Coverity ID "1649525 Use of 32-bit time_t" is correct. What Coverity
does not see is that this routine is the only one assigning to
ev->wait_timeout. Make Coverity happy with the MIN().
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Tue, 10 Jun 2025 21:04:01 +0000 (09:04 +1200)]
librpc/idl: Add idl for msDS-KeyCredentialLink
Idl and supporting helpers for msDS-KeyCredentialLinks.
See [MS-ADTS] 2.2.20 Key Credential Link Structures
Currently the KeyMaterial is treated as a binary blob
The naming and casing of the variable names is close as is possible to
those in the specification.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jun 19 00:08:31 UTC 2025 on atb-devel-224
s3:selftest: run smb2.{bench,connect,credits,ioctl,rw} over bsd-tstream
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jun 18 19:02:29 UTC 2025 on atb-devel-224
smbXcli_conn_monitor_{send,recv} can be used to monitor
a connection over a long time. It will only come back
if there's a connection error.
smbXcli_conn_monitor_once() will be used by sync callers
without a long term tevent context and needs to be called
multiple times per second in order to work correctly.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 18 12:10:03 UTC 2025 on atb-devel-224
Gary Lockyer [Tue, 17 Jun 2025 21:03:55 +0000 (09:03 +1200)]
Enable clang 20 cast-qual warnings
Now that pam_wrapper has been upgraded to 1.1.8, it compiles without
cast-qual warnings. So lets re-enable the warnings.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jun 18 06:26:53 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 17 08:38:35 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Björn Baumbach <bb@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Jun 16 22:22:27 UTC 2025 on atb-devel-224
Directly get a "struct stat" plus a 32-bit uint32 for the dosatts
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jun 16 16:08:20 UTC 2025 on atb-devel-224
Volker Lendecke [Mon, 31 Mar 2025 08:27:13 +0000 (10:27 +0200)]
smbd: Modernize DBGs
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jun 14 09:49:16 UTC 2025 on atb-devel-224
Volker Lendecke [Thu, 20 Mar 2025 16:57:11 +0000 (17:57 +0100)]
net: Fix a panic in "net vfs getntacl"
We have to explicitly free smb_fname, because after openat_pathref_fsp
we have a file descriptor around. If we then later talloc_free() the
connection_struct, fd_handle_destructor() panics because talloc_free()
does not free smb_fname before the connection_struct.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Shachar Sharon [Wed, 11 Jun 2025 12:04:31 +0000 (15:04 +0300)]
s3:auth: Fix Coverity ID 1646934: memory leak in make_pw_chat
make_pw_chat may succeed in the first call to SMB_CALLOC_ARRAY but fail
in one of the following loop iterations, in which the list is already
populated with dynamically allocated entries. Make sure that we free the
list before bailing out with NULL.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Jun 14 07:41:48 UTC 2025 on atb-devel-224
This commit refactors the code by replacing fgets with
getline for more reliable line reading.
Additionally this PR,
- Corrects the error message for calloc failure.
- Ensures that resources are properly freed and
closed before calling errx(), fixing potential
resource leaks.
- Adds a check to gracefully skip newlines and
comment lines(starting with #)
- simplifies error handling by grouping repetitive
free statements under goto block
Signed-off-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 13 16:46:33 UTC 2025 on atb-devel-224
Shachar Sharon [Tue, 3 Jun 2025 08:31:20 +0000 (11:31 +0300)]
smbd: Fix Coverity ID 1648344: print work-dir properly
Commit 509081e7e ("smbd: expand logging in contend_dirleases()") added a
log-trace which calls get_current_dir_name() on-the-fly, which caused a
Coverity issue (memory-leak). Replace this call with the proper call to
SMB_VFS_GETWD (+ release memory).
Vinit Agnihotri [Thu, 12 Jun 2025 10:30:26 +0000 (16:00 +0530)]
smbd: Fix coverity#1646864 Move variable init code in checked block
xconn was getting dereference outside NULL check block, causing
'Dereference after null check' issue.
Fix moves offeding initialisation in NULL check blog.
