[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4486d686f5c gp: Add site-dn fallback when rpc call fails via c80affe0f19 Add a WHATSNEW entry indicating libgpo py deprecation via ee04bafc25c gpo: Group Policy tests require a s3 loadparam via ac4726106c6 gpupdate: Deprecate libgpo.get_gpo_list via a8bad5d5b85 gpupdate: Implement get_gpo_list in python via 848bce061af libcli/security/tests: test strings for windows and samba SDDL tests via d36bab52d0f s3/utils: when encoding ace string use "FA", "FR", "FW", "FX" string rights via 0a153c1d58d s3/utils: value for ace_flags value "FA" is incorrect via 9fc6062bd3b pytest:sddl: show the correct handling of the "FA" SDDL flag via 334afc7157e pytest:sddl Samba had the wrong value for FA, now fix the tests via c0d477738ea libcli:security:sddl: accept only 8-4-4-4-12 GUIDs via 4c1d9e92e11 pytest:large_ldap: use a valid ACE via 2e90ba7ec6f pytest:sddl: test we only accept normal GUIDs via 46793d384e9 libcli:security:sddl_decode_access allows spaces between flags via ec2d2f8ea83 pytest:sddl: tests around spaces in access flags and SIDs via 0528da54b8c pytest:sddl debugging: should_fail test says how it failed via e7445aa677f libcli:security: sddl_decode_ace: don't allow junk after SID via c67f2292cba libcli/security: sddl_decode_access rejects trailing rubbish via faf1b80a900 libcli:security: sddl_map_flags rejects trailing nonsense via 96fe7ebe3f3 s3:torture: sid2unixid2: DEBUG blames the right function via 396d2805465 s3:torture:LOCAL-IDMAP-TDB-COMMON: avoid talloc stacktrace via 1d9712283bf pytest:sddl: add tests for long DACLs, differing flag interpretations via de6d4700630 pytest:sddl: let hex numbers differ in case (0xa == 0xA) via 030ce22f525 pytest:sddl: helpers to exchange SDDL strings with Windows testprogram via d9e1fa34563 libcli/security: SDDL parse tests to run on Windows via 97353c00917 pytest:sddl: SDDL strings where Windows behaviour differs via fb588d768be pytest:sddl: Add negative tests of unparseable strings via a2009b56b51 pytest:sddl: allow tests to make negative assertions via ba6f4013401 pytest:sddl: split each string into it's own test via eac400b4dbe pytest:sddl: tweak some test strings via 4652d2766a7 pytest/sddl: split tests into canonical and non-canonical via 1107952c2b9 pytest/sddl: remove unused imports via ec85c1fdff5 pytest/sddl: rework to allow multiple lists, no early stop via 4a24c520569 pytest/sddl: assert sddl string equality via f87f63997ff pytest/sddl: remove duplicate test case via 298821a8edb pytest/sddl: give test more of a name via 35bf8ff4f46 pytests/sddl: clarify boundaries between sddl cases via 67500da1486 pytest:posixacl: expect canonical ACE flag format via c08959d1358 pytest:samba-tool ntacl: expect canonical ACE flag format via a655e7e4962 py:provision: use canonical representation of ACE flags via e521b0a26a9 pytest:ntacls: adapt for canonical flag format via 82b3281fffb s3:test_larg_acl: adapt for the canonical ACE flags format via 75a089dc467 test:bb/samba-tool ntacl: let return acl flag lack hex padding via 16d2687cc7f libcli/security: do not pad sddl flags with zeros via 251da186bf4 libcli/security: ace type is not enum not flags via 56da318ceea libcli/security: disallow sddl access masks greater than 32 bits via 11add4d631f libcli/security: allow decimal/octal numbers in SDDL access mask via 5abd687fceb lib/sec/sddl: allow empty non-trailing ACL with flags via 7c97df17863 pytest:sddl: test empty DACL with flags via b621c59f64c libcli/sec/sddl decode: allow hex numbers in SIDs via 22fe657c8a2 libcli/sec/sddl decode: don't ignore random junk. via 4f5737cbf29 libcli/security/dom_sid: use (unsigned char) in isdigit() via 1149d391592 libcli/security/dom_sid: hex but not octal is OK for sub-auth via 67ff4ca200e libcli/security: avoid overflow in subauths via b3cff5636bc libcli/security: stricter identauth parsing via 6f37f8324c3 libcli/security: avoid overflow in revision number via 2398faef230 libcli/security/dom_sid: remove a couple of lost comments via fe8ce9e34e3 pytest:sid_strings: Do bad SIDs fail differently in simple-bind? via a4bbd944ee5 pytest:sid_strings: do bad SIDS work in search filters? via 866069172bf pytest:sid_strings: test SID DNs with ldb parsing via 953ad43f15e pytest:sid_strings: test SIDs as search base via f66b0f86883 pytest:sid_strings: Windows and Samba divergent tests via 2d75daa9c4d pytest:sid_strings: test the strings with local parsing via fa04c387403
