Joseph Sutton [Wed, 27 Sep 2023 02:16:21 +0000 (15:16 +1300)]
s4:auth: Add parameters for claims and device info to auth_generate_security_token()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 02:20:04 +0000 (15:20 +1300)]
s4:kdc: Reformat function call
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 02:11:20 +0000 (15:11 +1300)]
s4:auth: Reformat function calls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 02:08:26 +0000 (15:08 +1300)]
s4:auth: Rename parameter to match function implementation
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 01:54:06 +0000 (14:54 +1300)]
s4:dsdb: Add session info flag to indicate authentication with a device
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 01:51:36 +0000 (14:51 +1300)]
s4:dsdb: Add parameters for claims and device SIDs to security_token_create()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 10 May 2021 22:27:33 +0000 (10:27 +1200)]
pidl: Parenthesize expression to be cast
We must parenthesize each expression that is to be cast to a specific
type, otherwise the cast will apply to only part of the full expression.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 4 May 2021 02:09:44 +0000 (14:09 +1200)]
ndr: Parenthesize expressions to be cast
We must parenthesize each expression that is to be cast to a specific
type, otherwise the cast will apply to only part of the full expression.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 01:10:44 +0000 (14:10 +1300)]
s4:kdc: Initialize pointer to NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 01:00:07 +0000 (14:00 +1300)]
s4:kdc: Remove unnecessary assignments
These structures have been zero‐initialized already.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 00:59:32 +0000 (13:59 +1300)]
s4:kdc: Check that principal being copied is not NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 00:58:31 +0000 (13:58 +1300)]
s4:kdc: Prefer explicit initialization to ZERO_STRUCTP()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 00:38:36 +0000 (13:38 +1300)]
.gitattributes: Mark large data file as binary
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 00:13:39 +0000 (13:13 +1300)]
lib:krb5_wrap: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 26 Sep 2023 00:34:56 +0000 (13:34 +1300)]
s4:auth: Ensure that some parameters are not NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 30 Jul 2023 22:55:42 +0000 (10:55 +1200)]
libcli/security: Handle new ACE types with sec_ace_object()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 30 Jul 2023 22:52:32 +0000 (10:52 +1200)]
libcli/security: Have security_ace_equal() handle callback and resource ACEs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 19 Jul 2023 00:28:11 +0000 (12:28 +1200)]
libcli/security: Parenthesize macro parameter
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 19 Jul 2023 00:15:15 +0000 (12:15 +1200)]
libcli/security: Conform to Samba’s brace style
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:51:38 +0000 (16:51 +1300)]
s4:torture: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:50:29 +0000 (16:50 +1300)]
s4:ntvfs: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:49:56 +0000 (16:49 +1300)]
s3:smbd: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:49:07 +0000 (16:49 +1300)]
s3:rpc_server: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:39:47 +0000 (16:39 +1300)]
s3:libads: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:45:19 +0000 (16:45 +1300)]
s3:libads: Don’t do first loop iteration if ‘attr’ is NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:39:07 +0000 (16:39 +1300)]
lib/util: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:36:07 +0000 (16:36 +1300)]
ldb: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:32:29 +0000 (16:32 +1300)]
lib/ldb-samba: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 15 Dec 2022 03:04:51 +0000 (16:04 +1300)]
lib:compression: Fix building with FORTIFY_SOURCE=2
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Kacper [Wed, 30 Aug 2023 12:33:49 +0000 (14:33 +0200)]
samba-tool: Fix for gpo restore not working without --tmpdir
cmd_restore depends on cmd_create but the later cleans up
required temp files for cmd_restore to function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15462
RN: Fix for gpo restore not working without --tmpdir
Signed-off-by: Kacper Boström <kacper@kacper.se>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep 29 03:15:18 UTC 2023 on atb-devel-224
Douglas Bagnall [Thu, 28 Sep 2023 23:35:10 +0000 (12:35 +1300)]
libcli/security: fix talloc context for integer values (CID
1545156)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 28 Sep 2023 23:25:21 +0000 (12:25 +1300)]
libcli/security: test_run_condtional_ace: va_end() on errors
CID
1545154, CID
1545155.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 28 Sep 2023 23:24:14 +0000 (12:24 +1300)]
libcli/security: conditional ACEs check again for NULL/empty claims
CID
1545152.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Sep 2023 23:41:02 +0000 (11:41 +1200)]
netcmd: auth: manpage documentation for conditional ace fields
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 28 Sep 2023 02:33:18 +0000 (15:33 +1300)]
netcmd: tests: add some tests for valid and invalid SDDL in cli commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Sep 2023 01:04:14 +0000 (13:04 +1200)]
netcmd: auth: add new SDDL fields to create and modify auth policy commands
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Sep 2023 01:02:21 +0000 (13:02 +1200)]
netcmd: models: add SDDL fields to AuthenticationPolicy model
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Sep 2023 00:52:31 +0000 (12:52 +1200)]
netcmd: models: add SDDL model field
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 28 Sep 2023 02:22:17 +0000 (15:22 +1300)]
netcmd: models: add FieldError subclass which stores the field
This is so that errors on the CLI show the field name
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Wed, 20 Sep 2023 00:50:15 +0000 (12:50 +1200)]
netcmd: models: field to_db_value needs ldb param
Required by SDDL field type added in next commit
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 28 Sep 2023 04:26:22 +0000 (17:26 +1300)]
netcmd: tests: modify auth silo cli tests setup their own test data
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 28 Sep 2023 04:13:15 +0000 (17:13 +1300)]
netcmd: tests: modify auth policy cli tests setup their own test data
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 28 Sep 2023 03:41:57 +0000 (16:41 +1300)]
netcmd: tests: modify claim cli tests setup their own test data
Initially the test data was created in setUp, but it was moved to setUpClass.
