All of winbindd's core caching relies on NDR entries. Those entries can
not be stored in winbindd_cache.tdb via wcache_store_ndr() as long as
there is no SEQNUM entry present in the cache.
Douglas Bagnall [Wed, 3 Dec 2025 02:07:03 +0000 (15:07 +1300)]
selftest: use common and simpler code to read config.h
This also removes some garbage variables from these module's namespaces.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Dec 4 23:54:18 UTC 2025 on atb-devel-224
Shachar Sharon [Wed, 3 Dec 2025 09:39:51 +0000 (11:39 +0200)]
vfs_ceph_new: proper failure-handling in chdir and getwd
In case of an unlikely failure of SMB_VFS_HANDLE_GET_DATA macro, bail
out using 'goto' in order to ensure that START_PROFILE_X is properly
matched by END_PROFILE_X.
Signed-off-by: Shachar Sharon <ssharon@redhat.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Thu Dec 4 10:02:55 UTC 2025 on atb-devel-224
Signed-off-by: Ekaterine Papava <papava.e@gtu.ge> Reviewed-by: Alexander Bokovoy <ab@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Dec 3 10:54:19 UTC 2025 on atb-devel-224
Douglas Bagnall [Thu, 27 Nov 2025 02:42:22 +0000 (15:42 +1300)]
s4:selftest: move tests that want to be last, last
These tests want to run last because they do a dbcheck to ensure no
earlier test caused corruption. There are also some tests that want to
run second last.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 27 22:40:02 UTC 2025 on atb-devel-224
Ralph Boehme [Mon, 24 Nov 2025 07:25:16 +0000 (08:25 +0100)]
net/serverid: initialize state->open_db
Fixes a crash that happens when smbXsrv_open_global.tdb contains only replay
records.
#0 0x00007ffff70a718a in dbwrap_exists (db=0x0, key=...) at ../../lib/dbwrap/dbwrap.c:347
#1 0x00000000002dc7f2 in wipedbs_traverse_replay_records (rec=0x7fffffffd180, wipedbs_state=0x362d70)
at ../../source3/utils/net_serverid.c:710
#2 0x00007ffff70aa932 in db_rbt_traverse_internal (db=0x37e940, f=0x2dc749 <wipedbs_traverse_replay_records>, private_data=0x362d70,
count=0x7fffffffd220, rw=false) at ../../lib/dbwrap/dbwrap_rbt.c:472
#3 0x00007ffff70aaa0e in db_rbt_traverse_read (db=0x37e940, f=0x2dc749 <wipedbs_traverse_replay_records>, private_data=0x362d70)
at ../../lib/dbwrap/dbwrap_rbt.c:499
#4 0x00007ffff70a7433 in dbwrap_traverse_read (db=0x37e940, f=0x2dc749 <wipedbs_traverse_replay_records>, private_data=0x362d70, count=0x0)
at ../../lib/dbwrap/dbwrap.c:437
#5 0x00000000002dcedf in net_serverid_wipedbs (c=0x34c0d0, argc=0, argv=0x365380) at ../../source3/utils/net_serverid.c:840
#6 0x00000000002c9675 in net_run_function (c=0x34c0d0, argc=1, argv=0x365378, whoami=0x258c96 "net tdb smbXsrv", table=0x7fffffffd360)
at ../../source3/utils/net_util.c:451
#7 0x00000000002e6e2c in net_tdb_smbXsrv (c=0x34c0d0, argc=1, argv=0x365378) at ../../source3/utils/net_tdb.c:105
#8 0x00000000002c9675 in net_run_function (c=0x34c0d0, argc=2, argv=0x365370, whoami=0x258d45 "net tdb", table=0x7fffffffd440)
at ../../source3/utils/net_util.c:451
#9 0x00000000002e6f04 in net_tdb (c=0x34c0d0, argc=2, argv=0x365370) at ../../source3/utils/net_tdb.c:128
#10 0x00000000002c9675 in net_run_function (c=0x34c0d0, argc=3, argv=0x365368, whoami=0x22ca4b "net", table=0x323640 <net_func>)
at ../../source3/utils/net_util.c:451
#11 0x0000000000277227 in main (argc=6, argv=0x7fffffffe2a8)
at ../../source3/utils/net.c:1481
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Anoop C S [Fri, 3 Oct 2025 05:57:29 +0000 (11:27 +0530)]
vfs_gpfs: Fix CID 1666430 Control flow issues (DEADCODE)
Restore the saved errno properly and record it with vfs_aio_state once
vfs_gpfs_get_winattrs_helper() returns for async code path.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Nov 26 16:48:00 UTC 2025 on atb-devel-224
Shweta Sodani [Thu, 20 Nov 2025 10:44:26 +0000 (16:14 +0530)]
vfs_ceph_new: use vfs_ceph_iget/vfs_ceph_iput in vfs_ceph_disk_free
Currently inode of root is using to report stats that works fine for share of root volume.
