Joseph Sutton [Thu, 2 Mar 2023 22:48:22 +0000 (11:48 +1300)]
tests/krb5: Add tests for device info
These tests verify that the groups in the device info structure in the
PAC are exactly as expected under various scenarios.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:41:19 +0000 (13:41 +1300)]
tests/krb5: Overhaul check_device_info()
With expected_device_groups, tests can now specify particular group
arrangements they expect to see.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:24:17 +0000 (13:24 +1300)]
tests/krb5: Allow creating a target server account with or without compound ID support
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:22:09 +0000 (13:22 +1300)]
tests/krb5: Don't specify extra enctypes for the krbtgt
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:20:31 +0000 (13:20 +1300)]
tests/krb5: Allow adding members to a group and changing its type in a single operation
This is needed in order to get some specific group setups for tests.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:17:49 +0000 (13:17 +1300)]
tests/krb5: Add test for compressed claim
Create a claim large enough to cause it to be compressed.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:10:14 +0000 (13:10 +1300)]
tests/krb5: Test we get correct values for integer syntax claims
Windows erroneously shifts integer syntax claim values four bytes to the
right, resulting in incorrect values (if only one claim is present) or
corrupt claims data that cannot be unpacked (if other claims are
present). There's no reason to emulate such broken behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:04:09 +0000 (13:04 +1300)]
tests/krb5: Require domain_sid to be non-None when passing a RID to map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 23:32:06 +0000 (12:32 +1300)]
tests/krb5: Allow group_setup to be None in setup_groups()
'git show -b' shows that not much actually changes.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 23:25:06 +0000 (12:25 +1300)]
tests/krb5: Test more descriptive security descriptor
This one has more flags set, so we can test whether we're getting our
string representation right.
Samba prints the flags in a different order from Windows, but fixing
that now would be too risky and involve far too much churn for minimal
benefit. (Consider how many tests verify security descriptors against
string constants...) Instead, allow one of two possible security
descriptors.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 23:22:35 +0000 (12:22 +1300)]
tests/krb5: Document and tidy up existing claims tests
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 23:20:06 +0000 (12:20 +1300)]
tests/krb5: Allow creating accounts supporting claims or compound identity separately
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 23:02:35 +0000 (12:02 +1300)]
tests/krb5: Make arguments to get_target() keyword arguments
This avoids mistakes by ensuring that passed-in arguments go to their
intended destinations.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 22:55:42 +0000 (11:55 +1300)]
tests/krb5: Split out device info checking into new method
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 22:42:23 +0000 (11:42 +1300)]
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 22:29:29 +0000 (11:29 +1300)]
tests/krb5: Move some claims tests around
It's helpful to have the test declarations be together for better
locality and ease of reading.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 22:19:02 +0000 (11:19 +1300)]
tests/krb5: Add type to expect a value is one of a set of possible types
This is useful for cases where we differ from Windows in some minor
detail, and where the effort required to reach parity is unjustifiably
high.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 22:20:46 +0000 (11:20 +1300)]
tests/krb5: Allow comparing UnorderedLists only with one another
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 22:39:55 +0000 (11:39 +1300)]
tests/krb5: Unconditionally check compressed claims
not only if STRICT_CHECKING=1.
This also fixes a bug where the call to huffman_decompress() was
indented incorrectly.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Mar 2023 00:45:21 +0000 (13:45 +1300)]
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Mon, 20 Feb 2023 17:46:50 +0000 (18:46 +0100)]
rpcd: With npa->need_idle_server we can have more than 256 servers
Before this patch the worker-status cut the worker index such that
samba-dcerpcd could not properly update status of the surplus rpc
daemons. This could lead to those daemons to stay around forever,
samba-dcerpcd will never notice they are idle and can exit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Mar 6 22:35:00 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 1 Mar 2023 13:42:00 +0000 (14:42 +0100)]
rpcd: Do blocking connects to local pipes
We don't have real async callers yet, and this is the simplest way to
fix our missing light-weight deterministic async fallback mechanism.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 1 Mar 2023 13:40:37 +0000 (14:40 +0100)]
rpcd: Increase listening queue
Allow more waiters under load.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 6 Mar 2023 09:05:41 +0000 (10:05 +0100)]
torture3: test rpc scalability
With
smbtorture3 //127.0.0.1/ipc\$ rpc-scale -N 50 -o 1000
I am able to immediately trigger bug 15130.
