The branch, master has been updated via 6258173a62e s4:kdc: Don’t call memcpy() with a NULL pointer via 2eb458118c3 lib:addns: Don’t call memcpy() with a NULL pointer via f60249eed58 tests/krb5: Improve _test_samr_change_password() method via e959485550e tests/krb5: Don’t delete silo until all tests have finished via 0e27b297a29 tests/krb5: Add remove_attribute() helper function via 98e23d7eed6 tests/krb5: Have set_forced_key() also set the NT hash via 1a53d3514f8 auth/credentials: Add set_nt_hash() via 506c2d1b8a3 s3:lib: Fix typos via 6f1852c9538 s4:kdc: Remove unused parameter via 87f7bd60071 tests/krb5: Make _tgs_req() more configurable via 9d206948c9c tests/krb5: Make use of check_tgs_reply() via ab8a3e87bbe tests/krb5: Allow specifying an encoded security descriptor via 9d84f3384e6 tests/krb5: Rename ‘objectclass’ to use correct case via 0a7cbe1e953 tests/krb5: Rename ‘auth_silo’ to ‘authn_silo’ via 2f993306408 s4/scripting/bin: Remove unused imports via 2727e33dbdb s4/scripting/bin: Fix resource leak via 37450ec3c2c s4:kdc: Fix typo via 3ae3499b70b tests/krb5: Create account cache key only if needed via 4dc9abc777b tests/krb5: Delete non-resuable accounts as soon as possible via 9c4a71de472 s4:kdc: Use correct target principal name in log message via 86f07cad945 docs-xml: Fix typos via db889249abb auth/credentials: Fix NULL dereference via bd9eb63450f tests/krb5: Refactor _test_samlogon() via 443d70ee58f lib:util: Fix undefined bitshift via dd88d7a89f2 param: Fix resource leak via d497829bf1a python/samba: Fix invalid escape sequence via 2e41c73e98e lib/http: Remove unused structure via c6f29f0039c tests/krb5: Allow setting a servicePrincipalName on a user account via 4ae9fe48aa8 tests/krb5: Fix parameter default via 57d73b24b2e tests/krb5: Remove unused parameter via 1a90a94ff1d tests/krb5: Test that the salt for a managed service account is computed correctly via 762e184216f tests/krb5: Allow creating managed service accounts via c7295b1dc54 pydsdb: Add Managed Service Accounts GUID constant via 2f5cebfef92 libds: Add Managed Service Accounts well-known GUID via 8a3dacd39ec tests/krb5: Always heed the add_dollar parameter via 1ba0953d65b tests/krb5: Remove unused import via 07f3dbbf38e s4:dsdb: Fix leak via 722bbf0544a tests/krb5: Remove unneeded assertions via eb4b46d326e tests/krb5: Allow creating an account with an assigned policy or silo via e7b2cd7d831 tests/krb5: Add method to create an authentication policy via c4972272227 tests/krb5: Generify protected users test methods via 6f3b7f95f3c tests/krb5: Handle NT hashes being disabled via e4ec3d6f3d3 tests/krb5: Pass client credentials down into kdc_exchange_dict via c07ac154627 tests/krb5: Remove test for OemChangePasswordUser2() via 58bf53c973d tests/krb5: Split out functions for testing logons and password changes via 34f378f4809 auth/credentials: Allow resetting bind DN on Credentials object via 963688b3a5a librpc: Always call ndr_push_compression_state_init() for compression via ff2de50aa4b librpc: Fix talloc hierarchy for ndr_compression_state via 7dab9edca86 python:descriptor: add missing schema 2019 aces in builtin and dns partition from 6752bcaf4de s3:utils: Move error-handling code into more suitable spot (CID 1524680)
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 6258173a62e3fbb9cd103b72175874e8346571ea Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon May 1 13:04:58 2023 +1200 s4:kdc: Don’t call memcpy() with a NULL pointer Doing so is undefined behaviour. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Fri May 5 03:52:30 UTC 2023 on atb-devel-224 commit 2eb458118c3de09cea42749098df1f93dc0e9eca Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon May 1 11:22:02 2023 +1200 lib:addns: Don’t call memcpy() with a NULL pointer Doing so is undefined behaviour. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f60249eed58d9c282b21fd83dcb0654f310ac8db Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon May 1 09:48:15 2023 +1200 tests/krb5: Improve _test_samr_change_password() method Instead of using anonymous credentials, we now connect using the passed-in credentials. We now correctly construct nt_password and nt_verifier so as to successfully change the password, instead of having to distinguish between a WRONG_PASSWORD error and an error caused by the password change being disallowed. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e959485550e0418f7e9ad02b45b5e89c0f01e422 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon May 1 09:45:37 2023 +1200 tests/krb5: Don’t delete silo until all tests have finished It’s possible that we reuse the same silo across multiple tests. In that case, we should not delete it until we are sure we have finished with it. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0e27b297a29ba933be7a1a810a3f831dce3f64de Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 28 16:25:09 2023 +1200 tests/krb5: Add remove_attribute() helper function Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 98e23d7eed6e7e89e8565f56ff35630f6799e80b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 28 16:24:31 2023 +1200 tests/krb5: Have set_forced_key() also set the NT hash Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1a53d3514f8b72062fdf30d1b9ba80f170f66821 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 28 16:22:32 2023 +1200 auth/credentials: Add set_nt_hash() This method allows setting the NT hash directly. This is useful in cases where we don’t know the password, such as with a computer or server account. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 506c2d1b8a3cc11b437052321818ea67c83cc583 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 28 09:41:59 2023 +1200 s3:lib: Fix typos These typos were also spotted by a mailing list user: https://lists.samba.org/archive/samba-technical/2023-April/138190.html Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6f1852c95387a4cd83bd91f405ab6989c779948f Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:25:23 2023 +1200 s4:kdc: Remove unused parameter Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 87f7bd60071219dad586ce91a0febd2c72da3bce Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:23:36 2023 +1200 tests/krb5: Make _tgs_req() more configurable Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9d206948c9cf72a83be25e496f9bd0c15ed575f9 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:22:38 2023 +1200 tests/krb5: Make use of check_tgs_reply() Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ab8a3e87bbe4d1f46aca3895dc3d91277eb28486 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:20:25 2023 +1200 tests/krb5: Allow specifying an encoded security descriptor If we get a string, we’ll still assume it’s a DN and create a security descriptor using it. This is useful in cases where we don’t have a DN (e.g., the account is not created yet). Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9d84f3384e6605e2c48a3ece0b0b50a751f73295 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:18:32 2023 +1200 tests/krb5: Rename ‘objectclass’ to use correct case This means that tests can now specify values for ‘objectClass’ in additional_details which override the default value. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 0a7cbe1e953084ef004dffcadcf8436026604820 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:16:44 2023 +1200 tests/krb5: Rename ‘auth_silo’ to ‘authn_silo’ Make it clear that this relates to authentication, not authorization. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2f993306408b69b8469a5387e5e609bd1bc0b983 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 15:17:18 2023 +1200 s4/scripting/bin: Remove unused imports Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2727e33dbdb6b4f8464d93ca6358fcbb0180ab31 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 15:15:03 2023 +1200 s4/scripting/bin: Fix resource leak Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 37450ec3c2c263f0810801448b445e57dbfbb56a Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 13:48:53 2023 +1200 s4:kdc: Fix typo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3ae3499b70bc602c052815a8ec9cb09d9270ae5e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 10:44:12 2023 +1200 tests/krb5: Create account cache key only if needed Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4dc9abc777ba923074a840266f944db3789aa3c0 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 10:43:01 2023 +1200 tests/krb5: Delete non-resuable accounts as soon as possible This helps to mitigate Samba’s slow account deletion. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9c4a71de4722064cb0b1c46ac32204d5761fdaec Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Apr 26 12:52:06 2023 +1200 s4:kdc: Use correct target principal name in log message ‘tmp’ has already been freed by this point. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 86f07cad945a64c14a492f6ebf5cc3700a0f7ea7 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 24 12:53:12 2023 +1200 docs-xml: Fix typos Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit db889249abbab81964e1cb3033b6a08b7a6361f4 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 24 11:13:38 2023 +1200 auth/credentials: Fix NULL dereference We should not pass a NULL pointer to netlogon_creds_session_encrypt(). Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit bd9eb63450ff45a9c3d49ca5c9f7b2c8aaa2060b Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 21 13:25:58 2023 +1200 tests/krb5: Refactor _test_samlogon() Move logic specific to the Network logon into that branch, so it’s easier to see what’s going on. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 443d70ee58f3dec05ddede22c33fec0860f52864 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 20 10:44:41 2023 +1200 lib:util: Fix undefined bitshift runtime error: left shift of 65535 by 16 places cannot be represented in type 'int' Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit dd88d7a89f2896a4535fe61cce44076888cbaef6 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 20 09:20:38 2023 +1200 param: Fix resource leak Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d497829bf1abd37eb87896d7826e00d41767ae20 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 20 09:03:46 2023 +1200 python/samba: Fix invalid escape sequence Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2e41c73e98eb654f1982c834d8913dc055fcf28e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Apr 19 15:44:11 2023 +1200 lib/http: Remove unused structure This is just a typo of ‘struct loadparm_context’. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c6f29f0039ca9fb29f5882bb89f1c395c60ab9ee Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Apr 19 13:01:55 2023 +1200 tests/krb5: Allow setting a servicePrincipalName on a user account Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 4ae9fe48aa8d552246474a204613f75f07f19a15 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Apr 19 13:00:53 2023 +1200 tests/krb5: Fix parameter default Now that add_dollar is honoured for all account types, we don’t want to pass add_dollar=True for user accounts. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 57d73b24b2ec26b38f5783a9dc39446580afa205 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Apr 19 10:50:23 2023 +1200 tests/krb5: Remove unused parameter Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1a90a94ff1dec39cc50c991a16cc3f589dfa0b33 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 14 11:53:13 2023 +1200 tests/krb5: Test that the salt for a managed service account is computed correctly Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 762e184216fd9b809a05bf040ace23e229cbb410 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 14 11:51:31 2023 +1200 tests/krb5: Allow creating managed service accounts These will be useful for testing authentication policies. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c7295b1dc5431a7d5b1a532141e008e8af36b1cc Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:13:55 2023 +1200 pydsdb: Add Managed Service Accounts GUID constant Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2f5cebfef92701c37515262b587f411c2b8df418 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 27 16:12:30 2023 +1200 libds: Add Managed Service Accounts well-known GUID Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 8a3dacd39ec60b3132c7151da82c22e5c26fa17e Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 14 11:49:41 2023 +1200 tests/krb5: Always heed the add_dollar parameter Not just if the account to be created is a computer. This allows us to create other types of accounts with a trailing dollar. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 1ba0953d65b238cd1c0545052008aa53fea50433 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 13 14:13:43 2023 +1200 tests/krb5: Remove unused import Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 07f3dbbf38ef1b42e58baeb9304fb23aecdd46da Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue Apr 11 09:46:37 2023 +1200 s4:dsdb: Fix leak Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 722bbf0544a5c22c7e892227fc26858c14723e19 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 6 11:47:17 2023 +1200 tests/krb5: Remove unneeded assertions Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit eb4b46d326ee53d4c275d7f72b07650af589e9fa Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Wed Apr 5 11:21:39 2023 +1200 tests/krb5: Allow creating an account with an assigned policy or silo Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e7b2cd7d8315a5f182acba99b5c986f8b5a6186d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 3 11:23:10 2023 +1200 tests/krb5: Add method to create an authentication policy Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c4972272227696dfd5848db3897f1128f2817995 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 24 19:55:03 2022 +1200 tests/krb5: Generify protected users test methods We can reuse them to test accounts restricted authentication in some form or another. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6f3b7f95f3cc093175507e9eb079cc8241dadedf Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 24 19:11:22 2022 +1200 tests/krb5: Handle NT hashes being disabled If NT hashes are disabled, we should not expect the RC4 enctype to be available for non-computer accounts. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit e4ec3d6f3d3f3b5a9c6f37d78ab3f41daff5d49a Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Apr 6 11:09:31 2023 +1200 tests/krb5: Pass client credentials down into kdc_exchange_dict These are useful inside the test infrastructure. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit c07ac154627b10c177befc4e3fd8b3fec2702707 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Tue May 24 19:36:30 2022 +1200 tests/krb5: Remove test for OemChangePasswordUser2() We don’t implement this anymore (since commit 0f53bfe7230c5e76f7ceb8baf98a9ef38a35356f). Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 58bf53c973dce8a1e492c70d072a3c1cc239ae7c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri May 6 15:24:21 2022 +1200 tests/krb5: Split out functions for testing logons and password changes This allows their use for testing other forms of restricted accounts. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 34f378f48095419d11137b0719fdaeaaba5591c7 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Fri Apr 29 11:51:18 2022 +1200 auth/credentials: Allow resetting bind DN on Credentials object Passing None into set_bind_dn() now resets it. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 963688b3a5acbf0714377b4b17e5cbbbd31e50d9 Author: Andrew Bartlett <abart...@samba.org> Date: Mon May 1 14:30:31 2023 +1200 librpc: Always call ndr_push_compression_state_init() for compression This allows the push routine to cache the chosen compression algorithm in the struct ndr_compression_state in ndr->cstate and so, in claims, avoid calling ndr_size_CLAIMS_SET_NDR() three times per compression (more in the overall push). As claims is now the primary use of the libndr compression code, this is a reasonable tradeoff compared to the other callers who have more static algorithm selections. By removing the struct ndr_compression_state **state argument from ndr_push_compression_state_init() we make clear that the ndr->cstate belongs to this NDR context, and this context alone. Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit ff2de50aa4bf086880ab8cd1c2aee7e998c2c22a Author: Andrew Bartlett <abart...@samba.org> Date: Mon May 1 14:13:15 2023 +1200 librpc: Fix talloc hierarchy for ndr_compression_state The complexity of generic_mszip_free() is not needed, nor is a talloc destructor required if the memory is correctly created in a tree. Credit to OSS-Fuzz for showing the use-after-free REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57608 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15349 Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Joseph Sutton <josephsut...@catalyst.net.nz> commit 7dab9edca86c3ee76173eecba2c3b46869f25e64 Author: Stefan Metzmacher <me...@samba.org> Date: Mon Apr 17 09:22:21 2023 +0000 python:descriptor: add missing schema 2019 aces in builtin and dns partition Note 'samba-tool domain functionalprep' won't fix them in the database, while a fresh provision will add these. This is needed in order that 'samba-tool dbcheck --reset-well-known-acls' won't reset them after a modern provision and will fix them on an old domain. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: auth/credentials/pycredentials.c | 40 +- docs-xml/manpages/idmap_script.8.xml | 2 +- docs-xml/manpages/idmap_tdb.8.xml | 2 +- docs-xml/manpages/idmap_tdb2.8.xml | 4 +- lib/addns/dnsmarshall.c | 4 +- lib/util/byteorder.h | 2 +- libcli/http/http.h | 1 - libds/common/flags.h | 1 + librpc/ndr/ndr_cab.c | 16 +- librpc/ndr/ndr_compression.c | 84 +--- librpc/ndr/ndr_compression.h | 9 +- librpc/ndr/ndr_drsuapi.c | 40 +- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 +- python/samba/descriptor.py | 8 + python/samba/ms_forest_updates_markdown.py | 2 +- python/samba/tests/krb5/as_req_tests.py | 6 +- python/samba/tests/krb5/claims_tests.py | 7 +- python/samba/tests/krb5/device_tests.py | 1 + python/samba/tests/krb5/etype_tests.py | 18 +- python/samba/tests/krb5/fast_tests.py | 2 + python/samba/tests/krb5/group_tests.py | 7 +- python/samba/tests/krb5/kdc_base_test.py | 495 +++++++++++++++++---- python/samba/tests/krb5/kdc_tgs_tests.py | 324 +++++++------- python/samba/tests/krb5/lockout_tests.py | 3 +- .../krb5/ms_kile_client_principal_lookup_tests.py | 20 +- python/samba/tests/krb5/protected_users_tests.py | 171 ++----- python/samba/tests/krb5/raw_testcase.py | 43 +- python/samba/tests/krb5/salt_tests.py | 142 ++++++ python/samba/tests/krb5/spn_tests.py | 2 +- script/generate_param.py | 4 +- source3/lib/adouble.c | 4 +- source4/dsdb/pydsdb.c | 1 + source4/dsdb/samdb/ldb_modules/password_hash.c | 1 + source4/kdc/db-glue.c | 2 +- source4/kdc/kpasswd-service.c | 8 +- source4/kdc/mit_samba.c | 2 - source4/kdc/pac-glue.c | 3 - source4/kdc/pac-glue.h | 1 - source4/kdc/wdc-samba4.c | 3 +- source4/scripting/bin/gen_hresult.py | 2 +- source4/scripting/bin/gen_ntstatus.py | 9 +- 41 files changed, 987 insertions(+), 515 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/credentials/pycredentials.c b/auth/credentials/pycredentials.c index 013d2958ea2..b87cdc06a93 100644 --- a/auth/credentials/pycredentials.c +++ b/auth/credentials/pycredentials.c @@ -389,7 +389,7 @@ static PyObject *py_creds_set_bind_dn(PyObject *self, PyObject *args) PyErr_Format(PyExc_TypeError, "Credentials expected"); return NULL; } - if (!PyArg_ParseTuple(args, "s", &newval)) + if (!PyArg_ParseTuple(args, "z", &newval)) return NULL; return PyBool_FromLong(cli_credentials_set_bind_dn(creds, newval)); @@ -546,6 +546,32 @@ static PyObject *py_creds_get_nt_hash(PyObject *self, PyObject *unused) return ret; } +static PyObject *py_creds_set_nt_hash(PyObject *self, PyObject *args) +{ + PyObject *py_cp = Py_None; + const struct samr_Password *pwd = NULL; + enum credentials_obtained obt = CRED_SPECIFIED; + int _obt = obt; + struct cli_credentials *creds = PyCredentials_AsCliCredentials(self); + if (creds == NULL) { + PyErr_Format(PyExc_TypeError, "Credentials expected"); + return NULL; + } + + if (!PyArg_ParseTuple(args, "O|i", &py_cp, &_obt)) { + return NULL; + } + obt = _obt; + + pwd = pytalloc_get_type(py_cp, struct samr_Password); + if (pwd == NULL) { + /* pytalloc_get_type sets TypeError */ + return NULL; + } + + return PyBool_FromLong(cli_credentials_set_nt_hash(creds, pwd, obt)); +} + static PyObject *py_creds_get_kerberos_state(PyObject *self, PyObject *unused) { int state; @@ -1033,6 +1059,11 @@ static PyObject *py_creds_encrypt_samr_password(PyObject *self, return NULL; } + if (creds->netlogon_creds == NULL) { + PyErr_Format(PyExc_ValueError, "NetLogon credentials not set"); + return NULL; + } + if (!PyArg_ParseTuple(args, "O", &py_cp)) { return NULL; } @@ -1384,6 +1415,13 @@ static PyMethodDef py_creds_methods[] = { .ml_meth = py_creds_get_nt_hash, .ml_flags = METH_NOARGS, }, + { + .ml_name = "set_nt_hash", + .ml_meth = py_creds_set_nt_hash, + .ml_flags = METH_VARARGS, + .ml_doc = "S.set_net_sh(samr_Password[, credentials.SPECIFIED]) -> bool\n" + "Change NT hash.", + }, { .ml_name = "get_kerberos_state", .ml_meth = py_creds_get_kerberos_state, diff --git a/docs-xml/manpages/idmap_script.8.xml b/docs-xml/manpages/idmap_script.8.xml index 2e7f2be59fd..5ed1390346d 100644 --- a/docs-xml/manpages/idmap_script.8.xml +++ b/docs-xml/manpages/idmap_script.8.xml @@ -109,7 +109,7 @@ <title>EXAMPLES</title> <para> - This example shows how script is used as a the default idmap backend + This example shows how script is used as the default idmap backend using an external program via the script parameter: </para> diff --git a/docs-xml/manpages/idmap_tdb.8.xml b/docs-xml/manpages/idmap_tdb.8.xml index fccb8385722..a99830d6d9e 100644 --- a/docs-xml/manpages/idmap_tdb.8.xml +++ b/docs-xml/manpages/idmap_tdb.8.xml @@ -49,7 +49,7 @@ <title>EXAMPLES</title> <para> - This example shows how tdb is used as a the default idmap backend. + This example shows how tdb is used as the default idmap backend. This configured range is used for uid and gid allocation. </para> diff --git a/docs-xml/manpages/idmap_tdb2.8.xml b/docs-xml/manpages/idmap_tdb2.8.xml index 253b016f246..ee253ce8925 100644 --- a/docs-xml/manpages/idmap_tdb2.8.xml +++ b/docs-xml/manpages/idmap_tdb2.8.xml @@ -101,7 +101,7 @@ <title>EXAMPLES</title> <para> - This example shows how tdb2 is used as a the default idmap backend. + This example shows how tdb2 is used as the default idmap backend. </para> <programlisting> @@ -111,7 +111,7 @@ </programlisting> <para> - This example shows how tdb2 is used as a the default idmap backend + This example shows how tdb2 is used as the default idmap backend using an external program via the script parameter: </para> diff --git a/lib/addns/dnsmarshall.c b/lib/addns/dnsmarshall.c index 6c93b98144f..c95420304f0 100644 --- a/lib/addns/dnsmarshall.c +++ b/lib/addns/dnsmarshall.c @@ -88,7 +88,9 @@ void dns_marshall_buffer(struct dns_buffer *buf, const uint8_t *data, buf->data = new_data; } - memcpy(buf->data + buf->offset, data, len); + if (data != NULL) { + memcpy(buf->data + buf->offset, data, len); + } buf->offset += len; return; } diff --git a/lib/util/byteorder.h b/lib/util/byteorder.h index 26268ac93cd..e8664e95538 100644 --- a/lib/util/byteorder.h +++ b/lib/util/byteorder.h @@ -138,7 +138,7 @@ it also defines lots of intermediate macros, just ignore those :-) /* now the reverse routines - these are used in nmb packets (mostly) */ #define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) -#define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) +#define IREV(x) ((SREV((uint32_t)x)<<16) | (SREV(((uint32_t)x)>>16))) #define BREV(x) ((IREV((uint64_t)x)<<32) | (IREV(((uint64_t)x)>>32))) /**************************************************************************** diff --git a/libcli/http/http.h b/libcli/http/http.h index f2196031f03..89415470134 100644 --- a/libcli/http/http.h +++ b/libcli/http/http.h @@ -46,7 +46,6 @@ #define HTTP_MAX_HEADER_SIZE 0x1FFFF struct cli_credentials; -struct loadparm_ctx; enum http_cmd_type { HTTP_REQ_GET = 1 << 0, diff --git a/libds/common/flags.h b/libds/common/flags.h index c013d2f0f25..e8e5d625b5e 100644 --- a/libds/common/flags.h +++ b/libds/common/flags.h @@ -233,6 +233,7 @@ #define DS_GUID_PROGRAM_DATA_CONTAINER "09460C08AE1E4A4EA0F64AEE7DAA1E5A" #define DS_GUID_SYSTEMS_CONTAINER "AB1D30F3768811D1ADED00C04FD8D5CD" #define DS_GUID_USERS_CONTAINER "A9D1CA15768811D1ADED00C04FD8D5CD" +#define DS_GUID_MANAGED_SERVICE_ACCOUNTS_CONTAINER "1EB93889E40C45DF9F0C64D23BBB6237" /* wellknown GUIDs for optional directory features */ #define DS_GUID_FEATURE_RECYCLE_BIN "766ddcd8-acd0-445e-f3b9-a7f9b6744f2a" diff --git a/librpc/ndr/ndr_cab.c b/librpc/ndr/ndr_cab.c index ac8565fd1e0..3efb14fc874 100644 --- a/librpc/ndr/ndr_cab.c +++ b/librpc/ndr/ndr_cab.c @@ -132,7 +132,7 @@ static enum ndr_err_code ndr_push_folder_cfdata(struct ndr_push *ndr, if (cab_ctype == CF_COMPRESS_MSZIP) { ndr_ctype = NDR_COMPRESSION_MSZIP_CAB; - NDR_CHECK(ndr_push_compression_state_init(ndr, ndr_ctype, &ndr->cstate)); + NDR_CHECK(ndr_push_compression_state_init(ndr, ndr_ctype)); } for (i = 0; i < num_cfdata; i++, r++) { @@ -189,11 +189,18 @@ static enum ndr_err_code ndr_push_folder_cfdata(struct ndr_push *ndr, /* compress via subcontext */ NDR_CHECK(ndr_push_subcontext_start(ndr, &push_sub, 0, -1)); + + /* + * This assignment replaces a call to + * ndr_push_compression_state_init(push_sub, ndr_ctype)) + * here. This is instead done outside the loop. + */ push_sub->cstate = ndr->cstate; - NDR_CHECK(ndr_push_compression_start(push_sub, &push_compress, ndr_ctype)); + + NDR_CHECK(ndr_push_compression_start(push_sub, &push_compress)); ndr_set_flags(&push_compress->flags, LIBNDR_FLAG_REMAINING); NDR_CHECK(ndr_push_DATA_BLOB(push_compress, NDR_SCALARS, r->ab)); - NDR_CHECK(ndr_push_compression_end(push_sub, push_compress, ndr_ctype)); + NDR_CHECK(ndr_push_compression_end(push_sub, push_compress)); NDR_CHECK(ndr_push_subcontext_end(ndr, push_sub, 0, -1)); compressed_length = push_sub->offset; @@ -369,8 +376,7 @@ static enum ndr_err_code ndr_pull_folder_cfdata(struct ndr_pull *ndr, } } - ndr_pull_compression_state_free(ndr->cstate); - ndr->cstate = NULL; + TALLOC_FREE(ndr->cstate); return