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dc96e9cfd5d libcli:smb: Fix code spelling via e38f7cf4f19 libcli:security: Fix code spelling via fc7d58ee394 libcli:ldap: Fix code spelling via e3a710f2906 libcli:drsuapi: Fix code spelling via adcc92f8359 libcli:auth: Fix code spelling from 6490ff63552 s3:lib: Give better warnings about corrupted AppleDobule files https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dc96e9cfd5dad8e4586ef6214214f225fdf852c2 Author: Andreas Schneider Date: Thu Apr 27 15:58:18 2023 +0200 libcli:smb: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Thu Apr 27 15:27:21 UTC 2023 on atb-devel-224 commit e38f7cf4f19c545d8fa31bed237427942311480d Author: Andreas Schneider Date: Thu Apr 27 15:56:42 2023 +0200 libcli:security: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit fc7d58ee39449201304771dd628b220e2578858a Author: Andreas Schneider Date: Thu Apr 27 15:54:54 2023 +0200 libcli:ldap: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit e3a710f2906ec263aa87807c9ac1118307f69580 Author: Andreas Schneider Date: Thu Apr 27 15:54:15 2023 +0200 libcli:drsuapi: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke commit adcc92f83594abc3ab98fd0f138cdc76d3d2560d Author: Andreas Schneider Date: Thu Apr 27 15:53:25 2023 +0200 libcli:auth: Fix code spelling Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke --- Summary of changes: libcli/auth/msrpc_parse.c | 2 +- libcli/auth/proto.h | 2 +- libcli/auth/schannel_state_tdb.c | 4 ++-- libcli/auth/session.c | 8 libcli/auth/smbencrypt.c | 2 +- libcli/drsuapi/repl_decrypt.c | 4 ++-- libcli/ldap/tests/ldap_message_test.c | 4 ++-- libcli/security/access_check.c| 2 +- libcli/security/create_descriptor.c | 2 +- libcli/security/object_tree.c | 2 +- libcli/security/privileges.c | 4 ++-- libcli/security/privileges.h | 2 +- libcli/security/security.h| 2 +- libcli/security/security_descriptor.c | 2 +- libcli/security/util_sid.c| 2 +- libcli/smb/smb1cli_close.c| 4 ++-- libcli/smb/smb1cli_create.c | 8 libcli/smb/smb1cli_read.c | 4 ++-- libcli/smb/smb1cli_write.c| 8 libcli/smb/smbXcli_base.c | 6 +++--- libcli/smb/smb_constants.h| 6 +++--- libcli/smb/smb_signing.c | 6 +++--- libcli/smb/tstream_smbXcli_np.c | 2 +- libcli/smb/util.c | 6 +++--- 24 files changed, 47 insertions(+), 47 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/auth/msrpc_parse.c b/libcli/auth/msrpc_parse.c index 86ba2ec00d4..8326261e838 100644 --- a/libcli/auth/msrpc_parse.c +++ b/libcli/auth/msrpc_parse.c @@ -24,7 +24,7 @@ /* this is a tiny msrpc packet generator. I am only using this to - avoid tying this code to a particular varient of our rpc code. This + avoid tying this code to a particular variant of our rpc code. This generator is not general enough for all our rpc needs, its just enough for the spnego/ntlmssp code diff --git a/libcli/auth/proto.h b/libcli/auth/proto.h index f6ca2f1632d..b202542068d 100644 --- a/libcli/auth/proto.h +++ b/libcli/auth/proto.h @@ -224,7 +224,7 @@ bool extract_pwd_blob_from_buffer514(TALLOC_CTX *mem_ctx, /** * @brief Decode AES password buffer to password in the given charset. * - * @param mem_ctx The memory context to allocate the deocded passwrod on. + * @param mem_ctx The memory context to allocate the decoded password on. * * @param in_buffer[514] The in buffer with the decrypted password data. * diff --git a/libcli/auth/schannel_state_tdb.c b/libcli/auth/schannel_state_tdb.c index e0ac8a378a0..ac3654e2c99 100644 --- a/libcli/auth/schannel_state_tdb.c +++ b/libcli/auth/schannel_state_tdb.c @@ -34,7 +34,7 @@ /** Open or create the schannel session store tdb. Non-static so it can - be called from parent processes to corectly handle TDB_CLEAR_IF_FIRST + be called from parent processes to correctly handle TDB_CLEAR_IF_FIRST ***/ struct db_context *open_schannel_session_store(TALLOC_CTX *mem_ctx, @@ -550,7 +550,7 @@ NTSTATUS schannel_save_challenge(struct loadparm_context *lp_ctx, remote machine stored in the schannel database.
