Douglas Bagnall [Wed, 30 Jul 2025 09:18:09 +0000 (21:18 +1200)]
librpc:bcrypt_rsakey_blob: exponent and modulus lengths can't be zero
Apart from it making no sense, without these ranges we end up
allocating a NULL buffer and aborting.
We also put a maximum size on the RSA key, in case we could get
tricked into a DoS by pulling a large buffer and trying crypto maths
on it.
6 0x572ebce2749a in talloc_abort samba/lib/talloc/talloc.c:506:3
7 0x572ebce271d4 in talloc_chunk_from_ptr samba/lib/talloc/talloc.c:0
8 0x572ebce271d4 in __talloc_with_prefix samba/lib/talloc/talloc.c:762:12
9 0x572ebce235f9 in __talloc samba/lib/talloc/talloc.c:825:9
10 0x572ebce235f9 in _talloc_named_const samba/lib/talloc/talloc.c:982:8
11 0x572ebce235f9 in _talloc_memdup samba/lib/talloc/talloc.c:2441:9
12 0x572ebc8f6a4f in data_blob_talloc_named samba/lib/util/data_blob.c:56:25
13 0x572ebc7d23bd in pull_BCRYPT_RSAPUBLIC_BLOB samba/librpc/ndr/ndr_keycredlink.c:878:17
14 0x572ebc7d23bd in ndr_pull_KeyMaterialInternal samba/librpc/ndr/ndr_keycredlink.c:959:10
15 0x572ebc788e90 in LLVMFuzzerTestOneInput samba/bin/default/lib/fuzzing/fuzz_ndr_keycredlink_TYPE_STRUCT.c:282:13
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Jul 31 05:45:07 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 30 02:03:40 UTC 2025 on atb-devel-224
The issue is not a real bug as it is implemented, but it's better to not
mix signed and unsigned types to avoid potential future issues.
Signed-off-by: Xavi Hernandez <xhernandez@gmail.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Jul 30 00:44:28 UTC 2025 on atb-devel-224
Gary Lockyer [Fri, 25 Jul 2025 01:22:27 +0000 (13:22 +1200)]
s4:kdc Support for key trust authentication
Extract the public kes from msDS-KeyCredentialLink and populate the sdb
structure. These values can then be passed to Kergeros to allow key
trust authentication.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Jul 29 05:31:10 UTC 2025 on atb-devel-224
Gary Lockyer [Wed, 16 Jul 2025 23:47:39 +0000 (11:47 +1200)]
s4:kdc: Fix clang-tidy error in db-glue.c
../../source4/kdc/db-glue.c:968:14: warning: Access to field 'kvno' results in a dereference of a null pointer (loaded from variable 'entry') [clang-analyzer-core.NullDereference]
968 | entry->kvno = returned_kvno;
| ~~~~~ ^ Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Mon, 30 Jun 2025 21:43:07 +0000 (09:43 +1200)]
librpc/idl: Add idl for tpm20_rsakey_blob
Idl and tests for TPM20_RSAKEY_BLOB, one of the possible encoding of
msDSKeyCredentialLink KeyMaterial
Derived from:
https://dox.ipxe.org/Tpm20_8h_source.html#l00164
https://stackoverflow.com/questions/78958315/cannot-parse-tpm2-0-public-key
Note: this is a greatly simplified implementation that only handles TPM
version 2, RSA public keys.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Gary Lockyer [Mon, 23 Jun 2025 03:01:37 +0000 (15:01 +1200)]
librpc/idl: Add idl for BCRYPT_RSAKEY_BLOB
Idl and tests for BCRYPT_RSAKEY_BLOB
See https://learn.microsoft.com/en-us/windows/win32/api/
bcrypt/ns-bcrypt-bcrypt_rsakey_blob
This is one of the encodings of msDSKeyCredentialLink KeyMaterial when
KeyUsage is KEY_USAGE_NGC. As there appears to be no official
documentation on the contents of KeyMaterial have based this on.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Jul 28 06:45:51 UTC 2025 on atb-devel-224
Martin Schwenke [Fri, 7 Oct 2016 03:30:19 +0000 (14:30 +1100)]
ctdb-tests: Fix CID 1373387 - Time of check time of use (TOCTOU)
Coverity doesn't like the fopen(3) after stat(2). This is test code
that runs in a simple test environment, so this doesn't really matter.