Not running by default, this is a pure load test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15310
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 6 Mar 2023 12:57:20 +0000 (13:57 +0100)]
librpc: Remove unused sync rpc_transport_np_init()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Mon, 6 Mar 2023 12:55:43 +0000 (13:55 +0100)]
librpc: Make rpc_pipe_open_np() public and async
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Jeremy Allison [Tue, 28 Feb 2023 19:20:12 +0000 (11:20 -0800)]
s3: smbd: Fix fsp/fd leak when looking up a non-existent stream name on a file.
When open_stream_pathref_fsp() returns
NT_STATUS_OBJECT_NAME_NOT_FOUND, smb_fname_rel->fsp
has been set to NULL, so we must free base_fsp separately
to prevent fd-leaks when opening a stream that doesn't
exist.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 3 16:37:27 UTC 2023 on atb-devel-224
Jeremy Allison [Tue, 28 Feb 2023 19:18:10 +0000 (11:18 -0800)]
s3: tests: Add new test_stream_dir_rename.sh test.
Shows we are leaking an fsp/fd if we request a non-existent stream on a file.
This then causes rename of a directory containing the file to be denied, as
it thinks we have an existing open file below it.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Jeremy Allison [Tue, 28 Feb 2023 19:14:34 +0000 (11:14 -0800)]
s3: provision: Add new streams_xattr_nostrict share - needs "strict rename = no".
The bug we're testing for needs "strict rename = no" (the default),
but the existing streams_xattr share uses "strict rename = yes" from
the [global] section.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15314
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Björn Baumbach [Thu, 16 Feb 2023 18:20:14 +0000 (19:20 +0100)]
net: add hint which options can be used with net ads dns register command
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Fri Mar 3 12:52:00 UTC 2023 on atb-devel-224
Björn Baumbach [Tue, 21 Feb 2023 17:00:41 +0000 (18:00 +0100)]
testprogs: add test for new net ads dns register --dns-ttl option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Thu, 23 Feb 2023 16:09:22 +0000 (17:09 +0100)]
docs: documentation for new net --dns-ttl option
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Thu, 16 Feb 2023 17:36:37 +0000 (18:36 +0100)]
net: add new --dns-ttl option to specify the ttl of dns records
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 19:29:02 +0000 (19:29 +0000)]
testprogs/blackbox/test_weak_disable_ntlmssp_ldap.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 19:28:26 +0000 (19:28 +0000)]
testprogs/blackbox/test_special_group.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 19:26:34 +0000 (19:26 +0000)]
testprogs/blackbox/test_net_ads_dns.sh: verify test results ($failed)
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 19:20:51 +0000 (19:20 +0000)]
testprogs: net ads dns: do not increase the $failed counter in "net ads dns" when test is OK
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Fri, 24 Feb 2023 15:52:05 +0000 (16:52 +0100)]
testprogs: remove used records in "net ads dns" tests
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Fri, 24 Feb 2023 15:27:17 +0000 (16:27 +0100)]
testprogs: use more unique names in "net ads dns" tests
ADMINNAME can be used for records, created by the AD admin
MACHINENAME for records, created by the machine (-P)
UNPRIVNAME for records, created by the unprivileged user
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Fri, 24 Feb 2023 15:35:02 +0000 (16:35 +0100)]
testprogs: remove only used dns records in "net ads dns" tests
$NAME was not added here in this section, but $UNPRIV.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 19:15:23 +0000 (19:15 +0000)]
testprogs: use uniqe names in "net ads dns" tests to avoid conflicts
Avoid conflicts when running the same tests multiple times.
Reduces the needs to cleanup all objects properly.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 19:02:38 +0000 (19:02 +0000)]
testprogs: adapt return values of testit_expect_failure_grep and testit_grep_count to function description
Improves logic when calling tests and make use of the $failed counter.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 14:57:54 +0000 (15:57 +0100)]
testprogs: net ads dns tests: remove test user after usage.
Not required anymore and would produce errors, when the test runs
a second time.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Björn Baumbach [Wed, 22 Feb 2023 14:22:58 +0000 (15:22 +0100)]
testprogs: fix some "net ads dns" tests
Use testit_grep_count instead of greping the output of testit.
