Jennifer Sutton [Sun, 18 May 2025 22:31:47 +0000 (10:31 +1200)]
lib:async_req: Initialize variables
../../lib/async_req/async_sock.c: In function ‘writev_do’:
../../lib/async_req/async_sock.c:360:12: error: ‘written’ may be used uninitialized [-Werror=maybe-uninitialized]
360 | if ((written == -1) &&
| ^
../../lib/async_req/async_sock.c:343:17: note: ‘written’ was declared here
343 | ssize_t written;
| ^~~~~~~
../../lib/async_req/async_sock.c: In function ‘read_packet_do’:
../../lib/async_req/async_sock.c:563:12: error: ‘nread’ may be used uninitialized [-Werror=maybe-uninitialized]
563 | if ((nread == -1) && (errno == EINTR)) {
| ^
../../lib/async_req/async_sock.c:531:17: note: ‘nread’ was declared here
531 | ssize_t nread, more;
| ^~~~~
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jennifer Sutton [Thu, 20 Feb 2025 02:05:42 +0000 (15:05 +1300)]
s3:lib: Initialize pointer to NULL
../../source3/lib/netapi/tests/netdisplay.c: In function ‘test_netquerydisplayinformation’:
../../source3/lib/netapi/tests/netdisplay.c:87:45: error: ‘current_name’ may be used uninitialized [-Werror=maybe-uninitialized]
87 | if (name && strcasecmp(current_name, name) == 0) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/lib/netapi/tests/netdisplay.c:37:21: note: ‘current_name’ was declared here
37 | const char *current_name;
| ^~~~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jennifer Sutton [Thu, 20 Feb 2025 00:51:24 +0000 (13:51 +1300)]
libcli: Fix maybe-uninitialized warning
../../libcli/wsp/wsp_aqs.c: In function ‘create_size_range_shortcut’:
../../libcli/wsp/wsp_aqs.c:872:37: error: ‘upper_size’ may be used uninitialized [-Werror=maybe-uninitialized]
872 | right->value.number = upper_size;
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
../../libcli/wsp/wsp_aqs.c:835:18: note: ‘upper_size’ was declared here
835 | uint32_t upper_size;
| ^~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jennifer Sutton [Thu, 20 Feb 2025 00:41:48 +0000 (13:41 +1300)]
ldb: Fix maybe-uninitialized warning
In file included from ../../lib/ldb/include/ldb.h:50,
from ../../lib/ldb/include/ldb_private.h:43,
from ../../lib/ldb/common/ldb_pack.c:34:
../../lib/ldb/common/ldb_pack.c: In function ‘ldb_filter_attrs’:
../../lib/talloc/talloc.h:1173:48: error: ‘i’ may be used uninitialized [-Werror=maybe-uninitialized]
1173 | #define talloc_array(ctx, type, count) (type *)_talloc_array(ctx, sizeof(type), count, #type)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/ldb/common/ldb_pack.c:1178:34: note: in expansion of macro ‘talloc_array’
1178 | filtered_msg->elements = talloc_array(filtered_msg,
| ^~~~~~~~~~~~
../../lib/ldb/common/ldb_pack.c:1134:22: note: ‘i’ was declared here
1134 | unsigned int i;
| ^
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
CID 1509059 winbind: Fixing print statement for time_t
Fixing DEBUG output for time_t to uintmax_t
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 27 02:17:29 UTC 2025 on atb-devel-224
Douglas Bagnall [Fri, 22 Aug 2025 04:23:16 +0000 (16:23 +1200)]
python:tarfile: notes about extraction_filter
a reminder to delete.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Aug 26 23:43:08 UTC 2025 on atb-devel-224
gh-135034: Normalize link targets in tarfile, add `os.path.realpath(strict='allow_missing')` (#135037)
Addresses CVEs 2024-12718, 2025-4138, 2025-4330, and 2025-4517.