However, reorder the code to put the stat(2) after the fopen(3). This
means that the test still does all the same checks and it should now
make Coverity happy.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Anoop C S <anoopcs@samba.org>
Gary Lockyer [Thu, 24 Jul 2025 23:24:37 +0000 (11:24 +1200)]
gitignore: remove clang-format
As we do have a project blessed clang-format, it should not be in
gitignore
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Jul 26 06:02:34 UTC 2025 on atb-devel-224
Martin Schwenke [Sat, 28 Jun 2025 02:01:41 +0000 (12:01 +1000)]
ctdb-tests: Add logging support to the tunables unit test
Make tunable_test respect CTDB_DEBUGLEVEL. Using test_options.[ch]
would be overkill here. This means including logging.c - we can't
link to the subsystem containing logging.c because the file being
tested (tunable.c) is part of that subsystem.
Support logging in the test script. tunable_ok() builds the logging
output for the good path. Set the debug level to NOTICE and update
expected results for individual failure path tests.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 25 Jun 2025 10:46:26 +0000 (20:46 +1000)]
ctdb-common: Require separate initialisation of tunable defaults
Dropping this from ctdb_tunable_load_file() allows that function to be
called multiple times for different files. The caller sets the
defaults.
In the test script, factor out the handling of a single tunables file
in a similar way. Ignoring missing/unreadable files is OK because
this function will only be called for test successes (hence "ok" in
the name). There will never be existing, unreadable files. The code
being tested ignores missing files, so do that here too.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Ralph Boehme [Sat, 19 Jul 2025 12:26:50 +0000 (14:26 +0200)]
libcli/smb: make smbXcli_session_dump_keys() usable for the server side
By passing the individual keys directly instead of passing the wrapping state
objects, smbXcli_session_dump_keys() can later also be used by the server code.
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jul 22 08:55:10 UTC 2025 on atb-devel-224
vfs_virsufilter: Fix the invocation of SMB_VFS_NEXT_CONNECT
virusfilter is failing if path is defined for virusfilter:quarantine
as next module is not initialized by mean time. So rearranged invocation
of SMB_VFS_NEXT_CONNECT call
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Jul 21 11:28:12 UTC 2025 on atb-devel-224
possibly_set_archive is being passed smb_fname->st.st_ex_mode.
Inside the function same variable is getting assigned to itself.
Fixed this to send unx_mode to possibly_set_archive.
Signed-off-by: Srinivas Rao V <Srinivas.Rao.V@ibm.com> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 18 22:25:05 UTC 2025 on atb-devel-224
s3:selftest: run smb2.{bench,connect,credits,ioctl,rw} over quic-ngtcp2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul 17 10:00:51 UTC 2025 on atb-devel-224
lib/tsocket: optimize tdgram_recvfrom_done() into tdgram_recvfrom_send()
For callers using tdgram_bsd_optimize_recvfrom() it is every useful
to know it data was already waiting in the socket.
In that case the result from tdgram_bsd_recvfrom_send() would
already report tevent_req_is_in_progress() as false.
But the result of tdgram_recvfrom_send() available to the
caller would see tevent_req_is_in_progress() reporting true.
With this change also the result of tdgram_recvfrom_send()
would report tevent_req_is_in_progress() as false,
which will be useful for callers, which would otherwise
set a timeout on the request.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
third_party: add quic_ko_wrapper to simulate IPPROTO_QUIC sockets
For now this is only part of Samba, so no real third_party,
but in future we may decide have a standalone repository
or move it to https://github.com/lxin/quic.git
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s3:libsmb: add support for SMB_TRANSPORT_TYPE_QUIC
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'client smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls ca directories'
'tls trust system cas'
'tls cafile'
'tls crlfile'
'tls verify peer'
Note that tools like smbclient are able to take
--option='client smb transports = quic" --option='tls verify peer=no_check'
in order to test it without changing smb.conf,
You may not want to use 'tls verify peer=no_check' for
production, it would make the transport as unprotected
as a tcp connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This requires https://github.com/lxin/quic, which provides a kernel
module quic.ko for Linux (tested with Linux 6.8 and 6.14).
The userspace libquic is mirrored under third_party/quic for now.
This can be activated by adding 'quic' to 'server smb transports'.
The following smb.conf options are also relevant:
'tls enabled'
'tls cafile'
'tls certfile'
'tls keyfile'
If the files pointed to by 'tls cafile', 'tls certfile' and
'tls keyfile' all don't exist, self-signed tls certificates are
generated automatically at startup.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
third_party: import quic from https://github.com/lxin/quic.git
For now the VERSION argument to third_party/quic/update.sh
is ignored as there are no versions yet. For now we require
version 1.1 (not releases) for a system library, in order to make sure
it is recent enough.