Running testit with "| grep" falsifies the test results.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jelmer Vernooij [Sat, 28 Jan 2023 20:30:24 +0000 (20:30 +0000)]
Add a git-blame-ignore-revs file
'git blame' can ignore certain revisions when annotating, e.g. revisions that just reformatting.
Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Mar 3 02:02:51 UTC 2023 on atb-devel-224
David Mulder [Mon, 27 Feb 2023 15:37:10 +0000 (08:37 -0700)]
samba-tool: Clarify cse register command file dest
Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Christof Schmitt [Wed, 1 Mar 2023 23:43:14 +0000 (16:43 -0700)]
librpc: Fix compile error for libnet_join.idl
Fix this compile error:
[753/756] Processing source3/librpc/idl/libnet_join.idl
source3/librpc/idl/ads.idl:2:10: fatal error: config.h: No such file or directory
#include "config.h"
^~~~~~~~~~
compilation terminated.
source3/librpc/idl/libnet_join.idl:3: error: Failed to parse source3/librpc/idl/ads.idl
source3/librpc/idl/libnet_join.idl:50: warning: [out] argument `account_name' not a pointer
libnet_join.idl imports ads.idl which includes config.h. The build rule
for ads.idl provides the include directory for config.h, so add a new
rule to also specify that include directory for libnet_join.idl.
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 1 Mar 2023 23:28:13 +0000 (12:28 +1300)]
s4: remove unused lib/com/*
Maybe the following IDL files are now unused:
librpc/idl/oxidresolver.idl
librpc/idl/remact.idl
librpc/idl/dcom.idl
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Mar 2023 00:32:39 +0000 (13:32 +1300)]
s3:rpc_server/netlogon: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 22:39:56 +0000 (11:39 +1300)]
torture/backupkey: Fix possibly wrong typo'd array index
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 22:37:03 +0000 (11:37 +1300)]
torture/backupkey: Fix flapping test
UNEXPECTED(failure): samba4.rpc.backupkey with seal.backupkey.server_wrap_decrypt_wrong_r2(ad_dc_default)
REASON: Exception: Exception: ../../source4/torture/rpc/backupkey.c:2219: r.out.result was WERR_INVALID_ACCESS, expected WERR_INVALID_PARAMETER: decrypt should fail with WERR_INVALID_PARAMETER
As commit
664bde19bf1db1b3740621cdf3f46f9bfd0e8452 states:
"The use of the wrong key can still create structures that parse as a
SID, therefore we can sometimes get an unusual error, which becomes a
flapping test".
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12107
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:35:14 +0000 (09:35 +1300)]
pytest/delete_object: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:34:26 +0000 (09:34 +1300)]
pytest/getnc_exop: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:31:45 +0000 (09:31 +1300)]
pytest/repl_move: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:27:07 +0000 (09:27 +1300)]
pytest/repl_rodc: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:25:42 +0000 (09:25 +1300)]
pytest/replica_sync: Remove unused variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:24:52 +0000 (09:24 +1300)]
pytest/ridalloc_exop: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:23:41 +0000 (09:23 +1300)]
pytest/samba_tool_drs_critical: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:23:09 +0000 (09:23 +1300)]
pytest/samba_tool_drs_no_dns: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 20:22:26 +0000 (09:22 +1300)]
pytest/samba_tool_drs: Remove unused variables
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 04:02:52 +0000 (17:02 +1300)]
pytest/samba_tool_drs: Convert bytes to UTF-8 string
We later use this variable as part of a string substitution, and if we
leave it as bytes we will end up with b' ' quotes surrounding it, which
we do not want. Fix this by converting it to a string.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 04:01:28 +0000 (17:01 +1300)]
lib:cmdline: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 04:00:57 +0000 (17:00 +1300)]
auth/credentials: Fix typos
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 03:56:54 +0000 (16:56 +1300)]
python/schema: Fix conversion to UTF-8 string
str(b'foo') yields "b'foo'", which is wrong. Fix this to get "foo"
instead.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 03:56:24 +0000 (16:56 +1300)]
python/samba/common: Fix typos
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 28 Feb 2023 03:55:06 +0000 (16:55 +1300)]
auth/credentials: Fix off-by-one buffer write
If p == pass + 127, assigning to '*++p' writes beyond the array.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 24 Feb 2023 01:54:02 +0000 (14:54 +1300)]
samba-tool: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 24 Feb 2023 01:53:36 +0000 (14:53 +1300)]
gp: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 24 Feb 2023 01:52:40 +0000 (14:52 +1300)]
gp: Avoid shadowing import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Feb 2023 23:07:30 +0000 (12:07 +1300)]
s4:samba_spnupdate: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 23:44:41 +0000 (12:44 +1300)]
selftest: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 22:45:11 +0000 (11:45 +1300)]
s4:samba_dnsupdate: Avoid resource leaks
View with 'git show -b'.
