Gary Lockyer [Mon, 11 Aug 2025 00:00:03 +0000 (12:00 +1200)]
s4:kdc:sdb_to_hdb key trust support
Convert key trust public keys contained in the clients sdb records, and add
to the HDB_Ext_KeyTrust extension on the clients HDB record
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Sep 16 23:23:42 UTC 2025 on atb-devel-224
Shachar Sharon [Thu, 7 Aug 2025 13:42:07 +0000 (16:42 +0300)]
buildtools: fixed broken build with FIPS-enabled host
MD5 is not supported on FIPS-enabled machines, but the current
work-around is broken. One the other hand, latest Waf has proper
fixup (use sha1 as a replacement to md5) so there is no need for Samba
specific code.
Tested on CentOS-stream-9 with FIPS (Python-3.9.23).
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Sep 15 15:44:38 UTC 2025 on atb-devel-224
../../ctdb/utils/pmda/pmda_ctdb.c:52:9: warning: 'pmdaResult' redefined
52 | #define pmdaResult pmResult
| ^~~~~~~~~~
In file included from ../../ctdb/utils/pmda/pmda_ctdb.c:35:
/usr/include/pcp/pmda.h:30:9: note: this is the location of the previous definition
30 | #define pmdaResult pmResult_v2
| ^~~~~~~~~~
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sat Sep 13 08:12:42 UTC 2025 on atb-devel-224
tdbtorture: Fix CID 1034815,1034816: protect from out-of-bounds access
A user may provide a non-valid input value for 'num_procs' (negative).
Avoid potential out-of-bound access by forcing 'unsigned int' value
(Coverity: OVERRUN).
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Sep 11 19:06:16 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep 11 17:05:00 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Shachar Sharon [Tue, 19 Aug 2025 08:34:13 +0000 (11:34 +0300)]
samr: Fix CID 1035506: close slave fd (REASOURCE_LEAK)
In the case of (unlikely) failure of dup2 on one of the standard file
descriptors, close 'slave' fd upon return.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Sep 11 13:29:37 UTC 2025 on atb-devel-224
selftest: Do not use wrappers for samba.tests.docs
We will run into issues with Python 3.14 passing sockets for
concurrently running tasks.
https://bugzilla.samba.org/show_bug.cgi?id=15910
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Sep 10 19:21:55 UTC 2025 on atb-devel-224
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Sep 10 15:23:08 UTC 2025 on atb-devel-224
utils: Fixing CID 1509034 for time_t in DEBUG statement
Fix: typecast changing from (int)nt_time_to_unix_abs(&i12->lockout_window)
to (intmax_t)nt_time_to_unix_abs(&i12->lockout_window)
as intmax_t can hold epoch seconds after 2038 year
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andreas Schneider <asn@samba.org>
passdb: Fixing CID 1508970 for time_t in DEBUG statement
Fix: typecast changing from (unsigned int)entry->bad_password_time to
(intmax_t)entry->bad_password_time as intmax_t can hold epoch seconds
after 2038 year
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andreas Schneider <asn@samba.org>
Very simple reopen of a directory as pathref. Too much magic in
openat_pathref_fsp_lcomp() leads to Bug 15897:
openat_pathref_fsp_lcomp() can return NT_STATUS_OK but still leave the
file descriptor at -1 for msdfs and smb1 posix reasons. When using it
in filename_convert_dirfsp_nosymlink() this bites us, the -1 can leak
into vfswrap_openat(). Avoid any magic by directly calling
SMB_VFS_OPENAT() with maximum NOFOLLOW/etc safety for this use case
and fail when this does not work.
This adds another flavor of openat_pathref_fsp, and at some point we
need to consolidate them again.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15897 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Sep 10 03:13:07 UTC 2025 on atb-devel-224
s3:script: Avoid UnicodeDecodeError for samba-log-parser processing whole directory
When log directory contains zipped files like
old/log.rpcd_spoolss-20250831.gz we get error.
We want to ignore such files.
