The branch, master has been updated via 3dcdd13a250 tests/krb5: Use object() rather than auto() to initialise enums via 48bff3c44f6 dsdb/common: Make some parameters const via 0dad0e3fcdb lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string() via 9bd4c8bd560 s4:kdc: Add space in error message via 5045382c6dd python: Don't use deprecated escape sequences via 45f2e3631e1 libcli/security: Fix typos via 2c9a4ef86e5 libcli:util: Update werror table from 89b7afa3bbc libgpo/admx/en-US/samba.adml spelling: authencication paramter
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 3dcdd13a2506597d65af1efda76655206b3b3124 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed May 18 16:09:58 2022 +1200 tests/krb5: Use object() rather than auto() to initialise enums This ensures that when an enum value is expected, a magic constant won't be supplied instead. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Tue Jun 14 08:18:06 UTC 2022 on sn-devel-184 commit 48bff3c44f6ed4fcf4671351801d3536115c7314 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Jun 3 19:29:00 2022 +1200 dsdb/common: Make some parameters const Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 0dad0e3fcdbadddbe29351de0b72e633e12bd856 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon May 9 13:55:07 2022 +1200 lib:krb5_wrap: Add const to parameters for smb_krb5_create_key_from_string() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 9bd4c8bd560aec84cdb26c4b7fdddcac9ef530b8 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon May 2 09:38:47 2022 +1200 s4:kdc: Add space in error message Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5045382c6dd04b1bae0eaaae823be908213ff079 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 28 20:31:50 2022 +1200 python: Don't use deprecated escape sequences Certain escape sequences are not valid in Python string literals, and will eventually result in a SyntaxError. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 45f2e3631e1424f99915a01bdf4808189bd8a6d7 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 28 20:32:51 2022 +1200 libcli/security: Fix typos Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 2c9a4ef86e5fa68091fc392740e7b04af759b698 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 28 20:33:07 2022 +1200 libcli:util: Update werror table Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_cross.py | 2 +- lib/krb5_wrap/krb5_samba.c | 4 ++-- lib/krb5_wrap/krb5_samba.h | 4 ++-- libcli/security/access_check.c | 2 +- libcli/security/access_check.h | 2 +- libcli/util/werror.h | 1 - libcli/util/werror_err_table.txt | 20 +++++++++++++++++--- python/samba/drs_utils.py | 5 +---- python/samba/netcmd/ldapcmp.py | 2 +- python/samba/tests/krb5/kdc_base_test.py | 10 +++++----- source4/auth/ntlm/auth_sam.c | 2 +- source4/dsdb/common/util.c | 6 +++--- source4/dsdb/tests/python/acl.py | 2 +- source4/dsdb/tests/python/sec_descriptor.py | 6 +++--- source4/kdc/db-glue.c | 2 +- 15 files changed, 40 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py index c6f8c2a0ef2..7ec1edc52ea 100644 --- a/buildtools/wafsamba/samba_cross.py +++ b/buildtools/wafsamba/samba_cross.py @@ -77,7 +77,7 @@ def cross_answer(ca_file, msg): f.close() return (0, ans.strip("'")) else: - m = re.match('\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans) + m = re.match(r'\(\s*(-?\d+)\s*,\s*\"(.*)\"\s*\)', ans) if m: f.close() return (int(m.group(1)), m.group(2)) diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 2351d172779..57ffdc72780 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -291,8 +291,8 @@ krb5_error_code smb_krb5_mk_error(krb5_context context, */ int smb_krb5_create_key_from_string(krb5_context context, krb5_const_principal host_princ, - krb5_data *salt, - krb5_data *password, + const krb5_data *salt, + const krb5_data *password, krb5_enctype enctype, krb5_keyblock *key) { diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 653cd561406..942f787d12a 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -361,8 +361,8 @@ int smb_krb5_salt_principal2data(krb5_context context, int smb_krb5_create_key_from_string(krb5_context context, krb5_const_principal host_princ, - krb5_data *salt, - krb5_data *password, + const krb5_data *salt, + const krb5_data *password, krb5_enctype enctype, krb5_keyblock *key); diff --git a/libcli/security/access_check.c