The seek(0) call is unnecessary.
Closing a file removes the lock held on it.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 22:44:07 +0000 (11:44 +1300)]
s4:samba_spnupdate: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 22:42:27 +0000 (11:42 +1300)]
python/samba: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 22:41:34 +0000 (11:41 +1300)]
selftest: Don't use invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 22:38:54 +0000 (11:38 +1300)]
samba_version.py: Avoid resource leak
View with 'git show -b'.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 03:43:26 +0000 (16:43 +1300)]
wscript: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 03:42:47 +0000 (16:42 +1300)]
s3:modules: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 20:51:08 +0000 (09:51 +1300)]
selftest: Fix invalid escape sequences
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Jan 2023 23:33:17 +0000 (12:33 +1300)]
lib:pyldb: Throw error on invalid controls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Jan 2023 22:19:19 +0000 (11:19 +1300)]
lib:ldb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 15 Jan 2023 19:17:38 +0000 (08:17 +1300)]
s4:dnsserver: Check all records, not just one
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 9 Jan 2023 02:12:45 +0000 (15:12 +1300)]
nsswitch: Fix CID
1518966 Resource leaks (RESOURCE_LEAK)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 22 Dec 2022 04:15:56 +0000 (17:15 +1300)]
s4-dsdb: Make array static
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Mar 2023 03:36:07 +0000 (16:36 +1300)]
tests: Fix old-style function definitions
These files are included into the source3/wscript configure
checks and so need to avoid C89 features otherwise they
may cause an incorrect configure failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 2 Nov 2022 01:57:03 +0000 (14:57 +1300)]
source3/wscript: Fix configure-time checks
Compilers are getting strict about this C89 behaviour and this
kind of thing is already causing some configure checks to fail with
modern compilers like clang.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15281
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Mar 2023 00:32:21 +0000 (13:32 +1300)]
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 24 Feb 2023 00:12:44 +0000 (13:12 +1300)]
tests/krb5: Add tests adding a user to a group prior to a TGS-REQ
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Feb 2023 02:44:43 +0000 (15:44 +1300)]
tests/krb5: Permit modifying claim attributes mid-test
We might want to find out what happens to claim values in the PAC if
they change in the database.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Feb 2023 02:44:14 +0000 (15:44 +1300)]
tests/krb5: Split out setup_claims()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 21 Feb 2023 01:00:16 +0000 (14:00 +1300)]
tests/krb5: Generate more readable string representation
This makes assertion failure messages easier to decipher.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 23:06:00 +0000 (12:06 +1300)]
tests/krb5: Add map_to_dn()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 23:07:40 +0000 (12:07 +1300)]
tests/krb5: Refactor out map_to_sid()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 23:04:38 +0000 (12:04 +1300)]
tests/krb5: Avoid duplicate group members
Decode the existing members into strings, so that if we add additional
members (that will also be strings), we won't try to add duplicates (and
have samdb.modify() fail).
Further, ensure callers don't try to pass in a bytes object for the DN.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 02:19:01 +0000 (15:19 +1300)]
tests/krb5: Move ticket_with_sids() to base class
We need to use this in another test.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 02:08:21 +0000 (15:08 +1300)]
tests/krb5: Support nested SID structures in map_sids()
The passed-in set of SIDs may now contain frozensets that themselves
contain SIDs, enabling nested groups. This is necessary to test how
resource SIDs are grouped together in the device info structure.
'git show -b' shows that we're not actually changing very much.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 01:30:49 +0000 (14:30 +1300)]
tests/krb5: Move some utility functions from group_tests to base class
We'll want to make use of them later.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 01:31:36 +0000 (14:31 +1300)]
tests/krb5: Remove unused constant
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 01:16:31 +0000 (14:16 +1300)]
tests/krb5: Refactor setup_groups() to admit multiple preexisting principals and primary groups
instead of hardcoded user and trust user principals, and a single
primary group.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 20 Feb 2023 00:47:16 +0000 (13:47 +1300)]
tests/krb5: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>