Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 34482f4ad014a09c84b484097a8d03dfec4f6512)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 705db6c8b295f65f40b7dcd0d5dc0f6db901c8d7)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 67c2feba290764c62ab01602d5bc9d4d122c2c12)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 4f8ff3a567d6318c71b0960345592224721c9594)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e5608cdb2e5a7ef2641ec0e7b0ce0b4640a02ce1)
Gary Lockyer [Thu, 14 Aug 2025 21:38:07 +0000 (09:38 +1200)]
third_party:quic_ko_wrapper Fix compilation with clang-20
Rework the code to remove the non portable variable length array in the union.
Based on the code in wrap_msghdr_add_cmsghdr().
NOTE: this removes the 64 bit alignment, which I think should be ok.
./../third_party/quic_ko_wrapper/quic_ko_wrapper.c:3523:11: error:
fields must have a constant size: 'variable length array in structure'
extension will never be supported
3523 | uint8_t cmbuf[cmspace];
| ^
1 error generated.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Wed Aug 20 15:04:34 UTC 2025 on atb-devel-224
Gary Lockyer [Thu, 14 Aug 2025 21:33:24 +0000 (09:33 +1200)]
third_party:quic Fix compilation with clang-20
Add -Wno-error=format-nonliteral so that quic builds with clang 20
../../third_party/quic/libquic/handshake.c:106:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
106 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:135:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
135 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:164:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
164 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit de7932ea8d12348208f50f7b050b826d236ea597)
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 149933854f39b4628b14abc5dcd57e73e2a0a637)
Ralph Boehme [Thu, 24 Jul 2025 10:59:30 +0000 (12:59 +0200)]
libads: change netlogon_pings() behaviour wrt to min_servers parameter
Currently if a caller passes min_servers=X with X>1, netlogon_pings() will fail
if it can't contact X DCs. This is not really what we want. What we want is: we
want at least one DC, and up to X.
Change implemenentation in that sense and rename the min_servers argument to
wanted_servers to express this behaviour change.
Ralph Boehme [Thu, 24 Jul 2025 13:49:19 +0000 (15:49 +0200)]
idmap_ad: add and use ldap_timeout and fix LDAP server failover
The key parts are:
1. If an LDAP search fails with the hardcoded fatal error, remove the
retry. That would only retry the query against the same server, taken
from the DCINFO cache key. Instead, force a DC rediscovery.
2. Set a default ldap_timeout and pass it to tldap_search(). This
avoids tldap_search() hanging forever on a stale TCP connection.
3. The LDAP server idmap_ad is using is not necessarily the same DC
we're using for RPC, so in case we learn about a dead DC, put it in
the negative-conn-cache.
Ralph Boehme [Mon, 21 Jul 2025 04:44:22 +0000 (06:44 +0200)]
tldap: use tevent_req_set_endtime() to terminate LDAP searches
Needed to detect unresponsive LDAP servers, otherwise we might be sitting up to
924.6 seconds after sending a request before the kernel notifies us of a broken
connection.
Jule Anger [Thu, 7 Aug 2025 10:01:59 +0000 (12:01 +0200)]
tevent: version 0.17.1
* Coverity checks:
Fix 1649525 Use of 32-bit time_t
Fix Coverity ID 1649524 Dereference before null check
Fix Coverity ID 1649526 Dereference before null check
Signed-off-by: Jule Anger <janger@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
It fixes one occurrence in each of
pdb_samba_dsdb_create_user and pdb_samba_dsdb_create_alias
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Shachar Sharon <ssharon@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Aug 7 11:20:25 UTC 2025 on atb-devel-224
libcli/security: use talloc_free at the end of sub-tests
Memory should be free by talloc_free() if it is allocated using talloc_new()
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Aug 7 09:02:29 UTC 2025 on atb-devel-224
Volker Lendecke [Wed, 6 Aug 2025 13:28:29 +0000 (15:28 +0200)]
ctdb: Fix a stuck cluster lock holder after a delayed leader bcast
If a delayed broadcast by a previous cluster lock holder arrives, the
new legitimate leader will accept this without questioning in
leader_handler(). Without this patch rec->leader will never be
overwritten, and because rec->pnn != rec->leader we'll also never send
out fresh leader broadcasts. And because we hold the cluster lock,
nobody else can step up.