Add check for the GPO link to have at least two attributes separated by semicolumn. Allows to handle empty links.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877
RN: Fix handling of empty GPO link
Singed-off-by: Alex Sharov (kororland@gmail.com) Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
tests: Rename local variable: prefix_abs -> prefix
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 16:15:24 UTC 2025 on atb-devel-224
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Jul 8 07:21:26 UTC 2025 on atb-devel-224
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 7 17:45:13 UTC 2025 on atb-devel-224
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 7 10:44:37 UTC 2025 on atb-devel-224
Michael Saxl [Wed, 28 May 2025 14:49:13 +0000 (16:49 +0200)]
rpc registry: add ProductType for AD DC
HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions contains a key
ProductType
The value of that key should be LanmanNT on a domain controller (of any
type).
The switch had no case for ROLE_ACTIVE_DIRECTORY_DC
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15863 Signed-off-by: Michael Saxl <mike@mwsys.mine.bz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul 1 09:17:08 UTC 2025 on atb-devel-224
Direct leak of 104 byte(s) in 1 object(s) allocated from:
#0 0x7f597eefc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f597eae3c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f597eae5acf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f597eae5acf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f597eae5acf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7f597e865a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58
#6 0x7f597e865b1b in data_blob_named ../../lib/util/data_blob.c:40
#7 0x55a95a1a389c in get_challenge ../../source3/utils/ntlm_auth.c:375
#8 0x55a95a1aa724 in test_ntlm_in_lm ../../source3/utils/ntlm_auth_diagnostics.c:203
#9 0x55a95a1ab947 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:721
#10 0x55a95a1a7efd in main ../../source3/utils/ntlm_auth.c:2855
#11 0x7f597b62a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org>
s3:utils: Fix memory leaks in test_lmv2_ntlmv2_broken()
Direct leak of 104 byte(s) in 1 object(s) allocated from:
#0 0x7f48254fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f48250d9c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f48250dbacf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f48250dbacf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f48250dbacf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7f4824e59a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58
#6 0x7f4824e59b1b in data_blob_named ../../lib/util/data_blob.c:40
#7 0x56084d20789c in get_challenge ../../source3/utils/ntlm_auth.c:375
#8 0x56084d20f0b9 in test_lmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:381
#9 0x56084d20f92e in test_ntlmv2 ../../source3/utils/ntlm_auth_diagnostics.c:474
#10 0x56084d20f9ae in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:718
#11 0x56084d20befd in main ../../source3/utils/ntlm_auth.c:2855
#12 0x7f4821c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org>
s3:utils: Fix memory leaks in test_lm_ntlm_broken()
Direct leak of 104 byte(s) in 1 object(s) allocated from:
#0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58
#6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40
#7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375
#8 0x55b8512fe1a1 in test_lm_ntlm_broken ../../source3/utils/ntlm_auth_diagnostics.c:63
#9 0x55b8512fec4e in test_lm_ntlm ../../source3/utils/ntlm_auth_diagnostics.c:477
#10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8513000c1 in test_lmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:379\n #9 0x55b851300926 in test_lmv2_ntlmv2 ../../source3/utils/ntlm_auth_diagnostics.c:454\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8512ff72c in test_ntlm_in_lm ../../source3/utils/ntlm_auth_diagnostics.c:202\n #9 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #10 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #11 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8512fee10 in test_ntlm_in_both ../../source3/utils/ntlm_auth_diagnostics.c:291\n #9 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #10 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #11 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8513000c1 in test_lmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:379\n #9 0x55b851300936 in test_ntlmv2 ../../source3/utils/ntlm_auth_diagnostics.c:472\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8512fe1a1 in test_lm_ntlm_broken ../../source3/utils/ntlm_auth_diagnostics.c:63\n #9 0x55b8512fec3a in test_ntlm ../../source3/utils/ntlm_auth_diagnostics.c:185\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8513000c1 in test_lmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:379\n #9 0x55b851300916 in test_lmv2 ../../source3/utils/ntlm_auth_diagnostics.c:463\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8513000c1 in test_lmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:379\n #9 0x55b851300906 in test_ntlmv2_lmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:492\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8513000c1 