NDR_ERR_SUCCESS; } diff --git a/librpc/ndr/ndr_compression.c b/librpc/ndr/ndr_compression.c index 1133d5216db..4c961f84f4e 100644 --- a/librpc/ndr/ndr_compression.c +++ b/librpc/ndr/ndr_compression.c @@ -898,10 +898,10 @@ enum ndr_err_code ndr_pull_compression_end(struct ndr_pull *subndr, push a compressed subcontext */ enum ndr_err_code ndr_push_compression_start(struct ndr_push *subndr, - struct ndr_push **_uncomndr, - enum ndr_compression_alg compression_alg) + struct ndr_push **_uncomndr) { struct ndr_push *uncomndr; + enum ndr_compression_alg compression_alg = subndr->cstate->type; switch (compression_alg) { case NDR_COMPRESSION_NONE: @@ -928,13 +928,14 @@ enum ndr_err_code ndr_push_compression_start(struct ndr_push *subndr, push a compressed subcontext */ enum ndr_err_code ndr_push_compression_end(struct ndr_push *subndr, - struct ndr_push *uncomndr, - enum ndr_compression_alg compression_alg) + struct ndr_push *uncomndr) { struct ndr_pull *ndrpull; bool last = false; z_stream z; + enum ndr_compression_alg compression_alg = subndr->cstate->type; + ndrpull = talloc_zero(uncomndr, struct ndr_pull); NDR_ERR_HAVE_NO_MEMORY(ndrpull); ndrpull->flags = uncomndr->flags; @@ -977,36 +978,24 @@ enum ndr_err_code ndr_push_compression_end(struct ndr_push *subndr, return NDR_ERR_SUCCESS; } -static enum ndr_err_code generic_mszip_init(TALLOC_CTX *mem_ctx, - struct ndr_compression_state *state) +static enum ndr_err_code generic_mszip_init(struct ndr_compression_state *state) { - z_stream *z = talloc_zero(mem_ctx, z_stream); + z_stream *z = talloc_zero(state, z_stream); NDR_ERR_HAVE_NO_MEMORY(z); z->zalloc = ndr_zlib_alloc; z->zfree = ndr_zlib_free; - z->opaque = mem_ctx; + z->opaque = state; state->alg.mszip.z = z; state->alg.mszip.dict_size = 0; /* pre-alloc dictionary */ - state->alg.mszip.dict = talloc_array(mem_ctx, uint8_t, 0x8000); + state->alg.mszip.dict = talloc_array(state, uint8_t, 0x8000); NDR_ERR_HAVE_NO_MEMORY(state->alg.mszip.dict); return NDR_ERR_SUCCESS; } -static void generic_mszip_free(struct ndr_compression_state *state) -{ - if (state == NULL) { - return; - } - - TALLOC_FREE(state->alg.mszip.z); - TALLOC_FREE(state->alg.mszip.dict); -} - - enum ndr_err_code ndr_pull_compression_state_init(struct ndr_pull *ndr, enum ndr_compression_alg compression_alg, struct ndr_compression_state **state) @@ -1025,7 +1014,7 @@ enum ndr_err_code ndr_pull_compression_state_init(struct ndr_pull *ndr, case NDR_COMPRESSION_XPRESS_HUFF_RAW: break; case NDR_COMPRESSION_MSZIP_CAB: - NDR_CHECK(generic_mszip_init(ndr, s)); + NDR_CHECK(generic_mszip_init(s)); z_ret = inflateInit2(s->alg.mszip.z, -MAX_WBITS); if (z_ret != Z_OK) { return ndr_pull_error(ndr, NDR_ERR_COMPRESSION, @@ -1045,51 +1034,18 @@ enum ndr_err_code ndr_pull_compression_state_init(struct ndr_pull *ndr, return NDR_ERR_SUCCESS; } -void ndr_pull_compression_state_free(struct ndr_compression_state *state) -{ - if (state == NULL) { - return; - } - - switch (state->type) { - case NDR_COMPRESSION_NONE: - case NDR_COMPRESSION_MSZIP: - case NDR_COMPRESSION_XPRESS: - case NDR_COMPRESSION_XPRESS_HUFF_RAW: - break; - case NDR_COMPRESSION_MSZIP_CAB: - generic_mszip_free(state); - break; - default: - break; - } - TALLOC_FREE(state); -} - -static int ndr_push_compression_state_free(struct ndr_compression_state *state) -{ - switch (state->type) { - case NDR_COMPRESSION_NONE: - case NDR_COMPRESSION_MSZIP: - case NDR_COMPRESSION_XPRESS: - case NDR_COMPRESSION_XPRESS_HUFF_RAW: - break; - case NDR_COMPRESSION_MSZIP_CAB: - generic_mszip_free(state); - break; - default: - break; - } - return 0; -} - enum ndr_err_code ndr_push_compression_state_init(struct ndr_push *ndr, - enum ndr_compression_alg compression_alg, - struct ndr_compression_state **state) + enum ndr_compression_alg compression_alg) { struct ndr_compression_state *s; int z_ret; + /* + * Avoid confusion, NULL out ndr->cstate at the start of the + * compression block + */ + ndr->cstate = NULL; + s = talloc_zero(ndr, struct ndr_compression_state); NDR_ERR_HAVE_NO_MEMORY(s); s->type = compression_alg; @@ -1109,7 +1065,7 @@ enum ndr_err_code ndr_push_compression_state_init(struct ndr_push *ndr, case NDR_COMPRESSION_MSZIP: break; case NDR_COMPRESSION_MSZIP_CAB: - NDR_CHECK(generic_mszip_init(ndr, s)); + NDR_CHECK(generic_mszip_init(s)); z_ret = deflateInit2(s->alg.mszip.z, Z_DEFAULT_COMPRESSION, Z_DEFLATED, @@ -1129,9 +1085,7 @@ enum ndr_err_code