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jun 12 16:49:02 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Jun 12 13:39:03 UTC 2025 on atb-devel-224
Shachar Sharon [Thu, 5 Jun 2025 08:45:00 +0000 (11:45 +0300)]
smbd: Fix Coverity ID 1635770: avoid NULL deref of reparse
Commit 6d71edab5a ("smbd: use fsctl_get_reparse_point() in
smb3_file_posix_information_init()") introduced the local helper
function reparse_buffer_parse_posix_type; when this function enter the
case where 'reparse_tag != IO_REPARSE_TAG_NFS' the local variable
reparse is still NULL, and must not be de-referenced in DBG_INFO print.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Jun 9 06:26:05 UTC 2025 on atb-devel-224
Ralph Boehme [Fri, 8 Nov 2024 07:38:05 +0000 (08:38 +0100)]
smbd: return EACCESS when Durable Handle is reconnected with different user
MS-SMB2 3.3.5.9.7 Handling the SMB2_CREATE_DURABLE_HANDLE_RECONNECT Create Context
10. If the user represented by Session.SecurityContext is not the same user
denoted by Open.DurableOwner, the server MUST fail the request with
STATUS_ACCESS_DENIED and proceed as specified in "Failed Open Handling"
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jun 6 17:15:45 UTC 2025 on atb-devel-224
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 19 Nov 2024 16:45:35 +0000 (17:45 +0100)]
smbd: DH reconnect hardening
Verify the smbXsrv_open_global0 is marked as disconnected. This is similarily
checked in SMB_VFS_RECONNECT() for the share_mode_entry and that catches the
problem most of the times. But to be consistent we need this check also in
smb2srv_open_recreate_fn().
Ralph Boehme [Wed, 26 Feb 2025 15:29:18 +0000 (16:29 +0100)]
smbd: free smbXsrv_open if SMB_VFS_DURABLE_RECONNECT() failed
Otherwise we leave "op" around which ultimately leads to smbXsrv_open_close()
being called from its destructor smbXsrv_open_destructor() that is triggerd by
its tree disconnect (or logoff, or ...) and this would clobber the open record.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Ralph Boehme <slow@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Jun 6 10:53:07 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jun 6 00:07:43 UTC 2025 on atb-devel-224
Douglas Bagnall [Fri, 23 May 2025 04:05:49 +0000 (04:05 +0000)]
s3:posix_acls: avoid unnecessary level 0 debug
With 84cca757397dba107fde479bc2043d8412713cf7 (2001) we decided not to
fail if no security info was set, but we didn't remove the alarming
message. Here we hide the message under log level 3.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
Douglas Bagnall [Thu, 22 May 2025 22:34:14 +0000 (10:34 +1200)]
s3:smb2: debug mentions function name fewer times
There was a complaint about messages like this
../../source3/smbd/smb2_server.c:4058(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at
../../source3/smbd/smb2_create.c:360
which weren't informing the admin know what was really
wrong. This patch doesn't help, but it does avoid
saying "smbd_smb2_request_error_ex" three times.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Jun 3 22:52:34 UTC 2025 on atb-devel-224
Ivan Korytov [Fri, 21 Feb 2025 11:22:41 +0000 (14:22 +0300)]
s4:kdc: Fix memory leak of padata_value
md.padata_value is not needed even if no error occurred.
kdc_request_add_encrypted_padata copies data from it to newly allocated r->ek.encrypted_pa_data.
Signed-off-by: Ivan Korytov <korytovip@basealt.ru> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Ivan Korytov <korytovip@basealt.ru> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Ivan Korytov [Fri, 21 Feb 2025 07:02:48 +0000 (10:02 +0300)]
s4:kdc: Fix memory leak for unused keys in TGT
Length of key list was reduced to one but unused keys were not deallocated before changing the length.
As such, free_sdb_entry/sdb_keys_free function could not release unused keys indexed from 1 onwards on entry deallocation.
Signed-off-by: Ivan Korytov <korytovip@basealt.ru> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
selftest: mark samba4.rpc.samr.passwords.lockout on ncacn_np with .samr.lockout as flapping
Doing a TALLOC_FREE(dummy_se) still means we have the
tevent_add_fd() from tevent_common_wakeup_init() cached as
talloc child of tevent_context and that is all we need here
and the test is not flagging anymore.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jun 2 19:13:27 UTC 2025 on atb-devel-224
Volker Lendecke [Wed, 28 May 2025 10:15:01 +0000 (12:15 +0200)]
smbd: Simplify inotify_handler()
Now that we don't have to calculate "e2" anymore, we can simplify the
loop walking the buffer.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15864 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jun 2 18:10:20 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