The problem with this is tests modifying objects, which could affect the next test.
Create all required data in the test itself for clarity (and also is faster)
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Thu, 28 Sep 2023 01:48:09 +0000 (14:48 +1300)]
netcmd: tests: test that create objects make use of addCleanup
Since the samdb connection is on the class and hangs around between tests, we need to clean up what we created.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 26 Sep 2023 11:20:49 +0000 (00:20 +1300)]
netcmd: tests: tests tidyup and make use of setUpTestData
Still only load the test data once per test class, but much easier to read.
Made several methods static for creating/deleting claims, policies and silos.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 26 Sep 2023 11:01:06 +0000 (00:01 +1300)]
netcmd: tests: make _run a classmethod in SambaToolCmdTest
So that it can be called from setUpClass as well
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Tue, 26 Sep 2023 08:10:33 +0000 (21:10 +1300)]
python: tests: implement setUpTestData overridable class method
On Python 3.6 and 3.7 the addClassCleanup method needs to be implemented, and tearDownClass must be called by setupClass if any exception is raised.
On Python 3.8 and higher, unittest already calls tearDownClass, even if it raises an exception in setUpClass.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Mon, 25 Sep 2023 00:26:19 +0000 (13:26 +1300)]
netcmd: tests: bugfix: argument -U was already in creds so listed twice
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Rob van der Linde [Sun, 24 Sep 2023 23:51:19 +0000 (12:51 +1300)]
netcmd: tests: avoid the need to create a random command in GetSamDB
Also the code that looks over kwargs is somewhat confusing and unnecessary.
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 01:10:16 +0000 (14:10 +1300)]
tests/krb5: Add samba.tests.krb5.conditional_ace_tests
This is a test using conditional ACEs and claims to confirm that we understand
the full end-to-end network behaviour of these all the way from the PAC to the
application in the access check of the KDC.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 28 04:35:05 UTC 2023 on atb-devel-224
Joseph Sutton [Thu, 28 Sep 2023 03:13:08 +0000 (16:13 +1300)]
tests/krb5: Add method to replace client or device claims in a PAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:12:46 +0000 (16:12 +1300)]
tests/krb5: Add method to replace the device SIDs in a PAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:09:06 +0000 (16:09 +1300)]
tests/krb5: Have set_pac_sids() accept lone RIDs as well as full SIDs
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:08:25 +0000 (16:08 +1300)]
tests/krb5: Make optional ‘domain_sid’ parameter to set_pac_sids()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:07:43 +0000 (16:07 +1300)]
tests/krb5: Make optional ‘user_rid’ parameter to set_pac_sids()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:06:01 +0000 (16:06 +1300)]
tests/krb5: Make set_pac_sids() parameters keyword‐only
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 03:03:09 +0000 (16:03 +1300)]
tests/krb5: Allow passing mapping=None to map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 02:51:35 +0000 (15:51 +1300)]
tests/krb5: Don’t bother regenerating the PAC if modify_pac_fn or update_pac_checksums are false
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 01:52:11 +0000 (14:52 +1300)]
tests/krb5: Allow multiple ticket modification functions
This means that callers can specify a stack of possible modifications.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 01:50:39 +0000 (14:50 +1300)]
tests/krb5: Allow filter for tests that crash Windows
Set CRASH_WINDOWS=0 when running against a Windows DC. These crashes are
only possible because we can modify the PAC, but having these tests allows
us to lock down Samba behaviour, so we include them.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 28 Sep 2023 01:49:11 +0000 (14:49 +1300)]
tests/krb5: Allow variation in PADATA_PW_SALT
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 27 Sep 2023 00:43:53 +0000 (13:43 +1300)]
tests/krb5: Sort imports
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
MikeLiu [Wed, 27 Sep 2023 05:46:36 +0000 (13:46 +0800)]
streams_depot: Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Goto done if FSETXATTR SAMBA_XATTR_MARKER failed
Signed-off-by: MikeLiu <mikeliu@qnap.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Sep 27 08:42:25 UTC 2023 on atb-devel-224
Joseph Sutton [Tue, 4 May 2021 03:08:53 +0000 (15:08 +1200)]
librpc: Fix typos in error messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 27 03:38:00 UTC 2023 on atb-devel-224
Joseph Sutton [Fri, 23 Apr 2021 04:37:01 +0000 (16:37 +1200)]
pidl: Use INT_MAX as enum constant for portability
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 10 May 2021 22:29:31 +0000 (10:29 +1200)]
librpc: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 10 May 2021 22:28:07 +0000 (10:28 +1200)]
librpc/ndr: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 10 May 2021 22:27:33 +0000 (10:27 +1200)]