But for subvolume share it reports incorrect information. Hence choose the inode based on path,
so that it will report stats information correctly.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 24 11:28:08 UTC 2025 on atb-devel-224
Lin Liu [Tue, 18 Nov 2025 05:50:55 +0000 (05:50 +0000)]
tdb: Fix parse_hex during `tdbtool storehex`
Fixes: fd0561279
During `tdbtool storehex`, tdbtool check whether the input
string in hex format.
However, during the check, the index is never moved forward,
resulting in checking beyond the valid input string.
This patch fix the issue by checking the valid string
Signed-off-by: Lin Liu <lin.liu01@citrix.com> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jennifer Sutton <jsutton@samba.org>
Autobuild-Date(master): Thu Nov 20 22:29:03 UTC 2025 on atb-devel-224
Douglas Bagnall [Wed, 12 Nov 2025 03:56:17 +0000 (16:56 +1300)]
s4:kdc: avoid reusing a variable name
fallback_principal was used for two different uses: a copy of the
original principal from which to derive values, and a new principal
which has the '$' appended on the account name. We might as well be
clear and an optimising compiler won't see the difference.
Whether we actually need a temporary principal as opposed to using the
one that was passed in is a separate question.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Thu, 2 Oct 2025 03:58:42 +0000 (16:58 +1300)]
s4:kdc: flatten samba_kdc_lookup_client dollar fallback
There is a single linear successful path through the 'num_comp == 1'
and various NULL checks, but it is written in a branchy fashion as if
you could skip some portion.
git diff -b is probably useful.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Thu, 6 Nov 2025 03:08:30 +0000 (16:08 +1300)]
s4:torture:kdc-canon: test each combination only once
These tests exhaustively combinations of binary options. With 492d9f083dc23aff2c1fa12e21765861df1c1b38 ("s4:torture: Remove netbios
realm and lowercase realm tests") we removed some test flags, reducing
the number of flags to 8, so there are 256 combinations. But we test
every bit combination of TEST_ALL which was 10 bits (0x3ff), and each
test was run 4 times ignoring the 0x4 and 0x10 bits.
So we compact the flags into 8 bits and run each one once.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Frediano Ziglio [Fri, 14 Nov 2025 14:11:04 +0000 (14:11 +0000)]
s3:ntlm_auth: Fix typo in error message (protools -> protocols)
Signed-off-by: Frediano Ziglio <freddy77@gmail.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 19 19:38:52 UTC 2025 on atb-devel-224
Volker Lendecke [Tue, 18 Nov 2025 09:31:01 +0000 (10:31 +0100)]
ctdb: Fix ctdb startup with inconsistent cluster lock settings
ctdb_shutdown_sequence() normally exits. When we end up here, it is
because we have received a reclock callback twice. We can't handle
that, we have already removed "state", which would be referenced deep
in run_start_recovery_event() returning here another time.
The bug is triggered since b84fbd7b3fedc998 introduced a nested event
loop, making ctdb_shutdown_sequence() return into
start_recovery_reclock_callback() due to multiple reclock checks being
triggered somehow (not sure exactly how, but we should not crash under
any circumstance).
Reproducer: Run one ctdb daemon with cluster lock set, try to start
another one without cluster lock set.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15950 Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Nov 19 03:04:13 UTC 2025 on atb-devel-224
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 19 01:59:34 UTC 2025 on atb-devel-224
Jennifer Sutton [Tue, 18 Nov 2025 03:42:03 +0000 (16:42 +1300)]
tests/krb5: Construct signed_attrs correctly
signed_attrs is supposed to be a list of key‐value pairs, but we forgot the
values. Because the field was not constructed correctly, the pyasn1 encoder
simply stripped it out.
Also properly separate the signature algorithm and digest algorithms.
Signed-off-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Nov 19 00:32:31 UTC 2025 on atb-devel-224
Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero@samba.org>
Autobuild-Date(master): Tue Nov 18 09:08:38 UTC 2025 on atb-devel-224
Samuel Cabrero [Wed, 8 Oct 2025 15:09:22 +0000 (17:09 +0200)]
smbd: Fix crossing direct automounter mount points
The workaround implemented in commit ac7a16f9cc4bd97ef546d1b7b02605991000d0f9
to trigger automounts does not work for direct automounts (either with
systemd-automount or autofs daemon).
In direct automounts the mount point is a real directory instead of a "ghost"
directory so when turning the O_PATH handle into a real one through
/proc/self/fd/<fdnum> openat() does not return ENOENT, it returs a fd referring
to the mount point without triggering the mount.