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 6490ff63552 s3:lib: Give better warnings about corrupted AppleDobule files via a269ab4a9b5 s3:lib: Move ad_unpack() debug message to notice level from e38f864017a gitlab-ci: Update Fedora to version 38 https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 6490ff635521295b1f55f697f1950e1721d543ca Author: Andreas Schneider Date: Wed Apr 26 08:40:29 2023 +0200 s3:lib: Give better warnings about corrupted AppleDobule files Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Apr 27 09:25:50 UTC 2023 on atb-devel-224 commit a269ab4a9b5c75e41ecb0cba4cfd13d1f1aa2737 Author: Andreas Schneider Date: Wed Apr 26 08:30:38 2023 +0200 s3:lib: Move ad_unpack() debug message to notice level We should give a good warning message one level above. Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett --- Summary of changes: source3/lib/adouble.c | 72 +-- 1 file changed, 47 insertions(+), 25 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/lib/adouble.c b/source3/lib/adouble.c index 062c73ec758..81229310c13 100644 --- a/source3/lib/adouble.c +++ b/source3/lib/adouble.c @@ -967,14 +967,14 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries, */ if (bufsize < (AD_HEADER_LEN + (AD_ENTRY_LEN * nentries))) { - DEBUG(1, ("bad size\n")); + DBG_NOTICE("Bad size\n"); return false; } ad->ad_magic = RIVAL(ad->ad_data, 0); ad->ad_version = RIVAL(ad->ad_data, ADEDOFF_VERSION); if ((ad->ad_magic != AD_MAGIC) || (ad->ad_version != AD_VERSION)) { - DEBUG(1, ("wrong magic or version\n")); + DBG_NOTICE("Wrong magic or version\n"); return false; } @@ -982,8 +982,7 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries, adentries = RSVAL(ad->ad_data, ADEDOFF_NENTRIES); if (adentries != nentries) { - DEBUG(1, ("invalid number of entries: %zu\n", - adentries)); + DBG_NOTICE("Invalid number of entries: %zu\n", adentries); return false; } @@ -995,7 +994,7 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries, len = RIVAL(ad->ad_data, AD_HEADER_LEN + (i * AD_ENTRY_LEN) + 8); if (!eid || eid >= ADEID_MAX) { - DEBUG(1, ("bogus eid %d\n", eid)); + DBG_NOTICE("Bogus eid %d\n", eid); return false; } @@ -1005,16 +1004,22 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries, * ensure the specified offset is within that bound */ if ((off > bufsize) && (eid != ADEID_RFORK)) { - DEBUG(1, ("bogus eid %d: off: %" PRIu32 ", len: %" PRIu32 "\n", - eid, off, len)); + DBG_NOTICE("Fogus eid %d: off: %" PRIu32 + ", len: %" PRIu32 "\n", + eid, + off, + len); return false; } ok = ad_entry_check_size(eid, bufsize, off, len); if (!ok) { - DBG_ERR("bogus eid [%"PRIu32"] bufsize [%zu] " - "off [%"PRIu32"] len [%"PRIu32"]\n", - eid, bufsize, off, len); + DBG_NOTICE("bogus eid [%" PRIu32 "] bufsize [%zu] " + "off [%" PRIu32 "] len [%" PRIu32 "]\n", + eid, + bufsize, + off, + len); return false; } @@ -1022,8 +1027,11 @@ static bool ad_unpack(struct adouble *ad, const size_t nentries, * That would be obviously broken */ if (off > filesize) { - DEBUG(1, ("bogus eid %d: off: %" PRIu32 ", len: %" PRIu32 "\n", - eid, off, len)); + DBG_NOTICE("Bogus eid %d: off: %" PRIu32 + ", len: %" PRIu32 "\n", + eid, + off, + len); return false; } @@ -1032,9 +1040,11 @@ static bool ad_unpack(struct adouble *ad,