in test_lmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:379\n #9 0x55b8513008f6 in test_ntlmv2_ntlmv2_broken ../../source3/utils/ntlm_auth_diagnostics.c:497\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8512fe1a1 in test_lm_ntlm_broken ../../source3/utils/ntlm_auth_diagnostics.c:63\n #9 0x55b8512fec26 in test_ntlm_lm_broken ../../source3/utils/ntlm_auth_diagnostics.c:482\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\nDirect leak of 104 byte(s) in 1 object(s) allocated from:\n #0 0x7f72126fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69\n #1 0x7f72122e8c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783\n #2 0x7f72122eaacf in __talloc ../../lib/talloc/talloc.c:825\n #3 0x7f72122eaacf in _talloc_named_const ../../lib/talloc/talloc.c:982\n #4 0x7f72122eaacf in _talloc_array ../../lib/talloc/talloc.c:2784\n #5 0x7f72118f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58\n #6 0x7f72118f6b1b in data_blob_named ../../lib/util/data_blob.c:40\n #7 0x55b8512f889c in get_challenge ../../source3/utils/ntlm_auth.c:375\n #8 0x55b8512fe1a1 in test_lm_ntlm_broken ../../source3/utils/ntlm_auth_diagnostics.c:63\n #9 0x55b8512fec62 in test_lm ../../source3/utils/ntlm_auth_diagnostics.c:176\n #10 0x55b8513009b6 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:716\n #11 0x55b8512fcefd in main ../../source3/utils/ntlm_auth.c:2855\n #12 0x7f720ee2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58\n\n-----------------------------------------------------\nSuppressions used:\n count bytes template\n 1 125 libpopt.so\n-----------------------------------------------------\n\nSUMMARY: AddressSanitizer: 1144 byte(s) leaked in 11 allocation(s).\n''; message: expected return code 0; got 1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Direct leak of 112 byte(s) in 1 object(s) allocated from:
#0 0x7ff61d8fc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7ff61d450c57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7ff61d452acf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7ff61d452acf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7ff61d452acf in _talloc_array ../../lib/talloc/talloc.c:2784
#5 0x7ff61c9f6a99 in data_blob_talloc_named ../../lib/util/data_blob.c:58
#6 0x7ff61c9f6b1b in data_blob_named ../../lib/util/data_blob.c:40
#7 0x561cafffad96 in test_ntlm_in_both ../../source3/utils/ntlm_auth_diagnostics.c:285
#8 0x561cafffc8d4 in diagnose_ntlm_auth ../../source3/utils/ntlm_auth_diagnostics.c:714
#9 0x561cafff8efd in main ../../source3/utils/ntlm_auth.c:2855
#10 0x7ff61a02a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Noel Power <npower@samba.org>
Anoop C S [Sat, 14 Jun 2025 09:02:28 +0000 (14:32 +0530)]
vfs_ceph_new: Handle the special case of UTIME_NOW
As per utimensat(2)[1]:
. . .
If the tv_nsec field of one of the timespec structures has the special
value UTIME_NOW, then the corresponding file timestamp is set to the
current time.
. . .
Instead of utimes() or futimes() we make use of ceph_ll_setattr() with
appropriate mask to update timsestamps. It is also important to note
that ceph_ll_setattr() does not handle timestamps in pairs of timespec
structs. This had a shortcoming that the special consideration for the
magic value UTIME_NOW was left unattended resulting in epoch timestamps.
Therefore we reset those timestamps where UTIME_NOW is set in tv_nsec
with the current time.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jun 30 14:16:52 UTC 2025 on atb-devel-224
Anoop C S [Sat, 14 Jun 2025 09:24:52 +0000 (14:54 +0530)]
vfs_ceph: Handle the special case of UTIME_NOW
As per utimensat(2)[1]:
. . .
If the tv_nsec field of one of the timespec structures has the special
value UTIME_NOW, then the corresponding file timestamp is set to the
current time.
. . .
Instead of utimes() or futimes() we make use of ceph_setattrx() with
appropriate mask to update timsestamps. It is also important to note
that ceph_setattrx() does not handle timestamps in pairs of timespec
structs. This had a shortcoming that the special consideration for the
magic value UTIME_NOW was left unattended resulting in epoch timestamps.
Therefore we reset those timestamps where UTIME_NOW is set in tv_nsec
with the current time.
Daniel Widrick [Tue, 24 Jun 2025 02:07:44 +0000 (22:07 -0400)]
s3:winbind: Correct spelling in debug messages related to ADS
Corrected spelling of 'security' from 'secuirity' in debug messages related to ADS
Signed-off-by: Daniel Widrick <daniel@widrick.net> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat Jun 28 09:04:56 UTC 2025 on atb-devel-224
As of now smb2_request_to_snum() is only meaningful when profiling is
enabled.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jun 24 14:24:57 UTC 2025 on atb-devel-224
Samuel Cabrero [Tue, 27 May 2025 11:46:45 +0000 (13:46 +0200)]
s3:winbind: Delegate normalize_name_unmap to the idmap child in winbindd_getgroups
Delegate name unmapping to the idmap child to avoid blocking the parent while
querying the LDAP server, depending on the idmap configuration.
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jun 24 08:51:39 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