Signed-off-by: Łukasz Langa <lukasz@langa.pl> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
our ../../ test that looks for a tarfile.OutsideDestinationError now
meets a NotADirectoryError in recent Python versions (this from 3.13,
Fedora 42):
UNEXPECTED(error): samba.tests.safe_tarfile.samba.tests.safe_tarfile.SafeTarFileTestCase.test_dots(none)
REASON: Exception: Exception: Traceback (most recent call last):
File "/tmp/samba-testbase/b1/samba-o3/bin/python/samba/tests/safe_tarfile.py", line 48, in test_dots
self.assertRaises(tarfile.OutsideDestinationError,
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
stf.extractall,
^^^^^^^^^^^^^^^
tarname)
^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 795, in assertRaises
return context.handle('assertRaises', args, kwargs)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 238, in handle
callable_obj(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2343, in extractall
tarinfo, unfiltered = self._get_extract_tarinfo(
~~~~~~~~~~~~~~~~~~~~~~~~~^
member, filter_function, path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2432, in _get_extract_tarinfo
self._handle_fatal_error(e)
~~~~~~~~~~~~~~~~~~~~~~~~^^^
File "/usr/lib64/python3.13/tarfile.py", line 2430, in _get_extract_tarinfo
filtered = filter_function(unfiltered, path)
File "/usr/lib64/python3.13/tarfile.py", line 842, in tar_filter
new_attrs = _get_filtered_attrs(member, dest_path, False)
File "/usr/lib64/python3.13/tarfile.py", line 783, in _get_filtered_attrs
target_path = os.path.realpath(os.path.join(dest_path, name),
strict=os.path.ALLOW_MISSING)
File "<frozen posixpath>", line 457, in realpath
NotADirectoryError: [Errno 20] Not a directory: '/tmp/samba-testbase/b1/samba-o3/bin/ab/tmp/tmpbn6e69ci/tar.tar'
In this commit, we say that a NotADirectoryError is OK.
When we started safe_tarfile we were acting in advance of upstream
Python, but now they are well ahead of us. If we trust their work in
recent versions and accept the error conditions they choose, we can
more easily get rid of our safe_tarfile when the time is right.
For the moment we still support as far back as Python 3.6 for some old
enterprise distros, and it is for those that we continue to maintain
safe_tarfile. In versions before 3.11 we will see
tarfile.ExtractError, and the test for that is unaffected by this
change.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Sat, 4 May 2024 01:07:26 +0000 (13:07 +1200)]
domsid: be less alarmed by non-SID
This has been causing log noise when something is trying to parse an
identifier using a sequence of parsers, to see if it is a SID, a DN,
an account name, etc.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Thu, 29 May 2025 00:58:48 +0000 (12:58 +1200)]
python:build: do not allow sizeof(int) != 4
A non-32 bit int will (if the compiler allows it) result in code
where we write into memory adjacent to a target uint32_t value in
many python bindings using the python arg-parsing API. The more
correct thing to do would be to always parse into an unsigned long
long and error if it is greater than UINT32_MAX, but we do this in
so many places that there is reason to believe we'll just keep
adding more.
Note, we already check in lib/replace/wscript that int is at least
32 bits; here we are effectively just checking that it is not more.
There was apparently a version of 64 bit Solaris in the 1990s that
had 64 bit ints.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 26 22:00:26 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Mon Aug 25 12:08:22 UTC 2025 on atb-devel-224
Volker Lendecke [Thu, 21 Aug 2025 10:17:55 +0000 (12:17 +0200)]
libsmb: Avoid smb-level encryption if quic is trusted
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 22 14:55:47 UTC 2025 on atb-devel-224
Volker Lendecke [Mon, 4 Aug 2025 12:59:15 +0000 (14:59 +0200)]
libcli: Add tls_verify_peer_state to smbXcli_transport
We have to carry a copy over from the tstream_tls_params used to
connect, we can't get this information out once the tls-protected
tstream is established
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Gary Lockyer [Thu, 14 Aug 2025 21:38:07 +0000 (09:38 +1200)]
third_party:quic_ko_wrapper Fix compilation with clang-20
Rework the code to remove the non portable variable length array in the union.
Based on the code in wrap_msghdr_add_cmsghdr().
NOTE: this removes the 64 bit alignment, which I think should be ok.
./../third_party/quic_ko_wrapper/quic_ko_wrapper.c:3523:11: error:
fields must have a constant size: 'variable length array in structure'
extension will never be supported
3523 | uint8_t cmbuf[cmspace];
| ^
1 error generated.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Wed Aug 20 15:04:34 UTC 2025 on atb-devel-224
Gary Lockyer [Thu, 14 Aug 2025 21:33:24 +0000 (09:33 +1200)]
third_party:quic Fix compilation with clang-20
Add -Wno-error=format-nonliteral so that quic builds with clang 20
../../third_party/quic/libquic/handshake.c:106:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
106 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:135:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
135 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:164:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
164 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Fri, 1 Aug 2025 04:25:13 +0000 (16:25 +1200)]
pytest:samba-tool group: remove unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 20 05:35:03 UTC 2025 on atb-devel-224
Douglas Bagnall [Sun, 17 Aug 2025 09:57:55 +0000 (09:57 +0000)]
samba-tool: copy user_keytrust to computer keytrust
This is exactly a copy of user/keytrust.py to computer_keytrust.py
with a title-case-preserving `s/user/computer/`.
