldbadd.1.xml | 2 +-
lib/ldb/man/ldbdel.1.xml | 2 +-
lib/ldb/man/ldbmodify.1.xml | 2 +-
lib/ldb/man/ldbrename.1.xml | 2 +-
lib/ldb/man/ldbsearch.1.xml | 2 +-
lib/ldb/tests/ldb_mod_op_test.c | 4 +-
lib/talloc/man/talloc.3.xml | 2 +-
lib/talloc/talloc.h | 4 +-
lib/talloc/talloc_guide.txt | 4 +-
libgpo/gpo_ldap.c | 11 ++--
python/samba/netcmd/common.py | 2 +-
python/samba/netcmd/domain.py | 2 +-
python/samba/samdb.py | 4 +-
python/samba/tests/posixacl.py | 2 +-
source3/auth/proto.h | 7 ++-
source3/auth/token_util.c | 73 ++++++++++++----------
source3/libads/kerberos.c | 12 +++-
source3/libads/ldap.c | 22 ++++++-
source3/libnet/libnet_join.c | 12 ++--
source3/libsmb/cliconnect.c | 13 ++++
source3/rpc_server/svcctl/srv_svcctl_nt.c | 6 +-
source4/dsdb/tests/python/dirsync.py | 4 +-
source4/dsdb/tests/python/password_lockout_base.py | 4 +-
source4/dsdb/tests/python/passwords.py | 2 +-
source4/dsdb/tests/python/rodc_rwdc.py | 4 +-
source4/dsdb/tests/python/sam.py | 2 +-
.../selftest/provisions/alpha13/private/named.txt | 2 +-
.../provisions/release-4-1-0rc3/private/named.txt | 2 +-
source4/setup/named.txt | 2 +-
33 files changed, 169 insertions(+), 83 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 4663185c979..7ef58d0752c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1115,7 +1115,7 @@ _PUBLIC_ void
cli_credentials_get_ntlm_username_domain(struct cli_credentials *c
const char **username,
const char **domain)
{
- if (cred->principal_obtained > cred->username_obtained) {
+ if (cred->principal_obtained >= cred->username_obtained) {
*domain = talloc_strdup(mem_ctx, "");
*username = cli_credentials_get_principal(cred, mem_ctx);
} else {
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index ab406a2c5be..8e49dcee5ea 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -342,6 +342,22 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security
*gensec_security,
}
}
+ if (DEBUGLEVEL >= 10) {
+ struct CHALLENGE_MESSAGE *challenge =
+ talloc(ntlmssp_state, struct CHALLENGE_MESSAGE);
+ if (challenge != NULL) {
+ NTSTATUS status;
+ challenge->NegotiateFlags = chal_flags;
+ status = ntlmssp_pull_CHALLENGE_MESSAGE(
+ &in, challenge, challenge);
+ if (NT_STATUS_IS_OK(status)) {
+ NDR_PRINT_DEBUG(CHALLENGE_MESSAGE,
+ challenge);
+ }
+ TALLOC_FREE(challenge);
+ }
+ }
+
if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
ntlmssp_state->server.is_standalone = true;
} else {
@@ -702,6 +718,22 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security
*gensec_security,
return nt_status;
}
+ if (DEBUGLEVEL >= 10) {
+ struct AUTHENTICATE_MESSAGE *authenticate =
+ talloc(ntlmssp_state, struct AUTHENTICATE_MESSAGE);
+ if (authenticate != NULL) {
+ NTSTATUS status;
+ authenticate->NegotiateFlags = ntlmssp_state->neg_flags;
+ status = ntlmssp_pull_AUTHENTICATE_MESSAGE(
+ out, authenticate, authenticate);
+ if (NT_STATUS_IS_OK(status)) {
+ NDR_PRINT_DEBUG(AUTHENTICATE_MESSAGE,
+ authenticate);
+ }
+ TALLOC_FREE(authenticate);
+ }
+ }
+
/*
* We always include the MIC, even without:
* av_flags->Value.AvFlags |=
NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE;
diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c
b/lib/ldb/ldb_key_value/ldb_kv_cache.c
index c39273fb097..bcffc05b99f 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_cache.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c
