[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 8296b6884df s4:torture: Replace calls to deprecated function via ce176425f8c s4:dsdb: Check return value of allocation functions via 92ad2c7b9b9 s4:dsdb: Fix leaks via 2d9a2c31389 s4:dsdb: Check ldb_binary_encode_string() return value via b5bd55fe85f s4:auth: Check ldb_binary_encode_string() return value via 07e53939dc0 s4-auth: Log correct function name via 21b23a7d5a0 netlogon:schannel: Fix typo via f1281b80c1a samba-tool domain: Run in interactive mode if no args are supplied via f573177c352 python: Safely clear structure members via 8d6e4473409 python:tests: Remove unused variables via 2a8db072934 auth: Return status code if configuration prohibits NTLM via 23a67d59c82 s4-dsdb:large_ldap: Remove unused variables via db5ef4e2bac s4-dsdb:large_ldap: Remove unused imports via 2d1d3b73142 pytest/password_lockout: Remove unused variables via 2b598a4b2e6 pytest/password_lockout: Use correct variable via b5ff0859521 pytest/password_lockout: Use more specific assertion methods via 2236daa7ca7 pytest/password_lockout: Remove unused imports via f9501f2ae4e samba-tool domain: Remove unnecessary variable via 5a2b187819f samba-tool domain: Use result of setup_local_server() instead of object field via 3eb95c8791a s4:dsdb:tests: Refactor security descriptor test via 2e5d08c908b s4:dsdb:tests: Refactor confidential attributes test via 76b15ec145d s4:dsdb:tests: Refactor ACL test via 80431fe7cf5 pyglue: use Py_ssize_t in random data generation functions via cea9b25571f lib:util: prefer size_t for random data generation functions via 72335e742e0 selftest: Change ad_dc environment to be 2016 functional level via 0252941bb36 selftest: Allow provision_ad_dc() to take functional_level as an argument via 287405862b7 selftest: Return fl2008dc to being an alias for ad_dc_ntvfs via cbfcbfb057a Use --base-schema=2008_R2 on ad_dc_ntvfs, which opeates at FL2008 via 8de7d28f3c6 selftest: Move linked_attributes test to ad_dc selftest environment via 9f3dcf0e693 samba-tool domain join: Allow "ad dc functional level" to change which level we claim to be during an AD join via f94f174db45 samba-tool domain provision: Use "ad dc functional level" to control max functional level via 5d5fd0129ac python: Add function to get the functional level as a python intger from smb.conf via e5c3e076c8f param: Add new parameter "ad dc functional level" via 7953a9ba71b samba-tool domain provision: Use common functional_level.string_to_level() via 844eb073767 python: Move helper functions for functional levels into a new file from 59694ad0a4c rpc_server3: Pass winbind_env_set() state through to rpcd_* https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 8296b6884dfcc2b3e94f60b0479ef92a5b50f53e Author: Joseph Sutton Date: Wed May 10 13:06:18 2023 +1200 s4:torture: Replace calls to deprecated function Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed May 17 00:24:38 UTC 2023 on atb-devel-224 commit ce176425f8c66539cf7788902fa116657d2b6448 Author: Joseph Sutton Date: Tue May 9 16:12:03 2023 +1200 s4:dsdb: Check return value of allocation functions Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 92ad2c7b9b9e0b7d49ccbb9bf18b3e5dfed2d299 Author: Joseph Sutton Date: Tue May 9 16:11:37 2023 +1200 s4:dsdb: Fix leaks Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 2d9a2c3138907e789a1fa9b25c8636ad871314fd Author: Joseph Sutton Date: Tue May 9 16:10:59 2023 +1200 s4:dsdb: Check ldb_binary_encode_string() return value Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit b5bd55fe85f9a089b4b8242d73240c6521d3090e Author: Joseph Sutton Date: Tue May 9 15:51:06 2023 +1200 s4:auth: Check ldb_binary_encode_string() return value Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 07e53939dc0e6207c8348cf7c76d34339cb1ce67 Author: Joseph Sutton Date: Tue May 2 12:59:22 2023 +1200 s4-auth: Log correct function name Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit 21b23a7d5a08a65fc13da1dbd1a948fe08648cbb Author: Joseph Sutton Date: Tue May 2 12:51:52 2023 +1200 netlogon:schannel: Fix typo Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett commit f1281b80c1ad68d380ce91c13076f6a60fbc627e Author: Joseph Sutton Date: Wed Apr 26 10:31:51 2023 +1200 samba-tool domain: Run in interactive mode if no args are supplied
