Volker Lendecke [Sat, 30 Aug 2025 12:04:11 +0000 (14:04 +0200)]
dsdb: Align an integer type
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Aug 31 07:23:20 UTC 2025 on atb-devel-224
Jennifer Sutton [Wed, 20 Aug 2025 07:10:43 +0000 (19:10 +1200)]
s4:dsdb:tests: Add tests for msDS-KeyCredentialLink attribute
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 27 04:44:59 UTC 2025 on atb-devel-224
Jennifer Sutton [Tue, 12 Aug 2025 01:56:16 +0000 (13:56 +1200)]
s4:dsdb:acl: Fix LDB flags comparison
LDB_FLAG_MOD_* values are not actually flags, and the previous
comparison was equivalent to
(el->flags & LDB_FLAG_MOD_MASK) == 0
which is only true if none of the LDB_FLAG_MOD_* values are set, so we
would not successfully return if the element was a DELETE. Correct the
expression to what it was intended to be.
Jennifer Sutton [Sun, 18 May 2025 22:31:47 +0000 (10:31 +1200)]
lib:async_req: Initialize variables
../../lib/async_req/async_sock.c: In function ‘writev_do’:
../../lib/async_req/async_sock.c:360:12: error: ‘written’ may be used uninitialized [-Werror=maybe-uninitialized]
360 | if ((written == -1) &&
| ^
../../lib/async_req/async_sock.c:343:17: note: ‘written’ was declared here
343 | ssize_t written;
| ^~~~~~~
../../lib/async_req/async_sock.c: In function ‘read_packet_do’:
../../lib/async_req/async_sock.c:563:12: error: ‘nread’ may be used uninitialized [-Werror=maybe-uninitialized]
563 | if ((nread == -1) && (errno == EINTR)) {
| ^
../../lib/async_req/async_sock.c:531:17: note: ‘nread’ was declared here
531 | ssize_t nread, more;
| ^~~~~
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jennifer Sutton [Thu, 20 Feb 2025 02:05:42 +0000 (15:05 +1300)]
s3:lib: Initialize pointer to NULL
../../source3/lib/netapi/tests/netdisplay.c: In function ‘test_netquerydisplayinformation’:
../../source3/lib/netapi/tests/netdisplay.c:87:45: error: ‘current_name’ may be used uninitialized [-Werror=maybe-uninitialized]
87 | if (name && strcasecmp(current_name, name) == 0) {
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../source3/lib/netapi/tests/netdisplay.c:37:21: note: ‘current_name’ was declared here
37 | const char *current_name;
| ^~~~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jennifer Sutton [Thu, 20 Feb 2025 00:51:24 +0000 (13:51 +1300)]
libcli: Fix maybe-uninitialized warning
../../libcli/wsp/wsp_aqs.c: In function ‘create_size_range_shortcut’:
../../libcli/wsp/wsp_aqs.c:872:37: error: ‘upper_size’ may be used uninitialized [-Werror=maybe-uninitialized]
872 | right->value.number = upper_size;
| ~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~
../../libcli/wsp/wsp_aqs.c:835:18: note: ‘upper_size’ was declared here
835 | uint32_t upper_size;
| ^~~~~~~~~~
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Jennifer Sutton [Thu, 20 Feb 2025 00:41:48 +0000 (13:41 +1300)]
ldb: Fix maybe-uninitialized warning
In file included from ../../lib/ldb/include/ldb.h:50,
from ../../lib/ldb/include/ldb_private.h:43,
from ../../lib/ldb/common/ldb_pack.c:34:
../../lib/ldb/common/ldb_pack.c: In function ‘ldb_filter_attrs’:
../../lib/talloc/talloc.h:1173:48: error: ‘i’ may be used uninitialized [-Werror=maybe-uninitialized]
1173 | #define talloc_array(ctx, type, count) (type *)_talloc_array(ctx, sizeof(type), count, #type)
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../../lib/ldb/common/ldb_pack.c:1178:34: note: in expansion of macro ‘talloc_array’
1178 | filtered_msg->elements = talloc_array(filtered_msg,
| ^~~~~~~~~~~~
../../lib/ldb/common/ldb_pack.c:1134:22: note: ‘i’ was declared here
1134 | unsigned int i;
| ^
cc1: all warnings being treated as errors
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
CID 1509059 winbind: Fixing print statement for time_t
Fixing DEBUG output for time_t to uintmax_t
Signed-off-by: Rabinarayan Panigrahi <rapanigr@redhat.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Aug 27 02:17:29 UTC 2025 on atb-devel-224
Douglas Bagnall [Fri, 22 Aug 2025 04:23:16 +0000 (16:23 +1200)]
python:tarfile: notes about extraction_filter
a reminder to delete.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Aug 26 23:43:08 UTC 2025 on atb-devel-224
gh-135034: Normalize link targets in tarfile, add `os.path.realpath(strict='allow_missing')` (#135037)
Addresses CVEs 2024-12718, 2025-4138, 2025-4330, and 2025-4517.