@@ -302,7 +302,7 @@ static int ldb_kv_index_load(struct ldb_module *module,
if (lmdb_subdb_version != 0) {
ldb_set_errstring(ldb,
"FATAL: This ldb_mdb database has "
- "been written in a new verson of LDB "
+ "been written in a new version of LDB "
"using a sub-database index that "
"is not understood by ldb "
LDB_VERSION);
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c
b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 6d02c91a597..4dfcc2cb0ba 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -2318,7 +2318,7 @@ static int ldb_kv_index_add1(struct ldb_module *module,
ldb_debug(ldb, LDB_DEBUG_WARNING,
__location__
": unique index violation on %s in %s, "
- "conficts with %*.*s in %s",
+ "conflicts with %*.*s in %s",
el->name, ldb_dn_get_linearized(msg->dn),
(int)list->dn[0].length,
(int)list->dn[0].length,
@@ -2337,7 +2337,7 @@ static int ldb_kv_index_add1(struct ldb_module *module,
LDB_DEBUG_WARNING,
__location__
": unique index violation on %s in "
- "%s, conficts with %s %*.*s in %s",
+ "%s, conflicts with %s %*.*s in %s",
el->name,
ldb_dn_get_linearized(msg->dn),
ldb_kv->cache->GUID_index_attribute,
diff --git a/lib/ldb/man/ldbadd.1.xml b/lib/ldb/man/ldbadd.1.xml
index db360a1ec9a..4736b3bd11d 100644
--- a/lib/ldb/man/ldbadd.1.xml
+++ b/lib/ldb/man/ldbadd.1.xml
@@ -68,7 +68,7 @@
<variablelist>
<varlistentry><term>LDB_URL</term>
- <listitem><para>LDB URL to connect to (can be overrided
by using the
+ <listitem><para>LDB URL to connect to (can be
overridden by using the
-H command-line
option.)</para></listitem>
</varlistentry>
</variablelist>
diff --git a/lib/ldb/man/ldbdel.1.xml b/lib/ldb/man/ldbdel.1.xml
index 18bef3cd0b7..c4cd450f83e 100644
--- a/lib/ldb/man/ldbdel.1.xml
+++ b/lib/ldb/man/ldbdel.1.xml
@@ -66,7 +66,7 @@
<variablelist>
<varlistentry><term>LDB_URL</term>
- <listitem><para>LDB URL to connect to (can be overrided
by using the
+ <listitem><para>LDB URL to connect to (can be
overridden by using the
-H command-line
option.)</para></listitem>
</varlistentry>
</variablelist>
diff --git a/lib/ldb/man/ldbmodify.1.xml b/lib/ldb/man/ldbmodify.1.xml
index 405e47a1e9f..ddeeee7c0a4 100644
--- a/lib/ldb/man/ldbmodify.1.xml
+++ b/lib/ldb/man/ldbmodify.1.xml
@@ -56,7 +56,7 @@
<variablelist>
<varlistentry><term>LDB_URL</term>
- <listitem><para>LDB URL to connect to (can be overrided
by using the
+ <listitem><para>LDB URL to connect to (can be
overridden by using the
-H command-line
option.)</para></listitem>
</varlistentry>
</variablelist>
diff --git a/lib/ldb/man/ldbrename.1.xml b/lib/ldb/man/ldbrename.1.xml
index 81472a66457..897c40e2788 100644
--- a/lib/ldb/man/ldbrename.1.xml
+++ b/lib/ldb/man/ldbrename.1.xml
@@ -70,7 +70,7 @@
<variablelist>
<varlistentry><term>LDB_URL</term>
- <listitem><para>LDB URL to connect to (can be overrided
by using the
+ <listitem><para>LDB URL to connect to (can be
overridden by using the
-H command-line
option.)</para></listitem>
</varlistentry>
</variablelist>
diff --git a/lib/ldb/man/ldbsearch.1.xml b/lib/ldb/man/ldbsearch.1.xml
index abf369d00e1..b85399272be 100644
--- a/lib/ldb/man/ldbsearch.1.xml
+++ b/lib/ldb/man/ldbsearch.1.xml
@@ -82,7 +82,7 @@
<variablelist>
<varlistentry><term>LDB_URL</term>
- <listitem><para>LDB URL to connect to (can be overrided
by using the
+ <listitem><para>LDB URL to connect to (can be
overridden by using the
-H command-line
option.)</para></listitem>
</varlistentry>