Fix this in the next round of leader broadcast timeout.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15892 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Aug 7 02:59:20 UTC 2025 on atb-devel-224
Gary Lockyer [Wed, 6 Aug 2025 01:03:30 +0000 (13:03 +1200)]
librpc:ndr:keycredlink don't require that kmi be a talloc_context
This prevents fuzzing of ndr_pull_KeyMaterialInternal which we want. So instead
allocate against the ndr talloc context, then the callers can talloc_steal,
memcpy the data as appropriate.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 6 05:10:43 UTC 2025 on atb-devel-224
Gary Lockyer [Wed, 6 Aug 2025 01:00:32 +0000 (13:00 +1200)]
s4:kdc:db-glue talloc steal pub_key data
talloc_steal the data pointers of pub_key, modulus and exponent onto pub_key.
To allow fuzz testing of ndr_pull_KeyMaterialInternal the KeyMaterialInternal
struct may not be a talloc_context. So the data portions will be allocated on
the ndr context.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Ralph Boehme [Fri, 11 Jul 2025 12:29:38 +0000 (14:29 +0200)]
docs: document serverid command
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 5 16:03:56 UTC 2025 on atb-devel-224
Ralph Boehme [Fri, 11 Jul 2025 04:02:13 +0000 (06:02 +0200)]
libndr: add support for unions to ndr_pull_struct_blob_noalloc() and ndr_push_struct_into_fixed_blob()
The union switch value is stored by ndr_token_store() which uses talloc to
manage ndr.switch_list. Preallocate a ndr_token array and ndr_token_list on the
stack of size ndr_token_list.fixed_alloc_count and optionally use that in
ndr_token_store().
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 10 Jul 2025 14:48:22 +0000 (16:48 +0200)]
smbd: implement session check from MS-SMB2 3.3.5.9 Receiving an SMB2 CREATE Request
If the server implements the SMB 3.x dialect family and all of the following conditions are TRUE, the
server MUST look up an Open in GlobalOpenTable where Open.IsReplayEligible is TRUE and
Open.CreateGuid matches the CreateGuid in the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2
create context and Open.ClientGuid matches the ClientGuid of the connection that received this
request:
...
If an Open is found, the server MUST perform the following:
...
If Open.Session.SessionId is not equal to the current Session.SessionId, the server MUST fail
the request with STATUS_DUPLICATE_OBJECTID.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Sat, 28 Jun 2025 06:55:25 +0000 (08:55 +0200)]
smbd: add smbXsrv_session to smbXsrv_open
From "MS-SMB2 3.3.1.10 Per Open":
Open.Session: A reference to the authenticated session, as specified in section
3.3.1.8, over which this open was performed. If the open is not attached to a
session at this time, this value MUST be NULL.
Needed to implement:
3.3.5.9 Receiving an SMB2 CREATE Request
If the server implements the SMB 3.x dialect family and all of the following
conditions are TRUE, the server MUST look up an Open in GlobalOpenTable where
Open.IsReplayEligible is TRUE and Open.CreateGuid matches the CreateGuid in
the SMB2_CREATE_DURABLE_HANDLE_REQUEST_V2 create context and Open.ClientGuid
matches the ClientGuid of the connection that received this request:
...
If an Open is found, the server MUST perform the following:
..
If Open.Session.SessionId is not equal to the current Session.SessionId, the
server MUST fail the request with STATUS_DUPLICATE_OBJECTID.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Thu, 10 Jul 2025 14:31:16 +0000 (16:31 +0200)]
smbd: make the replay cache record an index on the global open table
Store only the open_global record key as is in the replay-cache record, making
it an index into the global open table. Then in the replay code, use the new
function smbXsrv_open_global_lookup() to get at the open records.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Ralph Boehme [Tue, 8 Jul 2025 12:47:24 +0000 (14:47 +0200)]
smbd: simplify create_action handling
(state->info == FILE_WAS_OVERWRITTEN) can only happen when returning
SMB_VFS_CREATE_FILE(), not for a Durable Handle reconnect or Replay, hence we
can move the check and adjustment of state->info to smbd_smb2_create_send()
after the call to SMB_VFS_CREATE_FILE().
This nicely simplifies the logic in smbd_smb2_create_finish() where we can now
just set state->op->create_action and state->out_create_action to the value of
state->info.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 5 14:51:51 UTC 2025 on atb-devel-224
Pavel Filipenský [Wed, 23 Jul 2025 13:09:21 +0000 (15:09 +0200)]
s3:winbindd: Resolve dc name using CLDAP also for ROLE_IPA_DC
server role ROLE_IPA_DC (introduced in e2d5b4d) needs special handling
in dcip_check_name(). We should resolve the DC name using:
- CLDAP in dcip_check_name_ads()
instead of:
- NETBIOS in nbt_getdc() that fails if Windows is not providing netbios.