$ samba-log-parser --traceid 6 --merge-by-timestamp
Traceback (most recent call last):
File "/usr/bin/samba-log-parser", line 382, in <module>
main()
~~~~^^
File "/usr/bin/samba-log-parser", line 311, in main
process_file(
~~~~~~~~~~~~^
record_list,
^^^^^^^^^^^^
...<3 lines>...
options.traceid,
^^^^^^^^^^^^^^^^
)
^
File "/usr/bin/samba-log-parser", line 92, in process_file
data = infile.readlines()
File "<frozen codecs>", line 325, in decode
UnicodeDecodeError: 'utf-8' codec can't decode byte 0x8b in position 1: invalid start byte
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Sep 9 13:50:00 UTC 2025 on atb-devel-224
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Sep 8 04:47:37 UTC 2025 on atb-devel-224
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Jennifer Sutton <jsutton@samba.org>
Autobuild-Date(master): Mon Sep 8 02:27:53 UTC 2025 on atb-devel-224
s3:shadow_copy: CID 1449539 talloc_realloc and error handling
- Replace TALLOC_REALLOC with talloc_realloc inorder to handle
the integer overflow better.
- Rename tlabels as tmp_labels for clarity.
- Use shadow_copy_data->labels directly after successful
reallocation instead of relying on a temporary variable.
- Ensure that shadow_copy_data->num_volumes is set to 0 and
shadow_copy_data->labels is freed on error paths inorder to
address the potential resource leaks.
Fixes: CID_1449539 Signed-off-by: Shwetha K Acharya <Shwetha.K.Acharya@ibm.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat Sep 6 10:34:27 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Pair-Programmed-With: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Fri Sep 5 13:38:33 UTC 2025 on atb-devel-224
GSS-Proxy stores its credential in encrypted form in the Kerberos ccache
with a start and end time of 0 and a server principal in the realm named
'X-GSSPROXY:'. This credential is accessed through GSS-Proxy interposer
mechanism in MIT Kerberos and cannot be analysed with raw krb5 API.
As MIT Kerberos has no krb5_cc_get_lifetime() implementation, add check
for the GSS-Proxy credential to smb_krb5_cc_get_lifetime() wrapper to
return KRB5_PLUGIN_NO_HANDLE. The two places where
smb_krb5_cc_get_lifetime() is used then handle this return code to avoid
deciding on the 'expired' lifetime to cause a kinit.
This fixes FreeIPA use case where an IPA API endpoint uses Samba Python
bindings with a GSS-Proxy-controlled credential cache.
Signed-off-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Wed Sep 3 10:15:50 UTC 2025 on atb-devel-224
Douglas Bagnall [Sun, 31 Aug 2025 09:24:34 +0000 (21:24 +1200)]
dsdb:audit log: cmocka unit tests for KCL
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Sep 3 03:13:47 UTC 2025 on atb-devel-224
Douglas Bagnall [Thu, 28 Aug 2025 05:09:43 +0000 (17:09 +1200)]
dsdb:audit: bump minor version of password logs (1.1 -> 1.2)
In https://wiki.samba.org/index.php/Interpreting_JSON_Audit_Logs we say:
> a version number for the JSON format. It has two parts.
>
> major: incremented if fields change meaning
> minor: incremented if a field is added
>
> A change in possible values does not usually trigger a version
> change. This is obviously true for client supplied data, but also
> applies to e.g. passwordType, where the set of supported password
> formats can change over time without changing the JSON version.
The last paragraph explicitly exempts us from a version change for
adding a new possible value ("Public key change") to the "action"
field. On the other hand we have expanded the scope of the log, which
deserves some version recognition.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Volker Lendecke [Tue, 13 May 2025 09:31:12 +0000 (11:31 +0200)]
libsmb: Slightly clarify format in set/get_secdesc
We have reserved fields after those 16-bit ones. With little endian
those are set to 0 with PUSH_LE32. That is unnecessary here, the
fields are already set to 0. This patch is not for efficiency, I just
got a bit confused by the subtlety.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Volker Lendecke [Sat, 30 Aug 2025 12:04:11 +0000 (14:04 +0200)]
dsdb: Align an integer type
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Aug 31 07:23:20 UTC 2025 on atb-devel-224
Jennifer Sutton [Wed, 20 Aug 2025 07:10:43 +0000 (19:10 +1200)]
s4:dsdb:tests: Add tests for msDS-KeyCredentialLink attribute
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 27 04:44:59 UTC 2025 on atb-devel-224
Jennifer Sutton [Tue, 12 Aug 2025 01:56:16 +0000 (13:56 +1200)]
s4:dsdb:acl: Fix LDB flags comparison
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(el->flags & LDB_FLAG_MOD_MASK) == 0
which is only true if none of the LDB_FLAG_MOD_* values are set, so we
would not successfully return if the element was a DELETE. Correct the
expression to what it was intended to be.
projects / thirdparty / samba.git / log