To trigger the mount first we have to know when we are crossing mount points
by using the RESOLVE_NO_XDEV flag in open_how.resolve, then we can check with
fstatfs() the .f_type and fallback to a path-based open for automounts or
retry without RESOLVE_NO_XDEV otherwise.
smbd: Factor out openat_pathref_fsp_simple_openat()
open_rootdir_pathref_fsp() and openat_pathref_fsp_dot() serve very
similar purposes. Avoid code duplication, this is to be used in
open_rootdir_pathref_fsp() next.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
A new coverity issue (Unchecked return value) is flagged as a regression
due to commit#e9a7dce599e.
This could have been present prior to comit#e9a7dce599e, however got missed.
This change fixes this issue by checking return value.
Signed-off-by: Vinit Agnihotri <vagnihot@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Nov 17 08:31:24 UTC 2025 on atb-devel-224
If we run e.g. fl2008rc2 env before we run this test, we have a trust account
for this domain.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 14 19:23:38 UTC 2025 on atb-devel-224
python:tests: Add debug output to test_query_filter_enum()
This test runs relatively late in 'make test'. It finds some accounts which are
neither a computer nor a user account and complains that the overall account
count doesn't match.
Add some debug so we can find out more about the accounts.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python:tests: Use random users for domain_auth_silo.py
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python:tests: Use random users for user_auth_silo.py
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
python:tests: Use random users for user_auth_policy.py
We should not work on alice, bob and joe. We should use random user so we can
clean up afterwards. If we don't do this the dbcheck tests will fails with:
UNEXPECTED(failure): samba4.blackbox.dbcheck(ad_dc).dbcheck(ad_dc:local)
REASON: Exception: Exception: Checking 21449 objects
WARNING: target DN is deleted for msDS-AssignedAuthNPolicy in object CN=alice,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=66bd1f51-084f-4259-a769-efa59adb6e31>;<RMD_ADDTIM
E=134051822550000000>;<RMD_CHANGETIME=134051822550000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14061>;<RMD_ORIGINATING_USN=14061>;<RMD_VE
RSION=2>;CN=User Policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=User Policy\\0ADEL:66bd1f51-084f-4259-a769-efa59adb6e31,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicySilo in object CN=alice,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=287d6c3d-bea8-4c06-bdf8-7d4b579bc0e9>;<RMD_AD
DTIME=134051822560000000>;<RMD_CHANGETIME=134051822560000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14081>;<RMD_ORIGINATING_USN=14081>;<RM
D_VERSION=2>;CN=Developers,CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=Developers\\0ADEL:287d6c3d-bea8-4c06-bdf8-7d4b579bc0e9,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicy in object CN=bob,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=66bd1f51-084f-4259-a769-efa59adb6e31>;<RMD_ADDTIME= 134051822550000000>;<RMD_CHANGETIME=134051822550000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14065>;<RMD_ORIGINATING_USN=14065>;<RMD_VERS
ION=4>;CN=User Policy,CN=AuthN Policies,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=User Policy\\0ADEL:66bd1f51-084f-4259-a769-efa59adb6e31,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
WARNING: target DN is deleted for msDS-AssignedAuthNPolicySilo in object CN=bob,CN=Users,DC=addom,DC=samba,DC=example,DC=com - <GUID=1a1e5cdf-b92e-4a80-bc35-cccad8e9f865>;<RMD_ADDT
IME=134051822560000000>;<RMD_CHANGETIME=134051822560000000>;<RMD_FLAGS=1>;<RMD_INVOCID=b5064b02-c91e-40c0-bc1f-a92a0105a810>;<RMD_LOCAL_USN=14085>;<RMD_ORIGINATING_USN=14085>;<RMD_
VERSION=4>;CN=QA,CN=AuthN Silos,CN=AuthN Policy Configuration,CN=Services,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com
Target GUID points at deleted DN 'CN=QA\\0ADEL:1a1e5cdf-b92e-4a80-bc35-cccad8e9f865,CN=Deleted Objects,CN=Configuration,DC=addom,DC=samba,DC=example,DC=com'
Not removing
Checked 21449 objects (4 errors)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
selftest: Create libdir in setup_clusteredmember()
This fixes:
can't open st/clusteredmember/lib/krb5.conf at selftest/target/Samba.pm line 328.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
selftest: Add blackbox claims test to knownfail_mit_kdc
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 14 16:34:48 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 14 15:05:11 UTC 2025 on atb-devel-224
s3:printing: Load the shares for [printers] in samba-bgqd
One of the main functions of bgqd is:
delete_and_reload_printers_full()
It isn't able to do its work, if we don't load the shares. Normally bgqd was
forked from smbd and this loaded the shares. But with the introduction of
samba-dcerpcd it is a standalone service now. As a standalone service it is
responsible to load the shares if it needs to work on them.
The following message is printed if delete_and_reload_printers_full() tries to
do its job:
Gary Lockyer [Mon, 20 Oct 2025 00:03:31 +0000 (13:03 +1300)]
s4:kdc always include the PAC
Set the heimdal always_include_pac configuration flag, based on the samba
kdc always include pac option
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Thu Nov 13 23:12:55 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