</variablelist>
diff --git a/lib/ldb/tests/ldb_mod_op_test.c b/lib/ldb/tests/ldb_mod_op_test.c
index 52e7e90e60a..0e91c6db282 100644
--- a/lib/ldb/tests/ldb_mod_op_test.c
+++ b/lib/ldb/tests/ldb_mod_op_test.c
@@ -3807,7 +3807,7 @@ static void test_ldb_unique_index_duplicate_logging(void
**state)
p = strstr(
debug_string,
"unique index violation on cn "
- "in dc=test02, conficts with dc=test01 in "
+ "in dc=test02, conflicts with dc=test01 in "
"@INDEX:CN:test_unique_index");
assert_non_null(p);
TALLOC_FREE(debug_string);
@@ -3991,7 +3991,7 @@ static void
test_ldb_unique_index_duplicate_with_guid(void **state)
assert_non_null(debug_string);
p = strstr(
debug_string,
- "unique index violation on cn in dc=test02, conficts with "
+ "unique index violation on cn in dc=test02, conflicts with "
"objectUUID 0123456789abcdef in @INDEX:CN:test_unique_index");
assert_non_null(p);
TALLOC_FREE(debug_string);
diff --git a/lib/talloc/man/talloc.3.xml b/lib/talloc/man/talloc.3.xml
index 6139fe73825..c51061fce1f 100644
--- a/lib/talloc/man/talloc.3.xml
+++ b/lib/talloc/man/talloc.3.xml
@@ -199,7 +199,7 @@
<para>
you can talloc_free() the pointer itself if it has at maximum one
parent. This behaviour has been changed since the release of
version
- 2.0. Further informations in the description of "talloc_free".
+ 2.0. Further information in the description of "talloc_free".
</para>
</listitem>
</itemizedlist>
diff --git a/lib/talloc/talloc.h b/lib/talloc/talloc.h
index 5240f1e8dda..34fe772d2df 100644
--- a/lib/talloc/talloc.h
+++ b/lib/talloc/talloc.h
@@ -966,7 +966,7 @@ size_t talloc_reference_count(const void *ptr);
*
* - you can talloc_free() the pointer itself if it has at maximum one
* parent. This behaviour has been changed since the release of version
- * 2.0. Further informations in the description of "talloc_free".
+ * 2.0. Further information in the description of "talloc_free".
*
* For more control on which parent to remove, see talloc_unlink()
* @param[in] ctx The additional parent.
@@ -1007,7 +1007,7 @@ void *_talloc_reference_loc(const void *context, const
void *ptr, const char *lo
*
* You can just use talloc_free() instead of talloc_unlink() if there
* is at maximum one parent. This behaviour has been changed since the
- * release of version 2.0. Further informations in the description of
+ * release of version 2.0. Further information in the description of
* "talloc_free".
*
* @param[in] context The talloc parent to remove.
diff --git a/lib/talloc/talloc_guide.txt b/lib/talloc/talloc_guide.txt
index aba285e72df..dedda6c0678 100644
--- a/lib/talloc/talloc_guide.txt
+++ b/lib/talloc/talloc_guide.txt
@@ -189,7 +189,7 @@ ways:
- you can talloc_free() the pointer itself if it has at maximum one
parent. This behaviour has been changed since the release of version
- 2.0. Further informations in the description of "talloc_free".
+ 2.0. Further information in the description of "talloc_free".
For more control on which parent to remove, see talloc_unlink()
@@ -207,7 +207,7 @@ is NULL, then the function will make no modifications and
return -1.
You can just use talloc_free() instead of talloc_unlink() if there
is at maximum one parent. This behaviour has been changed since the
-release of version 2.0. Further informations in the description of
+release of version 2.0. Further information in the description of
"talloc_free".