The impacted environment has:
domain->alt_name = example.com
domain->active_directory = 1
security = USER
server role = ROLE_IPA_DC
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-programmed-with: Andreas Schneider <asn@samba.org>
s3:tests: Fix shellcheck warning of test_wbinfo_lookuprids_cache.sh
In source3/script/tests/test_wbinfo_lookuprids_cache.sh line 27:
key=$("$TDBDUMP" "$cache" | grep ^key.*NDR.*/"$opnum"/ | cut -d\" -f2)
^-------------------^ SC2062 (warning):
Quote the grep pattern so the shell won't
interpret it.
Lets better use awk for matching the pattern.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
docs-xml: Update documentation for --use-kerberos and --use-krb5-ccache
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 5 11:49:35 UTC 2025 on atb-devel-224
Ensure print_queue_struct *q is initialized to NULL to avoid
undefined behavior when freeing on error paths. Move SAFE_FREE(q)
outside the ret > 0 block to ensure q is always freed.
Signed-off-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 5 09:20:17 UTC 2025 on atb-devel-224
coverity: Add some additional check for strequal()
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 5 07:09:04 UTC 2025 on atb-devel-224
Unless there is a striking reason not to do so tdbtool should return a
non-zero return code when a failure was encountered. Most known callers
have to parse stdout to check whether a command has succeeded or failed.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sat Aug 2 08:20:53 UTC 2025 on atb-devel-224
This script is using tdbtool for deleting keys of a particular
winbind NDR operation for regression testing. There are two issues here:
The opnum for this winbind NDR operation has changed (as new calls have
been added to the interface), it is no longer 16 but now 17. Better try
to lookup the current opnum from the IDL.
As tdbtool always returns with success error code regardless of the
success of its command - in this case a delete key operation - the test
is simply not able to fail at all (patch following to fix tdbtool
itself).
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
*** CID 1660828: Control flow issues (UNREACHABLE)
/librpc/ndr/ndr_keycredlink.c: 752 in pull_DER_RSA_KEY()
746 goto out;
747 }
748 if (!asn1_end_tag(asn)) { /* PublicKeyInfo */
749 return ndr_pull_error(ndr,
750 NDR_ERR_UNREAD_BYTES,
751 "ASN1 element PublicKeyInfo");
>>> CID 1660828: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "goto out;".
752 goto out;
753 }
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 1 14:21:17 UTC 2025 on atb-devel-224
Signed-off-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Aug 1 11:03:06 UTC 2025 on atb-devel-224
Douglas Bagnall [Wed, 30 Jul 2025 09:18:09 +0000 (21:18 +1200)]
librpc:bcrypt_rsakey_blob: exponent and modulus lengths can't be zero
Apart from it making no sense, without these ranges we end up
allocating a NULL buffer and aborting.
We also put a maximum size on the RSA key, in case we could get
tricked into a DoS by pulling a large buffer and trying crypto maths
on it.
6 0x572ebce2749a in talloc_abort samba/lib/talloc/talloc.c:506:3
7 0x572ebce271d4 in talloc_chunk_from_ptr samba/lib/talloc/talloc.c:0
8 0x572ebce271d4 in __talloc_with_prefix samba/lib/talloc/talloc.c:762:12
9 0x572ebce235f9 in __talloc samba/lib/talloc/talloc.c:825:9
10 0x572ebce235f9 in _talloc_named_const samba/lib/talloc/talloc.c:982:8
11 0x572ebce235f9 in _talloc_memdup samba/lib/talloc/talloc.c:2441:9
12 0x572ebc8f6a4f in data_blob_talloc_named samba/lib/util/data_blob.c:56:25
13 0x572ebc7d23bd in pull_BCRYPT_RSAPUBLIC_BLOB samba/librpc/ndr/ndr_keycredlink.c:878:17
14 0x572ebc7d23bd in ndr_pull_KeyMaterialInternal samba/librpc/ndr/ndr_keycredlink.c:959:10
15 0x572ebc788e90 in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_keycredlink_TYPE_STRUCT.c:282:13
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 31 05:45:07 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 30 02:03:40 UTC 2025 on atb-devel-224
The issue is not a real bug as it is implemented, but it's better to not
mix signed and unsigned types to avoid potential future issues.
Signed-off-by: Xavi Hernandez <xhernandez@gmail.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 30 00:44:28 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