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 59694ad0a4c rpc_server3: Pass winbind_env_set() state through to rpcd_* via bb3ea36e100 lib: Add security_token_del_npa_flags() helper function via bdba027a33e rpc: Remove named_pipe_auth_req_info6->need_idle_server via 31180e0e6d9 rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle" via ebbb93cc7a5 rpc: Add global_sid_Samba_NPA_Flags SID via 1d11e0489b2 librpc: Simplify dcerpc_is_transport_encrypted() via 244ee8ad75c smbd: Use security_token_count_flag_sids() in open_np_file() via 5e8c7192ba5 libcli: Add security_token_count_flag_sids() from 6206e15b4de winbind: Fix "wbinfo -u" on a Samba AD DC with >1000 users https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 59694ad0a4cc489f1baa4c2c94c6322c0f22c1df Author: Volker Lendecke Date: Tue Apr 18 12:47:04 2023 +0200 rpc_server3: Pass winbind_env_set() state through to rpcd_* Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back into winbind for getpwnam. We have the "_NO_WINBINDD" environment variable set in winbind itself for this case, but this is lost on the way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass this information to dcerpc_core, where it sets the variable on every call if requested. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224 commit bb3ea36e10079ad9c73c68d7ed8fce51ecb40ebe Author: Volker Lendecke Date: Tue Apr 18 14:32:20 2023 +0200 lib: Add security_token_del_npa_flags() helper function Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit bdba027a33e35aab7bb322bc3167cdd7babfc059 Author: Volker Lendecke Date: Tue Apr 18 12:29:34 2023 +0200 rpc: Remove named_pipe_auth_req_info6->need_idle_server Involves bumping up the version number Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 31180e0e6d9e43d54e7656a56ed3af129f578105 Author: Volker Lendecke Date: Tue Apr 18 12:28:28 2023 +0200 rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle" More code, but will be more flexible in the future. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit ebbb93cc7a57a118b82b8f383d25f1eb022397d6 Author: Volker Lendecke Date: Tue Apr 18 12:09:45 2023 +0200 rpc: Add global_sid_Samba_NPA_Flags SID This will be used as a flexible way to pass per-RPC-connection flags over ncalrpc to the RPC server without having to modify named_pipe_auth_req_info6 every time something new needs to be passed. It's modeled after global_sid_Samba_SMB3. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 1d11e0489b2c91fc05c6befc0463695d7102abcc Author: Volker Lendecke Date: Tue Apr 18 12:04:17 2023 +0200 librpc: Simplify dcerpc_is_transport_encrypted() Simplify logic by using security_token_count_flag_sids() Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 244ee8ad75c2c968997dfdd5eeb9e9cb97a191fb Author: Volker Lendecke Date: Tue Apr 18 12:01:02 2023 +0200 smbd: Use security_token_count_flag_sids() in open_np_file() Simpler logic in the caller Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher commit 5e8c7192ba5469547ba3101885dfbaba2f8181f4 Author: Volker Lendecke Date: Tue Apr 18 11:31:16 2023 +0200 libcli: Add security_token_count_flag_sids() To be used in a few places when checking special-case Samba SIDs. Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361 Signed-off-by: Volker Lendecke Reviewed-by: Stefan Metzmacher --- Summary of changes: libcli/named_pipe_auth/npa_tstream.c | 144 +++ libcli/named_pipe_auth/npa_tstream.h | 4 +- libcli/security/dom_sid.h| 4 + libcli/security/security_token.c | 37 + libcli/security/security_token.h | 9 +++ libcli/security/util_sid.c | 7 ++ librpc/idl/named_pipe_auth.idl | 9 +-- librpc/rpc/dcerpc_helper.c | 25 +++--- librpc/rpc/dcesrv_core.c | 17 + librpc/rpc/dcesrv_core.h |