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index f087203f28a..e5a5adb7235 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -688,10 +688,13 @@ ADS_STATUS ads_get_sid_token(ADS_STRUCT *ads,
}
}
- new_token = create_local_nt_token(mem_ctx, &object_sid, false,
- num_token_sids, token_sids);
- ADS_ERROR_HAVE_NO_MEMORY(new_token);
-
+ status = ADS_ERROR_NT(create_local_nt_token(mem_ctx,
+ &object_sid, false,
+ num_token_sids, token_sids,
&new_token));
+ if (!ADS_ERR_OK(status)) {
+ return status;
+ }
+
*token = new_token;
security_token_debug(DBGC_CLASS, 5, *token);
diff --git a/python/samba/netcmd/common.py b/python/samba/netcmd/common.py
index c68cbabf42e..86f3e5161b1 100644
--- a/python/samba/netcmd/common.py
+++ b/python/samba/netcmd/common.py
@@ -63,7 +63,7 @@ def netcmd_finddc(lp, creds, realm=None):
def netcmd_get_domain_infos_via_cldap(lp, creds, address=None):
- '''Return domain informations (CLDAP record) of the ldap-capable
+ '''Return domain information (CLDAP record) of the ldap-capable
DC with the specified address'''
net = Net(creds=creds, lp=lp)
cldap_ret = net.finddc(address=address,
diff --git a/python/samba/netcmd/domain.py b/python/samba/netcmd/domain.py
index 2aebb5f8166..851e7241d15 100644
--- a/python/samba/netcmd/domain.py
+++ b/python/samba/netcmd/domain.py
@@ -1304,7 +1304,7 @@ class cmd_domain_passwordsettings_show(Command):
except Exception as e:
raise CommandError("Could not retrieve password properties!", e)
- self.message("Password informations for domain '%s'" % domain_dn)
+ self.message("Password information for domain '%s'" % domain_dn)
self.message("")
if pwd_props & DOMAIN_PASSWORD_COMPLEX != 0:
self.message("Password complexity: on")
diff --git a/python/samba/samdb.py b/python/samba/samdb.py
index 308b5f96a7b..eda31cb90c3 100644
--- a/python/samba/samdb.py
+++ b/python/samba/samdb.py
@@ -201,7 +201,7 @@ pwdLastSet: 0
group_dn = "CN=%s,%s,%s" % (groupname, (groupou or "CN=Users"),
self.domain_dn())
# The new user record. Note the reliance on the SAMLDB module which
- # fills in the default informations
+ # fills in the default information
ldbmessage = {"dn": group_dn,
"sAMAccountName": groupname,
"objectClass": "group"}
@@ -389,7 +389,7 @@ member: %s
dnsdomain = ldb.Dn(self,
self.domain_dn()).canonical_str().replace("/", "")
user_principal_name = "%s@%s" % (username, dnsdomain)
# The new user record. Note the reliance on the SAMLDB module which
- # fills in the default informations
+ # fills in the default information
ldbmessage = {"dn": user_dn,
"sAMAccountName": username,
"userPrincipalName": user_principal_name,
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index a758df9b19e..65ca2c846f5 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -54,7 +54,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
Get session_info for setntacl.
This test case always return None, to run tests without session_info
- like before. To be overrided in derived class.
+ like before. To be overridden in derived class.
"""
return None
diff --git a/source3/auth/proto.h b/source3/auth/proto.h
index 75cf1e6724f..a96ff6e2582 100644
--- a/source3/auth/proto.h
+++ b/source3/auth/proto.h
@@ -383,14 +383,15 @@ NTSTATUS pass_check(const struct passwd *pass,
bool nt_token_check_sid ( const struct dom_sid *sid, const struct
security_token *token );
bool nt_token_check_domain_rid( struct security_token *token, uint32_t rid );
-struct security_token *get_root_nt_token( void );
+NTSTATUS get_root_nt_token( struct security_token **token );
NTSTATUS add_aliases(const struct dom_sid *domain_sid,
struct security_token *token);
-struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
+NTSTATUS create_local_nt_token(TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
bool is_guest,
int num_groupsids,
- const struct dom_sid *groupsids);
+ const struct dom_sid *groupsids,
+ struct security_token **token);
NTSTATUS finalize_local_nt_token(struct security_token *result,
uint32_t session_info_flags);
NTSTATUS get_user_sid_info3_and_extra(const struct netr_SamInfo3 *info3,
diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c
index f7ebd23e4aa..3a3b5d9936b 100644
--- a/source3/auth/token_util.c
+++ b/source3/auth/token_util.c
@@ -78,27 +78,29 @@ bool nt_token_check_domain_rid( struct security_token
*token, uint32_t rid )
Create a copy if you need to change it.