b/libcli/security/access_check.c index 322f4fdb0c6..f5051b0fa93 100644 --- a/libcli/security/access_check.c +++ b/libcli/security/access_check.c @@ -497,7 +497,7 @@ static NTSTATUS check_object_specific_access(struct security_ace *ace, * of the entry in the tree grants all the requested rights for the given GUID * FIXME * tree can be null if not null it's the - * Lots of code duplication, it will ve united in just one + * Lots of code duplication, it will be united in just one * function eventually */ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, diff --git a/libcli/security/access_check.h b/libcli/security/access_check.h index 952589dacb7..96e33c6624f 100644 --- a/libcli/security/access_check.h +++ b/libcli/security/access_check.h @@ -66,7 +66,7 @@ NTSTATUS se_file_access_check(const struct security_descriptor *sd, uint32_t *access_granted); /* modified access check for the purposes of DS security - * Lots of code duplication, it will ve united in just one + * Lots of code duplication, it will be united in just one * function eventually */ NTSTATUS sec_access_check_ds(const struct security_descriptor *sd, diff --git a/libcli/util/werror.h b/libcli/util/werror.h index 0370a0618c1..d3d3327aef9 100644 --- a/libcli/util/werror.h +++ b/libcli/util/werror.h @@ -100,7 +100,6 @@ typedef uint32_t WERROR; #define WERR_INVALID_PRIMARY_GROUP W_ERROR(0x0000051C) #define WERR_DS_DRA_SECRETS_DENIED W_ERROR(0x000021B6) -#define WERR_DS_DRA_RECYCLED_TARGET W_ERROR(0x000021BF) #define WERR_DNS_ERROR_KEYMASTER_REQUIRED W_ERROR(0x0000238D) #define WERR_DNS_ERROR_NOT_ALLOWED_ON_SIGNED_ZONE W_ERROR(0x0000238E) diff --git a/libcli/util/werror_err_table.txt b/libcli/util/werror_err_table.txt index 75e8020f36e..5796afcb6c1 100644 --- a/libcli/util/werror_err_table.txt +++ b/libcli/util/werror_err_table.txt @@ -1762,7 +1762,7 @@ The Netlogon service cannot start because another Netlogon service running in th ERROR_SYNCHRONIZATION_REQUIRED -The Security Accounts Manager (SAM) database on a Windows Server operating system is significantly out of synchronization with the copy on the domain controller. A complete synchronization is required. +On applicable Windows Server releases, the Security Accounts Manager (SAM) database is significantly out of synchronization with the copy on the domain controller. A complete synchronization is required. 0x0000023A @@ -1846,7 +1846,7 @@ An event pair synchronization operation was performed using the thread-specific ERROR_DOMAIN_CTRLR_CONFIG_ERROR -A Windows Server has an incorrect configuration. +A domain server has an incorrect configuration. 0x00000246 @@ -8111,7 +8111,7 @@ The logon processor did not add the message alias. NERR_UnableToDelName_W -@W The logoff processor did not delete the message alias. +The logoff processor did not delete the message alias. 0x0000089F @@ -9925,6 +9925,13 @@ ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED The specified printer driver was not found on the system and needs to be downloaded. +0x00000BCE + +ERROR_PRINTER_NOT_SHAREABLE + + +The specified printer cannot be shared. + 0x00000F6E ERROR_IO_REISSUE_AS_CACHED @@ -15623,6 +15630,13 @@ ERROR_DS_INVALID_SEARCH_FLAG_TUPLE The search flags for the attribute are invalid. The tuple index bit is valid only on attributes of Unicode strings. +0x000021BF + +ERROR_DS_DRA_RECYCLED_TARGET + + +The replication operation failed because the target object referenced by a link value is recycled. + 0x000021C2 ERROR_DS_HIGH_DSA_VERSION diff --git a/python/samba/drs_utils.py b/python/samba/drs_utils.py index feab89b0d8e..a71da6eedd3 100644 --- a/python/samba/drs_utils.py +++ b/python/samba/drs_utils.py @@ -200,10 +200,7 @@ class drs_Replicate(object): # (if we support it and haven't already tried that) supports_ext = self.supports_ext - # TODO fix up the below line when we next update werror_err_table.txt - # and pull in the new error-code - # return (error_code == werror.WERR_DS_DRA_RECYCLED_TARGET and - return (error_code == 0x21bf and + return (error_code == werror.WERR_DS_DRA_RECYCLED_TARGET and supports_ext & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10 and (req.more_flags & drsuapi.DRSUAPI_DRS_GET_TGT) == 0) diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py index 762047c467b..dddd5a894be 100644 --- a/python/samba/netcmd/ldapcmp.py +++ b/python/samba/netcmd/ldapcmp.py @@ -279,7 +279,7 @@ class Descriptor(object): res = re.search(r"D:(.