Signed-off-by: Łukasz Langa <lukasz@langa.pl> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Co-authored-by: Petr Viktorin <encukou@gmail.com> Co-authored-by: Seth Michael Larson <seth@python.org> Co-authored-by: Adam Turner <9087854+AA-Turner@users.noreply.github.com> Co-authored-by: Serhiy Storchaka <storchaka@gmail.com>
our ../../ test that looks for a tarfile.OutsideDestinationError now
meets a NotADirectoryError in recent Python versions (this from 3.13,
Fedora 42):
UNEXPECTED(error): samba.tests.safe_tarfile.samba.tests.safe_tarfile.SafeTarFileTestCase.test_dots(none)
REASON: Exception: Exception: Traceback (most recent call last):
File "/tmp/samba-testbase/b1/samba-o3/bin/python/samba/tests/safe_tarfile.py", line 48, in test_dots
self.assertRaises(tarfile.OutsideDestinationError,
~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
stf.extractall,
^^^^^^^^^^^^^^^
tarname)
^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 795, in assertRaises
return context.handle('assertRaises', args, kwargs)
~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/unittest/case.py", line 238, in handle
callable_obj(*args, **kwargs)
~~~~~~~~~~~~^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2343, in extractall
tarinfo, unfiltered = self._get_extract_tarinfo(
~~~~~~~~~~~~~~~~~~~~~~~~~^
member, filter_function, path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/tarfile.py", line 2432, in _get_extract_tarinfo
self._handle_fatal_error(e)
~~~~~~~~~~~~~~~~~~~~~~~~^^^
File "/usr/lib64/python3.13/tarfile.py", line 2430, in _get_extract_tarinfo
filtered = filter_function(unfiltered, path)
File "/usr/lib64/python3.13/tarfile.py", line 842, in tar_filter
new_attrs = _get_filtered_attrs(member, dest_path, False)
File "/usr/lib64/python3.13/tarfile.py", line 783, in _get_filtered_attrs
target_path = os.path.realpath(os.path.join(dest_path, name),
strict=os.path.ALLOW_MISSING)
File "<frozen posixpath>", line 457, in realpath
NotADirectoryError: [Errno 20] Not a directory: '/tmp/samba-testbase/b1/samba-o3/bin/ab/tmp/tmpbn6e69ci/tar.tar'
In this commit, we say that a NotADirectoryError is OK.
When we started safe_tarfile we were acting in advance of upstream
Python, but now they are well ahead of us. If we trust their work in
recent versions and accept the error conditions they choose, we can
more easily get rid of our safe_tarfile when the time is right.
For the moment we still support as far back as Python 3.6 for some old
enterprise distros, and it is for those that we continue to maintain
safe_tarfile. In versions before 3.11 we will see
tarfile.ExtractError, and the test for that is unaffected by this
change.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Sat, 4 May 2024 01:07:26 +0000 (13:07 +1200)]
domsid: be less alarmed by non-SID
This has been causing log noise when something is trying to parse an
identifier using a sequence of parsers, to see if it is a SID, a DN,
an account name, etc.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Thu, 29 May 2025 00:58:48 +0000 (12:58 +1200)]
python:build: do not allow sizeof(int) != 4
A non-32 bit int will (if the compiler allows it) result in code
where we write into memory adjacent to a target uint32_t value in
many python bindings using the python arg-parsing API. The more
correct thing to do would be to always parse into an unsigned long
long and error if it is greater than UINT32_MAX, but we do this in
so many places that there is reason to believe we'll just keep
adding more.