******************************************************************************/
-struct security_token *get_root_nt_token( void )
+NTSTATUS get_root_nt_token( struct security_token **token )
{
- struct security_token *token, *for_cache;
+ struct security_token *for_cache;
struct dom_sid u_sid, g_sid;
struct passwd *pw;
void *cache_data;
+ NTSTATUS status = NT_STATUS_OK;
cache_data = memcache_lookup_talloc(
NULL, SINGLETON_CACHE_TALLOC,
data_blob_string_const_null("root_nt_token"));
if (cache_data != NULL) {
- return talloc_get_type_abort(
+ *token = talloc_get_type_abort(
cache_data, struct security_token);
+ return NT_STATUS_OK;
}
if ( !(pw = getpwuid(0)) ) {
if ( !(pw = getpwnam("root")) ) {
- DEBUG(0,("get_root_nt_token: both getpwuid(0) "
- "and getpwnam(\"root\") failed!\n"));
- return NULL;
+ DBG_ERR("get_root_nt_token: both getpwuid(0) "
+ "and getpwnam(\"root\") failed!\n");
+ return NT_STATUS_NO_SUCH_USER;
}
}
@@ -108,18 +110,21 @@ struct security_token *get_root_nt_token( void )
uid_to_sid(&u_sid, pw->pw_uid);
gid_to_sid(&g_sid, pw->pw_gid);
- token = create_local_nt_token(talloc_tos(), &u_sid, False,
- 1, &global_sid_Builtin_Administrators);
+ status = create_local_nt_token(talloc_tos(), &u_sid, False,
+ 1, &global_sid_Builtin_Administrators,
token);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
- security_token_set_privilege(token, SEC_PRIV_DISK_OPERATOR);
+ security_token_set_privilege(*token, SEC_PRIV_DISK_OPERATOR);
- for_cache = token;
+ for_cache = *token;
memcache_add_talloc(
NULL, SINGLETON_CACHE_TALLOC,
data_blob_string_const_null("root_nt_token"), &for_cache);
- return token;
+ return status;
}
@@ -420,11 +425,12 @@ NTSTATUS create_local_nt_token_from_info3(TALLOC_CTX
*mem_ctx,
Create a NT token for the user, expanding local aliases
*******************************************************************/
-struct security_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
+NTSTATUS create_local_nt_token(TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
bool is_guest,
int num_groupsids,
- const struct dom_sid *groupsids)
+ const struct dom_sid *groupsids,
+ struct security_token **token)
{
struct security_token *result = NULL;
int i;
@@ -437,7 +443,8 @@ struct security_token *create_local_nt_token(TALLOC_CTX
*mem_ctx,
if (!(result = talloc_zero(mem_ctx, struct security_token))) {
DEBUG(0, ("talloc failed\n"));
- return NULL;
+ status = NT_STATUS_NO_MEMORY;
+ goto err;
}
/* Add the user and primary group sid */
@@ -445,8 +452,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX
*mem_ctx,
status = add_sid_to_array(result, user_sid,
&result->sids, &result->num_sids);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return NULL;
+ goto err;
}
/* For guest, num_groupsids may be zero. */
@@ -455,8 +461,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX
*mem_ctx,
&result->sids,
&result->num_sids);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return NULL;
+ goto err;
}
}
@@ -471,15 +476,13 @@ struct security_token *create_local_nt_token(TALLOC_CTX
*mem_ctx,
&result->sids,
&result->num_sids);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return NULL;
+ goto err;
}
}
status = add_local_groups(result, is_guest);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return NULL;
+ goto err;
}
session_info_flags |= AUTH_SESSION_INFO_DEFAULT_GROUPS;
@@ -489,8 +492,7 @@ struct security_token *create_local_nt_token(TALLOC_CTX
*mem_ctx,
status = finalize_local_nt_token(result, session_info_flags);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(result);
- return NULL;
+ goto err;
}
if (is_guest) {
@@ -511,12 +513,16 @@ struct security_token *create_local_nt_token(TALLOC_CTX
*mem_ctx,
&result->num_sids);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("Failed to add SID to nt token\n"));
- TALLOC_FREE(result);
- return NULL;
+ goto err;
}
}
- return result;
+ *token = result;
--
Samba Shared Repository