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via e38f864017a gitlab-ci: Update Fedora to version 38 via fad7f77d161 selftest:knownfail: Update S4U knownfail for MIT KRB5 1.20 via 60f9396a7d2 wafsamba: Normalize strings in gdb output when comparing ABI via b5e9c2bc0ed s3:torture: Fix possible array out of bounds access via 732efb3d962 s3:torture: Remove trailing white spaces in locktest2.c via 0c6fb4bfb01 dfs_server: Fix debug statement if searched_site is NULL via 3e6a6c00cc0 lib:krb5_wrap: Fix debug statements when princ_s is NULL from 8027283dd7c tests: Test ldap whoami exop https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit e38f864017a06cab61ad878db8bca02b26f2e0d5 Author: Andreas Schneider Date: Thu Apr 20 08:25:31 2023 +0200 gitlab-ci: Update Fedora to version 38 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Apr 27 08:22:58 UTC 2023 on atb-devel-224 commit fad7f77d161e0466edfb58d3ca5968e1a4dc1319 Author: Andreas Schneider Date: Tue Apr 25 07:50:55 2023 +0200 selftest:knownfail: Update S4U knownfail for MIT KRB5 1.20 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett commit 60f9396a7d2211b55d3d91196561678a9f9f6942 Author: Alexander Bokovoy Date: Mon Apr 24 14:29:49 2023 +0200 wafsamba: Normalize strings in gdb output when comparing ABI This fixes an issue with gdb >= 13: libndr.so: symbol ndr_transfer_syntax_ndr64 has changed old_signature: uuid = { time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\314\066" }, if_version = 1 new_signature: uuid = { time_low = 1903232307, time_mid = 48826, time_hi_and_version = 18743, clock_seq = "\203\031", node = "\265\333\357\234\3146" }, if_version = 1 \314\066 and \3146 are the same as \066 translates into the char '6'. In order to address this we should do byte comparison in python. Pair-Programmed-With: Andreas Schneider Signed-off-by: Andreas Schneider Signed-off-by: Alexander Bokovoy Reviewed-by: Andrew Bartlett commit b5e9c2bc0ed5d24aa994a3f278e31aba4d4f58a6 Author: Andreas Schneider Date: Thu Apr 20 13:29:27 2023 +0200 s3:torture: Fix possible array out of bounds access In function ‘test_one’, inlined from ‘retest’ at source3/torture/locktest2.c:401:8: source3/torture/locktest2.c:331:37: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=] 331 | fnum[server][fstype][conn][f] = try_open(cli[server][conn], nfs[server], fstype, FILENAME, | ^~~~ source3/torture/locktest2.c: In function ‘retest’: source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’ 390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES], | ^~~~ In function ‘test_one’, inlined from ‘retest’ at source3/torture/locktest2.c:401:8: source3/torture/locktest2.c:316:62: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=] 316 | fnum[server][fstype][conn][f], | ^~~~ source3/torture/locktest2.c: In function ‘retest’: source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’ 390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES], | ^~~~ In function ‘test_one’, inlined from ‘retest’ at source3/torture/locktest2.c:401:8: source3/torture/locktest2.c:300:60: error: array subscript 2 is above array bounds of ‘int[2][2][2]’ [-Werror=array-bounds=] 300 | fnum[server][fstype][conn][f], |^~~~ source3/torture/locktest2.c: In function ‘retest’: source3/torture/locktest2.c:390:23: note: while referencing ‘fnum’ 390 | int fnum[NSERVERS][NUMFSTYPES][NCONNECTIONS][NFILES], | ^~~~ Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett commit 732efb3d9629ba0af602066f134e6519efadcef5 Author: Andreas Schneider Date: Thu Apr 20 13:28:59 2023 +0200 s3:torture: Remove trailing white spaces in