It works. The Computer model differs from the User model in that it
appends a '$' to the end of account names if it senses the lack,
otherwise these commands are using the same code paths.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Fri, 15 Aug 2025 05:36:11 +0000 (17:36 +1200)]
py:key_credential_list: add kcl_in_list function
This compares the key material and DN of a KeyCredentialLinkDn with a
list of others, which is a different sense of equality than the
default (which considers GUIDs and binary equality).
This will be used by samba-tool to check whether a link is in fact a
duplicate even if it seems not to be due to some insignificant field
being non-identical.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
In samba-tool we are going to want a KeyCredentialLinkDn to be able
to describe itself. We're adding the methods here because
`samba-tool user` and `samba-tool computer` will both want to use
them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Wed, 13 Aug 2025 05:19:16 +0000 (17:19 +1200)]
python:models: do not re-use mutable defaults
This ensures that model.save works when a field has the many flag set,
but the object has no attribute of that name, and the caller appends
to the attribute list, like this:
user.key_credential_link.append(link)
When we get to save, and are doing this:
value = getattr(self, attr)
old_value = getattr(existing_obj, attr)
if value != old_value:
# commit the change
the .append() will have added the item to both value and old_value
because they are the same list. But not any more.
This was a problem because the Field instance is attached to the
model class, not the model instance.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Sat, 9 Aug 2025 04:27:42 +0000 (16:27 +1200)]
samba-tool: add decorator to catch exception types
Often we [think we] know that all exceptions of a certain type should
be formatted as CommandErrors (i.e., the traceback is suppressed, and
the message is assumed intelligible). Rather than riddling .run() with
try...except blocks to do this, we can
Standard signature is 'calloc(n_elems, elem_size)', where element size
(in particular, when using 'sizeof') comes as 2nd arg. The actual
allocation size does not care for ordering but swapping the order
confuses static-analysis tools like Coverity, as well as naive readers.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Shweta Sodani <ssodani@redhat.com> Reviewed-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Aug 19 18:08:02 UTC 2025 on atb-devel-224
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Aug 19 09:45:46 UTC 2025 on atb-devel-224
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Aug 18 12:03:30 UTC 2025 on atb-devel-224
Ralph Boehme [Fri, 8 Aug 2025 11:52:59 +0000 (13:52 +0200)]
smbd: improve lease break when handling overwrite create disposition
If the contending create uses overwrite create disposition, but has caused a
sharing violation and the existing create has a SMB2_LEASE_HANDLE, then the
server should just send break the SMB2_LEASE_HANDLE.
The break will then either result in a close and the contending open succeeds,
or a STATUS_SHARING_VIOLATION. Either way, there's no need to additionally break
SMB2_LEASE_READ or SMB2_LEASE_WRITE.
Ralph Boehme [Thu, 7 Aug 2025 16:44:27 +0000 (18:44 +0200)]
s3/locking: fix checking for byterange locks when granting RH lease
From MS-FSA 2.1.5.18 "Server Requests an Oplock":
...
* Else If Type is LEVEL_GRANULAR:
* If RequestedOplockLevel is READ_CACHING or (READ_CACHING|HANDLE_CACHING):
* The operation MUST be failed with STATUS_OPLOCK_NOT_GRANTED under either of the
following conditions:
* Open.Stream.ByteRangeLockList is not empty and Open.Stream.AllocationSize
is greater than any ByteRangeLock.LockOffset in
Open.Stream.ByteRangeLockList.
Ralph Boehme [Mon, 2 Jun 2025 10:07:26 +0000 (12:07 +0200)]
smbd: avoid granting "H"-only lease
If an "RH" lease was requested and due to existing brl-lock we do not grant
an "R" lease, we end up granting an "H"-only lease which is not a valid lease
state.
Ralph Boehme [Sat, 9 Aug 2025 07:09:47 +0000 (09:09 +0200)]
smbtorture: add test smb2.lease.lock2
Verifies byterange locks only affect lease state if the lock is actually
"backed" by the file. Eg, if a file has size 0, byterange locks will never
affect lease state.
projects / thirdparty / samba.git / log
