Jennifer Sutton [Tue, 28 Jan 2025 01:15:02 +0000 (14:15 +1300)]
samba-tool: Filter confidential attributes out of backups made with the ‘--no-secrets’ option
Without this change, ‘lab domains’ and backups intended not to contain
secrets will still contain confidential information, such as BitLocker
recovery data and KDS root keys. Add a new class that filters these
attributes out.
Samuel Cabrero [Fri, 25 Apr 2025 14:44:16 +0000 (16:44 +0200)]
s3:winbind: Delegate normalize_name_map to the idmap child
Delegate mapping to the idmap child to avoid blocking.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Thu May 22 13:41:43 UTC 2025 on atb-devel-224
lib/torture: assert that a test doesn't create new talloc children of context->ev
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon May 19 10:13:25 UTC 2025 on atb-devel-224
s4:torture/smb2: let smb2.bench tests start the loop only when everything is ready
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May 16 13:41:56 UTC 2025 on atb-devel-224
Noel Power [Thu, 8 May 2025 18:16:07 +0000 (19:16 +0100)]
wafsamba: Adjust 'match' logic to override paths in config.check()
messages that match various parts of the configure check progress e.g.
'Checking for library iconv'
'Checking for iconv_open'
'Checking for header iconv.h'
are intercepted and the some path(s) modified with the associated option
value
o buildtools/wafsamba/samba_conftests.py: Add arg_list variable
arg_list contains the argument object returned from
'argparser.ArgumentParser.add_argument' which is called
with the content of the 'match' keyword passed to 'add_option'
stripped out. The content of the 'match' keyword is saved as
an attribute to the arg object appended to arg_list.
o buildtools/wafsamba/samba_waf18.py:
search arg_list (see above) that match and 'msg' argument passed
to arg_list (allowing the dest variable associated with the argument
to be accessed and added to some 'path' used during the 'check' phase
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 16 10:31:31 UTC 2025 on atb-devel-224
dynconfig/wscript: Adjust default cleanup for waf 2.1.5
Using waf 2.1.5 parser.defaults no longer exists (that's part of
the optparse module and waf 2.1.5 uses argparse)
This patch adjusts the default cleanup for argparse.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Noel Power [Fri, 2 May 2025 09:56:15 +0000 (10:56 +0100)]
wafsamba: Set env variables before calling command
Old optparse handling in third_party/waf/waflib/Options.py would process
leftover arguments and distinguish between env var overrides and
commands. In waf 2.1.5 Options.py no longer will do this and we can see
this with config command like (from fuzz job)
==> /builds/samba-team/devel/samba/samba-fuzz.stderr <==
No function 'LINK_CC=' defined in /builds/samba-testbase/samba-fuzz/wscript
2025-05-02 08:58:21,615 samba-fuzz: [fuzzers-build] failed 'OUT=/builds/samba-testbase/prefix/samba-fuzz LIB_FUZZING_ENGINE= SANITIZER=address CXX= CFLAGS= ADDITIONAL_LDFLAGS='-fuse-ld=bfd' ./lib/fuzzing/oss-fuzz/build_samba.sh --enable-afl-fuzzer --with-prometheus-exporter' with status 1
Now we should just use the needed env directly e.g. for example above you
should call configure as below
Noel Power [Thu, 8 May 2025 08:43:17 +0000 (09:43 +0100)]
wafsamba: simplify mit kerberos detection
This patch removes the --with-system-mitkrb5 callback and associated
ability to store both boolean and path (string list) content.
The boolean part is self explanatory, specifying a path list
was a way to alternatively specify where krb5-config was found.
Instead now after this change to influence where krb5-config is found
the PATH variable itself should be modified before running configure.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 16 08:48:22 UTC 2025 on atb-devel-224
The conditions now == start or pos == start_pos are checked
at the beginning of the function definition to ensure that avg
is non zero.
Also an appropriate print statement is added to indicate
the print status.
Signed-off-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 16 07:10:57 UTC 2025 on atb-devel-224
For now we don't use it as default as the autobuild server would need to
be upgraded as well, but that will happen soon.
We also can't remove ubuntu2004 yet, because it's needed for
samba-fuzz.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 12 20:27:24 UTC 2025 on atb-devel-224
async_sock: try recvmsg(MSG_DONTWAIT) without fd event handler first
Also callers typically read a header to get the length and then
the remaining data, for that we typically don't need an additional
hop via [e]poll.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 12 11:28:47 UTC 2025 on atb-devel-224
This is typically more efficient on the kernel call stack.
As far as I can see writev_send/recv is only used with sockets
so far, but in any case we fallback on ENOTSOCK.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Anoop C S [Thu, 8 May 2025 07:50:08 +0000 (13:20 +0530)]
source3/wscript: Remove extra config WITH_PROMETHEUS_EXPORTER
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri May 9 12:04:16 UTC 2025 on atb-devel-224
Volker Lendecke [Thu, 8 May 2025 13:11:17 +0000 (15:11 +0200)]
smbd: Simplify synthetic_smb_fname_split()
Remove the "posix_path" parameter, all callers just passed in "false".
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri May 9 11:02:41 UTC 2025 on atb-devel-224
Volker Lendecke [Thu, 8 May 2025 13:00:34 +0000 (15:00 +0200)]
smbd: Remove the "posix_pathnames" global variable
This was only set from the smb1 trans2 call negotiating smb1 unix
extensions. This means for none of the callers in cmd_vfs and pysmbd
this could ever have been set to "true". The only real caller is
init_smb1_request(), and there we have the originating xconn with its
flags available for direct query.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
third_party: Update socket_wrapper to version 1.5.0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May 6 14:06:49 UTC 2025 on atb-devel-224
Use the same logic from shadow_copy2 module to always prepend the
connectpath to the relative snapshot path so as to return converted
path corresponding to the file's share root.
Please note that with the current working directory staying at the
connectpath level we are safe to prefix it to the smb_filename. In
other words it seems we never get past the connectpath internally
during normal file system operations via chdir(). Since all relative
paths are now based on dirfsp we could constitute absolute path by
prepending the connectpath to full_path_from_dirfsp_atname() output
ignoring the current working directory.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Apr 30 11:32:59 UTC 2025 on atb-devel-224
Anoop C S [Tue, 4 Mar 2025 09:39:33 +0000 (15:09 +0530)]
vfs_ceph_snapshots: Use full path from dirfsp at smb_fname
In ceph_snap_gmt_openat() we hand in the incoming smb_fname as it is
to ceph_snap_gmt_strip_snapshot() which is then passed on to derive
the actual snapshot path using ceph_snap_gmt_convert(). But this can
go wrong in ceph_snap_gmt_convert_dir() while opening the snapdir.
Unless we constitute the full path from dirfsp at the first place we
always end up opening the snapdir from the parent directory with
OpenDir().
For example with dirfsp("foobar") and smb_fname("shift.txt"), we open
snapdir from share root because parent is calculated as empty string
via ceph_snap_get_parent_path(). Instead we could construct the full
path from dirfsp using full_path_from_dirfsp_atname() to ensure we
don't open the wrong snapdir.
Since we have access to the twrp token at VFS layer it doesn't make
much sense to make use of ceph_snap_gmt_strip_snapshot() in openat.
We could instead directly act based on already available twrp token
avoiding an extra copy of incoming smb_filename.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 30 09:41:38 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