ndr_push_compression_state_init(struct ndr_push *ndr, break; } - talloc_set_destructor(s, ndr_push_compression_state_free); - - *state = s; + ndr->cstate = s; return NDR_ERR_SUCCESS; } diff --git a/librpc/ndr/ndr_compression.h b/librpc/ndr/ndr_compression.h index 7f938523ada..3d335b2befd 100644 --- a/librpc/ndr/ndr_compression.h +++ b/librpc/ndr/ndr_compression.h @@ -42,19 +42,16 @@ enum ndr_err_code ndr_pull_compression_end(struct ndr_pull *subndr, enum ndr_compression_alg compression_alg, ssize_t decompressed_len); enum ndr_err_code ndr_push_compression_start(struct ndr_push *subndr, - struct ndr_push **_uncomndr, - enum ndr_compression_alg compression_alg); + struct ndr_push **_uncomndr); enum ndr_err_code ndr_push_compression_end(struct ndr_push *subndr, - struct ndr_push *uncomndr, - enum ndr_compression_alg compression_alg); + struct ndr_push *uncomndr); enum ndr_err_code ndr_pull_compression_state_init(struct ndr_pull *ndr, enum ndr_compression_alg compression_alg, struct ndr_compression_state **state); void ndr_pull_compression_state_free(struct ndr_compression_state *state); enum ndr_err_code ndr_push_compression_state_init(struct ndr_push *ndr, - enum ndr_compression_alg compression_alg, - struct ndr_compression_state **state); + enum ndr_compression_alg compression_alg); #undef _PRINTF_ATTRIBUTE #define _PRINTF_ATTRIBUTE(a1, a2) diff --git a/librpc/ndr/ndr_drsuapi.c b/librpc/ndr/ndr_drsuapi.c index 0732ee3c6f4..c07ba48ff4b 100644 --- a/librpc/ndr/ndr_drsuapi.c +++ b/librpc/ndr/ndr_drsuapi.c @@ -216,10 +216,11 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesMSZIPCtr1(struct ndr_push *ndr, NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr1TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); decompressed_length = _ndr_ts_compressed->offset; - NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed)); } compressed_length = _ndr_ts->offset; talloc_free(_ndr_ts); @@ -237,9 +238,10 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesMSZIPCtr1(struct ndr_push *ndr, NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr1TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); - NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed)); } NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_ts, 4, -1)); } @@ -259,10 +261,11 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesMSZIPCtr6(struct ndr_push *ndr, NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr6TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); decompressed_length = _ndr_ts_compressed->offset; - NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed)); } compressed_length = _ndr_ts->offset; talloc_free(_ndr_ts); @@ -280,9 +283,10 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesMSZIPCtr6(struct ndr_push *ndr, NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr6TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); - NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed, NDR_COMPRESSION_MSZIP)); + NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed)); } NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_ts, 4, -1)); } @@ -302,10 +306,11 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr1(struct NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr1TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); decompressed_length = _ndr_ts_compressed->offset; - NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed)); } compressed_length = _ndr_ts->offset; talloc_free(_ndr_ts); @@ -323,9 +328,10 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr1(struct NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr1TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); - NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_end(_ndr_ts, _ndr_ts_compressed)); } NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_ts, 4, -1)); } @@ -345,10 +351,11 @@ enum ndr_err_code ndr_push_drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr6(struct NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_ts, 4, -1)); { struct ndr_push *_ndr_ts_compressed; - NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_state_init(_ndr_ts, NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2)); + NDR_CHECK(ndr_push_compression_start(_ndr_ts, &_ndr_ts_compressed)); NDR_CHECK(ndr_push_drsuapi_DsGetNCChangesCtr6TS(_ndr_ts_compressed, NDR_SCALARS|NDR_BUFFERS, r->ts)); decompressed_length = _ndr_ts_compressed->offset; -- Samba Shared Repository