pidl: Use portable format specifiers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 4 May 2021 02:09:44 +0000 (14:09 +1200)]
ndr: Display values for failed range checks
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9914
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 22 Sep 2023 00:16:06 +0000 (12:16 +1200)]
testdata: Mark compression test data as binary
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 03:13:20 +0000 (15:13 +1200)]
s4:auth: Add functions to convert between different claims formats
The new ‘claims_data’ structure can store claims in three different
representations — as an encoded blob, as a CLAIMS_SET structure, or as a
series of CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 claims. Given a set of
claims, the accompanying functions provide a way to convert them into
the desired format.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 03:14:55 +0000 (15:14 +1200)]
s4:auth: Include missing headers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 02:48:02 +0000 (14:48 +1200)]
s4:kdc: Move encode_claims_set() into the auth_session subsystem
Some functions in the auth_session subsystem will need to be able to
call encode_claims_set(). Moving said function lets them do that whilst
avoiding circular dependencies and additional public dependencies.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 02:21:55 +0000 (14:21 +1200)]
s4:auth: Fix ‘user_info_dc_out’ leak
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 02:20:29 +0000 (14:20 +1200)]
s4:auth: Return a talloc‐allocated resource groups structure
Future callers will rely on resource_groups_out being talloc‐allocated.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 02:15:06 +0000 (14:15 +1200)]
s4:auth: Introduce helper variable ‘resource_groups_in’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 21 Sep 2023 02:13:36 +0000 (14:13 +1200)]
s4:auth: Make returning resource groups the last thing we do
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:34:42 +0000 (17:34 +1200)]
s4:torture: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 19:32:30 +0000 (07:32 +1200)]
s4:kdc: Fix ldb_msg_find_krb5time_ldap_time()
strptime() will fail to parse the LDAP ‘whenCreated’ time string,
because the format string is wrong: it will expect to get a time like
“20230920043849Z”, but the time string seems to be actually formatted
“
20230920043849.0Z” — like a GeneralizedTime.
Fix this by delegating to ldb_val_to_time().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 19:40:41 +0000 (07:40 +1200)]
s4:kdc: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:05:43 +0000 (17:05 +1200)]
s3:smbd: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:05:34 +0000 (17:05 +1200)]
s3:rpc_server: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:05:21 +0000 (17:05 +1200)]
s3:passdb: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:05:09 +0000 (17:05 +1200)]
s3:modules: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:04:58 +0000 (17:04 +1200)]
s3:lib: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 05:04:00 +0000 (17:04 +1200)]
lib:audit_logging: Initialize ‘tm’ structure
‘tm’ must be initialized prior to calling strptime().
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 04:20:47 +0000 (16:20 +1200)]
lib/krb5_wrap: Simplify assignments
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 04:02:04 +0000 (16:02 +1200)]
lib/krb5_wrap: Make use of smb_krb5_make_data()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 03:01:26 +0000 (15:01 +1200)]
libcli/security: Test hex‐escapes that should be literals
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 03:00:38 +0000 (15:00 +1200)]
libcli/security: Fix code formatting
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 03:00:10 +0000 (15:00 +1200)]
libcli/security: Use ACL revision constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 02:55:34 +0000 (14:55 +1200)]
libcli/security: Refer to UTF‐16 code units rather than to codepoints
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 02:42:26 +0000 (14:42 +1200)]
libcli/security: Remove unused flag SDDL_FLAG_IS_FAKE_OP
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 02:41:46 +0000 (14:41 +1200)]
libcli/security: Remove unused flag SDDL_FLAG_IS_LITERAL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 02:41:17 +0000 (14:41 +1200)]
libcli/security: Remove unused flag SDDL_FLAG_IS_ATTR
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 20 Sep 2023 02:40:30 +0000 (14:40 +1200)]
libcli/security: Remove unused flag SDDL_FLAG_EXPECTING_END
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 19 Sep 2023 02:28:13 +0000 (14:28 +1200)]
libcli/security: Remove unused macro
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 18 Sep 2023 22:14:29 +0000 (10:14 +1200)]
python:tests: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Sep 2023 03:52:16 +0000 (15:52 +1200)]
s4:auth: Correct error message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 11 Sep 2023 03:28:44 +0000 (15:28 +1200)]
s4:torture: Use SID constants
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>