*?)(\(.*\))", self.sddl).group(2) except AttributeError: return [] - return re.findall("(\(.*?\))", res) + return re.findall(r"(\(.*?\))", res) def fix_sid(self, ace): res = "%s" % ace diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 7d180380d13..22db004f879 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -23,7 +23,7 @@ import tempfile import binascii import collections import secrets -from enum import Enum, auto +from enum import Enum from collections import namedtuple import ldb @@ -98,10 +98,10 @@ class KDCBaseTest(RawKerberosTest): """ class AccountType(Enum): - USER = auto() - COMPUTER = auto() - SERVER = auto() - RODC = auto() + USER = object() + COMPUTER = object() + SERVER = object() + RODC = object() @classmethod def setUpClass(cls): diff --git a/source4/auth/ntlm/auth_sam.c b/source4/auth/ntlm/auth_sam.c index 2900a4e374d..2a024564417 100644 --- a/source4/auth/ntlm/auth_sam.c +++ b/source4/auth/ntlm/auth_sam.c @@ -318,7 +318,7 @@ static NTSTATUS authsam_password_check_and_record(struct auth4_context *auth_con for (i = 1; i < MIN(history_len, 3); i++) { struct samr_Password zero_string_hash; - struct samr_Password *nt_history_pwd = NULL; + const struct samr_Password *nt_history_pwd = NULL; NTTIME pwdLastSet; struct timeval tv_now; NTTIME now; diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index bd59de5cb32..54997c2ad75 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -518,10 +518,10 @@ unsigned int samdb_result_hashes(TALLOC_CTX *mem_ctx, const struct ldb_message * NTSTATUS samdb_result_passwords_from_history(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, - struct ldb_message *msg, + const struct ldb_message *msg, unsigned int idx, - struct samr_Password **lm_pwd, - struct samr_Password **nt_pwd) + const struct samr_Password **lm_pwd, + const struct samr_Password **nt_pwd) { struct samr_Password *lmPwdHash, *ntPwdHash; diff --git a/source4/dsdb/tests/python/acl.py b/source4/dsdb/tests/python/acl.py index 70dca9b7678..1271dfcc957 100755 --- a/source4/dsdb/tests/python/acl.py +++ b/source4/dsdb/tests/python/acl.py @@ -695,7 +695,7 @@ class AclSearchTests(AclTests): # Make sure there are inheritable ACEs initially self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl) # Find and remove all inherit ACEs - res = re.findall("\(.*?\)", desc_sddl) + res = re.findall(r"\(.*?\)", desc_sddl) res = [x for x in res if ("CI" in x) or ("OI" in x)] for x in res: desc_sddl = desc_sddl.replace(x, "") diff --git a/source4/dsdb/tests/python/sec_descriptor.py b/source4/dsdb/tests/python/sec_descriptor.py index b67bf33b5f7..6471fc15c55 100755 --- a/source4/dsdb/tests/python/sec_descriptor.py +++ b/source4/dsdb/tests/python/sec_descriptor.py @@ -1248,7 +1248,7 @@ class DaclDescriptorTests(DescriptorTests): # Make sure there are inheritable ACEs initially self.assertTrue("CI" in desc_sddl or "OI" in desc_sddl) # Find and remove all inherit ACEs - res = re.findall("\(.*?\)", desc_sddl) + res = re.findall(r"\(.*?\)", desc_sddl) res = [x for x in res if ("CI" in x) or ("OI" in x)] for x in res: desc_sddl = desc_sddl.replace(x, "") @@ -1315,12 +1315,12 @@ class DaclDescriptorTests(DescriptorTests): # also make sure the added above non-inheritable ACEs are absent too desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn) self.assertFalse("ID" in desc_sddl) - for x in re.findall("\(.*?\)", mod): + for x in re.findall(r"\(.*?\)", mod): self.assertFalse(x in desc_sddl) self.sd_utils.modify_sd_on_dn(group_dn, "D:" + moded) desc_sddl = self.sd_utils.get_sd_as_sddl(group_dn) self.assertFalse("ID" in desc_sddl) - for x in re.findall("\(.*?\)", mod): + for x in re.findall(r"\(.*?\)", mod): self.assertFalse(x in desc_sddl) def test_203(self): diff --git a/source4/kdc/db-glue.c b/source4/kdc/db-glue.c index ea329b7edab..6965ca68563 100644 --- a/source4/kdc/db-glue.c +++ b/source4/kdc/db-glue.c @@ -3128,7 +3128,7 @@ krb5_error_code samba_kdc_check_s4u2proxy_rbcd( data = ldb_msg_find_ldb_val(proxy_skdc_entry->msg, "msDS-AllowedToActOnBehalfOfOtherIdentity"); if (data == NULL) { - DBG_ERR("Could not find security descriptor" + DBG_ERR("Could not find security descriptor " "msDS-AllowedToActOnBehalfOfOtherIdentity in " "proxy[%s]\n", proxy_dn); -- Samba Shared Repository