Note, we already check in lib/replace/wscript that int is at least
32 bits; here we are effectively just checking that it is not more.
There was apparently a version of 64 bit Solaris in the 1990s that
had 64 bit ints.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 26 22:00:26 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Mon Aug 25 12:08:22 UTC 2025 on atb-devel-224
Volker Lendecke [Thu, 21 Aug 2025 10:17:55 +0000 (12:17 +0200)]
libsmb: Avoid smb-level encryption if quic is trusted
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 22 14:55:47 UTC 2025 on atb-devel-224
Volker Lendecke [Mon, 4 Aug 2025 12:59:15 +0000 (14:59 +0200)]
libcli: Add tls_verify_peer_state to smbXcli_transport
We have to carry a copy over from the tstream_tls_params used to
connect, we can't get this information out once the tls-protected
tstream is established
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Gary Lockyer [Thu, 14 Aug 2025 21:38:07 +0000 (09:38 +1200)]
third_party:quic_ko_wrapper Fix compilation with clang-20
Rework the code to remove the non portable variable length array in the union.
Based on the code in wrap_msghdr_add_cmsghdr().
NOTE: this removes the 64 bit alignment, which I think should be ok.
./../third_party/quic_ko_wrapper/quic_ko_wrapper.c:3523:11: error:
fields must have a constant size: 'variable length array in structure'
extension will never be supported
3523 | uint8_t cmbuf[cmspace];
| ^
1 error generated.
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Wed Aug 20 15:04:34 UTC 2025 on atb-devel-224
Gary Lockyer [Thu, 14 Aug 2025 21:33:24 +0000 (09:33 +1200)]
third_party:quic Fix compilation with clang-20
Add -Wno-error=format-nonliteral so that quic builds with clang 20
../../third_party/quic/libquic/handshake.c:106:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
106 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:135:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
135 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
../../third_party/quic/libquic/handshake.c:164:35: error:
format string is not a string literal [-Werror,-Wformat-nonliteral]
164 | rc = vsnprintf(msg, sizeof(msg), fmt, arg);
| ^~~
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Douglas Bagnall [Fri, 1 Aug 2025 04:25:13 +0000 (16:25 +1200)]
pytest:samba-tool group: remove unused imports
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Aug 20 05:35:03 UTC 2025 on atb-devel-224
Douglas Bagnall [Sun, 17 Aug 2025 09:57:55 +0000 (09:57 +0000)]
samba-tool: copy user_keytrust to computer keytrust
This is exactly a copy of user/keytrust.py to computer_keytrust.py
with a title-case-preserving `s/user/computer/`.
It works. The Computer model differs from the User model in that it
appends a '$' to the end of account names if it senses the lack,
otherwise these commands are using the same code paths.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Fri, 15 Aug 2025 05:36:11 +0000 (17:36 +1200)]
py:key_credential_list: add kcl_in_list function
This compares the key material and DN of a KeyCredentialLinkDn with a
list of others, which is a different sense of equality than the
default (which considers GUIDs and binary equality).
This will be used by samba-tool to check whether a link is in fact a
duplicate even if it seems not to be due to some insignificant field
being non-identical.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
In samba-tool we are going to want a KeyCredentialLinkDn to be able
to describe itself. We're adding the methods here because
`samba-tool user` and `samba-tool computer` will both want to use
them.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Wed, 13 Aug 2025 05:19:16 +0000 (17:19 +1200)]
python:models: do not re-use mutable defaults
This ensures that model.save works when a field has the many flag set,
but the object has no attribute of that name, and the caller appends
to the attribute list, like this:
user.key_credential_link.append(link)
When we get to save, and are doing this:
value = getattr(self, attr)
old_value = getattr(existing_obj, attr)
if value != old_value:
# commit the change
the .append() will have added the item to both value and old_value
because they are the same list. But not any more.
This was a problem because the Field instance is attached to the
model class, not the model instance.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Douglas Bagnall [Sat, 9 Aug 2025 04:27:42 +0000 (16:27 +1200)]
samba-tool: add decorator to catch exception types
Often we [think we] know that all exceptions of a certain type should
be formatted as CommandErrors (i.e., the traceback is suppressed, and
the message is assumed intelligible). Rather than riddling .run() with
try...except blocks to do this, we can